Friday, November 16, 2012

Newfoundland health privacy legislation found "substantially similar" to PIPEDA, exemption order issued

As of October 10, 2012, the Federal Cabinet issued the Personal Health Information Custodians in Newfoundland and Labrador Exemption Order, which has the effect of ceding jurisdiction under PIPEDA with respect to health information custodians under the Personal Health Information Act of Newfoundland and Labrador.

The Order reads:

SI/2012-72 October 10, 2012

PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT

Personal Health Information Custodians in Newfoundland and Labrador Exemption Order

P.C. 2012-1091 September 20, 2012

Whereas the Governor in Council is satisfied that the Personal Health Information Act, SNL 2008, c P-7.01, of Newfoundland and Labrador, which is substantially similar to Part 1 of the Personal Information Protection and Electronic Documents Act (see footnote a), applies to the personal health information custodians referred to in the annexed Order;

Therefore, His Excellency the Governor General in Council, on the recommendation of the Minister of Industry, pursuant to paragraph 26(2)(b) of the Personal Information Protection and Electronic Documents Act (see footnote b), hereby makes the annexed Personal Health Information Custodians in Newfoundland and Labrador Exemption Order.

PERSONAL HEALTH INFORMATION CUSTODIANS IN NEWFOUNDLAND AND LABRADOR EXEMPTION ORDER

EXEMPTION

1. Any personal health information custodian to which the Personal Health Information Act, SNL 2008, c P-7.01, applies is exempt from the application of Part 1 of the Personal Information Protection and Electronic Documents Act in respect of the collection, use and disclosure of personal health information that occurs in Newfoundland and Labrador.

COMING INTO FORCE

2. This Order comes into force on the day on which it is registered.

Federal Court awards minimal damages for good faith violation of PIPEDA by bank

The Federal Court of Canada, in Biron v. RBC Royal Bank, 2012 FC 1095, recently had an opportunity to consider a claim for damages under PIPEDA where the disclosure of personal information was made "in good faith". In connection with a separate proceeding, RBC Royal Bank responded to a series of subpoenas by providing information about a client (who had a joint account with one of the litigants). The individual complained to the Office of the Privacy Commissioner of Canada and then proceeded to the Federal Court seeking damages. Her claim was for punitive damages in the amount of $10,000, $5,000 for distress and inconvenience and $10,000 for moral damages. The court awarded only $2500, plus costs.

The Court noted:

[31] RBC’s conduct in the present matter does not justify an award of damages since any violation of the Act resulted from an error in good faith. According to RBC, its representatives acted in good faith when disclosing the personal information before a judge of the Superior Court, in the absence of any challenge of the subpoena. Furthermore, RBC is of the opinion that Mr. Poirier was authorized to represent Ms. Biron and to agree on her behalf to the disclosure of the personal information contained in the statements of their joint credit card. RBC alleges that Ms. Bouchard was misled when Mr. Poirier told her verbally that she could provide Ms. Grassby with all of the private information without obtaining a Court order and without restriction as to any of the information in the statements regarding Ms. Biron.

With respect to the calculation of damages:

[37] In Randall, above, the Court writes as follows about the damages awarded under section 16 of the Act:
[55] Pursuant to section 16 of the PIPEDA [the Act], an award of damages is not be made lightly. Such an award should only be made in the most egregious situations. I do not find the instant case to be an egregious situation.

[56] Damages are awarded where the breach has been one of a very serious and violating nature such as video-taping and phone-line tapping, for example, which are not comparable to the breach in the case at bar: Malcolm v Fleming (BCSC), Nanaimo Registry No S17603, [2000] BCJ No 2400; Srivastava c Hindu Mission of Canada (Québec) Inc. (QCA), [2001] RJQ 1111, [2001] JQ no 1913.

[38] The alleged damages must also result directly from the fault committed (see Stevens v SNF Maritime Metal Inc, 2010 FC 1137 (CanLII), 2010 FC 1137 at paras 28 and 29). The Court notes further that awarding damages under section 16 of the Act is discretionary (see Nammo, above).

[39] As to punitive damages, the Supreme Court of Canada instructs that these “are restricted to advertent wrongful acts that are so malicious and outrageous that they are deserving of punishment on their own” (see Honda Canada Inc v Keays, 2008 SCC 39 (CanLII), 2008 SCC 39 at para 62). In de Montigny, the Supreme Court stated as follows:

[47] While compensatory damages are awarded to compensate for the prejudice resulting from fault, exemplary damages serve a different purpose. An award of such damages aims at expressing special disapproval of a person’s conduct and is tied to the judicial assessment of that conduct, not to the extent of the compensation required for reparation of actual prejudice, whether monetary or not. As Cory J. stated:
Punitive damages may be awarded in situations where the defendant’s misconduct is so malicious, oppressive and high-handed that it offends the court’s sense of decency. Punitive damages bear no relation to [page88] what the plaintiff should receive by way of compensation. Their aim is not to compensate the plaintiff, but rather to punish the defendant. It is the means by which the jury or judge expresses its outrage at the egregious conduct of the defendant.

(Hill v Church of Scientology of Toronto, 1995 CanLII 59 (SCC), [1995] 2 SCR 1130, at para 196)

[40] In the present proceeding, the Court is of the opinion that, in light of the facts of the case, the damages alleged by Ms. Biron can be tied to RBC’s error. The Court is of the opinion, moreover, that it must consider the fact that Ms. Biron asked RBC to stop disclosing her personal information on two occasions. RBC violated its obligations under subsection 7(3) of the Act by failing to properly protect the personal information of one its clients, a disinterested third party in the divorce proceeding between Mr. Poirier and his ex-wife.

[41] Ms. Biron is also claiming punitive damages in the amount of $10,000. There is, however, no evidence on record demonstrating that RBC committed acts against Ms. Biron that were so malicious and outrageous as to warrant an award of punitive damages.

[42] The only evidence submitted by Ms. Biron in support of her total claim for $15,000 in damages, that is, $5,000 for distress and inconvenience and $10,000 for moral damages, is limited to the representations she had to make to the Privacy Commissioner, the letters sent to RBC and the time spent in helping her spouse in defending himself again his ex-wife’s allegations resulting from the review of the money spent using the joint credit card.

[43] The Court therefore concludes that, given that Ms. Biron, as a third party in a divorce proceeding, objected twice to her personal information being disclosed, that she suffered humiliation under paragraph 16(c) of the Act and that the damages sought by Ms. Biron are directly related to RBC’s fault, the Court awards $2,500 plus interest and costs, to be paid to Ms. Biron by RBC.

Thursday, November 15, 2012

BC Privacy Commissioner tells Victoria Police to change automated license plate scanning system

The Office of the Information and Privacy Commissioner of British Columbia has just released the report of its investigation (PDF) of the use of Automated License Plate Recognition by the Victoria Police Department.

Here is their summary from OIPC's media release (PDF):

NEWS RELEASE

For Immediate Release

Nov. 15, 2012

Police must make changes to licence plate scanning technology, says B.C. Privacy Commissioner

VICTORIA—The Victoria Police Department must make changes to its Automated Licence Plate Recognition program to comply with privacy laws, says B.C.’s Information and Privacy Commissioner.

“Modern technologies such as ALPR can be effective law enforcement tools; however, the use of these tools in British Columbia must comply with Freedom of Information and Protection of Privacy Act,” said Commissioner Elizabeth Denham.

Using cameras mounted to squad cars, Victoria police use ALPR to photograph, scan and record licence plate numbers, including time and geographic location. The ALPR system compares this data to an on-board database of plate numbers provided by the RCMP called an “alert listing.” A “hit” occurs when there is a match between a licence plate scan and the alert listing. If there is no match, the item is categorized as a “non- hit.”

At the end of a shift, a “daily scan” record is returned to the RCMP, which contains the personal information of every registered owner of a vehicle scanned by the ALPR system. This record contains information related both to hits and to non-hits. The RCMP’s current practice is to de-identify non-hit data.

After a detailed investigation, Commissioner Denham concluded that the disclosure of non-hit data to the RCMP is not authorized by FIPPA.

“Non-hit data is personal information about the suspicionless activities of citizens -- information that the police have no reason to believe relates to criminal activity. This information is not serving a law enforcement purpose and therefore, VicPD cannot disclose it to the RCMP,” said Denham.

The Commissioner recommended the ALPR system be reconfigured to delete non-hit data immediately after the system determines that it is not a match.

She also established that future use or disclosure of non-hit data by municipal police would not be authorized under B.C. law.

“Law enforcement agencies have recently discussed retaining non-hit data. Collecting personal information for traffic enforcement and identifying stolen vehicles does not extend to retaining data on the law-abiding activities of citizens just in case it may be useful in the future,” said Denham.

