Feed aggregator

Copyright Board Indicates It Will Not Include Mandatory Delete Rule in Tariff

Michael Geist Law RSS Feed - Tue, 2014/05/13 - 23:21
The Copyright Board of Canada has issued an order in the tariff proceedings with Access Copyright that indicates its preliminary view is that it will not support the collective's demand for a provision that would require deletion of digital copies made under a copying tariff where an institution stops relying on the tariff.  Access Copyright wants the following included:

[w]here the Licensee is no longer covered by a tariff for the making and distribution of Digital Copies, the Licensee shall immediately cease to use Digital Copies of Published Works in the Repertoire, delete from their hard drives, servers or storage area networks, and make reasonable efforts to delete from any other device or medium capable of storing Digital Copies, those Digital Copies and upon written request from Access Copyright shall certify  that it has done so.

The Board says its preliminary view is that it will not include such a requirement in the tariff.

Netflix Speed Rankings Raise Rogers Internet Traffic Management Questions: What Did It Know ...

Michael Geist Law RSS Feed - Mon, 2014/05/12 - 20:59
Netflix released its latest ISP Speed Index yesterday, including Canada for the first time.  Given the popularity of the online video service, the Netflix report has attracted increasing attention as it offers a comparative look at the average download speeds for Netflix customers across Internet providers around the world. While the company acknowledges that there are various factors that influence speed (including device used, video quality, etc.), those issues are found across all ISPs, so the comparisons remain valid.

Canada's performance is middling at best as the Netflix data indicates that we are a mid-tier country at best.  Canadian speeds that do not compare well with most European countries (note that Asian countries such as South Korea and Japan are not included but would likely rank far ahead of Canada as well). The biggest surprise in the report is how poorly Rogers ranked, coming in last among the 14 Canadian ISPs that were measured. The ranking is particularly surprising since the other large cable companies (Shaw, Videotron, Cogeco, and Eastlink) all ranked in the upper half of Canadian ISPs.


The poor ranking, which would have placed Rogers in last place in many other countries (Denmark, Finland, Ireland, the Netherlands, Norway, Sweden, the UK, and Uruguay) raises questions about Rogers' Internet traffic management practices.  In response to the Netflix story and some tweets on the issue, Rogers responded:

Netflix test done just before we virtually doubled Netflix capacity, we'll continue to add more capacity as required

I followed with a tweet raising questions about the meaning of doubling Netflix capacity and asking whether the company was throttling Netflix traffic. Rogers replied:

We don't throttle Netflix. We've doubled capacity in the links that carry traffic from Netflix to our customers.

While these responses are meant to be reassuring, they raise troubling questions about how Rogers manages its network and whether the slow Netflix speeds could have been used to create a competitive advantage for its own online video services. While the company says that it does not throttle Netflix traffic (ie. deliberately slow it down), its response also suggests that it knew that the service was being slowed by insufficient capacity.  I wrote about net neutrality in my weekly technology law column this week (Toronto Star version, homepage version) and the Rogers responses raise a host of related regulatory questions:
  • How long did it know that Netflix speeds were slow? 
  • Why are Netflix-specific links within the network the problem? 
  • Does Rogers separate Netflix traffic from other traffic? 
  • If so, why does it not disclose the practice? 
  • Is the slowing of video a violation of Section 36 of the Telecommunications Act, which the CRTC has said amounts to controlling the content? 
  • Are other online video services affected in the same manner?
  • Are Rogers online video services affected?

The Netflix rankings are presumably designed to provide greater transparency on actual ISP speeds.  Now that we have Canadian data, we need some answers from one of Canada's largest ISPs on why it ranked so badly.

Podcast: Why it is not possible to regulate robots

Here's a reading (MP3) of a my recent Guardian column, Why it is not possible to regulate robots, which discusses where and how robots can be regulated, and whether there is any sensible ground for "robot law" as distinct from "computer law."

One thing that is glaringly absent from both the Heinleinian and Asimovian brain is the idea of software as an immaterial, infinitely reproducible nugget at the core of the system. Here, in the second decade of the 21st century, it seems to me that the most important fact about a robot – whether it is self-aware or merely autonomous – is the operating system, configuration, and code running on it.

If you accept that robots are just machines – no different in principle from sewing machines, cars, or shotguns – and that the thing that makes them "robot" is the software that runs on a general-purpose computer that controls them, then all the legislative and regulatory and normative problems of robots start to become a subset of the problems of networks and computers.

If you're a regular reader, you'll know that I believe two things about computers: first, that they are the most significant functional element of most modern artifacts, from cars to houses to hearing aids; and second, that we have dramatically failed to come to grips with this fact. We keep talking about whether 3D printers should be "allowed" to print guns, or whether computers should be "allowed" to make infringing copies, or whether your iPhone should be "allowed" to run software that Apple hasn't approved and put in its App Store.

Practically speaking, though, these all amount to the same question: how do we keep computers from executing certain instructions, even if the people who own those computers want to execute them? And the practical answer is, we can't.

Mastering by John Taylor Williams: wryneckstudio@gmail.com

John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of the Living Proof Brew Cast. Hear him wax poetic over a pint or two of beer by visiting livingproofbrewcast.com. In his free time he makes "Beer Jewelry" and "Odd Musical Furniture." He often "meditates while reading cookbooks."

MP3

Class action claim against Harlequin Books for e-book royalties upheld by 2nd Circuit

Recording Industry vs The People - Fri, 2014/05/09 - 11:54

In Keiler v. Harlequin Enterprises, a class action royalty claim on behalf of authors whose works were being distributed as e-books by Harlequin was sustained, and the lower court's dismissal of the complaint reversed.

