News

  • – 2015-05-14 –

    Cloudmark's recently issued 2015 Q1 Security Threat Report demonstrates the initial effectiveness of the recently enacted Canadian Anti-Spam & Spyware Law (CASL), SC 2010, c. 23, in reducing the amount of unwanted spam in email boxes in Canada and abroad. In the 8 months following the coming into force of the law, the report notes a 29% reduction in the average amount of spam received by Canadians each month. It notes an even more significant 37% reduction in spam sent from Canada to the United States. The larger reduction in US-bound spam is unsurprising, as Canada (who was one of the last countries in the developed world to finally adopt an anti-spam law) had become a spam haven, with 78% of all Canadian spam being US bound. By contrast, only about 50% of spam received by Canadians is from the United States, which has regulated spam to some degree for many years.

    With respect to Canadian-received spam, the report notes that only about 17% of unwanted spam email received by Canadians relates to fraudulent "bootleg pharmaceuticals, diet pills and adult services." This amount of spam was reduced by about 5% in the months since CASL came into force (29% overall reduction x 16% of all spam). The most marked reduction, however, was from 'grey area' marketers, which the report describes as "unscrupulous email marketers" who "grow[] their mailing lists by co-marketing or easy-to-miss opt out checkboxes." The 24% reduction in this brand of unwanted email spam (which the report terms as 'legitimate' because it is legal under U.S. spam laws) affirms that the broader approach to spam adopted by CASL is necessary to make any meaningful inroads in spam reduction. CASL adopted a definition of 'spam' that allows Canadians to decide for themselves what emails they do or do not want to receive, whereas the US anti-spam law relies on easy to abuse 'opt out checkboxes'. And Canadians have taken to the law in droves, with the CRTC receiving an unprecedented 47,000 plus complaints against unwanted emails in just the first month after CASL came into effect.

  • – 2015-05-05 –

    The CRTC released its long anticipated vision for the future of wholesale wireless today. The decision is noteworthy for its recognition of the market concentration inherent in Canada's mobile markets. Historically, mobile services were forborne, meaning that the Commission held back several of its most potent regulatory tools. The mobile industry is highly concentrated and susceptible to risk of coordinated activities. As CIPPIC (on behalf of OpenMedia) demonstrated in its submission to the proceeding, this has led to high prices, some of the lowest mobile adoption rates in the developed world and minimal service innovation. Even in their own advertisements, some incumbents are hard pressed to differentiate themselves from their competitors on price and quality! The Commission recognized this, and reapplied its full regulatory powers to mobile wireless.

    However, the CRTC adopted a disappointingly minimalist approach in doing so. It mandated cost-based roaming, a move that will improve the ability of existing new entrants into the mobile market such as WIND to compete more effectively. Historically, these new entrants were prevented from offering their customers compelling services because the moment a customer stepped outside the entrant's service area, they faced extreme roaming rates. The CRTC decision improves on this state of affairs, allowing new entrants to compete far more effectively as they take the time to build out their national networks. The CRTC did not, however, adopt other important measures such as mandating wholesale access in general and MVNO access in particular. Mandating wholesale access is necessary to facilitate a truly competitive landscape that is not bound by finite spectrum availability, and stimulates investment in radio access network equipment. Mandating MVNO access is necessary to facilitate market innovations such as international roaming and to expand highly underdeveloped Canadian niche markets such as pre-paid. While taking some important steps towards fixing Canada's mobile market, it is disappointing that the CRTC did not go further in spite of its recognition that the market is concentrated and in need of more competition.

  • – 2015-04-30 –

    CIPPIC, OpenMedia and Canadian Journalists for Free Expression have released a primer on Bill C-51, the government's latest initiative to expand its state security apparatus. As the primer explains the Bill, which has been opposed from broad segments of Canadian society, signals a dramatic new direction for Canadian security. Presented as anti-terror legislation, the Bill adopts an excessive approach that will harm online innovation, political discourse and our civil liberties. It will reverse Canada’s rich multicultural heritage and replace it with an atmosphere of fear, distrust and racial profiling – where neighbours are encouraged to turn on neighbours on the basis of ‘reasonable fears’. The Bill was drafted and defended in an atmosphere openly hostile to civil liberties, and this is reflected in every element of it. One element of the Bill even seeks to allow our spy agencies to violate the Charter of Rights and Freedoms – our most vital protection against egregious state intrusion into our lives. It signals a return to a time when our security agencies were empowered to carry out dirty tricks against our citizens – and did so with impunity.

    It fails to address long standing and well-documented problems with Canada’s already excessively broad security powers, the misuse of which has led to the torture, detention, flight restriction and privacy invasion of many innocent Canadians since they were introduced post 9/11. Innocent Canadians’ lives have been ruined. This Bill not only fails to remedy those flaws, it replicates and expands the underlying problems without adding any meaningful safeguards to ensure the expansive powers it grants will not be similarly abused. It is little wonder that few who have carefully examined the Bill can fully support it in its current form. In spite of this, the government is currently rushing the Bill through not just one house of parliament, but both.

  • – 2015-04-30 –

    CIPPIC Project to Examine Privacy Implications of Open Data

    CIPPIC has been awarded a grant from the Office of the Privacy Commissioner of Canada 's Contributions Program.  CIPPIC's project, called "Open Data, Open Citiziens", will examine government open data policies and the commercial exploitation of open data by the private sector with a view to assessing implications for Canadians’ privacy.  

  • – 2015-04-22 –

    CIPPIC and a number of other civil society groups and experts has put out an open letter to Industry Minister James Moore, highlighting a roadmap for how to fix a number of loopholes in Canada's Notice-Notice copyright regime. The Notice-Notice regime was enacted with the objective of creating a minimally intrusive mechanism for rights holders to contact alleged infringers. However, it is being exploited by some rights holders to send settlement demands that are unreasonable. Typical abusive notices include extravagant demands for damages well in excess of what would be available under Canada's Copyright Act, and might be sent without meaningful corroboration that the threatened recipient is actually the rights infringer. Some also include threats that the recipient will have her Internet access account terminated if they do not pay up. Third parties often flood ISPs with notices in a 'scattershot' approach not designed to facilitate an actual lawsuit based on proof of wrongdoing, but rather to encourage recipients to pay in order to make the matter go away - a highly questionable monetization technique. While rights infringers should not be able to hide behind ISPs in order to justify conduct, the current model is being abused to inappropriately threaten individuals who, often, have done nothing wrong at all.

  • – 2015-03-24 –

    Bill S-4, the Digital Privacy bill, introduces amendments to PIPEDA, Canada's federal commercial sector privacy law. The Bill, a result of PIPEDA's first five year review conducted in 2006, introduces some far overdue improvements to Canada's privacy protection toolset at a time when privacy has never faced greater challenges. These include the adoption of a breach notification regime which would obligate companies to notify customers (as well as the Privacy Commissioner) whenever a privacy breach can place affected individuals at risk of significant harm, and the adoption of more robust consent obligations. However, as CIPPIC pointed out in its testimony and response to follow-up questions, the framework adopted by Bill S-4 in addressing these issues is flawed. The data breach notification regime in particular will fail to instill incentives for better security safeguards as it only applies to breaches that pose a significant threat of harm to affected individuals. Yet the reality of security breaches is that it will often be highly uncertain whether data was even exposed, meaning many serious breaches will go unreported. Moreover, even trivial breaches that do not pose a specific risk to individuals are often indicative of a general laxity in technical safeguards. These too will remain unreported.

    Of greater concern, the Bill also includes a number of troubling exceptions that would expand the conditions under which organizations can hand over sensitive customer information to third parties. One exception would allow ISPs, online blogging discussion fora, social media sites and others to help companies trying to sue their customers by handing over sensitive customer information. It also allows for nigh unlimited information-sharing in the context of a cybersecurity breach. Such breaches often implicate immense amounts of sensitive data. The PIPEDA amendments fail to impose any obligations for companies dealing with a breach to minimize privacy impact when handing over these data troves. Additionally, our national security agencies are increasingly implicated in domestic security breaches, yet Bill S-4 does nothing to prevent them from repurposing the data troves they receive for security breaches into general security information and keeping it indefinitely. As such, there is serious concern that the emails, financial/banking information, health data, and other sensitive information that is commonly implicated in data breaches will simply be rolled in to these security agencies general profiling activities and ultimately used against the individuals who the data breach notification regimes is supposed to protect. Indeed, Bill C-51, currently being rushed through both houses of parliament at once, will make it even easier by removing barriers to 'all of government' information sharing for cybersecurity purposes.

  • – 2015-03-12 –

    CIPPIC is intervening an important Supreme Court case about copyright and technological neutrality. CBC v SODRAC concerns royalties payable by broadcasters for digital copies of music embedded in the production and broadcast of television programs. The Court’s decision could have implications for the way in which all Canadians access and pay for digital content, including music, movies and television programs, e-books, and many other online materials.  Professor Jeremy de Beer and CIPPIC Director David Fewer will appear in the case on behalf of CIPPIC. The hearing takes place on Monday, March 16, 2015, and will be webcast. Common Law students Jillian Brenner, Chelsey Colbert, Parineeta Chahal, Tracey Doyle, Laura Garcia, Grace Ko, Laura MacDonald, Samantha Peters, Sadegh Fattah, Laura Garcia and Mayuran Sivagurunathan have all assisted in preparations for the case.

  • – 2015-03-04 –

    The CIPPIC Summer Internship Program offers outstanding law students an unequaled opportunity to work on cutting edge research and advocacy issues related to law and technology. CIPPIC advocacy typically involves submission of briefs to government and other policy-makers, intervention in precedent-setting cases before judicial and quasi-judicial tribunals, provision of public legal education resources, publication of reports, participation in multi-stakeholder policy-making forums, provision of expert testimony before parliamentary committees, and advising under-represented organizations and individuals on relevant public interest issues.

    Working closely with CIPPIC lawyers, interns learn how to be effective researchers, policy analysts, and advocates while contributing to public interest policy and law reform in such areas as copyright law, privacy, online consumer protection, telecommunications regulation, net neutrality, free speech and civil liberties on the Internet.Interns may additionally have opportunities to attend conferences and workshops such as the CIPPIC summer speaker series and to participate in other aspects of the Centre for Law, Society, & Technology.

  • – 2015-02-11 –

    CIPPIC has been granted leave to intervene before the Supreme Court of Canada in CBC v. SODRAC.  The case involves the interpretation of the reproduction right and its application to so-called "ephemeral copies" - copies of works for the purposes of facilitating the creation and transmission of broadcasts.  CIPPIC's intervention will focus on the role of the principle of technological neutrality in interpreting the reproduction right.

  • – 2015-01-29 –

    Data Privacy Day (a.k.a. Data Protection Day) 2015 marked a range of developments - some good, some bad, all significant. Data Privacy Day is celebrated annually to commemorate the world's first data protection treaty: the Council of Europe's Convention 108. This year, the day began with a series of startling revelations from CBC, which released documents acquired through former NSA Analyst Edward Snowden detailing a comprehensive electronic surveillance program that monitored various file upload sites around the world. The program, implemented by Canada's foreign intelligence agency, CSEC, involved combing through its comprehensive meta-data-bases in order to identify individuals uploading or accessing 'questionable' documents on sites such as MegaUpload and Rapidshare. Visitors to such documents are then subjected to intense meta-data-scrutiny in order to find their identity through such things as Facebook and email login cookies. Aside from the millions of documents tracked by the program daily, the program demonstrates an immensely invasive capacity that can emerge from mere analysis of the metadata held by CSEC and its Five EYEs partners. Far from acknowledging these concerns, we expect more of the same, with State promises to introduce expanded lone wolf surveillance powers this Friday.

    Some tentatively promising developments from APEC also came this week. CIPPIC had endorsed a letter sent by a number of privacy groups in late December pointing to several issues with APEC's certification of TRUSTe as an accountability agent capable of overseeing compliance with APEC obligations for the purpose of receiving personal data transfers from other APEC member states such as Canada. This week, APEC and TRUSTe addressed a number of the concerns, but left a few (particularly those relating to conflicts of interest between TRUSTe board members and some of the commercial organizations it is tasked with overseeing) outstanding. In brighter news, the Mexican data protection authority announced it would be officially signing the International Principles on the Application of Human Rights to Communications Surveillance (IPAHRCS-es for short!), designed to provide comprehensive suggestions on how to conduct electronic surveillance in a targeted and privacy respective manner. The IPAHRCS have now been endorsed by over 480 international organizations, experts and government officials. An eventful data privacy day, for better or worse!