Paul Hardwick: Canada

Administrivia: Possible unscheduled upgrade of Privacy Digest

Sun, 18 Mar 2007 01:39:04 GMT

Administrivia: Possible unscheduled upgrade of Privacy Digest.

I might be implementing an unscheduled upgrade of the site due to some problems with the software I am currently using to run the site. I had been working on upgrading the software to implement some new features but may have to implement sooner than originally planned. If you would like to take a peek at the planned software take a visit to http://www.PrivacyDigest.com/index.php Yes the full URL will have to be entered until I have completed the switch over.

There may be some hiccups during the process as the XML/RSS location will change along with access to the sub-topics. I plan to create mod-rewrite rules to take of this but they may not all be ready on day one.

Please let me know what you think.

Canada.com and Email Privacy

Tue, 13 Mar 2007 02:44:46 GMT

Canada.com and Email Privacy [Michael Geist Privacy Law RSS News Feed]

TorontoSun.com - Canada - Privacy swipe? New system would check IDs in stores

Mon, 12 Mar 2007 20:38:21 GMT

Convenience stores that check ID by swiping driver's licences could be violating privacy law, Government Services Minister Gerry Phillips said Wednesday.

The system called "We Expect ID," would see store clerks swipe licences through a lottery terminal to verify a customer's age when purchasing alcohol, cigarettes, adult magazines, lottery tickets or fireworks. The terminal will read age information from the magnetic stripe on the licence and display the person's age on the terminal.

U.S. Senators Pressure Canada on Canadian DMCA.

Wed, 07 Mar 2007 16:49:09 GMT

U.S. Senators Pressure Canada on Canadian DMCA. An anonymous reader writes "The U.S. copyright lobby brought out some heavy artillery last week as it continued to pressure Canada to introduce a Canadian DMCA. U.S. Ambassador to Canada David Wilkins gave a public talk in which he described Canadian copyright law as the weakest in the G7, while Senators Dianne Feinstein and John Cornyn wrote to Canadian Prime Minister Stephen Harper to urge him to bring in movie piracy legislation." [Slashdot]

Canadian Gov't Grants Olympics Ownership of Winter.

Sun, 04 Mar 2007 03:17:34 GMT

Canadian Gov't Grants Olympics Ownership of Winter. An anonymous reader writes "Michael Geist reports that the Canadian government has introduced new legislation that grants Vancouver Olympic organizers broad powers to police the use of any commercial use of the words associated with the Olympics. These incredibly include 'winter, Vancouver, and games.' As Geist notes, the government 'has no time to deal with spam, spyware, privacy, or net neutrality, but commits to legislation on behalf of the organizers of a sporting event?'" [Slashdot: Your Rights Online]

BBC NEWS | Americas | Canada rejects anti-terror laws

Wed, 28 Feb 2007 22:32:01 GMT

The Canadian parliament has voted against renewing two controversial anti-terror measures that had been adopted after the 11 September attacks.

The measures allowed suspects to be detained without charge for three days and could compel witnesses to testify.

The minority Conservative government accused the opposition Liberals of being soft on terror.

The vote comes days after the Supreme Court revoked a law allowing foreign suspects to be detained indefinitely.

Neither measure has ever been used since they were brought in by the then ruling Liberals after the attacks on New York and Washington in 2001.

To allay human rights concerns, the measures were given a five-year limit and expire on 1 March.

Canada Rejects Anti-Terror Laws.

Wed, 28 Feb 2007 22:28:09 GMT

Canada Rejects Anti-Terror Laws. Coryoth writes "The Canadian parliament has voted against renewing anti-terror laws that had been introduced after September 11, 2001. The rejected laws included provisions to hold terror suspects indefinitely, and to compel witnesses to testify, and were in some sense Canada's version fo the Patriot Act. The laws were voted down in the face of claims from the minority Conservative government that the Liberal Party was soft on terror, and despite the fact that Canada has faced active terrorist cells in their own country. The anti-terror laws have never been used, and it was viewed that they are neither relevant, nor needed, in dealing with terrorist plots. Hopefully more countries will come to the same conclusion." [Slashdot: Your Rights Online]

Administrivia: Now we have a overheated CPU ( 60 degrees centigrade )

Tue, 27 Feb 2007 23:39:01 GMT

OK, if the DDOS attack wasn't enough. Now our server went down with a temperature overload. We were up to 60 degrees centigrade when we shut down. The CPU and a broken fan have been replaced.

Administrivia: Our data-center was hit by a DDOS attack today.

Tue, 27 Feb 2007 21:19:59 GMT

Sorry for being either very slow or off the net for a while recently. The data-center we are part of was hit by a DDOS (Distributed Denial Of Service) attack recently. At the moment it looks to be under control, but we are keeping an eye on things.

Going to Canada? Check your past / Visitors with minor criminal records turned back at border

Fri, 23 Feb 2007 21:25:44 GMT

There was a time not long ago when a trip across the border from the United States to Canada was accomplished with a wink and a wave of a driver's license. Those days are over.

Take the case of 55-year-old Lake Tahoe resident Greg Felsch. Stopped at the border in Vancouver this month at the start of a planned five-day ski trip, he was sent back to the United States because of a DUI conviction seven years ago. Not that he had any idea what was going on when he was told at customs: "Your next stop is immigration.''

Felsch was ushered into a room. "There must have been 75 people in line," he says. "We were there for three hours. One woman was in tears. A guy was sent back for having a medical marijuana card. I felt like a felon with an ankle bracelet.''

[...]

Welcome to the new world of border security. Unsuspecting Americans are turning up at the Canadian border expecting clear sailing, only to find that their past -- sometimes their distant past -- is suddenly an issue.

While Canada officially has barred travelers convicted of criminal offenses for years, attorneys say post-9/11 information-gathering, combined with a sweeping agreement between Canada and the United States to share data, has resulted in a spike in phone calls from concerned travelers.

They are shocked to hear that the sins of their youth might keep them out of Canada. But what they don't know is that this is just the beginning. Soon other nations will be able to look into your past when you want to travel there.

[...]

"From the time that you turn 18, everything is in the system,'' says Lucy Perillo, whose Canada Border Crossing Service in Winnipeg, Manitoba, helps Americans get into the country.

[...]

So it isn't as if rules have stiffened. But what has changed is the way the information is gathered. In the wake of 9/11, Canada and the United States formed a partnership that has dramatically increased what Lesperance calls "the data mining'' system at the border.

The Smart Border Action Plan, as it is known, combines Canadian intelligence with extensive U.S. Homeland Security information. The partnership began in 2002, but it wasn't until recently that the system was refined.

"They can call up anything that your state trooper in Iowa can,'' Lesperance says. "As Canadians and Americans have begun cooperating, all those indiscretions from the '60s are going to come back and haunt us.''

[...]

The lesson, the attorneys say, is that if you must travel to Canada, you should apply for "a Minister's Approval of Rehabilitation" to wipe the record clear.

Oh, and by the way, if you don't need to travel to Canada, don't think you won't need to clear your record. Lesperance says it is just a matter of time before agreements are signed with governments in destinations like Japan, Indonesia and Europe.

"This,'' Lesperance says, "is just the edge of the wedge.''

Canadian Border Tightens Due to Info Sharing.

Fri, 23 Feb 2007 20:21:12 GMT

Canadian Border Tightens Due to Info Sharing. blu3 b0y writes "The San Francisco Chronicle is reporting that new information sharing agreements have made it as easy for a Canadian border officer to know the full criminal records of US citizens as it is for their local police. As a result, Canadian officials are turning away American visitors for ancient minor convictions, including 30-year-old shoplifting and minor drug possession convictions. Officials claim it's always been illegal to enter Canada with such convictions without getting special dispensation, they just had no good way of knowing about them until recent security agreements allowed access. One attorney speculates it's not long before this information will be shared with other countries as well, causing immigration hassles worldwide." [Slashdot: Your Rights Online]

Captain Copyright Expires.

