Surveillance by Design: Government Rules, Business Practices Threaten Canadians’ Personal Privacy
We are all players in the “Privacy Theatre”, living a fiction in an online world that shows only a pretense of privacy behind the curtain.
That was the powerful message presented at an important public awareness session held in Toronto, where a standing room only crowd heard a series of dynamic presentations on the theme of data protection and personal privacy in the digital age.
So, following a successful online protest that helped scuttle the so called SOPA and PIPA anti piracy laws in the U.S., Canada is kicking off its own uprising against Internet-related legislation.
The event’s theme, Beware of “Surveillance by Design:” Standing Up for Freedom and Privacy, spoke to the deep concerns of many privacy advocates and tech observers who say that proposed Canadian legislation about Internet related activities would, if passed in the original from, provide police with much greater ability to access and track information online.
Too much ability, they say.
Without a warrant or any judicial authorization, law enforcement would be able to obtain personal information about identifiable individuals from the Internet, or from smart phones and other mobile devices – the communication technologies that we use every day.
The expected re-introduction of federal “lawful access” bills in Parliament (the new session opens today), should open the door on careful and considered conversation across the country about online privacy and mobile data security in specific, as well as the need and use of surveillance in a democratic society overall.
“I consider this to be such a serious issue that I have organized a public symposium and launched a new website, http://www.realprivacy.ca/, to broaden awareness and educate Canadians, in an effort to improve the legislation before it is re-introduced,” said Dr. Ann Cavoukian, Information and Privacy Commissioner of Ontario.
A key objective is also to get Canadians to write to their Members of Parliament about the issue, hopefully to bring about a change or amendment in the legislation and its specific parameters.
Change is one thing; revolution another.
“Rise up!” said one speaker. “Start agitating!” extolled another.” “We have to fight for our freedom!” came the unifying – occupying? – call again and again.
“I love it…it’s revolutionary stuff!” the Commissioner said later, noting the enthusiasm and commitment with which many speakers gave their presentation.
“But it’s not about rising up against existing laws,” she explained. “We need awareness and discussion and debate on this topic. In my view, this legislation represents a looming system of ‘Surveillance by Design,’ that should concern us all in a free and democratic society.
“It’s fair to say this is ‘surveillance by the design’ of the legislator. They are crafting the legislation in a way that will compel Internet Service Providers (ISPs) and telecom companies to enable ‘back door ‘access automatically for law enforcement.”
Current legislation under the existing warrant system requires judicial oversight before a warrant that allows obtaining such information can be granted. Someone must be convinced that the request is reasonable in the circumstances and the surveilled person or data will be valuable in prosecuting a specific crime.
“Without that (judicial oversight), they can access anything about anybody,” the Commissioner adds.
All of Canada’s provincial privacy officers are committed to the cause, Cavoukian noted, along with the Federal Commissioner. “We unanimously signed a resolution opposing these ‘Lawful Access’ proposals. We all see them as unnecessary and over-reaching, and we are all calling for discussions.
“What action they take is up to them, of course, but we (in Ontario) have gone ahead with this campaign, and we will be looking at other areas, as well.”
Using the event and the observance of International Data Privacy Day, Commissioner Cavoukian has launched a major online initiative in which we can all participate.
The new website has lots of information on the proposed ‘Lawful Access’ legislation.
There are plenty of suggested alternatives and other proposals for legislation that can respect privacy while also enhancing security.
And there’s an online tool to help Canadians share comments and concerns with their respective Members of Parliament.
Cavoukian wants us to urge the government to reconsider the proposed laws.
But, as one of the key speakers at the Commissioner’s event noted, even though technology affects most of us on a daily basis, legislation is not something we connect with regularly.
“Even I wouldn’t read a bill like that unless I had to….”
Alan Borovoy is a Canadian lawyer best known as the general counsel of the Canadian Civil Liberties Association (CCLA). He’s also an author and activist, and when he noted his own reticence, he was acknowledging that laws and legislation can be dreary reads for the rest of us, for sure, but also underscoring the direct relevance and impact these proposed laws can have on innocent and unaware citizens.
That’s when he shouted out “Start agitating!”
As mentioned, the event was held to also coincide with International Data Privacy Day; this past Friday marked 31 years since the first binding international convention on privacy came into force.
Like the other panellists and the gathered audience, Borovoy knows that this past year saw more than its fair share of high profile privacy and data security scandals.
Some breaches have to do with legislation, or the lack thereof. But many data breaches have to do with private for-profit companies collecting personal data – often without a user’s knowledge or explicit permission – and then sharing that private information with other companies.
That’s really quite different than collecting data and failing to keep it safe and protected (although there are plenty of examples there, too).
Remember the Sony CD case, in which so called spyware pre-loaded onto commercial CDs the company was selling provided an opening into a user computer and valuable identifying data?
Or the iPhone tracking ‘scandal’; the fact that iPhone and iPads were collecting and storing user location data generated so much criticism that then-CEO Steve Jobs actually issued an apology, saying Apple “never” tracks its customers (the phones, maybe….).
He also said it took Apple like a week to figure out just what was going on – inside its own phone!
(WhatsYourTech.ca readers – or anyone who reads the iPhone user’s manual – might not be so slow on the uptake.)
Google and Microsoft later admitted that they store the same kind of user location data on their mobile operating systems, too.
Of course, Google and Facebook have had recurring privacy issues with their social networks, too, so much so that both companies must undergo regular privacy audits for the next 20 or so years!
But who needs a fairly straight forward user’s manual warning, when you can have Carrier IQ installed on your mobile device – without your knowledge?
The software is used in hundreds of millions of phones; it doesn’t just monitor battery life; it also captures call connections, text messages, emails and other actions.
Privacy, surveillance and compliance all by design!
Cavoukian readily acknowledges that surveillance by design is not just a legislative issue; it is a business issue as well.
Collecting, archiving, analysing and sharing personal data is the business model –and a very successful one, doncha know – for many of tech top companies. Where would Facebook and YouTube and LinkedIn be without our personal data – and their ability to share it with the commercial ecosystem they inhabit?
But Cavoukian sees change coming in the marketplace, and she says that companies will soon see that the protection of personal data is their market differentiator, and that a commitment to personal privacy and user control over data sharing tools will be why some companies succeed – and other fail – in the future.
“Consumers are becoming much more savvy, and much more aware of the potential threats to their online information. This is not about ‘What have you got to hide?’” she emphasizes. “It is about personal control over personal information. The tools and the power to manage personal information safely and easily must be in the consumer’s hands. We have to fight to preserve our personal privacy, and our freedom.”
There’s that revolutionary slogan again, still echoing well after the event itself.
The people got the power!
* * *
WhatsYourTech.ca will continue follow the Commissioner’s campaign (as well as other such campaigns), and the progress of proposed online legislation in Canada, in future reports to be posted here. As well, more coverage from the Commissioner’s event, and the individual presentations made, will be featured.
Other speakers included:
- Professor John Villasenor, The Brookings Institution and UCLA;
- Dr. Ron Deibert, Professor, Political Science, University of Toronto;
- John Ibbitson, Ottawa Bureau Chief, Globe and Mail;
- Nathalie Des Rosiers, General Counsel, Canadian Civil Liberties Association;
- David Fraser, Lead, McInnes Cooper Privacy Practice Group.
submitted by Lee Rickwood