#CyberFLASH: Facebook says users can’t stop it from using biometric data

facebook

Facebook Inc.’s software knows your face almost as well as your mother does. And like mom, it isn’t asking your permission to do what it wants with old photos.

While millions of internet users embrace the tagging of family and friends in photos, others worried there’s something devious afoot are trying block Facebook as well as Google from amassing such data.

As advances in facial recognition technology give companies the potential to profit from biometric data, privacy advocates see a pattern in how the world’s largest social network and search engine have sold users’ viewing histories for advertising. The companies insist that gathering data on what you look like isn’t against the law, even without your permission.

If judges agree with Facebook and Google, they may be able to kill off lawsuits filed under a unique Illinois law that carries fines of US$1,000 to US$5,000 each time a person’s image is used without permission — big enough for a liability headache if claims on behalf of millions of consumers proceed as class actions. A loss by the companies could lead to new restrictions on using biometrics in the U.S., similar to those in Europe and Canada.

Read more here

#CyberFLASH: National security review tries to tackle needs of law enforcement in digital world

160815_iy0oi_rci-cell-phone_sn635OTTAWA— The Liberal government is taking another crack at making it easier for police and spies to gain “lawful access” to telecom companies’ customers’ subscriber information, online activities, telephone conversations, and encrypted communications.

It comes deep into a sweeping discussion paper on how Canada should overhaul its national security laws.

The so-called “green paper,” released Thursday by Public Safety Minister Ralph Goodale, paints a picture of police and national security agencies stymied by technological advancements that terror suspects turn to their advantage, a Supreme Court of Canada decision that requires time-consuming unwieldy warrants for basic Internet subscriber information, and the failure of legislation to keep up with the bad guys.

The Liberal government is broaching the hot button topic more than four years after the Conservatives triggered an uproar when a senior cabinet minister — Vic Toews — accused opponents of siding with child pornographers if they didn’t support a bill to update state powers of electronic surveillance. Amid a storm of criticism and a backlash from privacy advocates, that bill was withdrawn.

This time, however, the Liberal government is making a detailed legal argument in favour of updating its powers in public and inviting Canadians to weigh in.

Goodale did not refer to the lawful access proposals in a news conference in Edmonton meant to highlight that the Liberals are keeping a promise to consult Canadians on changes to the Anti-Terrorism Act of 2015, also known as Bill C-51.

Read more here

#CyberFLASH: U.S. law can’t force American service providers to turn over foreign data: Court

Close up of wooden gavel at the computer keyboardOrganizations worried about the ability of American law enforcement agencies to get at electronic data in foreign data centres have at least some temporary relief after a U.S. federal appeal court ruled the government can’t force Microsoft to turn over a customer’s email held in Ireland.

In a decision released Thursday the court said a search warrant issued under the Stored Communications Act (SCA), which obliges U.S.-based service providers to hand over electronic records under certain circumstances, cannot apply to data held outside the United States and its territories.

Neither the SCA, nor its sister legislation, the Electronic Communications Privacy Act, implicitly or explicitly envision the application of warrants overseas, the appeal court ruled.

A lower court held Microsoft in contempt for refusing to obey the warrant following a long court fight that began in 2013 when the government sought email of a suspected narcotics dealer.

However, while the appeal court decision stands for now, the Obama administration could take the fight to the U.S. Supreme Court. And in an interview Halifax privacy lawyer David Fraser noted Congress could also amend the SCA to specifically say its warrants and subpoenas apply outside the U.S.

The ruling “is one which with I am pleased,” said Fraser, who acts for a number of U.S. technology companies in Canada who intervened in the case. “This is a very important case for determining some very important questions for determining, at least in this case, how far the United States government can reach through the Internet but outside the territory of the United States to compel access to content. But in the big picture it also relates to an will likely have an effect on the extent can other countries do the same sort of thing.”

He noted a growing number of privacy lawyers and professionals are watching this case, particularly after the revelations of former NSA contractor Edward Snowden on the electronic data gathering power of a number of countries, including Canada.

Read more here

#CyberFLASH: Canada lags U.S. privacy rules for ISPs

web-na-bell-hacker13nw1As the U.S. communications regulator unveiled a plan last week to hold Internet providers to a higher standard on customer privacy, Canadians might have felt a sense of déjà vu.

The Federal Communications Commission (FCC) announced a proposal on Wednesday that, if finalized, would require U.S. broadband Internet service providers (ISPs) to obtain “opt-in” consent from customers before sharing their information with third parties such as advertisers.

Under the proposal, ISPs could still use customer information for their own billing and marketing purposes – for example, an ISP that sees a customer is streaming a lot of data would be permitted to offer that customer an upgraded service package. However, broadband providers would have to expressly ask for consent before they share customer data. “When consumers sign up for Internet service, they shouldn’t have to sign away their right to privacy,” the FCC said in a statement.

It’s an issue that already came to the fore in Canada after BCE Inc.’s targeted online-advertising program, which tracked cellphone users’ browsing habits, app usage and phone calls to provide information to third-party advertisers and display specially tailored ads. That program sparked an investigation by the federal Office of the Privacy Commissioner (OPC) and a complaint to the Canadian Radio-television and Telecommunications Commission (CRTC).

The OPC inquiry concluded last April that BCE should have given its users the chance to opt-in to having their behaviour tracked rather than automatically tracking them. The federal privacy watchdog had no power to impose an order on BCE that would have forced it to change its approach (which did allow users to opt-out from consent), but the OPC said it was considering taking the matter to court. BCE eventually said it would withdraw its “Relevant Ads” program.

Internet users are often asked to surrender a certain amount of personal information – such as location data, browsing habits and demographic details – in exchange for using a “free” service such as Google’s e-mail platform or an app such as Facebook. But the BCE targeted-ads case raised the difficult question of why Internet users should sacrifice some of their privacy to a service provider they are already paying.

Read more here

#CyberFLASH: Homeland Security helps Canadian cops nab criminals

computer-laptop-keyboard-852They received no acknowledgement in court on the day of sentencing, but U.S. Department of Homeland Security personnel helped track down an Ontario man suspected by the Royal Newfoundland Constabulary and local RCMP of child luring.

Brian Donald’s case is not the only occasion where the U.S. agency has helped Canadian law enforcement, specifically by obtaining and using administrative subpoenas to gather information from U.S.-based Internet companies.

Why the collaboration? Because U.S.-based social media companies with U.S.-based records operate under U.S. jurisdiction.

The now-common and accepted Canada-U.S. interactions allow for more effective policing. But they also tie in with the ongoing and important discussion about governments’ and law enforcement’s access to web user data.

There is a need for the public and lawmakers to know more about how police on both sides of the border work, when they are working within their laws, plus exactly how and why they interact.

In 2014, in R vs. Spencer, the Supreme Court of Canada indicated warrants are generally required when police go to telecom companies in Canada (Shaw, Bell, Rogers, etc.) seeking to compel the release of identifying information for an online account, based on an Internet Protocol (IP) address.

Read more here

© 2013 CyberTRAX Canada - All Rights Reserved.
Sponsored by C3SA Corp.