News

  • – 2015-04-22 –

    CIPPIC and a number of other civil society groups and experts has put out an open letter to Industry Minister James Moore, highlighting a roadmap for how to fix a number of loopholes in Canada's Notice-Notice copyright regime. The Notice-Notice regime was enacted with the objective of creating a minimally intrusive mechanism for rights holders to contact alleged infringers. However, it is being exploited by some rights holders to send settlement demands that are unreasonable. Typical abusive notices include extravagant demands for damages well in excess of what would be available under Canada's Copyright Act, and might be sent without meaningful corroboration that the threatened recipient is actually the rights infringer. Some also include threats that the recipient will have her Internet access account terminated if they do not pay up. Third parties often flood ISPs with notices in a 'scattershot' approach not designed to facilitate an actual lawsuit based on proof of wrongdoing, but rather to encourage recipients to pay in order to make the matter go away - a highly questionable monetization technique. While rights infringers should not be able to hide behind ISPs in order to justify conduct, the current model is being abused to inappropriately threaten individuals who, often, have done nothing wrong at all.

  • – 2015-03-24 –

    Bill S-4, the Digital Privacy bill, introduces amendments to PIPEDA, Canada's federal commercial sector privacy law. The Bill, a result of PIPEDA's first five year review conducted in 2006, introduces some far overdue improvements to Canada's privacy protection toolset at a time when privacy has never faced greater challenges. These include the adoption of a breach notification regime which would obligate companies to notify customers (as well as the Privacy Commissioner) whenever a privacy breach can place affected individuals at risk of significant harm, and the adoption of more robust consent obligations. However, as CIPPIC pointed out in its testimony and response to follow-up questions, the framework adopted by Bill S-4 in addressing these issues is flawed. The data breach notification regime in particular will fail to instill incentives for better security safeguards as it only applies to breaches that pose a significant threat of harm to affected individuals. Yet the reality of security breaches is that it will often be highly uncertain whether data was even exposed, meaning many serious breaches will go unreported. Moreover, even trivial breaches that do not pose a specific risk to individuals are often indicative of a general laxity in technical safeguards. These too will remain unreported.

    Of greater concern, the Bill also includes a number of troubling exceptions that would expand the conditions under which organizations can hand over sensitive customer information to third parties. One exception would allow ISPs, online blogging discussion fora, social media sites and others to help companies trying to sue their customers by handing over sensitive customer information. It also allows for nigh unlimited information-sharing in the context of a cybersecurity breach. Such breaches often implicate immense amounts of sensitive data. The PIPEDA amendments fail to impose any obligations for companies dealing with a breach to minimize privacy impact when handing over these data troves. Additionally, our national security agencies are increasingly implicated in domestic security breaches, yet Bill S-4 does nothing to prevent them from repurposing the data troves they receive for security breaches into general security information and keeping it indefinitely. As such, there is serious concern that the emails, financial/banking information, health data, and other sensitive information that is commonly implicated in data breaches will simply be rolled in to these security agencies general profiling activities and ultimately used against the individuals who the data breach notification regimes is supposed to protect. Indeed, Bill C-51, currently being rushed through both houses of parliament at once, will make it even easier by removing barriers to 'all of government' information sharing for cybersecurity purposes.

  • – 2015-03-12 –

    CIPPIC is intervening an important Supreme Court case about copyright and technological neutrality. CBC v SODRAC concerns royalties payable by broadcasters for digital copies of music embedded in the production and broadcast of television programs. The Court’s decision could have implications for the way in which all Canadians access and pay for digital content, including music, movies and television programs, e-books, and many other online materials.  Professor Jeremy de Beer and CIPPIC Director David Fewer will appear in the case on behalf of CIPPIC. The hearing takes place on Monday, March 16, 2015, and will be webcast. Common Law students Jillian Brenner, Chelsey Colbert, Parineeta Chahal, Tracey Doyle, Laura Garcia, Grace Ko, Laura MacDonald, Samantha Peters, Sadegh Fattah, Laura Garcia and Mayuran Sivagurunathan have all assisted in preparations for the case.

  • – 2015-03-04 –

    The CIPPIC Summer Internship Program offers outstanding law students an unequaled opportunity to work on cutting edge research and advocacy issues related to law and technology. CIPPIC advocacy typically involves submission of briefs to government and other policy-makers, intervention in precedent-setting cases before judicial and quasi-judicial tribunals, provision of public legal education resources, publication of reports, participation in multi-stakeholder policy-making forums, provision of expert testimony before parliamentary committees, and advising under-represented organizations and individuals on relevant public interest issues.

    Working closely with CIPPIC lawyers, interns learn how to be effective researchers, policy analysts, and advocates while contributing to public interest policy and law reform in such areas as copyright law, privacy, online consumer protection, telecommunications regulation, net neutrality, free speech and civil liberties on the Internet.Interns may additionally have opportunities to attend conferences and workshops such as the CIPPIC summer speaker series and to participate in other aspects of the Centre for Law, Society, & Technology.

  • – 2015-02-11 –

    CIPPIC has been granted leave to intervene before the Supreme Court of Canada in CBC v. SODRAC.  The case involves the interpretation of the reproduction right and its application to so-called "ephemeral copies" - copies of works for the purposes of facilitating the creation and transmission of broadcasts.  CIPPIC's intervention will focus on the role of the principle of technological neutrality in interpreting the reproduction right.

  • – 2015-01-29 –

    Data Privacy Day (a.k.a. Data Protection Day) 2015 marked a range of developments - some good, some bad, all significant. Data Privacy Day is celebrated annually to commemorate the world's first data protection treaty: the Council of Europe's Convention 108. This year, the day began with a series of startling revelations from CBC, which released documents acquired through former NSA Analyst Edward Snowden detailing a comprehensive electronic surveillance program that monitored various file upload sites around the world. The program, implemented by Canada's foreign intelligence agency, CSEC, involved combing through its comprehensive meta-data-bases in order to identify individuals uploading or accessing 'questionable' documents on sites such as MegaUpload and Rapidshare. Visitors to such documents are then subjected to intense meta-data-scrutiny in order to find their identity through such things as Facebook and email login cookies. Aside from the millions of documents tracked by the program daily, the program demonstrates an immensely invasive capacity that can emerge from mere analysis of the metadata held by CSEC and its Five EYEs partners. Far from acknowledging these concerns, we expect more of the same, with State promises to introduce expanded lone wolf surveillance powers this Friday.

    Some tentatively promising developments from APEC also came this week. CIPPIC had endorsed a letter sent by a number of privacy groups in late December pointing to several issues with APEC's certification of TRUSTe as an accountability agent capable of overseeing compliance with APEC obligations for the purpose of receiving personal data transfers from other APEC member states such as Canada. This week, APEC and TRUSTe addressed a number of the concerns, but left a few (particularly those relating to conflicts of interest between TRUSTe board members and some of the commercial organizations it is tasked with overseeing) outstanding. In brighter news, the Mexican data protection authority announced it would be officially signing the International Principles on the Application of Human Rights to Communications Surveillance (IPAHRCS-es for short!), designed to provide comprehensive suggestions on how to conduct electronic surveillance in a targeted and privacy respective manner. The IPAHRCS have now been endorsed by over 480 international organizations, experts and government officials. An eventful data privacy day, for better or worse!

  • – 2014-12-11 –

    The Supreme Court of Canada issued its decision in R. v. Fearon, 2014 SCC 77, today, which addressed whether law enforcement could indiscriminately search mobile devices of individuals upon arrest. Whereas the Charter requires prior judicial authorization based on reasonable grounds in most instances, law enforcement are granted more latitude when searching individuals under arrest. The question in Fearon (and in a similar appeal heard by the United States Supreme Court around the same time - Riley v. California, 134 St.Ct. 2473 (2014)), was whether this broad rule should be applied to mobile devices given the rich amounts of information contained on these devices. In its intervention, CIPPIC argued that the breadth of the power to search on arrest combined with the ubiquitous use and far-ranging data contained on mobile devices will leave few instances where law enforcement cannot rummage through cell phones.

    While acknowledging the high privacy interest in mobile devices requires limiting access on arrest to situations where an immediate investigative purpose exists, a split decision of the court provided wide latitude for law enforcement to scour mobile data receptacles on arrest in many if not most instances. This is because, as noted by the dissent, mobile devices are implicated in most of our activities, so law enforcement will almost always be able to advance a general prospect that such a device might yield evidence of a witness, co-conspirator, or object of crime. Similarly, as noted by the dissent, while not each search of a mobile device will reveal sensitive information, the knowledge of an impending search is likely to have a chilling effect on mobile device use and, in those instances where an invasion occurs, there will not be an opportunity to remedy the issue ex post. In spite of this, the majority found that law enforcement objectives must prevail. The decision appears at odds with a string of supreme court decisions upholding additional protections for data receptacles, as well as with the United States jurisprudence. In the US, a concern for officer safety and the need to prevent destruction of evidence has, historically, motivated a search on arrest rule as broad as Canada's, but as the US Supreme court recently found in Riley/Wurie​, this rule does not extend to mobile devices.

  • – 2014-12-08 –
    The Federal Court has heard Teksavvy's motion for "all reasonable legal costs, administrative costs and disbursements" arising from voltage's order that Teksavvy disclose the identies of those of its subscribers whose IP addresses Voltages alleges that it has identified downloading copyright materials.  The motion springs from Prothonotary Aalto's February 20, 2014, decision granting Voltage a Norwich order compelling Teksavvy to provide requested subscriber information provided that certain conditions and safeguards were met.  One of those conditions involved Voltage's payment of Teksavvy's "reasonable legal costs, administrative costs and disbursements".  Teksavvy has submitted a bill of costs in the amount of $346,480.68.  voltage opposes the amount as "outrageous".
     
    Teksavvy's Record
  • – 2014-11-12 –

    CIPPIC appeared before the Federal Court of Appeal today, on behalf of OpenMedia.ca, arguing for the timely application of a Wireless Consumer Protection Code developed by the CRTC and imposed on providers of mobile services. The appeal, lodged by a number of mobile service providers, seeks to delay the application of the Wireless Code for existing service contracts until the term of those contracts expires (the standard term for wireless service contracts is three years). The argument is that the CRTC does not have the legislative authority to impose the protections in the Wireless Code onto pre-existing consumer contracts because this constitutes an interference with vested rights. CIPPIC argued that, first of all, there is no interference with vested rights as the Wireless Code primarily focuses on mitigating future penalties (by, for example, limiting the penalties a service provider can impose on a customer for leaving a service term early). Moreover, given the important and central objective of preventing 3 year customer lock-out to the proper functioning of the comprehensive regulatory regime entrusted to the CRTC, the regulator has the legislative power to interfere with vested rights if it is reasonable to do so.

    For more information, see our resource page for Bell et al. v. Amtelecom et al.: https://cippic.ca/telecom/Bell_v_Amtelecom_Wireless_Code_Appeal

  • – 2014-09-12 –

    CIPPIC attempted to intervene in Equustek Solutions Inc. v. Google Inc., an appeal from an order of the British Columbia Supreme Court that addressed the use of innocent third party intermediaries (in this instance Google) as rights enforcement tools. The decision set a new standard for when such intermediaries can be used as enforcement tools, as well as with respect to the global reach of resulting enforcement remedies. It involved an order mandating Google to remove access to content not just from its Canadian sites, but globally, in effect imposing Canadian law onto the world. The impact of this ruling, if upheld, is far-reaching. In its application to innocent third parties who have done no wrong, it places Internet intermediaries (entities such as ISPs, search engines, websites hosts, social networking sites, domain name registrars - the infrastructure of the Internet) at the disposal of any party looking for a shortcut to enforcing its rights. This case involved a trade secrets dispute, but it is clear this new takedown/censorship power is intended to be of general application and will be available in copyright disputes, defamation disputes, or any other lawsuits.

    Second, the global reach of the order is similarly problematic. The actions in question may well have contravened Canadian trade secret laws, but this cannot be presumed to be the case for all jurisdictions around the world. More importantly, the court held that jurisdiction over Google is equivalent to jurisdiction over the intermediary's global activities in spite of the fact that 95% of its Canadian search traffic occurs through the google.ca portal. As a matter of comity, issuing such an order implies that a Canadian court must respect a similarly constituted foreign order (and, by extension, that foreign courts are encouraged to issue similarly constituted orders). This will mean, in effect, that Canadians could well be deprived of access to content that is legal under Canadian law, but not under foreign law. It will be left to Canadians to then go to foreign courts and attempt to seek an exemption for Canada - a costly process that is unlikely to be undertaken with any degree of regularity. CIPPIC was denied intervention status.