Post Tagged with: "s-4"

analog sphere of privacy by Jason Tester Guerrilla Futures (CC BY-ND 2.0) https://flic.kr/p/8Hq5GM

The Spencer Effect: No More Warrantless Access to Subscriber Info With Five Minutes of Police Work

The Canadian Press reports that the RCMP has abandoned some Internet-related investigations because it is unable to obtain warrantless access to subscriber information. The article is based on an internal memo expressing concern with the additional work needed to apply for a warrant in order to obtain access to subscriber information. The changes have arisen due to the Supreme Court of Canada’s Spencer decision, which held that there is a reasonable expectation of privacy in subscriber information. As a result, it is believed that most telecom and Internet providers have rightly stopped voluntary disclosures without a warrant (some have still not publicly stated their disclosure practices).

The article notes how easily subscriber information was disclosed prior to Spencer:

Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day. The agencies say that following the Supreme Court ruling about 10 hours are needed to complete the 10-to-20 pages of documentation for a request, and an answer can take up to 30 days.

The troubling aspect of the story is not that some investigations are being curtailed because law enforcement is now following due process and that telecom providers are requiring a warrant before disclosing subscriber information. It is that for millions of requests prior to Spencer, it took nothing more than five minutes to fill out a form with the information voluntarily released without court oversight and without notifying the affected subscriber.

Read more ›

November 21, 2014 8 comments News
DSC_0110 Minister of Canadian Heritage and Official Languages James Moore by Heather (CC BY 2.0) https://flic.kr/p/6BbzwP

Why the Digital Privacy Act Will Expand Personal Information Disclosure Without Court Oversight

My column this week on warrantless access to personal information under Canadian law noted that Bill S-4, the Digital Privacy Act, will expand the likelihood warrantless disclosures between private organizations. As I posted recently:

Bill S-4 proposes that:

“an organization may disclose personal information without the knowledge or consent of the individual… if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
Unpack the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening).

Read more ›

November 4, 2014 6 comments News
Come back with a warrant by Rosalyn Davis (CC BY-NC-SA 2.0) https://flic.kr/p/aoPzWb

Warrantless Access to Subscriber Information: Has the Tide Turned on Canada’s Privacy Embarrassment?

In a year in which privacy issues have captured near weekly headlines, one concern stands out: warrantless access to Internet and telecom subscriber information. From revelations that telecom companies receive over a million requests each year to the Supreme Court of Canada’s landmark decision affirming that there is a reasonable expectation of privacy in subscriber information, longstanding law enforcement and telecom company practices have been placed under the microscope for the first time.

Last week, the Privacy Commissioner of Canada released a report that shed further light on the law enforcement side of warrantless disclosure requests, raising disturbing questions about the lack of record keeping and politically motivated efforts to drum up data on the issue.

My weekly technology law column (Toronto Star version, homepage version) notes that the Office of the Privacy Commissioner of Canada notified the Royal Canadian Mounted Police last October that it was planning to conduct preliminary investigative work on the collection of warrantless subscriber information from telecom companies. The plan was to assess RCMP policies and to determine the frequency and justification for warrantless requests.

Read more ›

November 3, 2014 5 comments Columns
Access & Privacy Conference 2013 by forester401 (CC BY-NC-SA 2.0) https://flic.kr/p/eLS9xR

The Expansion of Personal Information Disclosure Without Consent: Unpacking the Government’s Weak Response to Digital Privacy Act Concerns

Bill S-4, the government’s Digital Privacy Act, was sent for review to the Industry Committee yesterday. The committee review, which comes before second reading, represents what is likely to be the last opportunity to fix a bill that was supposed to be a good news story for the government but has caused serious concern within the Canadian privacy community. While there are several concerns (I raised them in my appearance before the Senate committee that first studied the bill), the chief one involves the potential expansion of voluntary disclosure of personal information without consent or court oversight. Bill S-4 proposes that:

“an organization may disclose personal information without the knowledge or consent of the individual… if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;

Translate the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening).

The government is clearly aware that this is a major concern as it attempted to answer the critics during debate over Bill S-4 in the House of Commons yesterday. Unfortunately, the responses were incredibly weak. I’ve identified at least six responses from government sources below.

Read more ›

October 21, 2014 3 comments News
System Security Breach by Jeff Keyzer (CC BY-SA 2.0) https://flic.kr/p/bucTzM

Government Opens Door to Major Changes to Digital Privacy Bill

While it was overshadowed by the headlines over potential copyright reform, Peter Van Loan, the government’s House leader, disclosed last week that the government is planning to send Bill S-4, the Digital Privacy Act, to the Industry Committee for review prior to second reading. The bill, which has proven controversial due to a provision that expands the possibility of voluntary disclosure of subscriber information and relatively weak security breach disclosure rules, will be open to more significant reforms that previously thought possible (my remarks before the Senate committee can be found here). Under Parliamentary rules, referring a bill before second reading allows the committee to alter the scope of the bill.

Read more ›

October 15, 2014 5 comments News
1 2 3 4 6