Canadian Privacy Law Blog

Interim BC privacy commissioner appointed

2010-01-25T21:13:00.000-04:00

The BC Government has appointed an interim Information and Privacy Commissioner to fill the role until the legislature resumes in the spring:

Interim privacy commissioner appointed - The Globe and Mail
... Instead, Paul Fraser, B.C.'s Conflict of Interest Commissioner, is taking over as acting commissioner.
Mr. Barisoff said Ms. Carlson's letter didn't make it to him on Friday because it was sent after business hours. However he downplayed the delay, saying the government needed time to find the right candidate.
“You have to have someone who can do the job and you can't simply take someone out of nowhere,” he said. “I don't think it's that long to wait for someone to do a good job… The world wasn't coming to an end in three business days.”
He added that Mr. Fraser is a good choice for the interim position, since he is already an independent officer of the legislature. The permanent commissioner won't be selected until the legislature resumes its next sitting in the spring....

BC Privacy Commissioner's resignation leaves office in limbo

2010-01-23T11:53:00.000-04:00

I posted earlier this week that David Loukidelis has resigned as Information and Privacy Commissioner for British Columbia to take on the post of Deputy Attorney General for the province. He resigned effective January 19, 2010. This has apparently left a significant gap, as there was no interim Commissioner appointed. Without a commissioner, the operations of the office have ground to a halt:

CBC News - British Columbia - Privacy official sounds 'urgent' alarm
Work at the office of B.C.'s Information and Privacy Commission in Victoria is reported to have ground to a halt after the commissioner resigned suddenly this week.
Privacy Commissioner David Loukidelis resigned unexpectedly Wednesday to take a job as deputy attorney general.
Commission executive director Mary Carlson circulated a letter labelled "extremely urgent" at the B.C. legislature Friday calling for a quick resolution of the situation.
The letter was addressed to the legislature Speaker Bill Barisoff and copied to Premier Gordon Campbell, Opposition Leader Carole James and senior legislative staff.
In the letter, Carlson said she sent an urgent request to Campbell Thursday.
"I wrote to the premier's office to raise this pressing concern," she wrote.
"Despite having attempted to learn if an acting commissioner has been appointed or, if not, when this will occur … this office has received no response."
Work was piling up quickly in the busy commission office, but her hands were tied, according to Carlson.
She said she had received legal advice that the office could not perform its job of reviewing requests for information and could not provide independent oversight for 3,000 public bodies until an appointment is made.
"It has been necessary to suspend the entire operations of the office," Carlson said.
The Office of the Information and Privacy Commissioner is independent from government and monitors and enforces British Columbia's Freedom of Information and Protection of Privacy Act and Personal Information Protection Act.

BC Commissioner to leave post, become Deputy AG

2010-01-20T19:46:00.001-04:00

BC Information and Privacy Commissioner David Loukidelis is leaving the post to become Deputy Attorney General of BC. Here's the official release:

GOVERNMENT ANNOUNCES KEY APPOINTMENT
Jan. 20, 2010
Office of the Premier
GOVERNMENT ANNOUNCES KEY APPOINTMENT
VICTORIA – David Loukidelis has been appointed Deputy Attorney General. The appointment will be effective February 1, 2010.
Loukidelis will replace acting Deputy Attorney General, Jerry McHale, Q.C., who was appointed in October 2009 on an interim basis after Allan Seckel, Q.C., was appointed Deputy Minister to the Premier, Cabinet Secretary and Head of the British Columbia Public Service.
Loukidelis previously served as the Information and Privacy Commissioner for the Province of British Columbia since 1999. Loukidelis has become an internationally-recognized expert in access to information and privacy protection issues, and has written hundreds of access-to-information and privacy decisions under B.C.’s public and private sector access and privacy laws. In addition to serving as Information and Privacy Commissioner, he has served as Registrar of Lobbyists under the Lobbyists Registration Act.
Loukidelis received his law degree in 1984 from Osgoode Hall Law School and qualified as a lawyer in British Columbia in 1985. He served as a clerk to a Justice of the Supreme Court of Canada before moving on to the University of Oxford, where he received his bachelor of civil law in 1987. In 1980, he received a master of arts degree in English language and literature (medieval studies) from the University of Edinburgh.
An all-party committee of the legislature will select a new Information and Privacy Commissioner. An acting Information and Privacy Commissioner will be named in the near future.

From local media:

C-FAX 1070 - News
PRIVACY COMMISSIONER TO MOVE TO DEPUTY ATTORNEY GENERAL
Jan 20, 2010
BC'S PRIVACY COMMISSIONER, DAVID LOUKIDELIS IS CHANGING JOBS. IN A STATEMENT FROM THE PROVINCE TODAY, IT WAS ANNOUNCED THAT LOUKIDELIS HAS BEEN APPOINTED DEPUTY ATTORNEY GENERAL EFFECTIVE FEBRUARY 1. AN ALL PARTY COMMITTEE WILL SELECT THE NEW PRIVACY COMMISSIONER, NONE OF THE CANDIDATES WERE NAMED WEDNESDAY. LOUKIDELIS REPLACES ACTING DEPUTY ATTORNEY GENERAL JERRY MCHALE, APPOINTED IN OCTOBER 2009 AFTER ALLAN SECKEL WAS APPOINTED DEPUTY MINISTER TO THE PREMIER.
- LIZ MCARTHUR

New privacy rules for Crown-run casinos in Saskatchewan

2010-01-11T20:28:00.000-04:00

The Saskatchewan Privacy Commissioner has told government run casinos in the province to requiring the addresses of people who buy show tickets with cash. The amount of personal information collected by casinos is breathtaking, so I'm most surprised by the revelation that only now is Gaming Saskatchewan appointing a privacy officer.