The Commissioner’s investigation was prompted in part by a written submission from three individuals, who expressed concern about the police use of ALPR in British Columbia and its potential use as a tracking tool.

“There are concerns that this technology could be used as a surveillance tool, where data about the location and activities of citizens is used for purposes other than that for which it was collected. In light of these concerns, I felt it was important to provide citizens with a comprehensive look into how this technology is being used,” Denham wrote.

Wednesday, November 14, 2012

Google's most recent Transparency Report: Government requests are on the rise

Google has released its most recent update to the Google Transparency Report, which provides statistics about how many user data requests and how may takedown requests Google receives from governments and copyright owners around the world.

The specific stats for Canada are here: user data, takedowns. The takedown data set is broken down by service and alleged reason.

The Official Google Blog (Transparency Report: Government requests on the rise) provides some additional, global context.

A big hat tip to Google for making this information available, which has led to other companies publishing similar data so some light can be shed on data and takedown requests, which usually occur in the shadows.

Wednesday, November 07, 2012

Privacy Commissioners respond to Police Chiefs on Bill C-30 and lawful access

An interesting debate over lawful access is playing out in the pages of the Windsor Star. First, the paper ran an opinion piece from the leadership of the Canadian Association of Chiefs of Police that peddles the common line that connecting an internet user's IP address to their name and address is just like (and no more intrusive than) using a phone book:

Police chiefs speak out

As Canadians, we rightly place a very high value on our privacy.

As a career police officer, I have spent much of my life ensuring that my actions and those of the officers under my command do not intrude into the privacy of others, unless authorized by law and in pursuit of those who threaten, harm or steal from others.

While all new laws should be subject to rigorous debate, I worry that the misinformation surrounding the proposed Bill C-30 "Protecting Children from Internet Predators Act" is distracting us from the true goal of this bill - protecting victims by updating laws last introduced by Parliament in 1974. At that time, telecommunications consisted of rotary phones, telegraphs and physical lines of wire.

A technology revolution has seen the rapid adoption of mobile devices, computers and social media - an evolution of technology not envisaged by lawmakers back in the 1970s.

Canadians reap many benefits from today's technologies. So do criminals. We have inadvertently created safe havens for those who exploit technology to traffic in weapons, drugs and people. It is a boon to pedophile networks, money launderers, extortionists, deceitful telemarketers, fraudsters and terrorists.

Cyber bullies communicate their vitriol with impunity. If we stand by and do nothing, criminals will continue to use these interactive platforms to harass and threaten others, commit frauds, scams and organized and violent crimes with little fear of being caught.

I enthusiastically agree that privacy is a right to cherish and guard vigorously. We believe that the new legislation, with our recommended amendments to strengthen privacy rights, will help make Canada a safer place. To level the playing field for law enforcement, successive federal governments introduced updated lawful access legislation in 2006, 2007, 2009 and 2010.

All of these bills "Died on the Order Paper." In the meantime, the threats to individuals and community are increasing. The current proposed legislation includes the following assurances/improvements:

  • Access to private information will continue to require a judicial authorization (warrant).

  • Telecommunications providers will be required to preserve data while a warrant is being obtained.

  • Basic subscriber information (the equivalent to information provided by a telephone directory) will be obtainable in a timely and consistent manner. As opposed to today's environment, the new legislation builds in an audit trail to ensure accountability (including making available reporting to the judiciary and privacy commissioners) and to limit those within policing who can make such a request.

What is the cost of not proceeding with the modernization of our laws? Organized criminals will plan their killings and kidnappings using communications providers whose systems do not have the technical ability to be monitored through the warrant process.

Terrorists will be able to exploit these same gaps. Victims of scams will be told that the evidence trail linking the suspect to the crime has disappeared because the service provider has no obligation to preserve data.

Perhaps even worse, the parents of a child who has been lured or criminally harassed over the Internet will learn that the police investigation will be delayed or completely unsuccessful because of the need to obtain a warrant for basic subscriber information.

The RCMP's National Child Exploitation Co-ordination Centre looked at a sample of 1,244 requests for basic subscriber information in 2010. The average response time to gain such information was 12 days. This is unacceptable!

The challenge of Bill C-30 is to strike the right balance between providing law enforcement with investigative tools to ensure individual and public safety while ensuring the protection of privacy. We support the greater protections which have been built into this bill.

Vancouver police Chief Jim Chu is president, Canadian Association of Chiefs of Police.

