Sunday, November 07, 2004

CIPPIC complaint raises a number of novel and interesting issues

The Canadian Internet Policy and Public Interest Clinc (CIPPIC) has complained to the Privacy Commissioner of Canada against an American company that harvests databases and public records to produce reports that include, in some cases, supposed psychosexual profiles. Accusearch (d/b/a/, which a takes a dim view of "privacy fanatics", is said to aggressively mine databases to produce their background checks, physchological profiles and the like.

CIPPIC, in its complaint filed in June, is alleging that Abika is collecting, using and disclosing the personal information of Canadians without consent, in violation of PIPEDA. The complaint also alleges that Abika violates the accuracy principle of PIPEDA by producing inaccurate reports.

This complaint is likely important in that the Commissioner will be forced to consider whether the activities of a US company, operating in the US, may violate PIPEDA. Of course, the next question is whether the Commissioner or the complainant can do anything about it.

For more info, see the Canadian Press report: Yahoo! News - U.S. firm's sale of personal data about Canadians sparks complaint.

The following is from the CIPPIC website, including a link to their complaint. (June 9, 2004)

After researching this online private investigation service, CIPPIC filed a complaint with the federal Privacy Commissioner alleging that the company's entire service is based on fundamental and widespread violations of privacy legislation. collects often highly sensitive personal information from various sources, and sells it to anyone willing to pay the associated fee.

Update: See also London Free Press: Firm under fire for privacy breach: A U.S. company sells personal information on Canadians' habits.

Update: On the first version of this posting, I mistakenly attributed the complaint to the Public Interest Advocacy Centre.


Person to Person Search said...

The complaint filed has false allegations and is due to a personal vandetta of Ms. Philippa Lawson. Nearly all her allegations are false. is a Person to Person search engine and and just like any other search engine finds whatever data is found on any individual in cyberspace. has developed new technology that gets very targeted results. does not maintain any databases on anyone. Ms. Lawson has selectively chosen to sensetionalize the issue. If she is honest she should release her full profile with supporting facts and not selectively mention items that are sensational. An honest person without any ulterior motive would present an unbiased review of the profile that she ordered. works within the framework of the law and on the issue of Privacy please consider the following facts.

Unrestricted flow of information is the life of democracies. Our founding fathers emphasized on the freedom of speech so that there is enough discussion and information available to people when making a choice to elect who will govern and that those who are elected stay honest and transparent and it has worked. If it works on the macro level it sure can work on the micro level. The only way there can be a big brother institution is if information is only available to a select few. If information if widely available to everyone then there cannot be any big brother institution. The more information available about people the lower the risk in dealing with other people. In most instances little information is more harmful than full information. If information is widely available then facts can generally be verified through many different sources and there are less chances of inaccuracies. Lack of information on people is what breeds fear and ignorance. The more people know about other people the better their relations with other people. The more people know about other people the better decisions they can make. Honest people have nothing to fear from the free flow of information as they have no need to hide anything. The most productive societies are free societies where there are the least restrictions on people's information.

A newspaper is not liable under the federal Driver's Privacy Protection Act for publishing an accident report prepared by state police, a federal court has ruled. (Mattivi v. Russell, Aug. 2, 2002.) This is one of several recent decisions in which courts have rejected attempts to expand the reach of the privacy protection act.

Central City, Colo., Mayor Donald Mattivi was involved in a single-car accident. He was cited by a state patrol officer for driving under the influence of alcohol and reckless driving. When the Weekly Register-Call requested relevant documents from the state police, an officer faxed a copy of the accident report, which the newspaper published verbatim. Included were the mayor's driver's license number and other identifying information. The mayor sued the newspaper, arguing that publication of his personal information from the accident report violated the privacy act. That recently enacted federal law imposes both civil and criminal liability on a person who "knowingly obtains, discloses or uses personal information, from a motor vehicle record" for unauthorized purposes. News reporting is not an authorized purpose under the law. According to the mayor, publication of the information about him would facilitate identity theft by criminals.

The central question in the case was whether an accident report prepared by the state police is a "motor vehicle record." While the mayor argued that the privacy protection act should be interpreted broadly to apply to any records regarding the operation of a motor vehicle, the court disagreed. The privacy protection act only covers records issued by a department of motor vehicles or similar regulatory agency, the court concluded, and then only to permits, titles, registrations and identification cards issued by that agency.

Thus, the newspaper's publication of the mayor's driver's license number and other personally identifiable information found in the accident report did not violate the act, the court ruled.

As the court noted, in the FOIA context, several other courts recently have declined to apply the privacy protection act to records maintained by government agencies other than motor vehicle departments, even where the records concern ownership of an automobile, such as sales tax records held by a tax agency.

Because records related to the operation of motor vehicles are often vital sources of information for news stories of great public concern, these decisions construing the privacy protection act narrowly appear to be good news for both reporters and the public.

10th Circuit Court of Appeals ruling effectively canceled a vague FCC regulation that had forced phone companies to obtain customer permission before using or selling call records

US West won the appeal by successfully challenging the FCC's definition of what constitutes customer permission.

"This decision suggests that privacy is a dubious government interest," said Deirdre Mulligan, an attorney with the Center for Democracy in Technology.

