Michael Geist Law RSS Feed

Syndicate content Some Rights Reserved
Updated: 1 hour 48 min ago

Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks

Mon, 2014/12/15 - 10:57

After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.

While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.

The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.

My weekly technology law column (Toronto Star version, homepage version) notes the surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill.  Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.

Those provisions were dropped from Bill C-13, yet according to documents obtained under the Access to Information Act, both Internet providers and the government have been debating a “Plan B” on how to ensure that there are surveillance and interception capable networks.

Perhaps the most notable revelation is that Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. A 2013 memorandum prepared for the public safety minister reveals that Canadian telecom companies advised the government that the leading telecom equipment manufacturers, including Cisco, Juniper, and Huawei, all offer products with interception capabilities at a small additional cost.

In light of the standardization of the interception capabilities, the memo notes that the Canadian providers argue that “the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications.”

In other words, Canadian telecom providers are telling the government there is no need for legally mandated surveillance and interception functionality since they will be building networks that will feature those capabilities by default.

While Canadian network providers claimed that interception and surveillance capabilities would become a standard feature in their networks, government officials were not entirely convinced. Department officials argued that interception is a “complex process” and that legislative requirements were preferred.

In the absence of mandated surveillance and interception capabilities, another internal government memorandum emphasized the value of incorporating the technologies in wireless networks through spectrum licence requirements. The memorandum notes that Public Safety works with Industry Canada in developing those requirements and deals directly with providers to ensure that they meet the necessary standards.

The department’s stated goal is to “ensure that the lawful interception capabilities of public safety agencies are maximized within the existing legal framework.”  In meeting its goal, the memorandum notes that it will work directly with the wireless providers to assess compliance levels and gain “valuable information on the interception capability currently available.”

The latest chapter of lawful access legislation may have come to a close, but the internal government documents suggest that the story is not yet over. With telecom providers suggesting that surveillance-capable networks are inevitable and government officials seeking alternatives to mandatory interception capabilities, the reality is that some of the issues at the heart of lawful access remain very much in play.

The post Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks appeared first on Michael Geist.

Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks

Mon, 2014/12/15 - 10:54

Appeared in the Toronto Star on December 13, 2014 as Government Documents Reveal Telecom Providers Envision Surveillance-Ready Networks

After years of failed bills, public debate, and considerable controversy, lawful access legislation received royal assent last week. Public Safety Minister Peter MacKay’s Bill C-13 lumped together measures designed to combat cyberbullying with a series of new warrants to enhance police investigative powers, generating criticism from the Privacy Commissioner of Canada, civil liberties groups, and some prominent victims rights advocates. They argued that the government should have created cyberbullying safeguards without sacrificing privacy.

While the bill would have benefited from some amendments, it remains a far cry from earlier versions that featured mandatory personal information disclosure without court oversight and required Internet providers to install extensive surveillance and interception capabilities within their networks.

The mandatory disclosure of subscriber information rules, which figured prominently in earlier lawful access bills, were gradually reduced in scope and ultimately eliminated altogether. Moreover, a recent Supreme Court ruling raised doubt about the constitutionality of the provisions.

The surveillance and interception capability issue is more complicated, however. The prospect of a total surveillance infrastructure within Canadian Internet networks generated an enormous outcry when proposed in Vic Toews’ 2012 lawful access bill.  Not only did the bill specify the precise required surveillance and interception capabilities, but it also would have established extensive Internet provider reporting requirements and envisioned partial payments by government to help offset the costs for smaller Internet providers.

Those provisions were dropped from Bill C-13, yet according to documents obtained under the Access to Information Act, both Internet providers and the government have been debating a “Plan B” on how to ensure that there are surveillance and interception capable networks.

Perhaps the most notable revelation is that Internet providers have tried to convince the government that they will voluntarily build surveillance capabilities into their networks. A 2013 memorandum prepared for the public safety minister reveals that Canadian telecom companies advised the government that the leading telecom equipment manufacturers, including Cisco, Juniper, and Huawei, all offer products with interception capabilities at a small additional cost.

In light of the standardization of the interception capabilities, the memo notes that the Canadian providers argue that “the telecommunications market will soon shift to a point where interception capability will simply become a standard component of available equipment, and that technical changes in the way communications actually travel on communications networks will make it even easier to intercept communications.”

In other words, Canadian telecom providers are telling the government there is no need for legally mandated surveillance and interception functionality since they will be building networks that will feature those capabilities by default.

While Canadian network providers claimed that interception and surveillance capabilities would become a standard feature in their networks, government officials were not entirely convinced. Department officials argued that interception is a “complex process” and that legislative requirements were preferred.

In the absence of mandated surveillance and interception capabilities, another internal government memorandum emphasized the value of incorporating the technologies in wireless networks through spectrum licence requirements. The memorandum notes that Public Safety works with Industry Canada in developing those requirements and deals directly with providers to ensure that they meet the necessary standards.

The department’s stated goal is to “ensure that the lawful interception capabilities of public safety agencies are maximized within the existing legal framework.”  In meeting its goal, the memorandum notes that it will work directly with the wireless providers to assess compliance levels and gain “valuable information on the interception capability currently available.”

The latest chapter of lawful access legislation may have come to a close, but the internal government documents suggest that the story is not yet over. With telecom providers suggesting that surveillance-capable networks are inevitable and government officials seeking alternatives to mandatory interception capabilities, the reality is that some of the issues at the heart of lawful access remain very much in play.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

The post Government Documents Reveal Canadian Telcos Envision Surveillance-Ready Networks appeared first on Michael Geist.

Supreme Court’s Privacy Streak Comes To End: Split Court Affirms Legality of Warrantless Phone Searches Incident to Arrest

Thu, 2014/12/11 - 11:45

The Supreme Court of Canada issued its decision in R. v. Fearon today, a case involving the legality of a warrantless cellphone search by police during an arrest. Given the court’s strong endorsement of privacy in recent cases such as Spencer, Vu, and Telus, this seemed like a slam dunk. Moreover, the U.S. Supreme Court’s June 2014 decision in Riley, which addressed similar issues and ruled that a warrant is needed to search a phone, further suggested that the court would continue its streak of pro-privacy decisions.

To the surprise of many, a divided court upheld the ability of police to search cellphones without a warrant incident to an arrest. The majority established some conditions, but ultimately ruled that it could navigate the privacy balance by establishing some safeguards with the practice. A strongly worded dissent disagreed, noting the privacy implications of access to cellphones and the need for judicial pre-authorization as the best method of addressing the privacy implications.

The majority, written by Justice Cromwell (joined by McLachlin, Moldaver, and Wagner),  explicitly recognizes that cellphones are the functional equivalent of computers and that a search may constitute a significant intrusion of privacy. Yet the majority cautions that not every search is a significant intrusion. It ultimately concludes that there is the potential for a cellphone search to be intrusive, it does not believe that that will be the case in every instance.

Given that conclusion, it is prepared to permit cellphone searches that are incident to arrest provided that the law is modified with some additional protections against invasion of privacy. It proceeds to effectively write the law by creating four conditions: a lawful arrest, the search is incidental to the arrest with a valid law enforcement purpose, the search is tailored or limited to the purpose (ie. limited to recent information), and police take detailed notes on what they have examined and how the phone was searched.

One saving grace in the majority’s decision is that rejects the notion that password-protected phones legally enjoy greater privacy protection than non-protected ones.  The majority states:

I pause here for a moment to note that some courts have suggested that the protection s. 8 affords to individuals in the context of cell phone searches varies depending on whether an individual’s phone is password-protected. I would not give this factor very much weight in assessing either an individual’s subjective expectation of privacy or whether that expectation is reasonable. An individual’s decision not to password protect his or her cell phone does not indicate any sort of abandonment of the significant privacy interests one generally will have in the contents of the phone. Cell phones – locked or unlocked – engage significant privacy interests.