Tue, 13 Feb 2007 23:29:37 GMT

Captain Copyright Expires. The Canadian superhero Captain Copyright has finally expired, not due to pirates or to the passage of 50 years after the death of the author, but because "the current climate around copyright issues will not allow a project like this one to be successful." The cartoon was intended to provide an education in copyright law for children, but it became a focus for criticism when even the Canadian Library Association condemned it for lacking balance because it ignored issues like Fair Dealing (Canada's version of Fair Use). Personally, I was hoping we'd see them get sued by DC & Marvel, who claim to own the trademark on the word "superhero", and vanish in a puff of logic. [Slashdot: Your Rights Online]

Copyright collective wants iPod levy

Mon, 12 Feb 2007 02:16:29 GMT

OTTAWA- Canada's Private Copyright Collective is taking another stab at introducing levies on digital music players and memory cards.

The charges could add as much as $75 to the price of a new Apple iPod.

The collective, which seeks to compensate artists for unauthorized copying of their music, said Friday it's taking a new tack after a 2003 Federal Court of Appeals decision rejected the levies.

The court overturned the Copyright Board of Canada's approval of the charges after protests by a coalition of industry groups that included retailers Wal-Mart, Staples Business Depot and Future Shop.

The collective had argued the memory inside a digital audio device such as an iPod is an audio recording medium primarily used to store music, and therefore should be subject to the Canadian Copyright Act.

The act states an audio recording medium is "a medium regardless of its material form on which a recording can be reproduced."

The court, however, found the memory can't be defined as an audio recording medium.

Now, the group is going after the devices themselves. It says devices such as the iPod can be classified as a "recording medium" and should be subject to taxation.

"It is simply a matter of fairness that the creators of content, the creators of culture actually, should receive some compensation for the large volume of unauthorized and uncontrollable copying onto these media," said collective chair Claudette Fortier. "Private copying is a fact - Canadians do it."

The group is responsible for collecting a levy on blank recording media and distributing the money to those entitled to royalties.

In other words, every time a Canadian buys a blank CD, or audio cassette today a portion of the cost is sent to artists all over the world such as Kid Rock, Justin Timberlake and Paris Hilton.

In its new submission to the Copyright Board, the collective is proposing levies of $5 on devices with up to one gigabyte (GB) of memory, $25 for one to 10 GB, $50 for between 10 GB and 30 GB and $75 for over 30 GB. That would take the price of Apple's 30GB iPod to $365 from $290, a 26 per cent increase.

The group is also asking for levies of $2 to $10 for memory cards, which are primarily used to store photographs in digital cameras.

It's also asking for eight-cent increases to the current 21-cent levy on blank CD media and 77-cent charge for CD-R Audio, CD-RW Audio and MiniDiscs.

Canadian Copyright Group Wants iPod Tax.

Mon, 12 Feb 2007 02:13:23 GMT

Canadian Copyright Group Wants iPod Tax. An anonymous reader writes "Unable to define memory as a 'recording medium,' Canada's Private Copyright Collective goes directly after portable music player devices, memory cards, and anything else that can be used to make private copies. The PCC submitted a proposal to the country's Copyright Board that suggests levies of $5 (Canadian) on devices with up to 1GB of memory, $25 for 1-10 GB, $50 for 10-30 GB, and $75 for over 30 GB. If approved, this propoal would increase the price of a 30-GB iPod by 26%. These collections are intended to compensate artists and labels for the losses they suffer when people 'illegally' copy or transfer music. The PCC is also seeking a new $2 to $10 tax on memory cards. The backbone of digital photography has become tangled up in the fight for making sure music companies get every nickel and dime they feel that they deserve." [Slashdot: Your Rights Online]

Professor Michael Geist on Vista's Fine Print.

Mon, 29 Jan 2007 17:10:29 GMT

Professor Michael Geist on Vista's Fine Print. Russell McOrmond writes "With Microsoft's Vista set to hit stores tomorrow, Michael Geist's weekly Law Bytes column (Toronto Star version, homepage version) looks at the legal and technical fine print behind the operating system upgrade. The article notes that in the name of shielding consumers from computer viruses and protecting copyright owners from potential infringement, Vista seemingly wrestles control of the "user experience" from the user. If you are a Canadian and think that the owner of computers should be in control of what they own, rather than some third party (whether virus authors or the manufacturer/maker), then please sign our Petition to protect Information Technology property rights." [Slashdot]

Canadian Privacy Law Blog: Privacy podcasts

Fri, 26 Jan 2007 19:22:23 GMT

I've recently subscribed to a couple of Podcasts about privacy. There aren't many out there, but these two have been really good so far:

If you know of any good privacy podcasts, please leave the details in the comments.

Canadian bank loses data on 470,000 customers.

Tue, 23 Jan 2007 00:03:00 GMT

Canadian bank loses data on 470,000 customers. A missing backup drive may leave vital information on 470,000 Talvest Mutual Funds clients exposed. The drive disappeared in transit from a Montreal office of the mutual funds firm, a subsidiary of the Canadian Imperial Bank of Commerce (CIBC). [Computerworld Privacy News]

p2pnet.net -Identity theft in Canada

Mon, 22 Jan 2007 23:59:05 GMT

Privacy took centre stage in Canada late last week as TJX Cos., the parent company of retail giants Winners and HomeSense, disclosed that as many as two million Canadian credit cards may have been accessed by computer hackers. Less than 24 hours later, the CIBC revealed that account information for 470,000 customers had been lost when a computer file went missing while in transit between company offices.

These two incidents, which follow a steady stream of similar security breaches in the United States, highlight the fragility of sensitive, personal information that is entrusted to Canadian businesses as well as the inadequacy of current Canadian privacy legislation. Business groups have cautioned against privacy law reforms, yet as the risk of identity theft grows, the calls for change are likely to become more vocal.

Over the past two years, dozens of U.S. states have enacted security breach disclosure legislation. These laws require organizations that suffer a security breach that places personal information at risk to promptly disclose that fact to the affected individuals. By mandating notification, the laws ensure that individuals are better able to guard against identity theft by closely monitoring their credit card bills, bank accounts, and credit reports for any unusual activity.

From a business perspective, the laws create a strong incentive to protect personal information since the notification process is both expensive and embarrassing. Moreover, the laws have persuaded some organizations to rethink the amount of personal information they retain, since mounting data collection and retention increases the damaging consequences of a security breach.

As a result of these laws, there have been dozens of notifications from retailers (the TJX Cos. disclosure may well have been in response to a U.S. legal requirement), data aggregators, and educational institutions. Given the overlapping state notification laws, many U.S. privacy observers expect the U.S. Congress to soon enact a national notification requirement.

Slashdot | Slashback: Net Neutrality, Bugged Coins, and Pawns

Sun, 21 Jan 2007 05:01:50 GMT

Bugged Canadian coins. Lars T. writes in a journal article, "A recent Slashdot story asked: Bugged Canadian Coins?. Now The Globe and Mail has an update on the story -- or rather the non-story. '[A] U.S. agency that investigated the complaint found no evidence of any secret transmitters, or of any other tampering. It's not clear why this information failed to find its way into the released U.S. Defense Security Service report.' So you can all pack in your tin-foil hats -- at least that's what they want you to believe."

Information Architecture > Experts welcome call for security breach notification law

Wed, 17 Jan 2007 17:25:42 GMT

Canadian privacy law experts support a proposal that organizations be required to notify clients if their personal information has become vulnerable due to a security breach.

The proposal was initially made by the Canadian Internet Policy and Public Interest Clinic (CIPPIC) earlier this week.

CIPPIC said the federal government should have "breach notification laws" similar to those in place in more than 30 American states.

"The absence of a clear requirement for notification in the case of security breaches is a glaring gap in our existing data protection law," said Philippa Lawson, director of CIPPIC, a public advocacy group based at the University of Ottawa.

CIPPIC was among the groups that presented submissions when the Personal Information Protection and Electronic Documents Act (PIPEDA) was being drafted. "This proposal is extremely important, otherwise PIPEDA would have no teeth," according to Tim Richardson, professor of e-commerce, marketing and international business at the Seneca College and the University of Toronto. "The question now is how will the law be enforced?"

Copyright law changes could leave consumers vulnerable

Mon, 15 Jan 2007 05:21:47 GMT

Ever recorded a television show or a movie so you can watch it later? Or ripped a CD so you can listen to it on your MP3 player?

With changes to Canada's copyright laws expected as early as next month, these mundane 21st century activities could theoretically be open to prosecution -- unless the Conservative government steps in with expanded "fair use" or "fair dealing" protections for consumers.

Close observers of the file say all signs point to a new regime that will improve safeguards for major music, film and media companies and artists for unpaid use of their material, but neglect to make exemptions for personal use of copyrighted content.
'About as market interventionist as you can get'

"We're dealing with an industry minister [Maxime Bernier] that's tried to extricate government from the telecom area with a very strong deregulatory focus," said Michael Geist, the Canada Research Chair of Internet and E-commerce Law at the University of Ottawa.

"Yet the kind of copyright reform that is being contemplated is about as market interventionist as you can get."

Amendments to the Copyright Act are fraught with problems, since there are so many players with contradictory views.

Canada May Lose Copyright Fair-Use Rights.

Mon, 15 Jan 2007 05:14:14 GMT

Canada May Lose Copyright Fair-Use Rights. DotNM writes with an article from the CBC reporting that the Canadian government is considering removing fair-use rights from Canada's copyright law. From the article: "Exacerbating the situation is intense pressure from the United States, where Canada is considered a rogue when it comes to copyright and intellectual property. It still hasn't ratified a 1997 World Intellectual Property Organization copyright treaty... Two of the most controversial issues are [DRM] and the closely related technological protection measures." [Slashdot: Your Rights Online]

Canadian coins bugged, U.S. security agency says

Wed, 10 Jan 2007 19:39:10 GMT

They say money talks, and a new report suggests Canadian currency is indeed chatting, at least electronically, on behalf of shadowy spies.

Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defence.

Security experts believe the miniature devices could be used to track the movements of defence industry personnel dealing in sensitive military technology.

"You might want to know where the individual is going, what meetings the individual might be having and, above all, with whom," said David Harris, a former CSIS officer who consults on security matters.

"The more covert or clandestine the activity in which somebody might be involved, the more significant this kind of information could be."

The counter-intelligence office of the U.S. Defence Security Service cites the currency caper as an example of the methods international spies have recently tried to illicitly acquire military technology.

Bugged Canadian Coins?

Wed, 10 Jan 2007 19:31:55 GMT

Bugged Canadian Coins? tundra_man writes "CBC has an article about RFID type devices in Canadian coins found on US Contractors. From the article: 'Canadian coins containing tiny transmitters have mysteriously turned up in the pockets of at least three American contractors who visited Canada, says a branch of the U.S. Department of Defense.' The report did not indicate what kinds of coins were involved." [Slashdot: Your Rights Online]

Aetna to offer patients access to online data.

Wed, 10 Jan 2007 02:05:37 GMT

Aetna to offer patients access to online data. Aetna next month plans to begin rolling out the Aetna Care Engine Powered Personal Health Record to its members, giving them online access to their health records. [Computerworld Privacy News]

Proposed PASS Card Lacks Strong Privacy, Security Protections.

Mon, 08 Jan 2007 18:35:05 GMT

Proposed PASS Card Lacks Strong Privacy, Security Protections. A proposed ID card that could be used in place of a passport by Americans who make frequent trips to Canada, Mexico and the Caribbean lacks adequate privacy protections and needs to be rethought. In comments submitted to the State Department on Sunday, CDT highlighted concerns with the proposed PASS (People Access Security Service) Card, which would use non-secure radio frequency identification (RFID) technology to transmit information about citizens crossing borders. In the comments, CDT urges the State and Homeland Security Departments to reconsider whether the PASS Card program is really necessary; and if they do move forward to use a technology that will allow for better privacy and security safeguards. [Center for Democracy and Technology]

Computers, Freedom and Privacy - Montreal, May 1-4 2007

Thu, 28 Dec 2006 23:41:06 GMT

Come to CFP2007 in Montreal, May 1-4 2007. There's a lot at stake.

Computers, Freedom and Privacy 2007 - Call For Proposals

Thu, 28 Dec 2006 23:37:58 GMT

Call For Proposals - The deadline for proposals is January 20, 2006

The Program Committee of the Seventeenth Conference on Computers, Freedom, and Privacy (CFP2007) seeks your proposals for innovative conference sessions and speakers.

Web browsing behind closed doors.

Wed, 29 Nov 2006 19:13:23 GMT

Web browsing behind closed doors.

Psiphon bypasses government censors

Canadian developers will next month release a tool to bypass government-enforced restrictions on web browsing in countries like China, Syria and Iran.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Slashdot | The Great Firewall of Canada

Sat, 25 Nov 2006 01:30:37 GMT

engtech writes "Canadian carriers Bell Aliant, Bell Canada, MTS Allstream, Rogers, SaskTel, Shaw, TELUS, and Videotron have all opted in to a blacklist, dubbed Project Cleanfeed Canada, provided by Cybertip.ca, the Canadian tip-line against child exploitation. The idea of having a national blacklist sends shivers down my spine. I'm a pessimist, I believe that any form of censorship will eventually be abused despite it's good intentions." --- Besides engtech's post on the subject, Dr. Michael Geist has some considered comments about this issue. From that post: "Critics are quick to draw parallels to Internet censorship in countries such as China. However, those countries involve state-based content blocking, with no transparency or legal recourse. In fact, several democracies -- most notably Australia -- have established limited blocking rules, while British Telecom, the UK's largest ISP, voluntarily blocks child pornography as part of its CleanFeed program. Even with various legal safeguards, many Canadians would undoubtedly find the blocking of any content distasteful. Yet to do nothing is to leave in place an equally unpalatable outcome that silences those would speak out against unlawful hate speech for fear of personal harm."

globeandmail.com: Big Brother's watching Canadians ... and they don't like it

Wed, 15 Nov 2006 05:25:53 GMT

Almost half of Canadians find anti-terrorism laws in the post-9/11 world intrusive, according to a new international Queen's University survey.

Americans were even more concerned than Canadians about these new national security laws, with 57 per cent saying they were invading their privacy.

The Queen's survey, published Monday, is believed to be the largest of its kind. It explores the attitudes of 9,000 people from eight different countries on topics ranging from consumer surveillance, racial profiling at airports, workplace privacy, to trust in government. It found a wide-range of cultural commonalities and differences between the countries chosen - Canada, the U.S., China, France, Spain, Hungary, Mexico and Brazil.

In general, those living in the U.S. and Canada tend to be more protective of their personal information than citizens of other countries.

Canada's privacy chief hails Microsoft's Seven Laws of Identity.

Thu, 26 Oct 2006 23:47:47 GMT

Canada's privacy chief hails Microsoft's Seven Laws of Identity.

On surviving the identity Big Bang

The Information and Privacy Commissioner of Ontario has published a plan for automated internet privacy that is backed by Microsoft. Dr Ann Cavoukian has called for programmers to embed privacy capabilities in software.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Slashdot | Quebec Bans Electronic Voting

Wed, 25 Oct 2006 19:39:16 GMT

gfilion writes "The Chief Electoral Officer of QuÃ©bec tabled an evaluation report that makes a troubling diagnosis of the problems that occurred during the municipal elections of November 6, 2005, in some of the 162 QuÃ©bec municipalities that used electronic voting. He says: "Not only did the systems fail, but the corrective measure proposed were insufficient, poorly adapted and often came too late." There was a moratorium on electronic voting prior to the November 6 election, it will be extented for future elections."

Canadian Privacy Law Blog: Ontario Commissioner unveils plan for privacy-embedded Internet identity

Wed, 25 Oct 2006 02:40:48 GMT

Additional Resources:

7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age

Kim Cameron's Identity Weblog

The LAWS OF IDENTITY The key to this site: an introduction to Digital Identity - the missing layer of the Internet.

