Cyber Shaming Scams

It seems there is a scam similar to the "revenge porn" scam that we talked about in class - An organization who has found a glitch in the CanLii system that allows them to find out personal information about people involved in court cases. While this information, as we know, is typically public, some of the family law cases (think New Brunswick v G(J) from State and Citizen) are being broadcast to the public, so we know the identity of "G(J)." The company is then advertising a service o the sidebar that charges people to get the information removed. Apparently CanLii is looking into the problem, and has implemented a verification program that distinguishes between humans and computers. This raises huge problems about the exploitation of personal information and, as in revenge porn, we know there often is not a viable solution. Once the information is displayed, there's no telling who has acquired the information, even if it gets removed.

Find the article here:


http://business.financialpost.com/2014/03/29/how-cyber-shame-scams-are-playing-on-our-privacy-fears-and-scaling-up/?__lsa=6ed8-951c

Privacy Concerns on the Proposed Election Law Reform Act, Bill C-23

Several experts on privacy issues have raised their concerns on the Conservatives' election law reform bill C-23. Colin Bennett, a political science professor at the University of Victoria, said the proposed bill lacked the basic measures to protect voters' personal information.

The biggest concern is on the collection and use of voter information by political parties. Currently, political parties are subject to the Canada Elections Act, which protects voters' names and addresses. However, parties collect far more information than those. Because political parties are not subject to PIPEDA, the collection and use of voter information are not protected by any law. As a result, parties are able to enter the data into their own databases, and use it in any way they want. Citizens, however, would have no right to know what their information is used for, and have no right to correct it if it is inaccurate.

 Access the article here.

A couple of comments on the abstracts

1. Remember that an abstract for a law paper should present your thesis. It should tell us what you are arguing for.
2. Avoid too much passive voice. This goes for your papers as well. The traditional ratio is 70/30 active to passive. Instead of "will be recommended", say "I recommend". I will penalize over-use of passive voice on the final paper.
3. It helps to take a break and come back a day later. You'll see issues that you hadn't seen before. I just tore apart an abstract that I wrote last week.

IMPORTANT: Please update your abstract and submit it with your final paper. It does NOT count towards the 5000 word limit, and it is not graded. It is, however, very handy for you to have. You can do this after you finish your paper. I anticipate that some of these papers will be good enough to submit to writing competitions or journals, and an abstract is required for many of these.

Added 'search' feature

I realized I forgot to add a search box. Now that we are at 115 posts, it is useful to have the ability to search the blog. Good work, everyone.

California DNA Collection Law Upheld

The 9th US Circuit Court of Appeals recently upheld a California law allowing police to take a DNA sample from anyone arrested on a felony charge. The American Civil Liberties Union argued that this broad law threatens privacy rights, but the 9th Circuit rejected this argument and applied reasoning from a recent Supreme Court decision upholding a similar Maryland law.

However, the Maryland law permits collection only from those charged with a serious felony and after a judge finds probable cause they've committed a crime, whereas California allows collection at the point of arrest. The ACLU plans to challenge the law further.

http://www.mercurynews.com/crime-courts/ci_25384632/california-dna-collection-law-upheld

Bill C-580: Proposed amendments to the Privacy Act

There are currently proposed amendments to the Privacy Act which make a number of changes. One is providing an open-ended list of what constitutes “harm” to individuals with respect to data breaches. It also provides for enhanced powers to the Privacy Commissioner of Canada to impose penalties on the government such as having the ability to order compliance with the Act within established time periods. The Bill particularly includes greater obligations to inform the Commissioner and then individuals of data breaches, bringing it more in line with other legislation. These enforcement powers would appear to be useful and give more teeth to the Commissioner’s activities. Furthermore, there is an obligation for Parliament to review the Act every 5 years. However, this is only a private member’s bill and the Member of Parliament Charmaine Borg had previously been shot down in making similar amendments to PIPEDA. Furthermore, the effect of non-compliance is not very clear, only stipulating that the order will be recorded on the Commissioner’s website. This helps transparency, but does not particularly provide sanction for non-compliance unless it is inferred. For the above reasons, I am not optimistic that the bill will have much effect, although I am curious what the rest of you think: i.e. are the proposed amendments positive and are they likely to have a great impact?

http://www.parl.gc.ca/LegisInfo/BillDetails.aspx?Language=E&Mode=1&billId=6475960

Data Protection in the Physical World

The Office of the Privacy Commissioner of Canada recently released its investigation report regarding an incident involving Employment and Social Development Canada (ESDC) that occurred in January 2013. 

