Home » Policy

Privacy

Privacy policy, and the interaction of privacy protection with other policy.

Privacy/security battleground in your computer, not just on network and in cloud

I want to highlight and frame something said by Christopher Parsons in a recent interview on CDNTech network.  When asked about encryption (time 6:12), he clarified that surveillance will most often involve going around encryption, such as by installing malware on the computer of the person being surveilled.  The alternative would be to intercept the communication on the network or as stored in the cloud, and try to decrypt.

This should point to an often forgotten truth:  that the question of who controls your computer is just as, if not more, important than how Internet Access Providers (IAP's) or services (Facebook, Google, etc) are regulated when it comes to protecting your rights and interests.

Access to Information, Privacy and Ethics (ETHI) to study Google Street View?

A study on Street Imaging Applications (Google, Canpages, etc.) has been launched by the Standing Committee on Access to Information, Privacy and Ethics (ETHI). This appears to directly follow meeting where the privacy commissioner was a witness.

Supreme Court understands that you don't control what is in your cache

In R. v. Morelli, 2010 SCC 8 the following statement was made on behalf of the majority (McLachlin C.J. and Binnie, Abella and Fish JJ)

[36] On my view of possession, the automatic caching of a file to the hard drive does not, without more, constitute possession. While the cached file might be in a “place” over which the computer user has control, in order to establish possession, it is necessary to satisfy mens rea or fault requirements as well. Thus, it must be shown that the file was knowingly stored and retained through the cache.

Ontario's Privacy Commissioner is a DRM advocate?

I thought I would point people to a discussion following a podcast interview that Jesse Brown did of the Ontario Privacy Commissioner. It turns out that she wishes to use DRM technology to enforce "privacy", something many of us will understand to be counter-productive.

Privacy Commissioner should investigate ISP web surveillance: CIPPIC

The following press release is from CIPPIC. For people wanting to learn more about these harmful activities, they may wish to listen to recent Security Now podcasts: 149: ISP Privacy, 151: Frakking Phorm, 153: Bad Phorm.

OTTAWA – The Canadian Internet Policy and Public Interest Clinic (CIPPIC), based at the University of Ottawa, Faculty of Law, has asked the Office of the Privacy Commissioner to open an investigation into the internet service provider (ISP) industry’s controversial new practice of profiling users online to target them with advertising.

Canada’s Privacy Community Calls for Copyright Consultation

Canada’s Privacy Community has written to the Ministers responsible for Canadian copyright policy, urging them to consult broadly prior to introducing copyright legislation that may undermine Canadians’ privacy and security rights. The letter follows earlier correspondence from the Privacy Commissioner of Canada that observed that any copyright bill that includes anti-circumvention laws and ISP subscriber data retention obligations would raise significant privacy concerns for Canadians.

Open Letter from Federal Pivacy letter on possible amendments to the Copyright Act

The Privacy Commissioner of Canada, Jennifer Stoddart, sent a letter to the Honourable Jim Prentice, Minister of Industry and the Honourable Josée Verner, Minister of Canadian Heritage, regarding possible amendments to the Copyright Act. The letter further referenced the document Fact Sheets: Digital Rights Management and Technical Protection Measures.

CIPPIC calls for public registry of data breaches

From CIPPIC.

CIPPIC calls for Public Registry of Data Breaches and Limits to Online Collection of Kids’ Data

Responding to a federal government consultation on reform of data protection law, the Canadian Internet Policy and Public Interest Clinic (“CIPPIC”) is calling for the establishment of a centralized, electronic registry of corporate data breaches that would be publicly-accessible. CIPPIC is a legal clinic based at the University of Ottawa, Faculty of Law.

Last few days of data breach consultation

The deadline for Industry Canada's PIPEDA consultation is January 15th.

Geist: Private Email Not Always Hush Hush

Michael Geist's weekly technology law column (Toronto Star version, Homepage version) focuses on a recent case in which a British Columbia court ordered Hush Communications to decrypt hundreds of emails and to send them to the U.S. law enforcement officials. Faced with a valid court order, the company complied, shipping 12 CDs filled with unencrypted personal email to investigators in California. The case challenges several myths that have developed about privacy, law enforcement, and the Internet.

Syndicate content