Feed aggregator

privacy in Canada – part two

Fair Duty by Meera Nair - Sun, 2014/06/01 - 22:23

The current legislative situation regarding privacy confounds many Canadians, given that Prime Minister Harper and key players in his coterie have staunchly argued on the principles of privacy to dismantle past measures of data collection, even when those measures were supported by Conservative allies. Specifically, the long-form census and the long-gun registry were discarded despite opposition from prominent experts in the areas of finance and law enforcement.

In 2010, amidst a firestorm of criticism, the Prime Minister cancelled the mandatory long-form census and replaced it with an optional household survey. Objections poured forth from the provinces, municipalities, communities, businesses, educators, social advocates, health organizations, and more, including a former Bank of Canada governor.

Most telling, Munir Sheikh resigned his position as Chief Statistician of Statistics Canada, rather than acquiesce to a decision that could only damage Canadian wellbeing. Effective policy cannot be made without reliable data. (Indeed, Prime Minister Harper is likely feeling that headache now, as he tries to combat the problems of the temporary foreign worker visa program, without accurate information concerning where needs can be filled without placing Canadians at a disadvantage.)

The Prime Minister viewed the census as an intrusion into Canadian privacy, despite the rigorous controls enforced by Statistics Canada with respect to disclosure of the data. (Individual information was never revealed; only aggregate information was provided through a controlled request system.) Writing for the Progressive Economics Forum at that time, Armine Yalnizyan explored the Canadian system in detail and in comparison to other systems, and made plain that while personal data is gathered, the results are never personal. No privacy commissioner had ever seen fit to question the operations of Statistics Canada. Yet discarding the census was clearly a matter of principle, or so it must be seen. Tony Clement, then-Minister of Industry, made these remarks to the Standing Committee for Industry, Science and Technology:

Our government’s reason for replacing the mandatory census with a voluntary national survey on the long form is clear. We do not believe it is appropriate to compel Canadians to divulge extensive private and personal information.

So despite compromising effective decision making in his own government, Prime Minister Harper stood resolutely on the issue of privacy.

For those who might still have doubts, the demise of the long-gun registry offers further illustration of our Prime Minister’s formerly adamant views on privacy. A dogged six year battle (from 2006-2012) was needed to remove the registry from use. And, not content to merely end the requirement of registration, Prime Minister Harper sought to ensure that all existing data be destroyed. According to Jason Kenney, then-Minister for Citizenship and Immigration:

… we can protect the privacy rights of Canadians, and there are hundreds of thousands of law-abiding Canadians who are legitimate firearms owners who believe that database undermines their privacy rights, and our commitment was, for that reason, to get rid of that data.

When the registry was eliminated in 2012, it was over and above the objections of Canadian law enforcement agencies. For instance, an RCMP evaluation of the registry argued that it served a vital function towards public safety:

The program is often misperceived by the media and the public as being solely a registry. The administration of this national public safety program might better be compared with a provincial Motor Vehicles Branch, which is also involved in safety training, licensing and registration and is an important resource to law enforcement. …  There continues to be public safety threats in Canada caused by both the deliberate and accidental misuse of firearms, mostly through non-restricted firearms (long guns). … Regulation of firearms provides for greater accountability for the firearm (p.17)

The Canadian Association of Chiefs of Police also came out forcefully in favour of the registry. Bill Blair, then head of the association, indicated that “officers use the registry up to 11,000 times a day, both to investigate and prevent crime.”

With the Prime Minister favouring a law-and-order agenda in Canada, it is more than odd that he chose to ignore the opinions of those involved in law-and-order. One can only infer that privacy reigned supreme among Prime Minister Harper’s principles and was not to be compromised, even for political gain.

Returning to current events, perhaps knowing that she would not be permitted to speak to the Standing Committee, Ontario Privacy Commissioner Dr. Ann Cavoukian does not mince words in a letter to the Committee Chair, dated to 16 May 2014. Calling for revision of the pending legislation, she concludes with:

Canadians have a constitutional right to be secure from unreasonable search and seizure, including with respect to personal information held by third parties. The expansive surveillance proposals and entrenchment of sweeping immunity for digital service providers brings this right into question.

Cavoukian, along with the Canadian Bar Association and others, have encouraged the Government to separate Bill C-13 into separate pieces of legislation, one to address cyberbullying and the other for lawful access. Minister MacKay has refused such proposals; perhaps Prime Minister Harper may yet see wisdom in such a move.

Update – June 3  Jill Clayton, Elizabeth Denham and Ann Cavoukian (privacy commissioners of Alberta, BC and Ontario, respectively) ask the Standing Committee to “… postpone hearings on Bill C-13 until such a time as the Privacy Commissioner of Canada can appear and speak to this Bill …” ; their letter (dated 2 June 2014)  is available here.

Update – June 13 — a tumultuous ten days  

The contested appointment of a new privacy commissioner, with a somewhat surprising outcome, the unwillingness of the government to amend either C-13 or S-4, and a timely reminder from the Supreme Court of Canada that Canadians have an expectation of privacy, means that there will be continued pressure upon the government to reconsider its actions. With unanimity, the Justices declared: “The two circumstances relevant to determining the reasonableness of … expectation of privacy in this case are the nature of the privacy interest at stake and the statutory and contractual framework governing the ISP’s disclosure of subscriber information.”

Josh Wingrove, writing for the Globe and Mail, solicited opinion from privacy expert David Fraser; he emphasizes that this alone does not “throw out” parts of S-4 and C-13, but “… adds to the ammunition critics have had with respect to a number of the provisions.” Fraser provides ongoing analysis at his blog; among his preliminary remarks was this gem: “Contrary to the views of most police agencies and the government of Canada, this information is not innocuous phone book information but, ‘rather, it was the identity of an Internet subscriber which corresponded to particular Internet usage.'”

 


privacy in Canada – part one

Fair Duty by Meera Nair - Sun, 2014/06/01 - 21:02

Over the last few months, Canadians have been presented with the sobering news of breaches of privacy committed on a massive scale. The revelation of over one million requests to telecommunications’ providers for subscriber records must provoke scrutiny of this government’s treatment of privacy. Scholars and privacy organizations are concerned that our government’s current legislative program will only make such breaches easier to carry out.

Currently, there are two bills under discussion in Parliament. Bill C-13 (Protecting Canadians from Online Crime Act) is before the Standing Committee on Justice and Human Rights; it offers incentives for disclosure of subscriber data by providing immunity to any telecommunications company that voluntarily supplies information when requested by law enforcement agencies. Bill S-4 (Digital Privacy Act) has arrived at the Senate chambers and extends that offer of immunity to any private organization that claims to be investigating a breach of contract, or a possible breach of contract.

After his participation in discussion of C-13 with the Standing Committee on 29 May 2014, Michael Geist posted his thoughts about the meeting itself, alerting Canadians to the spectacle of a bill so intertwined with privacy, moving forward without the involvement of a single privacy commissioner. Furthermore, “… leading privacy groups such as the Canadian Civil Liberties Association, the British Columbia Civil Liberties Association, and CIPPIC have all been told that there is unlikely to be spots for them at committee. … .”

Canadians may wish to know who has been permitted to speak to the Standing Committee so far. According to the records available to date, the Standing Committee began discussion of C-13 on 1 May 2014, has had six meetings so far, with one more meeting confirmed for 3 June 2014.

