Wiertz Sebastien - Privacy by Sebastien Wiertz (CC BY 2.0) https://flic.kr/p/ahk6nh

Privacy

bc-amanda-todd10nw1 at https://amandatoddlegacy.files.wordpress.com/2013/10/bc-amanda-todd10nw1.jpg

Carol Todd on Bill C-13: “What Happened to Democracy?”

The Senate Committee on Justice and Human Rights continues its study later today on Bill C-13, the cyber-bullying/lawful access bill that has already passed the House of Commons and seems certain to clear the Senate shortly. I appeared before the committee last week, but one person who will not appear is Carol Todd, the mother of cyber-bullying victim Amanda Todd. Ms. Todd wrote to me yesterday to express her dismay at the committee process with Conservative Senators mischaracterizing her views and the committee declining to offer her an invitation to appear, likely due to her criticisms of the privacy-related provisions in the bill.

Ms. Todd did appear before the House of Commons committee studying Bill C-13, telling Members of Parliament:

November 26, 2014 — 10 comments — News

Uber is Uber Cool by Mike (CC BY-NC-SA 2.0) https://flic.kr/p/eeVwN3

Why Uber Has a Canadian Privacy Problem

The mounting battle between Uber, the popular app-based car service, and the incumbent taxi industry has featured court dates in Toronto, undercover sting operations in Ottawa, and a marketing campaign designed to stoke fear among potential Uber customers. As Uber enters a growing number of Canadian cities, the ensuing regulatory fight is typically pitched as a contest between a popular, disruptive online service and a staid taxi industry intent on keeping new competitors out of the market.

My weekly technology law column (Toronto Star version, homepage version) notes that if the issue was only a question of choosing between a longstanding regulated industry and a disruptive technology, the outcome would not be in doubt. The popularity of a convenient, well-priced alternative, when contrasted with frustration over a regulated market that artificially limits competition to maintain pricing, is unsurprisingly going to generate enormous public support and will not be regulated out of existence.

While the Uber regulatory battles have focused on whether it constitutes a taxi service subject to local rules, last week a new concern attracted attention: privacy. Regardless of whether it is a taxi service or a technological intermediary, it is clear that Uber collects an enormous amount of sensitive, geo-locational information about its users. In addition to payment data, the company accumulates a record of where its customers travel, how long they stay at their destinations, and even where they are located in real-time when using the Uber service.

November 24, 2014 — 5 comments — Columns

analog sphere of privacy by Jason Tester Guerrilla Futures (CC BY-ND 2.0) https://flic.kr/p/8Hq5GM

The Spencer Effect: No More Warrantless Access to Subscriber Info With Five Minutes of Police Work

The Canadian Press reports that the RCMP has abandoned some Internet-related investigations because it is unable to obtain warrantless access to subscriber information. The article is based on an internal memo expressing concern with the additional work needed to apply for a warrant in order to obtain access to subscriber information. The changes have arisen due to the Supreme Court of Canada’s Spencer decision, which held that there is a reasonable expectation of privacy in subscriber information. As a result, it is believed that most telecom and Internet providers have rightly stopped voluntary disclosures without a warrant (some have still not publicly stated their disclosure practices).

The article notes how easily subscriber information was disclosed prior to Spencer:

Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day. The agencies say that following the Supreme Court ruling about 10 hours are needed to complete the 10-to-20 pages of documentation for a request, and an answer can take up to 30 days.

The troubling aspect of the story is not that some investigations are being curtailed because law enforcement is now following due process and that telecom providers are requiring a warrant before disclosing subscriber information. It is that for millions of requests prior to Spencer, it took nothing more than five minutes to fill out a form with the information voluntarily released without court oversight and without notifying the affected subscriber.

November 21, 2014 — 8 comments — News

Senate Chamber HDR by Intiaz Rahim (CC BY-NC-ND 2.0) https://flic.kr/p/5LhGZg

Choosing Between Privacy and Cyberbullying: My Appearance on Bill C-13 Before the Senate Legal and Constitutional Affairs Committee

Yesterday I appeared before the Senate Committee on Legal and Constitutional Affairs, which is studying Bill C-13, the lawful access/cyberbullying bill. The full transcript of the spirited discussion is not yet available, but my opening statement is posted below.

Appearance before the Senate Standing Committee on Legal and Constitutional Affairs, November 19, 2014

Good afternoon. My name is Michael Geist. I am a law professor at the University of Ottawa, where I hold the Canada Research Chair in Internet and E-commerce Law. I appear today in a personal capacity representing only my own views.

Given the limited time, I’m going to confine my remarks to three privacy-related issues: immunity for voluntary disclosure, the low threshold for transmission data warrants, and the absence of reporting and disclosure requirements.

November 20, 2014 — 5 comments — Committees, News

Increased OPP Enforcement by Ryan Steele (CC BY-SA 2.0) https://flic.kr/p/dk2xn

Why Does the Ontario Provincial Police Still Not Know What is in the Lawful Access Bill?

Earlier this week, I posted on Ontario Provincial Police comments at the Standing Senate Committee on Legal and Constitutional Affairs hearing on Bill C-13 that were sharply critical of online anonymity. The same hearing was notable for additional comments from the OPP on the lawful access bill. The comments, which came in the opening statement, suggest that one of Canada’s largest police forces is simply unaware of the contents of the proposed legislation.

Scott Naylor of the OPP’s opening remarks included:

There is no question that some of the legislation involving technology and communication in Canada is out of date. Under the current legislation, police can only access the very basic subscriber information – i.e., name, address, telephone number – on a totally ad hoc basis, by production order from service providers. This means that there is an inconsistent response, which impedes investigations and, in extreme cases, may prolong victimization. Under the proposed legislation, Internet service providers would be compelled to provide this information in a timely fashion and on a consistent basis. Access to this information would be strictly controlled and limited to law enforcement officials, who would be fully trained in these procedures and subject to auditing and report oversight. I will repeat – auditing and report oversight.

Here is the problem: Naylor appears to think that Bill C-13 has not changed from Vic Toews’ Bill C-30. Under the lawful access bill, ISPs would not be compelled to disclose subscriber information. Indeed, the mandatory disclosure of subscriber information without a warrant was removed from the bill altogether. The bill does include incentives for voluntary disclosure, but there are no mandatory disclosure requirements. If the OPP think the bill guarantees consistent disclosure of subscriber information, it is wrong. In fact, the Supreme Court’s Spencer decision means that subscriber information now only comes (except in emergency circumstances) through a court order.

November 13, 2014 — 3 comments — News