The dissent – written by Karakatsanis and joined by LeBel and Abella – unsurprisingly agrees on the issue of password protection but also offers a much stronger defence of privacy. It explicitly recognizes the connection between digital devices and privacy:

the cell phone acts like a key or portal which can allow the user to access the full treasure trove of records and files that the owner has generated or used on any number of devices.  It is not just the device itself and the information it has generated, but the gamut of (often intensely) personal data accessible via the device that gives rise to the significant and unique privacy interests in digital devices.  The fact that a suspect may be carrying their house key at the time they are arrested does not justify the police using that key to enter the suspect’s home.  In the same way, seizing the key to the user’s digital life should not justify a wholesale intrusion into that realm.  Indeed, personal digital devices are becoming as ubiquitous as the house key.  Increasingly large numbers of people carry such devices with them everywhere they go (be they cell phones, mobile computers, smart watches, smart glasses, or tablets).

The dissent proceeds to adopt the position that complicated conditions are no substitute for effective privacy. It therefore concludes that warrants provide the right balance:

The intensely personal and uniquely pervasive sphere of privacy in our personal computers requires protection that is clear, practical and effective.  An overly complicated template, such as the one proposed by the majority, does not ensure sufficient protection.  Only judicial pre-authorization can provide the effective and impartial balancing of the state’s law enforcement objectives with the privacy interests in our personal computers.  Thus, I conclude that the police must obtain a warrant before they can search an arrested person’s phone or other personal digital communications device.  Our common law already provides flexibility where there are exigent circumstances – when the safety of the officer or the public is at stake, or when a search is necessary to prevent the destruction of evidence.

While the case does provide some helpful language on the importance of privacy, the recognition that cellphones and computers are now functionally equivalent, and that password protection should not be a pre-requisite for privacy protection, the decision is a setback for privacy in Canada. With the court having just concluded in Spencer that a warrant is needed to access subscriber information, it should have maintained that approach by similarly requiring one for cellphone searches during an arrest. In trying to establish the legality of some warrantless cellphone searches, it has replaced the important safeguard of a judicial authorization with conditions that do little to protect privacy while complicating the obligations of law enforcement.

The post Supreme Court’s Privacy Streak Comes To End: Split Court Affirms Legality of Warrantless Phone Searches Incident to Arrest appeared first on Michael Geist.

Too Little, Too Late?: Access Copyright Finally Acknowledges the Reduced Value of Its Licence

Wed, 2014/12/10 - 10:27

Access Copyright announced a shift in its licensing approach for universities and colleges yesterday, unveiling what it described as “new market-focused services.” Access Copyright CEO Roanie Levy is quoted as saying “we recognize the advances many institutions have made on content dissemination and the centralized management of copyright. We hear you. We are changing.” Indeed, the copyright collective has changed its tune in some important ways.

Less than three years ago, Access Copyright believed that institutions simply could not opt-out of its licence, claiming that an opt-out would amount to “an absolute ban on all copying” since the only possible way to legally copy materials was to pay the collective. Over the past three years, Access Copyright has been proven wrong. The Supreme Court of Canada dismissed all of its key legal arguments in a massive defeat, the government expanded fair dealing with the inclusion of education, universities opted-out of the Access Copyright licence in droves, and dozens adopted fair dealing policies that called into question whether there was much value in the licence at all.

While Access Copyright is still suing York University (more about that below), the collective appears to recognize that the education sector has alternatives, including the enormous expenditures on site licences, open access publishing, fair dealing, public domain works, and individual licences for works not otherwise available. In other words, Access Copyright is an option, not a requirement, and the collective must prove value that extends beyond extolling the size of its repertoire. Rather, it must demonstrate that it offers value for money in an environment where the Supreme Court has emphasized the importance of users’ rights and adopted a liberal, flexible approach to fair dealing.

Access Copyright’s new approach appears to focus on two things: lower prices to reflect the reduced value of its licence and more options for universities and colleges. While the current model licence costs $26 per full time student at universities, its new “Premium” service drops the fee to $15 per student on a three-year commitment. That licence covers paper and digital copying of up to 20% of a work, which is greater than the 10% standard established in most fair dealing guidelines. Alternatively, Access Copyright is also offering a “Choice” service that costs $5 per student. It only covers handouts and email attachments. Coursepacks and digital uploads are charged at 12 cents per page, which is a 20% increase over the prior per-page fee set some years ago. Access Copyright says the “Choice” package is designed for universities that have centralized their copyright management.  In other words, those that have already opted-out of Access Copyright and might want back in.

Why the lower prices? Access Copyright finally admits that fair dealing should be more directly factored into its pricing:

The new rates are intended to reflect market uncertainty around fair dealing in education. As
such, they represent a sincere attempt to continue working with the education sector as we await greater clarity on fair dealing.

So will universities jump at the new offerings or is it too little, too late?

The “Premium” service is clearly targeting universities that currently operate under the Access Copyright licence. That licence will be expiring for many this summer (those who signed three year deals days before the Supreme Court ruling in 2012) and most were expected to stop using the collective. The new $15 price tag, which not-so-coincidentally starts just as the old licences expire, may prove attractive to those institutions. Indeed, fair dealing is not free as it costs real dollars to manage the system. One institution that I spoke with during the period when many were opting out (not my own school), estimated the cost at $12 per student. If that is accurate – and if the institution has not invested heavily in copyright management – the Premium service will likely find a few takers.  However, this new offer may come too late as many institutions will have prepared opting out and already budgeted for copyright management services.

The “Choice” service is targeting those that currently operate without an Access Copyright licence, so the question will be whether it provides enough value to justify the $5 annual fee. At the moment, covering handouts and email attachment is unlikely to viewed as providing much value. Those copies typically are shorter in nature and more likely to fall under the fair dealing guidelines. The value might come in providing certainty on transactional licences by effectively creating a per-page cost for work that would presumably only kick-in once fair dealing no longer applies – ie. for copying between 10 – 20% of a work. This isn’t a particularly cheap alternative, but it is convenient. That said, those universities in the Choice category will have already invested in copyright management and may not want to add new costs for relatively limited value.

All of this suggests that Access Copyright is gradually lowering its prices, but it may not  succeed in significantly altering the market for its licences since its best case scenario is merely to keep some universities within the fold (admittedly who were likely to leave) rather than bring back those that left several years ago. The Premium service comes closer to a rate that may find a market, but the Choice service may ultimately need to shift to a transaction-only model under which Access Copyright makes it easy to licence works not covered by fair dealing. By effectively charging a $5 administrative fee, it isn’t there yet.

Moreover, there is one further consideration that universities should factor into any decision: the York University litigation. For many years, the universities effectively funded Access Copyright’s litigation and Copyright Board costs, with the collective setting aside millions to pay for legal and lobbying fees. To return to that state of affairs while litigation is ongoing makes little sense. Before universities once again start sending millions to Access Copyright, they might demand that it stop suing them first.

The post Too Little, Too Late?: Access Copyright Finally Acknowledges the Reduced Value of Its Licence appeared first on Michael Geist.

Why Canada’s Communication Policy Misses the Forest for the Trees

Tue, 2014/12/09 - 12:36

The Canadian Radio-television and Telecommunications Commission wrapped up its third major hearing in as many months last week, focusing on the wholesale market for broadband Internet services. Coming on the heels of the earlier hearings on broadcast television regulation (the “TalkTV” hearing that was highlighted by a showdown with Netflix) and wholesale wireless services, the proceedings followed a familiar script.

The incumbent providers urged the Commission to resist regulating access, claiming a competitive market exists with few barriers to new competitors. Meanwhile, independent Internet providers pointed to their relatively small share of the current broadband market and warned that failure to mandate access for faster fibre connections to the home would effectively eliminate future competition as Canadians gravitate to services offering faster speeds.

While it will take some time for the CRTC to issue its decisions in all three cases (the broadcast decision is expected before the end of the year), it is not too early to declare the entire system broken. The CRTC – Netflix battle prompted many to conclude that the Commission was a relic of the past, unable to adapt to the disruptions facilitated by the Internet. Yet the Commission’s difficulty dealing with the fast-moving changes throughout the communications sector is chiefly the result of an outdated regulatory structure that misses the proverbial forest for the trees.