The complaint alleged that Harlan, in a scheme to deprive the authors of their contractual royalties for e-books, had established a subsidiary, was paying royalties to the subsidiary at a below-market rate, and was paying the authors based on the low receipts of the subsidiary rather than on the actual receipts of Harlan itself.

May 1, 2014, US Court of Appeals for 2nd Circuit Ray Beckerman, P.C.

Against the instrumental argument for surveillance


In my latest Guardian column, 'Cybersecurity' begins with integrity, not surveillance, I try to make sense of the argument against surveillance. Is mass surveillance bad because it doesn't catch "bad guys" or because it is immoral? There's a parallel to torture -- even if you can find places where torture would work to get you some useful information, it would still be immoral. Likewise, I've come to realize that the "it doesn't work" argument isn't one that I want to support anymore, because even if mass surveillance did work, it would still be bad.

One thing that parenting has taught me is that surveillance and experimentation are hard to reconcile. My daughter is learning, and learning often consists of making mistakes constructively. There are times when she is working right at the limits of her abilities – drawing or dancing or writing or singing or building – and she catches me watching her and gets this look of mingled embarrassment and exasperation, and then she changes back to some task where she has more mastery. No one – not even a small child – likes to look foolish in front of other people.

Putting whole populations – the whole human species – under continuous, total surveillance is a profoundly immoral act, no matter whether it works or not. There no longer is a meaningful distinction between the digital world and the physical world. Your public transit rides, your love notes, your working notes and your letters home from your journeys are now part of the global mesh of electronic communications. The inability to live and love, to experiment and err, without oversight, is wrong because it's wrong, not because it doesn't catch bad guys.

Everyone from Orwell to Trotsky recognised that control over information means control over society. On the eve of the November Revolution, Trotsky ordered the Red Guard to seize control over the post and telegraph offices. I mentioned this to Jacob Appelbaum, who also works on many spy-resistant information security tools, like Tor (The Onion Router, a privacy and anonymity tool for browsing the web), and he said, "A revolutionary act today is making sure that no one can ever seize control over the network."

'Cybersecurity' begins with integrity, not surveillance

Gurry appointed for second term at WIPO

Sara Bannerman - Thu, 2014/05/08 - 15:27
Francis Gurry has been appointed by the member states of the World Intellectual Property Organization (WIPO) for a second term as Director General.

Gurry is responsible for “signing, sealing, and delivering” two new intellectual property treaties, including the 2013 Marrakesh Treaty to Facilitate Access to Published Works by Visually Impaired Persons and Persons with Print Disabilities, the first WIPO treaty ever to focus on granting  access to copyright works rather than on granting new intellectual property rights. He also delivered the 2012 Beijing Treaty on Audiovisual Performances.

Controversies had surrounded Gurry's tenure as head of WIPO, including recent allegations of misconduct (see also report by Fox News); the failure to conclude the fall 2013 General Assembly on time, requiring an extraordinary meeting in December; controversies over the process for establishing new WIPO regional offices; and the (later resolved) shipment of computer equipment to North Korea and Iran.  Some Members of US Congress have opposed his reappointment.

In his acceptance speech, Gurry made note of a number of challenges that lie ahead, including "asymmetries of wealth, opportunity and knowledge; historical and contemporary trust deficits; and the reality of a multi-speed and multi-tiered world in which multilateralism, while being the highest expression of inclusiveness and legitimacy, is nevertheless the slowest solution."  He also thanked the diplomatic community in Geneva, saying  "Ambassadors and their colleagues have been extremely generous with their time and availability, very indulgent of my failings and shortcomings and always willing to engage and to assist in overcoming difficulties."
Gurry, an Australian, was appointed from a slate of four candidates including also Nigerian Geoffrey Onyeama, WIPO Deputy Director General; Alfredo Suescum, Chair of WTO TRIPs Council and Panama's Ambassador to the World Trade Organization; and diplomat Jüri Seilenthal of Estonia.  Seilenthal was eliminated in March.  Gurry's second term will last until 2020.

2014 Locus Award finalists, including Homeland


The finalists for the 2014 Locus Awards have been announced and I'm incredibly honored to see that my novel Homeland made the final five in the Young Adult category. The competition in that category is remarkably good company: Zombie Baseball Beatdown by Paolo Bacigalupi; Holly Black's Coldest Girl in Coldtown, Cat Valente's The Girl Who Soared Over Fairyland and Cut the Moon in Two (part of her wonderful Fairyland series) and The Summer Prince by Alaya Dawn Johnson.

As always, the Locus list is a great guide to the best sf/f published in the previous year. On this year's list are some books I really enjoyed (like Stross's Neptune's Brood) and others I've got in my high-priority to-be-read pile, like Gaiman's The Ocean at the End of the Lane.

My sincere thanks to everyone who nominated Homeland for the prize; I couldn't be more delighted!

2014 Locus Awards Finalists

Appointment of New Copyright Board of Canada Chair Offers Chance for Change

Michael Geist Law RSS Feed - Thu, 2014/05/08 - 02:44
Copyright Board of Canada chair William J. Vancise will see his term come to an end this month, opening the door for the government to start the process of reforming the much-criticized board. Vancise has served the maximum two terms as chair, with his time marked by the Supreme Court of Canada's rejection of the board's approach to fair dealing, ongoing frustration from stakeholders about board administrative processes, and the failure of the board to broaden its approach by becoming more inclusive of the public.