The IDENTITY METASYSTEM A proposal for building an identity layer for the Internet

7 Laws for Privacy-Embedded Internet Identity.

Wed, 25 Oct 2006 02:38:47 GMT

7 Laws for Privacy-Embedded Internet Identity.

Ann Cavoukian, the Information and Privacy Commissioner of Ontario, has released a whitepaper augmenting Kim Cameron's seven laws of identity with privacy protections: 7 Laws of Identity: The Case for Privacy-Embedded Laws of Identity in the Digital Age (PDF). I'm busy travelling, so I can't print and read the entire document right now, but here are excerpts form the commission's press release:

The next generation of intelligent and interactive web services ("Web 2.0") will require more, not fewer, verifiable identity credentials, and much greater mutual trust to succeed.

Identity systems that are consistent with the Privacy-Embedded Laws of Identity will help consumers verify the identity of legitimate organizations before they decide to continue with an online transaction.

These Privacy-Embedded Laws offer individuals:

easier and more direct user control over their personal information when online;
enhanced user ability to minimize the amount of identifying data revealed online;
enhanced user ability to minimize the linkage between different identities and actions;
enhanced user ability to detect fraudulent messages and websites, thereby minimizing the incidence of phishing and pharming.

Corresponding Privacy-Embedded Principles

Take, for example, Law #1, Personal Control and Consent, which emphasizes that individuals should be in full local control of their own identity information, and exercise informed consent over how their identity information is collected and used by others. One privacy benefit of applying this principle is that identity credentials could be stored locally and securely on a user's own computer rather than in a centralized online database.

Another example: Law #2, Minimal Disclosure for Limited Use: Data Minimization, speaks to building technical identity systems that minimize the amount of identity information used and disclosed in a given online transaction. In the privacy world, a cardinal rule is that the identification provided should be proportional to the sensitivity of the transaction and its purpose. Why should a credit card number ever be used to verify one's age? Put another way, why isn't there a credential that allows people to prove they're over 65 without revealing all of their other identity information? If someone can prove she is a bona fide university student to gain preferential access to online resources at other educational institutions, then why is her name needed? These privacy-enhanced solutions are all possible under the Privacy-Embedded Laws of Identity.

"We call upon software developers, the privacy community and public policymakers to consider the Privacy-Embedded Laws of Identity closely, to discuss them publicly, and take them to heart," Dr. Cavoukian declared. "In joining with us to promote privacy-enhanced identity solutions at a critical time in the development of the Internet and e-commerce, both privacy and identity/security will more likely be strongly protected."

[via Canadian Privacy Law Blog]

Posted in Privacy, michaelzimmer.org]

Calling Sony BMG's Bluff; Canadian Rootkit Settlement Improved.

Tue, 26 Sep 2006 12:15:31 GMT

Calling Sony BMG's Bluff; Canadian Rootkit Settlement Improved.

Thanks to the quick action of the Canadian Internet Policy and Public Interest Clinic, Canadian consumers are getting a better deal from Sony BMG.

As EFF and others reported, the proposed Canadian Sony BMG rootkit settlement lacks several important consumer protection provisions (e.g. disclosure and testing requirements) that were included in the U.S. settlement. On Monday, CIPPIC filed an objection to the proposed settlement, challenging this glaring omission and the woefully inadequate and misleading "explanation" that Sony BMG offered for it. EFF submitted an affidavit in support of the objection, setting the record straight on the context and details of the U.S. settlement.

Taking note of the objection at a hearing on the settlement last week, the Canadian court required Sony BMG to give effective prior notice to Class Counsel and CIPPIC if it decides to use any DRM in Canada that has not already been independently vetted for security problems, as required by the U.S. Settlement. Thus, CIPPIC will be able to intervene to protect Canadians from becoming guinea pigs for DRM.

What's more, the settlement is not the end of Sony BMG's legal woes in Canada: it may now face investigations from Canadian regulators as well.

One of Sony BMG's lame excuses for the absence of stronger consumer protections in the Canadian settlement was that it only agreed to those provisions in the U.S. in response to pressure from U.S. government entities. Since the Canadian government wasn't leaning on Sony BMG as well, the label figured it didn't have to do the right thing.

Sony BMG's effort to rewrite history backfired. Taking up Sony BMG's implicit dare, CIPPIC filed complaints with five government agencies, calling for investigations into Sony BMG's conduct.

Now it's time for Canadian regulators to pick up where the civil litigators left off, and make sure Canadian customers--and their computers--get the protection they deserve.

[EFF: Deep Links]

Canadian Tortured; Gonzales Passes Buck.

Mon, 25 Sep 2006 03:26:15 GMT

Canadian Tortured; Gonzales Passes Buck.

In 2002, Canadian citizen Maher Arar was flying through JFK airport on his way to Canada for a business trip, when he was detained by U.S. immigration officials based on faulty information in their database submitted by the Royal Canadian Mounted Police. Arar was interrogated for 12 days by FBI officials and then deported, against his will, via Jordan, to Syria, where he was held for 10 1/2 months in a cell measuring 3 feet by 6 feet by 7 feet and tortured with steel cables, according to a Canadian inquiry. Arar was never a suspect or a target in any terrorist investigation.

Arar's lawsuit against the U.S. government was thrown out on technical grounds (.pdf) in 2005, and yesterday, Attorney General Alberto Gonzales had this to say about the Justice Department's role in the case:

We were not responsible for his removal to Syria, I'm not aware that he was tortured, and I haven't read the Commission report. Mr. Arar was deported under our immigration laws. He was initially detained because his name appeared on terrorist lists, and he was deported according to our laws.

Some people have characterized his removal as a rendition. That is not what happened here. It was a deportation. And even if it were a rendition, we understand as a government what our obligations are with respect to anyone who is rendered by this government to another country, and that is that we seek to satisfy ourselves that they will not be tortured. And we do that in every case. And if in fact he had been rendered to Syria, we would have sought those same kind of assurances, as we do in every case.

Gonzales is incorrect that the DOJ wasn't responsible, since at the time the Immigration and Naturalization Service was still a part of the DOJ. More here in today's New York Times.

Arar wants an apology from the U.S. government, but the AG can't even be bothered to read the report from the two-year long inquiry, which the U.S. declined to participate in.

I meant to blog this a couple of days ago after reading through most of the 376 page report from the Canadian Commission of Inquiry and 2005 U.S. District Court decision that dismissed Arar's case against the U.S. government, but couldn't because it was just too disturbing.

I assume that the U.S. government doesn't want to apologize for sending Arar off to be tortured, given the ongoing debate in Congress over whether the CIA gets legal cover to torture people.

Here's what the inquiry had to say:

The American authorities who handled Mr. ArarÂ¿s case treated Mr. Arar in a most regrettable fashion. They removed him to Syria against his wishes and in the face of his statements that he would be tortured if sent there. Moreover, they dealt with Canadian officials involved with Mr. ArarÂ¿s case in a less than forthcoming manner. They were not candid, either with the RCMP officers with whom they had been working jointly on the investigation that involved Mr. Arar, or with Canadian consular officials seeking to assist Mr. Arar, about their intentions or about the process that led to Mr. ArarÂ¿s removal.

Canada should formally register an objection about both what happened to Mr. Arar and how American officials treated Canadian officials. The fact of objecting is more symbolic than anything else. Unquestionably, Canada should continue to co-operate fully with American authorities in the global fight against terror. Co-operation between the two countries is vitally important. However, Canada is entitled to expect that American authorities will treat Canada and Canadian citizens in a way that is consistent with our co-operative efforts. That did not happen in the case of Mr. Arar.