US West filed the appeal last year in an effort to loosen up the rules that protect customer call records from telemarketers. If last week's decision stands, so-called consumer proprietary network information -- who or where a consumer calls, how often, and at what times -- could be used by the phone companies or sold to marketing companies.

The court said the FCC failed to prove that privacy would be threatened if consumers needed to explicitly request that their information not be distributed. Because of that, the information was protected as commercial speech under the First Amendment.

A US West executive applauded the ruling as "consumer friendly" in a statement on Tuesday."It helps consumers by allowing them to more easily determine what new services are available and, more important, by affirming all Americans' First Amendment rights," said Mark Roellig, US West's vice president of public policy.

"Although we may feel uncomfortable knowing that our personal information is circulating in the world, we live in an open society where information may usually pass freely," wrote 10th Circuit Court Judge Deanell Tacha. "A general level of discomfort from knowing that people can readily access information about us does not necessarily rise to the level of a substantial state interest ... for it is not based on an identified harm," Tacha wrote.

The Center for Democracy and Technology bristled at those words."Nothing in the decision suggests that it would be limited to the telephone system, and the decision could make protecting privacy on the Internet more difficult," the group said in a statement.

But the Cato Institute, a free-market research group in Washington, said that the court made the right call."I am always very skeptical when privacy becomes elevated as a reason to not let businesses use facts like what someone's phone number is in order to get services out to the people who need them," said Solveig Singleton, co-editor of Regulator's Revenge, a book on telecommunications deregulation.

Anonymous said...

Court Rulings of interest:

Excerpt of a ruling by 10th Circuit Court Judge Deanell Tacha:
"Although we may feel uncomfortable knowing that our personal information is circulating in the world, we live in an open society where information may usually pass freely," wrote 10th Circuit Court Judge Deanell Tacha. "A general level of discomfort from knowing that people can readily access information about us does not necessarily rise to the level of a substantial state interest ... for it is not based on an identified harm," Tacha wrote.

Excerpt of a ruling by Samuel Podberesky, assistant general counsel for aviation enforcement,
Privacy is not, an absolute 'personal and fundamental right ... particularly in the context of air travel," Podberesky wrote in the ruling.

Excerpt of a ruling by U.S. Court of Appeals for the 1st Circuit
A company that provides e-mail service has the right to copy and read any message bound for its customers, a federal appeals court panel has ruled The court ruled that because e-mail is stored, even momentarily, in computers before it is routed to recipients, it is not subject to laws that apply to eavesdropping of telephone calls, which are continuously in transit. As a result, the majority said, companies or employers that own the computers are free to intercept messages before they are received by customers. In upholding a lower court decision, the appeals panel majority said Congress intended for "any temporary, intermediate storage" of communication to be governed by laws other than those involving wiretapping or other interception.

Anonymous said...

Human beings should be free to learn about each other, as they always have been. Consumers do not need a law to protect them from people trying to develop and offer goods and services. "Bad guy" behavior like fraud and identity theft is already illegal. A top-down regulatory approach to privacy threatens electronic commerce. An established shopkeeper on main street can see and speak to his customers. He can get an idea by just looking if they are regulars or newcomers, locals or tourists; he can chat with them and learn why they decided to buy or not to by a tempting item. By contrast, an electronic commerce merchant working from the web is blind and deaf. He is a stranger dealing with strangers over vast distances. Are his customers one-time visitors or are they more loyal? Are they young or old, male or female? If they fill out an order form and abandon it, why? Under these circumstances, its natural for a web site to try to learn more about its visitors. Regulations that would make it harder for businesses to collect information about markets threaten small business, in particular. Big companies already know who their customers are and can afford expensive lawyers to comply with complicated new rules. Small businesses would be hit harder.
You are starting a new business selling pets and pet supplies. Your competitors are big, well-established chains. You have no customers, and no way to find them. You can't afford television advertising. Your mass mailings have only a 2 percent response rate--the costs are far exceeding the benefits. You want to rent a mailing list from an established company in order to reach only customers who are interested in pets in your area. Then you discover that the only mailing list available is tiny, outdated, and very expensive. Fearing liability, many companies have stopped trading information about pet supply purchases. You decide that you just cannot afford to be in the pet business. Over the next decades, entrepreneurs will experiment and discover many amazing new things to do with information. Consumers will be able to get up-to-date information tailored to their tastes and preferences. The wasteful practice of sending out thousands of flyers to discover only a bare handful of interested customers will end. Prices will fall. New companies can benefit from what older companies have learned about what consumers really buy to start new businesses and offer new products. This means more choice and lower prices for consumers.
Sometimes companies and their employees will make mistakes. But that doesn't mean we need top-down regulation. In the age of the Internet, consumers can easily find what company offers the lowest prices and best service. Businesses with the best reputation for giving customers what they want--privacy, low prices, or anything else--will do best. In competitive markets, companies have every reason to respond to a real customer demand for confidentiality. Markets means that problems will be fixed from the bottom-up, in an endless and flexible process of learning and experimentation.

This bottom-up process is the only way to address concerns about privacy without strangling the development of the economy with red tape. It's one thing for a company to try to respond to their customer's demands voluntarily. It's another thing entirely for an army of lawyers to force entire industry to implement a one-size-fits all privacy policy.