Privacy Commissioners from Ontario, British Columbia and Alberta have sent the paper a reply:

New surveillance powers shouldn’t come at the expense of our right to privacy | Windsor Star:

Re: Police chiefs speak out, guest column, by Jim Chu, Nov. 6.

In his opinion piece, police Chief Jim Chu repeats the now much-discredited analogy that subscriber data is equivalent to what is found in a phone book. We disagree.

This information, which includes e-mail addresses and Internet protocol addresses, is not publicly available and can be used to reveal the web-related activities of law-abiding citizens.

This is why Canadians across our country expressed such strong concerns about the federal government’s introduction of Bill C-30, the Internet surveillance bill.

As Privacy Commissioners, we understand that the police may need new tools to investigate crime as technology advances.

However, Commissioners have consistently asked for evidence that police need the power to compel Internet Service Providers to turn over personal information of subscribers without a warrant in order to attain these ends.

To date, law enforcement officials have failed to provide persuasive factual evidence that current law has impeded police investigation of serious crimes, like those involving individuals who exploit children.

Current law recognizes exigent circumstances that justify immediate access to information to solve serious crimes.

If police need additional powers, they must be demonstrably justified, and come with appropriate judicial oversight and accountability.

New surveillance powers must not come at the expense of our right to privacy.

ANN CAVOUKIAN, PhD, Information and Privacy Commissioner, Ontario, JILL CLAYTON, Information and Privacy Commissioner, Alberta, and ELIZABETH DENHAM, Information and Privacy Commissioner, B.C.

Today, the Federal Privacy Commissioner added her voice to the debate:

Bill C-30 must be amended to respect privacy rights | Windsor Star

Re: Police chiefs speak out, guest column, by Jim Chu, Nov. 6.

My office appreciates the challenges faced by police officers in fighting online crime, with out-of-date tools and at a time of rapidly changing technologies.

We agree with Jim Chu, chief constable of the Vancouver Police Department and president of the Canadian Association of Chiefs of Police, when he states that the federal government’s lawful access bill could be improved to better protect privacy rights in Canada.

We were encouraged to see the head of the police association specifically support a provision to clarify privacy rights, in his recent op-ed. In fact, Bill C-30 must be amended to respect privacy rights.

Chief Chu suggests the information behind an IP address is equivalent to information found in a phone book. To me, this vastly underestimates what it may reveal about someone.

Unlike a phone book, information behind an IP address is not generally publicly available and can unlock doors to much more information about people.

My office’s technologists are currently looking at this, and studying the degree of privacy intrusiveness in relation to the specific information that the Bill proposes to make readily accessible to law enforcement.

We are also continuing our discussions with public safety and law enforcement officials, as well as civil society, to ensure that privacy issues are adequately addressed.

It is true that law enforcement powers need to be modernized, but so too do the laws that ensure Canadians’ privacy rights are fully respected. The Privacy Act, which applies to federal departments and agencies, has not been substantially amended in more than 30 years and, as a result, citizens have little mechanism for redress when things go wrong. The federal private sector privacy law, PIPEDA, is also well overdue for an update.

We look forward to elaborating on our views about Bill C-30 with parliamentarians and we will also continue to advocate for federal privacy laws that meet the challenges of this new world.

JENNIFER STODDART, Privacy Commissioner of Canada, Ottawa

Monday, November 05, 2012

Don't throw the (judicial oversight) baby out with the bathwater

I have been trying to encourage an informed dialogue about "lawful access" on this blog, in an effort to cut through some of the rhetoric to get to useful substantive issues. In that effort, Detective Constable Warren Bulmer has written a couple of guest posts, including the most recent "A police officer's response to my recent critique of lawful access".

As I indicated when I posted Warren's piece, I mentioned I'd probably have a response. Here it is.

According to police, voluntary disclosure of subscriber information by internet service providers is too unpredictable for police officers to rely upon and the current system of judicial pre-authorization often takes too long. I'll acknowledge that this is a real problem.

My starting premise is that agents of the state (law enforcement and national security types) should not be able to obtain personal information from a third party without judicial authorization (unless there is an actual and immediate threat to life, health or safety). To me, anything that falls short of this is simply not acceptable.

Production orders are the natural means by which police should be able to obtain customer name and address information in the appropriate circumstances. (Search warrants simply don't work for these sorts of cases.)