The exclusion of the public stands in sharp contrast to the CRTC and Competition Bureau, which have both taken steps in recent years to involve the public more directly in policy making activities, hearings, and other issues. By contrast, the Copyright Board does little to encourage public participation, despite the fact that its decision often have an impact that extends beyond the parties before it. When asked recently about the accessibility and participation concerns, the board pointed to an internal working group as evidence that it regularly reviews its practices and compared itself to the Federal Court of Appeal, noting that "of course they [the public] don't participate, because they don't really belong there, per se."


The problems with the current Copyright Board run even deeper than having its core decisions overturned by the Supreme Court and the public finding itself largely excluded from the process. The business community - particularly those seeking to develop new, digital business models - point to the board as a major problem. For example, Songza recently told the Standing Committee on Canadian Heritage:

Why is Canada behind the U.S. and other countries in the development of music streaming services? One reason is that the regulatory framework in Canada doesn't foster innovation. The rate-setting process - through the Copyright Board - takes far too long, up to four to five years for an industry where business models are changing rapidly.

It's hard to build a business model without certainty as to how much you have to pay for the main inputs to your business. This certainly holds true for investors investing in these businesses. That's why Songza came to an agreement with Re:Sound - the organization that represents recording musicians and record companies - that allowed Songza to launch in Canada with certainty on those rates, without having to wait years for a decision from the Copyright Board.

Similarly, Nettwerk Music Group, one of Canada's most successful independent music labels, told the committee:

Many streaming service providers are choosing to stay out of Canada given the uncertainty created by the length of time it takes for tariff decisions. So to echo Victoria Shepherd of Connect Music Licensing, 'The Copyright Board should not be seen as a barrier to business or as an impediment. Rather it should be considered a business development office. It needs the resources to ensure it can render decisions in lockstep with the pace of technology innovation.' Without the improvements to the Copyright Board, we are simply not realizing the full potentials of the dollars we're all investing.

As I noted over a year ago, many believe the Copyright Board of Canada is broken. The government hasn't paid much attention, but a starting point for addressing the concerns may come with the appointment of a new chair and the potential it brings to establish new policy and governance priorities.

Why Public Safety Minister Blaney Gets It Wrong on Privacy and Warrantless Disclosures

Michael Geist Law RSS Feed - Wed, 2014/05/07 - 02:23
The House of Commons engaged in active debate on privacy this week, spurred by an NDP motion from MP Charmaine Borg. The motion reads:

That, in the opinion of the House, the government should follow the advice of the Privacy Commissioner and make public the number of warrantless disclosures made by telecommunications companies at the request of federal departments and agencies; and immediately close the loophole that has allowed the indiscriminate disclosure of the personal information of law-abiding Canadians without a warrant.

The government voted down the motion on Tuesday, but the Monday debate provided new insights into the government's thinking on privacy. Unfortunately, most of its responses to concerns about warrantless disclosures were either wrong or misleading. In particular, Steven Blaney, the Minister of Public Safety, raised at least four issues in his opening response that do not withstand closer scrutiny.


First, he says:

Only the most basic information, such as the name and phone number, may be released. In all cases, this is done voluntarily, meaning that a company could decide not to co-operate at any time if it did not feel a certain request met the expectations of its customers.

In fact, the voluntary disclosure provision in PIPEDA is not limited to basic information. PIPEDA features several exceptions to disclosure without consent (including disclosures made pursuant to a court order), including:

an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that
(ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or
(iii) the disclosure is requested for the purpose of administering any law of Canada or a province;

While some providers may limit their warrantless disclosures to basic subscriber information, this statute does not contain that limitation. When asked about their practices, providers such as Shaw merely state that they "rely on the standards and definitions set out in the Personal Information Protection and Electronic Documents Act".  Similarly, MTS Allstream states that "does not release customer information unless permitted or required by law, such as a valid law enforcement demand."

Second, even Blaney's claim of "basic subscriber information" is incomplete. The so-called basic subscriber information also includes IP addresses, data that is not found in any typical directory. Last year, the Privacy Commissioner of Canada released a study that found that an IP address that can be highly revealing. The study concluded:

Referring to such data as being on par with what one would find in the white pages of a phone book grossly misconstrues and underestimates what can ultimately be gleaned from such information. As such, it is truly more than just "phone book" information.

Third, Blaney emphasizes the voluntary nature of the disclosures:

Let me be clear. What we are talking about today is voluntary disclosure by private businesses to law enforcement.

What Blaney does not say is that the government is seeking to expand the frequency of voluntary disclosure. Bill C-13, the lawful access bill, will expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant.

Fourth, the government is also seeking to expand the scope of voluntary disclosure. Bill S-4, the Digital Privacy Act, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law.  This despite the fact that Roxanne James, the Parliamentary Secretary to the Minister of Public Safety, later states in the debate:

We expect that telecommunication service providers only release basic subscriber information when it is for reasons of public good, such as to help police investigating a crime or, for example, identifying the next of kin.

Given the provisions in Bill S-4, the government's expectations are that warrantless disclosures will increase in the future. In fact, there are other responses from government MPs that are similarly problematic, including attempts to equate government requests for subscriber information with collection of information by Internet companies and an absurd claim that if the Privacy Commissioner had found any of 1.2 million requests out of line, she would have said so.

The NDP motion should not have been particularly controversial. If the information being disclosed is as innocuous as the the government maintains, disclosing aggregate data should not pose any concerns. Indeed, there are many steps that should be taken (including government and telecom transparency reports, notifications to subscribers of disclosures, reforms to Bills C-13 and S-4, and regular audits by the Privacy Commissioner of Canada) that would better address the balance of privacy with maintaining public safety.  Unfortunately, the government's current position is to respond with assurances that fail to address public concern over their privacy.