Over a year ago, a hard drive used for backing up information stored the central computer was misplaced by employees at ESDC. Due to the disappearance of a portable hard drive, the personal information of 583,000 student loan recipients may be at risk.

In class, we often talk about the safety of information stored on our computers or in the cloud. However, this incident should serve as a reminder to us of the importance of the physical storage device we use to carry our information.

The news release can be accessed here.

Police spread too much information on suspects during search

Following from my previous post regarding privacy afforded to convicted killers, Alberta shows a slightly different situation. Alberta’s Privacy Commissioner has found that police violated Alberta’s Freedom of Information and Protection of Privacy Act. The violation was in spreading too much personal information about suspects of serious offences in order to find them (called Operation Warrant Execution), trying to clear a backlog of outstanding warrants. Information included names, ages, photographs, heights and weights. One disclosure was of a 16 year old without a court order. While some of the information was valid to spread, the Commissioner found too much was spread. This to me highlights the difficulty of balancing the competing rights of public safety with privacy, and to be honest I am having difficulty distinguishing what was “too much” from what was enough, although I do understand that laws do protect minors and were violated.

http://www.edmontonsun.com/2014/03/24/alberta-privacy-commissioner-finds-project-owe-violated-privacy-laws

Apple’s Interest In Healthcare Grows With Hiring Of Privacy Counsel

Interesting article about Apple's new counsel hiring:
Apple's Latest Hire

Few things I found particularly interesting:
1) It seems like large companies are taking privacy protection seriously. There is speculation that this hiring is related to Apple's upcoming products that will collect more volume and a greater range of data about us. Not only does Apple seem to be prioritizing innovation (as always), but also privacy protection that is proportionate (somewhat).
2) Law Jobs! As law students most of us have anxieties about our careers and abilities to secure jobs. Apple's specific hiring of a lawyer specializing in privacy shows how our profession is also evolving to meet the needs of the world today.
3) It seems almost inevitable that companies want more access into every facet of our lives. As the article suggests, there is a strong indication that Apple is venturing into the health-lifestyle areas. Naturally, health information is one of the most sensitive so I feel like Apple has made a proactive decision to develop its technology in this area with privacy in mind (hopefully this holds true when these products are released)

Snowden vs. NSA

This is less about substantive privacy law, but more for interest! This webpage links you to Snowden's TedTalk about reclaiming privacy and security, and details a response from the NSA deputy director  about why surveillance is important and how metadata is actually privacy enhancing rather than invasive. Interesting discussions on both sides!

http://blog.ted.com/2014/03/20/the-nsa-responds-to-edward-snowdens-interview-at-ted/

myAppollo: Competitor to Facebook?

There is a new social networking site, myApollo, which is predicated upon having more privacy protection, as opposed to Facebook (which has the business model of selling personal information). However, this potential competitor currently has bugs, less features, and does not clearly indicate how the site will maintain itself if it does not monetize personal information. It does sound like it has potential and should be followed to examine how it will face these challenges.

http://www.pcpro.co.uk/news/387829/myapollo-is-privacy-enough-to-tempt-users-from-facebook

Final Paper Deadline!!

From the Associate Dean's office!

Monday, April 14                Winter Term Examinations begin. 

Seminar and Directed/Personal Research Papers are due in the on-line drop box no later than 3:30 p.m. Extensions beyond this date can only be granted by the Assistant Dean, Students or her Designate or the Associate Dean. (Optional papers for courses in which there is an examination are due in the on-line drop box by 3:30 p.m. on the day of the examination unless an earlier date has been set by the instructor.) 


If you require an extension due to illness, personal circumstances or the like, please talk to the Assistant Dean, Students. We have no power to grant extensions for the final paper. Osgoode wisely routes all such requests through the central office to eliminate potential favouritism.

Obama to Call for an End to NSA Bulk Data Collection

It looks like Obama plans to ask Congress to put a halt to the NSA's bulk collection and storage of phone records.  This is following a meeting with some of the bigger tech CEOs, brought to our attention by Ashley's earlier post, and a meeting with world leaders in the Netherlands on Monday. 
The proposal would still allow the government to "access the data when needed", but if approved, this would be a substantial move in the fight for privacy among government surveillance.  The proposal will apparently call for "far-reaching overhaul" of the NSA's program.

Analog Information at Risk of Privacy Violations?

