- Election 2011
- Chronology (including bills)
- Electoral District (list)
- Participate in mailing lists
The House of Commons engaged in an extensive debate on privacy yesterday in response to an NDP motion that would require the government to disclose the number of warrantless disclosures made by telecom companies. I'll have more on the debate shortly (it's worth reading), but the government has made it clear that it will not be supporting the motion.
My weekly technology law column (Toronto Star version, homepage version) notes that the revelations of massive telecom and Internet provider disclosures of subscriber information generated a political firestorm with pointed questions to Prime Minister Stephen Harper in the House of Commons about how the government and law enforcement agencies could file more than a million requests for Canadian subscriber information in a single year.
The shocking numbers come directly from the telecom industry after years of keeping their disclosure practices shielded from public view. They reveal that Canadian telecom and Internet providers are asked to disclose basic subscriber information every 27 seconds. In 2011, that added up to 1,193,630 requests, the majority of which were not accompanied by a warrant or court order. The data indicates that telecom and Internet providers gave the government what it wanted - three providers alone disclosed information from 785,000 customer accounts.
The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act).
The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act).
Bill C-13 will expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant.
Bill S-4, the newly-introduced Digital Privacy Act, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law.
With the government moving toward more warrantless disclosure and telecom companies hiding their practices behind aggregated data, the Canadian situation seems likely to get worse from privacy perspective. Yet there are many measures that could be adopted to restore some balance and address mounting concerns about the lack of transparency associated with the widespread disclosure activities.
First, new government transparency requirements could be implemented so that the secrecy associated with hundreds of thousands of disclosure requests is eliminated. The government should require law enforcement agencies to record and report all requests for subscriber information with quarterly public releases of aggregate data (basically the gist of the NDP motion).
Telecom and Internet providers should also issue regular transparency reports. Leading Internet companies such as Google and Twitter publicly release disclosure information as do large U.S. telecom companies such as AT&T and Verizon. If they can do it, Canadian providers such as Bell, Rogers, and Telus should do the same.
Second, telecom and Internet providers should stop automating the disclosure of subscriber information. The automated systems, which include mirroring network traffic and sending it directly to law enforcement or creating law enforcement monitoring databases that can be accessed with minimal or no review, encourage bulk disclosure of subscriber information with no effective oversight.
Third, telecom and Internet providers should be required to advise affected individuals about warrantless disclosures of their personal information unless a court prohibits them from doing so. Such a requirement would inform Canadians when their information is being disclosed and provide them with the opportunity to contest it if they see fit.
Fourth, Canadians could also use existing law more aggressively to demand that telecom providers reveal any instances of prior disclosures of their information. The law allows an individual to file a request with an organization for access to their personal information, including any details on past disclosures. Failure to comply would violate Canada's private sector privacy law.
Fifth, the Privacy Commissioner of Canada should use her audit powers to investigate the secretive disclosure practices among telecom and Internet providers. The recent revelations provide ample evidence to justify exercising the audit powers to lift the veil of secrecy over how Canadian telecom and Internet providers manage subscriber information.
While transparency reports and external audits will not eliminate mass warrantless disclosures, they will place the issue in the spotlight and force both government and the telecom providers to explain why they do so little to safeguard Canadians' privacy.
Last week's revelations on the massive number of requests for subscriber information focused specifically on the responses from major Canadian telecom and Internet providers. The Privacy Commissioner of Canada wrote to the 12 largest providers, who responded with a single document that aggregated the responses of 11 of the companies (though some declined to provide information to questions such as how many user accounts were disclosed).
The Access to Information Act requested documents that contained the telco response also revealed that the Privacy Commissioner sent a similar letter to the leading Internet and technology companies. The list of recipients included Apple, Google, Facebook, Microsoft, Twitter, and eBay. While some of the companies now offer transparency reports that feature data on disclosure requests (and compliance with those requests), few did in 2011. On Friday, I received a supplemental document to my access to information request that contains the full response from Apple Canada.
The document is notable for several reasons. First, Apple Canada responded within one month of the Privacy Commissioner letter, promptly providing specific information on its practices. It advises that the company has a database of approximately 10 million individuals and that it received about 100 requests for information on its users. It does not charge a fee to comply with those requests.
Second, much like the telecom and Internet companies, Apple Canada does not notify the individuals whose information has been requested or disclosed.
Third, I have been advised that there are no other relevant documents to the request. This confirms that Apple Canada was the only company to respond to the Privacy Commissioner request. The other major companies apparently did not respond. Their transparency reports now provide raw data on access requests, though their specific policies on requests, notification of affected individuals, and fees related to requests largely remains a mystery.
While much of the attention this week on the massive number of requests for subscriber information has rightly focused on the government and a legal framework that provides insufficient oversight (and is about to expand warrantless disclosure under Bills C-13 and S-4), the telecom and Internet companies also deserve greater scrutiny. One of the key questions in the document on telecom and Internet provider disclosure practices asked simply:
Do you notify your customers, when the law allows, that their information has been requested, thus giving them an opportunity to contest the request in court?
The answer from every provider: No.
In the United States, major U.S. technology companies are now moving to disclose requests to affected customers, with the Washington Post reporting that they believe that "users have a right to know in advance when their information is targeted for government seizure." Yet Canadian providers apparently disclose subscriber information hundreds of thousands of times every year but keep their customers in the dark.
Legislative reform is needed that requires telecom and Internet providers to advise affected individuals about warrantless disclosures of their personal information unless a court prohibits them from doing so. Such a requirement would inform Canadians when their information is being disclosed and provide them with the opportunity to contest it if they see fit.
In the meantime, Canadians could also use existing law more aggressively to demand that telecom providers reveal any instances of prior disclosures of their information. The law allows an individual to file a request with an organization for access to their personal information, including any details on past disclosures. Failure to comply would violate Canadaâs private sector privacy law. Christopher Parsons of the Citizen Law has created a template for doing just that - the page provides the information Canadians need to file a request and the contact information details for where it should be sent.
The recent revelations regarding massive telecom and Internet provider disclosures of subscriber information has generated a political firestorm with pointed questions yesterday to Prime Minister Stephen Harper in the House of Commons. While Harper tried to provide reassurances that warrants were obtained where necessary, the reality is that the law includes a massive exception that permits voluntary, warrantless disclosure of subscriber information. That suggests that the majority of the nearly 1.2 million requests in 2011 were not accompanied by a warrant. Moreover, the telecom and Internet providers have shrouded their activities in secrecy, refusing to disclose the disclosures to affected subscribers and hiding behind aggregated data to avoid scrutiny of their individual practices.
The issue is likely to continue to attract attention, particularly since the government is seeking to expand the warrantless disclosure framework in Bill C-13 (the lawful access bill) and Bill S-4 (the Digital Privacy Act). One further issue that should not be lost within the disclosure is the stunning admission that at least one Canadian provider may be allowing the government to mirror or copy of its subscriber communications. In response to a question on the use of deep packet inspection, one provider states:
"Interception of communications over data networks is accomplished by sending what is essentially a mirror image of the packet data as it transmits the network of data nodes. This packet data is then sent directly to the agency who has obtained lawful access to the information. Deep packet inspection is then performed by the law enforcement agency for their purposes."
