understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

« January 2005 | Main | March 2005 »

Bank Loses Tapes of Records of 1.2 Million With Visa Cards

posted by:Jennifer Manning // 05:20 PM // February 28, 2005 // TechLife

Bank of America lost computer backup tapes containing personal information about 1.2 million federal employees with Visa charge cards issued by the bank. The tapes were part of a shipment in late December from a bank facility to another location meant to house backups.

Click here for the NY Times article.

| Comments (0) |

The EU WP expressed concern on data protection issues related to RFID technology

posted by:Rafal Morek // 05:55 PM // February 27, 2005 // Digital Democracy: law, policy and politics

The EU Working Party has recently released a working document on data protection issues related to Radio Frequency Identification (commonly known as "RFID technology"). The Working Party is concerned about the possibility for some applications of RFID technology "to violate human dignity as well as data protection rights". A copy of the working document can be accessed here.

| Comments (0) |

Another bank loses personal information

posted by:Anne Ko // 02:46 PM // // Digital Democracy: law, policy and politics

Another bank, this time in the US, is in trouble for the loss of computer backup tapes containing credit card information of its clients. The Bank of America has “lost” the personal information of 1.2 million federal employees, including some U.S. senators. Ironically, approximately 90,000 of the cardholders are employees for the Department of Defense. It is thought that the tapes are simply “lost in transit” and no evidence of wrongdoing has been reported as yet.

For the NY Times article, click here.

| Comments (1) |

MNR access to personal banking information

posted by:Philippa Lawson // 05:31 PM // February 25, 2005 // Digital Democracy: law, policy and politics

Mathew Englinder posted an interesting story on David Fraser's blog about the Canada Revenue Agency's right to access personal banking information. As he said in his message to me:

"Basically the CRA had a bank account number and asked TD who owned the account. TD refused to tell them, so CRA went to court. The FCA agreed with TD that the particular provision of the Income Tax Act did not allow CRA to force the bank to disclose the name of the individual in this case. I summarized the case for David Fraser's blog"

| Comments (0) |

Barking anonymously

posted by:Alex Cameron // 11:50 AM // // Digital Democracy: law, policy and politics

"So remember, on the Internet, your ISP knows you're not a dog, and your adversary is only a subpoena away from compromising your constitutionally-protected right to bark anonymously."

Fred von Lohmann has written a short piece on the threat that ISPs pose to our online anonymity. The constitutional issues are US-specific but the article is a nice little read and has relevance in the Canadian context.

| Comments (0) |

Class Action Filed Against CIBC for Privacy Breach

posted by:Jennifer Manning // 10:54 AM // // Digital Democracy: law, policy and politics

The class members are clients of CIBC. They allege that their "sensitive personal information" was disclosed to unauthorized third parties when it was unknowingly faxed to a West Virginia junkyard. They are seeking $9 million in damages.

Click here for a copy of the statement of claim.

| Comments (0) |

On the Net, Unseen Eyes

posted by:Jennifer Manning // 09:26 PM // February 24, 2005 // Surveillance and social sorting

A group of parents have filed a complaint against a Tennessee school board for having unsecure surveillance cameras in their locker rooms.
The complaint alleges that the video server was accessed over the Internet several times by someone outside the school.
Click here for the New York Times article.

| Comments (0) |

Interesting tidbit: Cellphone Jammers

posted by:Anne Ko // 10:14 PM // February 23, 2005 // Surveillance and social sorting

It’s common knowledge that cellphones are not a reliable and secure form of communication. Below is a link to an article that provides yet more evidence. People in New York are taking advantage of cell phone jammers, which are electronic devices that interfere with satellite signals to prohibit a cell user from getting proper reception. I think these devices are somewhat akin to those now outlawed laser keychains – highly amusing to the owners, but completely annoying and inconvenient to the recipient target.

Click here for the NY Post article.

| Comments (0) |

ChoicePoint Victims Have Work Ahead

posted by:Dina Mashayekhi // 10:45 AM // // Surveillance and social sorting

A few days ago, most people probably had not heard of data-collection warehouse ChoicePoint Inc., let alone knew that the firm sold personal information to companies about potential customers, tenants or employees.

Today, though, many consumers may be wondering whether their personal and financial data were included in 145,000 reports the company inadvertently sold to criminals involved in an identity theft scheme.

Consumers "shouldn't panic, but they should be vigilant," said Beth Givens, director of the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group.

See http://news.yahoo.com/news?tmpl=story&u=/washpost/20050223/tc_washpost/a45534_2005feb22&e=2

| Comments (0) |

Transborder Dataflow Comes Home to Roost

posted by:Stephanie Perrin // 11:35 PM // February 22, 2005 // Digital Democracy: law, policy and politics | ID TRAIL MIX | Surveillance and social sorting

Transborder Dataflow Comes Home to Roost
Some Policy thoughts on Commissioner David Loukidelis’ Inquiry on the subject of the Export of Personal Data to the United States and the Implications of the Patriot Act

In the summer of 2004, the Information and Privacy Commissioner of British Columbia David Loukidelis posted a call for comments on the implications of the U.S. Patriot Act on the personal data of Canadians (http://www.oipc.bc.ca/sector_public/usa_patriot_act/patriot_act_resources.htm). Prompted by a complaint from the B.C. Government Employees Union about the outsourcing of the processing of health information of citizens to an American company, the focus was on whether the data in fact would be accessible to US authorities under the Patriot Act, basically out of Canadian control. I commend him for starting a debate that in my view is the richest we have had in two decades on the subject of trans-border dataflow. The Commissioner received over 500 responses, from all kinds of individuals, academics experts, and organizations. Some of the submissions demand response, and as a policy person with a long interest in the field, it was tempting to comment. I did not, but I think it is a very fruitful topic for this project and this space to consider.


