Wednesday, April 30, 2008

A new place to put cameras: Lollipops!

England, well beyond the cutting edge of surveillance, has found a new place to put cameras: in the lollipop-shaped signs used by crossing guards.

Campaign to lick lollipop rage UK news

For generations, lollipop men and women have shepherded schoolchildren safely across roads armed only with their trusty signs.

But they are about to undergo a Robocop-style makeover: their signs are to be equipped with cameras in an effort to combat "lollipop rage" by aggressive drivers.

The new signs, which cost £890 each, will allow lollipop men and women - officially known as school crossing patrol officers - to record dangerous driving and capture car number plates, say council leaders.

Air Marshals denied boarding due to no-fly list

I think I may need an "Ironic" tag for this one ...

The Washington Times reports that it is not uncommon that Air Marshals are denied boarding on aircraft because they are misidentified as terrorism suspects and other baddies. Hmm.

See: Air marshals grounded in list mix-ups - - Breaking News, Political News & National Security News - The Washington Times.

Tuesday, April 29, 2008

If you handle personal information, you'd better know the exceptions in privacy laws

If you handle personal information and only read one privacy law article, this one should be it:

Far too often, bureaucrats, cops and others use poorly understood privacy laws as a justification for inaction. Maybe it's just that they don't fully understand the myriad rules and the multiplicity of exceptions.

Privacy laws are complicated and are not well understood, even by people whose day-to-day operations are affected by them. But they are generally sensible and coherent. And -- believe it or not -- they are laced with common sense.

I've had the opportunity to look at every privacy law in Canada and I don't think I've seen one that does not have a public interest override. A public body, in the public sector context, can disclose personal information without consent if it is in the public interest to do so. There are often other exceptions from the general rule that requires consent.

Some may recall the aftermath of the south Asian tsunami where the federal government said they couldn't name victims or survivors because of the Privacy Act. The Privacy Commissioner and others were pretty quick to point out s. 8 of the Privacy Act, which allows the government to disclose personal information where it is in the public interest:

8(2) Subject to any other Act of Parliament, personal information under the control of a government institution may be disclosed

(m) for any purpose where, in the opinion of the head of the institution,

(i) the public interest in disclosure clearly outweighs any invasion of privacy that could result from the disclosure, or

(ii) disclosure would clearly benefit the individual to whom the information relates.

(I wrote about it on this blog at the time: Editorial urges that naming Canadian tsunami victims is in the public interest & Fallout from naming/not naming Canadian victims)

I was recently reminded of this in a discussion about the failure of the police in Merritt BC to identify a suspect on the lam after a family was found murdered. Police blamed privacy laws. (RCMP grilled for delay in alerting town over suspect) The National Post Editorial Board called them out on the misstep:

The Post editorial board on the Allan Schoenborn case: The RCMP's high-profile failure - Full Comment

...Two days later, Ms. Clarke returned from errands to find her children murdered, and their father vanished along with his dog. The RCMP, confronted with a gruesome spectacle that may have resulted from their failed efforts to get Schoenborn under lock and key, took nearly a full day to announce to the public in Merritt that he was the prime suspect in the killings. Their excuse? "Due to privacy concerns," said RCMP Staff Sergeant Scott Tod, "we had to make sure that we had information that this was the suspect before we released his name."

"Privacy" is a popular item these days in the lexicon of justice, as it is used by the Mounties. No act of ineptitude in communicating with the public can possibly escape its reassuring cover, even though every privacy law or code written down anywhere in the last 50 years contains public-interest exemptions.

Most recently, a University in Ontario has been called to account for not notifying the parents of a mentally ill student who subsequently committed suicide. Privacy laws were pointed to as preventing such action. Anne Cavoukian and her counterparts have reminded universities that these laws are easy scapegoats, but without exception contain provisions that allow privacy rights to be overridden in certain circumstances.

Universities grapple with providing health services, protecting privacy

...University officials say they followed procedures and couldn't tell Kajouji's parents about her mental health because of the province's privacy law. They also indicated universities that don't respect the privacy of their students' health information risk driving students away from the very services designed to help them.

Ontario's privacy commissioner, Ann Cavoukian, and several of her counterparts in other provinces, say universities need to have a clearer understanding of what privacy laws allow and they cautioned that too often privacy laws are the automatic target of blame when controversy arises.

Cavoukian's office provided a fact sheet several years ago to universities explaining the law allows them to disclose personal health information in "compelling circumstances" and if they believe on reasonable grounds it would eliminate or reduce the risk of bodily harm.

Determining whether a situation warrants disclosure is a judgment call, Cavoukian said in an interview, though the law affords protection to the decision-maker as long as he or she acted in good faith.

"If you are a health-care practitioner or a university professional and you have information relating to a student that is considering suicide and you fear for that person and want to reduce the risk of suicide, absolutely you are allowed to release that information," she said. "It's not an easy decision but it is one that is permitted under our privacy laws and I'm sick and tired of people saying that it's the privacy laws that prevented the counsellors from contacting the girl's parents. That's incorrect," she said.

... Suzanne Blanchard, vice-president for student support services, said in an e-mail message the university has specific procedures to deal with students who are in "imminent danger of doing harm to themselves or others."

"Carleton University has reviewed its actions in the aftermath of Nadia's tragic death. We believe that we followed all proper procedures and provided all the support services we could for Nadia," she said. "Carleton University is always diligent in its compliance with Ontario's privacy laws and we believe that we acted, and continue to act, in accordance with those laws."

Cavoukian said some universities take their obligations under the privacy law seriously, but there is still a lot of confusion. She plans to convene a meeting with the Council of Ontario Universities in an attempt to clarify any lingering questions.

Saskatchewan's privacy commissioner agreed there is a "significant need for more education" about the flexibility that is built into privacy laws.

"Sometimes you have people who don't want to do the wrong thing and so therefore you get a kind of paralysis and they don't share information even when the law allows them to and it's appropriate to do so," said Gary Dickson.

Dickson said Kajouji's death, while tragic, provides incentive for universities to ensure they are prepared to deal with students' mental health issues and with situations where informing the parents is up for debate. "Decisions will have to be made and then there have to be people with the appropriate training and judgment who can then make that discretionary decision," he said.

Frank Work, Alberta's privacy commissioner, said it has to be kept in mind Kajouji was an adult and the university may have felt her situation was under control. All the law asks is that a standard of reasonableness be applied, said Work.

"I think it's true in just about every privacy law, the standard is always reasonableness, not perfection," he said.

People will disagree on whether Carleton made the right decision, but one thing the privacy commissioners all agree on is the decision needs to be given due consideration.

"The worst case scenario is if it's just neglect. They saw the bus coming and they didn't yell: 'Get out of the way.' We don't know here. Hopefully in this case they made a judgment call," said Work.

Ontario's commissioner similarly said university officials have to take the time to make the difficult determination and should not rely on privacy laws as the default reason for not disclosing personal information.

"I would urge people to resist the knee-jerk reaction of automatically blaming privacy laws," Cavoukian said.

Here is the moral of this story: Whenever common sense or humanity seem to bump up against privacy laws, take a close look at the law and its exceptions. You will probably find that the drafters have designed the laws to accommodate common sense and humanity.

Monday, April 28, 2008

Blawg Review #157

Michael Fitzgibbon was just called upon to prove his dedication to legal blogging: He put together a very interesting Blawg Review while trying to clear his desk to take a vacation.

Check it out: Thoughts from a Management Lawyer: Blawg Review #157.

Sunday, April 27, 2008

Radwanski's lawyer to challenge admissibility of evidence

According to Canwest, the defence lawyer for George Radwanski is talking about having certain evidence against him excluded. See: Lawyers to challenge eligibility of evidence against Radwanski.

I'm not sure why anyone involved on his behalf would be speaking to the media, as no trial is scheduled and I can't imagine that reminding people of the saga would be a good thing for George.

California takes lead on DNA crime-fighting technique

In an effort to fully exploit DNA databases, investigators in California are planning to look for partial matches from crime scenes. If a forensic sample partially matches a sample on file, it likely means that it was left by a relative of the person on file. Although the "match" isn't for a suspect, they'll be investigated to try to find the suspect in their family tree.

Critics are concerned about the privacy implications of this.

California takes lead on DNA crime-fighting technique - Los Angeles Times

Civil libertarians oppose using DNA databases to search for relatives of unknown offenders, saying it puts family members under "genetic surveillance" for crimes they did not commit. For now, all the people in the state's database are convicted offenders, but the state plans to expand the database next year to include arrestees, heightening concerns over privacy.

Critics say familial searching could expose sensitive and secret genetic relationships. A son, for example, could learn that his father was not his biological parent. DNA databases also reflect the racial and ethnic biases of the justice system, exposing minority communities to more surveillance than others, critics maintain.

FBI officials in charge of the national database network have also expressed concerns, making them unlikely allies of civil libertarians on familial searching. They urge a cautious approach, worrying that the courts will balk at this type of sleuthing. No law specifically authorizes it, and some legal scholars consider it unconstitutional because they say it amounts to an unreasonable search.