The first meeting was entirely given over to Peter MacKay (Minister of Justice and Attorney General of Canada) and members of his department. Through the next five meetings, law enforcement officials and families of victims were each allocated one meeting. In the remaining three meetings, the following organizations were involved: Boys and Girls Clubs of Canada, Canadian Association of University Teachers, Canadian Bar Association, Canadian Centre for Child Protection, Criminal Lawyers Association, Kids Internet Safety Alliance, and Office of the Federal Ombudsman for Victims of Crime. Interspersed among these organizations were four individuals: David Fraser,  Gregory Gilhooly, Steph Guthrie and Michael Geist.

With this weighting of participants, one might have expected testimony to be resoundly in favour of the government`s proposals. Yet the second meeting defied that expectation. The transcript for 6 May 2014 makes for interesting reading.

The witnesses of the day were representatives of Boys and Girls Clubs of Canada, Steph Guthrie and David Fraser. Notably, both Guthrie and Fraser have devoted considerable effort to representing the interests of victims of cyber-assault, see here and here. If the Committee expected unqualified approbation from all three parties, the MPs were quickly disabused of that notion. All witnesses gave comprehensive statements; each witness asked that attention be brought to bear on the privacy implications of the bill.

Fraser spoke first; immunity came in for conspicuous displeasure at the end of his prepared remarks:

I find this to be gravely problematic. I think it’s a very cleverly crafted provision. We’re told that this is simply for greater certainty, but it goes beyond that. Everything we know suggests otherwise.

It says that you will not be liable for handing over any data that you’re not prohibited by law from handing over, and if you do so you’re civilly immune. Now, only the criminal law and other regulations create prohibitions against handing over information, but you can hand over information when you’re not legally prohibited and still incur civil liability. Civil liability is there for a reason. I may not be legally prohibited from accidentally driving my car into yours, but if I do that, you’re entitled to damages from that. I should be paying for the harm that is caused.

If there were an immunity provision that said you could not sue me if I did something that was not legally prohibited, that would be squelched. That would go away. So this provision, I believe, should be removed. It can’t be fixed and will only encourage overreaching by law enforcement.

In conclusion, while we don’t have Bill S-4, the digital privacy act, in front of us, that fits together with the immunity provisions. I’m concerned that the two taken together will extend the amount of information not only available to law enforcement but will extend the information available to other civil litigants and others (emphasis mine).

Fahd Alhattab, an alumnus of Boys and Girls Clubs of Canada, added a plea with his request for protection of privacy:

Young people deserve to be protected from cyberbullying, but they also deserve to be protected and respected for their privacy. Now, we’re no experts on privacy, so our only recommendation on that is to encourage you to listen, obviously, to any concerns that are brought up, any considerations that are brought up, by the experts who are dealing with privacy, to make sure that we’re protecting youth from cyberbullying but we’re also protecting our children and youth and their privacy rights (emphasis mine).

On cue, Guthrie then drew attention back to the immunity offered for warrantless disclosure in C-13, noting that C-13 claims to bring scrutiny to the issue of consent in terms of cyberbullying, yet turns around and abandons consent in terms of privacy:

 Perhaps most of Bill C-13 isn’t  really about cybersexual assault, but I find it interesting that it violates some of the same privacy principles, such as freely given and specific consent. Most of us do not and would not give free and specific consent for the state to access any, and potentially all, of our data by way of our Internet service providers if we had any meaningful choice in the matter.

The consent we give is to our Internet service providers. If the police want our information because they suspect we are engaged in criminal activity, well, most of us would assume that is what search warrants are for. Bill C-13 enshrines the idea of transferable consent in law, immunizing anyone who shares our information and violates our privacy without adequate legal justification for doing so (emphasis mine).

While obviously different in many ways, the limitations on personal freedom imposed by Bill C-13  bear some striking similarities to those imposed by cybersexual assault. The state could be following us into our job interviews, on our first dates, or to the laundromat. The bill’s provisions will restrict Canadians’ ability to live life normally and comfortably because they are constantly living with the idea that the state, when they encounter it, may know intimate things about them that they didn’t consent to share. Even if they know they have done nothing wrong, they must still deal with the judgments, misperceptions, and intrusions of the state.

In the question and answer period that followed, a concerted effort by MP Bob Dechert to push Fraser into agreeing that immunity was necessary to combat the harms that have been inflicted on past victims came to naught. Dechert posed the hypothetical situation of a young woman, about to be victimized by widespread dissemination of a personal photograph thereby provoking a request from the police that an ISP should help identify the offender; Dechert asked if Fraser would advise the ISP to disclose the data:

Mr. David Fraser: In this scenario—again, I can only speak for myself—I believe there is a real harm attached to the dissemination of these sorts of images. I’ve seen first-hand the harm that they can do to a young person, and I’ve seen what they can do to an adult. My inclination would be to provide that information. That would be my impulse. I would know there might be possibly some risk in doing that, but for me, given the severity of what’s going on, this is a non-trivial matter, and my inclination would be to hand over that information.

Mr. Bob Dechert: In that circumstance, you would agree that the ISP provider should not bear any civil liability if it turns out that they were incorrect; there was no crime committed or about to be committed.

Mr. David Fraser: I wouldn’t grant them immunity.

Mr. Bob Dechert: You wouldn’t grant them immunity.

Mr. David Fraser: No. I would say that they acted in good faith and they wouldn’t be liable, but I wouldn’t grant them immunity.

Mr. Bob Dechert:  That would expose them to a lawsuit, would it not?

Mr. David Fraser: Certainly. Walking down the street exposes one to a lawsuit. There is a difference between not being liable and having immunity. Immunity is a blanket, saying that no matter what you do, nobody can raise an issue.

Immunity, of course, is only part of the problem of C-13.

There are significant concerns about the widening of data to be collected. What is benignly referred to as transmission data is not as innocuous as it sounds, despite the assurance of Minister MacKay at the first meeting on 1 May 2014:

…  the definition of transmission is narrowly defined and captures only data that relates to the act of telecommunication. The definition of transmission data is the modern equivalent of phone-call information, not what is actually contained in the conversation, and these proposals are meant to ensure consistent treatment of similar information.

Such language is, intentionally or otherwise, misleading. Turning again to Fraser’s opening remarks, he is explicit as to what transmission data entails:

With conventional telephony, transmission data refers to the number called from, the number called to, whether the call was connected, and how long that call lasted.   In the Internet context, the amount of information that’s included in the kind of out-of-band signalling information and what it reveals is dramatically different. It would include the IP address of the originating computer, the destination computer, information about the browser that’s being used, information about the computer that’s being used, information about the URL, the address being accessed, which can actually disclose content, even though the definition of transmission data is intended to exclude that.

It will also tell you what kind of communications are being done. Is it an e-mail communication? Is it an instant message? Is it peer-to-peer file sharing or otherwise? So it provides much more insight into actually what is going on than just phone number information.  An interception of transmission data would tell law enforcement agencies whether the target of surveillance was visiting a search engine, an encyclopedia site, a poker site, or a medical site. Furthermore, the data would provide greater insight into the likely physical location of the surveillance target. This is a dramatic expansion of the information that’s provided and available, compared to traditional telephone communications.

As anybody in this room knows, I expect, the way we use computers today is dramatically different from the way we used telephones 15 years ago. We use them as spellcheckers. We use them to find out facts. We use them for a much wider range of activities. With the disclosure of greater information through these transmission data orders, you’re revealing much more about an individual. Even though the definition excludes content, just the transmission data tells you a lot more about really what’s going on.

