Recent statements by Canadian tech industry representatives point out the need to “increase awareness for Canadians as it relates to online security and the protection of critical data.”

It’s good advice, yes, even as it tends to simplify matters by saying, in effect, that ‘users should smarten up’. Those days when tech users could be called their own worst enemy in matters of online privacy seem like the good ol’ days now, as reports of not user incompetence, but developer-, manufacturer- and perhaps most disconcertingly, government-created privacy threats continue to make headlines around the world.

A report released by the Toronto-based advanced technology research organization Citizen Lab says the Canadian government is “absolutely behind” on surveillance transparency and accountability, if not outright protection of our data.

Report author Christopher Parsons documents how data from “millions” of user records that have been demanded by law enforcement have ended up with third party organizations, and the lack of accountability in tracking all this data is described as particularly troubling.

“It raises real questions about the appropriateness of the powers or perhaps the appropriateness of the mandates or aggressiveness of the agencies that currently look to keep Canadians safe,” Parsons said.

Elsewhere, the report notes that while “corporations are failing to manage Canadians’ personal information responsibly”, it is “government irresponsibility surrounding accountability [that] strains its credibility and aggravates citizens’ cynicism about the political process.”

So take it with a megabyte of salt if you wish, but government funding will be used to explore and report on a wide range of emerging privacy issues — including some triggered by fitness tracking devices, developments in lawful access, and the need for strong privacy protections for kids online — with newly announced programs being supported by the Office of the Privacy Commissioner (OPC) of Canada.

The OPC received nearly 40 proposals for the current funding cycle; each was evaluated by the OPC and an external peer review panel, and roughly ten were approved.

“The projects selected this year will help build a greater understanding of new risks to privacy and also provide individuals and organizations with information about how to better protect personal information in a constantly evolving environment,” Privacy Commissioner of Canada Daniel Therrien said when announcing the projects.

You may not think (there’s that consumer education angle again) that those new fitness bits of personal tracking technology are threats to privacy, but others certainly do.

Fitness devices measure, collect and transmit data about you, and that data is accessible to integrated cloud service providers and other partners in the product eco-system.

Many fitness tracking devices use a low energy Bluetooth signal to communicate with the solution infrastructure, and researchers at the security firm Context have found they can track specific devices from a hundred metres away, opening up what could be a planned cyber attack or a physical crime, simply by knowing people’s tracked movements.

So the OPC is funding A Comparative Analysis of Fitness Tracker Privacy and Security, during which researchers will perform a detailed technical analysis of how these devices store personal data, how and to what entity they transmit that data, and what mechanisms are used to secure those processes.

Such analysis may find only inadvertent gaps in privacy protection; one hopes this current fitness craze is not simply the leading edge of a giant techno-surveillance conspiracy.

‘Cuz we have that already!

The on-going information releases and revelations from Edward Snowden surely show that – he has shared documentation that reveals deep and lasting relationships between government signals intelligence authorities, private sector telecommunications companies and ICT equipment providers that have opened up access to and sharing of metadata contained in personal and private communications.

One of the OPC-funded projects, therefore, will explore what “lawful” access really means, post-Snowden. What are the Canadian relationships between government signals intelligence authorities and private sector telecommunications companies, and what are the current and future privacy concerns engendered by the activities of both parties?

Other 2015-16 Contributions Program recipients and their proposed projects intend to help young teens understand privacy policies; improve children’s understanding of mobile online privacy and enable them to recognize potentially risky situations; and a survey of government open data portals, their use by commercial private sector data analytic firms, and the inherent implications for Canadians’ privacy.

Along with the specific programs being supported, the government has also announced ongoing support – another five years – for the Contributions Program itself, which can continue to support arm’s length, non-profit research on privacy and privacy policy development, as well as the protection of personal information in Canada.

“The Contributions Program is considered to be one of the foremost privacy research funding programs in the world and has made a significant contribution to developing privacy knowledge in Canada and beyond,” Commissioner Therrien noted.

Since 2004, nearly $4.5 million has been allocated to more than 100 initiatives under the Program. Those are positive indicators, yet they pale in number, significance and seeming impact when compared with developments that undermine online privacy and security.

-30-

 

submitted by Lee Rickwood