The past three months has essentially involved the examination of bite-sized pieces of Canada’s communication environment without really digging into the whole. The conventional regulatory approach may dictate that the CRTC consider broadcast, wireless, and broadband services separately, but the silo approach makes little sense when both the technologies and the dominant industry players overlap every step of the way.

Canada’s communications market now stands as one of the most vertically integrated in the world. The same companies wear different hats before the Commission as they alternately appear as dominant broadcasters, broadcast distributors, wireless companies, and broadband Internet providers. While the regulatory world treats each market differently, companies such as Bell and Rogers strategize about the whole, not the parts, and are able to use the piecemeal approach to their competitive advantage.

The occasional witness raised this concern, urging the CRTC to consider issues that fall outside the conventional scope of the broadcast or telecom silos. For example, during the broadcast hearing, several emphasized that since a growing number of Canadians access “broadcast” through the Internet or wireless devices, the issue was really one of telecom regulation, not broadcast.

Similarly, witnesses at the broadband Internet hearing noted that issues of regulated access were fundamentally about delivering broadcast content or third party applications, not about specific speeds or pricing. As the Commission delved into technical questions over wholesale costs of Internet services that would be incomprehensible to most Canadians, discussion about the implications for new services from a monopoly-like access to the home for fast Internet was largely absent.

Solving these bigger issues may indeed be beyond the ability of the CRTC. There is a growing sense that the twin governing statutes – the Broadcasting Act and the Telecommunications Act – should be reformed into a single Communications Act that better reflects today’s Internet environment. However, legislative reform is the responsibility of the government, not the regulator, and Industry Minister James Moore has shown little interest in tackling the issue.

Similarly, the calls for “structural separation”, which would involve breaking up the larger companies into separate content and carriage companies are growing louder, but CRTC Chair Jean-Pierre Blais noted that those steps are also better suited to elected officials.

That leaves the Commission with system that largely ignores what is obvious to millions of Canadians who receive monthly bills that lump together everything from wireless services to broadband Internet to broadcast television. Communications now comes in a single bill and represents one very large policy forest that cannot be effectively addressed one tree at a time.

The post Why Canada’s Communication Policy Misses the Forest for the Trees appeared first on Michael Geist.

Why Canada’s Communication Policy Misses the Forest for the Trees

Tue, 2014/12/09 - 12:15

The Canadian Radio-television and Telecommunications Commission wrapped up its third major hearing in as many months this week, focusing on the wholesale market for broadband Internet services. Coming on the heels of the earlier hearings on broadcast television regulation (the “TalkTV” hearing that was highlighted by a showdown with Netflix) and wholesale wireless services, the proceedings followed a familiar script.

The incumbent providers urged the Commission to resist regulating access, claiming a competitive market exists with few barriers to new competitors. Meanwhile, independent Internet providers pointed to their relatively small share of the current broadband market and warned that failure to mandate access for faster fibre connections to the home would effectively eliminate future competition as Canadians gravitate to services offering faster speeds.

While it will take some time for the CRTC to issue its decisions in all three cases (the broadcast decision is expected before the end of the year), it is not too early to declare the entire system broken. The CRTC – Netflix battle prompted many to conclude that the Commission was a relic of the past, unable to adapt to the disruptions facilitated by the Internet. Yet the Commission’s difficulty dealing with the fast-moving changes throughout the communications sector is chiefly the result of an outdated regulatory structure that misses the proverbial forest for the trees.

The past three months has essentially involved the examination of bite-sized pieces of Canada’s communication environment without really digging into the whole. The conventional regulatory approach may dictate that the CRTC consider broadcast, wireless, and broadband services separately, but the silo approach makes little sense when both the technologies and the dominant industry players overlap every step of the way.

Canada’s communications market now stands as one of the most vertically integrated in the world. The same companies wear different hats before the Commission as they alternately appear as dominant broadcasters, broadcast distributors, wireless companies, and broadband Internet providers. While the regulatory world treats each market differently, companies such as Bell and Rogers strategize about the whole, not the parts, and are able to use the piecemeal approach to their competitive advantage.

The occasional witness raised this concern, urging the CRTC to consider issues that fall outside the conventional scope of the broadcast or telecom silos. For example, during the broadcast hearing, several emphasized that since a growing number of Canadians access “broadcast” through the Internet or wireless devices, the issue was really one of telecom regulation, not broadcast.

Similarly, witnesses at the broadband Internet hearing noted that issues of regulated access were fundamentally about delivering broadcast content or third party applications, not about specific speeds or pricing. As the Commission delved into technical questions over wholesale costs of Internet services that would be incomprehensible to most Canadians, discussion about the implications for new services from a monopoly-like access to the home for fast Internet was largely absent.

Solving these bigger issues may indeed be beyond the ability of the CRTC. There is a growing sense that the twin governing statutes – the Broadcasting Act and the Telecommunications Act – should be reformed into a single Communications Act that better reflects today’s Internet environment. However, legislative reform is the responsibility of the government, not the regulator, and Industry Minister James Moore has shown little interest in tackling the issue.

Similarly, the calls for “structural separation”, which would involve breaking up the larger companies into separate content and carriage companies are growing louder, but CRTC Chair Jean-Pierre Blais noted that those steps are also better suited to elected officials.

That leaves the Commission with system that largely ignores what is obvious to millions of Canadians who receive monthly bills that lump together everything from wireless services to broadband Internet to broadcast television. Communications now comes in a single bill and represents one very large policy forest that cannot be effectively addressed one tree at a time.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

The post Why Canada’s Communication Policy Misses the Forest for the Trees appeared first on Michael Geist.

Canada – European Union Data Sharing Agreement Sent to EU Court of Justice for Review

Wed, 2014/12/03 - 10:04

Earlier this year, Canada and the European Union announced that they had reached agreement on sharing airline passenger name record data. The data shared includes names, addresses, and credit card numbers of airline passengers. The agreement was signed in June (video of the signing here), but approval from the European Parliament was required. In light of growing privacy concerns, that approval has proven more difficult to obtain than previously anticipated.

Rather than simply grant approval, the European Parliament has narrowly voted to send the agreement to the European Court of Justice for review to ensure that it is compliant with European law including EU treaties and the European Charter of Rights and Freedoms (the final vote was 383 to 271 with 47 abstentions). The resolution notes that the European Data Protection Supervisor (effectively the Privacy Commissioner for the EU) issued an opinion in September 2013 that questioned the necessity and proportionality of agreements to transfer passenger information between jurisdictions. The EDPS opinion features an extensive review of the agreement and raises pointed questions about specific provisions along with numerous recommendations for reform.

The decision means that the Canada – EU data sharing agreement will be delayed by at least one to three years while the court conducts its review. The review will raise several important privacy issues including the effectiveness of exchanging passenger information in combating terrorism and the state of Canadian privacy law. The European Court of Justice has already struck down the European Data Retention Directive, suggesting that this agreement could also face tough scrutiny.

The post Canada – European Union Data Sharing Agreement Sent to EU Court of Justice for Review appeared first on Michael Geist.

What Open Government Hides

Mon, 2014/12/01 - 10:19

Treasury Board President Tony Clement unveiled the latest version of his Open Government Action Plan last month, continuing a process that has seen some important initiatives to make government data such as statistical information and mapping data publicly available in open formats free from restrictive licenses.

My weekly technology law column (Toronto Star version, homepage version) notes there is much to like about Canada’s open government efforts, which have centred on three pillars: open data, open information, and open dialogue. Given the promise of “greater transparency and accountability, increased citizen engagement, and driving innovation and economic opportunity”, few would criticize the aspirational goals of Canada’s open government efforts. Yet scratch the below the surface of new open data sets and public consultations and it becomes apparent that there is much that open government hides.