The Canadian Press: New privacy rules for Crown-run casinos in Sask. after complaint investigation
(CP) REGINA — Two Crown-run casinos in Regina and Moose Jaw, Sask., are no longer demanding personal information from people who pay cash for tickets to live stage shows.
Gary Dickson, the province's information and privacy commissioner, says Saskatchewan Gaming has adopted new privacy rules to stop the practice.
He says his agency launched an investigation in 2008 after someone who tried to buy a ticket with cash was told they would still have to provide personal information, such as a home or email address.
Dickson says when his agency investigated, they were told that one of the reasons the information was collected was to notify ticket holders in case a performance was cancelled or delayed.
But he says their investigation found that didn't happen very often and it wasn't a credible reason to collect the information.
Dickson says Saskatchewan Gaming now has a senior official in charge of privacy issues, has developed new privacy policies, provided more training to staff and has developed signs and brochures telling customers that providing personal information is not mandatory.

EPIC reports that body scanners can store, send images

2010-01-11T09:58:00.000-04:00

According to documents obtained by EPIC and made available to CNN, body scanners procured by the TSA are designed to be able to record and transmit images, whcih appears to contradict assurances given by the agency:

Body scanners can store, send images, group says - CNN.com
Washington (CNN) -- A privacy group says the Transportation Security Administration is misleading the public with claims that full-body scanners at airports cannot store or send their graphic images.
The TSA specified in 2008 documents that the machines must have image storage and sending abilities, the Washington-based Electronic Privacy Information Center (EPIC) said.
In the documents, obtained by the privacy group and provided to CNN, the TSA specifies that the body scanners it purchases must have the ability to store and send images when in "test mode."
That requirement leaves open the possibility the machines -- which can see beneath people's clothing -- can be abused by TSA insiders and hacked by outsiders, said EPIC Executive Director Marc Rotenberg.
EPIC, a public-interest group focused on privacy and civil rights, obtained the technical specifications and vendor contracts through a Freedom of Information Act lawsuit.
The written requirements also appear to contradict numerous assurances the TSA has given the public about the machines' privacy protections....

I wasn't able to find the documents themselves on the EPIC website.

Alberta Privacy Commissioner has some choice words about airport body scanning

2010-01-07T18:25:00.003-04:00

The incomparable Frank Work, Information and Privacy Commissioner of Alberta, appears to have an opinion on body scanning technologies.

Privacy boss pans scans
New naked body security measures at airports don't fly, he says

By MICHAEL PLATT
The thin edge of the wedge -it's not the happiest of analogies when the subject is naked body scans and orifice-probing technology.
But that's the uncomfortable warning from Alberta Privacy Commissioner Frank Work, following a federal decision to install full-body security scanners at major Canadian airports, including Calgary and Edmonton.
Blasting the move as a serious blow to personal privacy and dignity, Work says he expects the obvious flaws in body-scanning security will result in more high-tech "toys" to fill the gaps.
"What will they do next, after the next incident? We're running out of toys and technological silver bullets," said Work, one day after the federal government announced the new airport security measures.
Work guards the privacy of Albertans, be it information or images.
If this was an Alberta rule or an airport decision, Work would surely step in and prevent the visual strip-search.
But being federal legislation, Work fears there is nothing he can do to block the airport scanners, which expose naked images of passengers to the eyes of prying security staff.
"The bottom line is it's a dignity issue, and either out of fear or because we don't want to stand in line too long, we've forsaken any notion of dignity -- it's like, all right, we'll assume the position," said Work.
He's awaiting a call from federal Transport Minister John Baird, but Work believes his hands are tied.
Work said that because human-monitored body scanners aren't perfect, showing only a surface view of the nude passenger, he believes it's a matter of time and/or tragedy before the next step is taken.
"The system is still prone to failure, so let's say the next guy packs his ass with however many grams of (plastic explosive) he can shove up there, and either successfully or unsuccessfully detonates it. What do they do next?" said Work.
"How do they trump full body scans? There actually is a device called the BOSS -- the Body Orifice Security Scanner -- where you sit in a plastic armchair and it can detect plastic or metal in body orifices. Is this next?"
The privacy boss knows his technology, and the chair he references is used in U.S. prisons, in lieu of the old rubber glove approach. That it could easily be installed in airport security areas is a squirmy thought.
Work believes it's just a matter of time.
"At what point do we say, 'Holy crap man, you're patting me down, you've got pictures of me naked, you've got me squatting on a chair, and you've taken my water bottle away'. I mean at what point is enough, enough?"
The federal government is installing 44 of the $250,000 body-scanners across Canada, as well as implementing a new system of visual observation, where security staff will monitor passenger behaviour.
The changes come in response to a Christmas Day attempt to blow up a jetliner over Michigan, when a Nigerian man failed to ignite explosives sewn into his underwear.
While the new body-scanners reportedly wouldn't have caught the underwear bomber -- the explosives were spread too thin -- U.S. demands for extra security have forced countries like Canada to follow suit.
Work says Canada obviously has little choice, if citizens want to travel internationally.
While the U.S. is forcing Canadian travellers to surrender their dignity, Work said the real danger is people starting to believe in safety, purchased through an invasion of privacy.
"The thing that troubles me most as the privacy commissioner, is we're getting more and more used to this stuff.
"Maybe we have to throw in the towel on the body scanners, but the next time the police or authorities come along wanting to blanket the city in cameras for safety reasons, we'll be that much more compliant."