Geist raises what is perhaps the most perplexing aspect of the proceedings in “Why has the Canadian government given up on protecting our privacy?”, published by the Toronto Star on 30 May 2014. He notes: “… conservative government policies are often consistent with civil libertarian views that abhor public intrusion into the private lives of its citizens.” Our Prime Minister has shown great zeal in protecting privacy in the past.  A look back follows in privacy in Canada – part two.

 

 

 


What if the Government Passed Lawful Access Without Hearing from Any Privacy Commissioners?

Michael Geist Law RSS Feed - Fri, 2014/05/30 - 05:58
Yesterday I appeared before the Standing Committee on Justice and Human Rights to discuss Bill C-13, the lawful access and cyberbullying bill. My comments focused on three issues: immunity for voluntary disclosure, the low threshold for transmission data warrants, and the absence of reporting and disclosure requirements.

As Committee chair Mike Wallace discussed plans for further work on the bill, it became apparent that the government intends to move quickly without the opportunity to hear from any Canadian privacy commissioner. Only two more days of witnesses are scheduled (the committee is desperate to hear from Facebook) and then it plans to move to clause-by-clause review of the bill. 

Given that lawful access has been the subject of more than a decade of debate, the likelihood that the bill will pass through the committee stage without hearing from a single privacy commissioner is shocking. In fact, leading privacy groups such as the Canadian Civil Liberties Association, the British Columbia Civil Liberties Association, and CIPPIC have all been told that there is unlikely to be spots for them at committee. The exclusion of these groups - along with the absence of any federal or provincial commissioners - undermines the entire review process. There may be differing views on the lawful access provisions (the bill is certainly far better than the prior Bill C-30 and its predecessor but still needs improvement), but a fair and effective legislative process should ensure that leading experts are given the opportunity to voice their views.

From Coding Kids to Internet Exchanges: CIRA Community Investment Program's First Round Recipients

Michael Geist Law RSS Feed - Fri, 2014/05/30 - 03:55
The Canadian Internet Registration Authority today announced the first round of recipients in its Community Investment Program. I ran for the CIRA board in the hope that the organization would establish this kind of program and I'm thrilled to see it come to fruition. CIRA received 149 applications (I reviewed them all as chair of the Community Investment Committee) and they provided a great illustration of the energy, excitement, and innovation for the Internet that is taking place across the country.

The committee recommended a wide range of projects for funding with CIRA investing more than one million dollars in the effort. Projects include programs to teach kids how to code, improving Internet access in rural and lower income communities, creating an Internet exchange in Halifax, developing Internet programs in First Nation and northern communities, and creating an Internet-based warning system for at-risk youth. In addition, there are research projects on many issues including surveillance, Internet routing, and consumer e-commerce rights. This is an incredibly exciting initiative as CIRA steps in to provide assistance to projects from coast-to-coast-to-coast.  I am very proud to be part of the effort, grateful to the other members of the committee for their hard work in reviewing the applications, and looking forward to the results.  

The Trouble With Bill C-13: My Appearance before the Standing Committee on Justice and Human Rights

Michael Geist Law RSS Feed - Thu, 2014/05/29 - 03:24
Earlier today, I appeared before the Standing Committee on Justice and Human Rights to discuss my concerns with Bill C-13, the lawful access/cyberbullying bill.  My opening statement focused exclusively on privacy, pointing to problems with immunity for voluntary disclosure, the low threshold for transmission data warrants, and the absence of reporting and disclosure requirements.  I'll post a link to the transcript once available.  In the meantime, I've posted my opening statement below.

Appearance before the House of Commons Standing Committee on Justice and Human Rights, May 29, 2014


Good morning. My name is Michael Geist.  I am a law professor at the University of Ottawa, where I hold the Canada Research Chair in Internet and E-commerce Law. I have appeared many times before committees on various digital policy issues, including privacy. I appear today in a personal capacity representing only my own views.

As you may know, I have been critical of the lawful access bills that have been introduced by both Liberal and Conservative governments. I wish to emphasize, however, that criticism of lawful access legislation does not mean opposition to ensuring our law enforcement agencies have the tools they need to address crime in the online environment.

As Ms. MacDonald can attest, when her organization launched Project Cleanfeed Canada in 2006, I publicly supported the initiative that targets online child pornography by working to establish a system that protects children, safeguards free speech, and contains effective oversight. In the context of Bill C-13, there is similar work to be done to ensure that we do not unduly and unnecessarily sacrifice our privacy in the name of fighting online harms. As Carol Todd told this committee, "we should not have to choose between our privacy and our safety."

Given the limited time, let me start by saying that I support prior witness calls to split this bill so that cyber-bullying can be effectively addressed and we can more effectively examine lawful access. Moreover, I support calls for a comprehensive review of privacy and surveillance in Canada. I'm happy to discuss these issues further during questions, but I want to focus my time on the privacy concerns associated with this bill. In doing so, I will leave the cyber-bullying provisions to others to discuss.

With respect to privacy, I'm going to confine my remarks to three issues: immunity for voluntary disclosure, the low threshold for transmission data warrants, and the absence of reporting and disclosure requirements.

Immunity for Voluntary Disclosure

First, the creation of an immunity provision for voluntary disclosure of personal information. I believe that this immunity provision must be viewed within the context of five facts:

1.    The law already allows intermediaries to disclose personal information voluntarily as part of an investigation.  This is the case both for PIPEDA and the Criminal Code.
2.    Intermediaries disclose personal information on a voluntary basis without a warrant with shocking frequency. The recent revelation of 1.2 million requests to telecom companies for customer information in 2011 affecting 750,000 user accounts provides a hint of the privacy impact of voluntary disclosures.
3.    Disclosures involve more than just basic subscriber information.  Indeed, this committee has heard directly from law enforcement, where the RCMP noted that "currently specific types of data such as transmission or tracking data may be obtained through voluntary disclosure by a third party." In fact, since PIPEDA is open-ended, content can also be disclosed voluntarily so long as it does not involve an interception.
4.    Intermediaries do not notify users about their disclosures, keeping hundreds of thousands of Canadians in the dark. Contrary to discussion at this committee earlier this week, there is no notification requirement within the bill to address this issue.
5.    This voluntary disclosure provision should be viewed in concert with the lack of meaningful changes in Bill S-4, that would collectively expand warrantless voluntary disclosure to any organization.

Given this background, I would argue that the provision is a mistake and should be removed. The provision unquestionably increases the likelihood of voluntary disclosures at the very time that Canadians are increasingly concerned with such activity.  Moreover, it does so with no reporting requirements, oversight, or transparency.

For those that argue that it merely codifies existing law, there are at least two notable changes, both of concern.  First, it expands the scope of "public officer" to include the likes of CSEC, CSIS, and other public officials.  In the post-Snowden environment, with global concerns about the lack of accountability for surveillance activities, this would run the risk of increasing those activities.  Second, the Criminal Code currently includes a requirement of good faith and reasonableness on the organization voluntarily disclosing the information. This new provision does not include those requirements, seemingly granting immunity even where the disclosures are unreasonable.

In short, this provision is not needed to combat cyber-bullying nor is it a provision in need of updating to combat cybercrime.  In fact, it is inconsistent with the government's claims of court oversight. It should be removed from the bill.