Brown called such objections hypothetical. The policy forbids the release of the names of relatives until genetic tests and analysis convince the state that the person is indeed a relative.

"It is still not going to be a fail-safe system, and we are going to make mistakes," said Simoncelli, the ACLU science advisor. "We are opening the door to using the database in such a fundamentally different way than the purpose for which it was established."

Wacky Canadians Still Believe in Privacy

Washtington Post columnist Al Kamen has picked up on the Canadian Privacy Commissioner's response to the Secretary of Homeland Security's statement that fingerprits are not "personal" (see: Canadian Privacy Law Blog: Privacy Commissioner's response to US Homeland Security Secretary's statement on biometrics). It's not clear whether he's being serious, but we certainly are wacky compared to the Americans.

Al Kamen - Wacky Canadians Still Believe in Privacy -

Wacky Canadians Still Believe in Privacy

By Al Kamen

Friday, April 25, 2008; A21

Homeland Security chief Michael Chertoff caused a little ruckus up north a couple weeks ago as he was pushing his plan to share databases of international air travelers' fingerprints with the Canadians, Brits and Aussies.

In an interview with an excessively squeamish Canadian reporter, Chertoff was told: "Some are raising that the privacy aspects of this thing, you know, sharing of that kind of data, very personal data, among four countries is quite a scary thing."

Nonsense, Chertoff responded. "Well, first of all, a fingerprint is hardly personal data because you leave it on glasses and silverware and articles all over the world. They're like footprints. They're not particularly private," he said, according to Canadian news reports and privacy lawyer Peter Swire, a senior fellow and guest blogger at the Center for American Progress.

Absolutely. But the old-fashioned Canadians seem to think otherwise. They even have someone who monitors privacy issues, Privacy Commissioner Jennifer Stoddart, who promptly wrote the minister of public safety and preparedness to object, noting that Canadian law "defines fingerprints as personal information" and that "fingerprints constitute extremely personal information for which there is clearly a high expectation of privacy." That's why, she wrote with a hint of huffiness, "Canadians rightly expect their government to respect their civil liberties and personal information from abuse."

Oh yeah? Well, our Supreme Court ruled in 1985 that you have to have probable cause before you haul someone off and fingerprint them. Justice Byron R. White wrote the opinion, joined by Warren E. Burger and William H. Rehnquist, no less.

But in wartime, maybe we have different expectations, okay? As Chertoff, who after all was recently a federal appeals judge, knows quite well, no one should expect privacy in a restaurant or anywhere else where a fingerprint might be left.

And we don't. That's why many diners here are beginning to use gloves when they eat at restaurants and some even wear those hospital booties. Others prefer just a discreet swipe of utensils and glassware with a Wet-Nap to ensure against DNA retrieval from saliva. (There is a growing -- and deplorable -- trend to bring personal cutlery, but that really seems excessive and, in finer establishments, downright disrespectful, especially if it's plastic.)

Is it possible the Canadians thought those signs at beachfront eateries -- "No shirt, no shoes, no service" -- were an effort to maintain appropriate attire? Everyone down here knows the restaurants just wanted to prevent the feds from trying to collect toe prints.

Canadians probably still go to barbershops -- where a single hair in the right hands can provide DNA, general health info, recent drug use data and other information. Our cousins probably haven't read about the growing in-home trim movement here.

And there's an easy way to guard against theft of your secret mattress Sleep Number. Just change the setting every morning before you leave.

Saturday, April 26, 2008

Feds to leave disclosure of data security breaches to businesses: legislative plan

One thing that was relatively consistent in the submissions at PIPEDA's five year review was to follow in the footsteps of more than half the US states to require notification of security and privacy breaches. Canwest is reporting on leaked draft legislation which will surely disappoint many in the privacy community. In effect, there is no mandatory reporting. Businesses get to determine whether there is a "high risk of significant harm" and only then do they need to report the breach to consumers. Not reporting has no consequences. See: Feds to leave disclosure of data security breaches to businesses: legislative plan.

Friday, April 25, 2008

Supreme Court of Canada throws out evidence of drugs obtained by fly-by sniff

In a decision released today, the Supreme Court of Canada has upheld a decision that excluded evidence obtained in a sweep of an Ontario school by sniffer dogs. In this case, the police were invited by a school principal to walk a sniffer dog through the building to enforce the "zero tolerance" policy for drugs. When the dog reacted to an unattended backpack, the police opened it and found drugs. At trial, the accused argued that the search was unconstitutional and the evidence should be excluded. The trial judge agreed and the Supreme Court of Canada has upheld that decision.

In the result, police can only use sniffer dogs and open backpacks if they have a reasonable suspicion is demonstrated. Any holding otherwise would enable the police to effectively see through backpacks, into their contents. The Court concluded that teenagers have a reasonable expectation of privacy in closed backpacks.

A positive reaction from a sniffer dog, the Court concluded, is not sufficiently reliable to indicate the actual presence of drugs. Sniffers detect smells that indicate that drugs may be present, may have been present or that the backpack has been exposed to drugs, or "the dog is simply wrong". As the Court noted, "in the sniffer dog business, there are many variables."

Here's the headnote:

Supreme Court of Canada - Decisions - R. v. A.M.

Per McLachlin C.J. and Binnie J.: The police possess common law authority to use sniffer dogs in appropriate circumstances. If the police in this case had been called to investigate the potential presence of guns or explosives at the school using dogs trained for that purpose, the public interest in dealing quickly and efficiently with such a threat to public safety would have been greater and more urgent than routine crime prevention. [7] [37]

The dog sniff amounts to a search within s. 8 of the Charter. The information provided when the dog is trained to alert to the presence of controlled drugs permits inferences about the precise contents of the source that are of interest to the police. The subject matter of the sniff is not public air space. It is the concealed contents of the backpack. As with briefcases, purses and suitcases, backpacks are the repository of much that is personal, particularly for people who lead itinerant lifestyles during the day as in the case of students and travellers. Teenagers may have little expectation of privacy from the searching eyes and fingers of their parents, but they expect the contents of their backpacks not to be open to the random and speculative scrutiny of the police. This expectation is a reasonable one that society should support. The guilty secret of the contents of the accused’s backpack was specific and meaningful information, intended to be private, and concealed in an enclosed space in which the accused had a continuing expectation of privacy. By use of the dog, the policeman could “see” through the concealing fabric of the backpack. [8] [62‑63] [66‑67]

Although a warrantless sniffer‑dog search is available where reasonable suspicion is demonstrated, the sniffer‑dog search of the students’ belongings in this case violated their Charter rights under s. 8. The dog‑sniff search was unreasonably undertaken because there was no proper justification. The youth court judge found that the police lacked any grounds for reasonable suspicion and the Crown has shown no error in the youth court judge’s finding of fact. [91]

While the sniffer‑dog search may have been seen by the police as an efficient use of their resources, and by the principal of the school as an efficient way to advance a zero‑tolerance policy, these objectives were achieved at the expense of the privacy interest (and constitutional rights) of every student in the school. The Charter weighs other values, including privacy, against an appetite for police efficiency. Because of their role in the lives of students, backpacks objectively command a measure of privacy, and since the accused did not testify, the question of whether he had a subjective expectation of privacy in his backpack must be inferred from the circumstances. [15] [62‑63]

In the context of a routine criminal investigation, the police are entitled to use sniffer dogs based on a “reasonable suspicion”. If there are no grounds of reasonable suspicion, the use of the sniffer dogs will violate the s. 8 reasonableness standard. Where there are grounds of reasonable suspicion, the police should not have to take their suspicions to a judicial official for prior authorization to use the dogs in an area where the police are already lawfully present. All “searches” do not have the same invasive and disruptive quality and prior judicial authorization is not a universal condition precedent to any and all police actions characterized as “searches” given that the touchstone of s. 8 is reasonableness. Account must be taken in s. 8 matters of all the relevant circumstances including the minimal intrusion, contraband‑specific nature and high accuracy rate of a fly‑by sniff. The warrantless search is, of course, presumptively unreasonable. If the sniff is conducted on the basis of reasonable suspicion and discloses the presence of illegal drugs on the person or in a backpack or other place of concealment, the police may confirm the accuracy of that information with a physical search, again without prior judicial authorization. But all such searches by the dogs or the police are subject to after‑the‑fact judicial review if it is alleged (as here) that no grounds of reasonable suspicion existed, or that the search was otherwise unreasonably undertaken. [12‑14]

Permitting the police to act on a standard of reasonable suspicion within the framework of s. 8 will allow inappropriate conduct by the dog or the police to be dealt with on the basis that although the lawful authority to use the sniffer dog does exist, the search in the particular case was executed unreasonably, and thereby constituted a Charter breach, on the basis of which the evidence obtained may be excluded. The importance of proper tests and records of particular dogs will be an important element in establishing the reasonableness of a particular sniffer‑dog search. From the police perspective, a dog that fails to detect half of the narcotics present is still better than no detection at all. However from the perspective of the general population, a dog that falsely alerts half of the time raises serious concerns about the invasion of the privacy of innocent people. An important concern for the court is therefore the number of any such false positives. It is important not to treat the capacity and accuracy of sniffer dogs as interchangeable. Dogs are not mechanical or chemical devices. Moreover, the sniff does not disclose the presence of drugs. It discloses the presence of an odour that indicates either the drugs are present or may have been present but are no longer present, or that the dog is simply wrong. In the sniffer‑dog business, there are many variables. [82] [84‑85] [87‑88]

In sniffer‑dog situations, the police are generally required to take quick action guided by on‑the‑spot observations. In circumstances where this generally occurs, it is not feasible to subject the “sniffer dog’s” sniff to prior judicial authorization. Both the subject and his suspicious belongings would be long gone before the paperwork could be done. In the particular context of sniffer dogs, there is sufficient protection for the public in the prior requirement of reasonable suspicion and after‑the‑fact judicial review to satisfy the “reasonableness” requirement of s. 8. [90]

The trade‑off for permitting the police to deploy their dogs on a “reasonable suspicion” standard without a warrant is that if this procedure is abused and sniffer‑dog searches proceed without reasonable suspicion based on objective facts, the consequence could well tip the balance against the admission of the evidence if it is established under s. 24(2) of the Charter that, having regard to all the circumstances, the admission of it in the proceedings would bring the administration of justice into disrepute. Youth court judges have a greater awareness than appellate judges do of the effect that admission or exclusion of the evidence would have on the reputation of the administration of justice in the community with which they deal on a daily basis. Here, the youth court judge excluded the evidence. His exclusion of the evidence should not be interfered with. [14] [90] [98]

Thursday, April 24, 2008

The irony of privacy enhancing technologies

I reported last month that the Information and Privacy Commissioner has issued a report on the proposal to dramatically increase video surveillance on public transit in Toronto. (Canadian Privacy Law Blog: Ontario Commissioner releases detailed report on TTC surveillance cameras) has an extensive article on the Commissioner's suggestion that reversible faceblurring technology may make the system more palatable. I spoke with the author, Rosie Lombardi, at length on the topic who has done a good job of summing up my take on the topic:

More privacy-boosting technology begets more video surveillance

... A point that's often overlooked is that privacy legislation is ultimately about feelings, says David TS Fraser, a privacy lawyer at Halifax-based law firm McInnes Cooper. "Although the legislation is written in a way that talks about personally identifiable information and identity theft, it's ultimately designed to protect people's sensibilities about unwanted intrusions," he says.

PET technology may not be enough to address those sensibilities unless the rules governing the use of surveillance are stated. "While the technology may do a good job of limiting the actual intrusions, I'm not sure it does much to address people's feelings about being watched. Unless the policies and procedures around surveillance are clearly communicated, it won't diminish that visceral feeling of unease about being spied upon."

Fear of the unknown is at the core. "If you see a cop at a corner, you can tell from his uniform who he is, what he's looking at, and if you've aroused his suspicions," he says. "But a camera is completely faceless. You don't know who's watching and how the information captured is used - will it wind up on late-night television?"

He notes a significant number of videos in these shows displaying people caught in embarrassing situations come out of Britain, where an extensive network of cameras in public places is rousing a public backlash. Cavoukian noted in her report that U.K. camera operators have caught entertaining themselves by zooming in on attractive women. "If you're going to outsource surveillance to a bunch of badly-paid guys locked in dark rooms, they're going to see more bums than bombs," agrees Fraser.

He concedes that automating the enforcement of policies and procedures around surveillance with PET technology rather than relying on fallible human operators to refrain from misusing the information offers some comfort. But he warns this may have the unintended effect of increasing video surveillance. "Unfortunately, this stuff makes it more acceptable to put video cameras all over the place, and by making it better and safer with less intrusive technology, it may ironically lead to more surveillance."

Micromanaging employee expenditures

I'm not sure how I feel about this. Apparently, MasterCard is introducing a feature for corporate cards that allows employers to set very strict parameters on spending. Economy class? Ok. Business class. Nope. HoJo's? Ok. Strip clubs? Not so much. The card also has detailed reporting that allows employers to keep close tabs on spending.

If an employee is spending the employer's money, it makes sense that the employer can set parameters on it. Business Week's article (You've Been Pre-Rejected) on the topic suggests that it smacks of big brother, but a lot of thinking about privacy depends upon peoples' expectations. If people understand what information is being collected and how it will be used (and it is reasonable), it is less likely that whatever is at issue will be seen as an invasion of privacy. Employees who use a corporate card where they know that the bill goes to the employer first can't reasonably be surprised if their employer gets upset over use of the card that does not fit within company policy. If employees know that the employer can set strict controls on the use of the card, I don't see the problem. If employees similarly are informed that the employer can see the bill in detail, it shouldn't be a problem.

Where the problems arise (and I'm sure they will) is that employers will use this product without telling the employees. The surveillance will be covert, which is much more pernicious and DOES lead to the big brother syndrome. You don't know when you're being observed and thsi leads to mistrust and insecurity. And it can also backfire: if an employee does not feel trusted, many will not act trustworthily (if that's a word!).

The product is also being touted as a tool for parents to keep track on kids' spending. Again, if you're spending someone elses' money they probably have a right to control how it is spent. But similarly, they'll have to make sure that their kids' expectations are tempered by the knowledge that Big Father (or Big Mother) is watching.

At the same time, I think the new MasterCard feature can be a benefit for privacy. Your (personal) credit card number and your (personal) credit card account are your personal information and you have a right to know how it is being used. I'd pay extra for a card that sent me a text message to advise of each charge. I'd be immediately alerted to any fraudulent use of the card and would be in a much better position to protect my own personal information. Whether this will be demanded as a card feature remains to be seen. But it is an example of a technology that can be intrusive and a boon to privacy at the same time. It depends upon how it is used and whether the user knows all about its features.

Wednesday, April 23, 2008

Vista features that phone home

Softpedia has an interesting article on the twenty features in Windows Vista that collect and transmit potentially personally identifiable information back to Microsoft:

Forget about the WGA! 20+ Windows Vista Features and Services Harvest User Data for Microsoft - From your machine! - Softpedia

... Windows Update, Web Content, Digital Certificates, Auto Root Update, Windows Media Digital Rights Management, Windows Media Player, Malicious Software Removal/Clean On Upgrade, Network Connectivity Status Icon, Windows Time Service, and the IPv6 Network Address Translation (NAT) Traversal service (Teredo) are the features and services that collect and deliver data to Microsoft from Windows Vista. By using any of these items, you agree to share your information with the Redmond Company. ...

Hong Kong ex-privacy boss found guilty in dishonest expense claims

It appears that Canada is not the only place to experience an expeses scandal within the office of its Privacy Commissioner. (See Radwanski Scandal.) Apparently the Deputy Commissioner of Hong Kong is awaiting sentencing for submitting dishonest expense claims. See: Hong Kong ex-privacy boss found guilty in dishonest expense claims : Asia World.

Tuesday, April 22, 2008

US border agents given unfettered access to travelers' laptops

A US Federal Appeals Court has overruled a lower court ruling that had previously restricted laptop searches at the border. The 9th Circuit Court of Appeals, in a unanimous three judge ruling, held that border agents do not need any probable cause to rummage through portable electronics.

Border Agents Can Search Laptops Without Cause, Appeals Court Rules Threat Level from

... Federal agents at the border do not need any reason to search through travelers' laptops, cell phones or digital cameras for evidence of crimes, a federal appeals court ruled Monday, extending the government's power to look through belongings like suitcases at the border to electronics.

The unanimous three-judge decision reverses a lower court finding that digital devices were "an extension of our own memory" and thus too personal to allow the government to search them without cause. Instead, the earlier ruling said, Customs agents would need some reasonable and articulable suspicion a crime had occurred in order to search a traveler's laptop.

On appeal, the government argued that was too high a standard, infringing upon its right to keep the country safe and enforce laws. Civil rights groups, joined by business traveler groups, weighed in, defending the lower court ruling.

The 9th U.S. Circuit Court of Appeals sided with the government, finding that the so-called border exception to the Fourth Amendment's prohibition on unreasonable searches applied not just to suitcases and papers, but also to electronics.

Via Boing Boing.

Previously: Canadian Privacy Law Blog: Crossing the border? Consider the possibility of laptop searches, Canadian Privacy Law Blog: Your papers and laptops, please?, Canadian Privacy Law Blog: US Customs confiscating laptops.

NJ court says law enforcement needs a warrant for subscriber information

Some interesting news from the courts of New Jersey. The New Jersey Supreme Court has ruled that law enforcement need warrant or subpoena to get information about internet users. This goes against jurisprudence from the US Supreme Court, but may be the beginning of a trend (fingers crossed). The court based the decision on a user's expectation of privacy, which is probably a realistic statement of internet users' expectations.

N.J. justices call e-privacy surfers' right-

... The unanimous seven-member court held that police do have the right to seek a user's private information when investigating a crime involving a computer, but must follow legal procedures. The court said authorities do not have to warn a suspect that they have a grand jury subpoena to obtain the information.