Scary and funny: Undressing the naked truth about the future of airline travel

2010-01-07T09:22:00.001-04:00

This is too funny, scary and prescient:

Undressing the naked truth about the future of airline travel
Cavity searches, complementary catheters, cryogenic suspension will be the norms
By Paula Simons, Edmonton Journal
January 7, 2010 2:07 AM
The Edmonton Journal
January 7, 2011
The federal government says Canadian air travellers will soon be asked to undergo full-body cavity searches.
The move comes after full-body scanners, of the same type installed in Canadian airports last year, failed to detect bomb-making materials that a group of alleged would-be bombers had secreted within their personal body cavities.
Transport Canada says passenger privacy will be fully protected, because all individuals being stripped-searched will wear paper bags over their heads, preventing security officers from seeing their faces.
"We feel this strikes the necessary balance between protecting passenger safety and avoiding unnecessary traveller embarrassment," said Transport Canada spokesman Winston Smith.
Health Canada will compensate travellers by including complementary prostate exams and PAP smears as part of the inspection process.
"We won't just be striking a blow in the war on terror," said Reductio Ad-Absurdum, a spokesman with the Prime Minister's office. "We'll also reduce the burden on our public health-care system by screening early for cervical and prostate cancer. We think Canadians will be open to the value-added benefits."
While a few civil libertarian academic-types raised concerns about the invasion of privacy, most of those commenting on The Journal's web-site were enthusiastic.
"Flying is a privilege, not a right," said one.
"If you don't have anything to hide, why would you object?"
"The world is a scary place," said another. "I don't mind having my government stick its nose into every nook and cranny."
The Edmonton Airport Authority is asking all local passengers to arrive at the airport at least five hours before flight time to allow enough time for the new inspections.
---
The Edmonton Journal
January 7, 2015
In a new policy initiative designed to flush out terrorist plots, Transport Canada has announced that airline passengers will no longer be allowed to use on-board washrooms while the plane is in flight.
"Letting people move freely through the cabin, allowing them access to a private space where they couldn't be monitored, well, it's just too big a risk," said Transport Canada spokesman Winston Smith.
Passengers will be required to stay in their seats, with their belts securely fastened, for the duration of the flight. For short-haul flights, passengers will be provided complementary adult diapers. Long-haul flyers will be issued personal catheters.
"We feel this strikes the necessary balance between protecting passenger safety and avoiding unnecessary traveller embarrassment," Smith said.
While civil libertarians and others soft on terrorism suggested the new policy was an affront to human dignity, public response was muted.
"This is public safety we're talking about here," said Edmonton passenger Saaphtee Pherst, 52.
"If you have a problem with it, then don't fly."
The Edmonton Airport Authority is asking long-haul passengers to arrive six hours ahead of their departure time to be fitted for catheters.
---
The EdJour.com
January 7, 2020
In a move designed to restore public confidence in air travel, Transport Canada has announced it is moving to align with a new American policy that requires that all airline passengers be placed in pre-flight cryogenic suspension.
"We believe that flash-freezing will maximize both passenger safety and passenger comfort," said federal spokesman Winston Smith. "Ever since we banned people from taking books, magazines, computers and food aboard planes, and made it illegal for them to get out of their seats, air travel has become unduly tedious. This way, we eliminate any terrorism and boredom, and allow passengers to arrive safe and well-rested, without jet lag. And since we'll be able rip out the seats and stack passengers like cordwood, we'll be able to make more efficient use of space and fuel."
Federal spokesman Reductio Ad-Absurdum said cryogenics was a proven technology with minimal health risks.
The Edmonton Airport Authority is asking all passengers to report to the airport 24 hours before their flight for freezing.
The EdJour.com
January 2, 2021
---
Air UnitedCanNorthWestDeltaKLMVirginJALEl-AlJet, the world's sole surviving airline, filed for creditor protection this week in the wake of a disastrous Christmas travel season. A climate of fear, combined with fears about climate change, meant no one flew anywhere.
"Flying was no longer exciting or convenient," said business analyst Noitall Pundit. "The Age of the Airplane is over."
Travel Alberta is now asking people to travel by low-carbon donkey instead, and to stay strictly within a 100-mile radius of home.
"Foreign travel is dangerous and overrated. So are foreigners," said spokeswoman Pollyanna Xenophobe. "Alberta is the promised land. Really, no one should ever want leave it again."

We need a debate on the privacy impact of body scanners

2010-01-07T07:19:00.002-04:00

I was interviewed by the Halifax Chronicle Herald on the need for a thorough debate about the privacy impact of body scanners and to make sure that we are actually dealing with the problem. And if we're going to use the technology, we need to ensure that all steps are taken to mitigate the privacy impact.

