News

CIPPIC has joined Mozilla, Access, Reporters Without Borders, and several other organizations in an open letter calling on Facebook to live up to its transparency promises. The letter calls out Facebook for blocking transparency tools employed by ProPublica, demanding that the platform provide API access to its promised political transparency tools.  As is now widely acknwoledged, Facebook and its various communications platforms have been leveraged by a wide range of political actors-both foreign and domestic-in their efforts to disrupt democratic processes in a number of jurisdictions around the world. Disinformation campaigns have become an instrumental force, evident in the UK's 'Vote Leave' referendum, the 2016 US Presidential elections, and the 2018 Brazilian elections which propelled far-right candidate Jair Bolsonaro to the presidency.

Against this backdrop, Facebook has undertaken various efforts to address these challenges. This has included a third-party academic body empowered to provide select academic researchers with access to elements of its content under controlled conditions. Among these is a novel 'open advertisement' mechanism designed to let individuals see all advertisements sent by a single entity through its platform. This tool is designed in part to address so-called 'dark advertising', where political actors send highly individualized and micro-targeted messages to different people based on their data-intensive profiling. Currently, only intended recipients see any given advertisement, allowing political actors to send conflicting or even discriminatory messaging with relative impunity. The problem is that Facebook has refused to provide API access to its open advertising platform, making it functionally difficult if not impossible to conduct the type of meaningful analysis necessary to meet the challenges posed by its services to democratic processes. Not only has Facebook refused to provide API access, but it has actively blocked existing tools used by ProPublica to supplement the shortcomings of its own transparency mechanisms. Meanwhile, a recent CBC study, which leveraged Twitter's API-enabled political messaging transparency tool, analyzed over 9 million tweets to demonstrate significant foreign influence in Canadian discussions surrounding pipelines and immigration. With upcoming federal elections in 2019, Canada cannot afford to be complacent about this issue.

UPDATE: Facebook has responded by committing to develop and roll out an open API for its political advertising archive. This positive step towards transparency has been met with cautious optimism.

• Read the Open Letter, penned by the Mozilla Foundation and endorsed by 37 organizations around the world, including CIPPIC: https://foundation.mozilla.org/en/campaigns/eu-misinformation/

Image Source: Yomare, "Hand Puppet Snowman", May 22, 2015, Pixabay, Pixabay License

Today, the Supreme Court of Canada issued R v Reeves, 2018 SCC 56, a decision that further entrenches Canadians' privacy expectations in computing devices while adding important nuance to the Court's jurisprudence regarding information privacy protections in shared. The decision under appeal questioned whether police can seize a shared computing device on the third party consent of a co-user.

As CIPPIC noted in its intervention, ably prepared by our co-counsel, Jill Presser and Kate Robertson, shared access to computing devices is routine feature of modern life. Often this shared access occurs without explicit individual awareness -- a trend only likely to increase with the plethora of emerging smart home devices. Allowing one roommate, partner or other co-habitant to unilateral waive privacy protection could allow the state to intervene into highly private spaces with minimal safeguards in place. Low-income individuals [para 44] and individuals subjected to technology-facilitated abuse [para 23] by their intimate partners could disproportionately face the brunt of these negative impacts. In rejecting such a paradigm, Madam Justice Karakatsanis (writing for the majority) correctly held that privacy rights must survive the pragmatic risk associated with such routine living arrangements:

I cannot accept that, by choosing to share our computers with friends and family, we are required to give up our Charter protection from state interference in our private lives. We are not required to accept that our friends and family can unilaterally authorize police to take things that we share. The decision to share with others does not come at such a high price in a free and democratic society. [para 44]

Reeves contributes to a growing body of jurisprudence elaborating privacy protections in shared or semi-public situations, which includes last year's decisions in Marakah and Jones, as well as upcoming decisions in R v Mills, SCC File No 37518,R v Jarvis, SCC File No 37833, and R v Le, SCC File No 37971.

Image Credit: Marco Verch, "Aufkleber mit Passwort auf dem Laptop", July 24, 2018, Flickr, CC-BY 2.0

CIPPIC appeared before the Supreme Court of Canada on Thursday, December 6, on day 3 of the joint hearing on the standard of review in judicial review of administrative decisions.  uOttawa law alumni James Plotkin and Alyssa Tomkins represented CIPPIC in this hearing, and Mr. Plotkin gave oral argument.  CIPPIC's intervention focused on whether the rule of law requires courts to apply a correctness or reasonableness standard to jurisdictional questions.

• CIPPIC's Factum

The Electronic Frontier Foundation (EFF) released a timely white paper this week examining the negative implications and chilling effects that various cybercrime provisions throughout the Americas can have on coder's rights and specifically on security researchers. Entitled "Protecting Security Researcher's Rights in the Americas", the analysis explores a range of cybercrime regimes nominally intended in principle to criminalize unauthorized access to or disruption of computer systems. However, these laws have been framed so broadly as to impose a serious chilling effect on vital activity of security researchers. Drawing on the Inter-American human rights framework (of which Canada is a partial adherent), some national jurisprudence, and principles of criminal law, the paper argues for cybercrime regimes that accommodate beneficial security work. There must be latitude for non-malicious security testing, for the dissemination of critical security tools and for the responsible publication of discovered security breaches.

Sadly, current laws are framed so broadly that they have had a serious chilling effect on socially beneficial security work. Those who discover security breaches face severe legal threats and sometimes even criminal consequences for attempting to bring these to host organization's attention. The result is that security breaches are increasingly likely to remain unresolved until they are discovered by someone seeking to exploit, rather than to merely expose. The paper, to which CIPPIC provided substantive contributions, calls for clearer standards to remedy this situation.