Why Isn't the Government Backing the CRTC on the Wireless Code? [Update: They Are Now]

Michael Geist Law RSS Feed - Wed, 2014/05/07 - 02:00

Update 5/7/14: Government reverses course and announces it will back up the CRTC in court.

The Canadian Press reports that the federal government appears ready to walk away from the CRTC's proposed enforcement of the new consumer wireless code.  While the government has touted the code as an example of a pro-consumer approach, the CRTC's attempt to ensure the code applied as quickly as possible may be lost due to the government's decision to stay out of a legal battle over the issue. With the major telcos looking to limit the power of the CRTC and a federal court ruling that the Commission cannot advocate for itself, it falls to the federal government to do so. 


The issue was raised yesterday in the House of Commons, yet the government refused to respond directly:


Mr. Glenn Thibeault (Sudbury, NDP): 

Mr. Speaker, while the Conservatives claim credit for the CRTC's wireless code of conduct as their policy, Canadians continue to be hit in the pocketbook waiting for action. The NDP has been pushing for this code since the beginning, but now, as the code of conduct is being challenged by the big three in court, the current government has simply walked away from it. The Conservatives keep spending millions in advertisement to tell Canadians how great their not-so-original idea is. Why are the Conservatives not putting their efforts into defending the code of conduct instead of boasting about it while it is being struck down?

Mr. Paul Calandra (Parliamentary Secretary to the Prime Minister and for Intergovernmental Affairs, CPC):  

Mr. Speaker, of course, this government has done extraordinary work with respect to our telecom policy. In fact, competition has increased. At the same time, wireless rates have come down by 20% while employment in this sector has actually increased by some 25%. That is good news for all Canadians. It is something that has been a priority for us. Putting more money back in the pockets of hard-working Canadians will remain a priority of this government, and we are proud of that.

Calandra was asked one more time abut the issue and again responded with talking points, rather than providing an answer about the government's decision not to defend the CRTC and the code.  It is worth asking the question again - why isn't the government backing the CRTC and the code?

Five Measures to Help Counter the Tidal Wave of Secret Telecom Disclosures

Michael Geist Law RSS Feed - Tue, 2014/05/06 - 00:55
The House of Commons engaged in an extensive debate on privacy yesterday in response to an NDP motion that would require the government to disclose the number of warrantless disclosures made by telecom companies. I'll have more on the debate shortly (it's worth reading), but the government has made it clear that it will not be supporting the motion.

My weekly technology law column (Toronto Star version, homepage version) notes that the revelations of massive telecom and Internet provider disclosures of subscriber information generated a political firestorm with pointed questions to Prime Minister Stephen Harper in the House of Commons about how the government and law enforcement agencies could file more than a million requests for Canadian subscriber information in a single year.

The shocking numbers come directly from the telecom industry after years of keeping their disclosure practices shielded from public view. They reveal that Canadian telecom and Internet providers are asked to disclose basic subscriber information every 27 seconds. In 2011, that added up to 1,193,630 requests, the majority of which were not accompanied by a warrant or court order. The data indicates that telecom and Internet providers gave the government what it wanted - three providers alone disclosed information from 785,000 customer accounts.

The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act).


The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act).

Bill C-13 will expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant.

Bill S-4, the newly-introduced Digital Privacy Act, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law.

With the government moving toward more warrantless disclosure and telecom companies hiding their practices behind aggregated data, the Canadian situation seems likely to get worse from privacy perspective.  Yet there are many measures that could be adopted to restore some balance and address mounting concerns about the lack of transparency associated with the widespread disclosure activities.

First, new government transparency requirements could be implemented so that the secrecy associated with hundreds of thousands of disclosure requests is eliminated. The government should require law enforcement agencies to record and report all requests for subscriber information with quarterly public releases of aggregate data (basically the gist of the NDP motion).

Telecom and Internet providers should also issue regular transparency reports. Leading Internet companies such as Google and Twitter publicly release disclosure information as do large U.S. telecom companies such as AT&T and Verizon.  If they can do it, Canadian providers such as Bell, Rogers, and Telus should do the same.

Second, telecom and Internet providers should stop automating the disclosure of subscriber information. The automated systems, which include mirroring network traffic and sending it directly to law enforcement or creating law enforcement monitoring databases that can be accessed with minimal or no review, encourage bulk disclosure of subscriber information with no effective oversight.

Third, telecom and Internet providers should be required to advise affected individuals about warrantless disclosures of their personal information unless a court prohibits them from doing so. Such a requirement would inform Canadians when their information is being disclosed and provide them with the opportunity to contest it if they see fit.

Fourth, Canadians could also use existing law more aggressively to demand that telecom providers reveal any instances of prior disclosures of their information. The law allows an individual to file a request with an organization for access to their personal information, including any details on past disclosures. Failure to comply would violate Canada's private sector privacy law.

Fifth, the Privacy Commissioner of Canada should use her audit powers to investigate the secretive disclosure practices among telecom and Internet providers. The recent revelations provide ample evidence to justify exercising the audit powers to lift the veil of secrecy over how Canadian telecom and Internet providers manage subscriber information. 

While transparency reports and external audits will not eliminate mass warrantless disclosures, they will place the issue in the spotlight and force both government and the telecom providers to explain why they do so little to safeguard Canadians' privacy.

Apple Canada Was Only Tech Company to Respond to Privacy Commish Request on Disclosure Practices

Michael Geist Law RSS Feed - Mon, 2014/05/05 - 03:08
Last week's revelations on the massive number of requests for subscriber information focused specifically on the responses from major Canadian telecom and Internet providers. The Privacy Commissioner of Canada wrote to the 12 largest providers, who responded with a single document that aggregated the responses of 11 of the companies (though some declined to provide information to questions such as how many user accounts were disclosed).