As many are well aware, during the 1970s, this country and many others debated the issue of trans-border dataflow in the context of pressures to open up trade in services, particularly data processing, and drop requirements to keep data within domestic borders. It was in this context that data protection achieved importance, and the OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data of 1980 bear the imprints of that pre-occupation, as they were drafted as much to ensure the free flow of data as to protect privacy. Countries were enjoined in the preamble of that document to continue the work of harmonizing their approaches to data protection, and working together on international issues.

Unfortunately the Committee that drafted the guidelines was wound down shortly after the Council of Ministers approved them, and the OECD did not continue the much needed work on international cooperation. While the Guidelines were re-affirmed as a set of fair information practices in 1998 in the context of the OECD Electronic Commerce Conference held in Ottawa, there has not been a renewed, focused international discussion about how to manage the international and jurisdictional problems. The United States had a bilateral discussion with the European Union when they came to the Safe Harbor Arrangement after the Data Protection Directive 95/46 came into effect, but this happened largely behind closed doors and was focused on the Directive, and on how to avoid blockages in data flow. It did not include financial data, and did not focus on law enforcement and national security data. There has been almost no public discussion of the slumbering issue of Article 4(1)(c) of the Directive, which states that telecommunications equipment and software resident in the country, which is used to manage data and ship it outside the community, provides the presence necessary to cause the application of national law. This was certainly a controversial provision at the time, but the development of the global Information Infrastructure has certainly born out the foresight of its drafters; is there another logical way of approaching the problem of remote collection and use? If so, I have not seen it.

While a global discussion on data protection has raged over the past ten years, it has been focused primarily on the mechanics of the world wide web (cookies, privacy policies, P3P) and on opt/out opt/in for marketing. In the context of the huge debate between the US and Europe on whether or not you can achieve adequate data protection without legislating holistically as Europe has done, the attention of privacy watchers and legislators has been drawn to the rather basic questions that we had asked in 1980 when the OECD Guidelines were drafted, and not to the rather more complex issues of what we were proposing to do about the rapid development of global, dynamic dataflows and ubiquitous computing.

Canada has tried, during this period, to focus on the problem. During the Parliamentary Review of the Access to Information Act and the Privacy Act, the recommendation was made in the final Report of the Standing Committee on Justice and the Solicitor General (Open and Shut, 1987) to study transborder data flows. The Department of Justice did so, publishing the report Crossing the Borders in 1989, but there was still a dearth of information about financial dataflows, and no further policy work was published subsequent to the report. Aware of this issue, we developed a national standard for privacy, the Canadian Standards Association’s Model Code for the Protection of Personal Information CAN/CSA-Q830-96, envisaging also the potential development of an international standard which would provide not only a management standard for data protection practices, but a ready intersection with technology standards that contemplated privacy requirements. We also anticipated that such international standards could be useful in harmonizing the different legal regimes for the purposes of trans-border dataflow, and in providing an independent audit mechanism (through accredited ISO auditors) to permit checking on standards in remote and developing jurisdictions.

When the private sector privacy legislation was drafted (the Personal Information Protection and Electronic Documents Act or PIPEDA), the standard was attached to the law as the set of fair information practices required. When data is transferred for ‘processing’, it must be protected to the same level. However thin these protections may seem, I would argue that there is very little that can be done to improve them in the context of keeping data in the hands of the data controller and not that of foreign governments. Here are a few brief reasons why:

• Most foreign data protection laws and constitutional protections do not provide protection for ‘aliens’, or persons who are not citizens or residents of the country. Certainly US law does not.
• Data protection laws routinely have exemptions to permit release of personal information without the consent of the individual for purposes of national security, law enforcement, and a host of routine government functions.
• New anti-terrorism laws have given law enforcement and intelligence agents new powers domestically and new information sharing capabilities in their international organizations.

It can hardly be healthy for democracy to have a closed, hidden network of surveillance information about its citizens, shared around the world by police and intelligence agencies who are not accountable to their own citizens with respect to the collection, use, and disclosure of information, and the accuracy of the information. For many years while I worked in government, I pointed out the risks of the development of these networks, and frankly was frequently dismissed as a paranoid fanatic. So who’s crazy now?

This week, the papers in Canada are full of the story of Moroccan-born Adil Charkaoui, released on bail after 21 months in prison on a national security certificate. No charges were laid, the notes of the CSIS agent who provided the rationale for the arrest were destroyed as is routine, so no evidence was available to the defence. Can we actually run a democracy like this? Surely terrorism and insurrection are difficult problems, just as they were in the days of Magna Carta when we tried to improve our rule of law. But we must find solutions, because we are now living in a time of ubiquitous surveillance where there are practically no limits to how much data can be gathered about us. If that information is not verified by independent authorities, courts and juries, we have concentrated far too much power in the hands of an elite group.

At the same time as this story was breaking, the scandal of the criminal abuse of the vast databases held by Choicepoint broke (see www.epic.org and http://www.washingtonpost.com/wp-dyn/articles/A40379-2005Feb20.html). Choicepoint is one of the success stories of the post-911 environment, a data broker that was formed in 1997 and has bought 50 companies to assemble files on individuals all over the world. They have contracts with virtually every US government agency and are the company that is providing security checks for job seekers of all kinds in the post-911 environment. However, this open market for personal information has allowed criminal gangs posing as legitimate companies to purchase files on 145,000 US individuals, then proceeding to change the victims’ addresses and perpetrate identity theft and fraud on a grand scale. Since EPIC broke its first stories on Choicepoint in 2002, I have asked audiences wherever I speak who has heard of them. So far, there has been scarcely a handful among these well educated security and privacy experts, government policy people and sociologists, consumer advocates and lawyers, who were familiar with the company name. How can we run a democracy where huge private sector companies, un-regulated and unbounded by Charter and Constitutional protections that curb law enforcement authorities, control the information of an entire society and indeed of the citizens of many countries around the world, without the knowledge of the citizen?