In response to Jimmy Carter's remarks to NBC about how he uses 'good old snail mail' when he wants to keep his correspondences private, VICE reported on the abilities of the US Postal Service to collect and track meta-data for posted mail.  Dubbed the Mail Isolation Control and Tracking program (MICT), it was initially used in response to anthrax and ricin being sent in envelopes through the mail.  The program acquires names, addresses, return addresses, and postmark locations among other things to develop a network or map of one's contacts.  As we've seen through various digital examples, a lot can be gleaned from the somewhat harmless seeming meta-data. 

An interesting reminder of how information does not need to be digitized for it to be used in ways that may harm the data subject or violate one's privacy.

Give Me Back My Online Privacy

I thought this article ties in well with our discussion on "Is Privacy a Luxury Good?." The article discusses how people are fighting to regain their privacy through all these new apps and browsers that protect your privacy (ie. Privowny). The article quotes one guy who says that these apps provide him with control over his data, allowing him to post more frequently and "empowers him to share more with the right people." It shows that the privacy concerns people possess has not resulted in decreased sharing, but rather, people would like to continue their use of social media in a more secure manner. Finally, the statistics at the end were really interesting - it seems the majority believe that privacy laws are inadequate, and are taking matters into their own hands.

http://online.wsj.com/news/articles/SB10001424052702304704504579432823496404570?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702304704504579432823496404570.html

Big Data and the Internet of Things Means the Surveillance of Everything

Article: Invasion of the Data Snatchers

 I think this quote from the article provides an interesting intro into the topic this article covers:
"[W]e estimate that only one percent of things that could have an IP address do have an IP address today, so we like to say that ninety-nine percent of the world is still asleep," Padmasree Warrior, Cisco's Chief Technology and Strategy Officer, told the Silicon Valley Summit in December. "It’s up to our imaginations to figure out what will happen when the ninety-nine percent wakes up."

 The article looks at some of the ways in which technology will slowly creep (pun intended) into all areas of our lives, and as such, collect information in the form of Big Data. As cool as it sounds to have a fridge that tells you when you run out of eggs and milk, the writer explores some of the darker sides to all this power. In particular, I liked her exploration of the effects on democracy and political expression. I like the idea of having smart gadgets and devices all around me, but the writer makes you think about the power it places in the hands of those who control the information. She looks at the possibilities not only in terms of the near future, but explores how these trends will play a role in our lives in the decades to come as technology's power and prevalence grows.

Student Loan information now unsecure

Well this is certainly going to make all of us feel very secure about the privacy of the extensive personal information required to apply for our student loans.. 

http://www.cbc.ca/news/politics/privacy-rules-not-followed-on-lost-student-loan-data-report-finds-1.2585519

Long story short; the government supposedly takes care to protect “sensitive data of more than 583,000 student loan recipients”. However, a hard drive recently went missing that contained this data, and the device was unsecured, unencrypted, and not guarded by so much as a password. The hard drive has been missing for two months. 

Oh, and that personal information that is a thief now has causal and unlimited access to? That would be our full names, date of birth, home address, telephone numbers, loan amounts and balances, and Social Insurance numbers. The article neglects to mention that one of the features of both OLSAS and OUAC loan administrators is that if I completely forget my password to either of these, I can call in to these services, give them my birth date, postal code, and SIN, and I then have complete tele-control over the administration of that account. Keep in mind, the same is usually true of your general bank accounts if you call the customer service number on the back of your debit/credit card. I know this because I’ve used these feature frequently, and was mildly concerned about how easy it would be for an individual to simply gather this information and use my student loan as they saw fit. This nightmare has now become reality. 

All that being said, the Employment and Social Development Canada representative did concede that this loss was “completely unacceptable”, and provided several suggestions for better protection in the future. But as interim commissioner Chantal Bernier states in her report, “protecting personal information cannot be ensured by having policies on paper. Policies must be put into practice each and every day and monitored regularly”. 

The problem here is that there were policies already in place to protect against this very kind of issue. However, these policies went unfollowed, and the information was remained carelessly unprotected. Canadians whose information has now been compromised were never alerted to this massive breach of information. Meanwhile, no remedy or reparative course of action has been suggested aside from reiterating the policies which should have prevented this occurrence in the first place. 

I am clearly deeply upset about this development. I think you all should be too. 

Obama Meets with Tech Execs to Discuss NSA Surveillance & Privacy

We've talked a lot about social media and internet privacy in our discussions, so I thought you all might find this article interesting.

Obama met with Eric Schmidt (Google), Mark Zuckerberg (Facebook) and Reed Hastings (Netflix), as well as the Drop Box executives to discuss issues around intelligence, surveillance, technology and privacy. Mark Zuckerberg was apparently quite vocal his criticism of the administration's techniques.