The Access to Information Act requested documents that contained the telco response also revealed that the Privacy Commissioner sent a similar letter to the leading Internet and technology companies. The list of recipients included Apple, Google, Facebook, Microsoft, Twitter, and eBay. While some of the companies now offer transparency reports that feature data on disclosure requests (and compliance with those requests), few did in 2011. On Friday, I received a supplemental document to my access to information request that contains the full response from Apple Canada.


The document is notable for several reasons. First, Apple Canada responded within one month of the Privacy Commissioner letter, promptly providing specific information on its practices. It advises that the company has a database of approximately 10 million individuals and that it received about 100 requests for information on its users. It does not charge a fee to comply with those requests.

Second, much like the telecom and Internet companies, Apple Canada does not notify the individuals whose information has been requested or disclosed.

Third, I have been advised that there are no other relevant documents to the request. This confirms that Apple Canada was the only company to respond to the Privacy Commissioner request. The other major companies apparently did not respond. Their transparency reports now provide raw data on access requests, though their specific policies on requests, notification of affected individuals, and fees related to requests largely remains a mystery.

How to Talk to Your Children About Mass Surveillance



In my latest Locus column, How to Talk to Your Children About Mass Surveillance, I tell the story of how I explained the Snowden leaks to my six-year-old, and the surprising interest and comprehension she showed during our talk and afterwards. Kids, it seems, intuitively understand what it's like to be constantly monitored by unaccountable, self-appointed authority figures!

So I explained to my daughter that there was a man who was a spy, who discovered that the spies he worked for were breaking the law and spying on everyone, capturing all their e-mails and texts and video-chats and web-clicks. My daughter has figured out how to use a laptop, phone, or tablet to peck out a message to her grandparents (autocomplete and spell-check actually make typing into an educational experience for kids, who can choose their words from drop-down lists that get better as they key in letters); she’s also used to videoconferencing with relatives around the world. So when I told her that the spies were spying on everything, she had some context for it.

Right away, we were off to the races. ‘‘How can they listen to everyone at once?’’ ‘‘How can they read all those messages?’’ ‘‘How many spies are there?’’ I told her about submarine fiber-optic taps, prismatic beam-splitters, and mass databases. Again, she had a surprising amount of context for this, having encountered digital devices whose capacity was full – as when we couldn’t load more videos onto a tablet – and whose capacities could be expanded with additional storage.


How to Talk to Your Children About Mass Surveillance

Why Have Canada's Telcos Failed to Notify Subscribers About Disclosing Their Information?

Michael Geist Law RSS Feed - Fri, 2014/05/02 - 01:33
While much of the attention this week on the massive number of requests for subscriber information has rightly focused on the government and a legal framework that provides insufficient oversight (and is about to expand warrantless disclosure under Bills C-13 and S-4), the telecom and Internet companies also deserve greater scrutiny. One of the key questions in the document on telecom and Internet provider disclosure practices asked simply:

Do you notify your customers, when the law allows, that their information has been requested, thus giving them an opportunity to contest the request in court?

The answer from every provider: No.


In the United States, major U.S. technology companies are now moving to disclose requests to affected customers, with the Washington Post reporting that they believe that "users have a right to know in advance when their information is targeted for government seizure." Yet Canadian providers apparently disclose subscriber information hundreds of thousands of times every year but keep their customers in the dark.

Legislative reform is needed that requires telecom and Internet providers to advise affected individuals about warrantless disclosures of their personal information unless a court prohibits them from doing so. Such a requirement would inform Canadians when their information is being disclosed and provide them with the opportunity to contest it if they see fit. 

In the meantime, Canadians could also use existing law more aggressively to demand that telecom providers reveal any instances of prior disclosures of their information. The law allows an individual to file a request with an organization for access to their personal information, including any details on past disclosures. Failure to comply would violate Canada’s private sector privacy law.  Christopher Parsons of the Citizen Law has created a template for doing just that - the page provides the information Canadians need to file a request and the contact information details for where it should be sent.

Is a Canadian Telco Allowing the Government To Mirror Its Subscriber Communications?

Michael Geist Law RSS Feed - Thu, 2014/05/01 - 00:17
The recent revelations regarding massive telecom and Internet provider disclosures of subscriber information has generated a political firestorm with pointed questions yesterday to Prime Minister Stephen Harper in the House of Commons. While Harper tried to provide reassurances that warrants were obtained where necessary, the reality is that the law includes a massive exception that permits voluntary, warrantless disclosure of subscriber information. That suggests that the majority of the nearly 1.2 million requests in 2011 were not accompanied by a warrant. Moreover, the telecom and Internet providers have shrouded their activities in secrecy, refusing to disclose the disclosures to affected subscribers and hiding behind aggregated data to avoid scrutiny of their individual practices.

The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act). One further issue that should not be lost within the disclosure is the stunning admission that at least one Canadian provider may be allowing the government to mirror or copy of its subscriber communications.  In response to a question on the use of deep packet inspection, one provider states:

"Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transmits the network of data nodes. This packet data is then sent directly to the agency who has obtained lawful access to the information. Deep packet inspection is then performed by the law enforcement agency for their purposes."

This is an incredible admission - allowing the government to mirror subscriber communications and sending it directly to law enforcement agencies who can they do what they want with it?  Are there legal grounds for these disclosures?  Who is doing this?  Was this a required alternative to major ISPs who do not use deep packet inspection?  Is this RIM, who also participated in the aggregated data request?  Many, many questions without any clear answers. Given the uncertainty and the enormous privacy implications, the Privacy Commissioner of Canada is surely entitled to investigate this admission using her current powers under PIPEDA.