This brings me back to the issue of transborder dataflow. There are many reasons why this topic has not been much discussed in the pure state (as opposed to, say, as an aspect of Safe Harbor) over the past few years. Here are a few:
• Western democracies have been keen on opening up trade barriers
• Cybercrime issues have been on the rise, and law enforcement authorities have been attempting to streamline their operations to fight them
• The European Directive on Data Protection took a long time to pass and be implemented, with opposition both within the EU and without, so proponents of blocking dataflow were reluctant to flex any muscle in areas of questionable jurisdiction
• E-Commerce suffers from similar issues in terms of choice of law and lack of consumer protection, and the struggle between consumers who want to maximise their hard fought consumer protection by choosing the best jurisdictions for consumers are up against companies who face a potentially gargantuan task of having to apply all regional laws to their business as they serve e-consumers around the world
• There are no easy answers. Just like global warming, the environment, better parenting, poverty in developing countries, health effects of old pollutants, and many other pressing issues that need to be addressed, there are no easy answers.

And this last point is why we must thank David Loukidelis for opening up the debate again. We have a new generation of young privacy enthusiasts and scholars who have not thought about this issue, but have taken global data flows for granted. Here is the torch, you find the solutions, because those of us who have been worrying this bone since the 80s have not come up with much.

Stephanie Perrin will be moderating a panel on this important topic at the Summit of the International Association of Privacy Professionals in Washington on March 10. Check back for her report of what panelists David Loukidelis, Becky Burr (Wilmer Cutler), Peggy Eisenhauer (Hunton and Williams), Jim Harper (Cato Institute) and Michael Geist (University of Ottawa) had to say about the issue. (www.privacyassociation.org)

| Comments (1) |

Wearing Masks Against NY Law

posted by:Hilary Young // 07:50 AM // // Digital Democracy: law, policy and politics

Many of you have probably been following this case, but I stumbled upon it for the first time last night. Basically, the Ku Klux Klan in New York wanted to hold a rally but was denied a permit on the grounds that NY State law prohibits wearing masks and disguises in public (other than for costume parties). The Klan challenged the statute on First Amendment grounds (masks as symbolic speech, right to anonymity) but failed at the 2nd Circuit and the U.S. Court of Appeals. In December, the US Supreme Court refused to hear the case so the Court of Appeals decision stands. For some discussion of the implications of the decision, see http://www.cnn.com/2004/LAW/12/17/colb.masks/, and for the case itself, see http://www.ca2.uscourts.gov:81/isysnative/RDpcT3BpbnNcT1BOXDAyLTk0MThfb3BuLnBkZg==/02-9418_opn.pdf

| Comments (0) |

Consumer Profiling / Cash-replacement technology

posted by:Anne Ko // 08:58 PM // February 21, 2005 // Surveillance and social sorting

Consumer profiling has become even more pervasive thanks to a new cash-replacement technology, known as Dexit that is heavily used in Toronto’s business district. Using RFID technology, Dexit users have either a pre-paid fob or a sticker, enabling them to complete purchase transactions without having to wait in line. Dexit has been marketed towards people, who need their morning coffee in a hurry. This has meant increased convenience for many; however, in exchange for this convenience, consumer information about purchases usually made with spare change (like coffee and snacks), can now be monitored, collected, and sold with the aid of this new technology.

Click here for an article from Backbone magazine.

Click here for the Dexit website and privacy policy.

| Comments (0) |

Federal Effort to Head Off TV Piracy Is Challenged

posted by:Jennifer Manning // 04:24 PM // // Digital Democracy: law, policy and politics

The D.C. Circuit Court of Appeal will hear arguments tomorrow regarding the legality of the broadcast flag. The lawsuit was brought by Public Knowledge and others against the U.S. Federal Communications Commission (FCC).

Click here for the New York Times article.

Click here for "The Broadcast Flag and Why You Should Care"; a summary prepared by Cites & Insights: Crawford at Large.

| Comments (0) |

School Drops RFID Tag Program

posted by:Jennifer Manning // 09:32 AM // February 17, 2005 // Surveillance and social sorting

The California grade school that required students to wear RFID badges has ended the program because the company that developed the technology pulled out.

Click here for the Wired article.

| Comments (0) |

House panel approves spyware bill

posted by:Jennifer Manning // 09:25 AM // // Digital Democracy: law, policy and politics

A panel of the U.S. House of Representatives has approved a bill to
regulate spyware. This is a second attempt to
target spyware after a similar measure died in the Senate in 2004.

Click here for the CNET article.

Click here for the bill.

| Comments (0) |

On Canadian developments in Electronic Health Record Management and the need for cross-disciplinary action

posted by:Stefan Brands // 11:53 PM // February 16, 2005 // Digital Democracy: law, policy and politics | ID TRAIL MIX

In September 2000, Canada’s First Ministers committed “to work together to strengthen a Canada-wide health infrastructure to improve quality, access and timeliness of health care for Canadians. ” As a result, in 2002 the Canadian provinces and federal government created Canada Health Infoway, which includes on the board of directors all Canadian deputy ministers of health. The core priority of Canada Health Infoway is the electronic health record. As defined by Canada Health Infoway, “An Electronic Health Record (EHR) is a secure and private lifetime record of an individual’s key health history and care. It creates significant value, providing a longitudinal (i.e. “cradle to grave”) view of clinical information. The record is available electronically to authorized health care providers and the individual anywhere and anytime in support of care.