D/Cst Bulmer has identified that production orders, as currently set up under the Criminal Code are limited to circumstances where the crime has already been committed but don't cover where there are grounds to believe a crime will be committed, so such orders are inadequate. (Though I note conspiracy to commit a future offense is usually an offense.) The solution is not to throw out judicially-authorized production orders but to fix this omission. Amend section 487.012 of the Criminal Code to include circumstances where there are reasonable grounds to believe that the production order will lead to evidence related to a crime that will be committed.

Here is what it would look like:

(3) Before making an order, the justice or judge must be satisfied, on the basis of an ex parte application containing information on oath in writing, that there are reasonable grounds to believe that

(a) an offence against this Act or any other Act of Parliament has been, is being or is about to be committed or is suspected to have been, is being or is about to be committed;

(b) the documents or data will afford evidence respecting the commission of the offence; and

(c) the person who is subject to the order has possession or control of the documents or data.


Fifteen words fix it.

If there's an emergency -- an actual imminent threat to life, health or safety -- police should be able to get access to subscriber information as soon as possible. The police, D/Cst Bulmer included, complain that ISPs don't always share this sense of urgency. In my own experience and from speaking with some within the ISP industry, this may be a result of "once bitten, twice shy" syndrome due to previous cases where the urgency of the situation was misrepresented, leading to the conclusion that it was only done to circumvent the need to get a production order. The way to deal with this is either via tele-production orders (similar to telewarrants, which are provided for under the Criminal Code) or by after-the-fact accountability.

This works for serious crimes, such as kidnapping, child exploitation and cyber-bullying.

Again, don't throw out judicial oversight simply because of some limited difficulties.

With respect to intervening in suicide, which is not a criminal offence in Canada, I have some difficulties. I am generally of the view that the intrusive powers of the state should be reserved for the investigation of serious criminal offences. Remember, violating a lawful demand under the Criminal Code or under C-30, if passed, would result in criminal charges against the person who refuses to hand over the information. It's not a neutral thing. They can be arrested. If an adult decides to deliver a suicide note via social media, it's not a criminal offense that bears investigating. With a young person, it is a different matter so perhaps an exception should be applicable.

As far as other examples advanced by some law enforcement officers are concerned (but not raised in D/Cst Bulmer's post), the full force of the state should not be brought to bear to reunite an individual with their lost phone. It's absurd that a telco could be criminally charged or convicted of contempt of court for failing to help find the owner of a lost phone.

In a free and democratic society, judicial oversight of the exercise of intrusive state powers is simply essential. It cannot be foregone because the current scheme of production orders is not perfect. Fix what we have so judicial oversight is maintained.

Thursday, November 01, 2012

A police officer's response to my recent critique of lawful access

You may recall that on September 18, 2012, Detective Constable Warren Bulmer of the Toronto Police Service's Computer and Technology Facilitated Crime group had a guest post: Guest post: A police officer's take on informational privacy and the police in the digital age. He sent me the following response to my recent post Despite police chiefs' representations, lawful access is irretrievably broken, and I have his ok to post it here.

I expect I'll have a response to his post in the next day or so.



David

I would like to take this opportunity to provide a few points about your post.

To be fair, the role of the Police in any criminal investigation is not just simply to identify the person responsible for the crime but to try to determine the truth about what happened based on evidence. Often in this work, we receive tips or leads that implicate the wrong person especially in the world of the pseudo-anonymous Internet. Technology itself creates challenges by providing the ability to disguise, alter or otherwise mislead any person attempting to validate Internet sourced information. The police have a responsibility to conduct a thorough investigation which is to also eliminate suspects or persons of interests that may have been implicated by a witness. In the digital age more particularly, we see people who have identified themselves by impersonating another or purporting to be someone they are not. Hard to believe that people don’t use their real name when engaging in questionable behaviour online but it’s true.

In many cases, I agree with you a judicially authorized instrument allows the Police to investigate as long as time is not of the essence. The problem with a judicially authorized Production Order is that the company (ISP) cannot return the information for 30-60 days. So in a public safety situation, or if you or one your readers were targeted by Police as a suspect or person of interest and you had been wrongly implicated, you would be waiting for the Police to clear your good name. The process is completely unfair in this regard. I agree that rights need to be protected but it can’t be at the cost of potential injustice caused by investigative delays to benefit the minority (criminals) versus the rights of the masses. Section 15 of the Charter states “every individual is equal before and under the law and has the right to the equal protection and equal benefit of the law… “

The other part of your post which needs to be clarified is this (quote): “…but based on the premise that the police should not be able to require anybody to provide information about an individual in the absence of reasonable grounds to believe that the information either is or will lead to evidence of a crime that has been, is being or will be committed, and the appropriate checks and balances…”. With respect to the context you have placed this passage in, I think your readers may mistakenly draw the conclusion that the Police could use a Production Order (487.012) to stop or prevent a crime from happening.

