#CyberFLASH: Election could shine spotlight on digital issues: Geist

Local Input~ FOR NATIONAL POST USE ONLY - NO POSTMEDIA - Hacker using laptop. Lots of digits on the computer screen. Credit fotolia.Media reports indicate that Canadians may officially find themselves in an election campaign by the end of the weekend. With the actual vote still eleven weeks away, the long campaign will provide numerous opportunities to contrast the various political parties on key issues such as economic policy, security, ethics, the environment, and health care.

Digital policies will also deserve some time in the spotlight. Topping the list of concerns include the post-Bill C-51 landscape, support for the Trans Pacific Partnership, and the prospect of a Digital Canada 3.0.

1. Bill C-51 and what comes next

Bill C-51, the controversial anti-terrorism bill, emerged as one of the biggest political issues of the year, with thousands of Canadians protesting against legislation they viewed as excessively restrictive of their privacy and civil rights. The bill passed in June, but not before all three major parties adopted distinct positions. The Conservatives unsurprisingly supported their plan with few amendments, the NDP offered the strongest opposition, and the Liberals voted for the bill but promised changes if elected.

Those positions open the door to a robust debate on what comes next. The Liberals have committed to repealing elements of Bill C-51, but leaving some of it untouched. What would an NDP government do? With a Conservative-backed Senate committee recently proposing additional reforms, do the Conservatives view Bill C-51 as the end or the beginning of legal changes to combat terrorism?

On top of Bill C-51 and its aftermath, the Edward Snowden surveillance revelations still loom large. The government has largely avoided discussing Canada’s role in global Internet surveillance activities even as other countries have eliminated some programs and beefed up oversight in response to public concern. A clear position from each party on Canadian network surveillance activities is long overdue.

Read more here

#CyberFLASH: Mapping Out the CRTC Blueprint for Universal Affordable Internet Access

typing-darkIn the wake of nearly two decades of study, debate, task forces, and government programs, Canada’s telecommunications regulator has begun to unveil its blueprint for ensuring that all Canadians have access to affordable, high-speed Internet services. If the plan rolls out as many expect, Canadians in urban areas will benefit from a more competitive environment for high-speed fibre services, while consumers in rural and remote areas will be guaranteed access through a clear legal commitment to universal broadband service.

My weekly technology law column (Toronto Star version, homepage version) notes that part one of the blueprint was released last week as the Canadian Radio-television and Telecommunications Commission rejected opposition from large cable and telecom providers by ordering them to offer independent Internet providers wholesale access to emerging high-speed fibre networks.

The decision on wholesale access is the latest skirmish in a long-running battle pitting telecom giants such as Bell and Telus against upstart providers like TekSavvy and Distributel. Recognizing the advantages held by incumbent providers who enjoy direct connections to consumers (the so-called “last mile”), Canadian regulations foster a more competitive environment by requiring the incumbents to grant independent providers sufficient access to allow for alternative consumer choice.

The system has succeeded in developing some credible independents, yet the market remains dominated by the larger players. Part of the problem has been the steady stream of technical and regulatory challenges faced by smaller entrants, who seemingly have little choice but to take each dispute to the CRTC, leading to costlier offerings, slower speeds, and less product differentiation.

Read more here

#CyberFLASH: Four ways Canada’s new transparency rules fall short.

hi-bc-archive-surveillance-camerasCanadians have become increasingly troubled by reports revealing that telecom and Internet companies receive millions of requests for subscriber data from a wide range of government departments. In light of public concern, some Internet and telecom companies have begun to issue regular transparency reports that feature aggregate data on the number of requests they receive and the disclosures they make.

The transparency reports from companies such as Rogers, Telus and TekSavvy have helped shed light on government demands for information and on corporate disclosure practices. However, they also paint an incomplete picture since companies have offered up inconsistent data and some of the largest, including Bell, have thus far refused to come clean on past requests and disclosures.

The Privacy Commissioner of Canada released a report last week that showed that all transparency reports are not created equal. For example, TekSavvy has provided information on the content of the disclosures, the number of accounts affected and instances where users were notified. By contrast, companies such as Rogers, Telus, Allstream and Wind Mobile have not disclosed this information, offering more limited data.

In an effort to create greater uniformity in transparency reporting, Industry Canada has just released new transparency reporting guidelines. The government states that it has released the guidelines “to help private organizations be open with their customers, regarding the management and sharing of their personal information with government, while respecting the work of law enforcement, national security agencies and regulatory authorities.”

Read more here

#CyberFLASH: How the budget bill quietly reshapes privacy law: Geist

reedle.jpg.size.xxlarge.letterboxA budget implementation bill is an unlikely — and many would say inappropriate — place to make major changes to Canadian privacy law. Yet Bill C-59, the government’s 158-page bill that is set to sweep through the House of Commons, does just that.

The omnibus budget bill touches on a wide range of issues, including copyright term extension, and retroactive reforms to access to information laws. But there are also privacy amendments that have received little attention.

