#CyberFLASH: How a file-sharing lawsuit against Rogers threatens your Internet privacy: Geist

201310281614240l4j1t1yodou1gmqihww4xc3fThe centrepiece of Canada’s 2012 digital copyright reforms was the legal implementation of the “notice-and-notice” system that seeks to balance the interests of copyright holders, the privacy rights of Internet users and the legal obligations of Internet service providers (ISPs).

The law makes it easy for copyright owners to send infringement notices to ISPs, who are legally required to forward the notifications to their subscribers. The personal information of subscribers is not disclosed to the copyright owner.

Despite the promise of the notice-and-notice system, it has been misused virtually from the moment it took effect, with copyright owners exploiting a loophole in the law by sending settlement demands within the notices.

The government has tried to warn recipients that they need not settle — the Office of Consumer Affairs advises that there are no obligations on a subscriber that receives a notice and that getting a notice does not necessarily mean you will be sued — yet many subscribers panic when they receive notifications and promptly pay hundreds or thousands of dollars.

While the government has been slow to implement an easy fix for the problem in the form of regulations prohibiting the inclusion of settlement demands within the notices, another issue looms on the legal horizon that could eviscerate the privacy protections associated with the system.

Earlier this year, Voltage Pictures, which previously engaged in a lengthy court battle to require Canadian ISPs to disclose the names of alleged file sharers, adopted a new legal strategy. While the company obtained an order to disclose names in the earlier case, it came with conditions and costs. Its latest approach involves filing a reverse class action lawsuit against an unknown number of alleged uploaders of five of its movies.

The Voltage filing seeks certification of the class, a declaration that each member of the class has infringed its copyright, an injunction stopping further infringement, damages and costs of the legal proceedings. Voltage, which produced such award-winning movies as The Hurt Locker and Dallas Buyers Club, names as its representative respondent an unknown uploader — John Doe — who is linked to a Rogers IP address. It admits that it does not know the names or identifies of any members of its proposed class, but seeks to group anyone in Canada who infringed its copyright.

Read more here

#CyberFLASH: Canada lags U.S. privacy rules for ISPs

web-na-bell-hacker13nw1As the U.S. communications regulator unveiled a plan last week to hold Internet providers to a higher standard on customer privacy, Canadians might have felt a sense of déjà vu.

The Federal Communications Commission (FCC) announced a proposal on Wednesday that, if finalized, would require U.S. broadband Internet service providers (ISPs) to obtain “opt-in” consent from customers before sharing their information with third parties such as advertisers.

Under the proposal, ISPs could still use customer information for their own billing and marketing purposes – for example, an ISP that sees a customer is streaming a lot of data would be permitted to offer that customer an upgraded service package. However, broadband providers would have to expressly ask for consent before they share customer data. “When consumers sign up for Internet service, they shouldn’t have to sign away their right to privacy,” the FCC said in a statement.

It’s an issue that already came to the fore in Canada after BCE Inc.’s targeted online-advertising program, which tracked cellphone users’ browsing habits, app usage and phone calls to provide information to third-party advertisers and display specially tailored ads. That program sparked an investigation by the federal Office of the Privacy Commissioner (OPC) and a complaint to the Canadian Radio-television and Telecommunications Commission (CRTC).

The OPC inquiry concluded last April that BCE should have given its users the chance to opt-in to having their behaviour tracked rather than automatically tracking them. The federal privacy watchdog had no power to impose an order on BCE that would have forced it to change its approach (which did allow users to opt-out from consent), but the OPC said it was considering taking the matter to court. BCE eventually said it would withdraw its “Relevant Ads” program.

Internet users are often asked to surrender a certain amount of personal information – such as location data, browsing habits and demographic details – in exchange for using a “free” service such as Google’s e-mail platform or an app such as Facebook. But the BCE targeted-ads case raised the difficult question of why Internet users should sacrifice some of their privacy to a service provider they are already paying.

Read more here

#CyberFLASH: Quebec Bets on Internet Blocking: New Bill Mandates ISP Blocking of Gambling Websites

Apple Hosts Event At Company's Town HallThe Government of Quebec has introduced new legislation that requires Internet service providers to block access to unlicensed online gambling sites. The provisions are contained in an omnibus bill implementing elements of the government’s spring budget, which included a promise to establish website blocking requirements. The bill provides that “an Internet service provider may not give access to an online gambling site whose operation is not authorized under Québec law.” The government’s lottery commission will establish the list of banned websites:

“The Société des loteries du Québec shall oversee the accessibility of online gambling. It shall draw up a list of unauthorized online gambling sites and provide the list to the Régie des alcools, des courses et des jeux, which shall send it to Internet service providers by registered mail.“

According to the law:

“An Internet service provider that receives the list of unauthorized online gambling sites in accordance with section 260.35 shall, within 30 days after receiving the list, block access to those sites.“

As I noted earlier this year, the Quebec government apparently views this initiative as a revenue enhancing measure because it wants to direct gamblers to its own Espacejeux, the Loto-Québec run online gaming site. A November 2014 report found that Espacejeux was not meeting revenue targets since people were using other sites. The government believes that the website blocking will increase government revenues by $13.5 million in 2016-17 and $27 million per year thereafter.