Writing for the court, Chief Justice Stuart Rabner said: "We now hold that citizens have a reasonable expectation of privacy protected by Article I ... of the New Jersey Constitution, in the subscriber information they provide to Internet service providers -- just as New Jersey citizens have a privacy interest in their bank records stored by banks and telephone billing records kept by phone companies."

Barber said most people use the internet like a phone, making personal -- sometimes sensitive -- transactions that they don't believe the police will be able to access.

"This decision reflects the reality of how ordinary people normally use the internet," he said. "'It's very nice to have the court recognize that expectation is reasonable."

The court ruled in the case of Shirley Reid of Lower Township, Cape May County, who was charged with second-degree computer theft for hacking into her employer's computer system from her home computer. Township police obtained her identity from Comcast by using a municipal court subpoena. The Supreme Court held that law enforcement had the right to investigate her but should have used a grand jury subpoena.

A state Superior Court in Cape May Court House suppressed the evidence based on the use of the wrong subpoena, and a state appeals court upheld the action when the Cape May County Prosecutor's Office appealed.

Reid was investigated after her employer, Jersey Diesel of Lower Township, was notified by a business supplier in 2004 that someone had accessed and changed both the multi-digit numbers that make up the company's IP address and password and had created a non-existent shipping address. When the owner, Timothy Wilson, asked Comcast for the IP address of the person who made the changes, the internet provider declined to comply without a subpoena.

Wilson suspected that Reid, an employee who had been on disability leave, could have made the changes. On the day the changes were made, Reid had returned to work, argued with Wilson and left.

When the police obtained a municipal court subpoena and served it on Comcast, the internet provider identified Reid, her address and telephone number, type of service provided, e-mail address, IP numbers, account number and method of payment. In 2005, a Cape May grand jury returned an indictment charging Reid with computer theft.

Lee Tien, an attorney for the Electronic Frontier Foundation, said the decision is an important ruling on the state constitution. ...

UK authorities reported to have signed pact to share real time video with foreign intelligence services

The Inquirer is reporting that UK authorities have signed a secret pact that would allow real-time access to video surveillance feeds to foreign intelligence services. The scheme is said by critics to be a violation of UK data protection laws. See: Secret pact allows the US to spy on UK motorists - The INQUIRER.

Monday, April 21, 2008

PIPA review released in BC

The Special Committee of the BC Legislature reviewing the Personal Information Protection Act has recently released its report:

April 17, 2008: Special Committee Recommends Changes to Streamline B.C.’s Private-Sector Privacy Law Media Releases Special Committee to Review the Personal Information Protection Act 4th Session 38th Parliament Committees


VICTORIA – The Special Committee to Review the Personal Information Protection Act submitted its Report to the Legislature this afternoon. The all-party committee was appointed in 2007 by the Legislative Assembly to review the act that regulates the collection, use and disclosure of personal information by private-sector organizations in the province. During the past year, the committee received 39 submissions.

The key findings from the consultations are that the act seems to be working well overall for private-sector organizations operating in British Columbia, while the public is not as aware of the purpose, rules and scope of the act. The act also aligns with the federal and Alberta private-sector privacy laws.

The report, titled Streamlining British Columbia’s Private Sector Privacy Law, was unanimously adopted by all committee members. The report contains 31 recommendations, including:

  • Making private-sector organizations accountable for personal information they transfer for processing outside Canada
  • Requiring organizations to notify affected individuals of privacy breaches in certain circumstances
  • Banning the use of blanket consent forms by provincially regulated financial institutions
  • Revising consent exceptions to better address business practices in the insurance industry
  • Permitting disclosure of personal contact information for health research
  • Retaining the minimal fee for access to personal information
  • Streamlining the complaints process in the province’s privacy laws
  • Strengthening the Information and Privacy Commissioner’s oversight powers

“Keeping personal information private is vitally important,” said committee chair Ron Cantelon, MLA. “We want to enhance safeguards, but at the same time, balance that goal against imposing unnecessary regulations on business, particularly small businesses.”

The members of the Special Committee to Review the Personal Information Protection Act are:

Ron Cantelon, MLA Nanaimo-Parksville

Harry Lali, MLA Yale-Lillooet

Leonard Krog, MLA Nanaimo

Mary Polak, MLA Langley

John Rustad, MLA Prince George-Omineca

Information about the committee’s work can be found on its website at, or by contacting the committee chair, Ron Cantelon, MLA, or any committee member.

Liveblogged at Leg@l IT 2008 — Social Networking and Privacy

I've never been liveblogged before, but there's a first time for everything. I'm currently in Montreal at I had the honour of being on a panel with the Privacy Commissioner of Canada, Jennifer Stoddart, and Professor Pierre Trudel.

My presentation from this morning was summarized by Patrick Cormier on See: Slaw - Social networking and privacy


You can see my PowerPoint slides here:


Friday, April 18, 2008

Privacy Commissioner Concerned With Ticketmaster's Privacy Practices

The Privacy Commissioner doesn't often "name names", but she's named Ticketmaster in this most recent finding released from her office. Here's the press release:
Privacy Commissioner Concerned With Ticketmaster's Privacy Practices, Encourages Companies to Adopt High Privacy Standards Across Operations

OTTAWA, April 18, 2008 – Privacy Commissioner of Canada Jennifer Stoddart expressed concern with the information collection and privacy practices of a major online ticket vendor. However, following an investigation by her office and that of Alberta Commissioner Frank Work , the privacy practices of Ticketmaster Canada Limited have been brought up to standard.

However, she encourages companies to adopt the highest standard of privacy practices possible, regardless of where they do business.

“Online commerce continues to grow and customers worldwide expect companies to safeguard their personal information in the course of their business,” says Jennifer Stoddart. “It simply makes good business sense for companies to implement excellent privacy practices across their operations. It is also the law in Canada.”

The Commissioner launched an investigation into the information collection practices of Ticketmaster Canada Limited after a private citizen filed a complaint alleging that the company’s policies and practices on the collection, disclosure and use of customers’ personal information did not comply with the Personal Information Protection and Electronic Documents Act (PIPEDA).

The Information and Privacy Commissioner of Alberta, Frank Work, investigated a similar complaint into how Ticketmaster obtained consent to collect its customers’ personal information and released an investigation report late in 2007.

The investigation conducted by the Office of the Privacy Commissioner of Canada examined the issue of consent, but also investigated whether Ticketmaster followed the principles of access, openness and accountability found in PIPEDA.

“I am now satisfied with the measures Ticketmaster undertook to resolve the complaints that were brought to our attention,” says Jennifer Stoddart. “But I am very concerned that, seven years after PIPEDA was enacted, a major online company operating throughout Canada was found to be in violation of the legislation.”

The investigation of Ticketmaster Canada’s privacy practices was led by Assistant Commissioner Elizabeth Denham. It found that although the company had a privacy policy in place, this policy was long, complex and difficult for consumers to read.

The Assistant Commissioner also found that Ticketmaster’s online customers were required to consent to their personal information being used for marketing purposes as a condition of purchasing a ticket – a clear violation of PIPEDA.

Following the two investigations, Ticketmaster has revised its privacy practices to explicitly communicate what personal information is collected, with whom it is shared, and how it is used. The company has also adapted its online notification and call-centre telephone scripts so that customers are provided with a choice of whether to opt in to receive marketing material from Ticketmaster and event providers.

Furthermore, Ticketmaster in the United States has amended its privacy policy to make it more understandable and user-friendly for its customers. However, it did not implement any mechanism to provide customers the choice of opting in to receive marketing material, as it has done for its operations in Canada and the United Kingdom.

The Commissioner will bring this distinction to the attention of her colleagues at the US Federal Trade Commission. As well, she will continue to encourage companies with operations in Canada and elsewhere to adopt the highest standard of information protection practices possible to ensure compliance with Canadian privacy law.

To view the case summary and backgrounder:

One Nation Under CCTV graffiti in London

World famous British street artist Banksy has a message about the widespread CCTV in England and has chosen a large wall as the medium to express it. Via ONE NATION UNDER CCTV graffito in London - Boing Boing. See also Banksy pulls off daring CCTV protest in London - Telegraph.

Greater details in this Flickr set.

Thursday, April 17, 2008

Incident: Ontario patient files found in dumpster

The Ontario Information and Privacy Commissioner is investigating after old medical records were found in a dumpster behind a coffee shop by a retiree. The affected patients will have to be notified as the information is subject to PHIPA, which contains Canada's only mandatory breach notification. See: - Local - St. Joe's patient files found in dumpster.

Wednesday, April 16, 2008

British local council uses criminal law to spy on school place applicants

Here is a shocking example of why intrusive powers need to be carefully circumscribed and subject to judicial oversight, otherwise they will be abused.

A local council in the UK (not surprisingly) has used the Regulation of Investigatory Powers Act, designed for serious crimes and terrorism, to surveil a three-year-old to determine if her parent's were misrepresenting place of abode to get into a better school. See: Council uses criminal law to spy on school place applicants Society The Guardian.