This is an incredible admission - allowing the government to mirror subscriber communications and sending it directly to law enforcement agencies who can they do what they want with it? Are there legal grounds for these disclosures? Who is doing this? Was this a required alternative to major ISPs who do not use deep packet inspection? Is this RIM, who also participated in the aggregated data request? Many, many questions without any clear answers. Given the uncertainty and the enormous privacy implications, the Privacy Commissioner of Canada is surely entitled to investigate this admission using her current powers under PIPEDA.
Every 27 seconds. Minute after minute, hour after hour, day after day, week after week, month after month. Canadian telecommunications providers, who collect massive amounts of data about their subscribers, are asked to disclose basic subscriber information to Canadian law enforcement agencies every 27 seconds. In 2011, that added up to 1,193,630 requests. Given the volume, most likely do not involve a warrant or court oversight (2010 RCMP data showed 94% of requests involving customer name and address information was provided voluntarily without a warrant).
In most warrantless cases, the telecommunications companies were entitled to say no. The law says that telecom companies and Internet providers may disclose personal information without a warrant as part of a lawful investigation or they can withhold the information until law enforcement has obtained a warrant. According to newly released information, three telecom providers alone disclosed information from 785,000 customer accounts in 2011, suggesting that the actual totals were much higher. Moreover, virtually all providers sought compensation for complying with the requests.
These stunning disclosures, which were released by the Office of the Privacy Commissioner of Canada, comes directly from the telecom industry after years of keeping their disclosure practices shielded from public view. In fact, the industry was reluctant to provide the information to even the Privacy Commissioner.
According to correspondence I obtained under the Access to Information Act, after the Commissioner sent letters to the 12 biggest telecom and Internet providers seeking information on their disclosure practices, Rogers, Bell and RIM proposed aggregating the information to keep the data from individual companies secret. The response dragged on for months, with Bell admitting at one point that only four providers had provided data and expressing concern about whether it could submit even the aggregated response since it would be unable to maintain anonymity [I've released the full ATIP I received here].
The correspondence also confirms that the telecom providers were concerned about how the government and law enforcement would react to public disclosures. In one email, Bell says that "we are walking a delicate line between supporting privacy and not antagonizing Public Safety/LEAs [law enforcement agencies], so the materials will be pretty factual, not much commentary."
While the current situation, which amounts to disclosure of subscriber information thousands of times each day often without a warrant, is enormously problematic, the situation is about to get even worse.
First, Bill C-13, the government's lawful access bill that heads to committee this week, will expand warrantless disclosure of subscriber information to law enforcement by including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant. The immunity provision makes it more likely that disclosures will occur without a warrant since the legal risks associated with such disclosures are removed.
Second, Bill S-4, the newly-introduced Digital Privacy Act, proposes extending the ability to disclose subscriber information without a warrant from law enforcement to private sector organizations. The bill includes a provision that allows organizations to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. The disclosure occurs in secret without the knowledge of the affected person.
Third, the industry has steadfastly refused to address the lack of transparency concerns regarding its practices. Providers admit that they do not notify customers that their information has been requested, thereby denying them the ability to challenge the demand in court. Moreover, documents released earlier this year suggested that companies such as Bell have even established a law enforcement database that may provide authorities with direct access to subscriber information. The systems may create great efficiencies for law enforcement - click, access subscriber data, and receive a bill from the telecom company - but they suggest a system that is entirely devoid of oversight with even the Privacy Commissioner excluded from ensuring compliance with the law.
The Broadcasting Act is a complex statute that lists more than twenty broadcasting policy goals. Yet for decades, Canadian policy has largely boiled down to a single objective: Maximizing the benefits from the broadcasting system for creators, broadcasters, and broadcast distributors such as cable and satellite companies.
Consumers were nowhere to be found in that objective and it showed. Creators benefited from Canadian content requirements and financial contributions that guaranteed the creation of Canadian broadcast content. Broadcasters flourished in a market that permitted simultaneous substitution (thereby enabling big profits from licensing U.S. content) and that kept U.S. giants such as HBO, ESPN, and MTV out of the market for years in favour of Canadian alternatives. Cable and satellite companies became dominant media companies by requiring consumers to purchase large packages filled with channels they did not want in order to access the few they did.
Canadians may have been frustrated with the broadcast system, but there were no obvious alternatives and their views hardly mattered in a regulatory system dominated by the established players. My weekly technology law column (Toronto Star version, homepage version) notes that last week, the Canadian Radio-television and Telecommunications Commission sent an unmistakable signal that these longstanding rules are about to change.
The Commission launched the third phase of its Let's Talk TV consultation by opening the door to hitting the reset button on broadcasting regulation in Canada. It posed 80 questions on reforming virtually all aspects of the current system as part of a hearing scheduled for September.
The Commission's starting point is that the "distribution and packaging of television services should be reviewed to maximize consumer choice and flexibility." That alone is a dramatic shift since consumer choice and flexibility have never been major policy priorities.
The headline change will be mandating the unbundling of television channel packages offered by cable and satellite companies. The CRTC envisions requiring a "skinny basic" service that primarily features local Canadian conventional stations. For almost everything else, consumers will be able to pick individual channels or customize their own television packages.
Broadcasting executives have dismissed consumer demands for greater flexibility, but the CRTC notes that Canadians have jumped at the chance for greater flexibility when it is offered. For example, 70 per cent of Quebecor's new customers choose an option to build their own television packages.
The established broadcasters will warn ominously about increased prices or the loss of some of their less popular channels, but with the government committing to consumer choice for television in the Speech from the Throne, unbundled television is a done deal.
In fact, the bigger question is how far the CRTC is willing to go in its overhaul of Canadian broadcasting regulation since the initial policy document places just about everything up for grabs. This includes dropping the preponderance rule that requires consumers to receive a majority of Canadian channels in their television packages, allowing virtually all non-Canadian services into the market (except where the foreign channel would have an "undue negative impact on the Canadian television system"), eliminating genre exclusivity, and discontinuing the requirement for over-the-air broadcasts.
Moreover, the CRTC has raised the prospect of putting an end to simultaneous substitution, acknowledging that it is an irritant to consumers and that its economic value may be relatively small.
The Commission admits that many of these changes would cause a major upheaval in the market and it is looking to explore funding options for local television stations and financing and promotion for new Canadian content.
The CRTC consultation is likely to spark a huge outcry from the creator, broadcaster, and broadcast distributor communities with public relations and lobbying campaigns that will make last summer's wireless battle against Verizon seem tame by comparison. Yet with consumers increasingly "cutting the cord" by dropping conventional broadcasting choices and broadcasting revenues in free fall as advertisers shift to the Internet, change seems inevitable. The CRTC's consultation feels revolutionary, but it many ways it is merely catching up to market shifts that have been underway for several years.
