understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

A Face Is Exposed for AOL Searcher No. 4417749

posted by:Alex Cameron // 09:29 AM // August 09, 2006 // Digital Democracy: law, policy and politics

The NYT is running an excellent piece that highlights the dangers in search engines retaining (and releasing) data about entered searches. Unbelievable. Put yourself in the shoes of these AOL subscribers. What if Google were to do the same thing (either intentionally or accidentally)?

A Face Is Exposed for AOL Searcher No. 4417749 By MICHAEL BARBARO and TOM ZELLER Jr. Published: August 9, 2006

Buried in a list of 20 million Web search queries collected by AOL and recently released on the Internet is user No. 4417749. The number was assigned by the company to protect the searcher’s anonymity, but it was not much of a shield.

No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from “numb fingers” to “60 single men” to “dog that urinates on everything.”

And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.”

It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her.


But the detailed records of searches conducted by Ms. Arnold and 657,000 other Americans, copies of which continue to circulate online, underscore how much people unintentionally reveal about themselves when they use search engines — and how risky it can be for companies like AOL, Google and Yahoo to compile such data.


But the unintended consequences of all that data being compiled, stored and cross-linked are what Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a privacy rights group in Washington, called “a ticking privacy time bomb.”


Ms. Arnold, who agreed to discuss her searches with a reporter, said she was shocked to hear that AOL had saved and published three months’ worth of them. “My goodness, it’s my whole personal life,” she said. “I had no idea somebody was looking over my shoulder.”

In the privacy of her four-bedroom home, Ms. Arnold searched for the answers to scores of life’s questions, big and small. How could she buy “school supplies for Iraq children”? What is the “safest place to live”? What is “the best season to visit Italy”?

Her searches are a catalog of intentions, curiosity, anxieties and quotidian questions. There was the day in May, for example, when she typed in “termites,” then “tea for good health” then “mature living,” all within a few hours.

Her queries mirror millions of those captured in AOL’s database, which reveal the concerns of expectant mothers, cancer patients, college students and music lovers. User No. 2178 searches for “foods to avoid when breast feeding.” No. 3482401 seeks guidance on “calorie counting.” No. 3483689 searches for the songs “Time After Time” and “Wind Beneath My Wings.”

At times, the searches appear to betray intimate emotions and personal dilemmas. No. 3505202 asks about “depression and medical leave.” No. 7268042 types “fear that spouse contemplating cheating.”


Asked about Ms. Arnold, an AOL spokesman, Andrew Weinstein, reiterated the company’s position that the data release was a mistake. “We apologize specifically to her,” he said. “There is not a whole lot we can do.”


For the full article, click here.

| Comments (0) |

The Original Privacy Position

posted by:David Matheson // 11:50 PM // July 12, 2006 // Core Concepts: language and labels | Digital Democracy: law, policy and politics | Surveillance and social sorting

Thomas Nagel has pointed out that there is an analogy to be drawn between (what I’ll call) the problem of liberalism and the problem of privacy. The problem of liberalism concerns “how to join together individuals with conflicting interests and a plurality of values, under a common system of law that serves their collective interests equitably without destroying their autonomy.” (Nagel 1998, 4-5) The problem of privacy is that of “defining conventions of reticence and privacy that allow people to interact peacefully in public without exposing themselves in ways that would be emotionally traumatic or would inhibit the free operation of personal feeling, fantasy, imagination, and thought.” (Nagel 1998, 5)

One well-known attempt to deal with the problem of liberalism comes from John Rawls (1971). He asked us to imagine individuals in what he called the Original Position. Inhabitants of the Original Position are behind a “veil of ignorance” that cuts them off from any significant knowledge of their position in society: they don’t know whether they are rich or poor, powerful or disadvantaged, members of a social majority or minority, etc. Under such conditions of ignorance, they are faced with the task of determining the basic structures and rules whereby society is to be ordered. Whatever structures and rules they would agree upon, Rawls claimed, are the basic principles of justice (as fairness).

So what would the inhabitants of the Original Position agree upon? Rawls pointed to two fundamental principles. First, the liberty principle:

Liberty. Each individual is to have a maximal amount of basic liberty (including such things as the freedom to vote, the freedom to be considered for public office, freedom of speech, freedom of conscience, freedom of assembly, and freedom from arbitrary arrest and seizure) consistent with a similar liberty for everyone else.

Second, the difference principle:

Difference. Socio-economic inequalities are to be such that they bring the greatest benefit to least advantaged members of society.

By thus using the decision procedure that consists of thinking about what inhabitants of the Original Position would agree upon, Rawls suggested, we can get clear about the basic principles of justice. These principles provide the general framework for understanding “how to join together individuals with conflicting interests and a plurality of values, under a common system of law that serves their collective interests equitably without destroying their autonomy.” Hence the use of the Original Position gives us one way of dealing with the problem of liberalism.

I wonder if there isn’t an analogous solution to the analogous problem, i.e. to the problem of privacy. Perhaps we can make use of a privacy version of the Original Position; call it the “Original Privacy Position.” Thus, as before, imagine a group of individuals behind a metaphorical veil of ignorance. Now, however, the veil only precludes them from knowing anything significant about their privacy position in society. Inhabitants of the Original Privacy Position, in other words, don’t know such things as whether their privacy is generally at serious risk, whether they attach a great deal of value to their privacy, whether they are in a position to make a lot of money through the diminishment of others’ privacy (or whether others are in such a position with respect to them), etc. And behind this veil of privacy ignorance they are given the task of deciding upon the basic norms of “reticence and privacy,” to use Nagel’s phrase, or norms of the “contextual integrity” of personal information, to use Helen Nissenbaum (1998, 2002)’ s equally apt one. The idea would be that whatever basic norms inhabitants of the Original Privacy Position would agree upon, those are the basic privacy norms that any just society should respect.

Maybe they would agree upon norms quite analogous to Rawls’s two general principles of justice. First, there would be the privacy norm:

Privacy. Each member of society is to have a maximal amount of basic privacy consistent with a similar privacy for everyone else.

Then there would be something like the difference of privacy means norm:

Difference of privacy means. Inequalities with respect to individuals’ means of controlling their privacy (e.g. inequalities concerning access to technologies designed to protect their privacy, or to diminish that of others) are to be such that they bring the greatest benefit to the least privacy privileged members of society (i.e. to those members of society who are the least advantaged with respect to controlling their privacy).

Although I haven’t yet chatted with him about this, it seems to me that this Rawlsian approach to the problem of privacy might serve as a basis for justifying Steve Mann’s program of equiveillance. After all, a good case can be made that many of the surveillance structures in our actual society violate one of both of the just mentioned privacy norms. (Compare Lucas Introna (2000)’s claim that workplace surveillance practices sit ill at ease with the Rawlsian approach to justice as fairness.)

Consider, for example, the surveillance structures built into digital rights management technologies. Those structures certainly yield inequalities when it comes to individuals’ means of controlling their privacy. And they arguably bring no (let alone the greatest) benefit to the least privacy privileged members of society. Steve’s insistence that we aim for equiveillance through sousveillance could perhaps be cast as the point that sousveillance is needed to bring us back to an appropriate respect for such privacy norms as Privacy and Difference of privacy means.


Introna, Lucas. (2000). “Workplace Surveillance, Privacy, and Distributive Justice.” Computers and Society 33: 33-9

Nagel, Thomas. (1998). “Concealment and Exposure.” Philosophy & Public Affairs 27: 3-30

Nissenbaum, Helen. (2004). “Privacy as Contextual Integrity.” Washington Law Review 79: 119-58

Nissenbaum, Helen. (1998). “Protecting Privacy in an Information Age: The Problem of Privacy in Public.” Law and Philosophy 17: 559-96

Rawls, John. (1971). A Theory of Justice. Cambridge, MA: Harvard University Press.

| Comments (2) |

Bloggers Are Journalists Too

posted by:Jason Millar // 02:10 PM // June 01, 2006 // Digital Democracy: law, policy and politics

In a recent ruling a California court decided to block Apple Computer Inc.'s access to the identity of a blogger's source. The blogger had published information about the company's products in development (information the company guards famously), which had been leaked by an insider. The court decided that bloggers and journalists should receive the same protections owing to the fact that "in no relevant respect do they appear to differ from a reporter or editor for a traditional business-oriented periodical who solicits or otherwise comes into possession of confidential internal information about a company".

| Comments (0) |

Spread the Word -- Ottawa now hosts a "Copynight"

posted by:Ambrese Montagu // 10:14 AM // May 19, 2006 // Core Concepts: language and labels | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | TechLife | Walking On the Identity Trail

Ottawa's first ever Copynight will be held at 6pm Tuesday May 23rd at The Royal Oak Pub (161 Laurier Avenue Eas, which is located on the north edge of the Ottawa University campus).

CopyNight is a monthly social gathering of people interested in restoring balance in copyright law. We meet over drinks once a month in many cities to discuss new developments and build social ties between artists, engineers, filmmakers, academics, lawyers, and many others. Everyone is welcome.