Privacy and security are of utmost importance in the design of the Canadian EHR infrastructure. According to unpublished private polling data collected in May 2003 by the Courtyard Group, the two main reasons Canadians would oppose the development of EHRs are (1) confidentiality and privacy [54%] and (2) safety of information [31%]. [Source: “The State of the EHR and Electronic Healthcare in Canada - The Unvarnished Version,” presentation by the Courtyard Group, November 13, 2003.] Privacy is also sought by medical practitioners: notably, many doctors strongly oppose solutions that would give central parties (such as health insurance organizations) the real-time power to monitor all their actions.

If privacy and security are not properly addressed, Canadians may stay away from the resulting EHR infrastructure, in which case hundreds of millions (if not billions) of taxpayer dollars will have gone down the drain. Unfortunately, there are currently no technologies on the market that can protect access to electronic health records without creating the equivalent of a digital surveillance infrastructure. For example, while PKI technology does a good job at message encryption and authentication, it roots inescapable systemic identification deeply into the infrastructure. This makes it impossible for individuals and medical service providers alike to control the flow of personal data and to limit the opportunity for unauthorized secondary uses of that data. Studies confirm that the most frequent breaches of patient information confidentiality do not come from unauthorized outsiders, but from uncontrolled secondary usage, accidental disclosures, curiosity, and subordination by insiders.

In spite of the awareness of Canada Health Infoway and many of its stakeholders that privacy is absolutely critical to the adoption and spread of EHRs, currently its stakeholders seem to be blissfully unaware of the profound privacy implications of the specific choice of authentication technologies to protect access to EHRs. There is a misconception that privacy risks must be dealt with by means of data protection legislation and sectorial regulations. While legislation and regulations will always be an absolute necessity, they lose most of their power if at the electronic data flow level everything would be instantaneously traceable and linkable; for instance, how can organizations limit the collection of personal information if the infrastructure technology they use does not make it possible for them to do so?

At the same time, there seems to be virtually no awareness among Canada Health Infoway and other stakeholders of the existence of privacy-enhancing security technologies. A fundamental discovery of modern cryptography is that there is no need to rely on central parties for one’s privacy, and that this can be guaranteed by technical (cryptographic) means. Over the course of the past two decades, the cryptographic research community has developed a wide range of techniques for minimizing the disclosure of personal information at different stages in its life-cycle, including zero-knowledge proofs, privacy-preserving data-mining, private information retrieval, privacy-preserving digital credentials, homomorphic encryption, and so on.

At McGill University, my students and I are researching how these privacy-enhancing technology building blocks can be used to build secure EHR systems that preserve privacy. We believe this is an important area of research not only from an academic perspective, but also in light of the billions of dollars of tax payers money that now and in the next years are being poured into the creation of the Canadian EHR management infrastructure.

Needless to say, I would most pleased to be joined in our efforts by other researchers in the anonequity project. Electronic health is one of the primary areas where the cross-disciplinary nature of our project can be truly powerful.

On that note, this Friday (February 18) I will be giving a lecture at the School of Computer Science of McGill University on the topic of privacy-by-design in health record management systems and other applications of “federated identity management.” (Abstract online.) The atmosphere will be relaxed, and there will be lots of opportunity for informal discussions on the topic afterwards. If you happen to be near Montreal that day and are interested in attending, send an e-mail to the colloquium organizer.

| Comments (1) |

Microchips counter Andes alpaca smuggling

posted by:Jennifer Manning // 02:47 PM // // Surveillance and social sorting

Peruvian alpaca farmers are implanting microchips into their alpacas to try to prevent their illegal exportation. 700 alpacas have been chipped so far. There has been discussion to create a program that would track the alpacas by satellite.

Click here for the Globe and Mail article.

| Comments (0) |

A New Model Army Soldier Rolls Closer to the Battlefield

posted by:Jennifer Manning // 11:53 AM // // Digital Democracy: law, policy and politics

The American military announced that they are using technology to develop robot soldiers, and expect to use them in combat in less than a decade. Military planners say robot soldiers will think, see and react increasingly like humans. As their intelligence grows, so will their autonomy.

Should robots be responsible for making life and death decisions?
Click here for the New York Times Article.

| Comments (0) |

Fraudsters expose 100,000 across US

posted by:Todd Mandel // 11:53 AM // // Surveillance and social sorting

During October, 2004 fraudsters accessed confidential records of thousands of Americans including possibly credit cards, Social Security numbers, and other sensitive information. Affected individuals were only notified months after the fraud occurred, and have no way of knowing whether their information has been used or who still has access to it.

Click here for the The Register article.

Click here for the MSNBC article.

| Comments (0) |

New Funding for Anon Education

posted by:Valerie Steeves // 11:26 AM // // Walking On the Identity Trail

With sniffer dogs and RFIDs coming into North American schools, it's never been more important to engage young people in the debate around anonymity, privacy and identity. We're pleased to announce that the SSHRC-funded Identity Trail Project led by Ian Kerr has received additional funding to help disseminate our research findings to the general public.

We've been awarded a Public Outreach Grant from the Social Sciences and Humanities Research Council in the amount of $44,765. Valerie Steeves (Criminology) is the principal investigator and will work with co-investigators Ian Kerr (Law) and Marsha Hanen of the Sheldon Chumir Foundation for Ethics and Leadership as well as with the Alberta Civil Liberties Research Centre. The team will develop educational outreach models, including in-class and on-line activities, that will engage secondary school students in thinking about privacy and identity issues such as the nature of privacy, the value of anonymity, and how to balance privacy and accountability.