Read more here

#CyberFLASH: Why We Need To Fight For a Free and Open Internet in 2015

large_cybersecOne of the most challenging things about working for an Internet freedom organization like OpenMedia is that there’s often a lot going on. As in, a LOT. It certainly makes for an exciting work life, but I’d be the first to admit it can also make it tricky to take a step back, reflect on the journey to date, and look at the bigger picture.

That’s partly why December is one of my favourite months. Not just because of the chance to catch up with old friends and family, but because it gives a rare opportunity to step back from the day-to-day campaign work and look forward to the challenges ahead.

And, when it comes to 2015, there’s a lot in store – it’s shaping up to be a pivotal year for digital rights and Internet freedom. Let’s look at just some of the key challenges we face:

Affordable Internet and cellphone service: Canadians have long suffered from some of the highest prices in the industrialized world for Internet and cellphone service. Our lack of choice and sky-high prices has held back innovation and our whole economy. 2015 will be a decisive year, with an important auction of key wireless resources, and with policymakers at the CRTC poised to rule on three vital decisions on wholesale wireless, access to affordable fibre Internet, and the future of TV in a digital era.

Read more here

#CyberFLASH: CRTC COMPLETES ANTI-SPAM PROBE, FINDS MALWARE WAS TO BLAME

malware1

The Canadian Radio-television and Telecommunications Commission (CRTC) announced today that by working with a small Saskatchewan business, it has stopped malicious spam messages from being sent to Canadians. Millions of spam messages were unknowingly being sent from a server owned by a Saskatchewan-based computer reseller.

In July 2014, the Spam Reporting Centre received reports of spam messages routed through Access Communications, an Internet service provider (ISP). During its investigation, the CRTC discovered that the spam messages were actually coming from a small business’s server, which used Access Communications as its ISP. This business’s server had become infected with malware, which had caused it to join the botnet “Ebury.” It is estimated that the infected server had sent millions of malicious spam messages without the business’s or Access Communications’ knowledge.

Once alerted to the situation by the CRTC, the small business and Access Communications fully cooperated and removed all traces of the malware.

Read more here

#CyberFLASH: Hacker took $83K Bitcoins : cyber experts

Hacker-took-83K-Bitcoins-cyber-experts-620x330

Scientists with a cyber security firm say they have uncovered that a hacker used access to a Canadian Internet provider to hijack large foreign networks, stealing more than US$83,000 in virtual currency.

The U.S.-based Dell SecureWorks says the hacker operated between February and May this year.

Joe Stewart, director of malware research at SecureWorks, said the hacker targeted firms that hosted servers generating virtual currencies such as Bitcoin — including Amazon in the U.S. and OVH in France — and redirected some activity.

“We were able to track the origins to a Canadian ISP,” he told The Canadian Press from Las Vegas, where he was attending a computer security conference.

“Someone had access to a router at that ISP. It had to be someone who managed to hack into that router and gained administrative rights, or someone who already had access.”

Read more here

#CyberFLASH: Teksavvy and Rogers publish transparency reports highlighting the extent of government data requests

cra-passwords-security_211076204-e1402005190177

Third-party internet provider Teksavvy and Rogers, one of the largest ISPs in Canada, have published the first Canadian telecommunications transparency reports.

Both Teksavvy and Rogers have released documents detailing the subscriber information both companies have released to police and spy agencies over the last few years. Teksavvy disclosed their transparency report first and then Rogers followed soon after.

According to Teksavvy’s transparency report, the company rejects two out of every three police requests for information. In Roger’s case, the company received 174,917 requests in 2013 for customer information from government and law enforcement agencies. This is 480 requests a day and one request per every 11 Rogers subscribers. 74,000 of these requests were court orders which means approximately 100,000 did not include warrants.

Read more here

#CyberFLASH: For Canada’s Spies, Your Data Is Just a Phone Call Away

9020272

To access an unlimited trove of personal information, all a government spy has to do in Canada is pick up a phone and call your internet provider—no written request required.

That revelation, brought to light by three different Canadian lawyers who’ve dealt directly with the Canadian Security Intelligence Service, the Royal Canadian Mounted Police, regional police, and the Communications Security Establishment Canada, comes amid a string of startling revelations on the privacy front in Canada. This comes just weeks before Bill C-13 will make it easier for police to access online information without judicial authorization.

While there has been much debate about Bill C-13 and the Harper government’s plans to aid data collection, it’s already relatively easy for law enforcement to collect data. Under Canadian voluntary disclosure law, police are free to request, obtain, and use personal data. ISPs are free to provide it. Bill C-13 promises to expand law enforcement’s data collection power while providing the ISPs with immunity from lawsuits and criminal charges.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.