Low Threshold for Transmission Data Warrants

Second, Bill C-13 contains a troubling, lower "reason to suspect" threshold for transmission data warrants. As many have noted, the kind of information sought by transmission data warrants is more commonly referred to as metadata. While some have tried to argue that metadata is non-sensitive information, that is simply not the case.

There has been some confusion at these hearings regarding how much metadata is included as 'transmission data'. This is far more than who phoned who for how long. It includes highly sensitive information relating to computer-to-computer links, as even law enforcement has explained before this committee.

This form of metadata may not contain the content of the message, but its privacy import is very significant. Late last year, the Supreme Court of Canada ruled in R. v. Vu on the privacy importance of computer generated metadata, noting:

In the context of a criminal investigation, however, it can also enable investigators to access intimate details about a user's interests, habits, and identity, drawing on a record that the user created unwittingly

Security officials have also commented on the importance of metadata. General Michael Hayden, former director of the NSA and the CIA has stated "we kill people based on metadata." Stewart Baker, former NSA General Counsel, has said "metadata absolutely tells you everything about somebody's life. If you have enough metadata, you don't really need content."

There are numerous studies that confirm Hayden and Baker's comments.  For example, some studies point to calls to religious organizations that allow for inferences of a person's religion.  Calls to medical organizations can often allow for inferences on medical conditions. In fact, a recent U.S. court brief signed by some of the world's leading computer experts notes:

Telephony metadata reveals private and sensitive information about people.
It can reveal political affiliation, religious practices, and people's most intimate associations. It reveals who calls a suicide prevention hotline and who calls their elected official; who calls the local Tea Party office and who calls Planned Parenthood. The aggregation of telephony metadata—about a single person over time, about groups of people, or with other datasets—only intensifies the sensitivity of the information

Further, the Privacy Commissioner of Canada has released a study on the privacy implications of IP addresses, noting how they can be used to develop a highly personal look at an individual.

Indeed, even the Justice ministers report that seems to serve as the policy basis for Bill C-13 recommends the creation of new investigative tools in which "the level of safeguards increases with the level of privacy interest involved."

Given the level of privacy interest with metadata, the approach in Bill C-13 for transmission data warrants should be amended by adopting the reasonable grounds to believe standard.

Transparency and Reporting

Third, the lack of transparency, disclosure, and reporting requirements associated with warrantless disclosures must be addressed.  This combines PIPEDA and lawful access, but one that is made worse by Bill C-13. The stunning revelations about requests and disclosures of personal information - the majority without court oversight or warrant - points to an enormously troubling weakness in Canada's privacy laws.  Most Canadians have no awareness of these disclosures and have been shocked to learn how frequently they are used and that bills before Parliament propose to expand their scope.  In my view, this makes victims of us all - disclosure of our personal information often without our awareness or explicit consent.

When asked for greater transparency - as we see in other countries - Canada's telecom companies have claimed that government rules prohibit it. I hope that the committee will amend the provisions that make warrantless disclosures more likely in Canada. But even if it doesn't, it should surely increase the level of transparency by mandating subscriber notifications, record keeping of personal information requests, and the regular release of transparency reports.  These requirements could be added to Bill C-13 to lessen the concern associated with voluntary warrantless disclosures.  Moreover, regular reporting would not harm investigative activities and would hold the promise of enhancing public confidence in both our law enforcement and communications providers.

I'd like to conclude by pointing to a personal incident involving one of the committee members - Mr. Dechert - that highlights the relevance of these issues.  Many will recall that several years ago Mr. Dechert was the victim of a privacy breach, with personal emails sent to journalists and widely reported in the media. The incident ties together several issues I've discussed:

1.    Privacy interests arise even when you have nothing to hide and have done nothing wrong.  The harm that arose in that case - despite no wrongdoing - demonstrates the potential victimization that can occur without proper privacy safeguards.
2.    Much of that same information runs the risk of voluntary disclosure. Indeed, the expansion of the public officer definition means that political opponents could seek voluntary disclosure of such information and obtain immunity in doing so. Moreover, there is no notification in such instances.
3.    The content of the emails was largely irrelevant.  The metadata - who was being called, when they were called, where they were called and for how long - would allow for the same inferences that were mistakenly made during that incident. The privacy interests was in the metadata, which is why a low threshold is inappropriate.

This kind of privacy harm can victimize anyone. We know that information from at least 750,000 Canadian user accounts are voluntarily disclosed every year.  It is why we need to ensure that the law has appropriate safeguards against misuse of our personal information and why C-13 should be amended. I'll stop there and welcome your questions.

What if the CBC Really Put Everything Up for Review?

Michael Geist Law RSS Feed - Tue, 2014/05/27 - 00:55
The future of broadcasting has emerged as a hot issue with Canada's broadcast regulator effectively putting everything up for grabs as part of its comprehensive TalkTV review of broadcasting regulation. Acknowledging the dramatic shift in the way Canadians access and interact with broadcasting, reforms to seemingly untouchable policies such as simultaneous substitution, genre protection, and over-the-air broadcasting are all on the table.

The Canadian Radio-television and Telecommunications Commission has effectively acknowledged that the world has changed and policies based on a different landscape merit a review. In the current market, scarcity has given way to abundance and broadcasters have ceded considerable control to consumers’ demands to watch what they want, when they want.

My weekly technology law column (Toronto Star version, homepage version) notes that Canada’s public broadcaster, the Canadian Broadcasting Corporation, is undergoing a similar review. If recent comments from its president Hubert Lacroix are any indication, however, there is no willingness to radically rethink its future. In a speech earlier this month to the Canadian Club of Montreal, Lacroix devoted much of his time to lamenting the budgetary challenges faced by CBC with unfavourable comparisons to support for public broadcasting in other countries.  


Liberal MP Stéphane Dion adopted a similar approach in comments in the House of the Commons, focusing on budget cuts and claiming that "more than ever, Canada needs a quality public broadcaster."

Lacroix and Dion start from the position that the public broadcaster (particularly English language broadcasting) remains as important today as it did decades ago and that the challenges are primarily budgetary in nature. Yet a more ambitious review would not start with the assumption that this is primarily a debate over financing, but rather open the door to considering whether Canada really does need a public broadcaster in its current form "more than ever".

Indeed, given the many changes in the broadcast environment, the necessity for a public broadcaster that is not dramatically different from the myriad of private choices is not entirely clear. The private sector offers equally compelling news programming and strong sports coverage. The CBC frequently emphasizes the need for a domestic voice and perspective, but today Canadians are empowered to do this on their own.

What the public often needs are the "raw materials" to enhance their content and better platforms to help distribute and market it. What if the CBC saw its public role primarily through that prism?  It could continue to produce news programming, but openly licence its content so that Canadians could freely use it for their own creativity and storytelling. Moreover, the CBC could provide the digital platform for those new perspectives, becoming an aggregator for Canadian voices on everything from hockey to politics.

Rethinking the role of the public broadcaster could also mean embracing "non-economic" programming such as local news. While Lacroix muses about whether the CBC should forego local news programming due to the costs, the growing challenge for the private broadcasters to offer comprehensive local news is precisely why a case can be made for public dollars to step in and fund it.

The CBC could also re-examine how it distributes its programming and what it airs during prime time. The public broadcaster could launch an English-language Netflix competitor, offering unlimited on-demand Canadian programming online at no cost. Rather than shutting down over-the-air broadcasting, it could enhance its over-the-air approach by offering mobile television services that by-pass the pricey private alternatives.