As you pointed out in your piece, a Production order can be authorized by a Justice of the Peace or Judge but most commonly the former. The judicial officer can only authorize a Production Order for criminal offences under the Code or other Act of Parliament based on reasonable grounds when an offence has been or is suspected to have been committed. Therefore, it cannot be used to prevent a crime that hasn’t happened yet, or is about to happen. The purpose of a Production Order is to provide police with evidence in a non-intrusive way. It was clearly designed to obtain third party records that exist in the hands of third parties and the extent of that search is not carried out by the Police thereby mitigating the invasion of privacy. It does not carry the level of scrutiny a search warrant does.

As you know, a search warrant (487 CCC) can be used in situations where an offence is about to or will be committed however; it is not the appropriate mechanism to obtain these records because a warrant authorizes the Police to carry out the search. Even with an appropriate assistance order (487.02) it is neither practical nor reasonable for Police to walk into Bell, serve a search warrant and start searching through the ISP’s servers. This leaves the conundrum Police currently find themselves in, an inability to clear innocent people of false allegations of wrong-doing in a timely manner and no judicially authorized mechanism to prevent a crime from happening when the Internet is involved. One additional factor at play is where a case dictates that Police need to intervene when a criminal offence hasn’t been or isn’t at the threshold where a situation meets the definition of an offence. The Police require a criminal offence to seek a judicially authorized search unless there is a lawful exemption.

Bill C30 affords the Police lawful access to basic subscriber information, which incidentally is the same information that is sought via a Production Order, when there is a belief outside of a criminal offence that the Police need that information. I would refer your readers to Section 17 of the Bill which states:

17. (1) Any police officer may, orally or in writing, request a telecommunications service provider to provide the officer with the information referred to in subsection 16(1) in the following circumstances:

(a) the officer believes on reasonable grounds that the urgency of the situation is such that the request cannot, with reasonable diligence, be made under that subsection;

(b) the officer believes on reasonable grounds that the information requested is immediately necessary to prevent an unlawful act that would cause serious harm to any person or to property; and

(c) the information directly concerns either the person who would perform the act that is likely to cause the harm or is the victim, or intended victim, of the harm.


The police officer must inform the telecommunications service provider of his or her name, rank, badge number and the agency in which he or she is employed and state that the request is being made in exceptional circumstances and under the authority of this subsection.

(2) The telecommunications service provider must provide the information to the police officer as if the request were made by a designated person under subsection 16(1).


This component would mandate that the Police dictate what constitutes an emergency request based on exigent circumstances not the ISP. As you know, currently the Police make emergency requests and the ISP determines if it meets their version of an emergency. I have heard of numerous incidents where Police have made an emergency request using the ISP’s form and it was denied because they (the ISP) deemed it wasn’t an emergency thereby forcing Police to get a warrant or Production Order and in some cases nothing was obtained because there wasn’t a criminal offence. In those cases, the Police could do nothing and often they were kids or adults alike being mean or nasty to another or worse looking for help on the Internet but there weren’t enough facts to formulate a criminal offence.

Section 17 of the Bill provides the ability for Police to intervene and protect people who may be suicidal perhaps kids who are targets of bullying when it doesn’t meet the threshold of a criminal offence or in identifying someone who says they will blow-up a theatre before they do it. How? By removing the interpretation of a private company as to what constitutes an emergency, harm or unlawful act. If anyone wants a reason as to why this legislation is necessary, it is the “protection” and “prevention” benchmarks available in it that we should be recognizing or enhancing and divert attention away from the enforcement side of the legislation. The Police will always have the authority to ask.

People have and continue to criticize the Police for standing by while dozens of these incidents go under enforced or seemingly ignored. Lawful access provisions like this aren’t the only solution and I am always cognizant of a “police state” but this legislative tool would go a long way to helping Police intervene early-on in cyberbullying cases, for example and may even prevent some suicides or other Internet related life threatening situations. The most important primary duty of a police officer is the preservation of life and that becomes extremely difficult when the Internet is involved. We find it a challenge to help people who are seeking it on a social network when they are using the nicknames of “wolfman” or “crazy cat lady” or “cooldude66”.

Regards

Warren Bulmer