News

  • - 2015-11-18 -

    CIPPIC testified today before a special committee established by the BC Legislative Assembly in order to review the Freedom of Information and Protection of Privacy Act (FIPPA), the data protection statute regulating the British Columbia government's use of personal information. CIPPIC was specifically asked to provide expert testimony on recent trade commitments undertaken by the federal government in its adherence to the Trans-Pacific Partnership Agreement and, specifically, on potential implications of these commitments for cross-border privacy protections in FIPPA. Recent trade commitments adopted in the TPP could be used to challenge protections in BC FIPPA and specifically section 30.1, which was enacted to safeguard some BC citizen data against cross-border data export that would expose this data to expansive foreign state surveillance powers. While TPP measures could be used to challenge restrictions on foreign data storage implemented further to section 30.1, these restrictions could be justified if shown to be necessary to achieve a clearly articulated legitimate objective such as privacy protection.

    CIPPIC's testimony highlighted the problems that arise where Canadian data crosses borders and is directly exposed to the limitless powers of foreign intelligence signals agencies. While Canada's own Communications Security Establishment (CSE) enjoys comparably unchecked powers that are insufficiently restrained in their impact on Canadian's privacy, Canadians enjoy some minimal protections when their own protections are caught in the web of its inherently foreign facing surveillance activities. Canadians enjoy no such protections when their data is exposed to other nations' foreign intelligence agencies, such as the US National Security Agency, which reportedly collects 100 million independent data points from US-based computer service providers in an average day. Data retained by the NSA includes highly sensitive information on individuals known not to be targets of any investigation. The ability to restrict some Canadian data from flowing abroad, while these agencies have expansive capabilities that could be used to harvest data from Canadian-based servers as well, preventing some types of Canadian data from flowing to the United States can render its acquisition by foreign agencies more difficult.

  • - 2015-07-16 -

    Canada's federal, provincial and territorial Information and Privacy Commissioners are calling for nominations for the Grace-Pépin Access to Information Award, which will honour and recognize the efforts of individuals or groups who have demonstrated an exceptional contribution to Access to Information rights in Canada. Nominees are judged based on the significance, implementation and impact of their work on the Canadian Access to Information right. The award could not be more timely, as Canada's aging Access to Information regime (which has not been substantially reformed since its introduction over 30 years ago) is in dire need of reform to bring it into the digital age. 

    The award also honours and commemorates its eponymous Commissioners, John Grace, former Information Commissioner of Canada, and Marcel Pépin, president and founder of the Commission d'accèss à l'information du Québec. It is typically presented during Right to Know week, celebrated each year in September. Nominations are due August 31, 2015​. More details on the nomination process and requirements are available here (FR). To submit a nominee, fill out this form here (FR).

  • - 2015-06-05 -

    Monday, June 15, at 6pm CIPPIC, Amnesty International Canada & the Ottawa Public Library will host a free public screening of CitizenFour. The documentary explores how former National Security Agency contractor Edward Snowden approached reporters Laura Poitras (who also directed the Academy Award winning documentary), Glenn Greenwald and others with a treasure trove of classified documents exposing the shear unprecedented scope and magnitude of the NSA's monitoring of the world's digital activities. This, in turn, launched an international debate about the protection of privacy in the digital age and the appropriate role of our foreign intelligence agencies.

    Today marks the two year anniversary of the day the Guardian first reported on an NSA program that mandated Verizon and other US-based telecommunications companies to hand over metadata on all phone calls (domestic and foreign) on a regular basis in order to populate a metadata base that it could data-mine at will as part of its foreign intelligence program. The story sent ripples around the globe, and last week the US congress greatly restricted it by limiting the NSA's surveillance powers for the first time in decades. But the expansive metadata program, it turned out, was just the tip of the iceberg as a string of revelations from Snowden's files followed, each more staggering than its predecessor and confirming privacy advocate's worst predictions (CJFE hosts a searchable archive of these). We have also learned much about Canada's complicity (by its participation in the Five Eyes intelligence partnership with the US, UK, Australia & New Zealand) in creating this global web of surveillance. The film is a must-see for any privacy advocate, as well as for anyone who wants to learn about Snowden's experience or how our communications networks are monitored. Join us June 15! More details after the jump or download the event flyer

  • - 2015-05-20 -

    The Federal Court of Appeal issued its ruling in Bell Canada v. Amtelecom, 2015 FCA 126, which challenged the implementation of the CRTC's wireless consumer protection code. The Code was put in place by the CRTC out of recognition that Canadian customers of mobile services were not adequately protected by the existing regime. It sought to improve the state of affairs by granting customers comprehensive rights, overseen by the CCTS, including an important provision that limited service providers from locking Canadians out of the wireless market for three years at a time and thereby hindering competition. The protections in the Code were to apply to all customers two years from the day the Code was issued, including to those customers who were still locked in to pre-existing three year contracts. However, a number of providers appealed the decision, arguing that the CRTC lacked the power to protect customers until their existing contractual terms expired. Specifically, these Appellants argued that by restricting the length of wireless contracts to two years and limiting the penalties a wireless provider could impose onto customers for switching providers early, the CRTC impermissibly interfered with vested rights retrospectively by preventing them from recovering the cost of subsidized mobile devices.

    In its arguments to the Federal Court of Appeal CIPPIC, representing OpenMedia, argued that the Code was actually future-facing (not retrospective) and that, regardless, the CRTC had the regulatory authority to interfere with past vested rights. The switching costs imposed on customers for moving to another provider early -- out of frustration with the service or because better deals emerged in the market -- were in reality penalties imposed on customers for future actions. This is borne out by the record of the proceeding, where a number of service providers testified that these penalties were a means of minimizing churn (preventing customers from moving to a competitor) not a means of recouping mobile device costs. Many of these penalties exceeded the value of any device, which is the reason the CRTC regulated the amount of early termination fees, forcing providers to tie these to device subsidies. More importantly, the CRTC is entrusted with overseeing a comprehensive regulatory regime that requires the balancing of complex policy objectives in a highly specialized environment. It would be impossible if not impractical for the CRTC to carry out its task without the ability to interfere with vested rights. In a carefully thought out decision, the Federal Court of Appeal found that the Wireless Code did in fact interfere with vested rights retrospectively, but that the CRTC was empowered to do so as long as it acted reasonably which, in this instance, it did. As a result, all Canadians, including those who are currently stuck in three year contracts, will be able to benefit from the Code's protections as of June 3, 2015. This includes the ability to leave a service contract without penalty 24 months from the day the contract began. For more information, see our resource pages on the Wireless Code and on our intervention in Bell v. Amtelecom.

  • - 2015-05-18 -

    CIPPIC has joined over 65 civil society organizations from around the world in an open letter to Mark Zuckerberg regarding its Internet.org initiative. Internet.org is Facebook's portal for mobile Internet access in developing countries. The portal is essentially a mobile app through which individuals can access other Internet sites, after first passing through Facebook's servers. The portal is zero rated, meaning that Facebook has entered into deals with wireless providers around the world that exclude Internet.org usage from data charges. While Facebook presents this as an altruistic initiative designed to get the next 3 billion Internet users connected, many have questioned whether it is truly altruistic or simply an attempt to place Facebook at the centre of the future Internet, establishing it as gatekeeper to downstream content and innovation. Meanwhile, the initiative detracts from other charitable efforts designed to provide true connectivity capacity in developing countries and, as domestic telcos are forced to shoulder the costs of the initiative, it is not clear what benefit Facebook provides to developing countries at all.

    Regardless of its motivation, Facebook's Internet.org leaves much to be desired. Where it is active, individuals already think of Facebook as 'the Internet'. However, the Internet provided by Facebook is a highly curated environment, which only allows sites pre-approved by Facebook that operate on Facebook's terms. In this sense, it threatens the expressive and innovative force of the Internet, which has always relied on the capacity to innovate and express without permission. It is, indeed, this 'innovation without permission' model that allowed Facebook itself to supplant MySpace as the world's leading social networking site - Facebook's ability to reach its audience was not dependent on MySpace's (or anyone else's) permission. Additionally, all Internet.org traffic passes through Facebook's servers, raising concerns it will in time feed into Facebook's broader profiling activities while acting as a one-stop hub for state censorship initiatives. Internet.org simply comes with too many strings attached.

  • - 2015-05-14 -

    Cloudmark's recently issued 2015 Q1 Security Threat Report demonstrates the initial effectiveness of the recently enacted Canadian Anti-Spam & Spyware Law (CASL), SC 2010, c. 23, in reducing the amount of unwanted spam in email boxes in Canada and abroad. In the 8 months following the coming into force of the law, the report notes a 29% reduction in the average amount of spam received by Canadians each month. It notes an even more significant 37% reduction in spam sent from Canada to the United States. The larger reduction in US-bound spam is unsurprising, as Canada (who was one of the last countries in the developed world to finally adopt an anti-spam law) had become a spam haven, with 78% of all Canadian spam being US bound. By contrast, only about 50% of spam received by Canadians is from the United States, which has regulated spam to some degree for many years.

    With respect to Canadian-received spam, the report notes that only about 17% of unwanted spam email received by Canadians relates to fraudulent "bootleg pharmaceuticals, diet pills and adult services." This amount of spam was reduced by about 5% in the months since CASL came into force (29% overall reduction x 16% of all spam). The most marked reduction, however, was from 'grey area' marketers, which the report describes as "unscrupulous email marketers" who "grow[] their mailing lists by co-marketing or easy-to-miss opt out checkboxes." The 24% reduction in this brand of unwanted email spam (which the report terms as 'legitimate' because it is legal under U.S. spam laws) affirms that the broader approach to spam adopted by CASL is necessary to make any meaningful inroads in spam reduction. CASL adopted a definition of 'spam' that allows Canadians to decide for themselves what emails they do or do not want to receive, whereas the US anti-spam law relies on easy to abuse 'opt out checkboxes'. And Canadians have taken to the law in droves, with the CRTC receiving an unprecedented 47,000 plus complaints against unwanted emails in just the first month after CASL came into effect.

  • - 2015-05-05 -

    The CRTC released its long anticipated vision for the future of wholesale wireless today. The decision is noteworthy for its recognition of the market concentration inherent in Canada's mobile markets. Historically, mobile services were forborne, meaning that the Commission held back several of its most potent regulatory tools. The mobile industry is highly concentrated and susceptible to risk of coordinated activities. As CIPPIC (on behalf of OpenMedia) demonstrated in its submission to the proceeding, this has led to high prices, some of the lowest mobile adoption rates in the developed world and minimal service innovation. Even in their own advertisements, some incumbents are hard pressed to differentiate themselves from their competitors on price and quality! The Commission recognized this, and reapplied its full regulatory powers to mobile wireless.

    However, the CRTC adopted a disappointingly minimalist approach in doing so. It mandated cost-based roaming, a move that will improve the ability of existing new entrants into the mobile market such as WIND to compete more effectively. Historically, these new entrants were prevented from offering their customers compelling services because the moment a customer stepped outside the entrant's service area, they faced extreme roaming rates. The CRTC decision improves on this state of affairs, allowing new entrants to compete far more effectively as they take the time to build out their national networks. The CRTC did not, however, adopt other important measures such as mandating wholesale access in general and MVNO access in particular. Mandating wholesale access is necessary to facilitate a truly competitive landscape that is not bound by finite spectrum availability, and stimulates investment in radio access network equipment. Mandating MVNO access is necessary to facilitate market innovations such as international roaming and to expand highly underdeveloped Canadian niche markets such as pre-paid. While taking some important steps towards fixing Canada's mobile market, it is disappointing that the CRTC did not go further in spite of its recognition that the market is concentrated and in need of more competition.

  • - 2015-04-30 -

    CIPPIC, OpenMedia and Canadian Journalists for Free Expression have released a primer on Bill C-51, the government's latest initiative to expand its state security apparatus. As the primer explains the Bill, which has been opposed from broad segments of Canadian society, signals a dramatic new direction for Canadian security. Presented as anti-terror legislation, the Bill adopts an excessive approach that will harm online innovation, political discourse and our civil liberties. It will reverse Canada’s rich multicultural heritage and replace it with an atmosphere of fear, distrust and racial profiling – where neighbours are encouraged to turn on neighbours on the basis of ‘reasonable fears’. The Bill was drafted and defended in an atmosphere openly hostile to civil liberties, and this is reflected in every element of it. One element of the Bill even seeks to allow our spy agencies to violate the Charter of Rights and Freedoms – our most vital protection against egregious state intrusion into our lives. It signals a return to a time when our security agencies were empowered to carry out dirty tricks against our citizens – and did so with impunity.

    It fails to address long standing and well-documented problems with Canada’s already excessively broad security powers, the misuse of which has led to the torture, detention, flight restriction and privacy invasion of many innocent Canadians since they were introduced post 9/11. Innocent Canadians’ lives have been ruined. This Bill not only fails to remedy those flaws, it replicates and expands the underlying problems without adding any meaningful safeguards to ensure the expansive powers it grants will not be similarly abused. It is little wonder that few who have carefully examined the Bill can fully support it in its current form. In spite of this, the government is currently rushing the Bill through not just one house of parliament, but both.

  • - 2015-04-30 -

    CIPPIC Project to Examine Privacy Implications of Open Data

    CIPPIC has been awarded a grant from the Office of the Privacy Commissioner of Canada 's Contributions Program.  CIPPIC's project, called "Open Data, Open Citiziens", will examine government open data policies and the commercial exploitation of open data by the private sector with a view to assessing implications for Canadians’ privacy.  

  • - 2015-04-22 -

    CIPPIC and a number of other civil society groups and experts has put out an open letter to Industry Minister James Moore, highlighting a roadmap for how to fix a number of loopholes in Canada's Notice-Notice copyright regime. The Notice-Notice regime was enacted with the objective of creating a minimally intrusive mechanism for rights holders to contact alleged infringers. However, it is being exploited by some rights holders to send settlement demands that are unreasonable. Typical abusive notices include extravagant demands for damages well in excess of what would be available under Canada's Copyright Act, and might be sent without meaningful corroboration that the threatened recipient is actually the rights infringer. Some also include threats that the recipient will have her Internet access account terminated if they do not pay up. Third parties often flood ISPs with notices in a 'scattershot' approach not designed to facilitate an actual lawsuit based on proof of wrongdoing, but rather to encourage recipients to pay in order to make the matter go away - a highly questionable monetization technique. While rights infringers should not be able to hide behind ISPs in order to justify conduct, the current model is being abused to inappropriately threaten individuals who, often, have done nothing wrong at all.