In my opinion, this is clearly a response to the Snowden leaks, implicating these companies in the sharing of metadata. Is this a way for them to distance themselves from the government spying scandal?

Find the article here:


http://www.cbc.ca/news/world/barack-obama-meets-with-tech-execs-on-privacy-nsa-surveillance-1.2582867

More details on critical reflection assignment

A few people have asked about this. A critical reflection piece is something that  makes Osgoode happy. Part of our job is to get you to engage in criticism of what you are reading during the term. Obviously you have a chance to engage in criticism in your final paper. However, we want to give you an opportunity to do a little of that ahead of time. Some students (particularly those from disciplines that do not teach argumentation or critical thinking) have a hard time switching over to the type of rhetoric used in law.

What your piece should contain:

• A description of the main argument in the Kukathas paper. That is, tell me what the problem is, what outcome is urged, and what reasons are given to support that outcome.
• A critical analysis of that argument. Are there any errors in reasoning? Do you buy all the premises? Are there alternative ways of looking at the situation? Does the author assume some things that you differ on?
• Your own take on the topic. Do you think there are cultural rights? If so, how would you defend them? 

As with any piece of writing, I do not expect to see grammatical errors, spelling mistakes, or major omissions of the points mentioned above. Style, depth of analysis, brevity, quality of prose, rhetorical ability... all of these are elements in favour, but they are also somewhat subjective.

Readings for Next Week: Feminist Takes on Privacy

The subject matter for this week is feminist critiques of privacy, as well as privacy and family life. This is an interesting area, and well worth reading up on beyond this course. For next week, please glance over the following:

1. M. A. Fineman, “What Place for Family Privacy ?”, George Washington Law Review, Vol 67, 1207 1998.

• You can read the whole paper, as it is fairly light reading. One of the main themes is limitations on family privacy. Sections IV and V are key. You'll find she talks about autonomy and self-government, which ties into the OCAP material from last week.

1. Stein, Laura W. Living with the Risk of Backfire: A Response to the Feminist Critiques of Privacy and Equality, 77 Minn. L. Rev. 1153 (1992-1993) 

• I would skim this, as it is a pretty extreme example of citations gone wild. Pages 1160-1178 give an account of feminist critiques of privacy. 

Lastly, a classic text on feminism and privacy is this book by Anita Allen.

Gmail Privacy Cases Denied Class-Status

I thought this article was an interesting combination of the things we've covered in this class and also Civil Procedure:
Article
A federal judge denied a request to combine several privacy complaints into a single class-action lawsuit on behalf of hundreds of millions of people who have used the popular Gmail service. The lawsuits argue that Google violated privacy and wiretapping laws by scanning Gmail users' messages in order to show them advertisements. Attorneys made similar claims on behalf of non-Gmail users who sent messages to people with Gmail accounts, and on behalf of students at schools that use Gmail.

Microsoft reads through employee's Hotmail account

 So this might be a bit controversial.. 

http://news.cnet.com/8301-1009_3-57620681-83/microsoft-defends-opening-hotmail-account-of-blogger-in-espionage-case/ 

Synopsis: Microsoft realized upon significant legal investigation that one of its employees was independently selling activation keys to Microsoft software. At that point, Microsoft decided to examine his other “Microsoft operated accounts”, in this case his hotmail account, for more information. Apparently the terms of service which everyone consents to before creating a Hotmail account expressly outline permission for Microsoft to do so, but it happens very rarely and only in “exceptional circumstances”.

Thoughts: 

In my paper I’m going to be focusing on employee rights to privacy, which might explain why I find this article very interesting.

The article and the justification given by Microsoft for its actions are both fairly straightforward. My main question when I read this article was that the justification Microsoft gave actually carries two implicit premises: (a) that consent being given by the individual as Hotmail user permits this action and seems to negate any claim to a violation of privacy, and (b) in cases where personal information or correspondence might be revealing of a crime against the organization itself, what might have been considered personal and private employee information loses its protected status.

While I’m not certain whether the latter premise would hold up according to Canadian jurisprudence, the former is what provoked me to post this article. In tort law it’s clear that merely signing away consent to the possibility of personal injury does not necessarily waive a cause of action against the injuring party. In the case of Terms of Agreement policies, wouldn’t this same rationality? Granted this isn’t a case of personal injury so this line of reasoning might be precluded for privacy reasons, but if we could set that aside for a moment.. It is widely acknowledged that Terms of Agreements are rarely read, nevermind understood. Therefore, I wonder if the Terms of Agreement is even relevant to this invasion of employee privacy or if it would be less misleading for companies such as Microsoft to simply explicitly admit that they intend to violate employee privacy that goes beyond workplace activity when the company’s own interests are at stake. 