University of Ottawa students will be involved in the development and implementation of the educational outreach project. Many thanks to first year law student Hilary Young who was instrumental in the preparation of the grant proposal.

| Comments (0) |

Fun for a Friday afternoon

posted by:Daphne Gilbert // 02:58 PM // February 11, 2005 // TechLife

Here is an interesting peek at what the future could hold... A data-mining nightmare for a man who only wanted to order bad pizza!

Daphne Gilbert

| Comments (0) |

House approves electronic ID cards

posted by:Jennifer Manning // 11:20 AM // // Surveillance and social sorting

On Thursday, Feb. 9th, the U.S. House of Representatives approved a bill, the "Real ID Act" that would require states to issue federally approved electronic ID cards to all adult residents.

All driver's licenses and other ID cards would be required to include a digital photograph, anticounterfeiting features and "machine-readable technology, with defined minimum data elements" that could include a magnetic strip or RFID tag.

Click here for the CNET article.

Click here for the bill.

| Comments (0) |

Parents and Civil Liberties Groups Urge Northern California School District to Terminate Use of Tracking Devices

posted by:Jennifer Manning // 03:02 PM // February 10, 2005 // Surveillance and social sorting

The ACLU, EFF and EPIC have written a letter asking a school district in Northern California to halt the use of RFIDs in student IDs. The ID badges include the student's name, photo, grade, school name, class year and the four-digit school ID number. Students are required to wear them at all times. One student's parents have filed a complaint with the school district.
Click here for the ACLU letter.

Click here for the parental complaint letter.

| Comments (0) |

Creative Commons in Peer-to-Peer software

posted by:Jason Millar // 02:36 PM // // TechLife

An interesting news item regarding the integration of Creative Commons Licensing in a p2p software package.

Chips in Chips?? Vegas is Watching...

posted by:Michelle Gordon // 08:16 PM // February 09, 2005 // Surveillance and social sorting

CNet News.com

Casino mogul Steve Wynn has pulled out all the stops for his new $2.7 billion mega-resort in Las Vegas: an 18-hole championship golf course, a private lake and mountain, and a bronze tower housing 2,700 plush guest rooms.

But when its doors open in April, the Wynn Las Vegas will have one unique feature that few visitors are likely to notice--high-tech betting chips designed to deter counterfeiting, card-counting and other bad behavior.

The fancy new chips look just like regular ones, only they contain radio devices that signal secret serial numbers. Special equipment linked to the casino's computer systems and placed throughout the property will identify legitimate chips and detect fakes, said Rick Doptis, vice president of table games for the Wynn.
The technology behind these chips is known as radio frequency identification, or RFID, and it's been used for years to track livestock, enable employee security badges and pay tolls.

Click here for the full article.

| Comments (1) |

Beach Security in Hawaii

posted by:Daphne Gilbert // 11:36 AM // // Surveillance and social sorting

The state of Hawaii has instituted a new pilot project that contracts out surveillance to a private security company on behalf of the police. Funds for the contract currently come from the Hawaii Tourism Authority with a view to lessening the "stress" on the police force. "Island cams" have been installed at popular beaches and they are described as both "visual deterrents" and "not easily spotted". The cameras come with digital privacy zones to prevent spying on beach residents.

It is interesting to see the increasing dependence of police forces on private industry in the name of crime prevention.

Daphne Gilbert

| Comments (0) |

Know thy blogger

posted by:Marty // 07:05 AM // // TechLife

A blog post about blogs....

This article offers an interesting overview of some of the issues regarding employees who blog about the companies that they work for. Of interest are the ramifications when the veil of anonymity, offered by blogs, is lifted as often the employee gets fired. Is this a matter of free speech? Or is it a matter of being smart and thinking before you blog?

Click here for the article.

| Comments (0) |

You Want Privacy? Get a Shredder.

posted by:Valerie Steeves // 11:50 PM // February 08, 2005 // ID TRAIL MIX

Last year, I was at a government meeting about the rising incidence of identity theft. Everyone agreed that it was a problem, and that swift action was called for. The action that was suggested was a public education campaign to “teach” Canadians that we all need to go out a buy a shredder. After all, all those pre-approved credit card application forms we receive in the mail are a menace to our privacy and it’s our responsibility to protect ourselves.

Feeling tired yet? I have to “protect my privacy” every time I go to the drug store and get asked, for the zillionth time, “Are you a member?” Not only do I have to take the bath and pay the extra money built into the price to cover all those “discounts” that go to card-carrying customers, I have to spend at least 2 minutes explaining why I don’t want to join - every time I fill a prescription. Then there were the two hours I spent trying to book the local gym club for my daughter’s birthday party because I refused to provide them with her full name, school, hobbies and birth date. My favourite part of that memory was when the booking clerk told me that privacy laws required me to provide this information because they weren’t going to share it with anyone. Now my mailbox has become a privacy menace, that can only be countered with a $50 shredder. Zena the Warrior Princess, move over.

Protecting my privacy is becoming a full time job. And that’s because I’m surrounded by organizations that want access to the intimate details of my private life. And fair information practices haven’t stemmed the flood. In fact, I argue that they’ve opened the floodgates by legitimizing the ubiquitous collection of personal information. But that’s not what I want to talk about today. I want to pick up on something that Hilary posted last month about metaphors of privacy and security.

That meeting last year struck me as odd because of the way policy makers were talking about identity theft. The “metaphor” was one of a new, threatening form of criminality that created such an intimate violation - the loss of self - that it justified invasive measures such as giving the police the power to search through credit rating reports without a warrant, and embedding biometric identifiers into the equivalent of a national identity card that would be required to transact business. The logic was that if people are under seamless surveillance in which anonymity is not possible, the state can then, and only then, bring this new criminal scourge under control.