"The Home Office said the RIPA legislation did not appear to have been used inappropriately."

Tuesday, April 15, 2008

Consumer groups urge "do not track" registry

According to Reuters, a number of consumer groups are lobbying the US Federal Trade Commission to estblish a "do not track" registry to prevent online advertisers from collecting information about consumers who opt out. See: Consumer groups urge "do not track" registry - Yahoo! News.

Austrialian Commissioner seeks comments on draft breach notification guidelines

The Australian Privacy Commissioner has issued draft breach notification guidelines and is seeking comments by June 16, 2008. See: Voluntary Information Security Breach Notification Guide - Consultation Draft (April 2008).

Saturday, April 12, 2008

Toronto Police Chief calls for DNA samples regardless of conviction

CityNews in Toronto is reporting that the city's chief of police is calling for forced DNA samples for a national database even before an individual is convicted, and the retention of those samples even if the individual is acquitted. See: CityNews: Toronto Police Chief Calls For Forced DNA Samples.

Friday, April 11, 2008

Privacy Commissioner's response to US Homeland Security Secretary's statement on biometrics

Jennifer Stoddart has released a letter addressed to Minister of Public Safety Stockwell Day in response to remarks made by the U.S. Secretary of Homeland Security suggesting fingerprints are not “personal data”.

Letter to the Minister of Public Safety and Emergency Preparedness Canada

The Honourable Stockwell Day, P.C., M.P. Minister of Public Safety and Emergency Preparedness Canada Public Safety Canada Room: 19A-7400 269 Laurier Avenue West Ottawa, ON K1A 0P8

Dear Minister,

I am writing to express my concern about remarks U.S. Secretary of Homeland Security Michael Chertoff made yesterday while in Ottawa, suggesting fingerprints are not “personal data”.

As you know, Canadian privacy legislation defines fingerprints as personal information. In Canada, we have traditionally taken a more restrained approach to the collection of fingerprints, largely restricted to cases were individuals are charged with or convicted of certain criminal behaviour.

In contrast, the U.S. has increasingly relied upon the collection of biometric data, including fingerprints, from a broad range of individuals for border control purposes and in order to identify and track suspected terrorists. Fingerprints constitute extremely personal information for which there is clearly a high expectation of privacy. Canadian courts have held that, absent lawful authority, compelling persons to provide fingerprints may violate their rights under the Charter of Rights and Freedoms.

No one doubts the need to strengthen information-sharing among nations. We all share a common goal of ensuring our national security. However, as Privacy Commissioner, I strongly urge the Government of Canada to ensure that the privacy rights of individuals are respected and protected at all times.

Canadians rightly expect their government to respect their civil liberties and safeguard their personal information from abuse. The challenge lies in finding the balance between the protection of civil liberties and the need for national security.

As Privacy Commissioner, I certainly expect to be consulted if the Government of Canada is considering new programs to share biometric information – or any personal information – with foreign governments.

I expect your assurance that adequate oversight and control mechanisms are built into the collection, use and safeguarding of personal information that may be shared with other governments, and I expect the opportunity to review these mechanisms.

I know that our respective staffs have built a solid working relationship in matters of security and privacy, and expect that the concerns identified above will be addressed as programs are expanded or new programs are considered.


Original signed by

Jennifer Stoddart Privacy Commissioner of Canada

London beat cops upset over Big Brother surveillance scheme

Some people, I am sure, will savor the irony that many London police officers are complaining about creepy surveillance and Big Brother tactics inherent in a new technology that will allow desk-riding senior cops to keep tabs on the location and activities of cops on the beat.

Apparently they don't like feeling like they're being watched. Some are concerned that innocent and lawful activities could be misinterpreted. Oh, and others are worried that information originally collected for safety and resource planning may be used for some other purpose. Pity.

Check it out:

Met Police officers to be 'microchipped' by top brass in Big Brother style tracking scheme the Daily Mail

Every single Metropolitan police officer will be 'microchipped' so top brass can monitor their movements on a Big Brother style tracking scheme, it can be revealed today.

According to respected industry magazine Police Review, the plan - which affects all 31,000 serving officers in the Met, including Sir Ian Blair - is set to replace the unreliable Airwave radio system currently used to help monitor officer's movements.

The new electronic tracking device - called the Automated Personal Location System (APLS) - means that officers will never be out of range of supervising officers.

But many serving officers fear being turned into "Robocops" - controlled by bosses who have not been out on the beat in years.

According to service providers Telent, the new technology 'will enable operators in the Service's operations centres to identify the location of each police officer' at any time they are on duty - whether overground or underground.

Although police chiefs say the new technology is about 'improving officer safety' and reacting to incidents more quickly, many rank and file believe it is just a Big Brother style system to keep tabs on them and make sure they don't 'doze off on duty'.

Some officers are concerned that the system - which will be able to pinpoint any of the 31,000 officers in the Met to within a few feet of their location - will put a complete end to community policing and leave officers purely at the beck and call of control room staff rather than reacting to members of the public on the ground.

Pete Smyth, chairman of the Met Police Federation, said: "This could be very good for officers' safety but it could also involve an element of Big Brother.

"We need to look at it very carefully."

Other officers, however, were more scathing, saying the new system - set to be implemented within the next few weeks - will turn them into 'Robocops' simply obeying instructions from above rather than using their own judgement.

One officer, working in Peckham, south London, said: "They are keeping the exact workings of the system very hush-hush at the moment - although it will be similar to the way criminals are electronically tagged. There will not be any choice about wearing one.

"We depend on our own ability and local knowledge to react to situations accordingly.

"Obviously we need the back up and information from control, but a lot of us feel that we will simply be used as machines, or robots, to do what we are told with little or no chance to put in anything ourselves."

He added: "Most of us joined up so we could apply the law and think for ourselves, but if Sarge knows where we are every second of the day it just makes it difficult."

Another officer, who did not want to be named, said: "A lot of my time is spent speaking to people in cafes, parks or just wherever I'm approached. If I feel I've got my chief breathing down my neck to make another arrest I won't feel I'm doing my job properly."

The system is one of the largest of its kind in the world, according to Telent, the company behind the technology, although neither the Met nor Telent would provide Police Review with any more information about exactly how the system will work or what sort of devices officers will wear.

Nigel Lee, a workstream manager at the Met, said: "Safety is a primary concern for all police forces.

"The area served by our force covers 620 miles and knowing the location of our officers means that not only can we provision resource more quickly, but should an officer need assistance, we can get to them even more quickly."

Forces currently have the facility to track all their officers through GPS devices on their Airwave radio headsets, but this is subject to headsets being up to date and forces buying the back office systems to accompany them, according to Airwave.

Steve Rands, health and safety head for the Met Police Federation, told Police Review: "This is so that we know where officers are. Let us say that when voice distortion or sound quality over the radio is lost, if you cannot hear where that officer telling you where he is, you can still pinpoint his exact position by global positioning system.

"If he needs help but you cannot hear him for whatever reason, APLS will say where he is."

B.C. introduces law governing access, privacy of electronic health records

British Columbia's government has just recently introduced legislation specifically tailored for privacy and access to electronic health records.


April 10, 2008

Ministry of Health


VICTORIA – A new e-Health (Personal Health Information Access and Protection of Privacy) Act introduced today moves British Columbia a step closer to the goal of giving citizens access to their health records and medical information, while strengthening privacy protection, said Health Minister George Abbott.

“This new e-Health legislation moves us forward in meeting our throne speech commitment to give citizens better access to their health records and medical information so they can engage in a more informed role in their own health-care choices,” said Abbott. “eHealth will give patients faster, safer and better health care by providing authorized health-care professionals with secure access to patients’ information to make the best and most timely clinical decisions.”

British Columbia is the first province in Canada to create a specific legislative framework governing access and privacy for electronic health information databases. While other provinces have access and privacy legislation governing personal health information, British Columbia will be going above and beyond the provisions of the Freedom of Information and Protection of Privacy Act with new legislation containing specific provisions to address access to information and protection of privacy of electronic health information.

“As e-Health information becomes a more widely accessible and used tool in our health-care system, we want to ensure British Columbia has a framework that allows for the most effective medical and health-research related use of electronic health database information,” said Abbott. “But we also have to ensure that the framework surrounding use of electronic health information is to the highest standards of privacy protection.”

Individuals will be able to block access to their own information in Health Information Banks from all health professionals, with the only overriding clause being in the case that the person is incapacitated in an emergency or with the person’s consent. Maximum fines for violations of the act have been increased from $2,000 under the Pharmacists, Pharmacy Operations and Drug Scheduling Act to $200,000 under the new act.

The act specifically prohibits disclosing information from electronic databases for market research, while creating a Data Stewardship Committee that will evaluate requests for the disclosure of data for health research or planning purposes.

The e-Health (Personal Health Information Access and Protection of Privacy) Act will also introduce legislative changes so medical researchers can approach individuals regarding health research studies, while respecting personal privacy and patient confidentiality. Individual requests by researchers to contact persons for health research from database information will require the specific approval of the Information and Privacy Commissioner.