The federal efforts around open data have shown significant progress in recent years. What started as a few pilot projects with relatively obscure data has grown dramatically with over 200,000 government data sets now openly available for use without the need for payment or permission. Moreover, the government has addressed concerns with its open government licence, removing some of the initial restrictions that unnecessarily hamstrung early efforts.

However, the enthusiasm for open data has not been matched with reforms to the access to information system. Despite government claims of openness and transparency, all government data is not equal. There is a significant difference between posting mapping data and making available internal information on policy decisions that should be released under access to information rules.

Indeed, while the government has invested in making open data sets available, it has failed to provide the necessary resources to the access to information system. The Information Commissioner of Canada has warned that inadequate financing has made it virtually impossible to meet demand and respond to complaints.  Regular users of the access to information system invariably encounter long delays, aggressive use of exceptions to redact important information, significant costs, and inconsistent implementation of technology to provide more efficient and cost-effective service.

In short, the access to information system is broken. An open government plan that only addresses the information that government wants to make available, rather than all of the information to which the public is entitled, is not an open plan.

The efforts on open dialogue and open government suffer from similar shortcomings. The government and its agencies have embarked on public consultations on many issues in recent years: the Canadian Radio-television and Telecommunications Commission asked Canadians for their views on broadcast regulation, the Competition Bureau consulted on advocacy priorities, and House and Senate committees regularly hold hearings on new legislative proposals.

Yet open dialogues and consultations mean little if the outcomes are pre-determined and the public input is largely ignored.  This form of consultation is properly characterized as “consultation theatre”, where government seeks to claim consultation with no discernable impact on the resulting law or policy.

For example, last week the Senate Committee on Legal and Constitutional Affairs wrapped up its hearing on Bill C-13, passing the lawful access/cyberbullying bill with no comments or changes. The hearing included many voices (I appeared in a personal capacity), but Carol Todd, the mother of cyberbullying victim Amanda Todd, was excluded after she expressed concern with the privacy implications of the bill. Similarly, Daniel Therrien, the Privacy Commissioner of Canada appointed earlier this year by the government, advocated changes during his appearance that were ultimately ignored.

Open dialogue and public consultations do not mean that the government simply follows whatever advice is offered up through the process. However, if the consultations or hearings are little more than theatre, claims of open government or open dialogue mean very little.

Open government – whether open data or dialogue – offers great promise to provide a more transparent, inclusive and efficient government. Unfortunately, ignoring issues such as access to information and genuine efforts to incorporate public input into policies means that for now open government is most notable for what it hides.

The post What Open Government Hides appeared first on Michael Geist.

What Open Government Hides

Mon, 2014/12/01 - 10:15

Appeared in the Toronto Star on November 29, 2014 as What Open Government Hides

Treasury Board President Tony Clement unveiled the latest version of his Open Government Action Plan last month, continuing a process that has seen some important initiatives to make government data such as statistical information and mapping data publicly available in open formats free from restrictive licenses.

There is much to like about Canada’s open government efforts, which have centred on three pillars: open data, open information, and open dialogue. Given the promise of “greater transparency and accountability, increased citizen engagement, and driving innovation and economic opportunity”, few would criticize the aspirational goals of Canada’s open government efforts. Yet scratch the below the surface of new open data sets and public consultations and it becomes apparent that there is much that open government hides.

The federal efforts around open data have shown significant progress in recent years. What started as a few pilot projects with relatively obscure data has grown dramatically with over 200,000 government data sets now openly available for use without the need for payment or permission. Moreover, the government has addressed concerns with its open government licence, removing some of the initial restrictions that unnecessarily hamstrung early efforts.

However, the enthusiasm for open data has not been matched with reforms to the access to information system. Despite government claims of openness and transparency, all government data is not equal. There is a significant difference between posting mapping data and making available internal information on policy decisions that should be released under access to information rules.

Indeed, while the government has invested in making open data sets available, it has failed to provide the necessary resources to the access to information system. The Information Commissioner of Canada has warned that inadequate financing has made it virtually impossible to meet demand and respond to complaints.  Regular users of the access to information system invariably encounter long delays, aggressive use of exceptions to redact important information, significant costs, and inconsistent implementation of technology to provide more efficient and cost-effective service.

In short, the access to information system is broken. An open government plan that only addresses the information that government wants to make available, rather than all of the information to which the public is entitled, is not an open plan.

The efforts on open dialogue and open government suffer from similar shortcomings. The government and its agencies have embarked on public consultations on many issues in recent years: the Canadian Radio-television and Telecommunications Commission asked Canadians for their views on broadcast regulation, the Competition Bureau consulted on advocacy priorities, and House and Senate committees regularly hold hearings on new legislative proposals.

Yet open dialogues and consultations mean little if the outcomes are pre-determined and the public input is largely ignored.  This form of consultation is properly characterized as “consultation theatre”, where government seeks to claim consultation with no discernable impact on the resulting law or policy.

For example, this week the Senate Committee on Justice and Human Rights wrapped up its hearing on Bill C-13, passing the lawful access/cyberbullying bill with no comments or changes. The hearing included many voices (I appeared in a personal capacity), but Carol Todd, the mother of cyberbullying victim Amanda Todd, was excluded after she expressed concern with the privacy implications of the bill. Similarly, Daniel Therrien, the Privacy Commissioner of Canada appointed earlier this year by the government, advocated changes during his appearance that were ultimately ignored.

Open dialogue and public consultations do not mean that the government simply follows whatever advice is offered up through the process. However, if the consultations or hearings are little more than theatre, claims of open government or open dialogue mean very little.

Open government – whether open data or dialogue – offers great promise to provide a more transparent, inclusive and efficient government. Unfortunately, ignoring issues such as access to information and genuine efforts to incorporate public input into policies means that for now open government is most notable for what it hides.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

The post What Open Government Hides appeared first on Michael Geist.

The Price of Admission to the TPP Talks Revealed: U.S. Demanded Canada Pass Anti-Counterfeiting Legislation

Fri, 2014/11/28 - 10:51

In the years leading up to Canada’s entry into the Trans Pacific Partnership negotiations, there was considerable speculation about demands imposed by the U.S. For example, I wrote in 2012 about two reported demands: that Canada was stuck with any chapters concluded before entry and that it would not have any veto authority. This meant that if all other countries agreed on a particular provision, Canada would be required to accept it.

Yesterday, Industry Minister James Moore provided the first official confirmation of at least one other condition of admission to the talks: anti-counterfeiting legislation. Bill C-8, the anti-counterfeiting bill that focuses on providing new border measures provisions such as enhanced search and seizure powers for customs agents without court oversight, is really a bill about satisfying U.S. demands for TPP entry. According to Moore:

“This legislation contributes to a more effective relationship between Canada and the United States on raising Canada to the international standard and meeting the standard that the American government frankly asked the government of Canada to meet in order for us to move forward with our participation in the Trans Pacific Partnership negotiations so we think we’ve checked all the necessary boxes.”

While Moore rightly confirmed that Canada will not add in-transit seizures to the bill (as the U.S. is now seeking and will try to get included in the TPP), the admission that the bill checks the necessary U.S. boxes raises the question of who is driving Canadian intellectual property policy. The last copyright reform bill included restrictive digital lock rules at the insistence of the U.S. (and over the objection of the overwhelming majority of Canadians that participated in a government consultation on copyright reform) and now the anti-counterfeiting bill is acknowledged as part of the U.S. price of admission for Canada to enter the TPP talks.

The post The Price of Admission to the TPP Talks Revealed: U.S. Demanded Canada Pass Anti-Counterfeiting Legislation appeared first on Michael Geist.

Carol Todd on Bill C-13: “What Happened to Democracy?”

Wed, 2014/11/26 - 10:00

The Senate Committee on Justice and Human Rights continues its study later today on Bill C-13, the cyber-bullying/lawful access bill that has already passed the House of Commons and seems certain to clear the Senate shortly. I appeared before the committee last week, but one person who will not appear is Carol Todd, the mother of cyber-bullying victim Amanda Todd. Ms. Todd wrote to me yesterday to express her dismay at the committee process with Conservative Senators mischaracterizing her views and the committee declining to offer her an invitation to appear, likely due to her criticisms of the privacy-related provisions in the bill.