Coming soon: Canada's Anti-Spam Legislation

The Canada's Anti-Spam Legislation (CASL) is coming into force on July 1, 2014. The law prohibits the sending of "commercial electronic messages" or CEMs without consent from the recipient, and is applicable to almost all entities engaging in this type of practice, including schools. Messages with a primary purpose of raising fund for a charity is exempted.

According to CASL, a message is commercial if "it is of a commercial character, whether or not the person who carries it out does so in the expectation of profit", and is electronic if "it is sent by any means of telecommunication, including a text, sound, voice or image message". 

Further, although implied consent can be relied upon, it is only available in very limited scenarios, such as an existing business relationship. 

Click here to see the original post. BLG also has a blog post on implied consent in CASL. 

Admin Update

Further to questions raised in class yesterday, James and I have communicated and agreed on the following:

1. The abstract will not be a "marked" assignment. In addition to the paper, next week's submission and the previously completed case memo will be the only marked items.

2. The word count for the paper IS LIMITED to 5000 words. I know I had expressed the view that their might be a possibility of it being extended to between 5000 and 6000 words but upon further discussion, we've concluded, consistent with school policy, that it should be set at the lower number.

Spyware + Cellphones: As Creepy as it Sounds

Alrighty everyone,


http://news.cnet.com/8301-1009_3-57620398-83/how-to-spy-on-your-lover-the-smartphone-way/


Today I brought up an article about spying on your significant other through spyware that you would manually install (and would then become undetectable to the regular user) on their phone. True, you would have to jailbreak an iPhone to accomplish this, but the technology would work automatically with any Android phone.

I wanted to share the article because it was written in a fairly cheeky manner, and maybe we'd all benefit from a bit of 'fun' reading, given how late we are into the semester and how little fun we will soon be having. Also, if you already wanted to spy on your girlfriend/boyfriend and just didn't know how yet... You're welcome!

Okay but seriously, I do have a legitimate question that spawned from reading this article. The creators of the app include an explicit notification prior to its usage that notifies the installer that it should "not be used for illegal purposes". At first, I wondered if this would exclude them from liability if some sort of personal altercation arose from this software. Michael mentioned that the argument that guns are as instrumental in shooting someone as the other person holding it, which is analogous to the technology that is being provided and installed with consent in this instance. However, manufacturers of guns are not held liable for the misuse of their product as long as the product isn't defective/causes injury purely by itself (or so I presume). As long as the manufacturer/creator has met the requirement of some sufficient warning, should the product itself really be held accountable? Would it ever be found to be an unlawful, or illegal, kind of software?

While these questions haven't been resolved, I also want to direct attention to the fact that the application has been made purposely visibly-undetectable. If the idea of the app creators was not to install the software in any way that could be construed as violating another's privacy without consent, why shouldn't the application's icon be made visible? If it was more geared toward parental monitoring of their child's devices, there would be no reason to include this feature, since the presence of an icon, or even opening it, wouldn't necessarily entail that the user of the phone can turn off the application.

For that reason, I think I can infer that the general purpose this application could be used for would be less than ethical (aside from highly intrusive). Still no idea if this would affect the liability or non-liability for the fictitious 'egregious tort' we referred to in class.

Long story short: don't install spyware on people's phones against their will, and you'll most likely be fine.

Privacy protects equally, even convicted killers!

A Toronto Star article was discussing the publicly perceived imbalance of the government protecting an individual's (albeit a convicted killer) privacy interests to the detriment of other interested parties (i.e. the public at large and more specifically the families of murdered individuals who assert their need for more information). In part, this desire for transparency is a deep seated desire for closure by coming to grips with why such horrific tragedies like the one's they suffer have happened and further to hopefully prevent re-offending of similar heinous crimes.This article shows the optics of how the general public perceives privacy as well as the need for balance between competing interests. While even murderers do have a privacy interest, it does appear to make sense to tell the public the motive for criminal behaviour (which the open courts principle supports).  However, there is the possibility that there are other factors at play which make the government's actions legitimate yet cannot be revealed, which must also be considered. In any case, the article does provide an interesting interaction with class discussions of whether, if ever, there should be the right to forget once a sentence is served, showing the competing issues at play.

