Privacy Commissioner

Bill S-4 – (The not quite) Digital Privacy Act ?

I had originally wanted to wait until the Privacy Commissioner of Canada released a report on Bill S-4 before commenting but decided that I should just go ahead and post something about this senate bill.

This bill was proposed to help in the cases of security breaches, to help control identity theft. But unfortunately it may also cause individuals to have their information given to third parties without their consent or knowledge.

“an organization may disclose personal information without the knowledge or consent of the individual if

(a) the disclosure is made to the other organization, the government institution or the part of a government institution that was notified of the breach under subsection (1); and

(b) the disclosure is made solely for the purposes of reducing the risk of harm to the individual that could result from the breach or mitigating that harm.” – Bill S-4, Section 10.2 (3)

Furthermore warrants may not be required under Bill C-13 and the costs associated to the infrastructure required to keep records of your online activities would be passed onto either consumers and/or taxpayers.

Are to believe this bill is meant to improve our situation ? We would be paying more for internet and give more private information to a government that was just hacked because of the Heartbeat Bug.

I think this bill needs to be re-written. And if you do too I think you should sign the Open Media petition on Privacy.

Thank you.

Bill C-30 Killed – Replacement On The Way

Justice Minister Rob Nicholson has stated that Bill C-30 will not proceed in Parliament in response to the concerns brought up by the Privacy Commissioner of Canada and members of the public.

This bill would have enabled police to access internet traffic without a warrant and would have required the installation and maintenance of extra equipment by internet providers, who would have passed the associated expenditures down to the consumer.

Canadians would not only have lost rights in regards to privacy but could have also been subjected to security breaches via the new aforementioned online spying equipment had this bill gone through.

A new bill will be unveiled shortly in Parliament so additional information will be posted to this blog a.s.a.p.

Parliament Is In Session

So, Parliament is now in session and several issues are back on the table.

Quite a few of the more controversial bills have passed through, some changed slightly like the Copyright Modernization Act. But the primary issue I’m having now is related to privacy in the internet.

We have progressed, the Office Of The Privacy Commissioner of Canada offering an online form for complaints. And the debate persists in the media, as it’s been since Bill C-12 was introduced in September 2011 by the Minister of Industry and Ministry of State (Agriculture).

The issue of course is the wording of the proposed amendments to Personal Information Protection and Electronic Documents Act in Bill C-12 and other documents, which could cause problems later on in its interpretation and enforcement.

At the moment the member of parliament are concentrating on the budget, which will be tabled next week. But quite a few citizens are also wondering if they will be required to pay for technology to spy on every day citizens through their internet providers. And others wonder what will qualify as “probable cause” to start an investigation of an individual.

For example, will the past downloading of files from services like Megaupload result in an investigation in regards to piracy because of the accusations made against the service by the United States ? Will the viewing of a fundamentalist video on Youtube result in an investigation related to terrorism ?

Some people assume that they will be determined innocent with little to no effort if they were ever exposed to these issues. But what will be the due processes and how inconvenient will they be to the accused and the system ?

I am concerned about the mass prosecution of people and financial toll this will take on our internet providers and legal system. And having avoided the use of peer to peer transfer programs because of malware and spyware, I do not appreciate being exposed to the possibility of security issues through the implementation of a system that could have security issues of its own.

“Haste makes waste”. We need to tread slowly and thoughtfully through the process.

“We Will Entertain Amendments”

In response to concerns about privacy and judicial oversight, the Conservative government has stated that they would be open to amendments to Bill C-30 in committee.

Cited as the Investigating and Preventing Criminal Electronic Communications Act, this bill enables the RCMP, Canadian Security Intelligence Service, Commissioner of Competition and police services through-out Canada access to subscriber information without warrants whilst investigating offenses under their mandate.

On March 9th, 2011, a joint statement by the federal and provincial privacy commissioners of Canada was issued in response to the previous proposed legislation. And the concerns listed in that statement and in the October 26th, 2011 statement issued by the Office of The Privacy Commissioner of Canada remain with Bill C-30.

Unfortunately there is also some concern in regards to the interpretation of evidence and preconceptions related to certain activities, like the use of peer to peer services or file services like Megaupload.

Yes, peer to peer programs are being used for illegal activities, as did Megaupload. But does it mean that all activity on these services are suspicious, requiring the collection of information from the users of these services ?

Section 16, subsection (2)(b) may also enable foreign police services to access this information, which could then be subject to their local laws and their inherent weaknesses.

Groups like Anonymous have been able to hack into many of the aforementioned police services so how secure will the information be ? And what’s to stop criminals from abusing section 17, which compels internet and cell phone providers to give private information to any police officer upon receipt of an oral request ?

Hopefully these issues will be addressed with much more than the false dichotomy Canadians have been subjected to lately.

Lawful Access – Consumer Unfriendly

The Conservative Government wishes to re-introduce legislation enabling law enforcement to access online communications without a warrant.

They believe that this would help them combat terrorism and crime. But unfortunately they may rely on internet providers to retain information on their behalf, which could be costly for the consumer because the internet providers would require more equipment and personel to do so.

In searching for illicit activity online our internet providers will be required to store vast amounts of information and these extra expendatures will be passed down to their subscribers.

According to a 2002 Statistics Canada report, law enforcement are hindered by the use of pseunomyms, anonymous remailers, dial-up connections and public wi-fi.

One can only imagine how much information would be required to keep track of suspects that use “public Internet stations in airports, bus depots, libraries, cyber-cafés and convenience stores” alone, examples mentioned in the report.

Anyone using any of the above mentioned services would have their information catalogued and accessible for cross referencing and analysis, which is not only a burden on resources at the internet providers but may result in a violation of our privacy laws according to the Office Of The Privacy Commissioner Of Canada.

In an October 27th, 2009 letter to the Standing Committee on Public Safety and National Security, the Privacy Commissioner stated :

“Though isolated anecdotes abound, and extreme incidents are generally referred to, no systematic case has yet been made that demonstrates a need to circumvent the current legal regime for judicial authorization to obtain personal information. Before all else, law enforcement and national security authorities need to explain how the current provisions on judicial warrants do not meet their needs.”

The aforementioned 2002 Statistics Canada report may claim a lack of standard in cybercrime statistics, possibly resulting in a lack of classification or reporting of these crimes. But crime in Canada is down according to this June 2011 Statistics Canada report.

These costly, potentially insecure systems, are not required. Law enforcement has managed quite well with the current regulations, even with their limited manpower, and the flood of information will probably overwhelm them requiring costly automation.

This is, in my opinion, not the way to go. And this is why i’ve signed the following Openmedia.ca petition :

Please sign the above petition and contact your local Member of Parliament about this issue as soon as possible, preferably before September 19th. Thank you.

Privacy Commissioner Investigating Breach

A representative of Canada’s privacy commissioner has told Postmedia News that it is investigating this month’s Playstation Network/Qriocity security breach.

The security breach has caused additional headaches for Sony in California, where a class action lawsuit was filed on Wednesday over this issue.