Ms. Todd did appear before the House of Commons committee studying Bill C-13, telling Members of Parliament:

“While I applaud the efforts of all of you in crafting the extortion, revenge, porn, and cyberbullying sections of Bill C-13, I am concerned about some of the other unrelated provisions that have been added to the bill in the name of Amanda, Rehtaeh, and all of the children lost to cyberbullying attacks.

I don’t want to see our children victimized again by losing privacy rights. I am troubled by some of these provisions condoning the sharing of the privacy information of Canadians without proper legal process. We are Canadians with strong civil rights and values. A warrant should be required before any Canadian’s personal information is turned over to anyone, including government authorities. We should also be holding our telecommunication companies and Internet providers responsible for mishandling our private and personal information. We should not have to choose between our privacy and our safety.

We should not have to sacrifice our children’s privacy rights to make them safe from cyberbullying, sextortion and revenge pornography.”

The comments generated considerable media attention as it pointed to the divide even among cyberbullying victims about legislation that the lumps together provisions designed to address cyberbullying with lawful access rules with serious implications for the privacy of Canadians.

Since her testimony, the government has tried to downplay her concerns. Justice Minister Peter MacKay told the committee that he met with Ms. Todd and that “she came away with a much better sense of comfort and confidence in what the government was attempting to do.” When I raised Ms. Todd’s views during my Senate appearance, Senator Denise Batters responded that she had since “clarified her views on the bill.”

Yet the reality is that Ms. Todd is more troubled than ever with the government’s approach. In October, she wrote to me hours after the bill passed the House of Commons:

“I was stunned at how the government is going to push it forward considering the discussion and what was said at the hearings last spring.” 

As the Senate hearings continue, she has now expressed surprise and disappointment that she has been excluded from the process, noting that the government does not want her voice to be included and asking “what happened to democracy?”

What happened is that the government no longer wants to hear from one of the country’s most prominent voices on cyberbullying given her concerns that “we should not have to choose between our privacy and our safety.”

The post Carol Todd on Bill C-13: “What Happened to Democracy?” appeared first on Michael Geist.

Why Uber Has a Canadian Privacy Problem

Mon, 2014/11/24 - 10:37

The mounting battle between Uber, the popular app-based car service, and the incumbent taxi industry has featured court dates in Toronto, undercover sting operations in Ottawa, and a marketing campaign designed to stoke fear among potential Uber customers. As Uber enters a growing number of Canadian cities, the ensuing regulatory fight is typically pitched as a contest between a popular, disruptive online service and a staid taxi industry intent on keeping new competitors out of the market.

My weekly technology law column (Toronto Star version, homepage version) notes that if the issue was only a question of choosing between a longstanding regulated industry and a disruptive technology, the outcome would not be in doubt. The popularity of a convenient, well-priced alternative, when contrasted with frustration over a regulated market that artificially limits competition to maintain pricing, is unsurprisingly going to generate enormous public support and will not be regulated out of existence.

While the Uber regulatory battles have focused on whether it constitutes a taxi service subject to local rules, last week a new concern attracted attention: privacy. Regardless of whether it is a taxi service or a technological intermediary, it is clear that Uber collects an enormous amount of sensitive, geo-locational information about its users.  In addition to payment data, the company accumulates a record of where its customers travel, how long they stay at their destinations, and even where they are located in real-time when using the Uber service.

Reports indicate that the company has coined the term “God View” for its ability to track user movements. The God View enables it to simultaneously view all Uber cars and all customers waiting for a ride in an entire city. When those mesh – the Uber customer enters an Uber car – they company can track movements along city streets.  Uber says that use of the information is strictly limited, yet it would appear that company executives have accessed the data to develop portfolios on some of its users.

In fact, Uber blogged in 2012 about “Rides of Glory”, which it characterized as “anyone who took a ride between 10pm and 4am on a Friday or Saturday night, and then took a second ride from within 1/10th of a mile of the previous nights’ drop-off point 4-6 hours later.” The blog posting identified which cities had the largest number of such rides.

Canadian Uber users can be forgiven for wondering whether the company takes their privacy rights seriously since it does not even have a Canada-specific privacy policy. The Uber website features three privacy policies: one for the United States, one for South Korea, and a global catch-all policy for users in 48 other countries. That approach effectively lumps Canadians into a privacy policy shared by users everywhere from Beirut to Beijing to Bogota.

The policy identifies certain privacy rights (and seeks to bring global users under a European Union privacy umbrella), but does nothing to ensure that it is fully compliant with Canadian privacy law standards. Interestingly, the company does have a Canada-specific user agreement, so the company’s legal rights are designed to comply with Canadian law.

Geo-location privacy is frequently invoked within the context of online marketing, with some concerned about the prospect of being “followed” as they walk down a city street, receiving coupons or real-time offers from nearby stores. Yet the Uber situation provides an important reminder that geo-locational privacy issues extend far beyond just marketing as they allow for tracking and inferences about user behaviour that is not otherwise publicly available.

Providing locational information is a trade-off that many are prepared to make, particularly if backed by privacy rules that safeguard misuse and provide some measure of oversight. In the case of Uber, the failure to develop Canada-specific protections raises serious questions about whether the company sees itself as outside the scope of more than just local taxi regulations.

The post Why Uber Has a Canadian Privacy Problem appeared first on Michael Geist.

Why Uber Has a Canadian Privacy Problem

Mon, 2014/11/24 - 10:35

Appeared in the Toronto Star on November 22, 2014 as Why Uber has a Canadian Privacy Problem

The mounting battle between Uber, the popular app-based car service, and the incumbent taxi industry has featured court dates in Toronto, undercover sting operations in Ottawa, and a marketing campaign designed to stoke fear among potential Uber customers. As Uber enters a growing number of Canadian cities, the ensuing regulatory fight is typically pitched as a contest between a popular, disruptive online service and a staid taxi industry intent on keeping new competitors out of the market.

If the issue was only a question of choosing between a longstanding regulated industry and a disruptive technology, the outcome would not be in doubt. The popularity of a convenient, well-priced alternative, when contrasted with frustration over a regulated market that artificially limits competition to maintain pricing, is unsurprisingly going to generate enormous public support and will not be regulated out of existence.

While the Uber regulatory battles have focused on whether it constitutes a taxi service subject to local rules, last week a new concern attracted attention: privacy. Regardless of whether it is a taxi service or a technological intermediary, it is clear that Uber collects an enormous amount of sensitive, geo-locational information about its users.  In addition to payment data, the company accumulates a record of where its customers travel, how long they stay at their destinations, and even where they are located in real-time when using the Uber service.

Reports indicate that the company has coined the term “God View” for its ability to track user movements. The God View enables it to simultaneously view all Uber cars and all customers waiting for a ride in an entire city. When those mesh – the Uber customer enters an Uber car – they company can track movements along city streets.  Uber says that use of the information is strictly limited, yet it would appear that company executives have accessed the data to develop portfolios on some of its users.

In fact, Uber blogged in 2012 about “Rides of Glory”, which it characterized as “anyone who took a ride between 10pm and 4am on a Friday or Saturday night, and then took a second ride from within 1/10th of a mile of the previous nights’ drop-off point 4-6 hours later.” The blog posting identified which cities had the largest number of such rides.

Canadian Uber users can be forgiven for wondering whether the company takes their privacy rights seriously since it does not even have a Canada-specific privacy policy. The Uber website features three privacy policies: one for the United States, one for South Korea, and a global catch-all policy for users in 48 other countries. That approach effectively lumps Canadians into a privacy policy shared by users everywhere from Beirut to Beijing to Bogota.

The policy identifies certain privacy rights (and seeks to bring global users under a European Union privacy umbrella), but does nothing to ensure that it is fully compliant with Canadian privacy law standards. Interestingly, the company does have a Canada-specific user agreement, so the company’s legal rights are designed to comply with Canadian law.