As for its conventional programming, it could drop the "me-too" reality shows and use its prime time hours to air Canadian movies and documentaries, providing far more exposure to professionally produced Canadian programming that often struggles to find widespread distribution.

There are legal restrictions that render a fundamental rethinking of the CBC enormously difficult. While no one has all the answers, starting with the view that what ails the CBC is primarily a lack of funding demonstrates a lack of vision and misses the broadcast revolution that is well underway.

Canadian Bar Association Releases Recommended Reforms For Bill C-13

Michael Geist Law RSS Feed - Tue, 2014/05/27 - 00:42
With Justice Minister Peter McKay insistent that the government will not be splitting Bill C-13 into the lawful access and cyber-bullying components, the Canadian Bar Association heads to Parliament hill today to appear before the Justice Committee to discuss the bill. The CBA's submission features 19 recommendations, including the need for "an independent comprehensive review of privacy interests in the context of electronic investigations." That call echoes an NDP recommendation for a similar independent review.  The brief also includes other recommendations for lawful access reform, such as raising the threshold for a transmission data warrant and establishing additional limitations on preservation orders.

In Defence of the Government Tracking Social Media Activity

Michael Geist Law RSS Feed - Mon, 2014/05/26 - 00:04
For most of the past decade, many people concerned with digital rights have used the Internet and social media to raise awareness in the hope that the government might pay closer attention to their views. The Canadian experience has provided more than its fair share of success stories from copyright reform to usage based billing to the Vic Toews lawful access bill. Yet in recent weeks, there has been mounting criticism about the government's tracking of social media. This post provides a partial defence of the government, arguing that it should be tracking social media activity provided it does so for policy-making purposes.

The controversy started with news that the Privacy Commissioner of Canada has written to the government to express concern that an increasing number of government institutions are collecting publicly available personal information from social media sites such as Facebook and Twitter. The initial report generated considerable media attention with claims that the activity may violate the Privacy Act (or at least the spirit of the legislation).

Last week, Treasury Board President Tony Clement told Jesse Brown that the collection was largely in aggregate form to track public sentiment and that a full review of current practices would be undertaken. However, a later report demonstrated that government officials tracking Bill C-30 (the earlier lawful access bill) did identify specific Twitter users and their tweets (many internal documents I've obtained under Access to Information suggest that the Public Safety officials have been exceptionally defensive about lawful access and often seem to drift away from a balanced position).


As noted above, I think government tracking of social media activity - particularly where it is public and aimed at a policy issue - is a good thing.  That support comes with a few caveats. First, social media activity - such as posts, likes, and tweets - are obviously personal information. The fact that they are publicly posted does not alter their status as personal information. The suggestion that the information is fair game for any use since it publicly available is simply wrong. Note that the issue involves postings that are public, not private.

Second, the Privacy Act does indeed establish some limitations on the collection of personal information. Section 4 provides:

No personal information shall be collected by a government institution unless it relates directly to an operating program or activity of the institution.

If the collection of social media information falls outside of this provision, it is offside the law.

Third, there are clearly dangers of misuse, as the Cindy Blackstock case demonstrated. Using social media to target a specific individual raises serious concerns.

With those caveats, I find myself supportive of the government tracking social media activity, if for the purposes of staying current with public opinion on policy, government bills or other political issues. Facebook and Twitter are excellent sources of discussion on policy issues and government policy makers should be tracking what is said much like they monitor mainstream media reports. Too often government creates its own consultation forum that attracts little attention, while the public actively discusses the issue on social media sites. It seems to me that the public benefits when the government pays attention to this discussion. Users that tweet "at" a minister or use a searchable hashtag are surely hoping that someone pays attention to their comment. To see that government officials are tracking these tweets is a good thing, representing a win for individuals that speak out on public policy.

There certainly needs to be policies that ensure that the information is used appropriately and in compliance with the law, but if the current controversy leads to warnings against any tracking of social media, I fear that would represent a huge loss for many groups that have fought to have the government to pay more attention to their concerns.

Canada Ratifies WIPO Internet Treaties

Michael Geist Law RSS Feed - Fri, 2014/05/23 - 04:12
Canada has formally ratified  the WIPO Copyright Treaty and the WIPO Performances and Phonograms Treaty. The ratification was a key part of the copyright reform process, leading to contentious debate over the Canadian approach to providing legal protection for digital locks. The treaties will enter into force on August 13, 2014.

From Toews to Todd: The Unravelling of the Government's Lawful Access Sales Strategy

Michael Geist Law RSS Feed - Fri, 2014/05/23 - 03:32
As criticism of Bill C-13 mounts, the government's sales strategy for its latest lawful access bill is starting to unravel. Many will recall the immediate, visceral opposition to Bill C-30, the last lawful access bill that started with then-Public Safety Minister Vic Toews declaring the day before introduction that Canadians could either stand with the government or with the child pornographers. The bill never recovered as Toews' divisive remarks placed the spotlight on the warrantless disclosure provisions and the lack of privacy balance. Within ten days it was on placed on hiatus and formally killed a year later.

While the government has removed some of the most contentious elements from Bill C-30, many privacy concerns remain (immunity for voluntary disclosure, metadata). Indeed, it appears that its primary takeaway from the last legislative failure - an incredibly rare moment in the life of a majority government - was that it was a botched sales job. So despite a promise not to bring back lawful access legislation, it did so months later, this time armed with a new marketing strategy. Bill C-13 was framed as a cyber-bullying bill and its primary sales people were presumably supposed to be the victims of cyber-bullying and their parents.

The turning point on Bill C-13 came ten days ago when they appeared before the Justice Committee studying the bill. Carol Todd, the mother of Amanda, led off and courageously insisted that the government stop using her child's name to undermine privacy:


"While I applaud the efforts of all of you in crafting the extortion, revenge, porn, and cyberbullying sections of Bill C-13, I am concerned about some of the other unrelated provisions that have been added to the bill in the name of Amanda, Rehtaeh, and all of the children lost to cyberbullying attacks.

I don't want to see our children victimized again by losing privacy rights. I am troubled by some of these provisions condoning the sharing of the privacy information of Canadians without proper legal process. We are Canadians with strong civil rights and values. A warrant should be required before any Canadian's personal information is turned over to anyone, including government authorities. We should also be holding our telecommunication companies and Internet providers responsible for mishandling our private and personal information. We should not have to choose between our privacy and our safety.


We should not have to sacrifice our children's privacy rights to make them safe from cyberbullying, sextortion and revenge pornography."

Ms. Todd's comments effectively derailed the government's sales strategy for Bill C-13, making it clear that the failure to appropriately protect our privacy victimizes the same people the bill purports to protect. In the days since her appearance, the voices against the bill have grown louder. Ontario Privacy Commissioner Ann Cavoukian this week:

"The time for dressing up overreaching surveillance powers in the sheep-like clothing of sanctimony about the serious harms caused by child pornography and cyberbullying is long past."

Former Public Safety Minister Stockwell Day, who faced his own backlash against lawful access, yesterday:

"There can be an overreaction in terms of how you correct it. So [Cavoukian is] raising a bit of an alarm here. Let's be very careful in how we could protect someone in a situation like this, but let's also be careful in going too far and limiting even things like free speech, [or using] invasive techniques that could be employed by policing. I'm hoping they take another look at this and kind of curtail some of those powers."