Canadian Telcos Asked to Disclose Subscriber Data Every 27 Seconds

Michael Geist Law RSS Feed - Wed, 2014/04/30 - 00:28
Every 27 seconds. Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant).

In most warrantless cases, the telecommunications companies were entitled to say no. The law says that telecom companies and Internet providers may disclose personal information without a warrant as part of a lawful investigation or they can withhold the information until law enforcement has obtained a warrant. According to newly released information, three telecom providers alone disclosed information from 785,000 customer accounts in 2011, suggesting that the actual totals were much higher. Moreover, virtually all providers sought compensation for complying with the requests.

These stunning disclosures, which were released by the Office of the Privacy Commissioner of Canada, comes directly from the telecom industry after years of keeping their disclosure practices shielded from public view. In fact, the industry was reluctant to provide the information to even the Privacy Commissioner.

According to correspondence I obtained under the Access to Information Act, after the Commissioner sent letters to the 12 biggest telecom and Internet providers seeking information on their disclosure practices, Rogers, Bell and RIM proposed aggregating the information to keep the data from individual companies secret. The response dragged on for months, with Bell admitting at one point that only four providers had provided data and expressing concern about whether it could submit even the aggregated response since it would be unable to maintain anonymity [I've released the full ATIP I received here].



The correspondence also confirms that the telecom providers were concerned about how the government and law enforcement would react to public disclosures. In one email, Bell says that "we are walking a delicate line between supporting privacy and not antagonizing Public Safety/LEAs [law enforcement agencies], so the materials will be pretty factual, not much commentary."

While the current situation, which amounts to disclosure of subscriber information thousands of times each day often without a warrant, is enormously problematic, the situation is about to get even worse.

First, Bill C-13, the government's lawful access bill that heads to committee this week, will expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant. The immunity provision makes it more likely that disclosures will occur without a warrant since the legal risks associated with such disclosures are removed.

Second, Bill S-4, the newly-introduced Digital Privacy Act, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. The disclosure occurs in secret without the knowledge of the affected person.

Third, the industry has steadfastly refused to address the lack of transparency concerns regarding its practices. Providers admit that they do not notify customers that their information has been requested, thereby denying them the ability to challenge the demand in court. Moreover, documents released earlier this year suggested that companies such as Bell have even established a law enforcement database that may provide authorities with direct access to subscriber information.  The systems may create great efficiencies for law enforcement - click, access subscriber data, and receive a bill from the telecom company - but they suggest a system that is entirely devoid of oversight with even the Privacy Commissioner excluded from ensuring compliance with the law.

Podcast: Internet service providers charging for premium access hold us all to ransom

Here's a reading (MP3) of a my latest Guardian column, Internet service providers charging for premium access hold us all to ransom, which tries to make sense of the disastrous news that the Federal Communications Commission is contemplating rules to allow ISPs to demand bribes from publishers in exchange for letting you see the webpages you ask for.

There's a useful analogy to the phone company that I've written about here before: you pay for your phone service every month. The pizza place on the corner also pays for its phone service every month. When you want to order a pizza from Joe's Corner Pizzeria, you call their number. If their phone isn't engaged, it rings and you get to place your order. If they get more orders than they can handle on one line, they buy a second line, a third, even 10 lines to take their orders. Provided one of those lines is free, your call goes through to someone when you ring.

But what if your phone company decided that the way to bring in higher profits was to go around to all the pizza places and shake them down for "premium" access to "their" customers? If Joe's Corner Pizzeria turned them down, your call to Joe's might get a busy signal, even if there were plenty of free lines at Joe's place. Meanwhile, an order to the monied, tasteless sultan of global cardboard pizza-ite, that is, the company who has plenty of money for "premium" access – is easy to reach, because your phone company has promised them that every call will be put through.

The thing is, Joe's is paying for its lines. You're paying for your line. The phone company exists solely to connect people to the numbers they dial. But because there are "natural monopolies" in phone service (because there are only so many mobile frequencies and underground cable space), they can abuse their position to extort additional payments from the services you want to talk to. And the more popular a service is, the better it is, the more the ISP stands to profit from this racket.

Mastering by John Taylor Williams: wryneckstudio@gmail.com

John Taylor Williams is a audiovisual and multimedia producer based in Washington, DC and the co-host of the Living Proof Brew Cast. Hear him wax poetic over a pint or two of beer by visiting livingproofbrewcast.com. In his free time he makes "Beer Jewelry" and "Odd Musical Furniture." He often "meditates while reading cookbooks."

MP3

Is the CRTC Ready to Hit the Reset Button on Television Regulation in Canada?

Michael Geist Law RSS Feed - Mon, 2014/04/28 - 17:22
The Broadcasting Act is a complex statute that lists more than twenty broadcasting policy goals. Yet for decades, Canadian policy has largely boiled down to a single objective: Maximizing the benefits from the broadcasting system for creators, broadcasters, and broadcast distributors such as cable and satellite companies.  

Consumers were nowhere to be found in that objective and it showed. Creators benefited from Canadian content requirements and financial contributions that guaranteed the creation of Canadian broadcast content. Broadcasters flourished in a market that permitted simultaneous substitution (thereby enabling big profits from licensing U.S. content) and that kept U.S. giants such as HBO, ESPN, and MTV out of the market for years in favour of Canadian alternatives. Cable and satellite companies became dominant media companies by requiring consumers to purchase large packages filled with channels they did not want in order to access the few they did.

Canadians may have been frustrated with the broadcast system, but there were no obvious alternatives and their views hardly mattered in a regulatory system dominated by the established players.  My weekly technology law column (Toronto Star version, homepage version) notes that last week, the Canadian Radio-television and Telecommunications Commission sent an unmistakable signal that these longstanding rules are about to change.


The Commission launched the third phase of its Let's Talk TV consultation by opening the door to hitting the reset button on broadcasting regulation in Canada. It posed 80 questions on reforming virtually all aspects of the current system as part of a hearing scheduled for September.

The Commission's starting point is that the "distribution and packaging of television services should be reviewed to maximize consumer choice and flexibility." That alone is a dramatic shift since consumer choice and flexibility have never been major policy priorities.

The headline change will be mandating the unbundling of television channel packages offered by cable and satellite companies. The CRTC envisions requiring a "skinny basic" service that primarily features local Canadian conventional stations. For almost everything else, consumers will be able to pick individual channels or customize their own television packages.

Broadcasting executives have dismissed consumer demands for greater flexibility, but the CRTC notes that Canadians have jumped at the chance for greater flexibility when it is offered. For example, 70 per cent of Quebecor's new customers choose an option to build their own television packages.

The established broadcasters will warn ominously about increased prices or the loss of some of their less popular channels, but with the government committing to consumer choice for television in the Speech from the Throne, unbundled television is a done deal.

In fact, the bigger question is how far the CRTC is willing to go in its overhaul of Canadian broadcasting regulation since the initial policy document places just about everything up for grabs. This includes dropping the preponderance rule that requires consumers to receive a majority of Canadian channels in their television packages, allowing virtually all non-Canadian services into the market (except where the foreign channel would have an "undue negative impact on the Canadian television system"), eliminating genre exclusivity, and discontinuing the requirement for over-the-air broadcasts.

Moreover, the CRTC has raised the prospect of putting an end to simultaneous substitution, acknowledging that it is an irritant to consumers and that its economic value may be relatively small.

The Commission admits that many of these changes would cause a major upheaval in the market and it is looking to explore funding options for local television stations and financing and promotion for new Canadian content.

The CRTC consultation is likely to spark a huge outcry from the creator, broadcaster, and broadcast distributor communities with public relations and lobbying campaigns that will make last summer's wireless battle against Verizon seem tame by comparison. Yet with consumers increasingly "cutting the cord" by dropping conventional broadcasting choices and broadcasting revenues in free fall as advertisers shift to the Internet, change seems inevitable. The CRTC's consultation feels revolutionary, but it many ways it is merely catching up to market shifts that have been underway for several years.

Different Regulations, Different Regulators: Behind Canada's Net Neutrality Advantage

Michael Geist Law RSS Feed - Mon, 2014/04/28 - 03:49
Last week, many in the Internet community were outraged by a U.S. Federal Communications Commission proposal that would significantly undermine net neutrality. The commentary on the (still unpublished) U.S. proposal says it all - The FCC's New Net Neutrality Proposal is Even Worse Than You Think, Is Net Neutrality Dying, How Open Will the FCC's 'Open Internet' Really Be?, Goodbye, Net Neutrality: Hello, Net Discrimination, and Net Neutrality Dead for Good?. The FCC responded with its own post that did little to assuage the concerns, stating that the U.S. rules will propose:

1.    That all ISPs must transparently disclose to their subscribers and users all relevant information as to the policies that govern their network;
2.    That no legal content may be blocked; and
3.    That ISPs may not act in a commercially unreasonable manner to harm the Internet, including favoring the traffic from an affiliated entity.

Transparency and no legal blocking are hold overs from the earlier Open Internet order. The third issue is where net neutrality would be harmed as the FCC is proposing to shift toward a "commercially unreasonable" standard for treating similar content in different ways. That approach would certainly permit paid prioritization, where deep pocketed content owners could pay to have their content sent on a fast lane, while everyone else is stuck on the slow lane.  Moreover, given that the earlier Open Internet order was struck down by a U.S. court, even transparency and content blocking presently fall through the cracks.

Given the widespread attention to the U.S. developments, many have been asking about the impact in Canada.


While some speculate that Canada won't escape the FCC approach, there are ongoing questions about the CRTC net neutrality case involving mobile video, and lingering concerns about CRTC enforcement, the reality is that Canada's net neutrality rules are broader in scope than the U.S. proposal.  The Canadian net neutrality rules and their enforcement are certainly not perfect, but the Canadian rules (called Internet traffic management practices or ITMPs) are better than those found in the U.S. and may provide a competitive advantage for Internet companies seeking a market without paid prioritization.

Compare the U.S. FCC three rules with the equivalent in Canada. First, the CRTC policy requires transparency about how ISPs manage traffic on their networks:

the Commission directs all primary ISPs, as a condition of providing retail Internet services, to disclose to their retail customers, clearly and prominently on their websites, information related to their technical ITMPs. The ISP must also reference its online disclosures in relevant marketing materials, customer contracts, and terms of service. Online disclosure should include the following information:
  • why ITMPs are being introduced;
  • who is affected by the ITMP;
  • when the Internet traffic management will occur;
  • what type of Internet traffic (e.g. application, class of application, protocol) is subject to management; and
  • how the ITMP will affect a user's Internet experience, including the specific impact on speeds.
Second, the CRTC policy and the law make it clear that content blocking is unlikely to ever be approved:

The Commission notes that the majority of parties are in agreement that actions by ISPs that result in outright blocking of access to content would be prohibited under section 36 unless prior approval was obtained from the Commission. The Commission finds that where an ITMP would lead to blocking the delivery of content to an end-user, it cannot be implemented without prior Commission approval. Approval under section 36 would only be granted if it would further the telecommunications policy objectives set out in section 7 of the Act. Interpreted in light of these policy objectives, ITMPs that result in blocking Internet traffic would only be approved in exceptional circumstances, as they involve denying access to telecommunications services.