Geo-location privacy is frequently invoked within the context of online marketing, with some concerned about the prospect of being “followed” as they walk down a city street, receiving coupons or real-time offers from nearby stores. Yet the Uber situation provides an important reminder that geo-locational privacy issues extend far beyond just marketing as they allow for tracking and inferences about user behaviour that is not otherwise publicly available.

Providing locational information is a trade-off that many are prepared to make, particularly if backed by privacy rules that safeguard misuse and provide some measure of oversight. In the case of Uber, the failure to develop Canada-specific protections raises serious questions about whether the company sees itself as outside the scope of more than just local taxi regulations.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

The post Why Uber Has a Canadian Privacy Problem appeared first on Michael Geist.

The Spencer Effect: No More Warrantless Access to Subscriber Info With Five Minutes of Police Work

Fri, 2014/11/21 - 10:48

The Canadian Press reports that the RCMP has abandoned some Internet-related investigations because it is unable to obtain warrantless access to subscriber information. The article is based on an internal memo expressing concern with the additional work needed to apply for a warrant in order to obtain access to subscriber information. The changes have arisen due to the Supreme Court of Canada’s Spencer decision, which held that there is a reasonable expectation of privacy in subscriber information. As a result, it is believed that most telecom and Internet providers have rightly stopped voluntary disclosures without a warrant (some have still not publicly stated their disclosure practices).

The article notes how easily subscriber information was disclosed prior to Spencer:

Prior to the court decision, the RCMP and border agency estimate, it took about five minutes to complete the less than one page of documentation needed to ask for subscriber information, and the company usually turned it over immediately or within one day. The agencies say that following the Supreme Court ruling about 10 hours are needed to complete the 10-to-20 pages of documentation for a request, and an answer can take up to 30 days.

The troubling aspect of the story is not that some investigations are being curtailed because law enforcement is now following due process and that telecom providers are requiring a warrant before disclosing subscriber information. It is that for millions of requests prior to Spencer, it took nothing more than five minutes to fill out a form with the information voluntarily released without court oversight and without notifying the affected subscriber.

Moreover, the change in practice points to how the government’s claims that Spencer does not change anything with respect to Bills C-13 and S-4 is simply not credible. Those bills rely heavily on expanding voluntary disclosure at the very time that the approach has been discredited by the courts and abandoned by the telecom and Internet providers.

If the government were serious about providing law enforcement with effective investigative tools, it would drop the emphasis on warrantless voluntary disclosure and rethink its approach to new Internet warrants. As the Privacy Commissioner of Canada argued yesterday at a Senate committee, the threshold for a metadata warrant should be raised consistent with the privacy importance of the information. Meanwhile, the government could explore a new basic subscriber information warrant that would ensure court oversight but allow for access on an expedited basis. By maintaining that Spencer has no effect on its legislative proposals, it leaves everyone unhappy: police do not get the information they need (with appropriate oversight), the public is concerned with the privacy implications of lawful access, and the government’s hand-picked Privacy Commissioner criticizes it for failing to strike the right balance.

The post The Spencer Effect: No More Warrantless Access to Subscriber Info With Five Minutes of Police Work appeared first on Michael Geist.

Choosing Between Privacy and Cyberbullying: My Appearance on Bill C-13 Before the Senate Legal and Constitutional Affairs Committee

Thu, 2014/11/20 - 11:08

Yesterday I appeared before the Senate Committee on Legal and Constitutional Affairs, which is studying Bill C-13, the lawful access/cyberbullying bill. The full transcript of the spirited discussion is not yet available (webcast here), but my opening statement is posted below.

Appearance before the Senate Standing Committee on Legal and Constitutional Affairs, November 19, 2014

Good afternoon. My name is Michael Geist.  I am a law professor at the University of Ottawa, where I hold the Canada Research Chair in Internet and E-commerce Law. I appear today in a personal capacity representing only my own views.

Given the limited time,  I’m going to confine my remarks to three privacy-related issues: immunity for voluntary disclosure, the low threshold for transmission data warrants, and the absence of reporting and disclosure requirements.

First let me emphasize that criticism of lawful access legislation does not mean opposition to ensuring our law enforcement agencies have the tools they need to address crime in the online environment. As Carol Todd, Amanda’s mother, told the House of Commons committee studying C-13, “we should not have to choose between our privacy and our safety.”  Similarly, Sue O’Sullivan, the federal ombuds for victims, told the committee that victims were divided on Bill C-13 due to the privacy concerns.

Immunity for Voluntary Disclosure

First, the creation of an immunity provision for voluntary disclosure of personal information. I believe that this immunity provision must be viewed within the context of five facts:

1.    The Supreme Court of Canada’s Spencer decision confirms that there is a reasonable expectation of privacy in subscriber information and clearly indicates that absent exigent circumstances, disclosures should involve a warrant.
2.    Pre-Spencer, intermediaries disclosed personal information on a voluntary basis without a warrant with shocking frequency. The recent revelation of 1.2 million requests to telecom companies for customer information in 2011 affecting 750,000 user accounts provides a hint of the privacy impact of voluntary disclosures.
3.    Disclosures have involved more than just basic subscriber information.  Indeed, the House of Commons committee studying this bill heard directly from law enforcement, where the RCMP noted that “currently specific types of data such as transmission or tracking data may be obtained through voluntary disclosure by a third party.”
4.    Intermediaries do not notify users about their disclosures, keeping hundreds of thousands of Canadians in the dark. Contrary to some discussion on Bill C-13 this committee heard, there is no notification requirement within the bill nor any auditing mechanism.
5.    This voluntary disclosure provision should also be viewed in concert with the lack of meaningful changes in Bill S-4, that would collectively expand warrantless voluntary disclosure to any organization.

Given this background, I would argue that the provision is a mistake and should be removed. The provision unquestionably increases the likelihood of voluntary disclosures at the very time that Canadians and the courts are increasingly concerned with such activity.  Moreover, it does so with no reporting requirements, oversight, or transparency.

Low Threshold for Transmission Data Warrants

Second, Bill C-13 contains a troubling, lower “reason to suspect” threshold for transmission data warrants. The kind of information sought by transmission data warrants is more commonly referred to as metadata. While some have tried to argue that metadata is non-sensitive information, that is simply not the case.

There has been some confusion regarding how much metadata is included as ‘transmission data’. This is far more than who phoned who for how long. It includes highly sensitive information relating to computer-to-computer links. This form of metadata may not contain the content of the message, but its privacy import is very significant. Late last year, the Supreme Court of Canada ruled in R. v. Vu on the privacy importance of computer generated metadata, noting:

In the context of a criminal investigation, however, it can also enable investigators to access intimate details about a user’s interests, habits, and identity, drawing on a record that the user created unwittingly

Security officials have also commented on the importance of metadata. General Michael Hayden, former director of the NSA and the CIA has stated “we kill people based on metadata.” Stewart Baker, former NSA General Counsel, has said “metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.”

There are numerous studies that confirm Hayden and Baker’s comments.  For example, some studies point to calls to religious organizations that allow for inferences of a person’s religion.  Calls to medical organizations can often allow for inferences on medical conditions. In fact, a recent U.S. court brief signed by some of the world’s leading computer experts notes:

Telephony metadata reveals private and sensitive information about people. It can reveal political affiliation, religious practices, and people’s most intimate associations. It reveals who calls a suicide prevention hotline and who calls their elected official; who calls the local Tea Party office and who calls Planned Parenthood. The aggregation of telephony metadata – about a single person over time, about groups of people, or with other datasets – only intensifies the sensitivity of the information

Further, the Privacy Commissioner of Canada has released a study on the privacy implications of IP addresses, noting how they can be used to develop a highly personal look at an individual.

Indeed, even the Justice ministers report that seems to serve as the policy basis for Bill C-13 recommends the creation of new investigative tools in which “the level of safeguards increases with the level of privacy interest involved.”