Last week, many in the Internet community were outraged by a U.S. Federal Communications Commission proposal that would significantly undermine net neutrality. The commentary on the (still unpublished) U.S. proposal says it all - The FCC's New Net Neutrality Proposal is Even Worse Than You Think, Is Net Neutrality Dying, How Open Will the FCC's 'Open Internet' Really Be?, Goodbye, Net Neutrality: Hello, Net Discrimination, and Net Neutrality Dead for Good?. The FCC responded with its own post that did little to assuage the concerns, stating that the U.S. rules will propose:
1. That all ISPs must transparently disclose to their subscribers and users all relevant information as to the policies that govern their network;
2. That no legal content may be blocked; and
3. That ISPs may not act in a commercially unreasonable manner to harm the Internet, including favoring the traffic from an affiliated entity.
Transparency and no legal blocking are hold overs from the earlier Open Internet order. The third issue is where net neutrality would be harmed as the FCC is proposing to shift toward a "commercially unreasonable" standard for treating similar content in different ways. That approach would certainly permit paid prioritization, where deep pocketed content owners could pay to have their content sent on a fast lane, while everyone else is stuck on the slow lane. Moreover, given that the earlier Open Internet order was struck down by a U.S. court, even transparency and content blocking presently fall through the cracks.
Given the widespread attention to the U.S. developments, many have been asking about the impact in Canada.
While some speculate that Canada won't escape the FCC approach, there are ongoing questions about the CRTC net neutrality case involving mobile video, and lingering concerns about CRTC enforcement, the reality is that Canada's net neutrality rules are broader in scope than the U.S. proposal. The Canadian net neutrality rules and their enforcement are certainly not perfect, but the Canadian rules (called Internet traffic management practices or ITMPs) are better than those found in the U.S. and may provide a competitive advantage for Internet companies seeking a market without paid prioritization.
Compare the U.S. FCC three rules with the equivalent in Canada. First, the CRTC policy requires transparency about how ISPs manage traffic on their networks:
the Commission directs all primary ISPs, as a condition of providing retail Internet services, to disclose to their retail customers, clearly and prominently on their websites, information related to their technical ITMPs. The ISP must also reference its online disclosures in relevant marketing materials, customer contracts, and terms of service. Online disclosure should include the following information:
The Commission notes that the majority of parties are in agreement that actions by ISPs that result in outright blocking of access to content would be prohibited under section 36 unless prior approval was obtained from the Commission. The Commission finds that where an ITMP would lead to blocking the delivery of content to an end-user, it cannot be implemented without prior Commission approval. Approval under section 36 would only be granted if it would further the telecommunications policy objectives set out in section 7 of the Act. Interpreted in light of these policy objectives, ITMPs that result in blocking Internet traffic would only be approved in exceptional circumstances, as they involve denying access to telecommunications services.
Third, paid prioritization - which would result in two-tier speeds based on payment - would face a very tough regulatory road in Canada. Section 27(2) of the Telecommunications Act provides that:
No Canadian carrier shall, in relation to the provision of a telecommunications service or the charging of a rate for it, unjustly discriminate or give an undue or unreasonable preference toward any person, including itself, or subject any person to an undue or unreasonable disadvantage.
The CRTC has confirmed that this provision applies to Internet services. The statutory language, which incorporates unjust discrimination, undue preferences, and unreasonable prefrences is clearly broader in scope than the proposed FCC Open Internet order. As for its application to net neutrality issues, the CRTC's ITMPs note that:
Where an ITMP does result in discrimination or preference, the Commission considers that establishing that the ITMP is carefully designed and narrowly tailored is important in an evaluation of whether or not the discrimination or preference is unjust or undue.
The framework for analysis requires the ISP to:
Describe the ITMP being employed, as well as the need for it and its purpose and effect, and identify whether or not the ITMP results in discrimination or preference. In the case of an ITMP that results in any degree of discrimination or preference:
Paid prioritization would face an uphill battle under this analysis. Moreover, the slow lane of Internet traffic might also face regulatory challenges were an ISP to slow down content in order to create a difference between the two delivery speeds. The Commission has ruled that:
In the case of time-sensitive audio or video traffic (i.e. real-time audio or video such as video conferencing and voice over Internet Protocol (VoIP) services), ITMPs that introduce delays or jitter15 are likely to cause degradation to the service. The Commission considers that when noticeable degradation occurs, it amounts to controlling the content and influencing the meaning and purpose of the telecommunications in question. Accordingly, the Commission finds that use of an ITMP resulting in the noticeable degradation of time-sensitive Internet traffic will require prior Commission approval under section 36 of the Act.
While Canadian businesses operating in the U.S. market will be affected by the potential loss of net neutrality (creating a potential trade barrier), the Canadian Internet market remains subject to CRTC rules, not the proposed FCC Open Internet order. Canadian ISPs might always try test the CRTC rules with paid prioritization (much like they are testing mobile video), but for the moment the CRTC's net neutrality rules are stronger than those in the U.S.
The CRTC has also left no doubt that it has the power to regulate net neutrality. By contrast, in the U.S., the FCC has botched the issue by treating the Internet as an information service rather than as a communication service. With that statutory background, the Commission adopting a consumer-oriented perspective, and the government seemingly willing to continue its battle against the major telecom companies, Canada may have a competitive advantage when it comes to net neutrality.
It started innocuously enough with the House of Commons Committee on Industry, Science and Technology releasing its long-awaited report on intellectual property in Canada in March 2013. The report included a recommendation that Canada ratify several international patent and trademark treaties, which came as a surprise (particularly to opposition members of parliament) since no witness had raised the issue before the committee.
Within weeks, the government accepted the recommendation and one year later it moved to ratify the treaties with scant debate or discussion. Yet the ratification of five intellectual property treaties about which few Canadians have ever heard and that seem certain to increase fees for business was only the start.
Indeed, earlier this month, the government quietly included provisions in the budget implementation bill that will radically overhaul Canadian trademark law. My weekly technology law column (Toronto Star version, homepage version) notes those changes have not been subject to any serious debate, discussion or public consultation.
Unlike copyright and patent laws, which are focused on striking a policy balance between access and protection, the primary purpose of trademark law is consumer protection. Since consumers often rely on trademarks as an easy means of identifying a product or service (prominent examples include the Nike swoosh or McDonald's golden arches), trademark protection helps limit confusion and potential consumer harm.
Given the link between trademarks and consumer protection, it should come as little surprise to find that a key requirement for trademark protection is "use" of the mark. If a company is not using the trademark, there is little risk of confusion and therefore no need for protection.
Legal cases dating back more than one hundred years have long emphasized the importance of use in order to properly register a trademark. A recent Supreme Court of Canada decision confirmed that "while the Trade-marks Act provides additional rights to a registered trade-mark holder than were available at common law, registration is only available once the right to the trade-mark has been established by use."