In future, Copynight's will be held on the 4th Tuesday of every month. To learn more or get on the mailing list, please email ottawa (at) copynight.org.

| Comments (0) |

Fair Use and the Fairer Sex: Gender, Feminism, and Copyright Law

posted by:Ian Kerr // 04:06 PM // May 16, 2006 // Digital Democracy: law, policy and politics

some of you will be interested in a new piece by one of my fave US cyberprofs, ann bartow.

in it, she argues that the copyright infrastructure plays a role, largely unexamined by legal scholars, in helping to sustain the material and economic inequality between women and men. she also advocates low levels of copyright protections.

if you lke the piece, you should also check out her excellent blog

| Comments (0) |

Anti-Spyware Coalition Public Workshop

posted by:Jeremy Hessing-Lewis // 10:41 AM // // Commentary &/or random thoughts | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | Surveillance and social sorting | Walking On the Identity Trail

Jeremy HL and Ambrese reporting from the Anti-Spyware Coalition Public Workshop: Developing International Solutions for Global Spyware Problems. The Workshop has brought together an interesting mix of consumer advocates, anti-spyware vendors, regulatory agencies, and public interest groups.

Ari Schwartz, of the Center for Democracy and Technology, presented a survey of some of the harms of spyware including:
1. Identity Theft
2. Corporate Espionage
3. Domestic Violence
4. Extortion
5. Unfair and Deceptive Trade Practices
6. General Privacy Invasions

Although the connection may not be immediately obvious, the relationship between domestic violence and spyware is particularly interesting. Both Anne Mau, of lokk.dk, as well as Cindy Southworth, of the National Network to End Domestic Violence, spoke of how women in abusive relationships can be put under surveillance by their own computers. The monitoring becomes an additional method of asserting complete control. One example marketed as "lovespy" was deployed as a harmless greeting card that would then install key tracking software. This is especially dangerous when women are trying to find social support information or are organizing themselves to leave the relationship.

Ambrese investigated the support services related to spyware and domestic violence only to find that they remain totally inadequate. One support worker offered the helpful advice: "Don't use the Internet." CIPPIC will be hosting Cindy Southwark this week as she trains social service workers to deal with these issues.

Stay Tuned.

| Comments (0) |


posted by:Ian Kerr // 01:19 PM // December 28, 2005 // Digital Democracy: law, policy and politics

Some of you will be interested to know that the Privacy Journal has just published an 18-page 2005 Supplement to its popular Compilation of State and Federal Privacy Laws (2002). It describes and cites more than 200 laws passed recently, including new laws on "credit freezes," "security breach notifications," Social Security numbers, ID theft, covert videotaping, spam, and more. Laws in Canada re included.

The price is $21 plus $4 shipping, by U.S. mail or e-mail. The 2002 book with the Supplement included costs $31 plus $4. Order from Privacy Journal, PO Box 28577, Providence RI 02908, 401/274-7861, fax 401/274-4747, orders@privacyjournal.net. With a credit card, you can download the text at www.privacyjournal.net.

| Comments (0) |

Ex-MI5 chief calls national ID cards "useless"

posted by:Mohamed Layouni // 11:26 AM // November 18, 2005 // Digital Democracy: law, policy and politics

Dame Stella Rimington, the former head of the UK Security Services MI5, declared -- following the government's recent defeat on its ID card plans -- that ID cards are forgeable and thus useless. She said:

ID cards have possibly some purpose.

But I don't think that anybody in the intelligence services, particularly in my former service, would be pressing for ID cards.

My angle on ID cards is that they may be of some use but only if they can be made unforgeable - and all our other documentation is quite easy to forge.

If we have ID cards at vast expense and people can go into a back room and forge them they are going to be absolutely useless.

ID cards may be helpful in all kinds of things but I don't think they are necessarily going to make us any safer.

For more, see the full BBC article here.

| Comments (0) |

anonymity, privacy and p2p litigation

posted by:Alex Cameron // 01:53 PM // November 10, 2005 // Digital Democracy: law, policy and politics

I recently attended and gave a talk at the First Annual p2p Litigation Summit in Chicago. One of the key topics of discussion related to the privacy implications of court-ordered disclosure of individuals' identities in cases where they are alleged to have committed a legal wrong online. The differences between Canada and the US on this point are surprising. The conference was very interesting and included a presentation from an individual who had been wrongly named in one of the RIAA lawsuits. I've provided a couple of reflections on what I took away from this conference for p2pnet.

My thoughts

Ray Beckerman's RIAA p2p litigation blog

Ray Beckerman's report of the Summit

| Comments (0) |

On E-Government Authentication and Privacy

posted by:Stefan Brands // 01:40 PM // November 01, 2005 // Computers, Freedom & Privacy Conference (CFP) | Digital Activism and Advocacy | Digital Democracy: law, policy and politics | ID TRAIL MIX | Surveillance and social sorting | TechLife

Governments around the world are working to implement digital identity and access management infrastructures for access to government services by citizens and businesses. E-government has the potential of bringing major cost, convenience, and security benefits to citizens, businesses, and government alike. There are major architecture challenges, however, which cannot be solved by simply adopting modern enterprise architectures for identity management. Namely, these architectures involve a central server that houses the capability to electronically trace, profile, impersonate, and falsely deny access to any user. In the context of an e-government infrastructure, the privacy and security implications for citizens of such a panoptical identity architecture would be unprecedented.

By way of example, consider the implications of adopting the Liberty Alliance ID-FF architecture (the leading industry effort for so-called "federated" identity management) for e-government. The ID-FF describes a mechanism by which a group of service providers and one or more identity providers form circles of trust. Within a circle of trust, users can federate their identities at multiple service providers with a central identity provider. Users can also engage in single sign-on to access all federated local identities without needing to authenticate individually with each service provider. Liberty Alliance ID-FF leaves the creation of user account information at the service provider level, and in addition each service provider only knows each user under a unique “alias” (also referred to by ID-FF as “pseudonyms”). However, the user aliases in Liberty Alliance ID-FF are not pseudonyms at all: they are centrally generated and doled out by the identity provider, which acts in the security interests of the service providers.

While the Liberty Alliance ID-FF architecture may be fine for the corporate management of the identities of employees who access their corporate resources, it would have scary implications when adopted for government-to-citizen identity management. The identity provider and the service providers would house the power to electronic monitor all citizens in real time across government services. Furthermore, insiders (including hackers and viruses) would have the power to commit undetectable massive identity theft with a single press of a central button. Carving out independent “circles of trust” is not a solution: the only way to break out of the individual circle-of trust “silos” that would result would be to merge them into a “super” circle by reconciling all user identifiers at the level of the identity providers. This would only exacerbate the ID-FF privacy and security problems.

More generally, replacing local non-electronic identifiers by universal electronic identifiers has the effect of removing the natural segmentation of traditional activity domains; as a consequence, the damage that identity thieves can do is no longer confined to narrow domains, nor are identity thieves impaired any longer by the inherent slowdowns of a non-electronic identity infrastructure. At the same time, when the same universal electronic identifiers are relied on by a plurality of autonomous service providers in different domains, the security and privacy threats for the service providers no longer come only from wiretappers and other traditional outsiders: a rogue system administrator, a hacker, a virus, or an identity thief with insider status can cause massive damage to service providers, can electronically monitor the identities and visiting times of all clients of service providers, and can impersonate and falsely deny access to the clients of service providers.

On the legal side, the compatibility of modern enterprise identity architectures with data protection legislation and program statutes is highly questionable. Also, the adoption of enterprise identity architectures in the context of e-government would directly interfere with Article 8 rights under the European Convention on Human Rights. Specifically, any interference with privacy rights under Article 8 must do so to the minimum degree necessary. Enterprise identity architectures violate this requirement: far less intrusive means exist for achieving the objectives of e-government.

Specifically, over the course of the past two decades, the cryptographic research community has developed an array of privacy-preserving technologies that can be used as building blocks for e-government in a manner that simultaneously meets the security needs of government and the legitimate privacy and security needs of individuals and service providers. Relevant privacy-preserving technologies include digital credentials, secret sharing, private information retrieval, and privacy-preserving data mining.

By properly using privacy-preserving technologies, individuals can be represented in their interactions with service providers by local electronic identifiers. Service providers can electronically link their legacy account data on individuals to these local electronic identifiers, which by themselves are untraceable and unlinkable. As a result, any pre-existing segmentation of activity domains is fully preserved. At the same time, verifier-trusted authorities can securely embed into all of an individual’s local identifiers a unique “master identifier” (such as a random number). These embedded identifiers remain unconditionally hidden when individuals identify themselves on the basis of their local electronic identifiers, but their hidden presence can be leveraged by service providers for all kinds of security and data sharing purposes without introducing privacy problems. The privacy guarantees do not require users to rely on third parties - the power to link and trace the activities of a user across his or her activity domains resides solely in the hands of that user.

In the context of e-government, security and privacy are not opposites but mutually reinforcing, assuming proper privacy-preserving technologies are deployed. In order to move forward with e-government, it is important for government to adopt technological alternatives that hold the promise of multi-party security while preserving privacy.