Safety vs. privacy: - Nova Scotia News - TheChronicleHerald.ca
Safety vs. privacy: Legal expert warns tradeoff of agreeing to virtual strip search might not be worth it
By KELLY SHIERS Staff Reporter Thu. Jan 7 - 4:47 AM
A Halifax privacy expert says airline passengers willing to undergo virtual strip searches are trading privacy for security in an equation that may not result in increased safety in the air.
"Because this is almost unprecedented in its intrusiveness, that means we really need to have a debate about it," David Fraser said Wednesday.
"If you throw out people’s privacy, it doesn’t necessarily mean you’re going to end up with the best security.
"I think we need to have all the facts in front of us about how effective these things are, what sort of impact they’re having on privacy, and how (we can) increase the effectiveness of security while trying to mitigate the impact it can have on privacy."
RELATED» Privacy czar probes Ottawa’s plan for airport surveillance » Slovaks plant explosive in traveller’s luggage in failed security test» Airport security: Last line of defence
Mr. Fraser, a privacy lawyer with McInnes Cooper, said most of the people he has spoken with have reacted positively to the news that airports across the country, including in Halifax, will soon use scanners that see through clothes.
The machines show a three-dimensional outline of a naked body that allow screening officers to see whether someone is carrying dangerous items.
"When they balance their safety versus their privacy, they’re happy to give up their privacy in exchange for their safety," he said.
The scanners have been used at some airports outside Canada and were expected to be introduced in this country at some point.
But on Tuesday, the federal government announced it will buy 44 machines as part of an international response to a man’s attempt to blow up a jet approaching Detroit on Christmas Day. The man was wearing explosives sewn into his underwear.
The devices are only supposed to be used on passengers who have been singled out for secondary screening. Those passengers can choose to go through the machines or be frisked.
Mr. Fraser said he would prefer to be scanned rather than have the kind of intrusive pat-down that would be required in order to detect explosives sewn into underwear.
But he said he believes technology is only part of the answer to combating terrorism in the air.
"It’s convenient to throw technology at the problem and I think there may be an assumption this is going to make everybody safe, but I’m not sure this is necessarily the case," he said.
The devices have shortcomings, even if they are better than what is now in place, he said.
And technology, he said, may not be as effective as "strategic investments in humans" who are collecting, analyzing and using the massive amounts of data about possible threats and possible terrorists.
He said the public should ask questions about the use of the images and the safeguards that will be in place to protect them.
Under a plan approved by Canada’s privacy commissioner, an officer would view the image in a separate room and never see the passenger. The images are supposed to be erased automatically and no copies kept.
Other possible safeguards could include scanning screeners to ensure they’re not carrying cameras or cellphones capable of taking pictures of the images, Mr. Fraser said. And just as pat-downs are only done by members of the same sex, perhaps that rule should apply to viewing the naked images, he said.

TMI: The backfiring of the surveillance state?

2010-01-06T13:14:00.000-04:00

This is an extremely interesting read: The backfiring of the surveillance state. Glenn Greenwald takes the position that intelligence and national security agencies in the US are so buried in data from surveillance and other sources that it has led to paralysis

Government plans update of privacy law this year

2010-01-04T10:53:00.000-04:00

According to Canada.com, Industry Minister Tony Clement plans to modernize Canada's privacy laws this year. No details, so we'll stay tuned. After March, of course.

See: Push for more wireless competition behind Globalive decision: Clement.

Thanks to Michael Geist for the link.

Pantsbomber revives debate over body scanners as implementation is expanded

2010-01-03T09:49:00.002-04:00

The thwarted Christmas Day bombing plot has certainly raised security levels in airports over the holidays. Individual passengers are being frisked before boarding, presumably to make sure they don't have any hidden compartments in their unmentionables (but inspectables). Carryons are being dramatically restricted to reduce screening times, as all such items have been hand inspected. Not at all surprisingly, this has brought body scanning technology to the fore.

In October of this year, the Federal Privacy Commissioner gave her conditional approval to the use of the technology. The conditions are that the images are not retained and the scanners are used only as a secondary screening tool. (See: A necessary image - The Globe and Mail.) However, all passengers to the US are now subject to secondary screening. The Globe article says that technology exists to blur faces and genitals, but I would think that genital blurring may might have obscured a cleverly hidden crotch bomb.

Also according to the Globe (Nigeria, Netherlands to introduce full-body imaging; Canada undecided - The Globe and Mail), both countries that were connected to the pantsbomber, Nigeria and the Netherlands, are introducing body scanning for all flights to the United States. So are UK airports (BAA to introduce full-body scanners at UK's Heathrow).

I travel a lot. Personally, I'd rather be virtually stripped in five seconds than physical patted down by a stranger over two or three minutes. But I'm not so shy. I would also think that the same technology that is currently used to detect explosives residue should be rolled out on a wider scale as well.

For a good overview of the technology and the debate, check out: Full-Body Scanners at Airports: The Good, the Bad, and the Ugly Technomix Fast Company.

Also, CBS (via YouTube) does a pretty good job of covering the debate:

Canadian Privacy Law Blog turns six years old

2010-01-02T08:18:00.003-04:00

On January 2, 2004, the first post for the Canadian Privacy Law Blog went live (though it was called "PIPEDA and Canadian Privacy Law" at the time.

Looking back to 2004, I had become an avid reader of legal blogs that were already being put out there and wanted to join the conversation. Many were such fantastic resources for a practitioner who needed to keep on top of developments in the law. At the time, privacy law was the most rapidly developing and it seemed a natural fit.

When I first clicked "Publish Post", I really hoped that I'd be able to keep at it. My greatest fear was, aside from not making a positive contribution, was joining the thousands of others who had abandoned blogs after a brief flurry of activity. My expectations have been greatly surpassed. Blogger tells me this will be the 3052nd posting to the Canadian Privacy Law Blog.