http://www.thestar.com/opinion/commentary/2014/03/17/when_governments_protect_a_killers_privacy_mallick.html

Facebook & Facial Recognition

From MIT's Technology Review:

"Asked whether two unfamiliar photos of faces show the same person, a human being will get it right 97.53 percent of the time. New software developed by researchers at Facebook can score 97.25 percent on the same challenge, regardless of variations in lighting or whether the person in the picture is directly facing the camera."

http://www.technologyreview.com/news/525586/facebook-creates-software-that-matches-faces-almost-as-well-as-you-do/

Location Data & Crypto in Retail

An interesting blog post about the use of cryptography as an allegedly privacy-protective tool in the context of MAC addresses and retail situations:

http://webpolicy.org/2014/03/19/questionable-crypto-in-retail-analytics/

Re: Australian Privacy Amendments

The Australian Privacy Amendment has come into effect!

http://www.businesscloudnews.com/2014/03/12/australias-privacy-laws-come-into-force-as-csps-struggle-with-data-management/

USA Freedom Act

This article introduced the USA Freedom Act to me. It is an American, bipartisan bill that ends bulk data collection of phone calls, and requests for greater transparency from the government regarding surveillance. It is supposed to harmonize national security with protecting human rights, and is to represent a recommitment to protecting the right to privacy. It's an interesting step in the right direction in terms of privacy protection.

http://www.huffingtonpost.com/ann-burroughs/in-the-age-of-the-selfie-_b_4988923.html

Edward Snowden at TED

Edward Snowden appeared at the TED2014 conference via a video call to talk about internet freedom and data privacy. The extra-long TED feature illustrates how important this topic is in today's political discourse.

https://www.ted.com/talks/edward_snowden_here_s_how_we_take_back_the_internet#

European Parliament adopted its position on the proposed data protection regulation

Last week, The European Parliament voted in favor of the draft of data protection regulation, which was proposed to replace the 1995 Data Protection Directive. According to Bloomberg BNA, there are several significant changes in the approved draft, including high fines for companies breaching the regulation, tighter rules on consent, more transparency, as well as rules regarding data transfers to countries outside of EU. It should be noted that the proposed regulation is different from the previous Directive in its legal status: once passed, it will be a binding law on its own, whereas the Directive set out a legal framework to be incorporated into the law of each member nation.

What's the implication for Canada? We know that Canada's PIPEDA has been previously recognized by the European Commission as providing adequate measures for personal data protection. If the above draft or its revised version does come into force, does this imply potential changes to our law as well?

 The original article is here.

Grades: Memorandum

I just sent out a raft of emails concerning the grades for the legal memorandum assignment. The class average was around 7.88 out of 10 marks. I strongly encourage anyone who was disappointed with their mark to chat to Michael this upcoming Wednesday. As I mentioned in my emails, the purpose of the assignment scheme is to give you feedback before you write your final paper.

The rest of the assignments (citation exercise, mind map, bibliography) were pass/fail. This is not the case for the abstract and two-page critical reflection piece, which will both be graded in a non pass-fail manner.

As in most seminar courses, your final papers will be the major determining factor in terms of grades. Please talk to us if you were below average on the memorandum, or if you need some additional guidance in research and writing. I am available on Google Hangout or Skype, and you can chat to Michael in class.

Freedom of the Press

I'll preface this post with a warning that it's not of a particularly current nature. I was doing research for my paper yesterday and happened across an article posted by the Campbell Law Observer on Freedom of Speech in the US and the interpretations of "freedom of the press"as it applies to the media industry and whether bloggers should be "protected" by it. Journalists don't like the idea that "random bloggers" are being lumped into the industry, but the differences in interpretation of the law mean that the distinction may not even be relevant. It interested me in light of our discussions that news cannot be an invasion of privacy - although in the case discussed in the article, it dealt with defamation, so it is in a bit of a different category than informational news. There is also a clear gap where technology has advanced and different "news" sources exist.

In order to build on that interest I looked for how relevant the conversation of freedom of the press is in Canada and if I could find a similar discussion and found this blog. It was less of a slant on technology changes, but tied in to our initial discussions of what privacy means and what expectations for privacy there are in public spaces. The segment on laws and photography and what we morally accept versus feel is wrong struck a chord. Overall, an interesting read that tied-in to our discussions on privacy interests and protections or lack thereof. Hope you enjoy a change of tact.

