Archive for the ‘Global standards’ Category

15 Jan 2008

Hands across the ocean


An article out of the UK this morning reports that the U.S. FBI is considering the development of an international database in collaboration with the U.K., Australia, New Zealand and Canada which could potentially make personal information – biometric data like iris, palm and finger prints – of its citizens instantly available to police forces in other partner countries. The U.S.-led program, called “Server in the Sky”, would aid forces in tracking down major criminals and suspected terrorists.

The proposal to link databases is ambitious: each proposed partner country has different standards for the collection, storage and use of biometric information.

Governments already share information across borders, but under strict controls designed to protect the rights, including the right to privacy, of innocent individuals. While international participation in the Server in the Sky program looks to be in its very early days, it will be interesting to see who participates, and how. In terms of Canadian participation, our citizens rightfully expect that their personal information remains safeguarded and understandably, could be reluctant to see that information freely shared with two countries that were ranked near the bottom of Privacy International’s ratings of privacy protection around the world.


8 Jan 2008

Your information. Your choice.


Increasingly, we are putting our personal information online in order to gain access to the benefits of Web 2.0: We list and rank our favourite books on vendor sites, and in return we get recommendations for books we might never have heard of otherwise. We indicate which high school we attended on our Facebook profiles, and in return we reconnect with long-lost friends.

But after we hand over that information, is it still ours? Can we change it, take it back, move it somewhere else?

Alec Saunders has drafted a Privacy Manifesto for the Web 2.0 Era that spells out four fundamental principles:

“Every customer has the right to know what private information is being collected….
Every customer has the right to know the purpose for which data is being collected, in advance….
Each customer owns his or her own information….
Customers have a right to expect that those collecting their personal information will store it securely.”


Imagine if we all took these principles to heart whenever we’re online – wouldn’t companies need to respond?

At present, while most businesses have usually been criticized for their disregard when it comes to their customers’ information, some companies are responding to customers’ desire for more control over their personal information. In fact, these companies are recognizing that handing control of personal information back to the customer could benefit the company as well.

Data portability, the idea that you can take your data from websites you currently use and transfer it seamlessly to another website, is gaining ground. The DataPortability Workgroup announced today that Google and Facebook, two companies which hold a remarkable amount of consumer data, have just signed on.

For the data portability movement, the participation of Google and Facebook means the idea has legs. Not surprisingly, we at the Office of the Privacy Commissioner are interested to see where it goes from here.


20 Dec 2007

Santa’s looking for his list


Several months ago, while we were brainstorming possible subjects for blog posts and holiday season features, we thought “Santa suffers a catastrophic data loss” would be a pretty funny and relevant item for the Office to cover.

Then the Revenue and Customs agency in the United Kingdom lost all that information, and the idea didn’t seem that funny anymore.

The British-based law form Pinsent Masons came up with their interpretation of the idea, tailored to the data protection regimes in Europe:

“There is a stream of questions Santa has yet to answer,” said William Malcolm, a data protection specialist at Pinsent Masons, the law firm behind OUT-LAW.COM.

“Is this information used for anything other than present giving? Information passes out of the EU, so does Santa check the letters for unambiguous, specific and informed consent to this overseas transfer?”

OUT-LAW’s attempts to put the questions to Claus were hindered by the lack of an office chimney. Eventually the questions were put up a domestic chimney but no response was received by time of publication.

The Data Protection Act says that you must inform someone when you are collecting data about them, and tell them what the purpose of collection is.

“What about the naughty/nice database?” said Malcolm. “Are children given notice that behavioural data is being collected about them throughout the year? And does it qualify as covert monitoring, which would breach Article 8 of the European Convention on Human Rights?”


11 Dec 2007

A debate between security and privacy rights


Earlier this fall, we discussed the challenge delivered by Secretary Chertoff at the 29th International Conference: he argued that privacy rights must be balanced off against a country’s security needs.

In November, several prominent security and privacy advocates participated in a debate at the University of Virginia’s Miller Center of Public Affairs. The resolution?

“In the war against terrorism, and with advances in technology, Americans need to lower their expectations of privacy.”

Participating were Marc Rotenberg, Lord Alderdice, Douglas Kmiec, and K.A. Taipale.

Videos of their statements and rebuttals are available on YouTube and on the Miller Center website.

Here’s an excerpt from opening remarks by Lord Alderdice, the former speaker of the Northern Ireland Assembly:

“These are not just questions of law, politics, and the constitution; they are also very human questions. Invasion of one’s personal space creates feelings. Likewise, terrorism creates feelings. Sometimes these feelings are so powerful that we respond emotionally rather than reflectively and thoughtfully. When governments react emotionally, they very often make mistakes and the laws created are frequently counterproductive.”


14 Nov 2007

U.S. Intelligence official argues for balance between security and privacy


Over the past week, there has been considerable debate among privacy advocates about the comments made by a senior U.S. security official at a conference in October. A portion of his speech is copied below:

Donald Kerr, the principal deputy director of national intelligence, at the 2007 GEOINT Symposium, October 23, 2007 in San Antonio:

“When I’m at work, and throughout my day, security is safety, as a barrier against physical or emotional harm. When I go home at night, security is privacy, as an expectation of freedom from unnecessary burdens. In the intelligence community, we have an obligation to protect both safety and privacy…..

concern for privacy. Too often, privacy has been equated with anonymity; and it’s an idea that is deeply rooted in American culture. The Long Ranger wore a mask but Tonto didn’t seem to need one even though he did the dirty work for free. You’d think he would probably need one even more. But in our interconnected and wireless world, anonymity – or the appearance of anonymity – is quickly becoming a thing of the past…

Anonymity results from a lack of identifying features. Nowadays, when so much correlated data is collected and available – and I’m just talking about profiles on MySpace, Facebook, YouTube here – the set of identifiable features has grown beyond where most of us can comprehend. We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment.

Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that. Instead, privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured. And it is that framework that we need to grow and nourish and adjust as our cultures change.

I think people here [at the 2007 GEOINT Symposium], at least people close to my age, recognize that those two generations younger than we are have a very different idea of what is essential privacy, what they would wish to protect about their lives and affairs. And so, it’s not for us to inflict one size fits all. It’s a need to have it be adjustable to the needs of local societies as they evolve in our country. Eventually, we can only hope that people’s perceptions – in Hollywood and elsewhere – will catch up.

Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety…”


29 Oct 2007

British PM speaks on liberty and privacy


Last week, British Prime Minister Gordon Brown spoke on the subject of liberty – a wide ranging speech that touched on British constitutional history as well as modern concepts of liberty, privacy and access to information.

It’s important to remember that the British system of laws and government is different to the Canadian system, but we have similar values about privacy, access to information and liberty.

“… I want to explore how together we can write a new chapter in our country’s story of lliberty – and do so in world where, as in each generation, traditional questions about the freedoms and responsibilities of the individual re-emerge but also where new issues of terrorism and security, the internet and modern technology are opening new frontiers in both our lives and our liberties…

… In my view, the key to making these hard choices in a way that is compatible with our traditions of liberty is to, at all times, apply the liberty test, respecting fundamental rights and freedoms, and wherever action is needed by government, it never subjects the citizen to arbitrary treatment, is transparent and proportionate in its measures and at all times also requires proper scrutiny by, and accountability to, Parliament and the people…

… The information age has, as Tom Friedman has so well drawn out, flattened hierarchies and potentially increased the power of all citizens. So we should not fear the advent of the information age – and it should not lead us to abandon or fear for our values – but at the same time I believe we require a new and imaginative approach to accountability and to winning people’s trust in the ways in which information is held and used…” (Text of Speech)


8 Oct 2007

Privacy by design


Dr. Ann Cavoukian, the Ontario Information and Privacy Commissioner, recently spoke to the Computer Science Club at the University of Waterloo. (video available in several formats)

Dr. Cavoukian has argued that software developers need to build privacy concerns right into their work, and her speech is receiving favourable attention online:

“… There’s something incredibly refreshing about hearing a high-ranking government official say things like, “Privacy is integral to freedom. You cannot have a free and democratic society without privacy. When a state morphs from a democracy into a totalitarian regime, the first thread to unravel is privacy.”…” (BoingBoing)

“… Privacy is really important, and watching this talk makes me realize, I have not being doing my part as a software developer to respect users privacy. Hell I log way too much information, just to make debugging a little easier on the off chance I have to debug it in production. I’d encourage all software developers out there to watch this talk, and take its message to heart. …” (Slashdot comments)


5 Oct 2007

Fleischer on Google, Privacy and Consumers


We heard from Peter Fleischer, the Chief Privacy Officer for search company Google, on Friday.

Speaking in French, he touched upon how Google faced different expectations to protect personal information and privacy from consumers and advocates in different countries and jurisdictions around the world.

As could be expected, he also argued for the creation of global privacy standards. Mr. Fleischer also emphasized that some data needs to be retained in order to personalize the services offered by Google and other online applications – and emphasized that users find the personalization of services extremely valuable and convenient.

The video is divided into two parts, and is only available in French. Sorry.

You need to a flashplayer enabled browser to view this YouTube video

You need to a flashplayer enabled browser to view this YouTube video


5 Oct 2007

Professor Geist on video


As we mentioned earlier this week, Professor Michael Geist spoke at the closing session of the Conference. He noted that we already live in a world where surveillance is common place, and our personal data trail crosses borders and oceans and lives in countless databases.

“Chertoff came to us and said “this is my world, this is my vision, what are you prepared to do about it?”

We have posted the video of Professor Geist’s speech on YouTube, and you can view it below.

You need to a flashplayer enabled browser to view this YouTube video

Videos are posted in the language of the original speaker.


1 Oct 2007

A confrontational challenge


As the Conference drew to a close, Professor Michael Geist of the University of Ottawa provided a brief but complete summary of the week’s discussions.

Today, in the Toronto Star, he provides a precis of his summary. (available in English only)

He underlines the central message drawn from the opening day from the conference: a message that resonated throughout many of the sessions that followed:

“…In a room full of privacy advocates, Chertoff came not with a peace offering, but rather a confrontational challenge. He unapologetically made the case for greater surveillance in which governments collect an ever-increasing amount of data about their citizens in the name of security…”