Next week, the committee resumes with appearances from criminal lawyers, the Canadian Bar Association, and others (I'm currently scheduled to appear on Thursday). With the criticism likely to grow, the government should recognize that its lawful access strategy has failed yet again. The right approach would be to separate the bills, move forward on addressing cyber-bullying, and go back to the drawing board on surveillance and lawful access.

Who's Watching Whom: An Examination of Canadian Privacy and Surveillance

Michael Geist Law RSS Feed - Thu, 2014/05/22 - 03:46

Earlier this week I was pleased to speak at the monthly Geek Girls Toronto event. Hosted at the Mozilla offices, a sold-out audience showed yet again that there is enormous public interest and concern with recent privacy and surveillance developments. A video of the talk, which focused on the problems associated with lawful access, privacy reform, and surveillance, is posted below.




The Copyright Board of Canada Music Streaming Decision: The Good, the Bad, and the Ugly

Michael Geist Law RSS Feed - Wed, 2014/05/21 - 00:58
The Copyright Board of Canada issued its long-awaited music streaming decision late last week, setting royalties to be paid by Internet music streaming services such as Pandora for non-interactive and semi-interactive streaming for the years 2009 to 2012. This covers passive Internet radio services and services that allow users to influence what they listen to. Given that Pandora left the Canadian market over high tariff rates, the outcome of the decision was destined to be a key determinant over whether many of the missing Internet music streaming services enter the Canadian market.

For fans of Pandora or similar services, the decision brings good news. The board largely rejected the arguments of Re:Sound, the collective responsible for the tariff and settled on rates close to what the Internet services were seeking. While the collective argued for rates similar to those found in the U.S., the Board ruled that the U.S. was not a suitable comparison. 

Moreover, it rejected arguments that this form of music streaming cannibalizes music sales, concluding that exposure to music through non-interactive and semi-interactive streaming may increase sales:


We are unconvinced that non-interactive and semi-interactive streaming cannibalizes sales of CDs or downloads. Though the Objectors' evidence and arguments in this respect are not without contradictions, we agree with them, for the reasons set out in paragraph 157 below, that non-interactive webcasting is similar to over-the-air radio. We find that neither over-the-air radio nor non-interactive webcasting is likely to cannibalize music sales; if anything, they are likely to stimulate them.

The same is true of semi-interactive webcasts. Pandora's American free and paying subscribers are about twice as likely to purchase CDs or downloads as are non-subscribers. Furthermore, while purchases by Pandora's subscribers are declining, the decline is not as steep as for non-subscribers.

The end result are tariff rates that the Board estimates would constitute between 4 and 5 percent of Pandora's Canadian revenues. By comparison, the board says Pandora pays about 50% of U.S. revenues as royalties. If these estimates are accurate, Canada could emerge as an attractive market for music streaming services.

If that is the good news, the bad news is that Re:Sound may well send the issue to federal court for review. Re:Sound lost on many of its points and ended with a tariff far below what it was seeking. No surprise then that its president is quoted as saying:

“We are disappointed that the rates certified by the Board do not reflect market rates in Canada and are a small fraction of the rates payable by the same services in the U.S."

Re:Sound says it is reviewing the decision and will have more information shortly.

The ugly in this decision is the incredible length of the decision-making process. Re:Sound started this process in March 2008 - more than six years ago. In the years that followed, it adjusted its demands as the market changed. The Board finally heard arguments and evidence over a ten day period in September and October 2012. 

The decision therefore comes more than 18 months after that hearing. By virtually any standard - let alone an Internet one - this is an unacceptably long period of time to address an issue. The Supreme Court of Canada has a much bigger workload, yet releases its decisions far faster. Moreover, technology and the market move much faster than the board - consider that the iPhone launched in Canada in July 2008, months after the initial Re:Sound filing. The long delays created significant commercial uncertainty and likely led to delays in new services entering the Canadian market. As I argued earlier this month, the Copyright Board is broken and a serious digital strategy should commit to fixing it.

European 'Right to be Forgotten' Ruling Fails to Strike Free Speech - Privacy Balance

Michael Geist Law RSS Feed - Tue, 2014/05/20 - 00:29
The European Court of Justice shook up the privacy and Internet world last week by ruling that European data protection law includes a right to be forgotten with respect to search engine results that are "inadequate, irrelevant or no longer relevant." As a result of the decision, search companies such as Google will be required to remove results from its index that meet this standard upon request.

My weekly technology law column (Toronto Star version, homepage version) notes that as people flock to remove content from the Google search index - reports indicate that the company began receiving removal requests within hours of the ruling - there remains considerable uncertainty about how to implement the decision, whether it will migrate to Canada, and if a new right to be forgotten will serve the cause of privacy protection or harm free speech and access to information.


The decision arises from a 2010 complaint by a Spanish man who was upset to find that searching his name in Google yielded links to a 1998 announcement in a newspaper on a real estate auction designed to generate proceeds to pay back social security debts. The information was both factual and readily accessible online, yet the man felt that the now-outdated information was a violation of his privacy.

As the case made its way through the courts, several European countries waded into the issue. The Spanish and Italian governments sided with the confirmation of a right to be forgotten, while Austria, Greece, and Poland supported Google’s position that it should not be required to remove lawful content from its search index.

In ruling against Google, the court reached two key conclusions.  

First, it ruled that it could assert jurisdiction over the search giant, despite the fact that the processing of the data took place outside of Spain. That aspect of the decision should not have been particularly surprising, since most countries take the position that a real and substantial connection (Google has a Google.es site and actively markets its services in Spain) is sufficient to assert jurisdiction over an out-of-country entity. For example, Canada maintains that its privacy laws apply to organizations outside the country that collect, use or disclose personal information of Canadians.

Second, the court ruled that Google could be compelled to remove links to personal information that is "inadequate, irrelevant or no longer relevant." While the court suggests that this akin to a right to be forgotten, it is really a right to digital obscurity since the actual content is not removed from the Internet.

Companies may be focused on the practical costs associated with content removal, but many already remove content if served with a valid court order, notification of defamation, or copyright infringement notice. Adding privacy removals may generate additional costs, but they do not raise significant technical challenges.

The legal challenges are far more troubling, however. First, the ruling vests enormous power and responsibility in the hands of search companies and other intermediaries. Rather than leaving difficult questions on the validity or harm of information to impartial courts, the ruling requires search engines to make the call.  Given the potential for liability if they refuse to remove the links, the search engines will likely err on the side of removal.

Second, the ruling does not lead to the removal of the underlying content itself, which in many instances may be both legal and accurate. If there are concerns about third party content (no one doubts the right of an individual to delete content they posted themselves), surely there is a need to address that issue, rather than targeting intermediaries such as search engines.

Third, the Supreme Court of Canada recently ruled that the law must sometimes balance important rights such as privacy and freedom of expression. Yet the European ruling suggests that privacy trumps freedom of expression and the right to information. By eliminating the need for balance, the ruling shockingly undermines important speech rights in return for a bit of online obscurity.

Competition Bureau Recommends New Regulations To Address Wireless Competition Concerns

Michael Geist Law RSS Feed - Fri, 2014/05/16 - 00:20
The Canadian Competition Bureau has filed a submission to the CRTC's wholesale mobile wireless services review in which it reaffirmed its view that the Canadian wireless market is uncompetitive and would benefit from regulation.  The Bureau finds that a more competitive market would deliver $1 billion annually in benefits to the Canadian economy:

incumbents appear to have the ability and incentive to profitably raise the rates they charge their retail competitors for wholesale roaming services, and potentially other wholesale arrangements, above competitive levels. The incumbents’ wholesale customers may be passing these price increases on to retail customers. These retail price increases may be harming competition in retail mobile wireless services markets in Canada. In particular, more competitive markets could deliver approximately $1 billion in benefits to the Canadian economy.