Driverless Cars and Privacy

An interesting article on driverless cars and the types of data they should be permitted to collect.  It seems likely that driverless vehicles will be on the roads in at least some states in the next few years.  This article mentions California in particular and some legislation they are considering in terms of regulation of these vehicles.
On the one hand manufacturers argue that driverless cars must collect all kinds of information (where they are, who's around them, etc) in order to function safely.  Privacy advocates, however, are concerned that they will be used as the ultimate data collector, going well beyond what they need to operate.

Members of the European Parliament Play Dress-Up… With Snowden Masks

"MEP’s threatened today to revoke the Parliament's consent to the EU-US mammoth free trade  currently being negotiated if blanker surveillance by the US intelligence services continues."

MEPs just passed a resolution ending an inquiry by a civil liberties committee into the allegations made by US National Security Agency whistleblower Edward Snowden.

Basically, they made a statement by wearing Snowden masks to show their opposition to a global mass surveillance program. Specifically, they suggested that the Trans-Atlantic Trade and Investment Partnership ”could be endangered" if blanket mass surveillance by the NSA does not stop. The resolution passed 544-78, with 60 abstentions. Quite a statement, if you ask me.

The resolution also calls on the EU to suspend its bank data deal with the US and the “Safe Harbour agreement” on data privacy. 

Find the link to the article here:

http://www.neurope.eu/article/meps-threaten-block-ttip-over-us-surveillance

Assignment: Critical writing piece

The last assignment of the year (except your final paper)!

You are to write a two-page (12 point Times New Roman font, 1.5 spaced) critical reflection on the reading assignment "Cultural Privacy". In particular, think about the following questions:

1. Do you find the author's response to the problem of cultural rights to privacy compelling? 
2. How would you have analyzed the situation that Kukathas uses as an example at the outset of the paper? 
3. Are there other ways to ground claims to cultural rights? 
4. Do we, as an empirical matter, recognize cultural rights to privacy? 
5. If do not, do we recognize other cultural rights (e.g., to religious symbols, religious practices) in a way that could illuminate this issue, and if so, can we import the same reasoning? [There are a few cases in Australia of interest, with respect to protecting cultural artefacts].

You are not expected to do a lot of research on this one, but if you use some references, stick them in as end-notes or foot-notes.

Readings for next class

Assuming the weather holds, I'd like you to be prepared to discuss the following in class:

1. Ownership, Control, Access, and Possession (OCAP) or Self-Determination Applied to Research, available online here. This is one of the few introductions to First Nations conceptions of privacy. 
2. The paper on Cultural Privacy by Kukathas (published in the Monist), that you found as part of your reference exercise.

The theme this week is group/cultural/communal conceptions of privacy. Questions to consider include:

1. Can there be cultural or group rights to privacy?
2. If so, what grounds them? Michael should have mentioned that our legal tradition grounds privacy rights/interests in individualistic norms, such as autonomy, dignity (etc).
3. What grounds the OCAP principles?
4. What tensions will arise between individual and communal interests under OCAP? [For those who want to do a quick bit of extra reading, see Section 5.2.3 of one of my papers, found here. Be warned it is a pre-print draft, so there are some errors].
5. Do you buy Kukathas' analysis of cultural privacy rights?

Target hackers should have been thwarted by routine malware maintenance

http://news.cnet.com/8301-1009_3-57620289-83/how-target-detected-hack-but-failed-to-act-bloomberg/

So this actually all happened before our course even started (November 2013). There was essentially a major data breach for Target customers, and it was later realized that many of them had saved credit card information registered to their Target accounts. This is a pretty standard measure for websites involved with online shopping because it optimizes checkout convenience, but obviously a major problem if your company’s mainframe is hacked. 

A recent update (this article) indicates that at least eight former employees had knowledge of the hack, and that despite the malware Target had set up to protect itself against this kind of predicament and various precautionary measures taken, hackers obviously succeeded in infiltrating the system regardless. In fact, it was stated by the director of threat intelligence operations at McAfee (presumably the programmer of this malware) that Target did not have a sufficient grasp of how to utilize the program, since a simple protective feature that would have thwarted the attack had been manually dismissed by Target due to a misconception regarding the use of that feature. 

In my opinion, this is disturbing on several levels. Firstly, whether or not you are prone to online shopping, websites on which you have registered an account have a record of your personal data that could be made available through hacking. Companies obviously take various security measures to increase consumer confidence in using the services they offer, but it remains largely up to the consumer to offer some incentive for a company to do this job properly. As long as Target’s consumer base doesn’t deplete in response to this hack (which it hasn’t in any substantial way) and no large-scale damages seem to have been reported that could ground a tort claim through the company’s negligence, there is no lasting ramification on this company despite its egregious error with respect to delicate customer information.

