Feed aggregator

Coming to SLC and PDX


I'm heading to Salt Lake City this week for Westercon, followed by an appearance at the SLC Library on Monday. Next week, I'll be in PDX for three library gigs: Beaverton, Tigard, and Hillsboro. See you there!

Keep Calm and Get Consent: Canada's Anti-Spam Law Takes Effect This Week

Michael Geist Law RSS Feed - Mon, 2014/06/30 - 02:48
Canada's anti-spam legislation takes effect this week, sparking panic among many businesses, who fear that sending commercial electronic messages may grind to a halt on July 1st. The reality is far less troubling. The new law creates some technical requirements for commercial email marketing alongside tough penalties for violations, but left unsaid is that Canadian law has featured rules requiring appropriate consents for over a decade.

My weekly technology law column (Toronto Star version, homepage version)The concern over the new anti-spam law, which mirrors similar worries from 2004 when private sector privacy legislation arrived, suggests that many may not have complied with their existing obligations. As Canadians receive a flood of requests for consent from long-forgotten organizations they never realized had collected and used their personal information in the first place, the controversy over the rollout of the new anti-spam law says more about poor compliance rates with current privacy laws than it does about the new regulations.


PIPEDA already requires organizations to obtain user consent, allow users to withdraw their consent, and provide the necessary contact information to do so. Compliance with the new anti-spam law (CASL) involves much the same obligations since the three primary requirements involving obtaining user consent, providing an unsubscribe mechanism, and maintaining accessible contact information. 

So why has the new anti-spam law caused such an uproar?  Three reasons: a shift in approach on consents, the confusion that comes from trying fit into the myriad of exceptions contained in the law, and fear of tough new penalties.

The biggest substantive change in the law comes from the requirement for express consent. Express consent requires disclosing the purposes for why consent is being requested and identifying who is seeking consent. This represents a significant change from current practice, where businesses have frequently relied upon "implied" consent for their use of personal information.

The reality is that users were often unaware that their information was being collected, used, and even disclosed for commercial purposes. The terms were often buried in legal agreements that few bothered to read or presented alongside confusing negative option check boxes that left many bewildered as to whether they needed to check or uncheck the box in order to avoid more email marketing.

Yet business relied upon these approaches to claim they had obtained the necessary implied consent. The shift to express consent represents an important change that has forced many businesses to directly request consent from their users for the first time (if a business already has express consent there is no need to ask again). Those arguing that the new law will have little impact on spam miss the point: the law is shifting privacy expectations in how our information is collected and used.

Given the fears associated with seeking express consent, many businesses are seeking to rely upon exceptions contained in the law. There are many exceptions in CASL with everything from most business-to-business emails to Twitter direct messages excluded. Yet reliance on exceptions creates an assortment of complications that many businesses are finding difficult and has become another source of concern. The exceptions require a close reading and some interpretations, but it is should be remembered that businesses can always seek express consent and avoid the issue altogether.

The third major concern involves the consequences for failing to comply with the law. Failure to comply with the current privacy law results in little more than a non-binding finding from the Privacy Commissioner of Canada with practically no likelihood of financial penalties. On the other hand, CASL's penalties are significant with the maximum penalty set at $1 million per violation for an individual and $10 million per violation for a business (despite fears of massive penalties for a single slip-up, warnings are far more likely than penalties).

The law also includes a three-year transition period that ensures that as long as an organization already has implied consent, it has until 2017 to upgrade to an express consent. Email marketing will not stop on Canada Day, but the arrival of the anti-spam law after a decade of debate does mean that Canadians are being meaningfully asked for the first time if they give consent to the collection, use and disclosure of their personal information, a change in approach that seems well worth celebrating.

A step toward government transparency

Google Public Policy BLOG - Fri, 2014/06/27 - 13:01
Posted by Richard Salgado, Director Law Enforcement and Information Security

Last year, President Obama directed the Intelligence Community to be more transparent about government surveillance programs, which led to a promise by the Office of the Director of National Intelligence to release a transparency report concerning national security orders it issues on an annual basis. Today, the U.S. government released its first transparency report containing statistics around national security orders for user data to Internet and telecom companies. This is a step in the right direction of increasing trust in both government and Internet services, and it demonstrates again that governments can embrace transparency while protecting national security. We applaud this first step, and strongly encourage other countries to follow suit, though there is still more to be done.

First, the government reports in a manner that makes it impossible to compare its report with the report of companies, such as the Google Transparency Report. Specifically, the government has chosen to disclose an estimated number of “targets” that it has surveilled, rather than the number of “accounts” at issue. This means that where the “target” is an organization composed of many people, and the government uses FISA to require disclosure of information from many different providers about the many accounts used by those people, covering a broad array of services, it may only report that there was one target. By contrast, in our methodology, and that used by other companies, we each would count the number of accounts impacted by a particular surveillance request. The government could provide more meaningful transparency by specifying the number of accounts too.

Second, we would like to see the federal government report on its national security demands with more information about the targets than it does today. Companies like Google can only provide a limited snapshot of how national security authorities are used. The Department of Justice, however, can provide a complete picture. To that end, we support legislation proposed by Senator Franken in August of 2013 that would mandate that the U.S. government release statistics around the number of both citizens and non-citizens whose information is collected and the scale and scope of the search and review of that data.

Finally, we gave early support for USA Freedom Act provisions which would allow companies to provide greater detail about the volume, scope, and type of national security demands that we ourselves receive for user data. Last month, the House version of the USA Freedom Act made improvements on the terms set out by the Department of Justice, and we hope that the Senate paves the way for companies to share more details about the national security demands that we receive.

I’m excited to see how far this debate has come; a year ago almost no one would have imagined that the federal government would release data about its national security demands to companies. These steps show that national security and transparency for the public are not in competition. We also hope that governments around the world will follow the lead of the U.S. government and be more open about the national security demands they serve on service providers and put out comparable transparency reports. Congress, and other governments around the world, should build on these steps.

Should Canadian Courts Decide What the World Gets to See Online?

Michael Geist Law RSS Feed - Fri, 2014/06/27 - 10:13
The challenge of jurisdiction and the Internet has long been one of the most contentious online legal issues. Given that the Internet has little regard for conventional borders, the question of whose law applies, which court gets to apply it, and how it can be enforced is seemingly always a challenge.  

Striking the right balance can be exceptionally difficult: if courts are unable to assert jurisdiction, the Internet becomes a proverbial “wild west” with no applicable law. Conversely, if every court asserts jurisdiction, the Internet becomes over-regulated with a myriad of potentially conflicting laws vying to govern online activities.

My weekly technology law column (Toronto Star version, homepage version) notes that in recent years, courts in many countries have adopted a reasonable balance where they are willing to assert jurisdiction over online activities or companies where there is a “real and substantial” connection, but they limit the scope of enforcing their rulings to their own jurisdiction.  In other words, companies cannot disregard local laws where they operate there, but courts similarly should not disregard the prospect of conflicting rules between different countries.


For example, the recent European Court of Justice decision on the “right to be forgotten”, which requires Google to remove links to certain content, is based on European privacy law and is limited in application to the European Union.

Earlier this month, the Supreme Court of British Columbia confronted a similar issue – whether it could assert jurisdiction over Google and how far to extend its order to remove links from the search giant’s index – but adopted a far more aggressive approach. Rather than ordering Google to remove certain links from the search results available through Google.ca, the order intentionally targets the entire database, requiring the company to ensure that no one, anywhere in the world, can see the search results.

The case involves a Canadian company that claims that another company used its trade secrets to create a competing product along with "bait and switch" tactics to trick users into purchasing their product. The defendant company had been the target of several court orders demanding that it stop selling the copied product on their website. Google voluntarily removed search results for the site from Google.ca search results, but was unwilling to block the sites from its worldwide index.

The court was concerned that a Canada-only order would be ineffective since Canadians could still access links to the site if they switched from Google.ca to a different country site such as Google.com. Yet even with a global court order, Canadians could still use competing search engines to find the same information. Moreover, that same order blocks content in countries where there was presumably no awareness of the competing site and no commercial impact.

More troubling are the broader implications of the ruling, since if a Canadian court has the power to limit access to information for the globe, presumably other courts do as well. While the court does not grapple with this possibility, what happens if a Russian court orders Google to remove gay and lesbian sites from its database? Or if a Saudi Arabian court orders it remove Israeli sites from the index? The possibilities are endless since local rules of freedom of expression often differ from country to country.

The ruling provides the sense that the court felt that its reach needed to match Google's global footprint. While there is much to be said for asserting jurisdiction over Google - if it does business in Canada, then Canadian law should apply - attempts to extend blocking orders to a global audience could lead to a run on court orders that target the company's global search results.

