News

The Electronic Frontier Foundation (EFF) released a timely white paper this week examining the negative implications and chilling effects that various cybercrime provisions throughout the Americas can have on coder's rights and specifically on security researchers. Entitled "Protecting Security Researcher's Rights in the Americas", the analysis explores a range of cybercrime regimes nominally intended in principle to criminalize unauthorized access to or disruption of computer systems. However, these laws have been framed so broadly as to impose a serious chilling effect on vital activity of security researchers. Drawing on the Inter-American human rights framework (of which Canada is a partial adherent), some national jurisprudence, and principles of criminal law, the paper argues for cybercrime regimes that accommodate beneficial security work. There must be latitude for non-malicious security testing, for the dissemination of critical security tools and for the responsible publication of discovered security breaches.

Sadly, current laws are framed so broadly that they have had a serious chilling effect on socially beneficial security work. Those who discover security breaches face severe legal threats and sometimes even criminal consequences for attempting to bring these to host organization's attention. The result is that security breaches are increasingly likely to remain unresolved until they are discovered by someone seeking to exploit, rather than to merely expose. The paper, to which CIPPIC provided substantive contributions, calls for clearer standards to remedy this situation.

The CRTC rejected a proposal for a mechanism that could be used to block websites accused of copyright infringement, in a definitive victory for digital innovation and free expression in Canada. As we pointed out in our joint intervention with OpenMedia, the proposal was deeply flawed for its lack of effective procedural safeguards, which could have led to the censorship of websites and online services that were not engaged in copyright infringement. The proposal also disturbed a carefully calibrated series of trade-offs that sits at the heart of Canada's balanced copyright regime and conflicted with long-standing principles of net neutrality by compelling ISPs to interfere with customer access to content. On the other hand, claims advanced in justification of the website blocking proposal dramatically overstated the harm caused by online copyright infringement. While such infringement does continue to occur, its detrimental impact does not rise to such levels as to justify the adoption of an extraordinary remedy of this sort, with its many attendant unintended impacts.

As CIPPIC/OpenMedia and many other public interest interveners urged, the CRTC denied the claim on the basis that it lacked legal authority to interfere with copyright policy by ordering extreme website blocking remedies. However, as both the government undertakes comprehensive reviews of Canada's telecommunications, broadcasting and copyright regimes, those who have most strenuously advanced this form of expedited website blocking mechanism are sure to continue to do so in these other fora.

Image Credit: CIPPIC, CC-BY 4.0, 2018

CIPPIC has filed its intervener factum in the Supreme Court in Telus v Wellman, SCC No. 37722, an important case addressing the disparate impact of mandatory arbitration clauses on consumer and business customers.  CIPPIC's argument focuses on access to justice considerations and the differing way that consumer protection laws protect consumers and other vulnerable groups encountering standard form contracts in circumstances characterized by disparities in bargaining power.

Profesor Marina Pavlovic and Cynthia Khoo (LLM Candidate and CIPPIC researcher) are acting for CIPPIC in this intervention.

• CIPPIC Factum

The Supreme Court of Canada issued its ruling in Rogers Communications Inc v Voltage Pictures LLC, 2018 SCC 38, today, the latest installment in a long series of ongoing efforts by Voltage to establish a controversial mass copyright litigation model in Canada and the first decision to meaningfully interpret Canada's notice-and-notice regime. As CIPPIC argued in its intervention, which was ably prepared by our external counsel, Jeremy de Beer and Bram Abramson, the decision under appeal discouraged ISPs from conducting rigorous quality assurance checks necessary to reduce mis-identification of customers accused of copyright infringement. It also placed the cost burden of increasingly expansive copyright litigation models on customers of ISPs. All this, in turn, jeopardizes privacy rights of mis-identified customers; exposes innocent individuals to legal threats and costly lawsuits; raises Canada's Internet access fees (already amongst the highest in the world) even higher; and undermines competition by disproportionately impacting smaller ISPs who are less able to diffuse the costs of robust quality assurance.

The ruling narrowed a prohibition, imposed by the Federal Court of Appeal, on any cost recovery for quality assurance protocols employed by ISPs when compelled to identify customers in the context of a copyright lawsuit. The court held that ISPs will be permitted to recover some (but not all) of these costs, sending the matter back to the Federal Court for determination of what specific quality assurance protocols are reasonable and non-duplicative. This, in turn, removes cost-based disincentives to adopt robust quality assurance protocols by ISPs.

Image credit: smileycreek, "Don't Feed The Trolls", October 4, 2014, Flickr, CC-BY-NC-SA 2.0.