“Patients and former patients can provide invaluable information in chronic disease research,” said Barbara Kaminsky, CEO of the Canadian Cancer Society. “Previously, researchers we fund could not even contact individuals who were willing to assist us in this vital work. Now we have a viable way to expand our research while respecting individual privacy.”

The Province recognizes that medical research and the privacy of British Columbians are equally important. The legislation will create an effective balance between individual rights and public responsibilities. It will also enable government to make objective decisions on the appropriate disclosure of health information for secondary purposes.

Amendments are also being made to the Pharmacists, Pharmacy Operations and Drug Scheduling Act to provide similar access, privacy and penalty provisions regarding PharmaNet. PharmaNet is internationally recognized as a world-class secure electronic network that protects patient safety. It protects patients from potentially dangerous medication errors, duplications and dangerous combinations of different medications. It records all prescriptions dispensed at B.C. community pharmacies in a central database and checks for interactions.

From the Canadian Press:

The Canadian Press: B.C. introduces law governing access, privacy of electronic health records

B.C. introduces law governing access, privacy of electronic health records

1 day ago

VICTORIA — British Columbians will soon be able to use their computers to view their health records, Health Minister George Abbott said Thursday after introducing legislation governing access and privacy for electronic health information databases.

British Columbia became the first province in Canada to create a legislative framework with specific provisions to address access and protection of electronic health information.

The e-Health Personal Health and Information Access and Protection of Privacy Act could eventually create paperless medical offices, allowing physicians to store information about patients on their computers as opposed to the banks of individual file folders in most offices, Abbott said.

"I'm pretty confident we got it right here," he said. "I'm very pleased with the balance with the legitimate access to personal information that a physician may require and the protection of the sanctity of those records that is so important to the patient."

The e-Health law gives medical researchers access to the electronic health database but ensures privacy, Abbott said.

Individuals can block access to the their own information in health data banks, except in cases where the person is incapacitated in an emergency or with the individual's consent.

Abbott said the new law prohibits disclosing information from electronic health databases for market research. The government will create a committee that evaluates requests for data for health research or planning purposes.

Maximum fines for violating the act have been will be $200,000.

The Opposition New Democrats said they want patient privacy ensured. They also said the act suffers from credibility issues.

Opposition health critic Adrian Dix wondered whether the bidding process for a $108 million contract for the software to store electronic medical records was tainted by alleged conflict of interest by a former top bureaucrat.

"The electronic medical records process is mired, unfortunately, in problems with the bidding process and problems with conflict of interest," he said. "We're talking about access to personal medical records and the credibility of that process is put in jeopardy."

The Health Ministry received a letter of concern about the bid process from an unnamed company whose bid for the electronic medical records contract was rejected.

And Dr. Tom Elliott, of Vancouver, went public with his concerns, saying his electronic records software met more than 95 per cent of the bid guidelines but didn't make the shortlist.

Other concerns involved the relationship between Ron Danderfer, a former assistant deputy minister of health, and Dr. Jonathan Burns, a Fraser Valley emergency room doctor and health contractor who developed and promoted a widely used health records device.

Danderfer and Burns were members of a steering committee overseeing the $108 million contract, aimed at getting the province's doctors on common software for medical records.

Only six companies were chosen to be involved and last year Burns listed one of the winning companies as a partner on his website.

The company, Wolf Medical, denied there had ever been a financial link between the two.

Abbott has said a government review found Danderfer was not involved in the selection or evaluation process for the health records project.

An internal government letter addressed to the Health Ministry from the Labour Ministry said last year the bid process was not influenced by Danderfer and Burns.

"While news media reports appear to link the Burns/Danderfer matter with the electronic medical record procurement, we can confirm that neither of these individuals were involved in evaluating proponent proposals or proponent software demonstrations and testing at any stage of the evaluation process," said the Nov. 7 letter from Richard Poutney, assistant deputy labour minister.

"We have not received any information that would link this matter to the electronic medical record procurement," it said.

In December, RCMP confirmed an investigation involving Danderfer while he was employed at the Health Ministry. The Mounties also asked the government to withhold results of an internal audit until their probe is complete.

Danderfer was placed on mandatory leave last July and retired last October after 35 years of service with the B.C. government.

Big Brother is watching, but he doesn't seem to care

I was interviewed some time ago for a feature article in the Toronto Star on privacy issues associated with loyalty cards. These products are very popular in Canada, with Air Miles and Shopper's Drug Mart's Optimum card leading the way. Many of these programs have the potential to collect a vast amount of shopping data, but most of the companies interviewed by Paul Brent didn't really seem to care about collecting the sort of detailed individual data that most assume is being collected. - Travel - Big Brother is watching, but he doesn't seem to care

If you've ever hesitated when handing over that loyalty card at the liquor store or the pharmacy wondering, "just who is looking at what I'm buying?" you might take some comfort in the answer: Likely nobody.

In theory, marketers have the power to drill down into the digital minefield of a consumer's spending and determine their buying preferences for everything from their favourite wine to their brand of shampoo.

However, the reality is that retailers and service companies are too busy to care what we do, except in large numbers.

"It is not as if you are getting mail from a glasswares manufacturer saying: `We notice that you drink a lot of beer,'" says Ed Strapagiel, executive vice-president of Kubas Consultants. "For the most part, retailers have not over-exploited this data. The power is there to use, but they haven't really gone after it."

The reluctance of merchants to dig deeper into the consumer treasure trove of information makes some sense, however, he adds. "Many of these retailers that we are talking about – Loblaws, Canadian Tire, Shoppers Drug Mart ... they are not direct marketers. If the whole basis of your business is driving business to your store, you are not going to use direct marketing."

Consumers, for their part, realize they are giving up some of their privacy but appear willing to pay that price for the benefits that come from loyalty programs.

"It's actually never bothered me," says Tracy, waiting outside a Shoppers Drug Mart with her dog while her husband shops inside. She has been a devoted Air Miles collector for a decade and flew her mother from Sault Ste. Marie to Toronto on points.

A buyer for a local theatre company, she regularly uses the Internet for private and work purchases, and says she keeps a "close eye" on her credit cards and bank accounts electronically. Her husband agrees the benefits of collecting reward miles outweigh any privacy fears – "even though they are probably tracking our every move," he jokes.

But consumers should be aware they are entering into an agreement with loyalty companies when they take a membership card. The price for those "free" perks, such as travel rewards or discounts on purchases, is that you agree to allow marketers to take an electronic peek into your shopping basket.

"There are a whole bunch of programs where people choose to give up some privacy for convenience," says David Fraser, a privacy lawyer with the Halifax firm of McInnes Cooper.

"It doesn't bother me," says Zan Harriott, who had just purchased a greeting card and lottery tickets at Shoppers and swiped her Optimum points card.

A member of the loyalty program since it started, she says she regularly collects rewards from the card.

Launched in 2000, the Optimum program has 8.2 million members, making it one of the country's largest.

Fraser has not heard of any Canadian marketers abusing the data they obtain from loyalty programs. "In my experience, the companies that run loyalty programs are really quite diligent about privacy issues."

When it comes to privacy and loyalty programs, many consumers are surprised that information is being collected for marketing purposes, while others expect someone in a nameless data centre is noting every last tube of toothpaste.

The reality is somewhere in the middle.

Fraser notes that Air Miles was the subject of a consumer complaint a few years ago, but the federal Privacy Commissioner found the marketer was not amassing the detailed shopping information "a lot of people would have expected them to be collecting."

That fear of just how much information is being gathered acts as a brake on the expansion of loyalty plans. "If you don't tell customers what is going on, they assume the worst," Fraser says.

As the country's biggest loyalty marketer, reaching two-thirds of Canadian households (there are 9 million "collector" households), Air Miles is sensitive to the issue of privacy.

"Not just for us but across the Canadian marketplace, privacy is a pretty significant public policy issue," says Mitchell Merowitz, vice-president of corporate affairs and chief privacy officer for the Air Miles reward program.

The fact that Air Miles has been the most popular loyalty program in the country since 2001 shows that most Canadians are not too worried about leaving a digital record of their purchasing habits.

Information collected by Air Miles is gathered on a household basis and is not product-specific. A successful swipe of the card tells the company the date, value and store a purchase was made.

"The information that you see on your summary statement is the information that we collect," Merowitz says.

Related stuff: Canadian Privacy Law Blog: Air Miles should be about data mining, not mass appeal, Canadian Privacy Law Blog: Article: Loyalty cards plus legwork can track beef buying, and the finding of the Privacy Commissioner of Canada referred to is on the PIAC website at

Thursday, April 10, 2008

The bottom's fallen out of the stolen data market

A scary example of the laws of supply and demand.

Apparently stolen credit card data is so abundant on the black market, the price has fallen through the floor. See: Techdirt: Stolen Data So Plentiful, The Market For It Has Collapsed.

Thanks to Rob Hyndman for sending the link to me.

