Policy wonk. Torontonian. Photographer. Not necessarily in that order.
It is exceptionally rewarding to see years of research and advocacy while I was at my former employer lead to significant reforms to legislation The effect, thus far, has been to protect residents of Canada from cyber-related threats while, also, imposing checks on otherwise unfettered government power and simultaneously protecting all residents of Canada’s privacy.
One of the projects I’m involved in at work relates very closely to a bulk of academic policy books I read while doing my PhD. That’s not particularly surprising, I guess. One of those books, in particular, would be invaluable to my team as they navigate a neat (and well researched) policy space.
So I did what most people do: go to Amazon, search for the book, and then send it to my employer to purchase the title for the internal library.
Lo and behold, however, when I found said book on Amazon there was a single review of it. Interesting! Who would comment on this niche academic text and what did they say?
Well… apparently I would comment on this niche book and leave a review, and did so way back in 2008. I’ll be honest: the review does hold up. Though the fact that I was reviewing my supervisor’s book, publicly, and offering (fair!) critiques admittedly makes me grin a bit. And, also, probably speaks lots about why I tend to fit in well at workplaces where speaking truth to power is just the daily 9-5.
A friend identified a series of photos I’ve made over the past year that they wanted to have as prints. The matte prints all came in yesterday, and I was really pleased at how well Annex Photo made them.
I hade three prints made, one from my Ricoh GRiiix (uncropped, 10×15), one from my Fuji X100F (cropped to 17MP, 10×15), and one from the telephoto on my iPhone 14Pro (9MP, 8.5×11). When I’ve shown the prints to others they can’t tell which camera made which image, nor do they see any notable quality difference between the prints.
Now all that’s left is to package and mail the prints to their owner!
This is one of the cityscapes I took last year. It resonates with a number of themes that are often present in my photography: icons of Toronto, construction in the city, and the sense of impermanence and isolation associated with the Toronto streetscape.
The absence of humans along one of Toronto’s many core cross streets also spoke to me. It provided me with a sense of humanity-absent, which is narratively aligned with many of the images that I made throughout the depths of the pandemic.
Thinking should be done beforehand and afterwards—never while actually taking a photograph. Success depends on the extension of one’s culture, on one’s set of values, one’s clarity of mind and vivacity.
Henri Cartier-Bresson
The recent report from Office of the Privacy Commissioner of Canada, entitled “Investigation of the RCMP’s collection of open-source information under Project Wide Awake,” is an important read for those interested in the restrictions that apply to federal government agencies’ collection of this information.
The OPC found that the RCMP:
It is a breathtaking condemnation of the method by which the RCMP collected open source intelligence, and includes assertions that the agency is involved in activities that stand in contravention of PIPEDA and the Privacy Act, as well as its own internal processes and procedures. The findings in this investigation build from past investigations into how Clearview AI collected facial images to build biometric templates, guidance on publicly available information, and joint cross-national guidance concerning data scraping and the protection of privacy.
In January, the UK’s National Cyber Security Centre (NCSC) published its assessment of the near-term impact of AI with regards to cyber threats. The whole assessment is worth reading for its clarity and brevity in identifying different ways that AI technologies will be used by high-capacity state actors, by other state and well resourced criminal and mercenary actors, and by comparatively low-skill actors.
A few items which caught my eye:
There are more insights, such as the value of training data held by high capacity actors and the likelihood that low skill actors will see significant upskilling over the next 18 months due to the availability of AI technologies.
The potential to assess information more quickly may have particularly notable impacts in the national security space, enable more effective corporate espionage operations, as well as enhance cyber criminal activities. In all cases, the ability to assess and query volumes of information at speed and scale will let threat actors extract value from information more efficiently than today.
The fact that the same technologies may enable lower-skilled actors to undertake wider ransomware operations, where it will be challenging to distinguish legitimate versus illegitimate security-related emails, also speaks to the desperate need for organizations to transition to higher-security solutions, including multiple factor authentication or passkeys.
Percy Campbell et al.’s article, “User Perception of Smart Home Surveillance Among Adults Aged 50 Years and Older: Scoping Review,” is a really interesting bit of work into older adults/ perceptions of Smart Home Technologies (SMTs). The authors conducted a review of other studies on this topic to, ultimately, derive a series of aggregated insights that clarify the state of the literature and, also, make clear how policy makers could start to think about the issues older adults associate with SMTs.
Some key themes/issues that arose from the studies included:
Given the privacy, safety, etc themes, and how regulatory systems are sometimes being outpaced by advances in technology, they authors propose a data justice framework to regulate or govern SHTs. This entails:
While I still think that there is the ability of regulatory systems to be involved in this space — if only regulators are both appropriately resourced and empowered! — I take the broader points that regulatory approaches should, also, include ‘data justice’ components. At the same time, I think that most contemporary or recently updated Western privacy and human rights legislation includes these precepts and, also, that there is a real danger in asserting there is a need to build a new (more liberal/individualistic) approach to collective action problems that regulators, generally, are better equipped to address than are individuals.
It can be remarkably easy to target communications to individuals’ based on their personal location. Location information is often surreptitiously obtained by way of smartphone apps that sell off or otherwise provide this data to data brokers, or through agreements with telecommunications vendors that enable targeting based on mobile devices’ geolocation.
Senator Wyden’s efforts to investigate this brokerage economy recently revealed how this sensitive geolocation information was used to enable and drive anti-abortion activism in the United States:
Wyden’s letter asks the Federal Trade Commission and the Securities and Exchange Commission to investigate Near Intelligence, a location data provider that gathered and sold the information. The company claims to have information on 1.6 billion people across 44 countries, according to its website.
The company’s data can be used to target ads to people who have been to specific locations — including reproductive health clinic locations, according to Recrue Media co-founder Steven Bogue, who told Wyden’s staff his firm used the company’s data for a national anti-abortion ad blitz between 2019 and 2022.
…
In a February 2023 filing, the company said it ensures that the data it obtains was collected with the users’ permission, but Near’s former chief privacy officer Jay Angelo told Wyden’s staff that the company collected and sold data about people without consent, according to the letter.
While the company stopped selling location data belonging to Europeans, it continued for Americans because of a lack of federal privacy regulations.
While the company in question, Near Intelligence, declared bankruptcy in December 2023 there is a real potential for the data they collected to be sold to other parties as part of bankruptcy proceedings. There is a clear and present need to legislate how geolocation information is collected, used, as well as disclosed to address this often surreptitious aspect of the data brokerage economy.
In January, the UK’s National Cyber Security Centre (NCSC) published its assessment of the near-term impact of AI with regards to cyber threats. The whole assessment is worth reading for its clarity and brevity in identifying different ways that AI technologies will be used by high-capacity state actors, by other state and well resourced criminal and mercenary actors, and by comparatively low-skill actors.
A few items which caught my eye:
There are more insights, such as the value of training data held by high capacity actors and the likelihood that low skill actors will see significant upskilling over the next 18 months due to the availability of AI technologies.
The potential to assess information more quickly may have particularly notable impacts in the national security space, enable more effective corporate espionage operations, as well as enhance cyber criminal activities. In all cases, the ability to assess and query volumes of information at speed and scale will let threat actors extract value from information more efficiently than today.
The fact that the same technologies may enable lower-skilled actors to undertake wider ransomware operations, where it will be challenging to distinguish legitimate versus illegitimate security-related emails, also speaks to the desperate need for organizations to transition to higher-security solutions, including multiple factor authentication or passkeys.
Excited Pixels