For more information, interested readers are referred to my personal blog at www.idcorner.org.

| Comments (0) |

Delaware Supreme Court Protects Anonymous Blogger

posted by:Ian Kerr // 10:28 AM // October 08, 2005 // Digital Democracy: law, policy and politics

a couple of days ago, the delaware supreme court had to decide whether to unmask an anonymous blogger for the purposes of a defamation lawsuit. the allegation in the case was that the anonymous blogger (aka "Proud Citizen") posted two blog posts discussing a member of the Smyrna Town Council, referring to his "character flaws," "mental deterioration," and "failed leadership..."

as a new york times article and other news articles have reported, the court decided to maintain the anonymity of the blogger.

in refusing to unmask the blogger's identity, the court reiterated the approach generally adopted by US Courts in such cases, which involves a much stricter standard than the one applied by canadian courts.

first, the plaintiff must make reasonable efforts to notify the defendant. second, the plaintiff needs to provide facts sufficient to defeat a summary judgment motion (often this is expressed in the language of demonstrating a prima facie case, i.e., that there is enough evidence to show the court that the case is strong enough to proceed to trial).

in the delaware case, the court held that the plaintiffs had not shown that statements made by Proud Citizen met this test, in large part because the statements were likely to be seen by the internet audience as statements of opinion -- which would therefore not constitute defamation for the purposes of US law.

it is interesting to compare the US approach to the one adopted by canada's federal court of appeal in bmg v doe.

although there was no good evidence that the anonymous defendants had done anything illegal (in fact, the appeal was dismissed on that basis), canada's federal court of appeal was persuaded by the canadian recording industry association not to adopt the well known prima facie standard.

it is interesting that canada's recording industry wants us to follow the US approach when it comes to copyright law but has, at the same time, fought so hard against adopting the US's procedural safeguards when it comes to protecting the identities of persons who are merely alleged to have enagaged in some kind of wrongdoing.

i suspect that canadian courts will likely revisit this issue in a future online defamation case and i predict that the courts will realize that the procedural standard in bmg v doe is incorrect.

if this is plausible, it might be worth asking why the court refused to apply the appropriate standard in the copyright context.

do actions for breach of copyright truly justify a different standard for unmasking defendants, or did the music industry's camapaign against file-sharing somehow cloud the issue?

| Comments (0) |

Industry Canada makes RFID deployment easier

posted by:Philippa Lawson // 12:26 PM // September 19, 2005 // Digital Democracy: law, policy and politics

According to Decima Reports ICT Update Industry Canada has adopted new rules regarding RFID (RSS-210), making it easier for the deployment of RFID equipment in both Canada and the United States. The rule changes involve modifications to RSS-210 that will align with the technical standards currently in force in the U.S., and that will permit the development of RFID devices which can operate in other countries.

The Decima Reports ICT UPDATE is published by:

Decima Reports Inc.
160 Elgin Street, Suite 1800
Ottawa, Ontario CANADA
K2P 2P7
Tel. (613) 230-1984
Fax (613) 230-3793
Email: newsdesk@decima.com
Web site: www.decima.com/reports

| Comments (0) |

Little v and big V: online voting

posted by:Marty // 04:55 PM // August 13, 2005 // Digital Democracy: law, policy and politics

E-voting – raise the word and we readily think (ok maybe just me) of voting with a big “V”, i.e. voting for government officials. However, taking a quick pause we can see some of the many other instances of e-voting:

  • The Dove Awards (Christian Music) are taking their balloting online, allowing the members of the Gospel Music Association to vote online
  • Countless online sites offer polls and "vote for your favourite ___" items
  • the New York City Firefighters Union has set up online voting for its members who are serving in Iraq and Afghanistan, and
  • A new sea lion born at a Six Flags had its name selected by online vote.
  • All of this to say that increasingly we are seeing these examples of, what I'll call, small "v" online voting - micro voting - where the issues are trivial to some, significant to others, but their results are not universal or pan-geographic (national, regional, municipal, etc.). Will our comfort with small v online voting make for a seamless transition to big V online voting (voting for our government officials)? Will familiarity with online voting encourage increase voter participation? Lastly, will voters take safety and reliability of online voting for granted?

    As an aside, I'm reminded of something that George Carlin once said. Let me paraphrase "If you don’t vote, you have no right to complain’, but where’s the logic in that? If you vote and you elect dishonest, incompetent people into office who screw everything up, you are responsible for what they have done. You caused the problem; you voted them in; you have no right to complain. I, on the other hand, who did not vote, who in fact did not even leave the house on election day, am in no way responsible for what these people have done and have every right to complain about the mess you created that I had nothing to do with"
    | Comments (2) | | TrackBack

    Korea: the end of online anonymity is near!

    posted by:Marty // 08:13 PM // July 30, 2005 // Digital Democracy: law, policy and politics

    This may have gone under the radar for some (myself included) as it came out earlier in July…

    South Korea is set to release in October what is being dubbed the ‘real name system’. The real name system will be a policy mechanism implemented by the Ministry of Information and Communication (MIC).

    The real name system, an initiative of Prime Minister Lee hae-chan, is the governments’ response to recent instances of online slander and harassment. The full effect of the real-name system could very well be the legislated end to online anonymity in South Korea as it would require all internet users to post their real name and resident registration numbers when posting online. Effectiveness of the system is a different matter entirely.

    For more on the real name system see:

    Obviously this is chilling stuff (double-entendre intended). Alarming even. What shocked me more is the thrust of an editorial in the Korean daily JoongAng Daily:

    Some civic groups and Internet companies are opposing the introduction of the "real name" system. They insist that it is a very dangerous idea, because it means everyday people will be monitored as though they were criminals. Others warn that there could be serious unintended consequences, such as the theft of residential registration numbers, which are key to the system. But the threat to privacy can be prevented by developing a system that can verify a user's identity by means other than the residential registration number. At any rate, it is in the basic spirit of the Constitution that the rights of victims deserve protection as much as people's freedom of expression does.

    I read this to be a call for balance, but a misguided one. In essence an alternative system of verification is still a gateway and barrier to anonymous access. Threats to privacy still pervade. But I digress. What I would like to pick upon is the debate between victims’ rights versus freedom of express (and association, privacy, etc.) that can be had here. Is the real name system an overreaction by the State to a few instances of cyberslander or harassment? If a balancing act between rights cannot be achieved, should rights still trump other rights? Considering that it, likely, will be easy to evade the real name system, thus calling into question is efficacy, should such a system really be put in place, given the messages it sends?

    In thinking about this debate, keep this in mind - 80% of respondents to a MIC study support the real name system (source: Korea.net).

    | Comments (0) | | TrackBack

    Data - Security Bill Advances in U.S. Senate

    posted by:Jennifer Manning // 09:41 PM // July 29, 2005 // Digital Democracy: law, policy and politics

    WASHINGTON (Reuters) - Businesses would have to protect credit-card accounts and other sensitive consumer information and notify them when they have been exposed to identity theft, under a bill approved on Thursday by a Senate committee.

    The lucrative trade in consumers' Social Security numbers would also be curtailed under a bill approved unanimously by the Senate Commerce Committee.

    The vote marks the first time Congress has taken steps to improve data security following a string of breaches that have exposed some 50 million consumers to possible identity theft.

    ``It's important we get this moved because none of us are going to have any privacy left if we don't,'' said Florida Democratic Sen. Bill Nelson..

    Dozens of retailers, universities, banks, data brokers and other institutions have disclosed breaches this year, ranging from attacks by malicious hackers to losses of backup tapes during transit to storage facilities.

    The announcements were prompted by a California state law that requires institutions to make such data breaches public. Seventeen states have since passed similar laws, prompting banks and other businesses to ask Congress to set a single national standard.

    Under the Commerce Committee's bill, businesses and other institutions would have to notify consumers within 45 days if they are exposed to identity theft from any security breach. They would also have to notify the Federal Trade Commission, and the FTC would publicize those that affect more than 1,000 consumers.

    Consumers could also prevent credit bureaus from giving out their credit reports to deter identity thieves from getting more information.

    Businesses and other institutions would not be allowed to sell consumers' Social Security numbers without permission. They also would not be allowed to collect Social Security numbers from consumers, or display them publicly.

    Social Security numbers, used to track government retirement benefits, are now commonly used as a numerical identifier on everything from bank accounts to drivers' licenses, a practice that experts say makes identity theft easier.

    Other committees are considering data-security bills as well.

    In the Senate, leaders of the Judiciary Committee have a bill that would establish jail time for business leaders who don't tell consumers when they may be at risk of identity theft. The committee likely won't act on that bill until after the month-long break that begins on Friday.

    Committee Chairman Ted Stevens, an Alaska Republican, said the committee would also have to harmonize its bill with one being developed by the Senate Banking Committee.

    In the House of Representatives, the Financial Services Committee and the Energy and Commerce Committee are developing data-security bills.

    | Comments (1) | | TrackBack

    Health Information Technology Summit

    posted by:Hilary Young // 10:02 AM // // Digital Democracy: law, policy and politics

    Those interested in health information technology and privacy may want to attend the Second Health Information Technology Summit in Washington D.C. from Sept7-9. There will be a number of privacy-related panels, including "Privacy law and compliance" and a Roundtable on the Role of Privacy and Security in Health Information Technology Initiatives.

    See http://www.hitsummit.com/

    | Comments (0) | | TrackBack

    Bush government "undermines protection of medical privacy"

    posted by:Hilary Young // 10:02 AM // // Digital Democracy: law, policy and politics

    This is old news by the standard of our blog (it dates from June), but it may nevertheless be of interest. The Office of Legal Counsel (OLC) of the American Department of Justice released an opinion in June on the application of the US Health Insurance Portability and Accountability Act (HIPAA). Essentially, the opinion states that the criminal provision for violating health privacy under the act only applies to hospitals and health insurers and not to individuals.