Despite the long legal history requiring use, the Canadian government is planning to drop the need for use in order to register trademark. If the provisions in the budget implementation bill are enacted, trademarks will be available to signs (which the law says includes everything from words and names to sounds and smells) that are either used or proposed to be used.
The trademark law community has reacted with alarm to the planned changes.
Experts note that the change may be unconstitutional because a system no longer based on use may unduly encroach on property and civil rights, which falls under provincial jurisdiction. Moreover, many believe that the changes will result in sharply increased costs for Canadian business since the reforms will create considerable legal uncertainty, likely causing a spike in challenges to proposed trademarks.
The reforms also seem to open the door to "trademark trolls", who could scoop up dozens of unused, proposed trademarks with plans to pressure legitimate businesses to pay up in order to release the trademarks for actual use.
With some in the intellectual property community warning that "instead of simplifying steps for businesses, the Bill proposes a much less useful Register, higher investigation costs, and shifts the onus to police over-reaching to businesses, as opposed to the Trademarks Office", Industry Minister James Moore has surprisingly succeeded in proposing changes that are both anti-business and anti-consumer. That may be a boon for a few lawyers, but the business community has been left wondering how trademark reforms that no one seems to have requested found their way into a budget implementation bill.
As I noted in a post yesterday, Access Copyright has filed its response to the Copyright Board of Canada's series of questions about fair dealing and education in the tariff proceedings involving Canadian post-secondary institutions. Yesterday's post focused on how Access Copyright has urged the Copyright Board to ignore the Supreme Court of Canada's ruling on the relevance of licences to a fair dealing analysis. Today's post examines the collective's response to the Copyright Board's question on the effect of the fair dealing legislative change in Bill C-32/C-11. Access Copyright engages in revisionist history as it seeks to hide its extensive lobbying campaign that warned that the reforms would permit mass copying without compensation.
For two years during the debates over the bill, Access Copyright stood as the most vocal opponent of the expansion of the fair dealing purposes to include education. Given its frequent public comments and lobbying efforts on the bill, one would think its response to the Copyright Board, would be pretty straight-forward. For example, it created a copyright reform website - CopyrightGetitRight.ca - that warned:
the education exception will permit mass, industrial-scale copying (equivalent to millions of books every year) without compensation to the creators and publishers who invested their creativity, skill, money and effort to produce this content.
In the 2010 digital economy consultation, Access Copyright told the government much the same thing:
New exceptions, which create a sudden increase in uncompensated uses of works, will result in significant lost sales and millions of dollars in revenue losses to Canadian content owners from collective licences alone.
Maureen Cavan, then the executive director of Access Copyright said:
Schools wonât have to pay to make reproductions of textbooks and other materials developed to meet the requirements of provincial curricula...the education exceptions may permit mass, high-volume copying (equivalent to millions of books every year) without compensation to the creators and publishers who invested their creativity, skill, money and effort to produce this content.
Access Copyright was asked during the Bill C-32 committee hearings to specify the likely cost. Roanie Levy, the current Access Copyright executive director, responded:
Based on our study, we believe that about $60 million is at risk as a result of the scope of fair dealing in the education sector, as well as other education-related exemptions provided for in Bill C-32. This is revenue that COPIBEC and Access Copyright collects today for the copying of a chapter here, a page there, for the distribution of works in class, for the use of works in exams. It also includes the royalties that certain film distributors collect from the education sector.
So we're talking about a minimum of $60 million at risk, but you also have to consider that, when a use or reproduction becomes free of charge, an increase in that type of reproduction follows. There will also be a revenue shortfall that will be more difficult to quantify as a result of a decline in sales of texts intended for schools.
Unequivocal positions, which the government rejected by adding education as a fair dealing purpose with no limitations or restrictions.
Yet when Access Copyright is now asked about the effect of the change, it claims that the legislative change that it once warned would cost $60 million was not a change at all. Instead, its response to the Copyright Board is that the legislative change did not change the law but rather codified the existing law as expressed in the Supreme Court of Canada fair dealing decisions. For example, its response includes the following:
In effect, the majority of the Supreme Court of Canada jurisprudentially expanded the meaning to be afforded "research" and "private study" to include instruction. This decision expanded what was once understood to be limited allowable purposes of private study and research to include copying performed for the purpose of instruction or education. This expansion of the allowable fair dealing purposes was later codified in the amendments to section 29 of the Act. The coming into force of the statutory amendment in November 2012 did not serve to further expand fair dealing because the Supreme Court of Canada had already interpreted the exception as including that purpose. Simply put, and contrary to the apparent position taken by a number of educational users that the legislative amendments further expanded fair dealing in education, the legislative inclusion of education as an express allowable fair dealing purpose simply now accords with the jurisprudence.
There are at least two obvious problems with Access Copyright's attempt to revise history. The first is its record - in the media, in lobbying campaigns, and before Parliament - that the fair dealing reform in the bill was a significant change that would "permit mass, industrial-scale copying (equivalent to millions of books every year) without compensation to the creators and publishers."
The second is that Access Copyright is attempting to deceive the Copyright Board by suggesting that the legislation came after the Supreme Court of Canada decisions. As it well knows, the Supreme Court of Canada decisions actually came two weeks after Bill C-11 received royal assent. Access Copyright deceptively uses the coming into force date to misleadingly suggest that the law simply codified the court's decisions, when the court's decisions predated the legislative reform. Bill C-11 could not have codified the Supreme Court rulings since the bill passed the House of Commons, the Senate and received royal assent before the release of the Access Copyright decision by the Supreme Court.
Why is Access Copyright attempting to revise history? Once again, the reasons are obvious. First, the government would not have added education to the fair dealing purposes if it had no meaning at all. Rather, it was clearly the government's intent to expand the scope of fair dealing to cover more than research and private study. Second, Access Copyright is seeking to deflect attention from the fact that it has already told everyone what it thinks the legislation means. To again repeat its own words from the advocacy site it used to encourage people to speak out about the bill, the reforms "permit mass, industrial-scale copying (equivalent to millions of books every year) without compensation to the creators and publishers."
Access Copyright has filed its response to the Copyright Board of Canada's series of questions about fair dealing and education in the tariff proceedings involving Canadian post-secondary institutions. I have several posts planned about the 40 page response, which continues the copyright collective's longstanding battle against fair dealing. This one focuses on Access Copyright's astonishing effort to urge the Copyright Board to reject the Supreme Court of Canada's clear ruling on the relevance of licensing within the context of fair dealing.
Access Copyright has frequently argued that the availability of a licence should trump fair dealing. For example, in the 2001 copyright consultation it stated:
As a rule, where collective licensing is in place there should be no exception or limitation to a right for which the holder has a legitimate interest. As defined in the Act, anytime that a licence to reproduce a work is available from a collective society within a reasonable time, for a reasonable price and with reasonable effort, it is commercially available.