But identity theft isn’t new - people have been committing the crimes of fraud, personation, and forgery for millenia. So what’s so “new” about identity theft? It isn’t the crime - it’s the opportunity. Corporate and government information practices are providing criminals with whole new pools of data that can be used to commit fraud. Social Insurance numbers are increasingly printed on loan applications, credit reports and employee documents. Health data flows from some doctors’ offices to multi-million dollar pharmaceutical companies. My VISA company profiles my every purchase, and my bank wants to “know me better” so they can “serve me better”. On bleaker days, I think they mean serving me for dinner.

In this environment, the metaphor of identity theft isn’t helpful precisely because it implies the only problem is the thieves, and not the information practices that put the individual at risk of being victimized. We don’t need shredders. We need policies that will make companies responsible for practices that facilitate fraud, like sending me a pre-approved credit application in the mail so anyone can open up an account in my name. Greater surveillance may promote a technocratic agenda, but it won’t protect me from identity theft. To do that, we need to reinvigorate the right to transact business anonymously.

| Comments (2) |

Fingerprints, iris scans to tighten U.K. borders

posted by:Jennifer Manning // 02:57 PM // // Digital Democracy: law, policy and politics

Secretary of State for Home Affairs Charles Clarke anncounced on Monday that all visa applicants will be fingerprinted once they arrive in the U.K. The government will also be putting an "electronic borders" program in place that will review and store the travel data of all U.K. immigrants. Click here for the article.

| Comments (0) |

Informational Privacy: Is There Another Kind?

posted by:David Matheson // 11:15 AM // // Core Concepts: language and labels

In A Few Good Men, Jack Nicholson’s character responds this way to a question about whether the danger he had in mind was grave: “Is there another kind?”

Sometimes, when asked about whether the privacy I have in mind is informational, I want to respond in like fashion: “Is there another kind?” Because, you see, I suspect that all privacy is ultimately informational.

Nevertheless, the view that there are non-informational forms of privacy has almost achieved the status of orthodoxy in the privacy literature. (See, for example, Ruth Gavison, “Privacy and the Limits of Law,” Yale Law Journal 89 (1980): 432-36; Anita L. Allen, Uneasy Access: Privacy for Women in a Free Society (Rowman & Littlefield, 1988), pp. 18-25; and Judith W. DeCew, In Pursuit of Privacy: Law, Ethics, and the Rise of Technology (Ithaca: Cornell University Press, 1997), pp. 33-34.) Support for this view usually proceeds along the following lines: there are ways of invading an individual’s privacy that do not involve acquiring any new information about her; the forms of privacy that can be thus invaded must be non-informational; therefore, there are non-informational forms of privacy.

What are the supposed ways in which an individual’s privacy can be invaded without acquiring any new information about her? Three are commonly pointed to: (1) privacy invasions caused by others directing unwanted attention toward an individual, (2) privacy invasions caused by others intruding into an individual’s personal space (e.g. her private residence), and (3) privacy invasions caused by others getting too close, physically, to an individual. In each of these cases, so the claim goes, there need be no acquisition of new information about the individual.

But needn’t there be? I’m not convinced. In the case of (1), we’re talking about a cognitive activity – attention – and it seems to me that this is precisely a way of acquiring new information about an individual. Take, for example, visual attention. If you were to look at me right now, you would thereby acquire visual information about such things as my present appearance and behavior. This may (or may not) be particularly interesting information about me, but it is still information about me. And the reason I would feel uncomfortable about your looking at me, in situations in which I would, is that wouldn’t like you getting that information.

Now consider (2). Once, while a graduate student in Providence, RI, I had my apartment broken into. I had gone out for an hour or so, and returned to find all the lights on in my apartment, the doors wide open, and those of my belongings not stolen strewn all over the place. I certainly felt that my privacy had been invaded by this intrusion into my personal space, even though I happened not to be in it at the time. But why did I feel this? Just because I felt that the intruders had unwarrantedly acquired new information about me that they had no right to acquire. They found out, for example, what sort of music I liked to listen to (which they treated with apparent disdain: none of my CDs were stolen :)), what sort of furniture I could afford, whether or not I was a smoker, what kind of paper I was currently composing (still open on my laptop, which was stolen), etc. Their crime against me was not merely one of trespass and theft; it was cognitive as well: they found out things about me that they had no right to know.

When it comes to (3), it can hardly be denied that the overly close physical proximity of others can elicit warranted claims about an individual’s invasion of privacy. But, once again, it seems to me that what grounds the claims has to do with the unwanted acquisition of information about the individual. For by putting themselves in such close physical proximity to the individual, others thereby put themselves in a position to direct their attention toward her, and so to acquire new sensory information about her. At least, typically. In cases where others get to close but do not thereby put themselves in a position to acquire any new information, there’s been no invasion of privacy.

To underscore this last point, imagine the following scenario. One individual, A, walks right up to another, B, coming within inches of her nose. But because A is severely impaired along visual, auditory, and olfactory lines, she has no effective observational powers. So, A is unable to acquire any new information about B, even though she’s way too close to B physically. (She is even, we might further suppose, quite unaware of her proximity to B.) It seems all too obvious that while B might be disturbed by her own knowledge of A’s proximity, she could not reasonably complain that A has violated or diminished her privacy.