    In the article linked below, Peter Swire argues against this finding saying it undermines the protection of health privacy in the US.


    | Comments (0) | | TrackBack

    Behind-the-Scenes Battle on Tracking Data Mining

    posted by:Rafal Morek // 10:47 PM // July 24, 2005 // Digital Democracy: law, policy and politics

    Bush administration officials are opposing an effort in Congress to force the government to disclose its use of data-mining techniques in tracking suspects in terrorism cases.

    See The New York Times.

    | Comments (0) | | TrackBack

    Identity Theft Consultation

    posted by:Rafal Morek // 01:30 PM // July 17, 2005 // Digital Democracy: law, policy and politics

    The Consumer Measures Committee , a forum of federal, provincial and territorial government representatives, is holding a public consultation on identity theft from July 6, 2005 to September 15, 2005.

    Working Together to Prevent Identity Theft, A Discussion Paper, explores a number of options to amend federal, provincial and territorial laws to curb identity theft and to make it easier for victims to recover from the experience.

    Click here to see the Consultation Handbook and find information on submission methods.

    | Comments (0) | | TrackBack

    be careful next time you 'borrow' that wireless signal

    posted by:Dina Mashayekhi // 09:27 AM // July 07, 2005 // Digital Democracy: law, policy and politics

    Florida man charged with stealing Wi-Fi signal

    St. Petersburg, Fla. — Police have arrested a man for using someone else's wireless Internet network in one of the first criminal cases involving this fairly common practice.

    Benjamin Smith III, 41, faces a pretrial hearing this month following his April arrest on charges of unauthorized access to a computer network, a third-degree felony.

    Police say Mr. Smith admitted using the Wi-Fi signal from the home of Richard Dinon, who had noticed Mr. Smith sitting in an SUV outside Mr. Dinon's house using a laptop computer.

    The practice is so new that the Florida Department of Law Enforcement doesn't even keep statistics, according to the St. Petersburg Times, which reported Mr. Smith's arrest this week.

    Innocuous use of other people's unsecured Wi-Fi networks is common. But experts say that illegal use often goes undetected, such as people sneaking on others' networks to traffic in child pornography, steal credit card information and send death threats.

    Security experts say people can prevent such access by turning on encryption or requiring passwords, but few bother or even know how to do so.

    Wi-Fi, short for Wireless Fidelity, has enjoyed prolific growth since 2000. Millions of households have set up wireless home networks that allow people to use the web from their backyards but also reach the house next door or down the street.

    Prosecutors declined to comment, and a working phone number could not be located for Mr. Smith.

    See Globe and Mail

    | Comments (0) | | TrackBack

    Promoting File Sharing Devices Attracts Liability Rules the US Supreme Court

    posted by:Carole Lucock // 02:08 PM // June 28, 2005 // Digital Democracy: law, policy and politics

    Yesterday the U.S. Supreme Court handed down its ruling in the MGM v. Grokster & StreamCast case, finding that distributing a device with the intent to promote copyright infringement will attract liability. Grokster and other peer-to-peer sites now face the prospect of liability for copyright infringements that occur on their sites.

    The Court's unanimous decision was greeted with accolades from the Motion Picture Association of America and concerns from others who fear a chilling effect on the tech industry.

    Further Information

    | Comments (0) | | TrackBack

    New U.S. federal regulations violate the privacy rights of Canadian adult industry performers ?

    posted by:Rafal Morek // 12:38 PM // June 23, 2005 // Digital Democracy: law, policy and politics

    From the Ottawa Citizen:

    "Canada's privacy watchdog has been asked to determine whether a U.S. clampdown on Internet pornography violates the rights of Canadian adult industry performers.

    A lawyer representing a B.C.-based porn company wants Privacy Commissioner Jennifer Stoddart to see if contentious new U.S. federal regulations that take effect today offend Canada's privacy laws.

    At issue are revisions to U.S. rules that require porn producers to keep photo ID and release forms from anyone who appears in sexually explicit images. The regulations, intended to combat child pornography, had been in effect since the early 1990s, but today they will be expanded to encompass Internet porn sites..."

    Click here for the rest of the article.

    | Comments (0) | | TrackBack

    EPIC 2014

    posted by:David Matheson // 08:51 PM // June 10, 2005 // Digital Democracy: law, policy and politics

    My wife recently drew my attention to an 8-minute fake documentary, "EPIC 2014." (Not the EPIC that many of you will be familiar with; this one stands for "Evolving Personalized Information Construct.") It was created by a couple of journalists, and contains an interesting vision of the future. Aside from just being a lot of fun (in the way that horror movies can be fun, some might say), there are some nice tie-ins to the interests of project members. For background on the whole thing, you can go here or here. To watch the movie, click here.

    | Comments (0) |

    Use PETs? You must have something to hide

    posted by:Alex Cameron // 07:55 PM // June 02, 2005 // Digital Democracy: law, policy and politics

    In this US case, evidence that the accused had PGP (pretty good privacy) technology on his computer was found to be relevant to proving criminal intent to attempt to make child pornography. This despite a finding that every Mac computer that comes out today may have PGP on it and that no encrypted files were present on the accused's computer.

    This is a troubling finding because, as I see it, there is no win for privacy here.

    On one hand, if ordinary emails and other online communications can be intercepted, they may not attract a reasonable expectation of privacy.

    On the other hand, if we use privacy enhancing technology like PGP to establish a reasonable expectation of privacy in our files and communications, then it must be because we have something to hide. Even where there is no clear evidence of our use of encryption for illegal purposes, the fact that we even have it on our computer can be used against us.

    Though perhaps not surprising given that child pornography was alleged in this case, it seems troubling that the presence of PGP could be found by a court to be relevant to proving criminal intent, particularly in the absence of evidence about whether and how the PGP was specifically used.

    Full text of US court decision: http://pub.bna.com/eclr/K203106.doc

    | Comments (0) | | TrackBack


    posted by:Ian Kerr // 03:06 PM // May 19, 2005 // Digital Democracy: law, policy and politics

    earlier today, the canadian federal court of appeal released its reasons for judgement in the much publicized litigation between the canadian recording industry association (cria) and 29 pseudonymous P2P file-sharers.

    based on a lack of evidence, the court dismissed cria's appeal, upholding a prior ruling that refused to disclose the identities of 29 alleged file-sharers.

    in rendering its decision, the court acknowledged that "[c]itizens legitimately worry about encroachment upon their privacy rights" and that such "intrusion not only puts individuals at great personal risk but also subjects their views and beliefs to untenable scrutiny."

    at the same time, the court was careful to frame the issue as an attempt to balance "the tension existing between the privacy rights of those who use the Internet and those whose rights may be infringed or abused by anonymous Internet users."

    having declared the outcome "a divided success," the court affirmed cria's "right to commence a further application for disclosure of the identity of the 'users'."

    although the long term implications of this divided success are yet unknown, i fear that cria will interpret the dismissal of its claim as an invitation to conduct more agressive surveillance in furtherance of what michael geist has predicted will result in thousands of suits against individual Canadians in the months ahead.

    isn't it likely that, in attempting to affirm privacy in principle, the court's invitation to cria to commence further applications without prejudice might actually undermine the privacy of netizens?

    in a recently released draft book chapter titled "Nymity, P2P & ISPs," alex cameron and i predicted that:

    ... a number of the Court’s findings in BMG v. Doe may quite unintentionally diminish Internet privacy in the future. Recall that the result in BMG v. Doe turned on the inadequate evidence provided by CRIA. The decision openly invites CRIA to come back to court with better evidence of wrongdoing in a future case. Such an invitation may well result in even closer scrutiny of Internet users targeted by CRIA, both to establish a reliable link between their pseudonyms and their IP address and to carefully document the kinds of activities that the individuals were engaged in for the purpose of attempting to show a prima facie copyright violation. It could also motivate the development of even more powerful, more invasive, surreptitious technological means of tracking people online. This increased surveillance might be seen as necessary by potential litigants in any number of situations where one party to an action, seeking to compel disclosure of identity information from an ISP, is motivated to spy on the other, set traps and perhaps even create new nyms in order to impersonate other peer-to-peer file-sharers with the hope of frustrating them, intimidating them, or building a strong prima facie case against them.

    regardless of whether cria and other organizations respond along these lines, i think that it is imperative that our courts stop paying lip-service to privacy and start grappling with the gruesome implications of: (i) permitting low evidentiary thresholds for identity disclosure, and (ii) offering open invitations to large and powerful organizations, with little guidance or constraint, thereby encouraging powerful organizations to gather more evidence by better monitoring everyone's intellectual consumption habits.

    such a course is a recipe for disaster.

    | Comments (0) | | TrackBack

    College seeks access to identify website's creator

    posted by:Jennifer Manning // 07:54 AM // May 13, 2005 // Digital Democracy: law, policy and politics

    An upstate New York college is seeking a federal court's help to track down the unknown creators of a website school officials say has been allowing harassing postings against faculty and students.

    "This isn't about free speech," said Macreena Doyle, a spokeswoman for St. Lawrence University, 150 miles north of Syracuse. "This has been targeting specific individuals for nothing more than ridicule, and that's different."

    Lawyers for the school are seeking a court order giving the university access to records from Time Warner Cable that could help identify the operators of the site.

    Click here for the rest of the article.

    | Comments (0) |

    Schools do not have to give students up

    posted by:Marty // 11:20 PM // May 01, 2005 // Digital Democracy: law, policy and politics

    Recently, Judge Russell A. Eliason, a U.S. Federal Magistrate, denied the RIAA's attempt to force two North Carolina colleges from disclosing the names of its students who are only known by their file-sharing pseudonyms.

    "Durham lawyers Fred Battaglia and Michael Kornbluth represented Jane Doe, the UNC-CH student. They said they were not concerned with allegations of music piracy but with whether their client, whom they declined to name, could have his or her privacy protected."

    Follow this article to read more.

    | Comments (0) | | TrackBack

    Shearman Sues in Bid to Smoke Out Critic

    posted by:Jennifer Manning // 01:46 PM // April 11, 2005 // Digital Democracy: law, policy and politics

    Shearman and Sterling is filing a suit against an anonymous internet user for an "offensive" post about a firm staff manager on craigslist.org.

    Click here for the article.

    | Comments (0) | | TrackBack

    Online Chatter, Apple Goes to Court

    posted by:Jennifer Manning // 05:31 PM // March 21, 2005 // Digital Democracy: law, policy and politics

    The NY Times reports that Apple co-founder Steve Jobs has chosen to sue several websites that traffic in Apple news in an effort to determine if his employees are leaking product information.

    A Santa Clara County Superior Court judge ruled earlier this month that three operators of independent Web sites devoted to publishing information about Apple must divulge their confidential sources to the company.

    Apple said that it was seeking the source of information it claims is protected under trade secret law. That ruling is being appealed by EFF.

    In a separate case, Apple charged Nicholas M. Ciarelli, the Harvard freshman who operates the Web site Think Secret, with illegally attempting to induce Apple employees to violate their confidentiality agreements with the company.

    Click here for the article.

    | Comments (0) |

    Congress edges toward new privacy rules

    posted by:Jennifer Manning // 10:49 AM // March 13, 2005 // Digital Democracy: law, policy and politics

    Members of Congress in the US are in the midst of deciding how to best respond to the recent data breaches by LexisNexis and ChoicePoint.

    Sen. Jon Corzine, D-N.J., plans to introduce a bill next week requiring "the chairman or chief enforcement officer to attest to the effectiveness of the systems that provide for control of information" and provide notification to consumers of security breaches.

    Sen. Charles Schumer, D-N.Y., is preparing his own proposal to require a "box to be posted on any Web site that seeks to obtain personal information about a customer" with disclosure about how the data will be used.

    Click here for the CNET news article.

    | Comments (0) |

    ChoicePoint faces inquiry, will curtail data sales

    posted by:Jennifer Manning // 01:26 PM // March 07, 2005 // Digital Democracy: law, policy and politics

    Choicepoint is facing an SEC inquiry over its business practices, and reports that it will exit some parts of the personal data business and sell information only in situations where specific criteria are met.

    According to CEO Derek Smith, the company will only sell "sensitive" data "where there is a specific consumer-driven transaction or benefit, or where the products support federal, state or local government and criminal justice purposes."

    Click here for the CNET article.

    | Comments (0) |

    Gag Order: No Joking Matter?

    posted by:Alison Gardner Biggs // 09:16 PM // March 05, 2005 // Digital Democracy: law, policy and politics

    Tonight Show host Jay Leno has been subpoenaed in Michael Jackson's trial. The trial judge has issued an extremely broad order barring those who are involved in the case from discussing the case publically.

    While Leno may be able to claim constitutional protection under the First Amendment, he has already found a way to get around the order: hiring another actor to deliver his monologue jokes for him. Questions remain as to whether this makes a mockery of an order which was intended to provide for privacy and a fair trial, or whether the original order overvalued privacy issues at the expense of free speech.

    Click here for a story on the First Amendment issues.

    Click here for a story on hiring another actor.

    | Comments (0) |

    No more anonymous .us registration

    posted by:Marty // 02:59 PM // // Digital Democracy: law, policy and politics | Surveillance and social sorting

    On Friday March 4, 2005, Wired published a story that the US Commerce Department has banned proxy registration, i.e. anonymous registration, of .us domain names.

    The department's National Telecommunications and Information Administration, has responded to this by saying this has always been its policy and there is no policy change. See the latest here.

    What's the big idea of anonymous domain name registration? For one thing, spammers pluck contact info from registries and spam spam spam. This is of course on top of the standard issues of online anonymity.

    | Comments (1) |

    Will the real Bill Graham please stand up?

    posted by:Alex Cameron // 09:40 AM // March 04, 2005 // Digital Democracy: law, policy and politics

    There are reports that Canadian Defence Minister Bill Graham was recently obliged to prove to US officials that he really was who he says he was before they permitted him to board a plane. It's not clear whether a "Bill Graham" was on a no-fly list but the story is amusing.

    | Comments (0) |

    Privacy Rights of Deceased Email Account User

    posted by:Anne Ko // 10:06 PM // March 02, 2005 // Digital Democracy: law, policy and politics

    What happens with your email account when you die?
    Does your family have access?
    Or rather, would you want your family to have access?

    These are the looming questions in the continuing Yahoo saga involving the grieving parents of a US soldier killed in Iraq, and the contents of his Yahoo email account.

    Under Yahoo policy, email accounts are erased if there has been no activity for 120 days. For months, Yahoo has refused to release the email content at the request of the soldier’s parents amidst concerns of breaching the privacy rights of its users. However, the soldier’s account has yet to be erased (since his death last November) and Yahoo is currently in negotiation with the parents to come to a “shared goal of finding a mutually agreeable resolution to a complicated and, in many ways, uncharted issue."

    To read the article in USTODAY.com, click here.

    | Comments (2) |

    Choicepoint and Canadians

    posted by:Philippa Lawson // 02:05 PM // // Digital Democracy: law, policy and politics

    As part of a bigger project on consumer profiling, CIPPIC is researching the extent to which Choicepoint (and other information brokers) deal with Canadian consumer information. We started this research before the recent debacle, which has made the task of contacting the company and getting answers somewhat more difficult. It is not clear what information about Canadians Choicepoint has in its databases, but indications so far suggest that Choicepoint has at least some information from provincial drivers licence databases, and will provide employment screening services on Canadians. We are continuing to research this and will of course publish the results of our research.

    | Comments (0) |

    CIPPIC calls for law requiring disclosure of privacy breaches

    posted by:Philippa Lawson // 01:53 PM // // Digital Democracy: law, policy and politics

    A recently disclosed privacy breach at giant US-based information broker Choicepoint points out the need for a new law in Canada requiring businesses to notify affected individuals of security breaches that make their personal data vulnerable to identity theft, say Canadian consumer and privacy advocates.

    Ottawa, ON
    March 2, 2005


    A recently disclosed privacy breach at giant US-based information broker Choicepoint points out the need for a new law in Canada to help protect potential victims of identity theft, say consumer and privacy advocates.

    Choicepoint is the largest of a number of data brokers that specialize in collecting personal information about individuals and selling it to businesses and governments for marketing, background checks, and other purposes. Choicepoint's 19 billion public and private records are organized into detailed digital dossiers on millions of individuals and made available to a wide array of clients including insurance agencies, employee screeners, direct marketers, media outlets, and law enforcement agencies.

    Last week, it came to light that Choicepoint had been duped into giving criminals access to its massive database of personal information. Apparently, thieves posing as legitimate businesses opened up several accounts with Choicepoint and received detailed information including names, addresses, Social Security numbers, and credit reports, about at least 145,000 Americans.

    "This disaster was waiting to happen", said Philippa Lawson, Executive Director of the Canadian Internet Policy and Public Interest Clinic (CIPPIC) at the University of Ottawa. "You can't allow such unconstrained collection, use and disclosure of personal information in the marketplace and expect that everything will be fine. The bigger and richer the databases, the more attractive they will be to identity thieves. And as more personal information is amassed and traded in the marketplace, more people who will be harmed by decisions based on incorrect or misinterpreted information."

    Choicepoint's website does not indicate the extent to which it deals with data on Canadians, and attempts to find this out by calling the company were fruitless.

    Lawson points out that there are many other data brokers dealing with our personal information, whose identity and practices we are largely unaware of. "While the situation is better in Canada because of our privacy laws that restrict business's right to collect, use and disclose our personal information, we are still vulnerable, in large part because we simply don't know when our information is made vulnerable to identity theft", she said.

    The Choicepoint privacy breach was originally disclosed to over 34,000 Californians whose data had been exposed. California law requires that companies notify individuals when a security breach exposes their data. But the other 110,000 US citizens affected by the breach were only notified after public outcry pressured Choicepoint to do so.

    That's why CIPPIC and the Public Interest Advocacy Centre (PIAC) are calling on the Canadian government to enact legislation requiring businesses in this country to notify individuals when their personal data is exposed to unauthorized access. "This is a clear instance where market forces do not suffice", said John Lawford, Counsel for PIAC. "No company is going to disclose security breaches that might otherwise go undetected unless they are required to do so. It's too damaging to their public image. We're never going to know when our personal information is at risk unless companies and government are required to report privacy breaches, as in California."

    "We've been calling for a rule such as that in California for a while now", said Lawson. "This case is a perfect illustration of why such a law is needed."

    - 30 –

    For more information, see:

    Consumer Coalition calls for stronger ID theft protection in Canada: http://www.piac.ca/CCI_media_release_1_Feb.htm
    Identity Theft: The Need for Better Consumer Protection (PIAC, 2003): http://www.piac.ca/IDTHEFT.pdf
    US Privacy Advocates news release in response to Choicepoint disclosure: http://www.privacyrights.org/Media/CPBofAResponsePR.htm
    EPIC webpage on Choicepoint: http://www.epic.org/privacy/choicepoint/
    EPIC webpage on California "Shine the Light" law: http://www.epic.org/privacy/profiling/sb27.html
    EPIC letter to Choicepoint re: privacy breach http://www.epic.org/privacy/choicepoint/cpltr2.18.05.html

    | Comments (0) |

    Clinton, Boxer pushing e-voting bill in Senate

    posted by:Jennifer Manning // 01:22 PM // // Digital Democracy: law, policy and politics

    U.S. Sens. Hilary Clinton (D-NY) and Barbara Boxer (D-CA) introduced a bill, The Count Every Vote Act, that would require every vote cast in electronic voting machines to be accopmanied by a voter-verified paper ballot.

    The bill mandates that verified paper ballots would become the official ballot record in case of a recount, and seeks to increase security measures for e-voting machines. The bill is co-sponsored by Stephanie Tubbs Jones (D-Ohio).

    Click here for the Computerworld article.

    Click here for a copy of the bill.

    | Comments (0) |

    The EU WP expressed concern on data protection issues related to RFID technology

    posted by:Rafal Morek // 05:55 PM // February 27, 2005 // Digital Democracy: law, policy and politics

    The EU Working Party has recently released a working document on data protection issues related to Radio Frequency Identification (commonly known as "RFID technology"). The Working Party is concerned about the possibility for some applications of RFID technology "to violate human dignity as well as data protection rights". A copy of the working document can be accessed here.

    | Comments (0) |

    Another bank loses personal information

    posted by:Anne Ko // 02:46 PM // // Digital Democracy: law, policy and politics

    Another bank, this time in the US, is in trouble for the loss of computer backup tapes containing credit card information of its clients. The Bank of America has “lost” the personal information of 1.2 million federal employees, including some U.S. senators. Ironically, approximately 90,000 of the cardholders are employees for the Department of Defense. It is thought that the tapes are simply “lost in transit” and no evidence of wrongdoing has been reported as yet.

    For the NY Times article, click here.

    | Comments (1) |

    MNR access to personal banking information

    posted by:Philippa Lawson // 05:31 PM // February 25, 2005 // Digital Democracy: law, policy and politics

    Mathew Englinder posted an interesting story on David Fraser's blog about the Canada Revenue Agency's right to access personal banking information. As he said in his message to me:

    "Basically the CRA had a bank account number and asked TD who owned the account. TD refused to tell them, so CRA went to court. The FCA agreed with TD that the particular provision of the Income Tax Act did not allow CRA to force the bank to disclose the name of the individual in this case. I summarized the case for David Fraser's blog"

    | Comments (0) |

    Barking anonymously

    posted by:Alex Cameron // 11:50 AM // // Digital Democracy: law, policy and politics

    "So remember, on the Internet, your ISP knows you're not a dog, and your adversary is only a subpoena away from compromising your constitutionally-protected right to bark anonymously."

    Fred von Lohmann has written a short piece on the threat that ISPs pose to our online anonymity. The constitutional issues are US-specific but the article is a nice little read and has relevance in the Canadian context.

    | Comments (0) |

    Class Action Filed Against CIBC for Privacy Breach

    posted by:Jennifer Manning // 10:54 AM // // Digital Democracy: law, policy and politics

    The class members are clients of CIBC. They allege that their "sensitive personal information" was disclosed to unauthorized third parties when it was unknowingly faxed to a West Virginia junkyard. They are seeking $9 million in damages.

    Click here for a copy of the statement of claim.

    | Comments (0) |

    Transborder Dataflow Comes Home to Roost

    posted by:Stephanie Perrin // 11:35 PM // February 22, 2005 // Digital Democracy: law, policy and politics | ID TRAIL MIX | Surveillance and social sorting

    Transborder Dataflow Comes Home to Roost
    Some Policy thoughts on Commissioner David Loukidelis’ Inquiry on the subject of the Export of Personal Data to the United States and the Implications of the Patriot Act

    In the summer of 2004, the Information and Privacy Commissioner of British Columbia David Loukidelis posted a call for comments on the implications of the U.S. Patriot Act on the personal data of Canadians (http://www.oipc.bc.ca/sector_public/usa_patriot_act/patriot_act_resources.htm). Prompted by a complaint from the B.C. Government Employees Union about the outsourcing of the processing of health information of citizens to an American company, the focus was on whether the data in fact would be accessible to US authorities under the Patriot Act, basically out of Canadian control. I commend him for starting a debate that in my view is the richest we have had in two decades on the subject of trans-border dataflow. The Commissioner received over 500 responses, from all kinds of individuals, academics experts, and organizations. Some of the submissions demand response, and as a policy person with a long interest in the field, it was tempting to comment. I did not, but I think it is a very fruitful topic for this project and this space to consider.


    As many are well aware, during the 1970s, this country and many others debated the issue of trans-border dataflow in the context of pressures to open up trade in services, particularly data processing, and drop requirements to keep data within domestic borders. It was in this context that data protection achieved importance, and the OECD Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data of 1980 bear the imprints of that pre-occupation, as they were drafted as much to ensure the free flow of data as to protect privacy. Countries were enjoined in the preamble of that document to continue the work of harmonizing their approaches to data protection, and working together on international issues.

    Unfortunately the Committee that drafted the guidelines was wound down shortly after the Council of Ministers approved them, and the OECD did not continue the much needed work on international cooperation. While the Guidelines were re-affirmed as a set of fair information practices in 1998 in the context of the OECD Electronic Commerce Conference held in Ottawa, there has not been a renewed, focused international discussion about how to manage the international and jurisdictional problems. The United States had a bilateral discussion with the European Union when they came to the Safe Harbor Arrangement after the Data Protection Directive 95/46 came into effect, but this happened largely behind closed doors and was focused on the Directive, and on how to avoid blockages in data flow. It did not include financial data, and did not focus on law enforcement and national security data. There has been almost no public discussion of the slumbering issue of Article 4(1)(c) of the Directive, which states that telecommunications equipment and software resident in the country, which is used to manage data and ship it outside the community, provides the presence necessary to cause the application of national law. This was certainly a controversial provision at the time, but the development of the global Information Infrastructure has certainly born out the foresight of its drafters; is there another logical way of approaching the problem of remote collection and use? If so, I have not seen it.

    While a global discussion on data protection has raged over the past ten years, it has been focused primarily on the mechanics of the world wide web (cookies, privacy policies, P3P) and on opt/out opt/in for marketing. In the context of the huge debate between the US and Europe on whether or not you can achieve adequate data protection without legislating holistically as Europe has done, the attention of privacy watchers and legislators has been drawn to the rather basic questions that we had asked in 1980 when the OECD Guidelines were drafted, and not to the rather more complex issues of what we were proposing to do about the rapid development of global, dynamic dataflows and ubiquitous computing.

    Canada has tried, during this period, to focus on the problem. During the Parliamentary Review of the Access to Information Act and the Privacy Act, the recommendation was made in the final Report of the Standing Committee on Justice and the Solicitor General (Open and Shut, 1987) to study transborder data flows. The Department of Justice did so, publishing the report Crossing the Borders in 1989, but there was still a dearth of information about financial dataflows, and no further policy work was published subsequent to the report. Aware of this issue, we developed a national standard for privacy, the Canadian Standards Association’s Model Code for the Protection of Personal Information CAN/CSA-Q830-96, envisaging also the potential development of an international standard which would provide not only a management standard for data protection practices, but a ready intersection with technology standards that contemplated privacy requirements. We also anticipated that such international standards could be useful in harmonizing the different legal regimes for the purposes of trans-border dataflow, and in providing an independent audit mechanism (through accredited ISO auditors) to permit checking on standards in remote and developing jurisdictions.

    When the private sector privacy legislation was drafted (the Personal Information Protection and Electronic Documents Act or PIPEDA), the standard was attached to the law as the set of fair information practices required. When data is transferred for ‘processing’, it must be protected to the same level. However thin these protections may seem, I would argue that there is very little that can be done to improve them in the context of keeping data in the hands of the data controller and not that of foreign governments. Here are a few brief reasons why:

    • Most foreign data protection laws and constitutional protections do not provide protection for ‘aliens’, or persons who are not citizens or residents of the country. Certainly US law does not.
    • Data protection laws routinely have exemptions to permit release of personal information without the consent of the individual for purposes of national security, law enforcement, and a host of routine government functions.
    • New anti-terrorism laws have given law enforcement and intelligence agents new powers domestically and new information sharing capabilities in their international organizations.

    It can hardly be healthy for democracy to have a closed, hidden network of surveillance information about its citizens, shared around the world by police and intelligence agencies who are not accountable to their own citizens with respect to the collection, use, and disclosure of information, and the accuracy of the information. For many years while I worked in government, I pointed out the risks of the development of these networks, and frankly was frequently dismissed as a paranoid fanatic. So who’s crazy now?

    This week, the papers in Canada are full of the story of Moroccan-born Adil Charkaoui, released on bail after 21 months in prison on a national security certificate. No charges were laid, the notes of the CSIS agent who provided the rationale for the arrest were destroyed as is routine, so no evidence was available to the defence. Can we actually run a democracy like this? Surely terrorism and insurrection are difficult problems, just as they were in the days of Magna Carta when we tried to improve our rule of law. But we must find solutions, because we are now living in a time of ubiquitous surveillance where there are practically no limits to how much data can be gathered about us. If that information is not verified by independent authorities, courts and juries, we have concentrated far too much power in the hands of an elite group.

    At the same time as this story was breaking, the scandal of the criminal abuse of the vast databases held by Choicepoint broke (see www.epic.org and http://www.washingtonpost.com/wp-dyn/articles/A40379-2005Feb20.html). Choicepoint is one of the success stories of the post-911 environment, a data broker that was formed in 1997 and has bought 50 companies to assemble files on individuals all over the world. They have contracts with virtually every US government agency and are the company that is providing security checks for job seekers of all kinds in the post-911 environment. However, this open market for personal information has allowed criminal gangs posing as legitimate companies to purchase files on 145,000 US individuals, then proceeding to change the victims’ addresses and perpetrate identity theft and fraud on a grand scale. Since EPIC broke its first stories on Choicepoint in 2002, I have asked audiences wherever I speak who has heard of them. So far, there has been scarcely a handful among these well educated security and privacy experts, government policy people and sociologists, consumer advocates and lawyers, who were familiar with the company name. How can we run a democracy where huge private sector companies, un-regulated and unbounded by Charter and Constitutional protections that curb law enforcement authorities, control the information of an entire society and indeed of the citizens of many countries around the world, without the knowledge of the citizen?

    This brings me back to the issue of transborder dataflow. There are many reasons why this topic has not been much discussed in the pure state (as opposed to, say, as an aspect of Safe Harbor) over the past few years. Here are a few:
    • Western democracies have been keen on opening up trade barriers
    • Cybercrime issues have been on the rise, and law enforcement authorities have been attempting to streamline their operations to fight them
    • The European Directive on Data Protection took a long time to pass and be implemented, with opposition both within the EU and without, so proponents of blocking dataflow were reluctant to flex any muscle in areas of questionable jurisdiction
    • E-Commerce suffers from similar issues in terms of choice of law and lack of consumer protection, and the struggle between consumers who want to maximise their hard fought consumer protection by choosing the best jurisdictions for consumers are up against companies who face a potentially gargantuan task of having to apply all regional laws to their business as they serve e-consumers around the world
    • There are no easy answers. Just like global warming, the environment, better parenting, poverty in developing countries, health effects of old pollutants, and many other pressing issues that need to be addressed, there are no easy answers.

    And this last point is why we must thank David Loukidelis for opening up the debate again. We have a new generation of young privacy enthusiasts and scholars who have not thought about this issue, but have taken global data flows for granted. Here is the torch, you find the solutions, because those of us who have been worrying this bone since the 80s have not come up with much.

    Stephanie Perrin will be moderating a panel on this important topic at the Summit of the International Association of Privacy Professionals in Washington on March 10. Check back for her report of what panelists David Loukidelis, Becky Burr (Wilmer Cutler), Peggy Eisenhauer (Hunton and Williams), Jim Harper (Cato Institute) and Michael Geist (University of Ottawa) had to say about the issue. (www.privacyassociation.org)

    | Comments (1) |

    Wearing Masks Against NY Law

    posted by:Hilary Young // 07:50 AM // // Digital Democracy: law, policy and politics

    Many of you have probably been following this case, but I stumbled upon it for the first time last night. Basically, the Ku Klux Klan in New York wanted to hold a rally but was denied a permit on the grounds that NY State law prohibits wearing masks and disguises in public (other than for costume parties). The Klan challenged the statute on First Amendment grounds (masks as symbolic speech, right to anonymity) but failed at the 2nd Circuit and the U.S. Court of Appeals. In December, the US Supreme Court refused to hear the case so the Court of Appeals decision stands. For some discussion of the implications of the decision, see http://www.cnn.com/2004/LAW/12/17/colb.masks/, and for the case itself, see http://www.ca2.uscourts.gov:81/isysnative/RDpcT3BpbnNcT1BOXDAyLTk0MThfb3BuLnBkZg==/02-9418_opn.pdf

    | Comments (0) |

    Federal Effort to Head Off TV Piracy Is Challenged

    posted by:Jennifer Manning // 04:24 PM // February 21, 2005 // Digital Democracy: law, policy and politics

    The D.C. Circuit Court of Appeal will hear arguments tomorrow regarding the legality of the broadcast flag. The lawsuit was brought by Public Knowledge and others against the U.S. Federal Communications Commission (FCC).

    Click here for the New York Times article.

    Click here for "The Broadcast Flag and Why You Should Care"; a summary prepared by Cites & Insights: Crawford at Large.

    | Comments (0) |

    House panel approves spyware bill

    posted by:Jennifer Manning // 09:25 AM // February 17, 2005 // Digital Democracy: law, policy and politics

    A panel of the U.S. House of Representatives has approved a bill to
    regulate spyware. This is a second attempt to
    target spyware after a similar measure died in the Senate in 2004.

    Click here for the CNET article.

    Click here for the bill.

    | Comments (0) |

    On Canadian developments in Electronic Health Record Management and the need for cross-disciplinary action

    posted by:Stefan Brands // 11:53 PM // February 16, 2005 // Digital Democracy: law, policy and politics | ID TRAIL MIX

    In September 2000, Canada’s First Ministers committed “to work together to strengthen a Canada-wide health infrastructure to improve quality, access and timeliness of health care for Canadians. ” As a result, in 2002 the Canadian provinces and federal government created Canada Health Infoway, which includes on the board of directors all Canadian deputy ministers of health. The core priority of Canada Health Infoway is the electronic health record. As defined by Canada Health Infoway, “An Electronic Health Record (EHR) is a secure and private lifetime record of an individual’s key health history and care. It creates significant value, providing a longitudinal (i.e. “cradle to grave”) view of clinical information. The record is available electronically to authorized health care providers and the individual anywhere and anytime in support of care.

    Privacy and security are of utmost importance in the design of the Canadian EHR infrastructure. According to unpublished private polling data collected in May 2003 by the Courtyard Group, the two main reasons Canadians would oppose the development of EHRs are (1) confidentiality and privacy [54%] and (2) safety of information [31%]. [Source: “The State of the EHR and Electronic Healthcare in Canada - The Unvarnished Version,” presentation by the Courtyard Group, November 13, 2003.] Privacy is also sought by medical practitioners: notably, many doctors strongly oppose solutions that would give central parties (such as health insurance organizations) the real-time power to monitor all their actions.

    If privacy and security are not properly addressed, Canadians may stay away from the resulting EHR infrastructure, in which case hundreds of millions (if not billions) of taxpayer dollars will have gone down the drain. Unfortunately, there are currently no technologies on the market that can protect access to electronic health records without creating the equivalent of a digital surveillance infrastructure. For example, while PKI technology does a good job at message encryption and authentication, it roots inescapable systemic identification deeply into the infrastructure. This makes it impossible for individuals and medical service providers alike to control the flow of personal data and to limit the opportunity for unauthorized secondary uses of that data. Studies confirm that the most frequent breaches of patient information confidentiality do not come from unauthorized outsiders, but from uncontrolled secondary usage, accidental disclosures, curiosity, and subordination by insiders.

    In spite of the awareness of Canada Health Infoway and many of its stakeholders that privacy is absolutely critical to the adoption and spread of EHRs, currently its stakeholders seem to be blissfully unaware of the profound privacy implications of the specific choice of authentication technologies to protect access to EHRs. There is a misconception that privacy risks must be dealt with by means of data protection legislation and sectorial regulations. While legislation and regulations will always be an absolute necessity, they lose most of their power if at the electronic data flow level everything would be instantaneously traceable and linkable; for instance, how can organizations limit the collection of personal information if the infrastructure technology they use does not make it possible for them to do so?

    At the same time, there seems to be virtually no awareness among Canada Health Infoway and other stakeholders of the existence of privacy-enhancing security technologies. A fundamental discovery of modern cryptography is that there is no need to rely on central parties for one’s privacy, and that this can be guaranteed by technical (cryptographic) means. Over the course of the past two decades, the cryptographic research community has developed a wide range of techniques for minimizing the disclosure of personal information at different stages in its life-cycle, including zero-knowledge proofs, privacy-preserving data-mining, private information retrieval, privacy-preserving digital credentials, homomorphic encryption, and so on.

    At McGill University, my students and I are researching how these privacy-enhancing technology building blocks can be used to build secure EHR systems that preserve privacy. We believe this is an important area of research not only from an academic perspective, but also in light of the billions of dollars of tax payers money that now and in the next years are being poured into the creation of the Canadian EHR management infrastructure.

    Needless to say, I would most pleased to be joined in our efforts by other researchers in the anonequity project. Electronic health is one of the primary areas where the cross-disciplinary nature of our project can be truly powerful.