Access Copyright reiterated its position in its 2003 intervention in the Law Society of Upper Canada v. CCH Canadian case. It argued:
Copibec and Access Copyright submit that the obtaining of photocopy licences, when they are offered by collective societies that are authorized by copyright owners to grant licences on their behalf, is an established and readily available alternative to the dealing. Where collective societies have created a workable market for institutional users to obtain licences for the right to reproduce works protected by copyright, courts should acknowledge that the reproduction of such works, absent a licence, will generally affect the potential market for those works, and take this factor into account in any analysis of whether a dealing is "fair."
The Supreme Court of Canada proceeded to directly respond to the Access Copyright argument in its CCH decision. The unanimous court ruled:
The availability of a licence is not relevant to deciding whether a dealing has been fair. As discussed, fair dealing is an integral part of the scheme of copyright law in Canada. Any act falling within the fair dealing exception will not infringe copyright. If a copyright owner were allowed to license people to use its work and then point to a person's decision not to obtain a licence as proof that his or her dealings were not fair, this would extend the scope of the owner's monopoly over the use of his or her work in a manner that would not be consistent with the Copyright Act's balance between owner's rights and user's interests.
That is about as clear cut as you can get: Access Copyright directly raised an argument and the Court unanimously rejected it. So what does Access Copyright do in its brief to the Copyright Board? Go right back to the same argument that the Supreme Court rejected:
In the digital age, the availability of a licence â whether from the rightsholder directly or from the collective that represents the rightsholder â has to be a consideration as to whether there is an alternative to the dealing. (The commercialization of works in a digital environment is done through the issuance of licences as opposed to the sale of physical copies of works.) In this case, a licence is clearly available from Access Copyright: the works in issue are all in Access Copyrightâs repertoire. Further, the evidence filed by Access Copyright establishes that licences for the exact excerpt of the works that have been copied are available for purchase from the publishers. Given these alternatives, the copying purportedly permitted by the Policies is unfair.
Unfortunately, this example is only one of many misleading or inaccurate claims in the Access Copyright brief. More on its effort to deceive the board on the timing of the Supreme Court of Canada's fair dealing decisions and the government's expansion of fair dealing in Bill C-11 in a post tomorrow.
My post and column on the expansion of warrantless disclosure under Bill S-4, the misleadingly named Digital Privacy Act, has attracted some attention and a response from Industry Canada. The department told iPolitics:
"Companies who share personal information are required to comply with the rules to ensure that information is only disclosed for the purpose of conducting an investigation into a contravention of a law or breach of an agreement. For example, self-regulating professional associations, such as a provincial law society, may wish to investigate allegations of malpractice made by a client. When organizations are sharing private information, the Privacy Commissioner can investigate violations and may take legal action against companies who do not follow the rules. This is consistent with privacy laws in British Columbia and Alberta and was recommended by the Standing Committee Access to Information, Privacy and Ethics."
The response may sound reassuring, but it shouldn't be.
First, the Privacy Commissioner of Canada can obviously address complaints regarding companies that do not follow the rules. However, the new rules plainly allow warrantless disclosure of personal information for an investigation into a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed. This broadly worded exception will allow companies to disclose personal information to other companies or organizations without court approval.
Second, the disclosure itself is kept secret from the affected individual, who is unlikely to complain since they will be unaware that their information has been disclosed.
Third, allowing a regulated industry to conduct investigations (such as a provincial law society) is a far narrower issue than the wide open warrantless approach found in the bill.
Fourth, while the Standing Committee on Access to Information, Privacy and Ethics may have recommended a similar reform in 2006, that recommendation was rejected by both the Conservative government and the Privacy Commissioner of Canada. The committee recommendation appears to have come from a single submission from the Canadian Bar Association. The CBA appeared before the committee but was not questioned about the proposal.
The CBA proposal focused specifically on personal information legally available to a party to a legal proceeding. That is much narrower than the Bill S-4 provision.
Yet even that narrower proposal was rejected by the Conservative government in its response to the committee recommendations:
The government notes the Committee's recommendation and acknowledges that it was made in response to concerns expressed by certain stakeholders regarding the need to ensure that PIPEDA does not impede litigation procedures. However, the government does not share the Committee's view that such an amendment is necessary at this time.
The Privacy Commissioner of Canada also publicly opposed the recommendation, which she included among the six issues about which she had particular concerns:
The Canadian Bar Association recommended that the AB and BC Acts both provide clarity in regard to information legally available in a legal proceeding. I do not believe that this issue has posed any great difficulty over the past five years. The OPC has stated in complaints that the access provisions of PIPEDA may be broader than the requirements of discovery, depending on the breadth of documents relevant to a proceeding.
In other words, Bill S-4 contains an expanded version of a provision that one group asked for without facing any questions, that the government rejected when it was proposed, and about which the Privacy Commissioner of Canada expressed particular concern. In response, Industry Canada claims that Canadians can file complaints if the provision is misused, but by definition they will not know that their personal information has been disclosed.
Why the Digital Privacy Act Undermines Our Privacy: Bill S-4 Risks Widespread Warrantless Disclosure
Earlier this week, the government introduced the Digital Privacy Act (Bill S-4), the latest attempt to update Canada's private sector privacy law. The bill is the third try at privacy reform stemming from the 2006 PIPEDA review, with the prior two bills languishing for months before dying due to elections or prorogation.
The initial focus has unsurprisingly centered on the new security breach disclosure requirements that would require organizations to disclose breaches that puts Canadians at risk for identity theft. Security breach disclosure rules are well-established in other countries and long overdue for Canada. The bill fixes an obvious shortcoming from the earlier bills by adding some teeth to the disclosure requirements with the addition of penalties for violations of the law. Moreover, Bill S-4 stops short of granting the Privacy Commissioner full order making power as is found at the provincial level, but the creation of compliance orders has some promise of holding organizations to account where violations occur.
Despite those positive proposed changes to Canadian privacy law, the bill also includes a provision that could massively expand warrantless disclosure of personal information.
The government is already working to expand warrantless disclosure of subscriber information to law enforcement with Bill C-13 (the "cyber-bullying bill") including an immunity provision from any criminal or civil liability (including class action lawsuits) for companies that preserve personal information or disclose it without a warrant. The law currently entrusts companies with a gatekeeper role since it permits them to either voluntarily disclose personal information as part of a lawful investigation or demand that law enforcement first obtain a court order. The immunity provision makes it more likely that disclosures will occur without a warrant since the legal risks associated with such disclosures are removed.
In light of revelations that telecom companies and Internet companies already disclose subscriber information tens of thousands of times every year without a court order, the immunity provision is enormously problematic. Yet it pales in comparison to the Digital Privacy Act, which would expand the possibility of warrantless disclosure to anyone, not just law enforcement. Bill S-4 proposes that:
"an organization may disclose personal information without the knowledge or consent of the individual... if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
Unpack the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law. This applies both past breaches or violations as well as potential future violations. Moreover, the disclosure occurs in secret without the knowledge of the affected person (who therefore cannot challenge the disclosure since they are not aware it is happening).
When might this apply?
Consider the recent copyright case in which Voltage Pictures sought an order requiring TekSavvy to disclose the names and addresses of thousands of subscribers. The federal court established numerous safeguards to protect privacy and discourage copyright trolling by requiring court approval for any demand letters being sent to subscribers. If Bill S-4 were the law, the court might never become involved in the case. Instead, Voltage could simply ask TekSavvy for the subscriber information, which could be legally disclosed (including details that go far beyond just name and address) without any court order and without informing their affected customer.
In fact, the potential use of this provision extends far beyond copyright cases. Defamation claims, commercial battles, and even consumer disputes may all involve alleged breaches of agreements or the law. While the organization with the personal information (telecom companies, social media sites, local businesses) might resist disclosing information without a court order, the law would not require them to do so.
The resulting framework from C-13 and S-4 is stunning from an anti-privacy perspective:
In my first post on Digital Canada 150, Canada's digital strategy, I argued that it provided a summation of past accomplishments and some guidance on future policies, but that it was curiously lacking in actual strategies and goals. Yesterday I reviewed how Canada's universal broadband access target lags behind much of the OECD (Peter Nowak characterizes the target as the Jar Jar Binks of the strategy). The problems with Digital Canada 150 extend far beyond connectivity, however. In comparing the Canadian strategy with countries such as Australia and the United Kingdom, it becomes immediately apparent that other countries offer far more sophisticated and detailed visions for their digital futures. While there is no requirement that Canada match other countries on specific goals, it is disappointing that years of policy development - other countries were 5 to 10 years ahead of Canada - ultimately resulted in a document short on strategy, specifics, and analysis.
For example, compare the clarity of goals between Canada and the Australia strategy:
By 2020, Australia will rank in the top 5 OECD countries in the portion of households that connect to broadband at home.
"Over 98% of all Canadians will have access to high-speed Internet at 5 megabits per second (Mbps) - a rate that enables e-commerce, high-resolution video, employment opportunities and distance education - providing rural and remote communities with faster, more reliable online services."
By 2020, Australia will rank in the top 5 OECD countries in the portion of businesses and not-for-profits using online opportunities to drive productivity improvements, expand their customer base, and enable jobs growth
"Canadian companies, large and small, will use digital tools to boost productivity, develop their businesses and capture growing markets and home and abroad."
By 2020, the majority of Australian households, businesses, and other organizations will have access to smart technology to better manage their energy use.
No discussion of energy use.
By 2020, 90% of high prority consumers (older Australians, babies, etc.) will have access to individual electronic health records.
No discussion of health records. Closest goal is "Canada will be one of the global leaders in applying 'big data' to change how we think about and carry out health care, research and development, as well as the myriad of activities of business and government."
By 2020, Australia schools will have connectivity to develop and collaborate on innovative and flexible educational services and resources to extend online learning resources to the home and workplace
No discussion of schools (only reference is to support for Computers for Schools program).
By 2020, Australia will have at least doubled its level of teleworking so that at least 12% of Australian employees report having teleworking arrangements with their employer
No discussion of teleworking.
By 2020, 80% of Australians will choose to engage with the government through the Internet or other type of online service.
"The Government of Canada will be a leader in using digital technologies to interact with Canadians, making it simpler and quicker to access services and information online."
By 2020, gap between households and businesses in capital cities and those in regional areas will have narrowed significantly
No discussion of urban vs. rural divide.
The Canadian strategy simply ignores many key areas commonly found in digital strategies such as telework, telehealth, and education. Moreover, even where the strategy addresses similar issues there are few targets that can be used to measure success. Instead, the Canadian strategy frequently talks generically about being a "leader".
Not only does the Australia strategy establish measurable goals, it openly discusses where the country stands and why action is needed. For example, the strategy examines Internet usage data, noting that:
"About 26 per cent of Australians 15 years or over did not use the internet in 2008â09. This figure is much higher for retired persons, low-income earners,â¨ Indigenous Australians and those living in remote areas."
There are similar statistics available in Canada. Internet use among the richer half of the country is actually over 90 per cent with the top quartile of household income at 94.5 per cent and the second quartile at 90.2 per cent. Internet use among the bottom quartile of Canadians stands at only 62.5 per cent (the third quartile is 77.8 per cent). The digital divide remains consistent across all demographics with wealthier households far likelier to use the Internet than poorer ones regardless of their age.
Last year, the Australian government released a 152 page update on its strategy, identifying dozens of actions that had been taken or that were underway. In addition to cybercrime initiatives similar to those in Canada, actions included developing a new curriculum for technologies and promoting the adoption of cloud computing in Australia. The update also provided data on whether the government was meeting its target goals.
The United Kingdom's Digital Britain report, which dates back to 2009 and is 245 pages length (roughly 10 times the size of Digital Canada 150), is even more extensive. For example, on the issue of connectivity, it discusses both access and affordability, recognizing that access alone is insufficient. To address affordability, it proposed a 300 million pound Home Access program for low income families. Digital Britain also discusses the future of its public broadcaster, the BBC, to address how it can remain relevant in the online world. There is no reference to the CBC in Digital Canada 150. Digital Britain also reaches into issues such as health, transport, energy, and education, areas largely ignored in Digital Canada 150. Moreover, Digital Britain has been followed by Digital Britain One and Digital Britain Two, both focused specifically on enhancing government online.
Digital Canada 150 need not be identical to the strategies found in Australia, the United Kingdom or any of the other myriad of countries that have released digital strategies. Yet after years of waiting, it is not unreasonable to expect something more than 26 pages that is focused primarily on past accomplishments, establishes few measurable goals, and ignores crucial areas such as affordability of computers and connectivity, health care, energy, and education.
The release of Digital Canada 150, the federal government's long-awaited digital strategy, included a clear connectivity goal: 98 percent access to 5 Mbps download speeds by 2019. While the government promises to spend $305 million on rural broadband over the next five years and touts the goal as "a rate that enables e-commerce, high-resolution video, employment opportunities and distance education", the reality is that Canada now has one of the least ambitious connectivity goals in the developed world.
Just how badly does the government's connectivity ambitions compare to other OECD countries? Consider just some of the target speeds from other countries as compiled three years ago by the OECD:
100% access to 25 Mbps
100% premises, 93% homes, schools and business to 100 Mbps Denmark
100% access to 100 Mbps
99% within 2 km of network permitting 100 Mbps Germany
75% access to 50 Mbps
100% household access to 100 Mbps Hungary
100% access to 30 Mbps Luxembourg 2020
100% access to 1 Gbps Slovak Republic 2020
100% access to 30 Mbps Sweden 2020
90% access to 100 Mbps United States
100% access to 4 Mbps
Not only is the target speed low compared to many other countries (the U.S. being the notable exception), but the goal of universal broadband access comes years after other countries put similar policies into place. For example, other countries with universal access targets include:
Universal Access Target Year
2015 (rural speeds at least 50% of city speeds)
The Canadian target of 2019 is later than all of these countries, some by more than a decade. In fact, the government's target date is far later than the Canadian Radio-television and Telecommunications Commission, which set a 2015 deadline with the same speed goal. Unfortunately, the lack of ambition is not limited to connectivity. More on how the Canadian digital strategy pales in comparison to peer countries by largely omitting key issues such as affordability, education, tele-health, and energy in a post tomorrow.
