Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

Privacy

Office of the Privacy Commissioner Memorandum, October 28, 2014

Secret Memo Reveals RCMP Records on Requests for Subscriber Data “Inaccurate and Incomplete”

Last fall, Daniel Therrien, the government’s newly appointed Privacy Commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how government collects, uses, and discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices regarding warrantless requests for telecom subscriber information.

The audit had been expected to shed new light into RCMP information requests. Auditors were forced to terminate the investigation, however, when they realized that Canada’s national police force simply did not compile the requested information. When asked why the information was not collected, RCMP officials responded that its information management system was never designed to capture access requests.

While that raised serious concerns – the RCMP has since promised to study mechanisms for reporting requests with recommendations expected in April – my weekly technology law column (Toronto Star version, homepage version) reports that documents recently obtained under the Access to Information Act reveal that the publicly released audit results significantly understated the severity of the problem. Indeed, after the draft final report was provided to the RCMP in advance for comment, several of the findings were toned down for the public release.

Read more ›

March 2, 2015 8 comments Columns
065 - VPN by el_finco (CC BY-NC-SA 2.0) https://flic.kr/p/65H7Gu

Rogers Executive Calls on Canadian Government to Shut Down VPNs

The Content Industry Connect conference, which was held in Toronto yesterday, featured a panel of leading television executives from Bell, the CBC, Corus, Rogers, and Shaw Media. Several people were live-tweeting the event when a comment from Rogers Senior Vice President David Purdy caught my eye. According to Kelly Lynne Ashton, a media policy expert, Purdy called on the Canadian government to shut down the use of virtual private networks:

@Klashton27 tweet by Kelly Lynne Ashton

Read more ›

February 27, 2015 67 comments News
Protection for Snowden by greensefa (CC BY 2.0) https://flic.kr/p/kY8n8o

Citizen Four and the Canadian Surveillance Story

Citizen Four, Laura Poitras’ enormously important behind-the-scenes documentary film on Edward Snowden, won the Academy Award last night for best documentary. The film is truly a must-see for anyone concerned with privacy and surveillance. It not only provides a compelling reminder of the massive scale and scope of surveillance today, but it also exposes us to the human side of Snowden’s decision to leave his life behind in order to tell the world about secret surveillance activity.

Canada is not mentioned in the film, but that is not because we have been immune to similar surveillance activity. In the months since the Snowden revelations began, there have been many Canadian-related stories including reports on G8/G20 spying, industrial spying in Brazil, the “airport wifi” surveillance program, and the massive Internet download surveillance program.

Read more ›

February 23, 2015 7 comments News
PM Harper visits the Arc de Triomphe with Steven Blaney by Stephen Harper (CC BY-NC-ND 2.0)  https://flic.kr/p/eNh192

“Total Information Awareness”: The Disastrous Privacy Consequences of Bill C-51

The House of Commons debate over Bill C-51, the anti-terrorism bill, began yesterday with strong opposition from the NDP, disappointing support from the Liberals, and an effort to politicize seemingly any criticism or analysis from the Conservative government. With the government already serving notice that it will limit debate, the hopes for a non-partisan, in-depth analysis of the anti-terrorism legislation may have already been dashed. This is an incredibly troubling development since the proposed legislation has all the hallmarks of being pulled together quickly with limited analysis. Yet both the Conservatives and Liberals seem content to stick to breezy talking points rather than genuinely work toward a bill that provides Canadians with better safeguards against security threats while also preserving privacy and instituting effective oversight.

The only detailed review to date has come from Professors Kent Roach and Craig Forcese. Their ongoing work – three lengthy background papers so far (Advocating or Promoting Terrorism, new CSIS powers, expanded information sharing) – provides by far the most exhaustive analysis of the bill and is a must-read for anyone concerned with the issue. Indeed, once you have read their work, it becomes readily apparent that all should be concerned with this legislation. Much of the focus to date has been on the lack of oversight and the expansive new powers granted to CSIS. However, the privacy implications of Bill C-51’s information sharing provisions also cry out for study and reform.

Read more ›

February 19, 2015 54 comments News
Did you consent to your involvement in this process? by Quinn Dombrowski (CC BY-SA 2.0) https://flic.kr/p/6Ghzp2

Canadian Chamber of Commerce, Canadian Marketing Association Take Aim At Digital Privacy Act’s Consent Provision

The Standing Committee on Industry, Science and Technology continues its hearing on the Digital Privacy Act (Bill S-4) yesterday, with appearances from Privacy Commissioner of Canada Daniel Therrien, the Canadian Chamber of Commerce, and the Canadian Marketing Association. Therrien expressed general support for the bill, but concern with the expanded voluntary disclosure provision.

The Canadian Chamber of Commerce and the Canadian Marketing Association seemed to take the committee by surprise by criticizing a provision in the bill that clarifies what constitutes meaningful consent. The proposed provision states:

6.1 For the purposes of clause 4.3 of Schedule 1, the consent of an individual is only valid if it is reasonable to expect that an individual to whom the organization’s activities are directed would understand the nature, purpose and consequences of the collection, use or disclosure of the personal information to which they are consenting.

That provision should be uncontroversial given that it only describes what most would take to mean consent, namely that the person to whom the activities are directed would understand the consequences of consent. Indeed, Therrien expressed support for the change, noting:

Read more ›

February 18, 2015 3 comments News