Given the level of privacy interest with metadata, the approach in Bill C-13 for transmission data warrants should be amended by adopting the reasonable grounds to believe standard.

Transparency and Reporting

Third, the lack of transparency, disclosure, and reporting requirements associated with warrantless disclosures must be addressed. The stunning revelations about requests and disclosures of personal information – the majority without court oversight or warrant – points to an enormously troubling weakness in Canada’s privacy laws.  Most Canadians have no awareness of these disclosures and have been shocked to learn how frequently they are used and that bills before Parliament propose to expand their scope.  In my view, this makes victims of us all – disclosure of our personal information often without our awareness or explicit consent.

I’ll stop there and welcome your questions.

The post Choosing Between Privacy and Cyberbullying: My Appearance on Bill C-13 Before the Senate Legal and Constitutional Affairs Committee appeared first on Michael Geist.

The Importance of Online Anonymity

Tue, 2014/11/18 - 11:15

Appeared in the Toronto Star on November 15, 2014 as The Importance of Online Anonymity

If you could change or enact one Internet law, what would it be?  For some Canadians, it might be new rules to promote greater competition among Internet providers or increased copyright flexibilities matching the U.S. fair use provision.  For others, it would mean toughening online privacy protection or examining whether Canadian net neutrality rules are sufficient.

When Scott Naylor, a detective inspector with the Ontario Provincial Police was asked the question during a Senate hearing earlier this month on the government’s lawful access legislation, he responded that he would eliminate anonymity on the Internet. Naylor likened Internet access to obtaining a driver’s licence or a marriage licence, noting that we provide identification for many different activities, yet there is no requirement to identify yourself (or be identified) when using the Internet.

While acknowledging that a universal identification system is impractical, he said would ideally like a mandatory digital fingerprint for Internet users that would identify them sitting behind the computer. Naylor’s comments were quickly greeted with support from Conservative Senator Tom McInnis, who lamented the use of assumed names and agreed that identifying the identity of online users would be a good thing.

Law enforcement support for the elimination or erosion of online anonymity is particularly ironic since the Supreme Court of Canada just emphasized its importance in a landmark ruling on Internet privacy. The Spencer decision is best known for affirming that Internet users have a reasonable expectation of privacy in their subscriber information.

The implications of that ruling are that law enforcement officials now have little choice but to obtain a court order to obtain subscriber information from Internet providers. Moreover, Internet providers who were previously willing to voluntarily disclose basic subscriber information without court oversight have abandoned the practice.

While the decision altered the landscape of Internet privacy, it is important to recognize that the court pointed to online anonymity as particularly important in the context of Internet use. In fact, it identifies precisely the kinds of cases of importance to law enforcement as the reason to preserve online anonymity.

For example, it notes that there may be situations where police want the list of names that correspond to identification numbers on a survey. In such situations, “the privacy interest at stake…is not simply the individual’s name, but the link between the identified individual and the personal information provided anonymously.”

Anonymity can create a challenge for law enforcement (though one that is frequently surmountable through digital detective work), but it also plays an important positive role for the police. Anonymous tip lines or information from anonymous individuals are frequently an important source of information for investigators. Eliminating anonymity would run the risk of hampering age-old investigative techniques.

The importance of online anonymity extends far beyond law enforcement, however. Corporate whistleblowers, women in abusive relationships, visible minorities, and a myriad of other people are emboldened by anonymity to speak out in a manner that would otherwise be unavailable if they were forced to identify themselves.

The Supreme Court’s recognition of anonymity as a particularly important component of Internet privacy will not come as a surprise to millions of Internet users to rely upon it to varying degrees to exercise free speech rights and to preserve their privacy. What is surprising – or at least discouraging – is that the OPP and a Canadian Senator would seemingly jump at the chance to bring it to an end.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

The post The Importance of Online Anonymity appeared first on Michael Geist.

Why Does the Ontario Provincial Police Still Not Know What is in the Lawful Access Bill?

Thu, 2014/11/13 - 11:01

Earlier this week, I posted on Ontario Provincial Police comments at the Standing Senate Committee on Legal and Constitutional Affairs hearing on Bill C-13 that were sharply critical of online anonymity.  The same hearing was notable for additional comments from the OPP on the lawful access bill.  The comments, which came in the opening statement, suggest that one of Canada’s largest police forces is simply unaware of the contents of the proposed legislation.

Scott Naylor of the OPP’s opening remarks included:

There is no question that some of the legislation involving technology and communication in Canada is out of date.  Under the current legislation, police can only access the very basic subscriber information – i.e., name, address, telephone number – on a totally ad hoc basis, by production order from service providers.  This means that there is an inconsistent response, which impedes investigations and, in extreme cases, may prolong victimization. Under the proposed legislation, Internet service providers would be compelled to provide this information in a timely fashion and on a consistent basis.  Access to this information would be strictly controlled and limited to law enforcement officials, who would be fully trained in these procedures and subject to auditing and report oversight.  I will repeat – auditing and report oversight.

Here is the problem: Naylor appears to think that Bill C-13 has not changed from Vic Toews’ Bill C-30. Under the lawful access bill, ISPs would not be compelled to disclose subscriber information. Indeed, the mandatory disclosure of subscriber information without a warrant was removed from the bill altogether.  The bill does include incentives for voluntary disclosure, but there are no mandatory disclosure requirements. If the OPP think the bill guarantees consistent disclosure of subscriber information, it is wrong. In fact, the Supreme Court’s Spencer decision means that subscriber information now only comes (except in emergency circumstances) through a court order.

In fact, a different OPP representative said much the same thing to the House of Commons committee hearing on Bill c-13. Operating from the same script, Carson Pardy, Director of Operation for the East Region, stated:

Under the current legislation, police can only access the very basics of subscriber information – name and address, maybe a phone number – on a totally ad hoc basis from Internet service providers. This means there is an inconsistent response which impedes investigations and many times prolongs victimization. Under the proposed legislation, ISPs will be compelled to provide this information in a timely fashion and on a consistent basis. Access to this information will be strictly controlled and limited to law enforcement officials who would be fully trained in these procedures and subject to auditing and/or reporting processes. The outcome will be that the police can quickly and consistently gain access to information that makes a difference to our effectiveness in investigating and preventing criminal activity and victimization.

This means that both the House of Commons and Senate committee studying Bill C-13 have received inaccurate information from law enforcement about the impact of the proposed bill. Moreover, it suggests that the police are supporting a bill that at worst they have not read or at best have misinterpreted.

The post Why Does the Ontario Provincial Police Still Not Know What is in the Lawful Access Bill? appeared first on Michael Geist.

Competition Matters: New Study Supports Government Policy Focused on Fourth Wireless Player

Wed, 2014/11/12 - 11:17

Last year’s explosive battle over the potential entry of wireless giant Verizon into the Canadian market may be a distant memory, but the debate over the state of wireless competition remains very much alive. Industry Minister James Moore has pointed to a modest decline in consumer pricing and complaints as evidence that government policies aimed at fostering a more competitive market are working.

The big three wireless carriers remain adamant that the Canadian market is competitive and that while pricing may be high relative to some other countries, that is a function of the quality of their networks. In other words, you get what you pay for.

There is seemingly no major international entrant on the horizon, but the Canadian Radio-television and Telecommunications Commission is currently grappling with an assortment of policy measures aimed at improving the competitiveness of new entrants and facilitating the development of a more robust market for virtual operators who could enhance consumer choice. Moreover, the government is planning another spectrum auction early next year that would benefit new entrants.

My weekly technology law column (Toronto Star version, homepage version) notes that at the heart of the debate is whether creating a fourth national carrier is a legitimate policy goal or a mirage that will do little to decrease pricing or create market innovation. The major carriers argue that the Canadian market is too small to support a fourth national carrier and that competitiveness is not directly correlated to the number of national operators.

Conversely, the government, supported by independent analysis from the Competition Bureau, believes that more competition is needed given the “market power” wielded by the big three incumbents. The creation of fourth national wireless carrier is often cited as an important target that would alter the competitive dynamic.