Four years after the Canadian government first announced plans to develop a digital economy strategy, Industry Minister James Moore traveled to Waterloo, Ontario, Friday for the release of Digital Canada 150. The long-awaited strategy document identifies five key areas for policy development: connecting Canadians, protecting the online environment, developing commercial opportunities, digital government, and Canadian content.
My weekly technology law column (Toronto Star version, homepage version) argues the release of Digital Canada 150 succeeds on at least three levels. First, it puts to rest the longstanding criticism that the government is uninterested in digital issues. Moore quickly emerged as the governmentâs digital leader after taking the reins at Industry Canada, promptly focusing on wireless competition, spam regulation, and now a digital strategy. After years of complaints that the digital strategy issue was Ottawa's equivalent of the "Penske File" - all talk and no action - Moore has acted.
Second, Digital Canada 150 demonstrates that the federal government has been more engaged on digital issues in recent years than is generally appreciated. Indeed, much of the document is presented as a report card, with the requisite check boxes on numerous legislative initiatives (copyright and trademark reform, spam), regulatory developments (wireless competition), and program funding (rural broadband, digital media). The message is clear: the broader strategy document may have been missing, but digital issues were not forgotten.
Third, Moore's document provides some guidance on future policy development. While there are few surprises, there is confirmation that the government plans to introduce private sector privacy reform, invest in rural broadband, introduce regulations on crypto-currencies, continue its welcome emphasis on open data, and push through lawful access legislation that has been framed as a "cyber-bullying" bill.
Despite these successes, Digital Canada 150 ultimately suffers from some notable omissions. For a strategy document, it is curiously lacking in actual strategy. The government updates Canadians on what it has done and provides some insight into what it plans to do, but there are few new strategies articulated.
Measurable targets and objectives typically guide strategy documents, yet there are not many to be found in Digital Canada 150. In fact, the most obvious target - 98 percent broadband access of 5 Mbps - is slower than many comparable targets around the world and comes years later than the Canadian Radio-television and Telecommunications Commission's stated goal for the same level of Internet connectivity.
Further, the document never links together digital policies with other government initiatives in a strategic manner. The government has emphasized its international trade agenda, but there is no effort to link trade agreements with a strategy to bring Canadian business online to market and sell to a global marketplace. Similarly, Canadian foreign policy has adopted strong positions against authoritarian regimes, yet there is no strategy that combines that policy with one that prohibits the export of censorship technologies to those countries that repress free speech.
Digital Canada 150 is also largely silent on the issue of investing in the online environment. The recent spectrum auction generated billions of dollars in revenue, but there are seemingly no plans to directly invest the "digital dividend" on digital issues.
Most disappointingly, Digital Canada 150 lacks a big picture goal or target that might have made the whole greater than the sum of its parts. There was no shortage of possibilities such as a national digital library to revolutionize access in schools and communities, a rethinking of Canadian surveillance policy so that mounting fears of widespread surveillance of individuals might be addressed, structural separation of Internet providers or a plan to join forces with the private sector to bring affordable access and computing equipment into every home in Canada.
These were the types of initiatives that might have captured the public's imagination and put an identifiable face on a broader strategy document. Instead, four years of waiting has yielded a modest vision of Canadaâs digital future that frequently focuses more on what the government has done than on where it wants to go. Moore deserves credit for bringing the strategy to the finish line, but given the remarkable possibilities created by the Internet and new technologies, many Canadians were likely hoping for more.
The U.S. Trade Representative issued its annual Foreign Trade Barrier Report on Monday. In addition to identifying the geographical indications provisions in the Canada - EU Trade Agreement, telecom foreign ownership rules, and Canadian content regulations as barriers, the USTR discussed regulations on cross-border data flows. I wrote about the issue recently, noting that the Canadian government restricted access to its single email initiative to Canadian-based hosting.
The USTR picks up on the same issue in its report:
The strong growth of cross-border data flows resulting from widespread adoption of broadband-based services in Canada and the United States has refocused attention on the restrictive effects of privacy rules in two Canadian provinces, British Columbia, and Nova Scotia. These provinces mandate that personal information in the custody of a public body must be stored and accessed only in Canada unless one of a few limited exceptions applies. These laws prevent public bodies such as primary and secondary schools, universities, hospitals, government-owned utilities, and public agencies from using U.S. services when personal information could be accessed from or stored in the United States.
The Canadian federal government is consolidating information technology services across 63 email systems under a single platform. The request for proposals for this project includes a national security exemption which prohibits the contracted company from allowing data to go outside of Canada. This policy precludes some new technologies such as "cloud" computing providers from participating in the procurement process. The public sector represents approximately one-third of the Canadian economy, and is a major consumer of U.S. services. In todayâs information-based economy, particularly where a broad range of services are moving to "cloud" based delivery where U.S. firms are market leaders; this law hinders U.S. exports of a wide array of products and services.
This issue bears watching given the growing momentum for localized data hosting conflicting with provisions in the Trans Pacific Partnership that would seek to restrict such provisions.
The lawful access fight of 2012, which featured then-Public Safety Minister Vic Toews infamously claiming that the public could side with the government or with child pornographers, largely boiled down to public discomfort with warrantless access to Internet subscriber information. The government claimed that subscriber data such as name, address, and IP address was harmless information akin to data found in the phone book, but few were convinced and the bill was ultimately shelved in the face of widespread opposition.
My weekly technology law column (Toronto Star version, homepage version) notes the government resurrected the lawful access legislation last year as a cyber-bullying bill, but it has been careful to reassure concerned Canadians that the new powers are subject to court oversight. While it is true that Bill C-13 contains several new warrants that require court approval (albeit with a lower evidentiary standard), what the government fails to acknowledge is that telecom companies and Internet providers already hand over subscriber data hundreds of times every day without court oversight. In fact, newly released data suggests that the companies have established special databases that grant law enforcement quick access to subscriber information without a warrant for a small fee.
The latest data comes from a government response to NDP MP Charmaine Borg's effort to obtain information on government agencies requests for subscriber data. While many agencies refused to disclose the relevant information, Canada Border Services Agency revealed that it had made 18,849 requests in one year for subscriber information including geo-location data and call records.
The CBSA obtained a warrant in 52 instances with all other cases involving a simple request without court oversight. The telecom and Internet providers fulfilled the requests virtually every time - 18,824 of 18,849 - and the CBSA paid a fee of between $1.00 and $3.00 for each request.
