Earlier this month, CIGI posted my essay contribution to its series on data governance in the digital age. Data Rules in Modern Trade Agreements: Toward Reconciling an Open Internet with Privacy and Security Safeguards focuses on the policy challenges associated with including data provisions in trade agreements such as the TPP and NAFTA. I also sat down with CIGI for a short video on the essay. It is embedded below.
Post Tagged with: "security"
Why Warrantless Access to Internet Subscriber Information is Back on the Legislative Agenda
The federal government has yet to release its response to last year’s national security consultation, but at least one thing is increasingly apparent. Lawful access, the regulations that govern police access to Internet and telecom subscriber information, will be back on Public Safety Minister Ralph Goodale’s legislative agenda. My Globe and Mail column notes that the details of the complex new rules that would grant warrantless access to some telecom and Internet information system are still a work-in-progress, but the final outcome is sure to raise concerns with the privacy advocates as well as telecom and Internet providers.
A cybercrime working group comprised of senior officials from federal, provincial and territorial governments have spent months developing the new lawful access framework. It recently held two invitation-only consultations on the issue with Canadian telecom and Internet companies as well as civil society groups and academic experts. I participated in the latter event, which was held under Chatham House rules that allow for disclosure of the content of the meeting without attribution to specific commentators.
Why the FBI’s Apple iPhone Demands Are Rotten to the Core
The U.S. government’s attempt to invoke a centuries-old law to obtain a court order to require Apple to create a program that would allow it to break the security safeguards on the iPhone used by a San Bernardino terrorist has sparked an enormous outcry from the technology, privacy, and security communities.
For U.S. officials, a terrorism related rationale for creating encryption backdoors or weakening user security represents the most compelling scenario for mandated assistance. Yet even in those circumstances, companies, courts, and legislatures should resist the urge to remove one of the last bastions of user security and privacy protection.
My weekly technology law column (Toronto Star version, homepage version) argues that this case is about far more than granting U.S. law enforcement access to whatever information remains on a single password-protected iPhone. Investigators already have a near-complete electronic record: all emails and information stored on cloud-based computers, most content on the phone from a cloud back-up completed weeks earlier, telephone records, social media activity, and data that reveals with whom the terrorist interacted. Moreover, given the availability of all of that information, it seems likely that much of the remaining bits of evidence on the phone can be gathered from companies or individuals at the other end of the conversation.
The Trouble With the TPP, Day 28: Privacy Risks From the Source Code Rules
Yesterday’s Trouble with the TPP post examined some of the uncertainty created by the surprising e-commerce provision that involves restrictions on source code disclosures. KEI notes that governments have not been shy about requiring source code disclosures in other contexts, such as competition worries. Yet this rule will establish new restrictions, creating concerns about the implications in areas such as privacy. For example, security and Internet experts have been sounding the alarm on the risks associated with exploited wifi routers and pointing to source code disclosures as potential solution.
Dave Farber, former Chief Technologist of the Federal Communications Commission, warns:
The Trouble With the TPP, Day 27: Source Code Disclosure Confusion
Another Trouble with the TPP is its foray into the software industry. One of the more surprising provisions in the TPP’s e-commerce chapter was the inclusion of a restriction on mandated source code disclosure. Article 14.17 states:
No Party shall require the transfer of, or access to, source code of software owned by a person of another Party, as a condition for the import, distribution, sale or use of such software, or of products containing such software, in its territory.
The provision is subject to some limitations. For example, it is “limited to mass-market software or products containing such software and does not include software used for critical infrastructure.” The source code disclosure rule is not found in any other current Canadian trade agreement, though leaked documents indicate that it does appear in a draft of the Trade in Services Agreement (TISA).
Recent Posts
The Law Bytes Podcast, Episode 200: Colin Bennett on the EU’s Surprising Adequacy Finding on Canadian Privacy Law 
Debating the Online Harms Act: Insights from Two Recent Panels on Bill C-63 
The Law Bytes Podcast, Episode 199: Boris Bytensky on the Criminal Code Reforms in the Online Harms Act 
AI Spending is Not an AI Strategy: Why the Government’s Artificial Intelligence Plan Avoids the Hard Governance Questions 
The Law Bytes Podcast, Episode 198: Richard Moon on the Return of the Section 13 Hate Speech Provision in the Online Harms Act