The government’s position received a major boost last week with the release of a new study by the Organization for Economic Co-operation and Development, a leading international governmental body that counts most developed economy countries as members. The OECD report focused specifically on whether the number of carriers within member countries is linked to consumer pricing or marketplace innovation.

After reviewing the recent experience in eleven OECD countries, it concluded that a fourth carrier makes a difference. The study finds that with four or more competitors “there is a higher likelihood of more competitive and innovative services being introduced and maintained.”

For example, France and Israel experienced price reductions and the introduction of unlimited usage plans with the entry of a fourth carrier. In the Netherlands, the study finds that the imminent launch of a fourth carrier has led to more competitive consumer offers, including Europe-wide roaming.

The study also identifies other areas where new competitors have had a significant impact on marketplace dynamics. Fourth carriers have often the been source of better international roaming offers, forcing the established players to respond by reducing their own prices or enhancing their plans. Similarly, virtual operators have targeted niche markets by expanding access to pre-paid plans more aggressively than established carriers.

Just as more competition helps, reduced competition can hurt. For example, the study notes that a 2009 Australian merger that decreased the number of wireless competitors has led to less vigorous retail competition.

Notwithstanding fears that new entrants or virtual operators might reduce earnings and thereby the incentives to invest in new networks, the OECD data suggests those concerns are largely unfounded. Reviewing nearly 15 years of data, the study finds that investments in telecommunications networks has remained remarkably stable.

In other words, competition works. This finding will not come as surprise to most observers, but in the contentious world of Canadian telecom, where incumbents seemingly fear the prospect of new competitors as much as actual competition, the OECD report provides yet another reason for the government to maintain its policy approach and for the CRTC use its regulatory powers to foster a more competitive marketplace.

The post Competition Matters: New Study Supports Government Policy Focused on Fourth Wireless Player appeared first on Michael Geist.

Net Neutrality and Netflix Taxes: The Tension Between Government and Regulatory Agencies on Digital Policy

Tue, 2014/11/11 - 10:26

U.S. President Barack Obama yesterday came out strongly in favour of net neutrality, urging the U.S. Federal Communications Commission to uphold core net neutrality principles. Obama’s comments were unsurprisingly welcomed by net neutrality activists throughout the U.S., though some caution that the ultimate decision still lies with the regulatory agency. Obama focused on the need for greater transparency along with rules to ensure no blocking, throttling, and paid prioritization. I wrote earlier this year on how Canada passed net neutrality regulations (termed Internet traffic management practices) in 2009, which address many of the issues raised by Obama.

Obama’s decision to wade into the net neutrality debate highlights how politicians can no longer simply avoid telecom, broadcast, and Internet issues by claiming that the matter is solely for regulators to determine. Policy issues such as net neutrality and Internet regulation have profound importance for millions and we should not be content to leave the issue exclusively to unelected regulators (no matter transparent their processes).

The question of the appropriate role for politicians on policies being considered by regulators has attracted attention on both sides of the border. For example, the involvement of elected officials in telecom and Internet policy captured headlines in Canada in September when the federal government declared that it would not support a “Netflix tax” as an outcome from the CRTC’s TalkTV hearings. The Netflix issues comes in the aftermath of a “mandate letter” to the CRTC on the appointment on CRTC Chair Jean-Pierre Blais that identified top priorities as well as active involvement on issues such as usage based billing.

The public comments on the Netflix tax sparked a backlash from some opposition parties, who claimed the government was “playing politics” with the CRTC. Blais was also clearly unhappy with the interventions both during the hearing and in the weeks that followed. Last Friday, he delivered a talk in Vancouver in which he pointedly criticized outside commentary and emphasized that CRTC decisions would only be based on the evidence raised in submissions and during the hearing.

Blais suggested that government comments will have no impact on the outcome of the policy process, which seems somewhat unrealistic. An independent agency must obviously be free to make its own decisions, but the notion that governmental comments – whether President Obama’s on net neutrality in the U.S. or the Canadian government’s on Netflix here – can be ignored because they are not offered directly through the formal policy process only breeds further uncertainty since it is elected officials, not regulators, that ultimately have the final say on these matters. Indeed, much of the recent criticism appears to be an effort to mask criticism with the substance of policies by focusing on process. There is a danger that politicians can overstep the boundaries with independent agencies, but digital policies are too important to be left solely to the CRTC or FCC.

The post Net Neutrality and Netflix Taxes: The Tension Between Government and Regulatory Agencies on Digital Policy appeared first on Michael Geist.

Competition Matters: New Study Supports Government Policy Focused on Fourth Wireless Player

Tue, 2014/11/11 - 09:38

Appeared in the Toronto Star on November 8, 2014 as Why Canada Needs a Fourth Wireless Player

Last year’s explosive battle over the potential entry of wireless giant Verizon into the Canadian market may be a distant memory, but the debate over the state of wireless competition remains very much alive. Industry Minister James Moore has pointed to a modest decline in consumer pricing and complaints as evidence that government policies aimed at fostering a more competitive market are working.

The big three wireless carriers remain adamant that the Canadian market is competitive and that while pricing may be high relative to some other countries, that is a function of the quality of their networks. In other words, you get what you pay for.

There is seemingly no major international entrant on the horizon, but the Canadian Radio-television and Telecommunications Commission is currently grappling with an assortment of policy measures aimed at improving the competitiveness of new entrants and facilitating the development of a more robust market for virtual operators who could enhance consumer choice. Moreover, the government is planning another spectrum auction early next year that would benefit new entrants.

At the heart of the debate is whether creating a fourth national carrier is a legitimate policy goal or a mirage that will do little to decrease pricing or create market innovation. The major carriers argue that the Canadian market is too small to support a fourth national carrier and that competitiveness is not directly correlated to the number of national operators.

Conversely, the government, supported by independent analysis from the Competition Bureau, believes that more competition is needed given the “market power” wielded by the big three incumbents. The creation of fourth national wireless carrier is often cited as an important target that would alter the competitive dynamic.

The government’s position received a major boost this week with the release of a new study by the Organization for Economic Co-operation and Development, a leading international governmental body that counts most developed economy countries as members. The OECD report focused specifically on whether the number of carriers within member countries is linked to consumer pricing or marketplace innovation.

After reviewing the recent experience in eleven OECD countries, it concluded that a fourth carrier makes a difference. The study finds that with four or more competitors “there is a higher likelihood of more competitive and innovative services being introduced and maintained.”

For example, France and Israel experienced price reductions and the introduction of unlimited usage plans with the entry of a fourth carrier. In the Netherlands, the study finds that the imminent launch of a fourth carrier has led to more competitive consumer offers, including Europe-wide roaming.

The study also identifies other areas where new competitors have had a significant impact on marketplace dynamics. Fourth carriers have often the been source of better international roaming offers, forcing the established players to respond by reducing their own prices or enhancing their plans. Similarly, virtual operators have targeted niche markets by expanding access to pre-paid plans more aggressively than established carriers.

Just as more competition helps, reduced competition can hurt. For example, the study notes that a 2009 Australian merger that decreased the number of wireless competitors has led to less vigorous retail competition.

Notwithstanding fears that new entrants or virtual operators might reduce earnings and thereby the incentives to invest in new networks, the OECD data suggests those concerns are largely unfounded. Reviewing nearly 15 years of data, the study finds that investments in telecommunications networks has remained remarkably stable.

In other words, competition works. This finding will not come as surprise to most observers, but in the contentious world of Canadian telecom, where incumbents seemingly fear the prospect of new competitors as much as actual competition, the OECD report provides yet another reason for the government to maintain its policy approach and for the CRTC use its regulatory powers to foster a more competitive marketplace.

Michael Geist holds the Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, Faculty of Law. He can be reached at mgeist@uottawa.ca or online at www.michaelgeist.ca.

The post Competition Matters: New Study Supports Government Policy Focused on Fourth Wireless Player appeared first on Michael Geist.