The CBSA revelations follow earlier information obtained under the Access to Information Act that the RCMP alone made over 28,000 requests for subscriber information in 2010 without a warrant. These requests go unreported - subscribers don't know their information has been disclosed and the Internet providers and telecom companies aren't talking either.
The recent disclosures also reveal that the telecom companies have established law enforcement databases that provide ready access to subscriber information in a more efficient manner. For example, the Competition Bureau reports that it "accessed the Bell Canada Law Enforcement Database" 20 times in 2012-13.
The absence of court oversight may surprise many Canadians, but the government actively supports the warrantless disclosure model. In 2007, it told the Privacy Commissioner of Canada that an exception found in the private sector privacy law to allow for warrantless disclosure was "designed to allow organizations to collaborate with law enforcement and national security agencies without a subpoena, warrant or court order." The cyber-bullying bill further supports the warrantless disclosure model since it contains a provision that grants Internet providers and telecom companies full immunity from any civil or criminal liability for voluntarily disclosing subscriber information.
While much of the warrantless disclosure data remains shrouded in secrecy - many government departments refuse to divulge details about their practices and the telecom companies and Internet providers have declined requests to come clean - the latest revelations confirm fears that subscriber information is disclosed tens of thousands of times every year without court oversight.
The law may grant the companies the right to disclose subscriber information without a warrant, but the pervasive warrantless disclosure is still deeply troubling and represents an abdication of their responsibility to safeguard the privacy interests of their subscribers.
The debate over Bill C-13, the government's latest lawful access bill, is set to resume shortly. The government has argued that the bill should not raise concerns since new police powers involve court oversight and the mandatory warrantless disclosure provisions that raised widespread concern in the last bill have been removed. While that is the government's talking points, I've posted on how this bill now includes incentives for telecom companies and other intermediaries to disclose subscriber information without court oversight since it grants them full civil and criminal immunity for doing so. Moreover, newly released data suggests that the telecom companies don't seem to need much of an incentive as they are already disclosing subscriber data on thousands of Canadians every year without court oversight.
This week, the government responded to NDP MP Charmaine Borg's request for information on government agencies requests to telecom providers for customer information. The data reveals that the telecom companies have established law enforcement databases that provides ready access to subscriber information. For example, the Competition Bureau reports that it "accessed the Bell Canada Law Enforcement Database" 20 times in 2012-13. The wording may be important, since the Bureau indicates that it accessed the information, rather than Bell provided it. It is not clear what oversight or review is used before a government agency may access the Bell database.
The Canada Border Services Agency report featured the biggest numbers with 18,849 requests in one year for subscriber information including geolocation data and call records. The CBSA obtained a warrant in 52 cases with all other cases involving a simple request without court oversight. The telecom providers fulfilled the requests virtually every time - 18,824 - and the CBSA paid between $1.00 and $3.00 per request. The RCMP presumably has far higher numbers, but it says that it does not keep track in a centralized database (an earlier access to information request revealed even bigger numbers).
While this data provides only a glimpse at warrantless disclosure of subscriber information, it confirms fears that telecom companies provide such information tens of thousands of times every year without court oversight (and perhaps without even internal oversight if access to a database is granted). The law may grant telecom companies the right to disclose subscriber information without a warrant, but the pervasive warrantless disclosure is deeply troubling and represents an abdication by telecom providers of their responsibility to safeguard the privacy of their subscribers.
The Government of Quebec has lost its complaint over the domain name Quebec.com. In a unanimous panel decision that included Copyright Board of Canada board member Nelson Landry, the government failed to demonstrate bad faith and raised questions about why it waited 15 years to launch a complaint.
Earlier this month, the U.S. government surprised the Internet community by announcing that it plans to back away from its longstanding oversight of the Internet domain name system. The move comes more than 15 years after it first announced plans to transfer management of the so-called IANA function, which includes the power to add new domain name extensions (such as dot-xxx) and to alter administrative control over an existing domain name extension (for example, approving the transfer of the dot-ca domain in 2000 from the University of British Columbia to the Canadian Internet Registration Authority).
My weekly technology law column (Toronto Star version, homepage version) notes the change is rightly viewed as a major development in the ongoing battle over Internet governance. Yet a closer look at the why the U.S. is embarking on the change and what the system might look like once the transition is complete, suggests that it is not relinquishing much power anytime soon. Rather, the U.S. has ensured that it will dictate the terms of any transfer and retain a "super-jurisdiction" for the foreseeable future.â¨
Day-to-day administration of the domain name system is currently managed by the Internet Corporation for Assigned Names and Numbers (ICANN), a U.S.-based non-profit company that operates under a contract with the U.S. government. Critics argue that this means that the U.S. retains final authority over key Internet governance decisions. â¨â¨
The United Nations and supporting governments have attempted to loosen U.S. control on several prior occasions without success. Despite those failures, the U.S. now voluntarily says it will walk away from its oversight power, tasking ICANN with developing a transition plan that must "support and enhance the multistakeholder model." The U.S. adds that it will not accept a proposal based on a government-led or an inter-governmental organization solution, short-circuiting any hopes the U.N. might have had for assuming control.â¨â¨
Why is the U.S. proposing to walk away now? In recent months, there has been growing momentum to revisit the issue, triggered by the Edward Snowden revelations of widespread Internet surveillance. Although NSA surveillance has no real connection to Internet governance - the management of the domain name system is not typically a surveillance target - the issue has galvanized many countries and groups who sense an opportunity for change. By forcing the issue, the U.S. has successfully seized the agenda and set the conditions for a transfer of power.
While a transfer would be perceived by many to represent a change in control, the reality is that the U.S. will not be relinquishing much power even when (or if) the transition occurs. In the years since the U.S. first indicated that it would shift away from Internet governance, it has steadily erected jurisdictional authority over a considerable portion of the Internet infrastructure. â¨â¨
For example, in 2009 the U.S. and ICANN entered into an agreement that institutionalized "the technical coordination of the Internet's domain name and addressing system." That document included a commitment for the U.S. to remain involved in the Governmental Advisory Committee (GAC), the powerful body within ICANN that allows governments to provide their views on governance matters. It also contained an ICANN commitment to remain headquartered in the U.S., effectively ensuring ongoing U.S. jurisdiction over it.
â¨Not only is the U.S. able to assert jurisdiction over ICANN, but it has also asserted jurisdiction over all dot-com, dot-net, and dot-org domain names. In 2012, a U.S. court ordered the seizure of a dot-com domain that was registered in Canada with no U.S. connection other than the location of the domain name registry. This effectively means the U.S. retains jurisdiction over half of all domain name registrations worldwide regardless of where they are registered or who manages the system.â¨â¨
The U.S. might transition away from the current model (though the initial 2015 date seems ambitious), but much of its jurisdictional power will remain largely unchanged. The latest announcement has the potential to fulfill a promise made nearly two decades ago, but skeptics can be forgiven for suspecting that power over Internet governance will remain firmly rooted in the U.S. no matter how the issue is resolved.
Other key sites