Canadian companies global leaders in privacy

The Globe & Mail has an interesting article on Canadian privacy practices, based on a study from Forrester Research which says Canadian companies are global leaders in implementing privacy programs. See: Canadian firms putting a lock on data privacy.

Wednesday, April 09, 2008

Warrantless disclosure in the news

The trial of an accused trader in child pornography has brought the question of warrantless disclosure of ISP subscriber information to the national media's attention. It is understood to be the first time a superior court will consider whether basic subscriber information disclosed by an ISP without a warrant violates the Charter. The decision on this question is expected tomorrow. Stay tuned ...

The National Post, the Globe & Mail and the Toronto Sun discuss the issue:

The Globe & Mail - Wednesday, April 09

A precedent on Internet privacy in the making

Christie Blatchford

An Ontario Superior Court judge may rule as early as tomorrow in a precedent-setting Internet privacy case that could significantly set back how police conduct probes into online child pornography.

At issue is basic "subscriber information" from an Internet service provider, or ISP, which in this particular case was obtained under search warrant by Toronto police in an investigation that ultimately saw Robert Norman Smith, a Toronto actor once featured in popular Alexander Keith's beer commercials, charged with two counts of possessing child pornography and one of making it available.

Mr. Smith, 41, has pleaded not guilty.

But because the decision will be a first for superior courts in Canada, and because such decisions are binding upon the lower courts, the ruling will have broad impact.

Usually, police are able to obtain subscriber information - this is the customer's name and address - from Internet providers with what's called a simple "law enforcement request" made under the federal Personal Information Protection and Electronic Documents Act, commonly called PIPEDA.

While this legislation, which was phased in over several years beginning in 2000, sharply restricts the use and dissemination of personal information in commercial contexts, it also explicitly allows for the disclosure of customer name-and-address information to police.

But in this case, the provider, Bell Canada, refused to hand over the subscriber information, so the police resorted to getting it with a judicially approved search warrant.

On the first full day of trial yesterday before Superior Court Justice Robert Clark, Mr. Smith's lawyer, Cindy Wasser, argued that "people must have the expectation of privacy in their Internet use and they must have the right to challenge" search warrants that force ISPs to hand over their names and addresses to police.

"You can't just say this case is about child pornography," Ms. Wasser told the judge. "It's about the Internet and how we all use it and our expectation of privacy."

She is seeking legal standing for Mr. Smith to challenge the warrant; only if successful will she actually be able to challenge the validity of the warrant itself.

But if Judge Clark agrees that Mr. Smith had a reasonable expectation of privacy and grants him standing, it would mean police forces across the country, who daily obtain subscriber information under PIPEDA requests, would have to revert to the old, labour-intensive system of seeking search warrants every time they want customer information from ISPs.

Additionally, search warrants are problematic for police probing Internet crimes simply because they are more time-consuming.

Crown prosecutor Allison Dellandrea argued that because every Internet user automatically "broadcasts his IP [Internet protocol] address to potentially millions of people" every time he signs on, and because ISPs typically warn users in service agreements that their identities may be disclosed, there can be no expectation of privacy.

Furthermore, Ms. Dellandrea said that just because a commercial enterprise, such as Bell or another ISP, or even the drafters of PIPEDA, deem a block of information to be "private" doesn't mean it is private in a Charter-protected sense.

"That's quite different from what the Constitution says is privacy deserving of protection," she said.

Section 8 of the Canadian Charter of Rights and Freedoms protects people from unreasonable search and seizure, but defines privacy as "a biographical core of personal information" that tends to reveal "intimate details of the lifestyle and personal choices of the individual." Only then is the Charter protection engaged.

What was disclosed by Bell Canada to police in Mr. Smith's case was simply his name and address, information that is often readily available online or from phone books.

But Ms. Wasser argued that in combination with what the police already had learned from their investigation about his alleged use of child pornography, that minimal information was neither as benign nor innocuous as it seemed.

She urged the judge to consider not only what information the police received, but how they used it.

The Toronto investigation began in the fall of 2005, with police developing a system of searching that allowed them to view IP addresses of people sharing or making available certain child-pornography files.

Using a publicly available database, investigators were then able to determine which providers owned the IP addresses.

On Nov. 22, under one search warrant, they got the name and address information from Bell that led them to Mr. Smith, and in February the next year, under another warrant, they conducted a search of his north Toronto home.

At the time of his arrest that day, police alleged they found on his computer more than 1,000 electronic files, including movies and pictures, of children as young as 1 engaged in sexual activity.

Judge Clark said he may have a decision by tomorrow, but that the case will go ahead regardless.

From the National Post:

Television beer pitchman at centre of pornography, privacy battle

Shannon Kari, National Post

Published: Wednesday, April 09, 2008

The trial of a former television pitchman could be a precedent-setting case in deciding the privacy rights of Internet subscribers who are the subject of a criminal investigation.

Robert Smith is on trial in Ontario Superior Court on one charge of possession of child pornography and one charge of making child pornography available.

The actor was featured in commercials for Alexander Keith's beer as a character with a thick Scottish accent, until his arrest in February 2006.

Toronto police arrested Mr. Smith after an investigation into distribution of child pornography on Internet-based file sharing networks.

After discovering a specific Internet protocol address and learning it belonged to a Bell Canada customer, police executed a search warrant to obtain the subscriber information from the Internet Service Provider (ISP).

Mr. Smith is arguing there were not reasonable grounds for the first warrant to be issued or for a second one to be executed at his home.

The Crown responded that Mr. Smith has no right to challenge the warrant executed against Bell because there are no privacy rights in Internet subscriber information.

In a 2005 civil case about the downloading of music from file-sharing networks, the Federal Court of Appeal found there were privacy rights in this data and they could not be disclosed without a court order.

The prosecution of Mr. Smith is believed to be the first time a Superior Court in Canada has been asked to decide whether police are required to obtain a search warrant to get subscriber information in a criminal case and whether a defendant can challenge the warrant.

Some Internet providers voluntarily disclose this information to police in child pornography cases, but not in other criminal investigations.

A provincial court judge in Ontario ruled earlier this year that there are privacy rights in subscriber information, which includes the name, address, account and e-mail address of a customer (the Crown has appealed this ruling).

Crown attorney Allison Dellandrea argued yesterday it is simply "customer information" that police are seeking. "It doesn't matter what police do with it," said Ms. Dellandrea.

When police have subscriber information and an IP address, they can find "deeply personal" data related to an individual's Internet use and it should be possible to challenge whether the warrant was obtained lawfully, argued defence lawyer Cindy Wasser.

"You can't just say this case is about child pornography. This case is about the Internet, how we use it and the expectation of privacy," said Ms. Wasser.

From the Toronto Sun: - Toronto And GTA- Actor disputes warrant in porn case

The Toronto comic actor who once portrayed the fanatical Scot in the Alexander Keith's beer commercials has launched an unprecedented constitutional challenge of the search warrant that led to his child porn charges.

Lawyer Cindy Wasser, who represents actor Robert Norman Smith, argued yesterday that her client's privacy rights were violated when his Internet service provider, Bell Canada, gave his name and address to Toronto Police when they presented a search warrant.

Internet users have an expectation of privacy and they don't have to list their names or addresses, Wasser said.

It is be -lieved to be the first Ontario Superior Court challenge of a warrant in which a service provider gave a subscriber's name and address.

Justice Robert Clark may give a ruling as early as tomorrow in the judge-alone trial.

The judge appeared to disagree with Wasser, saying, "The nature of the information is pivotal here. You're not discovering biographical information. You're getting the most minimal information, the person's identity and address."

Clark said he was balancing the accused's privacy rights versus "effective law enforcement."

Crown attorney Allison Dellandrea said the information provided "isn't deserving of constitutional protection."

Smith, 42, was charged with two counts of possession of child pornography and one count of making available child pornography after police searched his home computer two years ago.

He lost his job as soon as he was charged and the popular ads were pulled off the air.

Tuesday, April 08, 2008

Surveillance cameras move crime in San Francisco

Whether widespread surveillance cameras actually work is often hotly debated. Some contend they counter crime while others contend that cameras only move it. Researchers at the University of California Berkeley have done a pretty intensive review of crime statistics in San Francisco related to the cameras in place in that city and have concluded, in a preliminary review, that they simply move crime out of view of the cameras.

Crime cameras not capturing many crimes

...They looked at seven types of crime: larcenies, burglaries, motor vehicle theft, assault, robbery, homicide and forcible sex offenses.

The only positive deterrent effect was the reduction of larcenies within 100 feet of the cameras. No other crimes were affected - except for homicides, which had an interesting pattern.

Murders went down within 250 feet of the cameras, but the reduction was completely offset by an increase 250 to 500 feet away, suggesting people moved down the block before killing each other.

The final report is expected to analyze the figures in more depth and to include other crimes, including prostitution and drug offenses.

Kevin Ryan, director of the Mayor's Office of Criminal Justice, said it's premature to dismiss the use of the cameras based on the preliminary report. He said the report shows the devices change behavior in some instances. "At the end of the day, if the report does suggest what I think it's going to suggest, that it can be an effective tool, we're going to have to deploy it in the most effective way we can," he said.