I'd like to thank the many people who read this blog regularly and subscribe to the RSS feed. I hope that it has proven to be of value to lawyers and others who have an interest in what I feel is one of the most interesting areas of the law. The tempo of developments in privacy law has varied and so has my posting frequency, but I plan to keep at it.

I thought it may be interesting to look at the top ten most read posts of 2009. Two topics that got a lot of attention in 2009, lawful access and social networking, weren't really on the radar in 2004.

There's a lot going on in the arena of privacy law and I hope this blog has been of assistance in keeping on top of it.

(Birthday cake graphic used under a creative commons license from K. Pierce.)

Canadian airlines look to goverment to solve privacy dilemma

2010-01-02T08:12:00.001-04:00

The timing on this couldn't be worse, in the aftermath of the Christmas day "underwear bomber" and unprecedented scrutiny of airline passengers.

The National Airlines Council of Canada is looking to the federal government to develop a "permanent solution" to the dilemma they are facing. Airlines that overfly the United States are required to send passenger information to the US TSA, but the airlines contend this violates Canadian privacy laws.

There are a number of circumstances under Canadian privacy laws where organizations require the collection of personal information that's not strictly necessary for the provision of goods or services. PIPEDA permits collection, use and disclosure where it is "required by law", but this is not a Canadian legal requirement.

From the Canadian Press:

The Canadian Press: Canadian airlines plead with government to solve U.S. security dilemma
Canadian airlines plead with government to solve U.S. security dilemma
By Jim Bronskill (CP) – 13 hours ago
OTTAWA — Canada's major airlines say they will be forced either to break privacy laws or to ignore new American air security rules unless the federal government comes up with a response to U.S. demands for passenger information.
The National Airlines Council of Canada, which represents the four largest Canadian carriers, is pleading with the government to find "a permanent solution" to the dilemma posed by the U.S. Secure Flight program.
The program would collect the name, gender and birth date of the approximately five million Canadians who fly through American airspace each year en route to destinations such as the Caribbean, Mexico and South America, even if their planes don't touch the ground in the States.
The U.S. Transportation Security Administration (TSA) would then vet the names against security watch lists.
Passengers whose names appear on the list could face anything from extra security screening to being barred from a flight. There are also concerns the personal data could be used for purposes unrelated to aviation security.
Washington is still reeling from an apparent attempt by a Nigerian man to blow up a jetliner over Michigan by igniting explosives sewn into his clothes.
The near-disaster has put renewed pressure on the TSA to ensure the skies are safe.
Canadian airlines have already begun passing along the personal information for flights that land in the United States.
But the requirement to hand over information for international flights over U.S. airspace was put on hold last February pending discussions with the governments of Canada, Mexico and some Caribbean countries.
In a November letter to Bill Baker, deputy minister of Public Safety, the National Airlines Council says Canadian carriers "are not aware of any progress" on the discussions and are concerned the TSA might suddenly enact the overflight provisions.
The council says this would force Canadian airlines to breach either Secure Flight or the Personal Information Protection and Electronic Documents Act, a federal privacy law that applies to Canadian companies.
An internal Public Safety document prepared last January agrees that sharing such information is "currently prohibited" under the privacy law.
Nicole Baer, a spokeswoman for the federal privacy commissioner, said it was too early to determine whether giving overflight data to the Americans would break Canadian privacy law.
The Public Safety document, obtained under the Access to Information Act, raises other concerns about Secure Flight.
"It is possible that Canadians overflying the United States could be denied boarding based on U.S. no-fly lists that were developed based on lower U.S. risk tolerance," says the January 2009 assessment.
"There are also no guarantees how the U.S. will use the information it obtains from carriers overflying its territory."
The United States has indicated it will waive the Secure Flight requirement to provide information for overflights if Canada creates an equivalent security screening system.
Last March, the airlines council told Public Safety Minister Peter Van Loan in a letter that application of U.S. Secure Flight rules in Canada "is a direct result of the failure to ensure" that Canada's no-fly list, known as Passenger Protect, is "an accepted part of a continental aviation security system."
The airlines council favours a homegrown system as long as carriers don't bear any new costs.
Canada has been working for years on a more comprehensive passenger screening system. The Public Safety Department had no immediate update on those plans.
Critics say extending the Secure Flight program to Canadian flights that merely pass over the U.S. would indeed be a threat to Canadian sovereignty.
The Ottawa-based International Civil Liberties Monitoring Group has argued that sprawling American watch lists could ensnare many Canadians - or activists, immigrants and refugees who want to fly to Canada from Latin America but must travel through American airspace to do so.
Washington says Secure Flight, which transfers the task of watch-list screening to the TSA from individual airlines, will reduce the number of false matches - a longstanding problem with common names - and clear up mistakes more quickly.
Copyright © 2010 The Canadian Press. All rights reserved

CLawBie results are in

2009-12-31T17:34:00.006-04:00

The CLawBies (the Canadian Law Blog awards) for 2009 are out and I'm absolutely delighted to be a runner-up in the category of "Best Canadian Law Blog". It's particularly humbling to be in the same paragraph as slaw.ca, the hands-down, undoubtedly best Canadian legal blog out there.

Congrats also to Dan Michaluk, whose All about information blog was tied for Best Practitioner Blog, along with Erik MacGraken’s BC Injury Law and ICBC Claims Blog.

I voted for Slaw and Dan's blog, and Michael Geist's blog, which won "Best Legal Technology Blog".

