#CyberFLASH: Canada lags U.S. privacy rules for ISPs

web-na-bell-hacker13nw1As the U.S. communications regulator unveiled a plan last week to hold Internet providers to a higher standard on customer privacy, Canadians might have felt a sense of déjà vu.

The Federal Communications Commission (FCC) announced a proposal on Wednesday that, if finalized, would require U.S. broadband Internet service providers (ISPs) to obtain “opt-in” consent from customers before sharing their information with third parties such as advertisers.

Under the proposal, ISPs could still use customer information for their own billing and marketing purposes – for example, an ISP that sees a customer is streaming a lot of data would be permitted to offer that customer an upgraded service package. However, broadband providers would have to expressly ask for consent before they share customer data. “When consumers sign up for Internet service, they shouldn’t have to sign away their right to privacy,” the FCC said in a statement.

It’s an issue that already came to the fore in Canada after BCE Inc.’s targeted online-advertising program, which tracked cellphone users’ browsing habits, app usage and phone calls to provide information to third-party advertisers and display specially tailored ads. That program sparked an investigation by the federal Office of the Privacy Commissioner (OPC) and a complaint to the Canadian Radio-television and Telecommunications Commission (CRTC).

The OPC inquiry concluded last April that BCE should have given its users the chance to opt-in to having their behaviour tracked rather than automatically tracking them. The federal privacy watchdog had no power to impose an order on BCE that would have forced it to change its approach (which did allow users to opt-out from consent), but the OPC said it was considering taking the matter to court. BCE eventually said it would withdraw its “Relevant Ads” program.

Internet users are often asked to surrender a certain amount of personal information – such as location data, browsing habits and demographic details – in exchange for using a “free” service such as Google’s e-mail platform or an app such as Facebook. But the BCE targeted-ads case raised the difficult question of why Internet users should sacrifice some of their privacy to a service provider they are already paying.

Read more here

#CyberFLASH: Bell faces $750 million lawsuit over targeted ad program

bellThe battle over BCE Inc.’s contentious targeted advertising program is moving into the courtroom after a $750-million class action lawsuit was filed against its Bell Mobility and Bell Canada units.

Court documents filed with the Ontario Superior Court of Justice allege that the Mississauga, Ont.-based subsidiaries of BCE breached contractual obligations, privacy laws and the Telecommunications Act resulting from their “unauthorized use and disclosure of [clients’] personal information” to a third party without explicit consent. By doing so for a fee, Bell was “unjustly enriched” and ought to be financially liable for “the anguish, suffering and distress” caused by its “unlawful intrusion,” the filings state.

Bell spokesperson Jacqueline Michelis declined to comment on the lawsuit, filed Thursday.

Ted Charney of Toronto’s Charney Lawyers, one-half of the counsel representing plaintiff Settimo Tocco, a Bell Mobility client with data service who resides in Windsor, Ont., estimates as many as five million of Bell’s 7.9 million wireless customers were tracked under the so-called Relevant Advertising Program (RAP) through their use of Internet data, making this “the largest privacy breach ever ” in Canada.

“We think there’s going to be some damages awarded to each class member, and the real question is ‘what’s the amount going to be?’” Charney said in an interview Friday. “Could be anywhere from a couple hundred dollars to a couple thousand dollars, depending on the nature of the privacy breach and the circumstances of how the breach happened.”

Read more here

 

#CyberFLASH: FBI watched as hacker dumped Bell Canada passwords online

10712553When Bell Canada’s website was hacked last year — and the accounts and passwords of more than 12,000 Canadians posted online — the Federal Bureau of Investigation was not only watching, but letting the hackers stage the attack from what was secretly an FBI server.

The bureau had spent more than a year keeping tabs on the 15-year-old Canadian teenager, who discovered the vulnerability then passed it to an American counterpart. It was the American who carried out the cyberattack on behalf of a collective calling itself NullCrew.

The details emerged in an Ottawa courtroom last month after the Canadian teen pleaded guilty to a single count of unlawfully using a computer.

The 15-year-old teen, who used the online nickname “Null”, discovered a weakness in a Bell Canada login page. It allowed someone to gain access to the usernames and passwords of small and medium-sized business customers that were contained within a database maintained by a third-party supplier to Bell.

The teen didn’t post the data, but instead shared how to access it using what is known as a SQL injection attack with another NullCrew member named “Orbit.”

Read more here

Ottawa won’t intervene after CRTC rejects BCE-Astral deal

BCE Inc. said it will ask the federal cabinet to intervene after the CRTC rejected its proposed $3.4-billion takeover of Astral Media, saying it would place too much power in the hands of one company and threaten the competitive media landscape in Canada.

“BCE failed to persuade us that the deal would benefit Canadians,” said Jean-Pierre Blais, chairman of the CRTC, in a statement explaining the commission’s decision to block the bid.

“It would have placed significant market power in the hands of one of the country’s largest media companies.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.