With regard to Mr. ArarÂ¿s detention in the United States, I note that, under the Vienna Convention on Consular Relations, a contracting state has an obligation to inform a foreign national of his or her right to contact consular officials and to facilitate such contact without delay. On October 3, 2002, Mr. Arar told Canadian consul Maureen Girvan that, while in custody at John F. Kennedy International Airport in New York, he had asked to see someone from the Canadian Consulate. American officials failed to contact the Consulate General in New York and Mr. Arar was held in U.S. custody for four days without access to a lawyer or his family. Essentially, no one knew where he was.

Breaches to the Vienna Convention should not be allowed to pass without objection. At one point, Canadian officials considered sending a diplomatic note to the United States in regard to its failure to provide Canadian consular officials with timely notification of Mr. ArarÂ¿s detention. In my view, such a course of action is appropriate under the circumstances.

Moreover, the RCMP should inform American authorities with whom it shared information about Mr. Arar that all such information was or should have been subject to caveats restricting its dissemination to other agencies as well as its use, particularly in legal proceedings such as the immigration proceedings held with respect to Mr. Arar during his time in New York. In addition, the RCMP should correct any inaccurate information about Mr. Arar that was provided to American agencies. Mr. Arar, for one, has serious concerns about what will happen to him should he find himself in the United States again. He told the independent fact-finder that he fears flying even within Canada because of the possibility that a flight will be diverted to an American airport. We have no way of knowing what information American officials have concerning Mr. Arar, but Canada has an obligation to correct any inaccurate information about him that it may have provided to American authorities. It is important that the record be set straight. In this report, I discuss at length the problems that can arise from providing inaccurate information and from sharing information without caveats. That discussion need not be repeated here. However, I repeat that inaccuracies should be corrected and caveats attached.

With regard to Syria, I conclude that the Syrian authorities tortured Mr. Arar when interrogating him and held him in inhumane and degrading conditions for about a year. Moreover, I conclude that they misled Canadian officials about Mr. ArarÂ¿s presence in Syria after he first arrived there. If Canada has not already done so, it should send a formal objection to the Syrians.

The Canadian and U.S. governments should be deeply ashamed of themselves. It's no surprise that Syria tortured Arar, and it certainly wouldn't have been a surprise to the U.S. officials who sent him there, even if they did get the ass-covering letter from Syria promising to treat Arar well.

Will our government have the courage to stand up, admit they screwed up and defend democratic values?

A call to the Justice Department to ask that was not immediately returned.

It's an election year, so probably not.

But somebody needs to tell this Administration that we're supposed to be the good guys, dammit.

[27B Stroke 6]

Canadian Sony Rootkit Settlement Misses the Mark.

Thu, 14 Sep 2006 17:05:12 GMT

Canadian Sony Rootkit Settlement Misses the Mark.

Almost a year after the Sony BMG rootkit debacle began, Sony BMG has finally settled with its Canadian customers. Much of the settlement, particularly the compensation customers will receive, mirrors the provisions of the U.S. agreement approved last May. But the Canadian settlement is missing some crucial commitments regarding Sony BMG's future conduct.
Details after the jump:

[EFF: Deep Links]

The Death of Privacy ( cio insight )

Tue, 12 Sep 2006 17:18:47 GMT

In privacy circles, a mostly forgotten incident from the end of the dot-com euphoria aptly illustrates the lack of regard most companies have toward protecting personal data, even if they make a point of promising to do so.

The episode occurred in mid-2000, when Toysmart.com Inc., a Web-based retailer, went out of business. Among the assets the company put on the block during bankruptcy proceedings was one that caught the eye of regulators at the Federal Trade Commission: the names, e-mail and mailing addresses, and shopping histories of 250,000 Toysmart customers. Toysmart was offering these records to the highest bidder, despite an online privacy policy that explicitly stated the company would never share customer data with any third party.

With the Web surging with an enormous amount of commercial activity and sensitive information, the FTC had recently beefed up its Internet consumer-protection efforts. Commission regulators decided that Toysmart's blatant disdain for its own privacy oath was just too contemptuous to be ignored. Backed by 44 state attorneys general, the FTC sued to block the Toysmart data auction, arguing that it constituted a "deceptive practice." In early 2001, an agreement was forged under which Toysmart investor, the Walt Disney Co., would buy the company's customer data for $50,000 and then promptly destroy it.

"The Toysmart case and others like it--among them Living.com and CraftShop .com--proves what some of us have suspected all along: Many companies don't really believe privacy is something to protect when there's money to be made from confidential data, or when safeguarding sensitive data gets in the way of making money," says Luis Salazar, an attorney in the privacy practice group at Miami-based law firm Greenberg Traurig LLP. Last year, at the request of Senator Patrick Leahy (D- Vt.), Salazar authored a provision for a new bankruptcy law that makes it illegal for insolvent companies to sell personally identifiable information if their privacy policies forbade such activities.

The general disinterest in doing little more than the bare minimum to shield consumer privacy extends well beyond companies that are closing up shop. The Canadian Internet Policy and Public Interest Clinic, at the University of Ottawa, recently conducted an in-depth study of 64 major online sites, including those of Amazon.com Inc., Citigroup Inc., Staples Inc., Best Buy Co. Inc. and eBay Inc. The study found that, in general, an alarming number of Web-based operations are sloppy, if not downright negligent, when it comes to privacy practices. According to the CIPPIC report, released in April, "While almost all companies we assessed had a privacy policy and were thus aware of the need to respect customer privacy, many failed to fulfill even basic statutory requirements such as providing contact information for their privacy officers, clearly stating what they do with consumers' personal information and responding to access-to-information requests."

Michael Geist - 30 Days of DRM

Mon, 28 Aug 2006 01:39:40 GMT

The 30 Days of DRM highlights some of the exceptions and limitations that the government should include if a Canadian DMCA is introduced. Contribute to the discussion through the 30 Days of DRM Wiki.

30 Days of DRM.

Mon, 28 Aug 2006 01:36:53 GMT

30 Days of DRM. sonofollson writes "Michael Geist, a Canadian law professor, in the middle of a 30 Days of DRM project, which is targeting the planned introduction of the DMCA in Canada. Each day, the project identifies an exception or limitation that is needed to address the danger of anti-circumvention legislation. Issues covered so far include interoperability, privacy, region coding, and reverse engineering. The project is also supporting a wiki version for broader participation." [Slashdot: Your Rights Online]

CNW Group - Privacy Commissioner launches investigation of SWIFT

Tue, 22 Aug 2006 15:14:29 GMT

OTTAWA, Aug. 14 /CNW Telbec/ - The Privacy Commissioner of Canada,
Jennifer Stoddart, has officially launched an investigation of the Society for
Worldwide Interbank Financial Telecommunication (SWIFT), a European-based
financial cooperative that supplies messaging services and interface software
to a large number of financial institutions in more than 200 countries,
including Canada, to determine whether personal information relating to
Canadians' financial transactions is being improperly disclosed by SWIFT to
foreign authorities. The Commissioner has notified SWIFT of her intention to
launch an investigation into the matter.

"The risks resulting from personal information flowing across borders is
something that we have been expressing concerns about for some time. The SWIFT
situation concerns privacy commissioners world wide and is something we need
to examine in more detail," said Ms. Stoddart. "Although there are times when
we are unable to lawfully investigate a complaint about something taking place
outside Canada with Canadians' personal information, we have determined that
we are, in fact, in a position to investigate this important matter."

Keeping your identity on a short leash - Canada

Fri, 18 Aug 2006 17:15:54 GMT

Terry Cutler is a Canadian-based support engineer with Novell and a certified Ethical Hacker, and wants to get the news out to people on how they can and should protect their information and their identities from the many pitfalls of the Internet age. The following is a guide that he has provided to canada.com in order to inform our readers.

A new illegal enterprise is preying on our citizens, attracting the likes of criminals, gangs and illicit organizations. Crooks hack into company computers to steal the private information -- and sometimes the full identities -- of their customers.