It's been a good year for Canadian legal bloggers. Read all the results here.

Prime Minister prorogues parliament, privacy legislation in limbo

2009-12-30T17:02:00.005-04:00

It's official, the Prime Minister is proroguing parliament until the beginning of March: CBC News - Politics - PM seeks Parliament shutdown until March. (Never mind that they've been on vacation since November.)

This means that a number of privacy-affecting bills are being forced into a coma. The list includes:

Bill C-27 - Electronic Commerce Protection Act (Second Reading in the Senate and Referred to Committee on December 15, 2009) (aka Anti-spam Act);
Bill C-46 - Investigative Powers for the 21st Century Act (Referred to Committee on October 27, 2009);
Bill C-47 - Technical Assistance for Law Enforcement in the 21st Century Act (Referred to Committee on October 29, 2009);

The media is also reporting that, in the meantime, Harper plans to fill five vacant senate seats, which will give the Conservatives the majority they need to ensure safe passage of their legislation.

NB Court orders production of ISP data to litigant

2009-12-20T08:47:00.000-04:00

Check out Dan Michaluk's summary of Carter v. Connors, 2009 NBQB 317, in which the New Brunswick Court of Queen's Bench ordered a litigant to obtain from her internet service provider a record of all her internet usage since the accident in issue to produce to the other side: Case Report – Another FaceBook production order made « All About Information.

I would be very surprised (shocked, actually) if the ISP kept a record of websites visited, going back five years.

From the first paragraph of the case:

[1] The Applicant-Defendant has brought a motion for an order that the Plaintiff, who is currently undergoing discovery examination by the Applicant’s counsel, provide an undertaking to have her Internet Service Provider, Bell-Aliant, disclose the history of her Internet use at her home from the date of a motor vehicle accident in 2004 until today. Included in that request is a specific ancillary request that, in the event the motion succeeds, the technician that assembles the Internet use record segregate as a discrete record, if possible, the time spent on the Internet social network site Facebook that may be disclosed in the Plaintiff’s Internet use account record. The Plaintiff has conceded in her examination that she also has an account on the social networking site Facebook. The motion is brought pursuant to Rule 33.12 of The Rules of Court but, practically speaking, under the auspices of Rule 32.06 and 33.08(3) of The Rules of Court.

Automated purchase sharing. Really?

2009-12-14T20:16:00.002-04:00

I'm pretty sure that I don't get the appeal: Blippy is a fun and easy way to see and discuss the things people are buying.

Telco and ISP snooping? Don't hate the player, hate the game

2009-12-10T14:19:00.004-04:00

The 'net and twitter have been all abuzz this past week with revelations about telco and ISP cooperation with law enforcement. We've seen Wikileaks post the internal policies of MySpace and Cryptome's posting of Yahoo!'s internal policies.

Blame for this appears to be laid at the feet of the service providers.

I'm all in favour of privacy and completely in favour of government restraint. I'm even more keen on court oversight and requirements that warrants be produced in order for cops and national security types to get access to customer information. I'm also in favour of transparently and accountability. But I haven't seen much nuance in any of the online discussion of this topic. Perhaps that's just the analytical limitations of twitter and the general tone of much of the blogosphere.

Two important issues are being missed. First: just about any time you interact with any business these days, a data trail of some sort is left. If you buy a book using any credit or debit card, there's a record that can connect that purchase to you. If you check out a book from the library, there's a record. If you use a transponder-based tolling system, there's a record of where you were, when and maybe where you are going. If you use any loyalty program to collect points on your purchases, there's an even denser data trail. Your mobile phone provider knows where you phone is at all times and who you have called. This is not unique to online companies. It's simply the reality of our digital lives. Some information collection or retention may be gratuitous, but more often than not it is essential to provide the service that users are asking for. It is not unreasonable, however, to question how much information is collected and how long it is retained. Fair information practices demand that service providers only collect the amount of information necessary to provide the service and that they keep it for only as long as they need to in order to provide the service.

The second, and more important, issue: love it or loathe it, it is the law. If a third party has information about you, the government can get access to it with a court order, a warrant or a subpoena. The third party can sometimes go to court to challenge the legality of the request, but it seldom has enough information to do so. And in many cases, it really has no ability to do so. The fact is, if there is a lawful demand for information, the service provider has to comply or face criminal sanctions itself.

And that's not just unique to the US and the USA Patriot Act. In Canada, take a look at the Anti-Terrorism Act, the Criminal Code, the Canadian Security Intelligence Service Act or the National Defence Act. European democracies have similar rules, too. These companies are generally following their legal obligations. If you have a problem with that, energies and outrage might be more usefully channelled to changing those laws.

ISPs and telcos may influence the laws, but they generally don't make they rules they have to abide by. In short: don't hate the player, hate the game.

My nominations for the Clawbies 2009!

2009-12-07T20:22:00.003-04:00

As announced earlier this week, the nominations are now open for the annual Canadian Legal Blogging Awards, affectionately known as the Clawbies: Nominations Open for the 2009 Clawbies – Law Firm Web Strategy.

This blog was a runner-up in 2007.

The hardest part about nominating blogs for the award is the abundance of great Canadian law blogs out there. I follow dozens that provide interesting, relevant and timely information. I know it takes a lot of time and effort to produce one, so all of them deserve recognition. The best of the best need a special shout-out.

But if I am forced to single out three blogs, I will focus on three that provide me with "practitioner support". These provide a mental and professional return on my investment of time and attention. If I could follow only three Canadian legal blogs, here they are:

All About Information - Dan Michaluk from Hicks Morley puts a lot of thought into everything he posts. His blog has the best commentary and analysis on just about every important privacy and access to information case in Canada. And, he's a great guy.
Michael Geist - Blog - Everyone I know reads Michael's blog and his columns. Not everyone agrees with his perspective, but there is no denying that he is one of the most prolific, plugged-in Canadian legal bloggers. If your practice touches on IP law or privacy, you have to follow him.
Slaw - For me, Slaw is a must-follow because of the regular content that's relevant to my practice. But reading Slaw also reminds me of the Sunday New York Times or wandering through the library stacks: there's amazing stuff that you probably never thought of looking for. You can easily get lost in all the good stuff.

If you read any Canadian legal blogs, please take the time nominate your three faves. All the details are here.

Lifting the veil on telco cooperation with law enforcement

2009-12-07T20:04:00.003-04:00

Over the last little while, there has been much discussion about cooperation between telcos and ISPs, on one hand, and law enforcement, on the other hand. We've certainly seen a lot of talk about "lawful access" in Canada.

If you're curious about some of the goings on behind the scenes at American telcos and ISPs in this regard, Cryptome and Wikileaks both have some interesting leaked documentation about policies and procedures for companies like MySpace, Sprint, Yahoo! and others. Just go to Cryptome.org and WikiLeaks.org and do a little digging around.

Thanks to Delaware Employment Law Blog

2009-12-02T11:07:00.000-04:00

A quick thanks to the Delaware Employment Law Blog for including this blog in their Top 100 Employment Law Blogs. Thanks!

If you're a regular reader of this blog because of workplace privacy issues, head on over there and check out the great resources they provide.

Zuckerberg on the future of Facebook privacy

2009-12-02T09:15:00.001-04:00

At least since I've been using Facebook, this is the first time that Mark Zuckerberg has addressed the Facebook community through an open letter linked from the main user page. I find it interesting that the focus of this is privacy and the future of privacy on Facebook.

An Open Letter from Facebook Founder Mark Zuckerberg Facebook
by Mark Zuckerberg Yesterday at 6:23pm
It has been a great year for making the world more open and connected. Thanks to your help, more than 350 million people around the world are using Facebook to share their lives online.
To make this possible, we have focused on giving you the tools you need to share and control your information. Starting with the very first version of Facebook five years ago, we've built tools that help you control what you share with which individuals and groups of people. Our work to improve privacy continues today.
Facebook's current privacy model revolves around "networks" — communities for your school, your company or your region. This worked well when Facebook was mostly used by students, since it made sense that a student might want to share content with their fellow students.
Over time people also asked us to add networks for companies and regions as well. Today we even have networks for some entire countries, like India and China.
However, as Facebook has grown, some of these regional networks now have millions of members and we've concluded that this is no longer the best way for you to control your privacy. Almost 50 percent of all Facebook users are members of regional networks, so this is an important issue for us. If we can build a better system, then more than 100 million people will have even more control of their information.
The plan we've come up with is to remove regional networks completely and create a simpler model for privacy control where you can set content to be available to only your friends, friends of your friends, or everyone.
We're adding something that many of you have asked for — the ability to control who sees each individual piece of content you create or upload. In addition, we'll also be fulfilling a request made by many of you to make the privacy settings page simpler by combining some settings. If you want to read more about this, we began discussing this plan back in July.
Since this update will remove regional networks and create some new settings, in the next couple of weeks we'll ask you to review and update your privacy settings. You'll see a message that will explain the changes and take you to a page where you can update your settings. When you're finished, we'll show you a confirmation page so you can make sure you chose the right settings for you. As always, once you're done you'll still be able to change your settings whenever you want.
We've worked hard to build controls that we think will be better for you, but we also understand that everyone's needs are different. We'll suggest settings for you based on your current level of privacy, but the best way for you to find the right settings is to read through all your options and customize them for yourself. I encourage you to do this and consider who you're sharing with online.
Thanks for being a part of making Facebook what it is today, and for helping to make the world more open and connected. Mark Zuckerberg

For all the grief Facebook gets, I think they deserve a lot of credit for finally becoming very responsive to user (and regulatory) privacy demands and are providing much more detailed and customizable privacy controls.

EU Clears SWIFT Data Transfers to United States Treasury Department

2009-11-30T14:02:00.004-04:00

The New York Times is reporting on an agreement reached between European ministers and the United States for restored access to information about bank transfers processed by the Society for Worldwide Interbank Financial Telecommunications (SWIFT). See: EU Clears Bank Data Transfers to United States - NYTimes.com.

There has been some coverage of this already on blogs, particularly the Brussels Blogger (SWIFT - EU to grant USA nearly unlimited access to all EU banking data). Much of the tone has suggested that wholesale transfers of information will take place with massive datamining operations to be set up, but take a look at the actual agreement between the US and Europeans. It's available at wikileaks: EU draft council decision on sharing of banking data with the US and restructuring of SWIFT, 10 Nov 2009 - Wikileaks.

The agreement doesn't contemplate wholesale, massive data downloads of the kind one would expect if the database were in the United States. Instead, targeted requests must be made and these are directed through European authorities rather than to SWIFT directly. There are covenants on the US side that it will not be used for data mining purposes and other privacy-protective promises. And, to top it off, the term of the agreement is one year so that it can be renegotiated if it's not working out.