That would leave two possible problematic outcomes: Google would selectively decide which court orders it wishes to follow or local courts would begin deciding what the rest of the world can access online. Either way, the overreach of the B.C. court could lead to legal conflicts online and potential suppression of freedom of speech on the Internet.

Update on Anti-Patent-Troll Laws

IPBlog (Calgary) - Thu, 2014/06/26 - 16:00
By Richard Stobbe Yesterday draft "anti-patent-troll" legislation was put forward in Washington. This is part of a ground swell of opposition to illegitimate patent demand letters from so-called patent assertion entities (PAEs), or "patent trolls". This draft legislation, according to the sponsor of the proposed bill, "increases transparency and accountability to ...

The Canadian Anti-Spam Law Panic: Same As It Ever Was

Michael Geist Law RSS Feed - Thu, 2014/06/26 - 07:35
As the Canadian media reports on the panic associated with the new anti-spam law set to take effect next week, consider the following from Macleans titled "Few Companies Prepared for New Privacy Law":

The new law..says organizations can only collect personal information for a stated reason - and can use it only for that purpose. Among others things, that means a company that supplies a service can't sell its list of subscribers to another company's marketing department. Individuals must be informed, and give their consent, before personal information is collected, used or disclosed..But most firms are unaware of the new law."

The article continues by noting that "there's confusion over which organizations might be exempt" and that "there is no grandfather clause - all existing customer information needs to be compliant." The message is similar in a Globe and Mail article titled "Many small firms not ready for privacy rules", which also notes the possibility of a constitutional challenge. An IT World Canada reiterates that concern in its coverage:

most Canadian organizations are not aware of the [law]. And very few are prepared to comply.

What makes these articles noteworthy is that none involve CASL. Instead, they all date from 2004, when the current private sector privacy law (PIPEDA) was about to take effect. Then, as now, there was ominous warnings about how ill-prepared Canadian business was to address their privacy law obligations. Yet as I noted in my post on complying with the new anti-spam law:

For any organization that already sends commercial electronic messages, they presumably comply with PIPEDA, the private sector privacy law, that requires organizations to obtain user consent, allow users to withdraw their consent, and provide the necessary contact information to do so.  Compliance with the new anti-spam law (CASL) involves much the same obligations. While there are certainly some additional technical requirements and complications (along with tough penalties for failure to comply), the basics of the law involve consent, withdrawal of consent (ie. unsubscribe), and accessible contact information.

While CASL does create some new obligations, what is not new is the claims that business is unaware and unprepared to address their privacy law obligations.

Re: Why Canada’s anti-spam legislation is creating so much spam

Russell McOrmond on Disqus - Wed, 2014/06/25 - 05:02

Interesting the Entertainment Software Association of Canada is mentioned in this one as well. The anti-SPAM law also had anti-malware provisions, and these bad actors continue to ask for the legally protected "right" to install software on our computers without our informed consent. Nasty stuff, and glad the government is finally outlawing this extremely harmful practise. As we use our computers in more and more aspects of our lives, ensuring that they are under the control of their owners and not unauthorized third parties becomes even more critical.

Given the economic and other costs of SPAM to our communications systems, I believe the minimal transitional training hardship for businesses (for-profit or non-profit) to conform to what should have been common courtesy are well worth it. Just because you are non-profit doesn't give you some right to abuse our common communications systems, and just because you use volunteers doesn't mean those volunteers shouldn't be trained. There are many things that volunteers need training on in order to not cause harm to themselves and others, and it is about time that training against the abuse of communications systems becomes added to the common courtesy understanding by everyone who uses email.

API Copyright Update: Oracle wins this round

IPBlog (Calgary) - Mon, 2014/06/23 - 14:00
By Richard Stobbe The basic question "are APIs eligible for copyright protection?" has consumed much analysis (and legal fees) during the lawsuit between Oracle and Google, which started in 2010. (For more reading on our long-running coverage of the long-running Oracle vs. Google patent and copyright litigation, see below.) The basic premise ...

Podcast: How Amazon is holding Hachette hostage

Here's a reading (MP3) of my latest Guardian column, How Amazon is holding Hachette hostage, which examines how Hachette's insistence on DRM for their ebooks has taken away all their negotiating leverage with Amazon, resulting in Amazon pulling Hachette's books from its catalog in the course of a dispute over discounting:

Under US law (the 1998 Digital Millennium Copyright Act) and its global counterparts (such as the EUCD), only the company that put the DRM on a copyrighted work can remove it. Although you can learn how to remove Amazon's DRM with literally a single, three-word search, it is nevertheless illegal to do so, unless you're Amazon. So while it's technical child's play to release a Hachette app that converts your Kindle library to work with Apple's Ibooks or Google's Play Store, such a move is illegal.