And the fact is, many companies who have been hacked fail to inform their customers about what has -- or might have -- happened to such private information, and there is no law that forces them to do so. (Ed. This was written from a Canadian point of view and not the US)

globeandmail.com : Big Brother wants you, privacy advocates warn

Sun, 13 Aug 2006 20:48:31 GMT

OTTAWA -- Privacy advocates are raising fears that the country's Internet service providers are turning into Big Brother watching every move you make online.

Bell Sympatico, Telus, Bell Aliant, Primus and Rogers all have clauses in their customer service agreements warning customers that they could be monitored at any time.

Bell Sympatico set off controversy in June when it changed its service agreement to allow monitoring, but University of Ottawa professor Wade Deisman said the industry has been monitoring customers for several years.

Lawyer Lawrence Greenspon, an outspoken advocate of privacy rights, said the language in each Internet provider's agreement is too broad, suggesting that they are monitoring customers' activities.

"Given that it appears (this clause) is in all of these agreements, there should be a huge concern for all Canadians," Mr. Greenspon said. "This is an outrageous violation of individual rights."

In its agreement, Bell Sympatico warns customers that it intends to "monitor or investigate content or your use of your service provider's networks and to disclose any information necessary to satisfy any laws, regulations or other governmental request."

The other service providers use similar - or even stronger - language.

Senate ratifies Cybercrime treaty.

Mon, 07 Aug 2006 23:47:41 GMT

Senate ratifies Cybercrime treaty.

'Symbolic gesture'

The US Senate ratified the Convention on Cybercrime on Thursday, the first international treaty on computer-related crime and the gathering of electronic evidence.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Emily of the State, your friendly Internet surveillance avatar.

Fri, 21 Jul 2006 05:18:58 GMT

Emily of the State, your friendly Internet surveillance avatar.

The Canadian comedy troupe Cynically Tested has posted an Internet short on YouTube featuring [base "]Emily of the State,[per thou] a satirical look at how ISPs could enable government surveillance of one[base ']s online activities through a [base "]helpful[per thou] avatar, Emily: YouTube - Emily of the State - Internet Spying Short

[via Canadian Privacy Law Blog]

[michaelzimmer.org]

Employers spying on Canadian workers, study suggests - Yahoo! Canada News

Mon, 10 Jul 2006 14:56:54 GMT

Canadian employers in a wide range of industries conduct surveillance of employees at work, suggests a report to be released on Monday.

Produced by Toronto's Ryerson University, the study called "Under the Radar" asked Canadian businesses about surveillance of their employees.

Employers view closed-circuit television cameras, listen to recorded phone calls, monitor e-mails and scan magnetic information from security passes, said lead author Avner Levin.

Levin, a law professor at the university, said he isn't surprised at the methods, but was taken aback by employers' attitudes toward employee privacy.

"Nobody said this is a problem, or even something they have to deal with in a proactive way. It's just simply under the radar," said Levin.

Human resources executives responsible for workplace privacy often have little knowledge of the potential intrusiveness of technologies at work in their own companies, he said.

They rarely know what information is being collected by colleagues running company computer systems, he said

Editor: Sorry about the big ads that were in this entry. Yahoo snuck them past me. They should be gone now.

TheStar.com - Bell clause creates problems for privacy

Thu, 06 Jul 2006 16:36:55 GMT

Canadian Internet users were abuzz last week with reports that Bell Sympatico, Canada's largest Internet service provider, had opened the door to increased customer surveillance through changes to its user agreement.

While Bell denied the amendments were linked to the so-called "lawful access" initiative that may require ISPs to install new surveillance technologies, the furore associated with the story highlights Canadians' mounting concern with their online privacy.

The Bell clause, which took effect June 15, advised subscribers that the company retains the right to "monitor or investigate content or your use of your service provider's networks and to disclose any information necessary to satisfy any laws, regulations or other governmental request." Few doubt that ISPs already monitor network usage and will disclose subscriber information, including usage habits, if required to do so under a court order. The new clause raised fears, however, that Bell was extending that scrutiny to the active monitoring of user content as well as escalating its willingness to disclose subscriber information without prior judicial oversight.

A widely circulated Canadian Press story (which featured several of my comments) noted that the Conservative government is expected to reintroduce lawful access legislation this fall and speculated that the change might have been in anticipation of that statutory reform.

The Fourth of July, 2006 is Privacy Digest's 7th Anniversary

Mon, 03 Jul 2006 16:14:11 GMT

Tomorrow, The Fourth of July 2006, Privacy Digest will have been publishing as this domain for seven years. We were actually around a bit longer as part of another blog. But on July 4, 1999, I decided that the issue was important enough to warrant it's own dedicated domain.

If you would like to help out my Amazon wishlist has a few things I need. More ideas on ways to support us can be found here.

Poll says Canadians want personal information treated more responsibly

Mon, 03 Jul 2006 13:50:30 GMT

Ottawa, June 30, 2006 -Canadians want the government and businesses to take their responsibility for safeguarding personal information more seriously, according to the Privacy Commissioner of Canada, Jennifer Stoddart, who released today the findings from a poll commissioned by her Office. The study reveals that most Canadians believe that neither the government nor businesses take their responsibility to protect their personal information very seriously. Only 14 per cent of Canadians believe that the federal government takes its responsibility to protect personal information very seriously and only 11 per cent are confident that businesses take this responsibility very seriously.

"The current government has pledged to make accountability a trademark of government operations, and I can't think of a better way to demonstrate this principle, than by holding it to account for the way in which it treats the personal information," says Privacy Commissioner Jennifer Stoddart. "Establishing sound privacy management frameworks would help organizations protect individuals' personal information by identifying the inherent privacy risks, and how best to mitigate those risks."

In March 2006, The Office commissioned a public opinion study by EKOS Research Associates to revisit benchmarks from the previous year and to better meet Canadians public awareness needs about privacy.

While Canadians do not consider privacy on par with priorities such as healthcare and education, they place updating privacy laws on similar footing to issues such as ethics and accountability, public security and taxation. In fact, according to the study, close to 90 per cent take it as a given that the rapid pace of technological innovation means that existing privacy legislation needs to be updated regularly and virtually no one believes there is little need to modernize the law. These findings support the Commissioner's calls for reform of the Privacy Act, which covers the personal information handling practices of federal departments and agencies. The Privacy Act is a first generation privacy law that has not been substantially amended since its inception in 1983. On June 5, 2006 the Commissioner tabled her proposals for reform of the Act with the House of Commons Standing Committee on Access to Information, Privacy and Ethics.

"The Privacy Act is an often inadequate public sector data protection law that is woefully out of date," says Ms. Stoddart. "Since my appointment, I have been urging the Government of Canada to reform the Privacy Act. My recommendations to Parliament call for strengthening the Act to address critical issues such as the transborder data flow of personal information."

Canadian ISP's 'monitoring' cause for concern.

Mon, 03 Jul 2006 13:46:51 GMT

Canadian ISP's 'monitoring' cause for concern. A statement by a major Canadian Internet service provider that it will be monitoring customers' cyber activities for possible reporting to government agencies has sparked concern among privacy advocates. [Computerworld Privacy News]

globeandmail.com : Quebec to beef up privacy law to hamper U.S. surveillance

Tue, 06 Jun 2006 14:23:17 GMT

MONTREAL -- Quebec plans to follow the lead of several other provinces in attempting to protect its residents from the eyes of the U.S. government.

Quebec's 12-year-old law governing the release of personal information by private businesses is to be enhanced, partly in reaction to the USA Patriot Act enacted to give broader FBI access to records held by U.S. firms.

The proposals, which are expected to be passed this month, would require public bodies and private companies to ensure the information they send outside the province is as secure as it is in Quebec, said Richard Parent, a government official.

"You will have to ask the question with each contract: 'Will there be a violation of privacy and should there be a transmission of that information?' " he said in an interview.

Companies would face increased fines -- although the amount has not yet been made public -- and would have to disclose publicly if a breach occurs. Individuals could also ask Quebec's information commissioner to investigate suspected breaches of the law.

Quebec's legal change comes in the wake of reports that the U.S. National Security Agency co-opted telecommunications companies to track millions of phone calls and store them in what may be the largest database in the world.

