A particularly handy guide, if you have privacy concerns and want them resolved by a privacy commissioner/data protection office.
Tag: Privacy
Today, Canadian scholars and civil liberties organizations have asked Canada’s telecommunications companies to explain how they disclose information to government authorities.
A project that’s been in the works, now, for 1.5 years is finally really starting! Exciting times!
Source: Towards Transparency in Canadian Telecommunications – The Citizen Lab
Categories
CSE Redactions
Clearly, Canadians can totally have confidence in CSEC’s steps to protect privacy. As in, there are 5 separate steps to protect Canadians, plus (possibly) other ‘incidental’ steps that are dealt with elsewhere. (Source: 2011 ATIP from CSEC)
Case # 34644 Matthew David Spencer v. Her Majesty the Queen (December 9, 2013) At issue is Whether section 8 of the Charter of Rights and Freedoms was violated. The appellant downloaded child pornography from the internet using a peer-to-peer file-sharing software program. The appellant stored child pornography in a shared folder and did not override the default settings that made the folder accessible to others. Since the files were accessible to other users they could therefore be downloaded. A police officer searched the shared folder and discovered the pornographic files. The officer couldn’t identify the owner of the folder but was able to determine that the IP address being used was assigned by Shaw Communications. The police wrote to Shaw and requested information identifying the assignee at the relevant time. Shaw Communications identified the user as the appellant’s sister. The police obtained a warrant and searched her residence, where they seized the appellant’s computer. The appellant was charged with possession of child pornography and making child pornography available.
An interesting case, especially when read against the scholarship that examines the Charter and PIPEDA implications of disclosing subscriber data absent a court order.
Categories
2013.12.10
The factions · Suspicion aside, and bearing in mind that in the IETF people are supposed to speak for themselves not on behalf of organizations, and also that opinions are highly fragmented, there are some roughly-identifiable opinion clusters, not organized or anything; but describing them may help people understand what’s going on.
The Privacy Partisans are aggressive about doing whatever’s possible by way of counter-attack, and doing it now. This notably includes engineers from Firefox and Chrome, who say that for HTTP/2.0, they’re just gonna run authenticated and encrypted all the time, whatever anyone says.
The Cynics are unconvinced about the usefulness of the counterattack measures on the table. They think that the technology isn’t good enough, or the secret-key infrastructure is corrupt, or that Google and Facebook and so on should be seen as attackers, or developers are just too lazy and incompetent to get the deployment right.
The Enterpriseys are people who think that surveillance is necessary because there are situations where law or policy require it. Examples include prisons, businesses that want to control their employees’ Net access, and devops folks who want to monitor for malware or do load-balancing.
The Unconvinced just don’t see the need for aggressive privacy protection; they think it’s foolish to apply it to public static brochure-ware, or that it’s unethical to impose encryption on people without asking them, or that it’s insane to try to encrypt the Internet of Things: Printers and toasters and so on.
Tim Bray, “Counter-Surveillance”
Tim does a good job in breaking down the ‘factions’ associated with the IETF and how/whether the organization will be technically addressing the NSA spying revelations. It’s hard to understate how important the IETF’s current involvement is in light of their decision – between 1999-2001 – to largely turn a blind eye to interception equipment and the spying of citizens’ communications.
Categories
2013.11.26
It would appear as though the culture of deceit inside the Tory caucus extends far beyond who knew what and when about secret payments to Mike Duffy. The cyber-bullying bill is largely a cut-and-paste job from legislation that had been rejected by the Canadian public, and which the government had promised never to reintroduce. It limits our freedom and violates our right to privacy. Canadians should not stand for this.
Jesse Kline, “Jesse Kline: Tories bully Canadians into accepting Internet surveillance bill”
Simon Davies, one of the world’s most prominent privacy advocates, has filed formal complaints across the EU concerning Google’s ‘Shared Endorsements’ policy. Per this policy, Google may use:
the images, personal data and identities of its users to construe personal endorsements published alongside the company’s advertised products across the Internet
…
The legality of recent changes to Google’s policies that allow the company to share personal data across all its products and services are currently being investigated by a number of EU data protection authorities. The data protection issues and violations highlighted in my complaint go the heart of many of the aspects under investigation. Indeed the Shared Endorsements policy is made possible only through company-wide amalgamation of personal data.
In effect, Davies argues that the amalgamation of Google’s services under the company’s harmonized privacy policy/data pooling policy may be illegal and that, moreover, individuals may not know that their images and comments might be revealed to people they know upon leaving reviews of products and services in Google-owned environments.
Admittedly, I find that the shared pooling of information across my networks can be incredibly helpful (e.g. highlighting the reviews/opinions of people I know concerning various subjects and topics). Knowing that a colleague with whom I share book interests likes a book is more helpful to me than a review from someone that I don’t know. At the same time, I review products that I’ve purchased online quite often: given how helpful others’ reviews can be when I’m purchasing a product it seems like a courtesy to provide information into a private-commons. So, while I would prefer a review from a colleague I’m perfectly willing to make purchasing decisions based on what absolute strangers say/write as well.
The more significant issue with Google’s products, in my opinion, emerges from how the company’s business decisions are narrowing the range of commentary individuals may engage in. Such self-censorship is largely attributable to linking all comments to a person’s real name/public identity. Personally, this means that I often avoid leaving some book reviews, not because I’m ‘ashamed’ of the review but because I worry about whether it could detrimentally affect my future publishing opportunities. My reviews are (I think) reasonably high quality and fair but I refuse to leave some without some degree of pseudonymity. There is no reason to believe that my decision is unique: those in similar, tight-knit, industries likely experience similar pressures to avoid reviewing/commenting on some products, despite being experts concerning the product(s) in question.
I am not from a ‘marginalized’ or ‘repressed’ social population, and Google is seemingly deploying platforms that are meant to serve people like me: people who freely review products online and who find it acceptable that such reviews are publicly shared and oftentimes highlighted to specific users. And yet, even I avoid saying certain (legal) things based on the (unknown) consequences linked to such speech acts. Despite being reasonably savvy concerning the collection, use, and sharing of personal information even I do not fully appreciate or understand how Google collects, retains, processes, or disseminates information I provide to the company. If even I am censoring legitimate speech because of the vicissitudes of Google’s privacy policies and uncertainties associated with providing content on their platforms then there is (to my mind) a very serious problem at the very base of the company’s contemporary data-integration and disclosure operations.
David Parkins, The Globe and Mail
Categories
2013.11.11
Generally it takes an incident to focus attention on the issue of informational privacy – and such incidents tend to focus on one type of record system at a time. This human interest element helps to define the policy problem, galvanize media and public attention, and give members of Congress concrete examples of privacy invasion to justify their votes. There is always vocal and well-financed opposition to privacy protections, generally from business and government bureaucrats who do not want to restrict access to information. Their opposition is usually quite successful in weakening the proposed privacy protections and in further narrowing the scope of such protections. And after passage opponents are likely the challenge legislation in the courts, often on the basis of First Amendment grounds that any information, including that about individuals, should flow freely and without government restrictions.
Priscilla M. Regan (2008), “The United States,” in Global Privacy Protection: The First Generation, James B. Rule and Graham Greenlead (eds.).
Excited Pixels 