The submission, which includes a commissioned study on the Canadian market, also concludes that:
  • more customers are either leaving Canadian retail mobile wireless services markets or not entering these markets at all, than would have in a fully competitive marketplace.
  • Rogers and TELUS are generally earning above-normal returns on their mobile wireless investments
  • the CRTC has an opportunity to significantly increase the economic efficiency of the Canadian economy. Specifically, by taking steps to increase competition in wholesale mobile wireless services markets, the CRTC can improve consumer welfare by enhancing the affordability and variety of retail mobile wireless services in Canada.

In light of these findings, the Bureau recommends:

To achieve these significant gains, the CRTC should adopt measures to address the incentives for the incumbents to raise their retail competitors’ wholesale prices. Appropriate measures may include the introduction of competitive safeguards or mandated wholesale access, or targeted spectrum allocations towards non-incumbent carriers in upcoming auctions, which the Bureau may address further as additional evidence develops in this proceeding.

Last year, some commentators suggested that the Competition Bureau consider whether there is a wireless competition concern in Canada. The views of Canada's independent agency responsible for ensuring "that Canadian businesses and consumers prosper in a competitive and innovative marketplace" are now on the record and are unequivocal.  There is a wireless competition problem in Canada and regulation is needed to address it.

Has Canada Caved on Copyright Term Extension in the TPP?

Michael Geist Law RSS Feed - Fri, 2014/05/16 - 00:15
The Trans Pacific Partnership negotiations resume next week and while an agreement does not appear imminent, reports from Japan indicate that the copyright term issue may have been resolved.  Japan and Canada are two of several TPP countries whose term of copyright protection is life of the author plus 50 years. According to the Japan News, those countries (which also include New Zealand, Malaysia, Vietnam, and Brunei) are prepared to cave to U.S. pressure to extend the term of copyright to life of the author plus 70 years:

Among the 12 countries, Japan, Canada and four other countries protect an author's copyright for 50 years after their death, the United States and four other countries for 70 years and Mexico for 100 years. Following the agreement, Japan will extend its duration by 20 years.


If true, the extension represents a major loss for Canada and run counter to a government consultation that generated huge opposition on the issue. The extension in the term of copyright would mean no new works would enter the public domain in Canada until at least 2035 (assuming an agreement takes effect in 2015). â€¨Many important authors would be immediately affected since their works are scheduled to enter the public domain in the 2015 - 2035 period. These include Canadians such as Marshall McLuhan, Gabrielle Roy, Donald Creighton, and Glenn Gould as well as non-Canadians such as TS Eliot, John Steinbeck, JRR Tolkein, and Ayn Rand. Given the potential to make those works more readily accessible to new generations once they enter the public domain, extending the term of copyright as potentially required by the TPP would have a dramatic negative effect on access to Canadian literature and history.

Why the Canadian Government Should Maintain Its Position on CETA and the ISDS Provision

Michael Geist Law RSS Feed - Tue, 2014/05/13 - 23:29
Media reports last week indicated that finalizing the Canada - European Union Trade Agreement has been delayed by a Canadian demand to exclude intellectual property from the scope of the investor-state dispute settlement system. While that sounds like an arcane, technical issue, it actually involves potentially billions of dollars and the Canadian government deserves kudos for adopting its current position even as the pressure builds to simply cave on the issue.

The investor-state dispute settlement provision is among the most controversial aspects of CETA (and the proposed Trans Pacific Partnership) since it opens the door to private lawsuits by companies against the government over the state of national law. These lawsuits can involve claims for hundreds of millions of dollars, with costs that may ultimately be borne by taxpayers. The Canadian government is keenly aware of the risks, since it is currently facing a $500 million lawsuit by pharmaceutical giant Eli Lilly over the approach of Canadian courts to the concept of utility in patent law. The Canadian government is likely to ultimately win the lawsuit, but the legal risks are still significant, with Eli Lilly effectively demanding that every Canadian pay it nearly $15 due to our patent laws. If Eli Lilly can file a $500 million lawsuit over two patented drugs, the potential for numerous lawsuits and billions in claims is a real possibility.


With the government slowly realizing that ISDS provisions open the door to a flurry of similar lawsuits, it is now trying to slam it shut on European-based lawsuits by excluding intellectual property from the scope of the provision.  That is the right policy - the CATO Institute recently argued that ISDS provisions don't belong in trade agreements altogether - and the Canadian government is taking the right position on CETA. ISDS provisions should be avoided and certainly should not extend to court rulings in intellectual property disputes. That is true for CETA and should also be the case for the Trans Pacific Partnership, which is still being negotiated.

Copyright Board Indicates It Will Not Include Mandatory Delete Rule in Tariff

Michael Geist Law RSS Feed - Tue, 2014/05/13 - 23:21
The Copyright Board of Canada has issued an order in the tariff proceedings with Access Copyright that indicates its preliminary view is that it will not support the collective's demand for a provision that would require deletion of digital copies made under a copying tariff where an institution stops relying on the tariff.  Access Copyright wants the following included:

[w]here the Licensee is no longer covered by a tariff for the making and distribution of Digital Copies, the Licensee shall immediately cease to use Digital Copies of Published Works in the Repertoire, delete from their hard drives, servers or storage area networks, and make reasonable efforts to delete from any other device or medium capable of storing Digital Copies, those Digital Copies and upon written request from Access Copyright shall certify  that it has done so.

The Board says its preliminary view is that it will not include such a requirement in the tariff.

Netflix Speed Rankings Raise Rogers Internet Traffic Management Questions: What Did It Know ...

Michael Geist Law RSS Feed - Mon, 2014/05/12 - 20:59
Netflix released its latest ISP Speed Index yesterday, including Canada for the first time.  Given the popularity of the online video service, the Netflix report has attracted increasing attention as it offers a comparative look at the average download speeds for Netflix customers across Internet providers around the world. While the company acknowledges that there are various factors that influence speed (including device used, video quality, etc.), those issues are found across all ISPs, so the comparisons remain valid.

Canada's performance is middling at best as the Netflix data indicates that we are a mid-tier country at best.  Canadian speeds that do not compare well with most European countries (note that Asian countries such as South Korea and Japan are not included but would likely rank far ahead of Canada as well). The biggest surprise in the report is how poorly Rogers ranked, coming in last among the 14 Canadian ISPs that were measured. The ranking is particularly surprising since the other large cable companies (Shaw, Videotron, Cogeco, and Eastlink) all ranked in the upper half of Canadian ISPs.


The poor ranking, which would have placed Rogers in last place in many other countries (Denmark, Finland, Ireland, the Netherlands, Norway, Sweden, the UK, and Uruguay) raises questions about Rogers' Internet traffic management practices.  In response to the Netflix story and some tweets on the issue, Rogers responded:

Netflix test done just before we virtually doubled Netflix capacity, we'll continue to add more capacity as required

I followed with a tweet raising questions about the meaning of doubling Netflix capacity and asking whether the company was throttling Netflix traffic. Rogers replied:

We don't throttle Netflix. We've doubled capacity in the links that carry traffic from Netflix to our customers.