In fact, the Privacy Commissioner of Canada was not even granted the opportunity to appear before the committee that “studied” the bill, meaning that privacy was not discussed nor analyzed (the committee devoted only two sessions to external witnesses for study, meaning most issues were glossed over).

The bill raises at least three privacy-related concerns. First, the retroactive reforms to access to information, which are designed to backdate the application of privacy and access to information laws to data from the long-gun registry, has implications for the privacy rights of Canadians whose data is still contained in the registry. By backdating the law, the government is effectively removing the privacy protections associated with that information.

Second, the government plans to expand its collection of biometric information, including fingerprints and digital photos, to visitors from 150 countries. The law currently applies to 29 countries and one territory, meaning this constitutes a massive expansion in the amount of personal data the government collects.

Read more here

#CyberFLASH: Your government is spying on you online. Here’s what you can do about it

cra-data-security-2Another week, another revelation originating from the seemingly unlimited trove of Edward Snowden documents.

This week, the CBC reported that Canada was among several countries whose surveillance agencies actively exploited security vulnerabilities in a popular mobile web browser used by hundreds of millions of people. Rather than alerting the company and the public that the software was leaking personal information, they viewed the security gaps as a surveillance opportunity.

In the days before Snowden, these reports would have sparked a huge uproar. More than half a billion people around the world use UC Browser, the mobile browser in question, suggesting that this represents a massive security leak. At stake was information related to users’ identity, communication activities, and location data – all accessible to telecom companies, network providers and surveillance agencies.

Yet coming on the heels of global revelations of surveillance of network exchange points and Internet giants along with Canadian disclosures of daily mass surveillance of millions of Internet downloads and airport wireless networks, nothing surprises anymore. Instead, there is a resigned belief that privacy on the network has been lost to surveillance agencies who use every measure at their disposal to monitor or gather virtually all communications.

While the surveillance stories become blurred over time, there is an important distinction with the latest reports. The public has long been told that sacrificing some privacy may be part of a necessary trade-off to provide effective security.

However, by failing to safeguard the security of more than 500 million mobile users, the Five Eyes surveillance agencies — Canada, the U.S., the U.K., New Zealand and Australia — have sent the message that the public must perversely sacrifice their personal security as well.

Read more here

#CyberFLASH: Privacy bill actually undermines privacy

n-ONLINE-PRIVACY-largeCanada’s privacy reform law should include stiffer penalties for companies that commit security breaches, according to a University of Ottawa law professor.

But instead the Digital Privacy Act, Bill S-4, leaves a “massive hole” when it comes to protecting Canadians’ personal information says Michael Geist.

As the draft legislation currently stands, Bill S-4 allows telecom companies, Internet providers or banks to share personal information about subscribers – without the subscriber knowing.

“Not only does it really hurt our privacy, but it really runs counter to a lot of things that Canadian courts have had to say about safeguarding personal information,” said Geist on Monday, after speaking at a committee hearing for the bill.

Read more here

#CyberFLASH: RCMP records called ‘incomplete and inaccurate’ in memo: Geist

therrien.jpg.size.xxlarge.letterboxLast fall, Daniel Therrien, the government’s newly appointed Privacy Commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how government collects, uses, and discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices regarding warrantless requests for telecom subscriber information.

The audit had been expected to shed new light into RCMP information requests. Auditors were forced to terminate the investigation, however, when they realized that Canada’s national police force simply did not compile the requested information. When asked why the information was not collected, RCMP officials responded that its information management system was never designed to capture access requests.

While that raised serious concerns – the RCMP has since promised to study mechanisms for reporting requests with recommendations expected in April – documents recently obtained under the Access to Information Act and reported here for the first time reveal that the publicly released audit results significantly understated the severity of the problem. Indeed, after the draft final report was provided to the RCMP in advance for comment, several of the findings were toned down for the public release

Read more here

#CyberFLASH: Why Bell’s targeted ad approach falls short on privacy: Geist

bell.jpg.size.xxlarge.letterboxIn October 2013, Bell announced the launch of a targeted advertising program that uses its customers’ personal information to deliver more “relevant advertising.” The announcement sparked hundreds of complaints with the Privacy Commissioner of Canada and a filing by the Public Interest Advocacy Centre over the same issue with the Canadian Radio-television and Telecommunications Commission.

Nearly a year and a half later, the complaints and filings remain unresolved. The CRTC case has succeeded in placing considerably more information on the public record, however, offering a better perspective on what Bell is doing and why its privacy approach falls short.

From Bell’s perspective, the targeted advertising approach, which it calls RAP or Relevant Ads Program, does not involve the collection of additional information (it already collects whatever is being used) and the company allows users to opt out of this use of their information if they so choose. Moreover, it argues that the program is similar to what telecom companies in the United States as well as Internet giants such as Google and Facebook offer.

Yet documents now available on the public record reveal that there are important differences, creating serious privacy concerns.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.