    On that note, this Friday (February 18) I will be giving a lecture at the School of Computer Science of McGill University on the topic of privacy-by-design in health record management systems and other applications of “federated identity management.” (Abstract online.) The atmosphere will be relaxed, and there will be lots of opportunity for informal discussions on the topic afterwards. If you happen to be near Montreal that day and are interested in attending, send an e-mail to the colloquium organizer.

    | Comments (1) |

    A New Model Army Soldier Rolls Closer to the Battlefield

    posted by:Jennifer Manning // 11:53 AM // // Digital Democracy: law, policy and politics

    The American military announced that they are using technology to develop robot soldiers, and expect to use them in combat in less than a decade. Military planners say robot soldiers will think, see and react increasingly like humans. As their intelligence grows, so will their autonomy.

    Should robots be responsible for making life and death decisions?
    Click here for the New York Times Article.

    | Comments (0) |

    Fingerprints, iris scans to tighten U.K. borders

    posted by:Jennifer Manning // 02:57 PM // February 08, 2005 // Digital Democracy: law, policy and politics

    Secretary of State for Home Affairs Charles Clarke anncounced on Monday that all visa applicants will be fingerprinted once they arrive in the U.K. The government will also be putting an "electronic borders" program in place that will review and store the travel data of all U.K. immigrants. Click here for the article.

    | Comments (0) |

    Industry Canada seeking comment on health privacy issue

    posted by:Philippa Lawson // 04:01 PM // February 04, 2005 // Digital Democracy: law, policy and politics

    If anyone is interested in this issue (or believes that the Ontario PHIPA is not as privacy protective as PIPEDA) and would like to submit comments via CIPPIC, let me know. The deadline for comments is Feb.21st.

    Pursuant to paragraph 26(2)(b) of the Personal Information Protection and
    Electronic Documents Act (PIPEDA), Governor in Council proposes to make the
    following Exemption Order:

    Health Information Custodians in the Province of Ontario Exemption Order

    Based on the recommendation by the Minister of Industry that the Ontario
    Personal Health Information Protection Act, 2004, (PHIPA) is substantially
    similar to the Personal Information Personal Information Protection Act
    (PIPEDA), the Order propose to exempt from the federal Act, health
    information custodians subject to PHIPA, in respect of the collection, use
    or disclosure of personal health information that takes place within the
    province, in the course of commercial activity. The PIPEDA will continue to
    apply to the collection, use or disclosure of all personal information
    outside the province, in the course of commercial activity.

    Notice of the proposed Order will be published in Part 1 of the Canada
    Gazette on February 5, 2005. Comments may be provided within 15 days after
    the date of publication, and may be forwarded to:

    Richard Simpson
    Director General
    Electronic Commerce Branch
    Industry Canada
    300 Slater, 2090D
    Ottawa, Ontario
    K1A 0C8
    Electronic Mail: simpson.richard@ic.gc.ca
    Telephone: (613) 990-4292
    Facsimile: (613) 941-0178

    | Comments (2) |

    EC Data WP Expresses Concern on Privacy Implications of IP

    posted by:Jennifer Manning // 12:31 PM // February 03, 2005 // Digital Democracy: law, policy and politics

    The EU Working Party recently released a working document on data protection issues related to intellectual property rights.

    The Working Party expressed concern regarding how the use of unique identifiers linked with the personal information collected leads to the processing of detailed personal data. The document also highlights the challenge of protecting privacy in light of DRM and copyright enforcement. A copy of the working document can be accessed here: http://europa.eu.int/comm/internal_market/privacy/docs/wpdocs/2005/wp104_en.pdf

    | Comments (0) |

    An article about Google and employee blogs

    posted by:Jennifer Manning // 05:46 PM // January 30, 2005 // Digital Democracy: law, policy and politics

    CNET.news recently posted a short article about Mark Jen (Google employee's) blog, ninetyninezeros. The article discusses some of the issues surrounding employee blogs, and why Jen took down his post that offered some "mild criticisms" of Google. Click here for the article

    | Comments (0) |

    Homes are private places, even if the public has "visual access"

    posted by:Alex Cameron // 10:12 AM // January 28, 2005 // Digital Democracy: law, policy and politics

    The Supreme Court of Canada has just released reasons in an interesting privacy case. The the accused was charged with committing an indecent act in a public place - masturbation in this case - under the Criminal Code. However, the accused had engaged in this act in his own home. The question the Court has to answer was whether the man's home was a "public" place because his activities were in view of the "public" through his windows - his neighbours were the ones who saw him and reported him to the police.

    In a short unanimous judgement, the Court held that the man's home was private and that it did not become "public" merely because others could peek in. Citing the language of the Criminal Code, Justice Fish wrote the following for the Court: "The living room of his private home was not a place 'to which the public (had) access as of right or by invitation, express or implied'." The Court held that "access" in this provision of the Criminal Code meant physical access, not "visual access". Because the public did not have physical access to the accused's home, it was not a public place for the purpose of this offence.

    This ruling turned on the particular wording of the Criminal Code. However, it will be interesting to see whether this case influences more broadly the interpretation of public vs. private spaces in future cases.

    Full decision here

    Media report here

    | Comments (3) |

    The information commons and the free software movement

    posted by:Chris Young // 01:43 PM // January 24, 2005 // Digital Democracy: law, policy and politics

    This article by David M. Berry (doctoral candidate at the University of Sussex) is a bit of an opinion piece on trends in increasing privatization of information, and warns of a possible new "feudal order" based on renting of information owned exclusively by private corporations.

    I post it because I want to draw attention to the increasing politicization of the free software movement. This article is published in FreeSoftwareMagazine.com, a new online and print publication dedicated to the Free software/Open source movement. Fully half the articles are at least partly political in tone, rather than dealing exclusively with technical aspects of open source software, as might be expected. The free software movement is an important front in the private vs. common information debate. Many of the articles in this magazine are published under the Creative Commons framework.

    | Comments (2) |

    Kids for Sale - Privacy in Canadian Schools

    posted by:Valerie Steeves // 01:55 PM // January 21, 2005 // Digital Democracy: law, policy and politics

    Earlier this week, my daughter in grade 9 came home from school with a iFlurtz survey form. The survey asks for the student’s full name and birthdate, before delving into a range of questions like:

    A 'Double iced mocha frappuccino' is:
    a) one of life's necessities
    b) a chance to free your inner spaz
    c) overpriced designer coffee
    d) a funny thing to say

    Your fave t.v. shows are:
    a) comedies
    b) dramas
    c) reality shows
    d) sports
    e) music videos
    f) sci-fi
    g) talk shows
    h) news

    Apparently the survey is a fund raiser – kids fill it out to find out the names of 10 other students in their school they should date. Trouble is, their personal data – full name and date of birth, as well as preferences – is sent to the US where it’s collated and matched against data from other students in their school. A marketer’s gold mine, n’est-ce pas?

    When my daughter asked her teacher what was up with the survey, she was told (and I quote) "If you’re an obedient kid, you’ll fill it out." Friends of hers were told they had to fill it out before their teacher would "allow" them to do their class work. No notification of purpose, no consent, just one big mandatory opt in.

    The teacher organizing the survey clarified after the event – the survey is a way for school clubs to raise money, it’s supposed to be completely optional, and the data isn’t resold – but there’s more here than bad administration. As schools are being increasingly commodified, students are often what’s up for sale. My house is deluged with marketing material handed out to my kids in school – including offers to join clubs or fill out "surveys", almost all of which collect their personal information - in spite of the fact our local school has a "no commercial promotion" policy in place. And getting your kid’s name off the commercial lists if they do join a club or buy something is next to impossible.

    If we’re going to take privacy and anonymity seriously, it’s about time we took privacy education seriously too. Students need to know more than their informational rights – they need to know the reasons why, in a democracy, people exercise their right to privacy. To me, the most troubling part of the story is that my kid was the only one of her friends that refused to fill out the survey, even though a number of them were uncomfortable or didn’t want to do it. They felt they "had to" because they were "told to".

    On the other hand, the schools need some educating too. I had another child enrolled in a medical research project and interviewed before she came home to tell me what she did at school that day. When I confronted the researcher (who was working with a well respected medical institution in Ottawa), she told me my school board had consented to my child’s participation on my behalf. I don’t think so… They destroyed my kid’s data, but what about the 20 other 5 year olds in her kindergarten class? Do you think that when they’re told to fill out their iFlurtz survey in grade 9 they’ll even think about resisting?

    | Comments (3) |

    "Brave New Era for Privacy Fight"

    posted by:Alex Cameron // 01:10 PM // January 20, 2005 // Digital Democracy: law, policy and politics

    Wired News has an excellent article on important privacy issues for 2005 and beyond. Issues covered include the Patriot Act enhancements, data mining, national ID, federal vs. state control over privacy, DNA databases, and RFID. Marc Rotenberg of EPIC and 'On the Identity Trail' is quoted a number of times in the article.

    Click here for the Wired article.

    | Comments (2) |

    Review of Anti-Terrorism Act begins... submissions sought

    posted by:Alex Cameron // 12:58 PM // // Digital Democracy: law, policy and politics

    The House of Commons Subcommittee on Public Safety and National Security has begun a review of the Anti-Terrorism Act passed in the wake of 9/11.

    The subcommittee is accepting written submissions until February 28, 2005.

    Requests to appear at hearings scheduled for winter and spring 2005 must be submitted by February 11, 2005.

    The subcommittee plans to table its report to the House of Commons in autumn 2005.

    Click here for the official announcement and further details.

    | Comments (0) |

    main display area bottom border

    .:privacy:. | .:contact:.

    This is a SSHRC funded project:
    Social Sciences and Humanities Research Council of Canada