While these responses are meant to be reassuring, they raise troubling questions about how Rogers manages its network and whether the slow Netflix speeds could have been used to create a competitive advantage for its own online video services. While the company says that it does not throttle Netflix traffic (ie. deliberately slow it down), its response also suggests that it knew that the service was being slowed by insufficient capacity.  I wrote about net neutrality in my weekly technology law column this week (Toronto Star version, homepage version) and the Rogers responses raise a host of related regulatory questions:
  • How long did it know that Netflix speeds were slow? 
  • Why are Netflix-specific links within the network the problem? 
  • Does Rogers separate Netflix traffic from other traffic? 
  • If so, why does it not disclose the practice? 
  • Is the slowing of video a violation of Section 36 of the Telecommunications Act, which the CRTC has said amounts to controlling the content? 
  • Are other online video services affected in the same manner?
  • Are Rogers online video services affected?

The Netflix rankings are presumably designed to provide greater transparency on actual ISP speeds.  Now that we have Canadian data, we need some answers from one of Canada's largest ISPs on why it ranked so badly.

Appointment of New Copyright Board of Canada Chair Offers Chance for Change

Michael Geist Law RSS Feed - Thu, 2014/05/08 - 02:44
Copyright Board of Canada chair William J. Vancise will see his term come to an end this month, opening the door for the government to start the process of reforming the much-criticized board. Vancise has served the maximum two terms as chair, with his time marked by the Supreme Court of Canada's rejection of the board's approach to fair dealing, ongoing frustration from stakeholders about board administrative processes, and the failure of the board to broaden its approach by becoming more inclusive of the public.

The exclusion of the public stands in sharp contrast to the CRTC and Competition Bureau, which have both taken steps in recent years to involve the public more directly in policy making activities, hearings, and other issues. By contrast, the Copyright Board does little to encourage public participation, despite the fact that its decision often have an impact that extends beyond the parties before it. When asked recently about the accessibility and participation concerns, the board pointed to an internal working group as evidence that it regularly reviews its practices and compared itself to the Federal Court of Appeal, noting that "of course they [the public] don't participate, because they don't really belong there, per se."


The problems with the current Copyright Board run even deeper than having its core decisions overturned by the Supreme Court and the public finding itself largely excluded from the process. The business community - particularly those seeking to develop new, digital business models - point to the board as a major problem. For example, Songza recently told the Standing Committee on Canadian Heritage:

Why is Canada behind the U.S. and other countries in the development of music streaming services? One reason is that the regulatory framework in Canada doesn't foster innovation. The rate-setting process - through the Copyright Board - takes far too long, up to four to five years for an industry where business models are changing rapidly.

It's hard to build a business model without certainty as to how much you have to pay for the main inputs to your business. This certainly holds true for investors investing in these businesses. That's why Songza came to an agreement with Re:Sound - the organization that represents recording musicians and record companies - that allowed Songza to launch in Canada with certainty on those rates, without having to wait years for a decision from the Copyright Board.

Similarly, Nettwerk Music Group, one of Canada's most successful independent music labels, told the committee:

Many streaming service providers are choosing to stay out of Canada given the uncertainty created by the length of time it takes for tariff decisions. So to echo Victoria Shepherd of Connect Music Licensing, 'The Copyright Board should not be seen as a barrier to business or as an impediment. Rather it should be considered a business development office. It needs the resources to ensure it can render decisions in lockstep with the pace of technology innovation.' Without the improvements to the Copyright Board, we are simply not realizing the full potentials of the dollars we're all investing.

As I noted over a year ago, many believe the Copyright Board of Canada is broken. The government hasn't paid much attention, but a starting point for addressing the concerns may come with the appointment of a new chair and the potential it brings to establish new policy and governance priorities.

Why Public Safety Minister Blaney Gets It Wrong on Privacy and Warrantless Disclosures

Michael Geist Law RSS Feed - Wed, 2014/05/07 - 02:23
The House of Commons engaged in active debate on privacy this week, spurred by an NDP motion from MP Charmaine Borg. The motion reads:

That, in the opinion of the House, the government should follow the advice of the Privacy Commissioner and make public the number of warrantless disclosures made by telecommunications companies at the request of federal departments and agencies; and immediately close the loophole that has allowed the indiscriminate disclosure of the personal information of law-abiding Canadians without a warrant.

The government voted down the motion on Tuesday, but the Monday debate provided new insights into the government's thinking on privacy. Unfortunately, most of its responses to concerns about warrantless disclosures were either wrong or misleading. In particular, Steven Blaney, the Minister of Public Safety, raised at least four issues in his opening response that do not withstand closer scrutiny.


First, he says:

Only the most basic information, such as the name and phone number, may be released. In all cases, this is done voluntarily, meaning that a company could decide not to co-operate at any time if it did not feel a certain request met the expectations of its customers.

In fact, the voluntary disclosure provision in PIPEDA is not limited to basic information. PIPEDA features several exceptions to disclosure without consent (including disclosures made pursuant to a court order), including:

an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that
(ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or
(iii) the disclosure is requested for the purpose of administering any law of Canada or a province;

While some providers may limit their warrantless disclosures to basic subscriber information, this statute does not contain that limitation. When asked about their practices, providers such as Shaw merely state that they "rely on the standards and definitions set out in the Personal Information Protection and Electronic Documents Act".  Similarly, MTS Allstream states that "does not release customer information unless permitted or required by law, such as a valid law enforcement demand."

Second, even Blaney's claim of "basic subscriber information" is incomplete. The so-called basic subscriber information also includes IP addresses, data that is not found in any typical directory. Last year, the Privacy Commissioner of Canada released a study that found that an IP address that can be highly revealing. The study concluded:

Referring to such data as being on par with what one would find in the white pages of a phone book grossly misconstrues and underestimates what can ultimately be gleaned from such information. As such, it is truly more than just "phone book" information.

Third, Blaney emphasizes the voluntary nature of the disclosures:

Let me be clear. What we are talking about today is voluntary disclosure by private businesses to law enforcement.

What Blaney does not say is that the government is seeking to expand the frequency of voluntary disclosure. Bill C-13, the lawful access bill, will expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant.

Fourth, the government is also seeking to expand the scope of voluntary disclosure. Bill S-4, the Digital Privacy Act, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law.  This despite the fact that Roxanne James, the Parliamentary Secretary to the Minister of Public Safety, later states in the debate:

We expect that telecommunication service providers only release basic subscriber information when it is for reasons of public good, such as to help police investigating a crime or, for example, identifying the next of kin.

Given the provisions in Bill S-4, the government's expectations are that warrantless disclosures will increase in the future. In fact, there are other responses from government MPs that are similarly problematic, including attempts to equate government requests for subscriber information with collection of information by Internet companies and an absurd claim that if the Privacy Commissioner had found any of 1.2 million requests out of line, she would have said so.

The NDP motion should not have been particularly controversial. If the information being disclosed is as innocuous as the the government maintains, disclosing aggregate data should not pose any concerns. Indeed, there are many steps that should be taken (including government and telecom transparency reports, notifications to subscribers of disclosures, reforms to Bills C-13 and S-4, and regular audits by the Privacy Commissioner of Canada) that would better address the balance of privacy with maintaining public safety.  Unfortunately, the government's current position is to respond with assurances that fail to address public concern over their privacy.
Syndicate content