Feed aggregator

Bell’s Latest Privacy Solution: Enhance Internet Privacy By Blocking Access to It

Michael Geist Law RSS Feed - Tue, 2017/12/05 - 10:37

The Canadaland report on Bell’s plans to apply to the CRTC to create a website blocking agency unsurprisingly sparked immediate widespread concern. I provided further detail on the proposal, noting the danger of establishing a blocking system without court review of the block list and the very weak case Bell makes to justify it. A critical aspect of the Bell proposal is that it must convince the CRTC that website blocking would further Canada’s telecommunications policy objectives. Given that the CRTC has already ruled that the law prohibits blocking without its approval, that is a difficult standard to meet. I argue that the three justifications raised by Bell – that piracy “threatens the social and economic fabric of Canada”, that the telecommunications system should “encourage compliance with Canadian laws” and that website blocking “will significantly contribute toward the protection of the privacy of Canadian Internet users” – is very weak.

In fact, the privacy argument is not only weak, it is incredibly hypocritical. Bell is arguably the worst major Canadian telecom company on user privacy and its attempt to justify website blocking on the grounds that it wants to protect privacy is shameful. There are obviously far better ways of protecting user privacy from risks on the Internet than blocking access to sites that might create those risks. Further, with literally millions of sites that pose some privacy risk, few would argue that the solution lies in blocking all of them.

Yet Bell in particular is in no position to make this argument. Years after competitors such as Rogers and Telus released telecom transparency reports that disclose the frequency of subscriber information disclosures to law enforcement, Bell has still refused to release such a report, keeping millions of Canadians in the dark on the issue. Bell’s approach to “targeted advertising” also demonstrates how little regard it has for customer privacy. The company changed its privacy policy in 2013 to allow for expanded usage of subscriber data on everything from website visits to TV viewing habits. That led to its targeted ad program, in which it automatically enrolled millions of subscribers unless they proactively opted-out. When the Privacy Commissioner of Canada found that the program violated the law, Bell simply refused to comply:

we remain of the view that Bell cannot rely on the opt-out consent of its customers in order to implement the RAP. Both the sensitivity of the information at issue and the reasonable expectations analysis lead us to the conclusion that such consent is not appropriate in the circumstances. In our preliminary report, we recommended that Bell provide its customers with the opportunity to make an express opt-in choice regarding whether or not they consent to Bell’s use of their personal information for the RAP. Bell refused to comply with our recommendation. [emphasis added]

Bell later backed down, but its privacy challenges have not disappeared with a 2013 lawsuit that awarded thousands of dollars to a subscriber for a privacy violation as well as recent reports that it has hijacked browser sessions from customers that have asked to cancel services. The Privacy Commissioner is currently investigating the practice.

Bell’s radical website blocking plan is terrible policy for many reasons, but the claims that it can be justified on privacy grounds represent a new low for a company that has seemingly seen little value in prioritizing the privacy interests of its customers.

The post Bell’s Latest Privacy Solution: Enhance Internet Privacy By Blocking Access to It appeared first on Michael Geist.

Keynote Speaking – 2017-18

Michael Geist Law RSS Feed - Tue, 2017/12/05 - 04:46

I regularly speak at a wide range of conferences and events on issues related to technology, the Internet, law and policy. Recent keynote addresses have focused on privacy, social media, copyright, education, security, and the free speech on the Internet. All talks are customized to the audience with materials and video that can be distributed to attendees or posted online.

The video section of this site features links to many talks posted online. To discuss an event and potential speaking opportunities, contact me directly.

Current topics include:

1. Using Law Responsibly: What Happens When Law Meets Technology?

The law has long struggled to keep pace with the rapid change that comes with the Internet and new technologies. From the cross-border challenges posed by a global network to the privacy implications of big data, law and policy simply cannot move at “Internet speed.” Yet despite the difficulties, politicians and policy makers increasingly find themselves at the heart of emerging policy issues, asked to address the balance between privacy and surveillance, the competing copyright interests of creators and users, and the market structure for network providers and disruptive competitors. This keynote talk will explore the emerging law and policy challenges, highlighting how all Internet users have the opportunity to help shape the digital policy landscape.

2. The Dynamic Environment for Digital Privacy in Canada

As the public becomes increasingly reliant upon digital networks for everything from basic communication to commerce to culture, the privacy implications of the network become increasingly challenging. Big data cross-border transfers, algorithmic transparency, surveillance fears, security breaches, and data mining attract daily headlines as we struggle to identify an appropriate balance between leveraging data for new and innovative activities with the privacy risks associated with use and misuse of our personal information. Can real privacy exist in today’s networked world? This keynote will examine the dynamic environment for digital privacy in Canada, highlighting emerging policy challenges, ever-changing technologies, and the effort to craft online tools and services that offer both privacy and security.