Third, paid prioritization - which would result in two-tier speeds based on payment - would face a very tough regulatory road in Canada. Section 27(2) of the Telecommunications Act provides that:

No Canadian carrier shall, in relation to the provision of a telecommunications service or the charging of a rate for it, unjustly discriminate or give an undue or unreasonable preference toward any person, including itself, or subject any person to an undue or unreasonable disadvantage.

The CRTC has confirmed that this provision applies to Internet services. The statutory language, which incorporates unjust discrimination, undue preferences, and unreasonable prefrences is clearly broader in scope than the proposed FCC Open Internet order. As for its application to net neutrality issues, the CRTC's ITMPs note that:

Where an ITMP does result in discrimination or preference, the Commission considers that establishing that the ITMP is carefully designed and narrowly tailored is important in an evaluation of whether or not the discrimination or preference is unjust or undue.

The framework for analysis requires the ISP to:

Describe the ITMP being employed, as well as the need for it and its purpose and effect, and identify whether or not the ITMP results in discrimination or preference. In the case of an ITMP that results in any degree of discrimination or preference:
  • demonstrate that the ITMP is designed to address the need and achieve the purpose and effect in question, and nothing else;
  • establish that the ITMP results in discrimination or preference as little as reasonably possible;
  • demonstrate that any harm to a secondary ISP, end-user, or any other person is as little as reasonably possible; and
  • explain why, in the case of a technical ITMP, network investment or economic approaches alone would not reasonably address the need and effectively achieve the same purpose as the ITMP.

Paid prioritization would face an uphill battle under this analysis. Moreover, the slow lane of Internet traffic might also face regulatory challenges were an ISP to slow down content in order to create a difference between the two delivery speeds.  The Commission has ruled that:

In the case of time-sensitive audio or video traffic (i.e. real-time audio or video such as video conferencing and voice over Internet Protocol (VoIP) services), ITMPs that introduce delays or jitter15 are likely to cause degradation to the service. The Commission considers that when noticeable degradation occurs, it amounts to controlling the content and influencing the meaning and purpose of the telecommunications in question. Accordingly, the Commission finds that use of an ITMP resulting in the noticeable degradation of time-sensitive Internet traffic will require prior Commission approval under section 36 of the Act.

While Canadian businesses operating in the U.S. market will be affected by the potential loss of net neutrality (creating a potential trade barrier), the Canadian Internet market remains subject to CRTC rules, not the proposed FCC Open Internet order.  Canadian ISPs might always try test the CRTC rules with paid prioritization (much like they are testing mobile video), but for the moment the CRTC's net neutrality rules are stronger than those in the U.S. 

The CRTC has also left no doubt that it has the power to regulate net neutrality. By contrast,  in the U.S., the FCC has botched the issue by treating the Internet as an information service rather than as a communication service. With that statutory background, the Commission adopting a consumer-oriented perspective, and the government seemingly willing to continue its battle against the major telecom companies, Canada may have a competitive advantage when it comes to net neutrality.

Gutting Net Neutrality also guts innovation, fairness and democracy


My latest Guardian column, Internet service providers charging for premium access hold us all to ransom, explains what's at stake now that the FCC is prepared to let ISPs charge services for "premium" access to its subscribers. It's pretty much the worst Internet policy imaginable, an anti-innovation, anti-democratic, anti-justice hand-grenade lobbed by telcos who shout "free market" while they are the beneficiaries of the most extreme industrial government handouts imaginable.

The FCC promised a fix, and here it is: FCC chairman Tom Wheeler, an Obama appointee and former cable lobbyist, has drawn up rules to allow ISPs to decide which communications you can see in a timely, best-effort fashion and which services will be also-ran laggards. In so doing, Chairman Wheeler sets the stage for a further magnification of the distorting influence of money and incumbency on our wider society. Political candidates whose message is popular, but who lack the budget to bribe every ISP to deliver it in a timely fashion, will be less equipped to reach voters than their better-financed rivals. A recent study looked at 20 years' worth of US policy outcomes and found that they exclusively responded to the needs of the richest 10% of Americans. Now the FCC is proposing to cook the process further, so that the ability of the ignored 90% to talk to one another, network and organise and support organisations that support their interests will be contingent on their ability to out-compete the already advantaged elite interests in the race to bribe carriers for "premium" coverage.

If you think of a business idea that's better than any that have come before – if you're ready to do to Google what Google did to Altavista; if you're ready to do to the iPod what the iPod did to the Walkman; if you're ready to do to Netflix what Netflix did to cable TV – you have to start out with a bribery warchest that beats out the firms that clawed their way to the top back when there was a fairer playing-field.

The FCC and its apologists will shrug and say that the ISPs are businesses and they own their lines and can do what they want with them. They'll say that we can't expect the carriers to invest in next-generation networks if they can't maximise their profits from them.

But this is nonsense. The big US carriers are already deriving bumper profits from their ISP business, while their shareholder disclosures show that they're making only the most cursory investment in new network infrastructure (Americans have been waiting for fast "fiber-to-the-kerb" connectivity for decades, mostly what they're getting is "fiber-to-the-press-release" puff pieces from ISPs who gull uncritical reporters into repeating their empty promises of fast networks, just around the corner).

Internet service providers charging for premium access hold us all to ransom [Cory Doctorow/The Guardian]

(Image: Evidence A: The Ransom Note, Jared and Corin, CC-BY)

Syndicate content