So I don’t buy the first step in the above reasoning intended to support the view that there are non-informational forms of privacy, viz. the premise that there are ways of invading an individual’s privacy that do not involve acquiring any new information about her. Every case I can think of in which an individual has her privacy invaded is also one in which others acquire new information about her. And every form of privacy, I’m willing to bet, ultimately turns out to be a kind of informational privacy.

| Comments (0) |

Three Privacy Cheers for Etiquette?

posted by:David Matheson // 10:34 PM // February 06, 2005 // Core Concepts: language and labels

The case against old-fashioned rules of etiquette is well-known: they’re repressive, elitist, and more often than not reinforce offensive sexist attitudes. But maybe they had their positive side just the same, particularly when viewed from a pro-privacy perspective. Consider, for example, the following rules drawn from a chapter entitled “The Art of Conversation” in G.R.M. Devereux’s little 1929 book, Etiquette for Men: A Book of Modern Manners and Customs:

“To speak about yourself to any extent, or to discuss your personal affairs in general conversation, are two other things that must be avoided.”

“Nor is it good form to discuss the personal affairs of anyone else.”

“It is inadvisable to discuss mutual friends with anyone. Even if your remarks were kindly, they may go back to the person concerned in a distorted manner, and so cause ill-feeling. Apart from that, another person’s affairs are purely their concern, and not a fit subject for conversation.”

Pretty obviously, the more such rules were followed nowadays, the more privacy we’d all enjoy.

A similar point is made by NYU philosopher Thomas Nagel in connection with etiquette proscriptions against discussing the personal lives of public figures:

“Sexual taboos in the fairly recent past were also taboos against saying much about sex in public, and this had the salutary side-effect of protecting persons in the public eye from invasions of privacy by the mainstream media. It meant that the sex lives of politicians were rightly treated as irrelevant to the assessment of their qualifications, and that one learned only in rough outline, if at all, about the sexual conduct of prominent creative thinkers and artists of the past. Now, instead, there is open season on all this material. The public, followed sanctimoniously by the media, feels entitled to know the most intimate details of the life of any public figure, as if it were part of the price of fame that you exposed everything about yourself to view, and not just the achievement or performance that has brought you to public attention. Because of the way life is, this results in real damage to the condition of the public sphere: Many people cannot take that kind of expose, and many are discredited or tarnished in ways that have nothing to do with their real qualifications or achievements.” (“Concealment and Exposure,” Philosophy and Public Affairs (1998) 27: 3)

So, what do you think: three privacy cheers for a return to etiquette? At least where the rules of which it consists are stripped of their sexist, elitist and unduly repressive aspects?

| Comments (0) |

Barcodes for cadavers

posted by:Dina Mashayekhi // 02:08 PM // February 05, 2005 // Surveillance and social sorting

Associated Press

BERKELEY, Calif. — Shaken by scandals involving the black-market sale of body parts, University of California officials are considering inserting supermarket-style barcodes or radio frequency devices in cadavers to keep track of them.

The high-tech fix is one of a number of reforms UC is proposing to reassure people that bodies donated to science will be used as intended and treated with respect.

"We want these to be programs that really do work so we can maintain the public trust and know that we are doing everything possible to maintain and respect the great donation that these gifts represent," said Michael Drake, UC vice-president for health affairs.

See The Globe and Mail

| Comments (2) |

Industry Canada seeking comment on health privacy issue

posted by:Philippa Lawson // 04:01 PM // February 04, 2005 // Digital Democracy: law, policy and politics

If anyone is interested in this issue (or believes that the Ontario PHIPA is not as privacy protective as PIPEDA) and would like to submit comments via CIPPIC, let me know. The deadline for comments is Feb.21st.

Pursuant to paragraph 26(2)(b) of the Personal Information Protection and
Electronic Documents Act (PIPEDA), Governor in Council proposes to make the
following Exemption Order:

Health Information Custodians in the Province of Ontario Exemption Order

Based on the recommendation by the Minister of Industry that the Ontario
Personal Health Information Protection Act, 2004, (PHIPA) is substantially
similar to the Personal Information Personal Information Protection Act
(PIPEDA), the Order propose to exempt from the federal Act, health
information custodians subject to PHIPA, in respect of the collection, use
or disclosure of personal health information that takes place within the
province, in the course of commercial activity. The PIPEDA will continue to
apply to the collection, use or disclosure of all personal information
outside the province, in the course of commercial activity.

Notice of the proposed Order will be published in Part 1 of the Canada
Gazette on February 5, 2005. Comments may be provided within 15 days after
the date of publication, and may be forwarded to:

Richard Simpson
Director General
Electronic Commerce Branch
Industry Canada
300 Slater, 2090D
Ottawa, Ontario
K1A 0C8
Electronic Mail: simpson.richard@ic.gc.ca
Telephone: (613) 990-4292
Facsimile: (613) 941-0178

| Comments (2) |

EU Working Party's opinion on the transmission of airlines' passenger data in Canada

posted by:Rafal Morek // 12:06 PM // //

A few days ago, the EU Working Party on the Protection of Individuals with regard to the Processing of Personal Data issued its opinion on the level of protection ensured in Canada for the transmission of Passenger Name Record (PNR) and Advance Passenger Information (API) from airlines .

The Working Party confirmed that Canada ensures an adequate level of protection within the meaning of Article 25(6) of the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of API and PNR transferred from airlines to the Canada Border Services Agency (CBSA).

The API/PNR program is designed to enable the CBSA to perform a risk assessment of travellers prior to their arrival in Canada. API/PNR data is used by the CBSA to identify persons who may be subject to closer questioning or examination on arrival in Canada because of their potential relationship to terrorism or terrorism-related crimes, or other serious crimes such as the smuggling of drugs and humans.