3. Digital Trade: The Future of Canadian Trade Deals from NAFTA to the TPP

The intellectual property and new digital trade chapters of NAFTA are emerging as among the most contentious aspects of its renegotiation.  For decades, consumers, advocates and technology companies have been stuck in a defensive posture, criticizing more restrictive trade provisions and efforts to impose domestic reforms through trade negotiations. In recent years, however, these groups have been increasingly effective at promoting a positive agenda, including obligations to promote copyright “balance” and protect user rights that underpin the Internet ecosystem. This keynote will assess the Canadian opportunities in a global digital environment, examining the IP and digital trade rules emerging from global trade agreements such as NAFTA and the TPP.

The post Keynote Speaking – 2017-18 appeared first on Michael Geist.

Bell Leads on Radical Proposal for CRTC-Backed Mandatory Website Blocking System

Michael Geist Law RSS Feed - Mon, 2017/12/04 - 15:41

Canadaland reports today that Bell is leading a coalition that plans to file a proposal with the CRTC that would lead to the creation a mandatory website blocking system in Canada. The unprecedented proposal, which includes the creation of a new “Internet Piracy Review Agency”, envisions the creation of mandatory block lists without judicial review to be enforced by the CRTC. As a result, the companies (reportedly including Rogers and Cineplex) envision sweeping new Internet regulations with the CRTC ultimately charged with enforcing site blocking by every Internet provider in Canada. I reviewed the proposal in order to provide comments to the Canadaland.

Bell’s support for a website blocking system does not come as a surprise given that it raised the possibility at the House of Commons Standing Committee on International Trade in September and has increasingly sided with the content industry. The inclusion of Rogers on the list of supporters is consistent with recent comments at an industry conference in Ottawa despite the company earlier distancing itself in September from the Bell proposal.

As the Canadaland report notes, the Bell proposal maintains that site blocking can be established in Canada without the need for further copyright reform (notable since the government is set to launch a review of the Copyright Act in the coming weeks) by instead relying on the Telecommunications Act, which is itself slated for a review. Canada already has some of the toughest anti-piracy laws in the world with unique “enabler” provision that makes it easy for rights holder to target Canadian-based sites that are perceived to facilitate piracy. Moreover, industry data suggests that Canada has lower rates of piracy than many other countries. For example, Music Canada recently reported that Canada is well below global averages in downloading music from unauthorized sites or stream ripping from sites such as YouTube.

Yet the telecom and cable giants maintain that a new system designed to block foreign-based sites is still needed. This despite the fact that there is now the possibility of Equustek global takedown orders from the Canadian Supreme Court, which provides an obvious alternative that does not involve blocking. Perhaps most notable about the proposal is that there is no court oversight in the creation of the mandatory block list. The plan is to create a new not-for-profit organization (IRPA) similar in structure to the CCTS, which would be responsible for identifying sites to block. The organization’s board would include representatives of rights holders, broadcasters, ISPs, and consumer groups. There is no reference to independent voices or free speech or civil liberties groups. The IRPA would establish the list of sites to block to be submitted to the CRTC. The CRTC would then order all ISPs to block access to the sites under sections 24 and 24.1 of the Telecommunications Act.

The proposal claims that the blocking would only cover sites that “blatantly, overwhelmingly or structurally” engage in infringing or enabling or facilitating the infringing of copyright. Yet recent history suggests that the list will quickly grow to cover tougher judgment calls. For example, Bell has targeted TVAddons, a site that contains considerable non-infringing content. It can be expected that many other sites disliked by rights holders or broadcasters would find their way onto the block list.

Moreover, the creation of a blocking system will invariably lead to demands that it expand to other areas. Whether fake news, hate speech or unlicensed content, if blocking websites without even court oversight is viewed as fair game, the CRTC will face a steady stream of demands for more. For example, consider Bell’s potential response to the availability of streaming content from U.S. services without a Canadian licence or the reaction to the removal of simultaneous substitution and its argument that unlicensed content should be blocked. The TPP included a specific provision stopping Canada from restricting access to foreign audio-visual content precisely due to concerns that broadcasters and BDUs might want to lessen competition by blocking access to foreign services.

The good news is that legal basis for this radical proposal is on very shaky ground. The CRTC was clear in September 2016 letter arising out of the Quebec law mandating the blocking of access to unlicensed gambling sites. The CRTC stated that the law only permits blocking in “exceptional circumstances” noting that:

the Commission is of the preliminary view that the Act prohibits the blocking by Canadian carriers of access by end-users to specific websites on the Internet, whether or not this blocking is the result of an ITMP. Consequently, any such blocking is unlawful without prior Commission approval, which would only be given where it would further the telecommunications policy objectives. Accordingly, compliance with other legal or juridical requirements – whether municipal, provincial or foreign – does not in and of itself justify the blocking of specific websites by Canadian carriers, in the absence of Commission approval under the Act.

The proposal must therefore convince the CRTC that website blocking would further the telecommunications policy objectives (merely complying with copyright law or meeting broader cultural objectives would be insufficient). The proposal does a woefully poor job of making the case that mandatory website blocking would further those objectives. The best it can do is argue that piracy “threatens the social and economic fabric of Canada”, that the telecommunications system should “encourage compliance with Canadian laws” and that website blocking “will significantly contribute toward the protection of the privacy of Canadian Internet users.”

The case is very weak on all counts. The data on piracy is decidedly mixed. The carriers try to make the case that piracy is responsible for cord cutting, but the popularity of authorized services such as Netflix and the far better value associated with the services surely has much more to do with it. In fact, a recent report released by the Canada Media Fund noted the sharp decline in piracy, the fast growth of music industry, and the near-complete elimination of BitTorrent as a major source of network traffic (just under 2% of peak network traffic is BitTorrent compared to 35% for Netflix).   Moreover, many studies suggest that Canada has lower rates of piracy and that the overwhelming majority of Canadians do not use tools to access unauthorized streams (a Sandvine study found that only 7% have done so). The proposal also cites a Circum study conducted for Canadian Heritage on piracy, but that study found that the majority of rights holders were not focused on the issue.

The arguments around encouraging compliance with the law is even weaker as the Commission has already stated that compliance with other legal or juridical requirements does not justify site blocking. Most head-scratching is the claim that this will protect user privacy, particularly since it comes from a company (Bell) that is the only major provider without a transparency report and it refused to comply with the Privacy Commissioner of Canada’s ruling on its privacy-invasive ad-tracking program when it was first issued. It takes a special kind of hypocrisy to argue that the way to protect user privacy is simply to block access to many Internet sites.

What the proposal does not acknowledge is that there would be obvious Charter of Rights and Freedoms concerns with a proposal that avoids judicial oversight in creating a block list, is not used by the U.S. (which has the most at stake from a content perspective and which has specifically warned against blocking in the TPP), and that it is inconsistent with rules found elsewhere that at least incorporate judicial review. The government rightly seems dismissive of the proposal in the Canadaland report but as leading Internet providers, Bell and Rogers should be ashamed for leading the charge on such a dangerous, anti-speech and anti-consumer proposal.

The post Bell Leads on Radical Proposal for CRTC-Backed Mandatory Website Blocking System appeared first on Michael Geist.

Canada’s Missing Internet Provision: Why NAFTA Offers the Chance to Establish Long Overdue Online Speech Safeguards

Michael Geist Law RSS Feed - Fri, 2017/12/01 - 10:03

During the earliest days of the commercial Internet, the United States enacted the Communications Decency Act, legislation designed to address two concerns with the rapidly growing online world: the availability of obscene materials and the liability of Internet services hosting third party content. While the obscenity provisions in the 1996 law were quickly struck down as unconstitutional by the U.S. Supreme Court, the liability rules emerged as a cornerstone of U.S. Internet policy.

The rules, which many regard as the single most important legal protection for free speech on the Internet, establish a safe harbour that ensures online services are not liable for the content posted by their users. My Globe and Mail op-ed notes that over the past two decades, the CDA Section 203(c) provision has been used by every major Internet service – from Google to Amazon to Airbnb – to ensure that courts, not private companies, determine what is lawful and permitted to remain online.

By creating a legal safe harbour for non-copyright third party content (copyright law establishes an alternative system for addressing claims of infringement and the liability clearly applies to original content created by an online service), thousands of Internet sites and services have been able to err on the side of free speech without active monitoring of posts or takedowns based on unproven claims.

The rules can be controversial, particularly at a time when policy makers and the public are demanding greater vigilance from online providers in countering disinformation campaigns, cyber-bullying, and hate online. Yet there is room to strike a balance to ensure that illegal content is swiftly identified and taken down, while avoiding the risks that would come with active monitoring of content posted by billions of users by Internet giants.

Unlike the U.S., Canada does not have equivalent online legal protections for third party content. In practice, that has meant the same companies that require court orders prior to the removal of content for claims originating in the U.S., may take down lawful content in Canada based on mere unproven allegations due to fears of legal liability. Moreover, the absence of safe harbour protections has proven to be a significant disincentive for both new and established services to use Canada to store data or maintain a local presence.

The absence of Canadian safe harbour rules took on heightened importance this year with the Supreme Court of Canada’s Equustek ruling, in which it concluded that a Canadian court could issue a global takedown order requiring Google to remove results from its search index for users worldwide. A U.S. court recently issued an injunction blocking enforcement of the Canadian order, noting that it “threatens free speech on the global Internet” by effectively overriding U.S. safe harbour protections.

The inconsistency between U.S. and Canadian law in this area appears to have led the U.S. government to amend its list of negotiating objectives for the NAFTA digital trade chapter. Earlier this month, the U.S. released its updated list of objectives, quietly adding “establish rules that limit non-IPR [intellectual property rights] civil liability of online platforms for third party content, subject to NAFTA countries’ rights to adopt non-discriminatory measures for legitimate public policy objectives.”

The change may have been motivated by U.S. concerns of Canadian overreach in the online environment, but the benefits of a well-crafted provision would be significant for the Canadian digital economy. The U.S. proposal features ample room for Canada to craft rules that maintain the need for responsible stewardship of online providers without overbroad monitoring or unwarranted takedowns.

As Canada seeks to attract global players such as Amazon and foster the creation of the next generation of home-grown Internet success stories like Shopify, there is a need for a level legal liability playing field. Indeed, the absence of Canadian safe harbour rules is longstanding weakness in the efforts of Innovation, Science and Economic Development Minister Navdeep Bains to build an innovative online economy. The NAFTA digital trade chapter offers an ideal venue to simultaneously give the U.S. delegation a “win” and for Canada to pursue much-needed domestic digital reforms.

The post Canada’s Missing Internet Provision: Why NAFTA Offers the Chance to Establish Long Overdue Online Speech Safeguards appeared first on Michael Geist.

Routing Detours: Can We Avoid Nation-State Surveillance?

Freedom to Tinker - Tue, 2016/08/30 - 18:44
Since 2013, Brazil has taken significant steps to build out their networking infrastructure to thwart nation-state mass surveillance.  For example, the country is deploying a 3,500-mile fiber cable from Fortaleza, Brazil to Portugal; they’ve switched their government email system from Microsoft Outlook to a state-built system called Expresso; and they now have the largest IXP […]

Differential Privacy is Vulnerable to Correlated Data — Introducing Dependent Differential Privacy

Freedom to Tinker - Fri, 2016/08/26 - 09:57
[This post is joint work with Princeton graduate student Changchang Liu and IBM researcher Supriyo Chakraborty. See our paper for full details. — Prateek Mittal ] The tussle between data utility and data privacy Information sharing is important for realizing the vision of a data-driven customization of our environment. Data that were earlier locked up […]

Language necessarily contains human biases, and so will machines trained on language corpora

Freedom to Tinker - Wed, 2016/08/24 - 16:32
I have a new draft paper with Aylin Caliskan-Islam and Joanna Bryson titled Semantics derived automatically from language corpora necessarily contain human biases. We show empirically that natural language necessarily contains human biases, and the paradigm of training machine learning on language corpora means that AI will inevitably imbibe these biases as well. Specifically, we look at […]

Security against Election Hacking – Part 2: Cyberoffense is not the best cyberdefense!

Freedom to Tinker - Thu, 2016/08/18 - 09:00
State and county election officials across the country employ thousands of computers in election administration, most of them are connected (from time to time) to the internet (or exchange data cartridges with machines that are connected).  In my previous post I explained how we must audit elections independently of the computers, so we can trust the […]

Security against Election Hacking – Part 1: Software Independence

Freedom to Tinker - Wed, 2016/08/17 - 09:27
There’s been a lot of discussion of whether the November 2016 U.S. election can be hacked.  Should the U.S. Government designate all the states’ and counties’ election computers as “critical cyber infrastructure” and prioritize the “cyberdefense” of these systems?  Will it make any difference to activate those buzzwords with less than 3 months until the […]

Can Facebook really make ads unblockable?

Freedom to Tinker - Thu, 2016/08/11 - 17:18
[This is a joint post with Grant Storey, a Princeton undergraduate who is working with me on a tool to help users understand Facebook’s targeted advertising.] Facebook announced two days ago that it would make its ads indistinguishable from regular posts, and hence impossible to block. But within hours, the developers of Adblock Plus released an […]

The workshop on Data and Algorithmic Transparency

Freedom to Tinker - Wed, 2016/08/10 - 09:57
From online advertising to Uber to predictive policing, algorithmic systems powered by personal data affect more and more of our lives. As our society begins to grapple with the consequences of this shift, empirical investigation of these systems has proved vital to understand the potential for discrimination, privacy breaches, and vulnerability to manipulation. This emerging […]

A response to the National Association of Secretaries of State

Freedom to Tinker - Tue, 2016/08/09 - 08:11
Election administration in the United States is largely managed state-by-state, with a small amount of Federal involvement. This generally means that each state’s chief election official is that state’s Secretary of State. Their umbrella organization, the National Association of Secretaries of State, consequently has a lot of involvement in voting issues, and recently issued a […]

Supplement for Revealing Algorithmic Rankers (Table 1)

Freedom to Tinker - Fri, 2016/08/05 - 05:35
Table 1: A ranking of Computer Science departments per csrankings.org, with additional attributes from the NRC assessment dataset. Here, the average count computes the geometric mean of the adjusted number of publications in each area by institution, faculty is the number of faculty in the department, pubs is the average number of publications per faculty […]

Revealing Algorithmic Rankers

Freedom to Tinker - Fri, 2016/08/05 - 05:35
By Julia Stoyanovich (Assistant Professor of Computer Science, Drexel University) and Ellen P. Goodman (Professor, Rutgers Law School) ProPublica’s story on “machine bias” in an algorithm used for sentencing defendants amplified calls to make algorithms more transparent and accountable. It has never been more clear that algorithms are political (Gillespie) and embody contested choices (Crawford), […]

Election security as a national security issue

Freedom to Tinker - Wed, 2016/08/03 - 13:11
We recently learned that Russian state actors may have been responsible for the DNC emails recently leaked to Wikileaks. Earlier this spring, once they became aware of the hack, the DNC hired Crowdstrike, an incident response firm. The New York Times reports: Preliminary conclusions were discussed last week at a weekly cyberintelligence meeting for senior officials. […]

Brexit Exposes Old and Deepening Data Divide between EU and UK

Freedom to Tinker - Mon, 2016/07/25 - 10:45
After the Brexit vote, politicians, businesses and citizens are all wondering what’s next. In general, legal uncertainty permeates Brexit, but in the world of bits and bytes, Brussels and London have in fact been on a collision course at least since the 90s. The new British prime minister, Theresa May, has been personally responsible for […]

Pokémon Go and The Law: Privacy, Intellectual Property, and Other Legal Concerns

Freedom to Tinker - Tue, 2016/07/19 - 10:59
Pokémon Go made 22-year-old Kyrie Tompkins fall and twist her ankle. “[The game]  vibrated to let me know there was something nearby and I looked up and just fell in a hole,” she told local news outlet WHEC 10. So far, no one has sued Niantic or The Pokémon Company for injuries suffered while playing […]

A Peek at A/B Testing in the Wild

Freedom to Tinker - Thu, 2016/05/26 - 09:40
[Dillon Reisman was previously an undergraduate at Princeton when he worked on a neat study of the surveillance implications of cookies. Now he’s working with the WebTAP project again in a research + engineering role. — Arvind Narayanan] In 2014, Facebook revealed that they had manipulated users’ news feeds for the sake of a psychology study […]

The Princeton Web Census: a 1-million-site measurement and analysis of web privacy

Freedom to Tinker - Wed, 2016/05/18 - 11:59
Web privacy measurement — observing websites and services to detect, characterize, and quantify privacy impacting behaviors — has repeatedly forced companies to improve their privacy practices due to public pressure, press coverage, and regulatory action. In previous blog posts I’ve analyzed why our 2014 collaboration with KU Leuven researchers studying canvas fingerprinting was successful, and […]

Is Tesla Motors a Hidden Warrior for Consumer Digital Privacy?

Freedom to Tinker - Wed, 2016/05/18 - 07:00
Amid the privacy intrusions of modern digital life, few are as ubiquitous and alarming as those perpetrated by marketers. The economics of the entire industry are built on tools that exist in shadowy corners of the Internet and lurk about while we engage with information, products and even friends online, harvesting our data everywhere our […]
Syndicate content