It has left many Canadians concerned about how their personal information would be used by Americans. For example, could it affect their ability to enter the United States or obtain health insurance, or could they be added to no-fly-lists?

Nobody knows, in part because the Patriot Act -- passed following the Sept. 11, 2001, terrorist attacks -- expressly prevents companies from disclosing whether they have passed along the information

Slashdot | Canadian Domain Registry Pulls Plug on Free Speech

Sat, 03 Jun 2006 19:34:11 GMT

An anonymous reader writes "The staff of a Canadian political candidate bragged today that he had managed to shut down a website critical of his involvement in a fundraising scandal, by having the country's registrar of domains pull the DNS records for the site. Criticism from bloggers and free speech advocates has been negative, and is coming from across the political spectrum."

Privacy commissioner promises more robust rights protection

Sat, 03 Jun 2006 19:19:39 GMT

OTTAWA - The federal privacy commissioner plans to adopt aggressive new tactics to help Canadians who are being attacked on all sides by organizations and businesses that collect and even abuse their personal information, says the commissioner's annual report presented to Parliament on Tuesday.

''We're concerned that technology is outstripping our ability to apply fundamental privacy principles to it,'' Jennifer Stoddart said in an interview.

To deal with the onslaught of privacy threats, the commission plans to take organizations to federal court if they abuse privacy rights of Canadians and refuse to comply with privacy law, said Stoddart.

''We're ratcheting up a bit our level of expectations and our commitment to having them enforced,'' she said.

Her report says Canadians feel threatened by possible misuse of their personal information and the commissioner's office needs more power to handle emerging privacy threats.

Canada, Australia Angle to Get into Do-Not-Call Act.

Sat, 03 Jun 2006 02:05:30 GMT

Canada, Australia Angle to Get into Do-Not-Call Act. After watching the Federal Trade Commission in America tout the success of the National Do-Not-Call Registry over the past several years, with most recent FTC estimates indicating that over 120 million phone numbers appear on the U.S. list, Australia has joined Canada among countries seeking to emulate the United States'[not equal] approach to staunching unwanted phone calls. Presently, the webpage of the Canadian Radio-television and Telecommunications Commission ([not equal]'CRTC[not equal]') shows the agency to be at the tail end of a public comment period on a proposed national do-not-call list. According to one source, the Canadian list is expected to be operational approximately a year from now. Among other provisions, the proposed rules would impose fines of up to $1,500 for individuals and $15,000 for companies that fail to honor a do-not-call registration. As with the U.S. registry, Canadian law allows exemptions for charities, surveys, and political calls, as well as calls made to a recipient with which the caller has an [not equal]'established business relationship.[not equal]' [Privacy and Security Law Blog]

Religious excuse for opposing ID cards.

Wed, 31 May 2006 16:01:51 GMT

Religious excuse for opposing ID cards.

Become a Hutterite

A court in Canada has excused Hutterites from carrying photo driving licenses because the religious group believes the Bible prohibits them from having their picture taken.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

Online Rights Canada Launches Action Center.

Mon, 15 May 2006 15:31:45 GMT

Online Rights Canada Launches Action Center.

Last year, Online Rights Canada (ORC) launched with the joint support of EFF and the Canadian Internet Policy & Public Interest Clinic (CIPPIC). ORC represents the public interest in critical technology and information policy issues. If you live in Canada, now you can make your voice heard through ORC's brand new Action Center. Even if you don't, spread the word to your friends up north.

[EFF: Deep Links]

Investment Executive - Canadian small business owners concerned about changes to the Bank Act

Fri, 28 Apr 2006 16:13:00 GMT

Seventy-six percent of small business owners say that existing measures to protect consumers should be kept in place due to privacy of their personal information and sales pressure concerns, according to a POLLARA Inc. survey released by Advocis.

The finding suggests that small business owners believe that the privacy of their health and medical history is more important than having greater access to information about life and health insurance services provided by banks.

Currently, the Bank Act prohibits banks from marketing or selling life or health insurance in their branches due to concerns about consumer privacy and tied selling. Recent proposals from the banks would jeopardize these protections. Publicly the banks say they merely want to inform consumers.

"The issue isn't brochures," says Gary McLeod, Advocis' chairman. "The issue is fundamentally about privacy and whether intimate personal information should be traded, shared or used to get more business. What the banks are calling for is more access to personal information to market more of their products.

"Concerns about privacy require that banking and personal information always be kept separate and apart," adds McLeod. "To allow banking and health and medical information to come together -- under any circumstances -- is an intolerable threat to consumer privacy."

Top Canadian Artists Oppose DRM, Suing Fans.

Thu, 27 Apr 2006 14:06:01 GMT

Top Canadian Artists Oppose DRM, Suing Fans.

Remember when all of those Canadian record labels recently walked out on CRIA, the Canadian equivalent of the RIAA? Well, a bunch of them just launched a new coalition for Canadian musicians called the "Canadian Music Creators Coaltion," and their founding principles are pretty rad:

1. Suing Our Fans is Destructive and Hypocritical
2. Digital Locks are Risky and Counterproductive
3. Cultural Policy Should Support Actual Canadian Artists

This remarkably reasonable and consumer-friendly stance is backed by some big artists, too. For example: Barenaked Ladies, Avril Lavigne, Sarah McLachlan, Chantal Kreviazuk, Sum 41, Stars, Raine Maida (Our Lady Peace), Dave Bidini (Rheostatics), Billy Talent, John K. Samson (Weakerthans), Broken Social Scene, Sloan, Andrew Cash and Bob Wiseman (Co-founder Blue Rodeo).

[EFF: Deep Links]

Data privacy breach affects FHA

Mon, 17 Apr 2006 14:52:18 GMT

Fraser Health Authority (FHA) employees have been warned that some of them who used an ultra-confidential counselling service may have had their privacy breached as a result of a theft of a computer.

The computer with a disk inside it went missing in March from the Vancouver office of the Employee and Family Assistance Program (EFAP) run by the Vancouver Coastal Health Authority.

The disk contained the names, birth dates, contact information and referral reasons for thousands of Lower Mainland health workers who sought help for intensely personal problems.

London Free Press - Business Monday - Surveillance tapes can be used in court

Mon, 17 Apr 2006 13:50:03 GMT

TORONTO -- It's official: the federal privacy law does not prevent insurance companies or others from using surveillance videotape against opponents in court. A recent ruling by the Office of the Privacy Commissioner of Canada clarified that restrictions under the Personal Information Protection and Electronic Documents Act -- PIPEDA to the lawyers who work with it -- "do not prevent a litigant from conducting relevant surveillance on an opposing party in a lawsuit," says law firm Ogilvy Renault.

Q & A With Canada's Michael Geist.

Sat, 25 Mar 2006 18:46:05 GMT

Q & A With Canada's Michael Geist. Torrentz writes "P2PNet is running a question and answer session with Canada's Michael Geist, a leading Internet and copyright expert. Geist discusses P2P, the music business, and the future direction of copyright law." From the interview: "My focus has traditionally been on Internet issues and I'm very active on privacy, spam, Internet governance issues. The growing attention to copyright merely reflects its critical importance to the Internet and to creativity and culture more generally." [Slashdot: Your Rights Online]

Michael Geist - CRIA's Own Study Counters P2P Claims

Sat, 18 Mar 2006 18:26:01 GMT

While CRIA regularly trumpets commissioned studies as evidence for the problems posed by P2P, this week it released a major study without any fanfare whatsoever. Conducted by Pollara last month, the study serves as part of CRIA's submission to the CRTC's Commercial Radio Review. What makes this particular study interesting (aside from the fact that it finally includes full details on responses and the actual questions posed), is that much of the data challenges many familiar CRIA claims.

Canadian Record Industry Disputes Own P2P Claims.

Sat, 18 Mar 2006 18:22:18 GMT

Canadian Record Industry Disputes Own P2P Claims. CRIAWatch writes "The Canadian Recording Industry Association has quietly issued a new study that contradicts many of its own claims about the impact of P2P usage on the music industry. Michael Geist summarizes the 144 page study by noting that the research 'concludes that P2P downloading constitutes less than one-third of the music on downloaders' computers, that P2P users frequently try music on P2P services before they buy, that the largest P2P downloader demographic is also the largest music buying demographic, and that reduced purchasing has little to do with the availability of music on P2P services.'" [Slashdot]

CBC News: Toronto 'hactivists' benefit from grant for internet censorship work

Wed, 08 Feb 2006 02:29:09 GMT

A University of Toronto group of "hactivists" will benefit from a $3-million US grant given to an international project that fights internet censorship.

The Citizen Lab, comprising staff and students at the university's Munk Centre for International Studies, as well as Harvard Law School, and Cambridge and Oxford universities are involved in the OpenNet Initiative.

Citizen Lab monitors the internet to see what information is being blocked, where and by whom.

"States are becoming very adept at filtering communications traffic," said Prof. Ron Deibert, director of Citizen Lab and one of the OpenNet Initiative's principal investigators.

Deibert says governments in countries such as China, Vietnam and Iran block all kinds of internet sites.

Canadian music giant funds battle against RIAA.

Mon, 30 Jan 2006 01:37:50 GMT

Canadian music giant funds battle against RIAA.

Lawsuits should be shield not sword

Canada's biggest record label, publisher and management company is helping out a family sued by the Recording Industry Ass. Of America for copyright infringement.

[The Register - Internet and Law: Digital Rights/Digital Wrongs]

World Economic Forum - Broadcasting, Podcasting, Webcasting and Blogging at the World Economic Forum Annual Meeting 2006 in Davos

Thu, 05 Jan 2006 01:59:10 GMT

The World Economic Forum announced ambitious plans today to share the proceedings of the World Economic Forum Annual Meeting 2006 in Davos with as wide a public as possible. Held under the theme of The Creative Imperative, the Meeting will again be broadcast, webcast and, for the first time this year, many sessions will also be "podcast". Additionally, all participants will be asked to take part in the Forum's blog.

* Every participant of the Annual Meeting - ranging from business leaders to political leaders, heads of NGOs, religious leaders academics and journalists - will be asked to join the Forum blog. The World Economic Forum was the first international organization to set up a blog at the Annual Meeting in January 2005 and the upcoming Annual Meeting will see a significant development in the experiment. All of the more than 2,000 participants, including presidents and prime ministers, will be asked to provide at least one posting for the blog. www.forumblog.org

* For the first time at the Meeting, which will take place from 25-29 January, the Forum will also provide podcasts of a dozen of the key sessions. The podcasts or audio-blogs will be available for downloading from the following site: www.weforum.org/annualmeeting/podcasts

* The Forum will once again webcast nearly 40 of the main sessions from the Annual Meeting. Twenty-five of the sessions will be webcast live and a further 17 will be available once the session is over. An additional eight sessions from the Open Forum will also be webcast. The World Economic Forum has been webcasting from Davos since 2001. All the webcasts can be accessed on the Forum's website at: www.weforum.org/annualmeeting/webcasts

Brad Thomson (Ottawa South, Progressive Canadian Party) answers CIPPIC questions | Digital Copyright Canada

Thu, 05 Jan 2006 01:05:55 GMT

Brad Thomson (Ottawa South, Progressive Canadian Party) answers CIPPIC questions

Happy New Year 2006 !!

Mon, 02 Jan 2006 03:27:02 GMT

Happy New Year 2006 !!

NORAD keeping an eye on Santa !!

Sat, 24 Dec 2005 17:51:55 GMT

Merry Christmas to all ... and to all a Good Night!!

Don't forget The Annual NORAD Tracks Santa Claus Website .They also support :French,Spanish, Deutch,Italian and Japanese.NORAD tracks Santa every Christmas eve, following his trek around the world for children everywhere. Some portions of the site require RealPlayer to work. The free version is fine.

The server I use for Privacy Digest has been hacked/compromised.

Sat, 24 Dec 2005 05:20:32 GMT

Editor: Sorry about being gone for a bit. It seems that my server has been hacked, and used as part of a DOS attack. I have replaced the system OS and am in the process of reloading/recreating all the content in Privacy Digest and the other hosted domains. Since in my opinion my ISP has been on the slow side in responding to my trouble ticket. It looks like I will be putting things back together over the night when I should be sleeping. There have hundreds of brute force attacks fended off, but this time someone got in. I will put the most visible/critical data up first, and some may have to wait till I get some sleep.

Merry Christmas and Happy New Year !!

Privacy and Security Law Blog: Is Canada Trying to Opt Out of the Patriot Act?

Fri, 16 Dec 2005 13:28:45 GMT

In response to concerns that the FBI can access sensitive Canadian data that the Canadian government provides to U.S. firms, a Canadian government proposal would allow Canadian government departments to cancel contracts with U.S. firms that give information about Canadians to the FBI. Draft guidelines say that the FBI can get access through U.S. firms or their affiliates to data located in Canada. Even if the Canadian government canceled a contract, though, that may not stop the U.S. government from obtaining the Canadian data. Such a cancellation could leave a firm with the choice of breaking U.S. or Canadian law, so unless Canadian law imposes severe penalties, a firm may decide it is less costly to comply with U.S. law.

New Canadian Voice in Digital Rights Issues: Online Rights Canada | Digital Copyright Canada

Sat, 10 Dec 2005 16:21:48 GMT

Online Rights Canada Launches with EFF, CIPPIC Support

Toronto - Online Rights Canada (ORC) launched in Canada Friday, giving Canadians a new voice in critical technology and information policy issues. The grassroots organization is jointly supported by the Canadian Internet Policy & Public Interest Clinic (CIPPIC) and the Electronic Frontier Foundation (EFF).

"Canadians are realizing in ever-greater numbers that the online world offers tremendous opportunities for learning, communicating, and innovating, but that those opportunities are at risk as a result of corporate practices, government policies and legal regimes that hinder online privacy and free speech," said Philippa Lawson, Executive Director and General Counsel of CIPPIC. "Online Rights Canada provides a home on the Internet for grassroots activism on digital issues that are important to ordinary Canadians."

"With the Canadian government preparing for a January election, all of last year's legislation is back on the drawing board. Canadians now have another chance to present a public interest perspective on issues like copyright reform and increased government surveillance," said Ren Bucholz, EFF's Policy Coordinator, Americas. "We are happy to be launching ORC at such a critical time."

CBC News: House searches in dismemberment case spark privacy concerns

Thu, 08 Dec 2005 18:45:21 GMT

House-to-house searches have some residents of a Toronto neighbourhood on edge as police hunt for clues in the case of a woman whose body was found dismembered in a laneway.

A team of 20 officers is asking residents in the west-end neighbourhood of Parkdale to sign a consent form allowing a search of closets, basements and freezers.

[...]

While police say the searches are voluntary, they are keeping track of people who won't let them inside their houses. That has raised concerns in the area.

Parkdale resident David Flynn says it was intimidating to have police search his house.

"I felt sort of weird about the situation, so I went and stood out in the backyard and waited with my dog," said Flynn.

"I knew my rights, but you still never want to have to exercise your rights - in the sense that I really don't want those buttons to be pushed - that I would have to say no."

Alexi Wood, of the Canadian Civil Liberties Association, says that organization has received complaints.

[...]

Police insist it's all voluntary, adding that anything they inadvertently discover during a search would likely be ignored.

Editor: Emphasis added.

CNN.com - Device stops speeders from inside car - Dec 4, 2005

Mon, 05 Dec 2005 00:29:28 GMT

The system being tested by Transport Canada, the Canadian equivalent of the U.S. Department of Transportation, uses a global positioning satellite device installed in the car to monitor the car's speed and position. If the car begins to significantly exceed the speed limit for the road on which it's travelling the system responds by making it harder to depress the gas pedal, according to a story posted on the Toronto Globe and Mail's Website.