While all of this needs to be examined with a critical eye and it's not perfect, the cynic in me was pleasantly surprised by the details of the agreement.

Use, overuse and abuse of privacy laws

2009-11-26T11:40:00.000-04:00

A very good commentary from the Victoria Times Colonist. Fave quote: "It was a good example of how privacy law has vastly enhanced officials' first inclination to say "no" to every request."

Privacy law helps the government hide
Les Leyne
Times Colonist
Thursday, November 26, 2009
When reporters were briefed a couple of weeks ago on how the Olympic torch relay would go down, they were told no identities of the runners would be supplied, because of "privacy law."
Apparently the people who eagerly volunteered to wear bright white suits while carrying burning torches in front of TV cameras and thousands of people wanted their privacy, along with all the fame and glory.
They wanted no such thing, of course. They were only too happy to joyously volunteer their names on their own. The edict was simply the decision of torch functionaries eager to exercise some of their authority. It was a good example of how privacy law has vastly enhanced officials' first inclination to say "no" to every request.
So it's very enlightening to see how the "privacy law" is bearing up in the scandalous situation uncovered by the Times Colonist last week.
It's useless. It's being cited and ignored at the same time. In the face of a crystal-clear gross violation of taxpayers' privacy -- by a bureaucrat, no less -- the vaunted privacy law is a joke. It's only been handy so far when it comes to trying to cover up this botch.
A ministry caseworker in Victoria with what's likely malevolent intent carted home documents with personal information of some 1,400 clients of the government.
Police are still investigating, but at this point it looks like the man had a lot of the material you'd need to go into the lucrative fake ID business in a fairly big way.
It fell to Citizens' Services Minister Ben Stewart to explain this mess. And his explanation has turned into a mess itself.
He gave every indication last week to Times Colonist reporters Lindsay Kines and Rob Shaw that the government was responding with alacrity to this emergency. His version of the government's reaction looked pretty good -- for him.
He's the action figure who alerted some officials, contacted all the citizens involved, helped get the employee fired and started an investigation.
What he left out of the story was the fact that the government knew about this for months, and did nothing. Stewart skated right past the central point -- government officials have been aware for seven months that the privacy of 1,400 people had been violated. And they only started acting on the emergency last month.
Confronted with this yesterday, Stewart offered some explanations that are nothing short of baffling.
"The reality is, I as minister responsible, when I found out about it, I immediately asked my staff . . . to make an investigation into the matters as to the timelines and why in fact it had taken as long as it did."
So the investigation isn't just about the employee. It's about why nobody bothered to tell the minister responsible about the breach for several months. That's quite a refinement on the original version.
Stewart also said: "One of the things about the dates in this thing is that nobody is exactly clear in terms of what actually transpired from when the RCMP first made their discovery of these records."
Well, why on earth not?
It looks like some scam artist was interrupted while trying to run a con of some sort. RCMP nabbed him and told the government about it. And the government did nothing for months on end, other than continue employing and paying the suspect right up until last month.
Meanwhile, the personal ID information of 1,400 clients went God knows where. It doesn't look like illicit use was made of it. But it sure wasn't for lack of opportunity.
Why was the guy kept on the payroll? Why did it take so long? What was the government doing?
There must be some answers. But you likely won't get them for a while. Because we've got a privacy law.
Just So You Know: The ministry sent a letter to the individuals involved.
It's a gracious, heartfelt apology with an assurance that the government is working hard to correct the problem.
Only some of the letters went to the wrong people. So people who got letters addressed to other people were advised to send them back, or destroy them.

Social networking for lawyers seminar

2009-11-26T09:27:00.001-04:00

Some readers of this blog may be interested in this seminar that I'm giving for the Nova Scotia Barristers Society in a couple of weeks. Those who aren't lucky enough to be in Halifax can attend by webinar:

NSBS - Development
Lunch & Law: Social Networking in a Global Market
Wednesday, December 9, 2009
Lunch & Law - Social Networking in a Global Market: Marketing Strategies for Lawyers
Nova Scotia Barristers' Society - Continuing Professional Development Wednesday, December 9, 2009, 12:00 - 1:30 pm
Location: CPD Center, Suite 408, 1645 Granville Street, Halifax
View PDF
The Program: New technologies provide a plethora of unique opportunities for lawyers to raise their profiles and reach new clients.
Join David T.S. Fraser of McInnes Cooper who will provide an overview of blogs, social networking websites and other innovative means of marketing your law practice.
Even if blogs, Facebook, LinkedIn, and Twitter leave you scratching your head and wondering what it's all about, this seminar will provide practical insight into these dynamic marketing channels.
David will also explore the issues of associated ethics challenges based on the CBA's new Guidelines for Ethical Marketing Practices Using New Information Technologies.
Don't miss this unique opportunity to learn the latest and greatest trends in marketing your legal practice.
Register online - If you do not already have a username and password, (or to activate your account), please contact Pierre Benoit at (902) 422-1491. Outside of Metro? Please register and join us via conference call. There are no cancellations for this program; substitutions are welcome.
Fee: $40 per person plus tax (lunch included)
Can't travel to Halifax? Why not join us from the comfort of your office!
Webinar/Teleconference option is available. Fee is $40 plus tax (includes long-distance charges). Instructions will be emailed one day in advance.

Feel free to pass this along to anyone who may be interested. You can share the invitation on Facebook via the event page, which is here.