Via Boing Boing.

Monday, April 07, 2008

Search engines warned over data

The BBC is reporting that the Article 29 Working Group in Europe is calling on search engines to render their logs anonymous after six months.

BBC NEWS Technology Search engines warned over data

... The report from the Article 29 Data Protection Working Party said search engine providers had "insufficiently explained" why they were storing and processing personal data to their users.

It said "search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for".

The report said the personal data of users should not be stored or processed "beyond providing search results" if the user had not created an account or registered with the search engine.

The advisory body also said it preferred search engines did not collect and use personal data to serve personalised adverts unless the user had consented and signed up to the service....

Google has recently reduced its log retention to eighteen months while other search engines are in the one year to one-and-a-half year ballpark.

Via the ever vigilant Slaw. For Google's previous announcement on retention, check out Canadian Privacy Law Blog: Google to anonymize older data.

Incident: Tax files, private info turn up in Vancouver dumpster

In case you needed further proof that you must shred all personal information that you're disposing. Loads of personal tax information has surfaced after a high-profile accountant in Vancouver chucked it into a locked dumpster outside his offices:

CTV British Columbia- Tax files, private info turn up in dumpster - CTV News, Shows and Sports -- Canadian Television

... Many of the documents -- marked with phrases such as "personal and confidential" -- come from the office of Peter Roberts, a well-known accountant.

"Oh my gosh," said one of Roberts' clients, David Weinberg, whose name was on several files.

"I'll have him either return this to me or assure me that he will be changing his privacy practices going forward to assure that not just this but all of his clients' documents are properly shredded."

When reached by phone, Roberts said that he put a bag full of the documents in the dumpster on Saturday.

He said he doesn't own a shredder and believed the documents would be safe because the dumpster is secured by a padlock.

But to Vancouver's large and innovative homeless population, a lock isn't much of a safeguard....

Thanks to a regular reader from the west coast for pointing me to this incident.

Leg@l.IT2008 in Montreal

If you haven't heard of it already, check out this year's Leg@l.IT2008 in Montreal at the Mount-Royal Center on April 21st, 2008. There are three tracks and the faculty looks pretty impressive (including your's truly).

Register quickly before it is full!

More details here: LEGAL.TI Droit et technologies de l'information Canada's Legal Technology Conference.

Sunday, April 06, 2008

Identity Theft Hearings at the Justice Committee

Sorry for the grossly misleading headline but I was similarly misled.

Michael Geist and others were scheduled to testify before the House of Commons Justice Committee about the proposed anti-Identity Theft law, Bill C-27, but political idiocy meant that the hearings never happened. Pathetic.

See: Michael Geist - Identity Theft Hearings at the Justice Committee.

An access odyssey in the UK

The Guardian has an interesting article on John Harris' odyssey of exercising his access rights under the Data Protection Act. He had quite an experience, between credit files he never knew existed and a mobile phone company that made up rules on the fly. I'm surprised no Canadian journalist has tried this under PIPEDA so far, but one or two may follow Harris' example. Check it out: The John Harris files UK news The Guardian.

Sexual Assault Kit Among Patient Records Discovered in Moose Jaw

Reecnt reports of abandoned or unsecured medical records in Saskatchewan have led to a rash of reports to the Privacy Commissioner of that province, including on report that 70 boxes of records are unattended in Moose Jaw. The records contain completed sexual assault kits, it is reported. See: Sexual Assault Kit Among Patient Records Discovered in Moose Jaw News Talk 650.

Real Questions for Facebook’s Chief Privacy Officer

Michael Zimmer caught my link to the Times Online article with questions for Facebook's CPO. He points out that the questions are pretty easy. Instead, he proposes some real questions: » Archives » Real Questions for Facebook’s Chief Privacy Officer.

I'd like to see the answers.

Questions for Facebook's privacy officer

The Times Online has a few questions for the Chief Privacy Officer at Facebook. See: Q&A: Chris Kelly, chief privacy officer of Facebook - Times Online.

NIH forbids MacBooks for personal information processing

According to Informationweek, the US National Institutes of Health is forbidding employees and contractors from using Macintosh MacBooks for processing personal information due to a lack of encryption on the devices. See: U.S. Health Agency Forbids Sensitive Data On Apple MacBooks - Yahoo! News.

Commissioner investigates Human Rights Commission after unauthorized use of wireless network

The Privacy Commissioner of Canada is reported to be investigating whether an Ottawa woman's privacy was breached by an investigator from the Canada Human Rights Commission who used the woman's unsecured wireless network to visit and post on white supremacist websites. See: Canada Privacy czar probes alleged Net hack by officials.

Saturday, April 05, 2008

Dispute over costs holds up plan to reintroduce Internet policing legislation

It appears that "lawful access" is in the news again, at least with respect to the debate over who is to pay for forcing telcos to build intercept capabilities into their systems:

Dispute over costs holds up plan to reintroduce Internet policing legislation

The Harper government's plans to reintroduce legislation that would make it easier for law-enforcement agencies to monitor Internet and wireless communications have been held up by a dispute with industry over who should cover the costs, according to documents obtained by Canwest News Service.

The former Liberal government introduced a law, called the Modernization of Investigative Techniques Act, that would have compelled telecommunications service providers such as Bell Canada and Rogers Communications to disclose personal subscriber information to authorities upon request. The Conservative government has been working on a new version of the law, which was introduced just days before the Liberal government fell in November 2005.

Police and the Canadian Security Intelligence Service can already seek the authority to wiretap private communications through the Criminal Code, CSIS Act and other laws. But the laws were written before the emergence of the Internet, mobile phones and handheld computers, and in many cases the industry hasn't developed the technology to intercept such communications.

The "lawful access" law, as it is better known, would have effectively forced companies to build intercept capabilities into their networks....

Boring lawsuit over Google's "Street View"

(I couldn't resist.)

Mr. and Ms. Boring of Pittsburgh is suing Google for intentional invasion of privacy since Google's Street View feature shows a picture of the home despite the fact that their street is marked as a private road. The Smoking Gun has the facts and their pleadings:

Couple Sues Google Over "Street View" - April 4, 2008

APRIL 4--A Pittsburgh couple is suing Google for invasion of privacy, claiming that the web giant's popular "Street View" mapping feature has made a photo of their home available to online searchers. Aaron and Christine Boring accuse Google of an "intentional and/or grossly reckless invasion" of their seclusion and privacy since they live on a street that is "clearly marked with a 'Private Road' sign," according to a lawsuit the couple filed this week in Allegheny County's Court of Common Pleas. A copy of the April 2 complaint can be found below. According to the Borings, they purchased their Oakridge Lane home in late-2006 for "a considerable sum of money," noting that a "major component of their purchase decision was a desire for privacy." But when Pittsburgh was added last October to the roster of cities covered by Google's "Street View" feature, the Borings allege, their "private information was made known to the public," causing them "mental suffering" and diminishing the value of their home (which cost the couple $163,000, according to property records). The Borings are seeking in excess of $25,000 in damages and want a court order directing Google to destroy images of their home. Click here for some photos of the Boring property, which is now even easier to locate via Google Maps, since the plaintiffs included their home address on the lawsuit's first page. And while they are litigating, perhaps the Borings should consider suing Allegheny County's Office of Property Assessments, which includes a photo of their home (which was built in 1916 and sits on 1.82 acres) on its web site. Here's a screen grab. (8 pages)

If you look at the pictures of their property, you might think that if the Borings were concerned about their privacy they would have put a fence around their pool. I'm just saying ...

UPDATE (2008.04.06): The Wall Street Journal's Law Blog has a response from Google:

There is no merit to this action. It is unfortunate litigation was chosen to address the concern because we have visible tools, such as a YouTube video, to help people learn about imagery removal and an easy-to-use process to facilitate image removal.

As a matter of policy, imagery for Street View is taken in public streets and what any person can readily capture or see in the public domain. Street View is a popular, engaging feature that allows people to easily find, discover, and plan activities relevant to a location.

What's most interesting -- at least from my perspective -- is that this argument doesn't hold much water in Canada. Up here, there are two different privacy laws. There is some caselaw that's similar to tort law in the US suggesting that you can sue for invasion of privacy, if there's been an "unreasonable invasion of privacy". In the US, there is no expectation of privacy in the streets or in a public place and, other than in Quebec, that's probably the law in Canada. The second law is PIPEDA, which is a separate statute that governs all collection, use and disclosure of personal information in connection with commercial activity. Since Google's doing commercial activity, the law requires consent for the collection and disclosure of personal information. (There's some serious doubt that the photo of your house without any other information would be your personal information.) Since street view often includes photos of people, Google would require consent to use those photos for commercial purposes. Since the Google street sweepers do not get consent, there's no easy way to have street view in Canada.

I expect that Google will have technology to blur out individuals so they can take street view to Canada and other jurisdictions where privacy laws would prohibit photos of pedestrians.