It is an own-goal masterstroke. It is precisely because Hachette has been so successful in selling its ebooks through Amazon that it can't afford to walk away from the retailer. By allowing Amazon to put a lock on its products whose key only Amazon possessed, Hachette has allowed Amazon to utterly usurp its relationship with its customers. The law of DRM means that neither the writer who created a book, nor the publisher who invested in it, gets to control its digital destiny: the lion's share of copyright control goes to the ebook retailer whose sole contribution to the book was running it through a formatting script that locked it up with Amazon's DRM.

The more books Hachette sold with Amazon DRM, the more its customers would have to give up to follow it to a competing store.

MP3

after Marrakesh

Fair Duty by Meera Nair - Mon, 2014/06/23 - 10:59

June 28 marks the one year anniversary of the completion of a diplomatic conference to facilitate access to published works for blind, visually impaired and print disabled people. Known as the Marrakesh Treaty, its purpose is to address the book famine that currently exists with respect to anyone of limited reading capability, by: (i) facilitating creation of appropriately formatted materials with the use of exceptions to copyright; and (ii) allowing countries to share materials, thereby reducing costs all round. Hailed as the Miracle in Marrakesh, it is the first multilateral treaty on limitations and exceptions to copyright, and gives credence to the view that negotiation among stakeholders is possible.

But no one had any expectation that the treaty would move forward smoothly. (Some of my earlier coverage is here and here). Prior to last year’s conference, Tatiana Sinodinou posted a detailed assessment of the situation; reminding us that these negotiations began more than thirty years earlier, when UNESCO and WIPO jointly created a working group to examine the possibilities for enhancing access to copyrighted material for those handicapped by visual or auditory limitations.

Sinodinou eloquently captured the tension of what lay ahead: “… The road to Marrakesh is open but is not paved with roses and the outcome of the negotiations is awaited with both hope and reservations.” Given that history, the cooperation found a year ago was worthy of attribution to the miraculous. But tangible benefit is yet to be had; the miracle may give way to mirage if concerted action is not taken.

With the treaty language adopted on 27 June 2013, delegates were invited to sign the treaty on 28 June 2013 and agree to:

… to introduce a standard set of limitations and exceptions to copyright rules in order to permit reproduction, distribution and making available of published works in formats designed to be accessible to [blind, visually impaired and print disabled persons] and to permit exchange of these works across borders by organizations that serve those beneficiaries …

Fifty-one countries immediately obliged. Over the past year, sixteen others signed. And this morning came the welcome news that Australia, Finland, Ireland and Norway have also signed.

PHOTO: Australia, Finland, Ireland & Norway sign “books for blind” Marrakesh Treaty – http://t.co/ZRjpR5EBoq pic.twitter.com/cPVTduhFIu

— WIPO (@WIPO) June 23, 2014

Canada’s absence of support is glaring, particularly given the role Canada purportedly played in negotiating the treaty; see Sara Bannerman’s remarks here and Michael Geist’s remarks here.

Geist points out that Canadian law will only need minor modification and that the Federal Government could make such changes during the upcoming scheduled review of Canadian copyright law in 2017. But, he also writes:

The biggest change would likely come from the need to establish an entity that would facilitate, promote, and disseminate accessible format copies of work and exchange information with other countries about accessible works. In other words, the treaty would require Canada to invest in improving access for the blind.

Fortunately, CELA might serve that need. Officially launched on 1 April 2014, with a formal debut at the Canadian Library Association’s National Conference on 29 May 2014, the Centre for Equitable Library Access (CELA) is a non-profit organization that serves Canadians with print disabilities. Supported by the Canadian Urban Libraries Council and the Canadian National Institute for the Blind, CELA already has 600 member libraries across Canada. Among the services provided by CELA are:

- A broad choice of formats including audio, braille, e-text and described video
- Access to a growing collection of over 230,000 alternate format items including books, magazines, newspapers and described videos
- A broad selection of genres: fiction, non-fiction, poetry, children’s, young adult, business, self-help, poetry and more
- A choice of delivery options: Direct download to computer, handheld devices and DAISY player; CD and braille mailed to home
- Training and expertise on accessibility

Of course, this only makes it more perplexing that our government is holding back on signing the treaty.

On a brighter note; Israel, which is not yet among the list of signatories, nevertheless amended its copyright law expressly to comply with the treaty requirements. At Israel Technology Law, Eli Greenbaum writes that the Israeli implementation exceeds the minimum standards required. (Hopefully, ratification is forthcoming quickly.) And it appears that India had planned to ratify the treaty by now; in his coverage last month for SpicyIP, Swaraj Paul Barooah writes: “G.R. Raghavender, Registrar of Copyrights, has stated that the ratification is expected by the end of May, 2014.” (Perhaps the election delayed the plans, but the new Indian government intends to act quickly?)

Until twenty countries ratify the treaty, and none have done so yet, the treaty cannot have force. In a lecture given at the Berkman Center on 23 April 2014, Justin Hughes, (chief negotiator for the United States for the Marrakesh Treaty) was unequivocal that much more needs to be done:

The real policy goal, the real thing we should care about is getting educational/cultural/informational materials into the hands of persons with print disabilities. And when you sign the treaty, you haven’t succeeded.

This journey is far from over; the road did not stop at Marrakesh.

 

More reading:

Explanatory notes, courtesy of World Blind Union.
User Guide to The Marrakesh Treaty, prepared by Jonathan Band.
The 1982 WIPO/UNESCO report is available at Knowledge Ecology International.

 

Update July 1  India becomes the first country to ratify the Marrakesh Treaty (dated to June 30, 2014)

 

 

 


My talk at the Edinburgh Publishing Conference

Here's my talk at last week's Edinburgh Publishing Conference, called "Information Doesn't Want to Be Free."

How Hachette made the rope that Amazon is hanging it with


In my latest Guardian column, "How Amazon is holding Hachette hostage," I discuss the petard that the French publishing giant Hachette is being hoisted upon by Amazon. Hachette insisted that Amazon sell its books with "Digital Rights Management" that only Amazon is allowed to remove, and now Hachette can't afford to pull its books from Amazon, because its customers can only read their books with Amazon's technology. So now, Hachette has reduced itself to a commodity supplier to Amazon, and has frittered away all its market power. The other four major publishers are headed into the same place with Amazon, and unless they dump DRM quick, they're going to suffer the same fate.

Under US law (the 1998 Digital Millennium Copyright Act) and its global counterparts (such as the EUCD), only the company that put the DRM on a copyrighted work can remove it. Although you can learn how to remove Amazon's DRM with literally a single, three-word search, it is nevertheless illegal to do so, unless you're Amazon. So while it's technical child's play to release a Hachette app that converts your Kindle library to work with Apple's Ibooks or Google's Play Store, such a move is illegal.

It is an own-goal masterstroke. It is precisely because Hachette has been so successful in selling its ebooks through Amazon that it can't afford to walk away from the retailer. By allowing Amazon to put a lock on its products whose key only Amazon possessed, Hachette has allowed Amazon to utterly usurp its relationship with its customers. The law of DRM means that neither the writer who created a book, nor the publisher who invested in it, gets to control its digital destiny: the lion's share of copyright control goes to the ebook retailer whose sole contribution to the book was running it through a formatting script that locked it up with Amazon's DRM.

The more books Hachette sold with Amazon DRM, the more its customers would have to give up to follow it to a competing store.

How Amazon is holding Hachette hostage

(Image: Noose, Old Austin County Jail, Bellville, Texas 0130101348BW, Patrick Feller, CC-BY)

Supreme Court issues unanimous decision in Alice Corp. v. CLS Bank

SFLC News Releases - Thu, 2014/06/19 - 17:51
Supreme Court issues unanimous decision in Alice Corp. v. CLS Bank

Say Anything: The Government's Response to its Disintegrating "Privacy" Reform Strategy

Michael Geist Law RSS Feed - Thu, 2014/06/19 - 03:48
The Supreme Court of Canada's Spencer decision is still only a few days old, but it has become clear that the ruling has left the government's privacy and lawful access strategy in tatters. I've posted earlier on how the decision - which held that Canadians have reasonable expectation of privacy in their subscriber information and that voluntary disclosure of such information to the police constitutes an unlawful search - blows away the government's plans for Bills C-13 and S-4 by contradicting longstanding government policy positions.

While there are options for the government to establish reforms that are consistent with the court ruling and that would grant police the access they say they need, government ministers have instead adopted a rather bizarre response of saying anything, no matter how inconsistent with prior positions, the court's analysis, or public comments from authorities such as the Privacy Commissioner of Canada. There is admittedly a track record for this: Conservatives have dismissed privacy concerns from Carole Todd, the Boys and Girls Club of Canada, the Privacy Commissioner of Canada, and many more. Further, the Conservative leader in the Senate claims Spencer has "no impact whatsoever" on Bill S-4. 


However, the inconsistencies or misleading comments from government ministers takes this to another level. The government's brief to the Supreme Court of Canada in the Spencer case states:

does a person enjoy a reasonable expectation of privacy in subscriber information? Put another way, should the police have to get judicial authorization to determine the physical address of an internet connection and the subscriber's name before they apply for judicial authorization to search that physical address? The answer to those questions must be "no", for the subscriber information sought says nothing more than that a person or company has an internet link.

Justice Minister Peter MacKay argued in favour of voluntary disclosure in the House of Commons when moving that Bill C-13 be read a second time:

organizations would still be bound by the Personal Information Protection and Electronic Documents Act, something known as PIPEDA, which makes it clear that an organization is entitled to voluntarily disclose personal information to the police, without the consent of the person to have the information relayed.

The court responded directly to these positions in Spencer:

in the totality of the circumstances of this case, there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous. A request by a police officer that an ISP voluntarily disclose such information amounts to a search.

Yet how does MacKay now characterize the decision? On Tuesday, he argued that the case confirms what the government has said all along:

The Supreme Court's decision actually confirms what the government has said all along, that Bill C-13's proposals regarding voluntary disclosures do not provide legal authority for access to information without a warrant.

On Wednesday, he doubled down by quoting from the Spencer decision:

let us look at the actual Supreme Court decision, paragraph 73. It is a declaratory provision that confirms the existing common law powers of police officers to make enquiries as indicated by the fact that the section begins with the phrase “for a greater certainty”. That is exactly what we have been saying. It is the same provision of Bill C-13.

Yet anyone who reads paragraph 73 will know that MacKay references only the first half of the paragraph.  Read in its entirety, the court argues the opposite:

With respect, I cannot accept that this conclusion applies to s. 7(3) (c.1)(ii) of PIPEDA .Section 487.014(1)  is a declaratory provision that confirms the existing common law powers of police officers to make enquiries, as indicated by the fact that the section begins with the phrase “[f]or greater certainty”: see Ward, at para. 49. PIPEDA  is a statute whose purpose, as set out in s. 3 , is to increase the protection of personal information. Since in the circumstances of this case the police do not have the power to conduct a search for subscriber information in the absence of exigent circumstances or a reasonable law, I do not see how they could gain a new search power through the combination of a declaratory provision and a provision enacted to promote the protection of personal information.

MacKay is not alone in engaging in creative interpretations. Daniel Therrien, the new Privacy Commissioner who was just appointed by the Conservatives, gave an interview to the Globe and Mail this week , in which he said that Bills C-13 and S-4 should be reviewed in light of the Spencer decision. Within hours, Industry Minister James Moore responded to a question on twitter about warrantless disclosure by stating that the Privacy Commissioner supports the bill.

Use of ADR in Technology Transactions

IPBlog (Calgary) - Wed, 2014/06/18 - 12:00
By Richard Stobbe A recent WIPO Survey assessed the use of alternative dispute resolution (ADR) clauses in various technology transactions, and the results make for interesting reading for anyone who is in the business of negotiating technology deals. The goal of the survey was to establish trends in the use of ADR ...

A significant milestone for digital due process

Google Public Policy BLOG - Wed, 2014/06/18 - 11:28
Posted by David Lieber, Senior Privacy Policy Counsel 

Although the recent debate around government surveillance has focused on the reach of the National Security Agency (NSA) and the Foreign Intelligence Surveillance Act (FISA), we have long supported efforts to update the Electronic Communications Privacy Act (ECPA) so that the government must obtain a warrant to require a provider to disclose content stored with the provider. 

The ongoing campaign to update ECPA reached a significant milestone today. For the first time, a majority of Members in the U.S. House of Representatives have gone on record to support bipartisan legislation (H.R. 1852) sponsored by Representatives Yoder (R-KS), Graves (R-GA), and Polis (D-CO) that would create a bright-line, warrant-for-content rule for electronic communications. 

This common-sense reform is long overdue. While well-intentioned when enacted in 1986, ECPA no longer reflects users’ reasonable expectations of privacy. For example, an email may receive more robust privacy protections under ECPA depending on how old it is, whether it has been opened, and where it is stored — while users attach no importance to these distinctions. The Department of Justice itself has acknowledged that there is no principled reason for this rule. 

In 2010, a federal appeals court said that ECPA itself is unconstitutional to the extent that it authorizes the government to obtain the content of emails without a warrant. Google agrees with the court that the Fourth Amendment requires that the government issue a search warrant to compel a provider to disclose the content of communications that a user stores with a provider. 

Congress should send a clear message about the limits of government surveillance by enacting legislation that would create a bright-line, warrant-for-content standard. Now that a majority has gone on record to support this common sense update, we once again urge Congress to expeditiously pass legislation to update ECPA.

Why Has Canada Still Not Signed the WIPO Copyright to Support the Blind?

Michael Geist Law RSS Feed - Wed, 2014/06/18 - 04:13
Countries from around the world last year reached agreement on a landmark copyright treaty designed to improve access to works for the blind and visually impaired. As the first copyright treaty focused on the needs of users, the success was quickly billed the "Miracle in Marrakesh" (the location for the final round of negotiations) with more than 50 countries immediately signing the treaty.

The pact, which was concluded on June 27, 2013, established a one-year timeline for initial signatures, stating that it was "open for signature at the Diplomatic Conference in Marrakesh, and thereafter at the headquarters of WIPO [the World Intellectual Property Organization] by any eligible party for one year after its adoption."

My weekly technology law column (Toronto Star version, homepage version) notes that in the months since the diplomatic conference, 67 countries have signed it. The list of signatories includes most of Canada's closest allies, including the United States, European Union, United Kingdom, and France. The major developing economies such as Brazil, China, and India have also signed the agreement. Curiously absent from the list of signatories, however, is Canada.

The issue was raised in the House of Commons by NDP MP Peggy Nash, leading to the following exchange with Industry Minister James Moore:


Nash: Mr. Speaker, over 90% of published materials are simply not accessible to blind and visually impaired Canadians. The Marrakesh treaty on copyright seeks to fix this problem. Sixty-seven countries have signed on, including the EU, U.K., India, and China, but not Canada. The Conservatives left these measures out of their proposed copyright changes. The treaty's deadline is June 27. Will the Conservatives do the right thing and sign this treaty so we can improve access for visually impaired Canadians?

Moore: Mr. Speaker, of course our government has taken the lead with our Copyright Modernization Act. In fact, just today we put in place the notice regime to further modernize our copyright regime in this country. With regard to those who are perceptually disabled, my colleague should know very well that when we put together the Copyright Modernization Act, we worked with the Canadian National Institute for the Blind and others. Of course, we are more than willing to look at ways to improve our copyright legislation to ensure that all Canadians recognize that their needs are met in Canadian law.

In other words, when asked specifically why Canada has yet to sign the treaty, Moore refused to provide a direct answer.

Canada's failure to sign the treaty is particularly surprising given the important role it reportedly played in facilitating a deal. Reports from Marrakesh indicated that Canada worked to find common ground and helped craft the final agreement. Moreover, from both policy and legal perspectives, supporting the treaty would appear to be a proverbial no-brainer.

The treaty expands access for the blind by facilitating the export of works to the more than 300 million blind and visually impaired people around the world, which is needed since only a tiny percentage of books are ever made into accessible formats. Further, it restricts digital locks from impeding access, by permitting the removal of technological restrictions on electronic books for the benefit of the blind and visually impaired.

The treaty would require few changes to Canadian law. The basic requirements of the treaty are an exception or limitation in national law that permits the creation of accessible format copies for the blind or visually impaired without permission of the copyright holder as well as a scheme to permit the cross-border exchange of qualifying copies.

Canada already has an exception in national law relating to persons with perceptual disabilities. The current exception is not identical to the treaty requirements and would need some modest tweaking to comply with the new international standard.

The biggest change would likely come from the need to establish an entity that would facilitate, promote, and disseminate accessible format copies of work and exchange information with other countries about accessible works. In other words, the treaty would require Canada to invest in improving access for the blind.

Given the narrow goals of promoting greater access for the visually impaired, signing the treaty should be relatively uncontroversial. Indeed, while both the U.S. and European Union expressed some concerns during the negotiation process, both are now signatories.

