The ISP Privacy Pledge, an initiative from CIPPIC and Online Rights Canada, has generated some interesting debate this week. Mark Goldberg criticizes the pledge, arguing that it encourages ISPs to look the other way as part of police investigations, fails to address corporate abuses of personal information, and supports a "digital exemption" to laws and justice. I think that Alec Saunders does a great job of rebutting Goldberg's position by focusing on the potential for law enforcement abuse, but I wanted to add two additional comments.
First, the ISP Privacy Pledge does not in any way suggest that there is a digital exception nor do I believe that it encourages ISPs to look the other way. The law currently grants ISPs considerable flexibility in determining how to respond to law enforcement requests. For example, under PIPEDA, an ISP (or any organization for that matter) can rely on an exception in the Act to provide law enforcement with subscriber information simply upon request (with no court order or oversight). Alternatively, it is entitled to demand that law enforcement first obtain a court order. Given the ease with which personal information can be demanded and potentially misused, the Privacy Pledge simply asks ISPs to follow the law by demanding a court order. To argue that this hinders law enforcement or asks ISPs to look the other way is simply wrong. Rather, it is an approach that is included within PIPEDA that provides the right balance between law enforcement needs and subscriber privacy interests.
Second, the ISP Privacy Pledge is not about trying to publicly humiliate Canadian ISPs nor about making life more difficult for law enforcement. It is about the need for Canadians to know how their ISPs will protect their privacy. Simply put, most ISPs do not disclose how they respond to law enforcement requests (other than generic statements that they will comply with all laws and regulations). Given the sensitivity of the personal information at stake, the privacy pledge effectively says that ISPs should be disclosing their policies and that subscribers can then decide for themselves if their ISPs have struck a balance that they find appropriate. I believe that Canada's ISPs should take the pledge or, if they are uncomfortable with its terms, publicly disclose precisely how they address these disclosure issues.