Can we really continue to argue that there should be no punitive or statutory implications for such cavalier treatment of personal information, particularly in light of the significant role these kinds of accounts in our society? I’m skeptical that this gray area in the law can continue for much longer when it already seems so impractical.

Recent Amendment to Australia Privacy Laws

Australia recently amended its privacy laws. The Australian Privacy Principles (APPs) came into force yesterday – March 12, 2014.  There are several significant changes in the amendment. Most notably, the new law granted new powers and remedies to the privacy commissioner (OAIC) in enforcing its decisions, such as accepting written undertakings from organizations and enforcing it through court. Under the new law, OAIC is also allowed to seek civil penalty orders of up to $1.7 million for repeated breaches by organizations, and $340,000 for individuals.

We may need to wait for a couple of years to assess the effects of amendments on the compliance of the law – particularly the greater enforcement power and the significant penalty for breaches. If these methods do have a positive impact on the compliance of the new law, should Canada follow Australia and amend our privacy laws accordingly? 

Here's a link to the APP. 

For those interested, here is a brief overview of the Australian Privacy Law

Amazon and big data predictions

Last week, we spoke about the process of companies such as Netflix collecting consumer data and then evolving to serve consumers with products exactly tailored to their interests. This issue was also discussed in the Big Data Ethics article. The authors were concerned that big data predictions could categorize consumers with its algorithms, serve us the things that we supposedly like in a way that ultimately limits our choices and the growth of our personal identities. In this article, it seems that Amazon was doing this kind of data collection before Google and Facebook. The company has morphed into a provider of all kinds of services from bookseller, to publisher, to seller of household appliances, delivery service to TV show creator. This article is a great read. It shows a company that has really mastered the big data collection process and questions whether Amazon’s monopoly could give Amazon too much control over the exchange of ideas in US society.

http://www.newyorker.com/reporting/2014/02/17/140217fa_fact_packer?currentPage=all

A tv news segment on data brokers that is worth watching

Television newsmagazine 60 Minutes aired a segment about online data brokers. There's a concern that no one really knows exactly how many companies are tracking online users or to what extent. However, there's a belief among industry watchdogs that enough information is collected to accurately build our individual profiles, including things such our race, religious view, political affiliations, family medical history, if we've had STDs, and the list goes on an on. The information is then churned into lists that are for sale: lists containing the names of gays and lesbians, people who have bipolar disorder, and those who have gambling, sexual and alcohol addictions. One company, for example, has 1,500 pieces of information about 200 million Americans.

The American government acknowledges there is virtually no oversight of data brokers. One Senator has proposed a bill to introduce regulation but says it's being stonewalled by the big 3 U.S. data broker companies. The CEO of one of them told 60 Minutes that the industry is capable of self-regulating, yet says he doesn't go online and share his personal information. He says consumers ought to know the internet is an "advertising medium." Hmmm. He also adds regulating the data brokers would "cripple" the economy.

It's a very interesting segment. Even better is the extra clip called "How to Defend Your Privacy." It's definitely worth 6 minutes of your time.

The Data Brokers: Selling your information (the main segment)

http://www.cbsnews.com/news/how-to-defend-your-privacy-online/

Class Cancelled!

http://webapps.yorku.ca/weather/

Internet dating, good not to forget?

We spoke about the right to forget in a number of circumstances last week, and it brought to mind an article in the Hamilton Spectator regarding a known sexual offender. He has been identified in a profile for a number of dating sites. The article refers to a woman who was able to identify him as someone she once knew in a circle of friends and that she was contacted by him on the "Plenty of Fish" dating site. It is interesting to see how the privacy interests of the offender are not "protected" as we discussed previously. The knowledge of his offences are public record and it's also interesting to think of how we are basically relying on public knowledge of his past to "protect" potential online suitors from exposure. I wonder whether there are any implications or feasible ways to track or prevent this type of computer activity from being undertaken by an offender, at least while on parole. If an offender cannot own a car or drink, and is supposed to be reporting relationships with women, it seems like access to the internet makes the latter difficult to monitor. It is a twist on our discussion, and perhaps unfortunately, a more common problem than tracking sex offenders due to the lower likelihood of a public following and subsequent recognition. I would hope that the dating service providers will react to complaints made and find an effective way of blocking his access (at least if they are coming from a personal computer), although the practicality of preventing any access makes blocking his access completely unlikely. I'm thinking a different username and fake photo would obviously not be hard to obtain to create an account.