With a copyright review planned for 2017, Canada could sign the treaty now with the expectation of incorporating the necessary reforms as part of the next reform process. Alternatively, there are several bills currently before the House of Commons that involve intellectual property issues that could be amended to include the necessary changes.

Regardless of what legislative approach is adopted, the first step is for Canada to sign the treaty before the June 27th deadline. Failure to become part of the initial group of signatories would raise troubling questions about why the government was unwilling to take a strong stand in favour of the rights of the blind and visually impaired in Canada.

Harper Government announces last step implimenting C-11

Digital Copyright Canada BLOG - Tue, 2014/06/17 - 15:30

In a press release, the Harper Government Announces the Coming into Force of the Notice and Notice Regime, using the same language they used to promote the controversial bill.

While I agree that the copyright portions of that bill could be claimed to be "balanced", I will still state the anti-technology ownership "TPM" sections of the bill were unbalanced.

Given the variety of house and senate bills proposing information disclosures without court oversight being pushed by the Harper Government, the notice&notice regime in the Copyright Act will soon be moot. It is highly unlikely that an aggressive copyright holder will use N&N when they will be able to get subscriber information without a court order and communicate threats directly to ISP customers.

read more

My Tedxoxbridge talk: How to break the Internet

I gave a talk last month in Cambridge at the Tedxoxbridge event called How to break the Internet, about how urgent it is that the Internet is fundamentally broken, and why we should be hopeful that we can fix it.

Government Rejects Supreme Court Privacy Decision: Claims Ruling Has No Effect on Privacy Reform

Michael Geist Law RSS Feed - Tue, 2014/06/17 - 04:22
Having had the benefit of a few days to consider the implications of the Supreme Court of Canada decision in Spencer, the Senate last night proceeded to ignore the court and pass Bill S-4, the Digital Privacy Act, unchanged. The bill extends the ability to disclose subscriber information without a warrant from law enforcement to any private sector organizations by including a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. Given the Spencer decision, it seems unlikely that organizations will voluntarily disclose such information as they would face the prospect of complaints for violations of PIPEDA.

Despite a strong ruling from the Supreme Court of Canada that explicitly rejected the very foundation of the government's arguments for voluntary warrantless disclosure, the government's response is "the decision has no effect whatsoever on Bill S-4."


As I posted yesterday, the government had argued in committee that:

In the instance of PIPEDA, because of the type of information provided in a pre‑warrant phase such as basic subscriber information, it would be consistent with privacy expectations and therefore it's not really putting telecoms, for example, in some unique position in terms of police investigations.

The Supreme Court of Canada rejected this view, concluding that:

there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous.

That cannot be credibly described as "no effect whatsoever." Indeed, the government's recently appointed Privacy Commissioner also pointed to Spencer and urged the government to consider the implications on S-4. 

In another post yesterday on the future of C-13 and S-4, I lamented that the "government could adopt the 'bury our heads in the sand approach' by leaving the provisions unchanged, knowing that they will be unused or subject to challenge." I argued that a better approach would be to address the issue directly, providing certainty to businesses and Canadians.

Perhaps unsurprisingly given its recent track record on privacy, it has chosen the head in the sand approach. During debate at the Senate yesterday, Conservative Senators repeatedly argued that Bill S-4 actually strengthens privacy, despite the fact that it opens the door to warrantless voluntary disclosure to any organization (it also enshrines weak data breach rules that do not provide protection as strong as that found in some other jurisdictions). Moreover, they tried to distinguish Spencer by arguing that it involves a criminal investigation disclosure to police, while the S-4 expansion of warrantless disclosure involves disclosures to private organizations.

Yet the principle is obviously the same: there is a reasonable expectation of privacy in subscriber information that should not be disclosed without a warrant or court order. No organization should be disclosing that information and when they do, they are likely to face a complaint with the Privacy Commissioner of Canada for violating PIPEDA. By leaving S-4 unchanged, the government is encouraging voluntary disclosures even after the Supreme Court explicitly ruled against them.

While the bill must still pass through the House of Commons, the government's decision to rush the legislation through the Senate (it conducted only a few hours of hearings) and to seemingly ignore the Supreme Court's decision creates further uncertainty for Canadians and Canadian businesses. Everyone needs rules that comply with the letter and spirit of the Spencer decision, which Bill S-4 fails to do on both counts. 
Syndicate content