The opinion followed negotiations between the European Commission and Canada concerning improvement of protection ensured in Canada for the transmission PNR and API, and new commitments recently adopted by the CBSA.

| Comments (0) |

EC Data WP Expresses Concern on Privacy Implications of IP

posted by:Jennifer Manning // 12:31 PM // February 03, 2005 // Digital Democracy: law, policy and politics

The EU Working Party recently released a working document on data protection issues related to intellectual property rights.

The Working Party expressed concern regarding how the use of unique identifiers linked with the personal information collected leads to the processing of detailed personal data. The document also highlights the challenge of protecting privacy in light of DRM and copyright enforcement. A copy of the working document can be accessed here: http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2005/wp104_en.pdf

| Comments (0) |

Cost and privacy concerns stall PAYD car insurance

posted by:Dina Mashayekhi // 10:36 AM // February 02, 2005 // Surveillance and social sorting

How long will it be until only those with blackboxes will be insured?

Pay-as-you-drive car insurance will not be commercially viable anytime in the next three years, according to Strategy Analytics. It cites privacy concerns, launch costs and patent fees, along with back-end data integration, as significant short-term obstacles to the technology's mass-scale deployment.

Under pay-as-you-drive insurance, a black box records data about the driver's journeys. Charges vary, according to the risk of each journey. Last August, Norwich Union started testing the technology in the UK, with a pilot scheme for younger drivers launched this year.

From The Register

| Comments (0) |

Harvard CIO Gets Chipped

posted by:Michelle Gordon // 10:05 AM // // Surveillance and social sorting

Dr. John Halamka, the Chief Information Officer for Harvard Medical School, recently had himself implanted with a subdermal VeriChip so that he could begin an "earnest assessment" of this controversial new product. He is currently one of 40 U.S. volunteers who are testing this device. While Dr. Halamka's chip can only be read at one location, this could very soon change.
Is this the next new trend, or could this be the end of medical privacy?
See: UsingRFID.com,
CNET News.com, MobileHealthData

| Comments (0) |

Too Much Privacy

posted by:David Matheson // 11:50 PM // February 01, 2005 // ID TRAIL MIX

Here's a little puzzle drawn from the Harvard law professor Charles Fried. (See, e.g., his article, "Privacy," Yale Law Journal 77 (1968): 475-93.) Imagine the sole inhabitant of an uncharted island -- we'll call her Aria. Aria desperately wants others to know various facts about her, even loads of personal facts, because without this knowledge by others she can't participate in important relationships like friendship, love, and intimacy. Sadly, though, her solitary circumstances frustrate Aria's desire: no one else knows anything about her or her predicament, and no one is ever likely to.

It can hardly be denied that talk of Aria's privacy is odd. In the normal course of events, we probably wouldn't attribute privacy to her unless we were making some sort of joke. Yet one natural account of privacy, which I happen to favor, holds that the fewer personal facts that others know about an individual, the greater that individual's privacy. Why, then, should it be so odd to attribute privacy to Aria? After all, she has exclusive knowledge of all her personal facts. That's the puzzle.

One way to resolve the puzzle, advocated by Fried himself, is to dump that (supposedly) natural account of privacy. It's just not true, one might respond, that the fewer personal facts that others know about an individual, the greater her privacy.

I think this response is a mistake. The correct solution to the puzzle, in my opinion, comes with the realization that although Aria does in fact have privacy -- an extreme amount of it -- she doesn't have a reasonable amount. And the explanation of why it's so odd to talk about her privacy is that typically our talk of "privacy" is really talk about a reasonable amount of privacy. One can fail to have a reasonable amount of privacy by virtue of having too little. But one can also fail to have a reasonable amount by virtue of having too much. Aria's situation is a nice (albeit exaggerated) illustration of the latter.

I don't suppose that anyone will find the bare claim that one can fail to have a reasonable amount of privacy by virtue of having too much particularly surprising or contentious. But I suspect that when we think about cases in which this happens, we typically think about cases in which either (a) an individual has too much privacy because she has voluntarily made certain personal facts about herself so easily knowable by others that it would be fitting for them to know those facts even though they don't (consider, for example, the person who freely but imprudently posts all sorts of personal facts about herself on the Web, and yet luckily happens not to have many others acquire knowledge of those facts because they haven't gotten around to visiting the relevant section of cyberspace) or (b) an individual has too much privacy because his illicit actions give others the right to know personal facts about him even though they don't manage to acquire the knowledge (think of the criminal who leaves compelling evidence of his crime, but somehow manages to prevent official investigators from learning various corroborating personal facts about, say, his whereabouts and activity on the night of the crime). One interesting feature of my response to the puzzle about Aria is that it points to a third sort of case in which (c) an individual has too much privacy because she has certain desires -- for participation in relations like friendship, love and intimacy, for example -- that any sane, mature human could be expected to have, but cannot satisfy those desires because other individuals can't know enough personal facts about her.

I'm inclined to think that more realistic varieties of this third sort of case, (c), deserve our attention. To take just one example, suppose that there are strong social conventions that make it very embarrassing for me to make known to people other than my physician certain facts about my medical status. It might nonetheless be a necessary condition on my psychological well-being that I be able to share those facts with the others: I might want and very much need to have intimate acquaintances who know the facts, but the conventions (combined with my fear of embarrassment) might prevent satisfaction of the want and need. In such a situation it's plausible to say that I've got too much privacy along the lines of (c). And this needn't call for my learning to live with it. It might rather call for an erosion of the social conventions that prevent my privacy's diminishment.

I don't want to give the impression that I'm unconcerned about the manifold ways in which existence in a networked society like our own can leave an individual with too little privacy. They are manifold, and they are in many cases very frightening. But I do think it would be unfortunate if the concern about too little privacy caused us to turn a blind eye to the problems involved in possessing too much privacy.

| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada