The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar

Archives

Links

Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by groups.yahoo.com

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, December 10, 2009

Telco and ISP snooping? Don't hate the player, hate the game 

The 'net and twitter have been all abuzz this past week with revelations about telco and ISP cooperation with law enforcement. We've seen Wikileaks post the internal policies of MySpace and Cryptome's posting of Yahoo!'s internal policies.

Blame for this appears to be laid at the feet of the service providers.

I'm all in favour of privacy and completely in favour of government restraint. I'm even more keen on court oversight and requirements that warrants be produced in order for cops and national security types to get access to customer information. I'm also in favour of transparently and accountability. But I haven't seen much nuance in any of the online discussion of this topic. Perhaps that's just the analytical limitations of twitter and the general tone of much of the blogosphere.

Two important issues are being missed. First: just about any time you interact with any business these days, a data trail of some sort is left. If you buy a book using any credit or debit card, there's a record that can connect that purchase to you. If you check out a book from the library, there's a record. If you use a transponder-based tolling system, there's a record of where you were, when and maybe where you are going. If you use any loyalty program to collect points on your purchases, there's an even denser data trail. Your mobile phone provider knows where you phone is at all times and who you have called. This is not unique to online companies. It's simply the reality of our digital lives. Some information collection or retention may be gratuitous, but more often than not it is essential to provide the service that users are asking for. It is not unreasonable, however, to question how much information is collected and how long it is retained. Fair information practices demand that service providers only collect the amount of information necessary to provide the service and that they keep it for only as long as they need to in order to provide the service.

The second, and more important, issue: love it or loathe it, it is the law. If a third party has information about you, the government can get access to it with a court order, a warrant or a subpoena. The third party can sometimes go to court to challenge the legality of the request, but it seldom has enough information to do so. And in many cases, it really has no ability to do so. The fact is, if there is a lawful demand for information, the service provider has to comply or face criminal sanctions itself.

And that's not just unique to the US and the USA Patriot Act. In Canada, take a look at the Anti-Terrorism Act, the Criminal Code, the Canadian Security Intelligence Service Act or the National Defence Act. European democracies have similar rules, too. These companies are generally following their legal obligations. If you have a problem with that, energies and outrage might be more usefully channelled to changing those laws.

ISPs and telcos may influence the laws, but they generally don't make they rules they have to abide by. In short: don't hate the player, hate the game.

Labels: , , ,

12/10/2009 02:19:00 PM  :: (7 comments)  ::  Backlinks
Comments:
You can't compare what's happening in the US (and the history of how lawful access and the patriot acts evolved) to what's happening in Canada. Fact is, the TSP's have said no to the first two iterations of the legislation, which both died due to changes in Government. Now the Crown separated TALEA as an appropriation bill to demonstrate there is money on the table. All of a sudden the TSPs are on board, so you can blame the players!
 
Any reason why in your artcile as you reference documents that we should "Check out" that you didn't link?
 
Thanks for pointing that out, Anon. They are now linked.
 
"Hate the game" or change the game? The Google CEO recently was quoted as saying "if you have something you don’t want anyone to know, maybe you shouldn’t be doing it". Essentially, you are saying the same thing. Don't hate Google (or in your post the Telcoms) hate the fact that you are, by engaging the services through use of technology, acquiescing in to the game. Perhaps there is a way to change the game (through legislation), but that won't happen with mere acquiescence.
 
Steve: Absolutely, change the game. Or if anyone is going to point fingers, they need to point them to legislators as well as service providers.

"The game" allows law enforcement to compel the production of evidence, including digital evidence. That's just reality. The only way to change that reality is to change the game.

Realistically, the situation is not ever going to go away. But what can be realistically demanded is court oversight, and checks and balances on law enforcement and national security agencies' powers.
 
So, because it's de rigueur we should move forward? Frankly I don't trust the "adult's" of Government to be able to monitor these activities to the extent they need to be.
 
"Don't hate the player, hate the game"? What up gangsta? Kidding aside, interesting arguments on both side and something to keep tabs on.

On a sidenote, I agree partly with Zuckerberg's statement, some personal accountability is needed -though many people are not as informed as they need to be to make proper judgements. Protection from above is needed.
 
Post a Comment

Links to this post:

Create a Link

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs