The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.

Search this blog

Recent Posts

On Twitter

About this page and the author

The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.

For full contact information and a brief bio, please see David's profile.

Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.

David Fraser's Facebook profile

Privacy Calendar



Subscribe with Bloglines

RSS Atom Feed

RSS FEED for this site

Subscribe to this Blog as a Yahoo! Group/Mailing List
Powered by

Subscribe with Bloglines
Add to Technorati Favorites!

Blogs I Follow

Small Print

The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.

This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.

Thursday, January 07, 2010

Alberta Privacy Commissioner has some choice words about airport body scanning 

The incomparable Frank Work, Information and Privacy Commissioner of Alberta, appears to have an opinion on body scanning technologies.

Privacy boss pans scans

New naked body security measures at airports don't fly, he says

The thin edge of the wedge -it's not the happiest of analogies when the subject is naked body scans and orifice-probing technology.

But that's the uncomfortable warning from Alberta Privacy Commissioner Frank Work, following a federal decision to install full-body security scanners at major Canadian airports, including Calgary and Edmonton.

Blasting the move as a serious blow to personal privacy and dignity, Work says he expects the obvious flaws in body-scanning security will result in more high-tech "toys" to fill the gaps.

"What will they do next, after the next incident? We're running out of toys and technological silver bullets," said Work, one day after the federal government announced the new airport security measures.

Work guards the privacy of Albertans, be it information or images.

If this was an Alberta rule or an airport decision, Work would surely step in and prevent the visual strip-search.

But being federal legislation, Work fears there is nothing he can do to block the airport scanners, which expose naked images of passengers to the eyes of prying security staff.

"The bottom line is it's a dignity issue, and either out of fear or because we don't want to stand in line too long, we've forsaken any notion of dignity -- it's like, all right, we'll assume the position," said Work.

He's awaiting a call from federal Transport Minister John Baird, but Work believes his hands are tied.

Work said that because human-monitored body scanners aren't perfect, showing only a surface view of the nude passenger, he believes it's a matter of time and/or tragedy before the next step is taken.

"The system is still prone to failure, so let's say the next guy packs his ass with however many grams of (plastic explosive) he can shove up there, and either successfully or unsuccessfully detonates it. What do they do next?" said Work.

"How do they trump full body scans? There actually is a device called the BOSS -- the Body Orifice Security Scanner -- where you sit in a plastic armchair and it can detect plastic or metal in body orifices. Is this next?"

The privacy boss knows his technology, and the chair he references is used in U.S. prisons, in lieu of the old rubber glove approach. That it could easily be installed in airport security areas is a squirmy thought.

Work believes it's just a matter of time.

"At what point do we say, 'Holy crap man, you're patting me down, you've got pictures of me naked, you've got me squatting on a chair, and you've taken my water bottle away'. I mean at what point is enough, enough?"

The federal government is installing 44 of the $250,000 body-scanners across Canada, as well as implementing a new system of visual observation, where security staff will monitor passenger behaviour.

The changes come in response to a Christmas Day attempt to blow up a jetliner over Michigan, when a Nigerian man failed to ignite explosives sewn into his underwear.

While the new body-scanners reportedly wouldn't have caught the underwear bomber -- the explosives were spread too thin -- U.S. demands for extra security have forced countries like Canada to follow suit.

Work says Canada obviously has little choice, if citizens want to travel internationally.

While the U.S. is forcing Canadian travellers to surrender their dignity, Work said the real danger is people starting to believe in safety, purchased through an invasion of privacy.

"The thing that troubles me most as the privacy commissioner, is we're getting more and more used to this stuff.

"Maybe we have to throw in the towel on the body scanners, but the next time the police or authorities come along wanting to blanket the city in cameras for safety reasons, we'll be that much more compliant."

Labels: , , , ,

Scary and funny: Undressing the naked truth about the future of airline travel 

This is too funny, scary and prescient:

Undressing the naked truth about the future of airline travel

Cavity searches, complementary catheters, cryogenic suspension will be the norms

By Paula Simons, Edmonton Journal

January 7, 2010 2:07 AM

The Edmonton Journal

January 7, 2011

The federal government says Canadian air travellers will soon be asked to undergo full-body cavity searches.

The move comes after full-body scanners, of the same type installed in Canadian airports last year, failed to detect bomb-making materials that a group of alleged would-be bombers had secreted within their personal body cavities.

Transport Canada says passenger privacy will be fully protected, because all individuals being stripped-searched will wear paper bags over their heads, preventing security officers from seeing their faces.

"We feel this strikes the necessary balance between protecting passenger safety and avoiding unnecessary traveller embarrassment," said Transport Canada spokesman Winston Smith.

Health Canada will compensate travellers by including complementary prostate exams and PAP smears as part of the inspection process.

"We won't just be striking a blow in the war on terror," said Reductio Ad-Absurdum, a spokesman with the Prime Minister's office. "We'll also reduce the burden on our public health-care system by screening early for cervical and prostate cancer. We think Canadians will be open to the value-added benefits."

While a few civil libertarian academic-types raised concerns about the invasion of privacy, most of those commenting on The Journal's web-site were enthusiastic.

"Flying is a privilege, not a right," said one.

"If you don't have anything to hide, why would you object?"

"The world is a scary place," said another. "I don't mind having my government stick its nose into every nook and cranny."

The Edmonton Airport Authority is asking all local passengers to arrive at the airport at least five hours before flight time to allow enough time for the new inspections.


The Edmonton Journal

January 7, 2015

In a new policy initiative designed to flush out terrorist plots, Transport Canada has announced that airline passengers will no longer be allowed to use on-board washrooms while the plane is in flight.

"Letting people move freely through the cabin, allowing them access to a private space where they couldn't be monitored, well, it's just too big a risk," said Transport Canada spokesman Winston Smith.

Passengers will be required to stay in their seats, with their belts securely fastened, for the duration of the flight. For short-haul flights, passengers will be provided complementary adult diapers. Long-haul flyers will be issued personal catheters.

"We feel this strikes the necessary balance between protecting passenger safety and avoiding unnecessary traveller embarrassment," Smith said.

While civil libertarians and others soft on terrorism suggested the new policy was an affront to human dignity, public response was muted.

"This is public safety we're talking about here," said Edmonton passenger Saaphtee Pherst, 52.

"If you have a problem with it, then don't fly."

The Edmonton Airport Authority is asking long-haul passengers to arrive six hours ahead of their departure time to be fitted for catheters.



January 7, 2020

In a move designed to restore public confidence in air travel, Transport Canada has announced it is moving to align with a new American policy that requires that all airline passengers be placed in pre-flight cryogenic suspension.

"We believe that flash-freezing will maximize both passenger safety and passenger comfort," said federal spokesman Winston Smith. "Ever since we banned people from taking books, magazines, computers and food aboard planes, and made it illegal for them to get out of their seats, air travel has become unduly tedious. This way, we eliminate any terrorism and boredom, and allow passengers to arrive safe and well-rested, without jet lag. And since we'll be able rip out the seats and stack passengers like cordwood, we'll be able to make more efficient use of space and fuel."

Federal spokesman Reductio Ad-Absurdum said cryogenics was a proven technology with minimal health risks.

The Edmonton Airport Authority is asking all passengers to report to the airport 24 hours before their flight for freezing.


January 2, 2021


Air UnitedCanNorthWestDeltaKLMVirginJALEl-AlJet, the world's sole surviving airline, filed for creditor protection this week in the wake of a disastrous Christmas travel season. A climate of fear, combined with fears about climate change, meant no one flew anywhere.

"Flying was no longer exciting or convenient," said business analyst Noitall Pundit. "The Age of the Airplane is over."

Travel Alberta is now asking people to travel by low-carbon donkey instead, and to stay strictly within a 100-mile radius of home.

"Foreign travel is dangerous and overrated. So are foreigners," said spokeswoman Pollyanna Xenophobe. "Alberta is the promised land. Really, no one should ever want leave it again."

Labels: , , ,

We need a debate on the privacy impact of body scanners 

I was interviewed by the Halifax Chronicle Herald on the need for a thorough debate about the privacy impact of body scanners and to make sure that we are actually dealing with the problem. And if we're going to use the technology, we need to ensure that all steps are taken to mitigate the privacy impact.

Safety vs. privacy: - Nova Scotia News -

Safety vs. privacy: Legal expert warns tradeoff of agreeing to virtual strip search might not be worth it

By KELLY SHIERS Staff Reporter Thu. Jan 7 - 4:47 AM

A Halifax privacy expert says airline passengers willing to undergo virtual strip searches are trading privacy for security in an equation that may not result in increased safety in the air.

"Because this is almost unprecedented in its intrusiveness, that means we really need to have a debate about it," David Fraser said Wednesday.

"If you throw out people’s privacy, it doesn’t necessarily mean you’re going to end up with the best security.

"I think we need to have all the facts in front of us about how effective these things are, what sort of impact they’re having on privacy, and how (we can) increase the effectiveness of security while trying to mitigate the impact it can have on privacy."

RELATED» Privacy czar probes Ottawa’s plan for airport surveillance » Slovaks plant explosive in traveller’s luggage in failed security test» Airport security: Last line of defence

Mr. Fraser, a privacy lawyer with McInnes Cooper, said most of the people he has spoken with have reacted positively to the news that airports across the country, including in Halifax, will soon use scanners that see through clothes.

The machines show a three-dimensional outline of a naked body that allow screening officers to see whether someone is carrying dangerous items.

"When they balance their safety versus their privacy, they’re happy to give up their privacy in exchange for their safety," he said.

The scanners have been used at some airports outside Canada and were expected to be introduced in this country at some point.

But on Tuesday, the federal government announced it will buy 44 machines as part of an international response to a man’s attempt to blow up a jet approaching Detroit on Christmas Day. The man was wearing explosives sewn into his underwear.

The devices are only supposed to be used on passengers who have been singled out for secondary screening. Those passengers can choose to go through the machines or be frisked.

Mr. Fraser said he would prefer to be scanned rather than have the kind of intrusive pat-down that would be required in order to detect explosives sewn into underwear.

But he said he believes technology is only part of the answer to combating terrorism in the air.

"It’s convenient to throw technology at the problem and I think there may be an assumption this is going to make everybody safe, but I’m not sure this is necessarily the case," he said.

The devices have shortcomings, even if they are better than what is now in place, he said.

And technology, he said, may not be as effective as "strategic investments in humans" who are collecting, analyzing and using the massive amounts of data about possible threats and possible terrorists.

He said the public should ask questions about the use of the images and the safeguards that will be in place to protect them.

Under a plan approved by Canada’s privacy commissioner, an officer would view the image in a separate room and never see the passenger. The images are supposed to be erased automatically and no copies kept.

Other possible safeguards could include scanning screeners to ensure they’re not carrying cameras or cellphones capable of taking pictures of the images, Mr. Fraser said. And just as pat-downs are only done by members of the same sex, perhaps that rule should apply to viewing the naked images, he said.

Labels: , , ,

Sunday, January 03, 2010

Pantsbomber revives debate over body scanners as implementation is expanded 

The thwarted Christmas Day bombing plot has certainly raised security levels in airports over the holidays. Individual passengers are being frisked before boarding, presumably to make sure they don't have any hidden compartments in their unmentionables (but inspectables). Carryons are being dramatically restricted to reduce screening times, as all such items have been hand inspected. Not at all surprisingly, this has brought body scanning technology to the fore.

In October of this year, the Federal Privacy Commissioner gave her conditional approval to the use of the technology. The conditions are that the images are not retained and the scanners are used only as a secondary screening tool. (See: A necessary image - The Globe and Mail.) However, all passengers to the US are now subject to secondary screening. The Globe article says that technology exists to blur faces and genitals, but I would think that genital blurring may might have obscured a cleverly hidden crotch bomb.

Also according to the Globe (Nigeria, Netherlands to introduce full-body imaging; Canada undecided - The Globe and Mail), both countries that were connected to the pantsbomber, Nigeria and the Netherlands, are introducing body scanning for all flights to the United States. So are UK airports (BAA to introduce full-body scanners at UK's Heathrow).

I travel a lot. Personally, I'd rather be virtually stripped in five seconds than physical patted down by a stranger over two or three minutes. But I'm not so shy. I would also think that the same technology that is currently used to detect explosives residue should be rolled out on a wider scale as well.

For a good overview of the technology and the debate, check out: Full-Body Scanners at Airports: The Good, the Bad, and the Ugly Technomix Fast Company.

Also, CBS (via YouTube) does a pretty good job of covering the debate:

Labels: , , , ,

Saturday, January 02, 2010

Canadian airlines look to goverment to solve privacy dilemma 

The timing on this couldn't be worse, in the aftermath of the Christmas day "underwear bomber" and unprecedented scrutiny of airline passengers.

The National Airlines Council of Canada is looking to the federal government to develop a "permanent solution" to the dilemma they are facing. Airlines that overfly the United States are required to send passenger information to the US TSA, but the airlines contend this violates Canadian privacy laws.

There are a number of circumstances under Canadian privacy laws where organizations require the collection of personal information that's not strictly necessary for the provision of goods or services. PIPEDA permits collection, use and disclosure where it is "required by law", but this is not a Canadian legal requirement.

From the Canadian Press:

The Canadian Press: Canadian airlines plead with government to solve U.S. security dilemma

Canadian airlines plead with government to solve U.S. security dilemma

By Jim Bronskill (CP) – 13 hours ago

OTTAWA — Canada's major airlines say they will be forced either to break privacy laws or to ignore new American air security rules unless the federal government comes up with a response to U.S. demands for passenger information.

The National Airlines Council of Canada, which represents the four largest Canadian carriers, is pleading with the government to find "a permanent solution" to the dilemma posed by the U.S. Secure Flight program.

The program would collect the name, gender and birth date of the approximately five million Canadians who fly through American airspace each year en route to destinations such as the Caribbean, Mexico and South America, even if their planes don't touch the ground in the States.

The U.S. Transportation Security Administration (TSA) would then vet the names against security watch lists.

Passengers whose names appear on the list could face anything from extra security screening to being barred from a flight. There are also concerns the personal data could be used for purposes unrelated to aviation security.

Washington is still reeling from an apparent attempt by a Nigerian man to blow up a jetliner over Michigan by igniting explosives sewn into his clothes.

The near-disaster has put renewed pressure on the TSA to ensure the skies are safe.

Canadian airlines have already begun passing along the personal information for flights that land in the United States.

But the requirement to hand over information for international flights over U.S. airspace was put on hold last February pending discussions with the governments of Canada, Mexico and some Caribbean countries.

In a November letter to Bill Baker, deputy minister of Public Safety, the National Airlines Council says Canadian carriers "are not aware of any progress" on the discussions and are concerned the TSA might suddenly enact the overflight provisions.

The council says this would force Canadian airlines to breach either Secure Flight or the Personal Information Protection and Electronic Documents Act, a federal privacy law that applies to Canadian companies.

An internal Public Safety document prepared last January agrees that sharing such information is "currently prohibited" under the privacy law.

Nicole Baer, a spokeswoman for the federal privacy commissioner, said it was too early to determine whether giving overflight data to the Americans would break Canadian privacy law.

The Public Safety document, obtained under the Access to Information Act, raises other concerns about Secure Flight.

"It is possible that Canadians overflying the United States could be denied boarding based on U.S. no-fly lists that were developed based on lower U.S. risk tolerance," says the January 2009 assessment.

"There are also no guarantees how the U.S. will use the information it obtains from carriers overflying its territory."

The United States has indicated it will waive the Secure Flight requirement to provide information for overflights if Canada creates an equivalent security screening system.

Last March, the airlines council told Public Safety Minister Peter Van Loan in a letter that application of U.S. Secure Flight rules in Canada "is a direct result of the failure to ensure" that Canada's no-fly list, known as Passenger Protect, is "an accepted part of a continental aviation security system."

The airlines council favours a homegrown system as long as carriers don't bear any new costs.

Canada has been working for years on a more comprehensive passenger screening system. The Public Safety Department had no immediate update on those plans.

Critics say extending the Secure Flight program to Canadian flights that merely pass over the U.S. would indeed be a threat to Canadian sovereignty.

The Ottawa-based International Civil Liberties Monitoring Group has argued that sprawling American watch lists could ensnare many Canadians - or activists, immigrants and refugees who want to fly to Canada from Latin America but must travel through American airspace to do so.

Washington says Secure Flight, which transfers the task of watch-list screening to the TSA from individual airlines, will reduce the number of false matches - a longstanding problem with common names - and clear up mistakes more quickly.

Copyright © 2010 The Canadian Press. All rights reserved

Labels: , , , ,

Tuesday, November 17, 2009

Commissioner tables annual Privacy Act Report for 2008-2009 

The Privacy Commissioner of Canada has tabled her annual report on the public sector privacy law, the Privacy Act: Annual Report to Parliament 2008-2009 - Report on the Privacy Act.

At the same time, she has also tabled additional privacy audits, related to FINTRAC and the Canadian no-fly list:

Here's the media release that accompanied the tabling of the reports:

Audits of major national security programs raise concerns for privacy Excessive reporting of personal information to FINTRAC and potential information technology risks with Canada’s “no-fly list” are among concerns identified in audits highlighted in the Privacy Commissioner’s annual report on public sector issues.

OTTAWA, November 17, 2009 — The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.

This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada.

A separate audit, also published today, examined the Passenger Protect Program – better-known to Canadians as the no-fly list. It identified several concerns, such as the fact that the Deputy Minister ultimately in charge of who is on the list was not provided with complete information to allow for informed decision-making.

“Since the terrorist attacks of 9/11, we’ve seen a proliferation of new national security programs. We fully appreciate the underlying aim of many security programs – protecting Canadians. However, it is critical – a point reinforced by our new audits – for government officials to integrate privacy protections into all of these programs at the outset,” says Privacy Commissioner Jennifer Stoddart.

The findings of the two audits are highlighted in the Commissioner’s 2008-2009 report to Parliament on Canada’s federal public-sector privacy legislation, the Privacy Act.


Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.

The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing. For example:

A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”

An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.

A financial institution filed a report about an individual who had deposited a cheque from a law firm. The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.

“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.

“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”

The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.

Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.

Passenger Protect Program Audit

The “no-fly list” is a passenger screening tool introduced in 2007 to prevent people named on a “specified persons list” from boarding domestic and international flights from or to Canadian airports.

The program has sparked privacy concerns, in part because it is secretive in that it uses personal information without the knowledge of the individuals concerned. Moreover, the repercussions for a person named on the list being denied boarding on an aircraft can be profound in terms of privacy and other human rights, such as freedom of association and expression and the right to mobility.

The focus of the audit, however, was to determine whether the program has adequate controls and safeguards in place to protect personal information.

“We were concerned to learn that officials did not always provide the Deputy Minister – who is ultimately responsible for adding to or removing people’s names from the ‘specified persons’ list – all the information needed to make these sorts of decisions,” says Assistant Privacy Commissioner Chantal Bernier.

Other concerns identified during the audit included:

Transport Canada has not verified that airlines are complying with federal regulations related to the handling and safeguarding of the “specified persons list.” The risk of this information being inappropriately disclosed is particularly high for the small number of air carriers that rely on paper copies of the list.

There were no requirements that air carriers report to Transport Canada security breaches involving personal information related to the no-fly list.

Transport Canada did not demonstrate that the application used to transmit information to air carriers met government security standards.

The Passenger Protect Program and the FINTRAC audits, as well as the latest Privacy Act annual report, are available at

The annual report also includes details of privacy-related complaints against federal departments and agencies investigated during the 2008-2009 fiscal year. The Office received 748 formal complaints in 2008-2009, down slightly from the previous year. The most common complaints related to access to personal information and to the length of time government departments and agencies were taking to respond to access requests.

The Privacy Commissioner of Canada is mandated by Parliament to act as an ombudsman, advocate and guardian of privacy and the protection of personal information rights of Canadians.

To view the reports:

Labels: , , , ,

Friday, October 30, 2009

Privacy Commissioner OKs airport body scanners 

Apparently the Privacy Commissioner has given the thumbs up body scanners for aviations security:

The Canadian Press: Privacy watchdog OKs see-through scanners

Privacy watchdog OKs see-through scanners

By Jim Bronskill (CP) – 46 minutes ago

OTTAWA — Airport scanners that see through the clothes of travellers have received the blessing of Canada's privacy czar.

Chantal Bernier, the assistant federal privacy commissioner, said Friday the national air security agency has successfully answered her office's questions about the project. The system, tested in British Columbia at the Kelowna airport, allows a screening officer to see whether someone is carrying plastic explosives or other dangerous items.

The proposal has stirred controversy because the scanner produces a three-dimensional outline of a person's naked body.

"It is a very touchy issue, and we have addressed it with exactly that level of care," Bernier told a gathering of security officials and academics.

Under the plan approved by the privacy chief, the officer would view the image in a separate room and never see the actual traveller.

Only people singled out for extra screening would be scanned, and they would have the option of getting a physical pat-down instead.

Bernier said the holographic image generated by the scanner makes it difficult to identify the traveller's face.

"You would not know who it is, even if you knew the person was in line," she said at the annual meeting of the Canadian Association for Security and Intelligence Studies. "We've actually tested it.

"In addition, the image would be deleted the moment the person leaves the screening portal.

"In our view, these privacy safeguards meet the test for the proper reconciliation of public safety and privacy," Bernier said.

The Canadian Air Transport Security Authority has done thorough threat assessments that reveal a need to search passengers for weapons that might elude a conventional metal detector, she said.

Giving a traveller who undergoes secondary screening the choice of either a full-body scan or a pat-down reduces the "sense of invasion" posed by the new tool, Bernier added.

In a preliminary assessment early last year, the air-security authority said the scanner project amounted to a "low privacy risk" due to the built-in safeguards.

The scanners are already in use at airports in cities including Amsterdam, Moscow and Phoenix. They are also found in the high-security "green zone" of Baghdad and at some U.S. courthouses and prisons.

The air-security authority says the low-level radio frequency wave emitted by the body scanner meets Canadian health-and-safety standards.

Data from the Kelowna pilot project will help the security authority determine which Canadian airports would most benefit from scanners.

Transport Canada would then decide whether to approve use of the devices across the country.

Labels: ,

Saturday, October 17, 2009

Laptop searches at airports infrequent, DHS privacy report says 

Computerworld is reporting on the first report of the Department of Homeland Security Privacy Office since the changeover to the Obama administration. The report itself is interesting, but perhaps most interesting are the statistics related to the number of searches of laptops at border crossings. This has been a controversial practice since reports on it came to light some time ago. I was surprised to read that fewer than two thousand took place in the year under review, in light of the millions of people (and laptops) that have crossed the border during that time.

Here's Computerworld's coverage: Laptop searches at airports infrequent, DHS privacy report says.

Labels: , , , , , ,

Friday, September 11, 2009

CATSA orders invasive body scanners for Canadian airports 

According to the Edmonton Sun, the Canadian Air Transport Security Authority is ordering seven whole body scanners for use in airports. The scanners are controversial because they result in a "virtual strip search" so that the operator is able to make out the details of the passenger's body and supposedly anything that the person may be hiding under his or her clothes. The passenger's bits and pieces are clearly visible, and the manufacturer has special software that can be installed to blur the passenger's genital region (on the screen, not in real life). But CATSA has declined to order or install the blurring software, saying that if the nether region are blurred, it would be possible for bad guys to hide stuff in that area. See: Green light for scanners Canada News Edmonton Sun.

Labels: ,

Friday, June 26, 2009

"Clear" may put customer information up for sale 

Clear, the for profit company that did pre-screening of travelers so they could breeze through security, recently went out of business. Now there's a suggestion that the personal information they've compiled may be put up for sale. According to the release (below), it would be to a company that would provide a similar business and would be approved by the Transportation Security Administration.

Out of business, Clear may sell customer data ITworld

by Robert McMillan

June 26, 2009, 08:18 AM — IDG News Service — Three days after ceasing operations, owners of the Clear airport security screening service acknowledged that their database of sensitive customer information may end up in someone else's hands, but only if it goes to a similar provider, authorized by the U.S. Transportation Security Administration.

Until this week, the Clear service had given customers a way to skip long security lines in certain airports. For a $199 annual fee, air travelers could be pre-screened for flight and then use Clear's security checkpoints instead of the TSA's. Clear was run by New York's Verified Identity Pass, which also shut down on Monday.

Customers had to provide personal information, including credit card numbers, fingerprints and iris scans in order to participate in the program. After Clear abruptly shut its doors -- it has not yet declared bankruptcy -- some worried that this data could fall into the wrong hands.

"They had your social security information, credit information, where you lived, employment history, fingerprint information," said Clear customer David Maynor, who is chief technical officer with Errata Security in Atlanta. "They should be the only ones who have access to that information."

Maynor wants Clear to delete his information, but that isn't happening, the company said in a note posted to its Web site Thursday.

Clear's IT partner, Lockheed Martin, is working with the company "to ensure an orderly shutdown as the program closes," Clear said. But in a section of the note entitled, "Will personally identifiable information be sold?" Clear acknowledged that it could be used by someone else, presumably if Clear's assets were sold. "If the information is not used for a Registered Traveler program, it will be deleted," Clear said.

Boasting more than 260,000 customers, Clear was the largest private company authorized to provide airport security services, under a TSA program called Registered Traveler. Other providers, who may now be interested in purchasing Clear's assets, include Flo and Preferred Traveler.

Until Clear's demise, Registered Traveler companies operated in about 20 airports nationwide. Once a traveller has registered with any one of these companies, he is given a travel card that can be used for security screening by any company in the Registered Traveler program.

Last year the TSA temporarily yanked Clear's Registered Traveler status after the company lost an unencrypted laptop containing data on 33,000 customers at San Francisco International Airport. A few days later, Clear was allowed back into the program after the laptop mysteriously reappeared and the TSA determined that Clear was properly encrypting data.

Although it appears to be retaining information on its central databases, Clear said it has erased PC hard drives at its airport screening kiosks, and it is wiping employee computers as well, using what it calls a "triple wipe process." This technique, used by the U.S. Department of Defense, is considered to be a reliable way of erasing data.

"Clear is communicating with TSA, airport and airline sponsors, and subcontractors, to ensure that the security of the information and systems is maintained throughout the closure process," the company said.

Customers will be notified via e-mail when their information is deleted.

That wasn't good enough for Maynor. "How about the opposite? Where if they sell my information, they send me an e-mail," he said.

Labels: , , , ,

Thursday, April 09, 2009

If you want to fly, show us your body or we'll feel you up 

An interesting review of the increasing intrusiveness of airport security: The expanding invasion of the naked body scanners. - By William Saletan - Slate Magazine.

Labels: , , ,

Tuesday, March 24, 2009

Commissioner taking Air Canada to court over customer access to info 

According to CanWest, the Privacy Commissioner is taking Air Canada to court over access to customer information that the airline claims is covered by solicitor-client privilege:

Air Canada sued over passenger info case

OTTAWA — Canada's privacy commissioner is taking Air Canada to court to compel the airline to release records involving a so-called "unruly" customer, arguing passengers should be able to know the information air carriers are collecting about them.

In a newly filed affidavit, a senior official with the Office of the Privacy Commissioner of Canada sets out why the dispute has broad implications for air travellers. The document bolsters an application in Federal Court for an order requiring Air Canada to hand over the disputed documents about an incident on board a flight from Kamloops and Vancouver and to confirm the commissioner's right to ask for evidence in support of a claim of solicitor-client privilege.

"The ability to obtain access to one's personal information and to challenge its accuracy is a critically important means of holding an organization accountable for its personal information practices," according to Carman Baggaley, senior policy and research analyst at the commission.

The legal battle is heating up just as new regulations are "being finalized" by Transport Canada to "enhance the ability of air operators, private operators and their employees to deal with the growing problem of aviation passengers who are unruly and disruptive," the affidavit states.

This new system will "require air carriers to prepare reports on certain types of disruptive behaviour, to make these reports available to the Minister upon request and to provided statistics to the Minister on these incidents."

The backdrop of these coming changes are the rules governing Canada's "no-fly" list, which make it difficult for people to know why they are on the list and denied access to air travel, the affidavit states.

"In the current environment of heightened concerns about aviation security, information collected by air carriers about passengers can have a significant impact on individual travellers.

"In some cases, an air carrier may be required... to deny boarding to an individual who is on a Canadian or foreign no-fly list. Or, in some cases, an individual may experience delays or difficulties boarding a flight. In addition, a Canadian air carrier can deny boarding to individuals based on the carrier's assessment that an individual may pose a risk to a flight. This authority will be enhanced with the adoption of the (new) regulations."

In this context, the privacy commission is arguing the right of passengers to access information about themselves is "critically important," especially in cases where they seek to correct the record.

"Given the confusion that may exist about why an individual has been denied boarding or is experiencing difficulties when trying to obtain a boarding pass, being able to obtain access to his or her personal information held by a carrier may help an individual understand why he or she is encountering problems, or in some cases, allow individuals to clear up any confusion, misunderstandings or incorrect information before boarding is denied," according to the affidavit.

In this specific case, Juergen Dankwort of Vancouver complained to the privacy commission after Air Canada refused to provide him copies of reports related to an incident involving him during a short-haul flight in May 2005; the airline argued the files were protected under solicitor-client privilege.

Air Canada cited solicitor-client privilege again when the commission's investigative unit requested the reports as part of its investigation into whether Air Canada contravened the Personal Information Protection and Electronic Documents Act when it denied the passenger access to his personal information contained in these reports.

Air Canada also refused to provide the commission a sworn affidavit outlining why the disputed documents are, in fact, privileged, according to court documents.

In correspondence filed in federal court, Air Canada says the commission "has no right to compel such evidence protected by law, and has no jurisdiction to assert whether or not (the) documents are solicitor-client privileged."

Air Canada declined to comment on the case because the matter is before the courts.

In an interview, Dankwort, a retired sociology instructor from Kwantlen Polytechnic University, says he's "concerned" and "frightened" by Air Canada's refusal to provide an explanation to the privacy commissioner.

"If Air Canada is saying that (the reports) are protected by solicitor-client privilege, they need to let our own appointed authority know on what basis they were making that claim, rather than using it as a carte-blanche response to any inquiry or request for any such reports."

Dankwort added this matter is particularly important in a post-9/11 world because airlines hold a lot of discretionary power over who can fly.

"I think any information that a corporation has on a consumer or a client, I think we, the public, have the right to know what's in the file, what's on record. One of the hallmarks of democracy is that we have access to this kind of information."

In a statement, a spokeswoman for the privacy commissioner's office said that while it recognizes the importance of solicitor-client privilege as a fundamental legal principle, the office also thinks it's important to test the claims of organizations that withhold information on that basis.

The incident arose after Dankwort and his travelling companion brought their own beer on board, not knowing this contravened the aeronautics act, according to correspondence filed with the court in which Dankwort alleges the fight attendant was rude and aggressive and his demeanour was "completely unwarranted, inappropriate and disturbing."

During the flight, the captain advised the RCMP that Dankwort was being unruly. He was detained at the end of the flight while the police investigated the allegations. Dankwort was released a few hours later, and no charges were laid.

From the Court's Docket here.

Labels: ,

Thursday, March 12, 2009

Ontario commissioner calls for "privacy filters" on whole-body scanners 

The Information and Privacy Commissioner of Ontario is calling for implementing privacy filters to mitigate part of the damage to privacy caused by whole body scanners that are appearing soon in an airport near you.

IPC - Office of the Information and Privacy Commissioner/Ontario Whats New Summary

Whole Body Imaging (WBI) technologies – which have been described in the media as “naked scanners” – raise significant privacy concerns that must to be addressed, says Ontario’s Information and Privacy Commissioner, Dr. Ann Cavoukian. “These technologies, which are being deployed as a voluntary passenger-scanning security measure in a growing number of airports around the world, pose a serious threat to privacy since they produce high-quality images of an essentially naked body beneath a passenger’s clothes.” But the risk to privacy can easily be mitigated through the use of a strong “privacy filter.”

The Commissioner released a white paper entitled, Whole Body Imaging in Airport Scanners: Activate Privacy Filters to Achieve Security and Privacy, which outlines how the activation of privacy (or modesty) filters can reduce the amount of unnecessary personal details captured by WBI technologies.

Labels: , ,

Wednesday, December 10, 2008

The importance of audits 

Bruce Schenier has a great piece on his blog, which previously appeared in the Wall Street Journal, on the importance of audits. It's a must-read:
Schneier on Security: Audit

... When we think about security, we commonly think about preventive measures: locks to keep burglars out of our homes, bank safes to keep thieves from our money, and airport screeners to keep guns and bombs off airplanes. We might also think of detection and response measures: alarms that go off when burglars pick our locks or dynamite open bank safes, sky marshals on airplanes who respond when a hijacker manages to sneak a gun through airport security. But audit, figuring out who did what after the fact, is often far more important than any of those other three.

Most security against crime comes from audit. Of course we use locks and alarms, but we don't wear bulletproof vests. The police provide for our safety by investigating crimes after the fact and prosecuting the guilty: that's audit....

Labels: , ,

Friday, December 05, 2008

Privacy right extends to drugs in luggage 

A Judge of the Supreme Court of Newfoundland has made an interesting evidentiary ruling when considering the constitutionality of a search that resulted in finding drugs and cash in the luggage of an airline passenger.

Acting on a tip, a sniffer dog alerted police, the bag was searched and the accused was arrested. He has argued that he had a reasonable expectation of privacy in his luggage and wanted the evidence excluded. The prosecutors argued that you have no expectation of privacy when traveling because luggage is routinely screened.

The Judge had this to say, according to the National Post:

"Obviously, searching or screening the accused's bags for the presence of drugs does not fit into the category of purposes for which screening was authorized," wrote Mr. Hall.

"I conclude that Brian Crisby had a reasonable expectation of privacy with respect to the contents of his luggage, save and except for searches by [airport] personnel for items that could be used to jeopardize the security of an aerodrome or aircraft. The drugs and money found in his baggage, which are the subject of this proceeding, are not such items and thus Brian Crisby had a reasonable expectation of privacy."

Mr. Rogers described the win as clearing the first hurdle toward having the charges dropped.


See: Privacy right extends to drugs in luggage: judge.

Labels: , ,

Friday, November 28, 2008

Slaw: New US air security rules may cause problems for Canadian passengers 

Just posted on

Slaw: New US air security rules may cause problems for Canadian passengers

The Canadian Press is reporting that the planned extension of US passenger screening is going ahead next year. Unlike existing rules, which require airlines to provide passenger information for flights headed to the US, the new rules will require them to provide this information even if the flight is only traversing US airspace. (See: The Canadian Press: New U.S. air security rules create turbulence in Canada.)

This raises a whole host of issues, particularly on the privacy front. The names are being scrubbed against the US no-fly list, which is notoriously of dubious quality. It has interfered with the travel plans of infants and a US Senators. It also includes the name of a certain Canadian who has been proven by a public inquiry to not be a terrorist. How many Canadians will be prevented from completing their travels to non-US destinations because they have a name similar to one on the no-fly list? I guarantee that no Canadian airline will change their route to avoid American airspace so that a passenger can be accommodated.

In addition, how is the information going to be used? Will it go into a massive database to be mined for future uses? Will US authorities force aircraft to land to arrest a passenger who is not a terrorist threat, but is otherwise wanted? Will there be a list of Canadians who regularly (and completely lawfully) travel to the embargoed island of Cuba?

This is a real conundrum. One can wave one’s arms in the air and yell about privacy, but the fact remains that the United States has sovereignty over its airspace and can refuse access for whatever reason it wants. It can put conditions on that access. At the end of the day, if you want to travel and your flight takes you through their airspace, this is one of those conditions.

Labels: ,

Thursday, October 09, 2008

Senators introduce bill to curb border crossing laptop searches 

Two senators have introduced a bill to curb controversial laptop searches and seizures, limiting them to when there is a reasonable suspicion of illegal activity:

Techworld - Privacy groups praise bill curbing warrantless laptop searches

Feingold's bill spells out standards for search and seizures of electronic equipment belonging to US travelers at airports and other borders. The biggest condition is that such searches may be initiated only if the customs agent has "reasonable suspicion" that the traveler is carrying contraband or items otherwise prohibited in the country, or because the traveler is prohibited from entering the US. The equipment may be seized only if the DHS secretary, or a relevant federal or state law enforcement agency, obtains a probable-cause warrant on the belief that the equipment contains information that either violates a law, provides evidence of illegal activity or is foreign intelligence material.

Labels: , , , ,

Thursday, August 07, 2008

Supposedly secure ePassports easily cloned 

Cynics, who may say that "chipped" passports are more about control than security, may point to articles like this one to support their position:

‘Fakeproof’ e-passport is cloned in minutes - Times Online

New microchipped passports designed to be foolproof against identity theft can be cloned and manipulated in minutes and accepted as genuine by the computer software recommended for use at international airports.

Tests for The Times exposed security flaws in the microchips introduced to protect against terrorism and organised crime. The flaws also undermine claims that 3,000 blank passports stolen last week were worthless because they could not be forged.

In the tests, a computer researcher cloned the chips on two British passports and implanted digital images of Osama bin Laden and a suicide bomber. The altered chips were then passed as genuine by passport reader software used by the UN agency that sets standards for e-passports.

The Home Office has always argued that faked chips would be spotted at border checkpoints because they would not match key codes when checked against an international data-base. But only ten of the forty-five countries with e-passports have signed up to the Public Key Directory (PKD) code system, and only five are using it. Britain is a member but will not use the directory before next year. Even then, the system will be fully secure only if every e-passport country has joined....

Labels: , ,

Wednesday, July 23, 2008

Airport kiosks suspected in fraud probe 

This morning's Globe & Mail ran a story about an apparent connection between a rash of credit card fraud and the check-in kiosks at Toronto's Pearson International Airport. The Airport Authority has said they've checked them out and think all is well:

WestJet suspends credit-card kiosk check-ins amid fraud probe

...Earlier Wednesday, a spokesman for the Greater Toronto Airport Authority said a recent audit demonstrated the kiosks, used to check in and pick up boarding passes, were safe and secure.

"We checked our systems and everything checks out, so we're happy with that," said Scott Armstrong.

Meanwhile, airlines have disabled the ability to use a credit card to check in.

From today's Globe: Credit-card fraud probe targets Pearson's self-service kiosks

An investigation of suspected credit-card fraud at Toronto's Pearson airport is now concentrating on the security of its 150 self-service check-in kiosks.

In recent months, financial institutions that issue credit cards spotted isolated fraud patterns that appeared to stem from use of the cards in conjunction with getting boarding passes at the Pearson kiosks, according to sources.

While the investigation is in the early stages, it is currently focused on the kiosks, where passengers use passports, frequent-flier cards, reservation numbers, names, and/or credit card data to identify themselves for flights on any one of 13 airlines. It is not known whether any information has actually been stolen or otherwise gone astray.

Some members of the financial industry are very concerned because Pearson is Canada's busiest airport, with 31.5 million passengers travelling through it last year.

One person familiar with the investigation said the fact that personal data at airports might not be secure “should send shudders through every airport traveller.” ...

Labels: , , ,

Saturday, July 05, 2008

Keep your friends close, but your laptop closer ... Especially in airports 

According to a recent study conducted by the Ponemon Institute, 10,000 laptops are lost/stolen each week in US airports. While the commentary on this study talks about confidential business information, I am confident that the majoriy of these laptops also contain personal information. See: PC World - Business Center: Laptops Lost Like Hot Cakes at US Airports.

Labels: , , ,

Saturday, June 21, 2008

Passengers virtually stripped naked by 3-D airport scanner being tested in Canada 

We've seen this coming up through development, but the electronic virtual stripping machine is finally making its way to an airport in Canada, though just for a pilot project. The scanner was unveiled on Thursday. It uses "millimetre waves" to create a detailed 3-D image of the subject's body and any contraband they may have under their clothes. Interestingly, the operator -- who is right by the scanner -- sees a fuzzy image but another officer in a "private room" gets a much more detailed peep at the person's body. See: Passengers virtually stripped naked by 3-D airport scanner.

Labels: , ,

Monday, June 09, 2008

TSA announces new ID policy 

According to the website of the Transportation Security Administration, the policy on flying without ID has been changed. If you refuse to provide ID, citing your constitutional rights, you'll be denied boarding. But if you tell them you would show them ID if you could, they'll let you fly.

In short, you can fly without ID. But only if you tell them it's because you've lost your ID. If you tell them that you aren't showing ID because you don't have to show ID, that's a security risk of a different variety.

See: TSA: TSA Announces Enhancements to Airport ID Requirements to Increase Safety.

Labels: , ,

Thursday, March 27, 2008

Privacy fears delay UK airport fingerprint biometrics 

According to Information Age, privacy concerns have at least delayed the implementation of fingerprint biometrics at Heathrow's new Terminal 5 (For some background, see: Canadian Privacy Law Blog: A small step for biometrics; a giant leap for the UK surveillance state). See: Privacy fears delay Terminal 5 fingerprint biometrics | Information Age.

Labels: , , , , ,

Saturday, March 08, 2008

A small step for biometrics; a giant leap for the UK surveillance state 

Passengers flying through Heathrow Airport, Terminal 5, will be photographed and fingerprinted twice before being permitted to board domestic flights. The British Airport Authority, which runs the new terminal through which all British Airways passengers will travel say this measure is "necessary to prevent criminals, terrorists and illegal immigrants trying to bypass border controls."

The only reason why this may be necessary is that the design of the new terminal permits international and domestic passengers to mingle in the secure area. Theoretically, transiting international passengers would be able to swap boarding passes with a domestic passenger circumventing border controls. On balance, it just makes sense to ramp up the big brother factor if it means the BAA doesn't have to follow the non-intrusive but universal designs used by every other airport I have ever been through.

The BAA also says the fingerprints will be discarded after 24 hours, unless -- of course -- they are of interest to the police. See: Heathrow airport first to fingerprint - Telegraph. Via the ever vigilant Boing Boing: Heathrow Terminal 5 to fingerprint domestic passengers - Boing Boing.

Labels: , , , , ,

Sunday, February 03, 2008

Schneier on Security vs. Privacy 

Here's a really great read from Bruce Schneier:

Schneier on Security: Security vs. Privacy

If there's a debate that sums up post-9/11 politics, it's security versus privacy. Which is more important? How much privacy are you willing to give up for security? Can we even afford privacy in this age of insecurity? Security versus privacy: It's the battle of the century, or at least its first decade.

In a Jan. 21 New Yorker article, Director of National Intelligence Michael McConnell discusses a proposed plan to monitor all -- that's right, all -- internet communications for security purposes, an idea so extreme that the word "Orwellian" feels too mild.

The article (now online here) contains this passage:

In order for cyberspace to be policed, internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer or Web search. "Google has records that could help in a cyber-investigation," he said. Giorgio warned me, "We have a saying in this business: 'Privacy and security are a zero-sum game.'"

I'm sure they have that saying in their business. And it's precisely why, when people in their business are in charge of government, it becomes a police state. If privacy and security really were a zero-sum game, we would have seen mass immigration into the former East Germany and modern-day China. While it's true that police states like those have less street crime, no one argues that their citizens are fundamentally more secure.

We've been told we have to trade off security and privacy so often -- in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric -- that most of us don't even question the fundamental dichotomy.

But it's a false one.

Security and privacy are not opposite ends of a seesaw; you don't have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it's based on identity, and there are limitations to that sort of approach.

Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back and -- possibly -- sky marshals. Everything else -- all the security measures that affect privacy -- is just security theater and a waste of effort.

By the same token, many of the anti-privacy "security" measures we're seeing -- national ID cards, warrantless eavesdropping, massive data mining and so on -- do little to improve, and in some cases harm, security. And government claims of their success are either wrong, or against fake threats.

The debate isn't security versus privacy. It's liberty versus control.

You can see it in comments by government officials: "Privacy no longer can mean anonymity," says Donald Kerr, principal deputy director of national intelligence. "Instead, it should mean that government and businesses properly safeguard people's private communications and financial information." Did you catch that? You're expected to give up control of your privacy to others, who -- presumably -- get to decide how much of it you deserve. That's what loss of liberty looks like.

It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don't subscribe to Maslow's hierarchy of needs, it's obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it's a social need. It's vital to personal dignity, to family life, to society -- to what makes us uniquely human -- but not to survival.

If you set up the false dichotomy, of course people will choose security over privacy -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither.

This essay originally appeared on

Labels: , , , ,

Wednesday, January 16, 2008

The state has no business in the bathroom stalls of the nation 

The ACLU in the US is supporting Senator Craig's withdrawal of his guilty plea, arguing that there is a reasonable expectation of privacy for those who are (or are not) having sex in bathroom stalls. See:

ACLU: Sex in restroom stalls is private - Yahoo! News

ST. PAUL, Minn. - In an effort to help Sen. Larry Craig, the American Civil Liberties Union is arguing that people who have sex in public bathrooms have an expectation of privacy.

Craig, of Idaho, is asking the Minnesota Court of Appeals to let him withdraw his guilty plea to disorderly conduct stemming from a bathroom sex sting at the Minneapolis airport.

The ACLU filed a brief Tuesday supporting Craig. It cited a Minnesota Supreme Court ruling 38 years ago that found that people who have sex in closed stalls in public restrooms "have a reasonable expectation of privacy."

That means the state cannot prove Craig was inviting an undercover officer to have sex in public, the ACLU wrote.

The Republican senator was arrested June 11 by an undercover officer who said Craig tapped his feet and swiped his hand under a stall divider in a way that signaled he wanted sex. Craig has denied that, saying his actions were misconstrued....

Labels: , ,

Wednesday, September 12, 2007

Ontario Commissioner issues unprecedented order against used goods vendors databases 

In an apparently unprecedented move, the Information and Privacy Commissioner for Ontario, Ann Cavoukian, has issued a cease and desist order and an order to destroy personal information related to the collection of personal information from people who sell second hand goods to resellers. This follows a battles in the Ontario courts, where the Commissioner's position was ultimately upheld by the Court of Appeal (See: Canadian Privacy Law Blog: Oshawa second-hand store bylaw invades privacy). For more info from the Commissioner's office, see: Privacy Commissioner Ann Cavoukian issues seminal Order to cease collecting detailed personal information from individuals selling used goods, and to destroy all existing records.

I think this is a very important move on the part of the Commissioner.

We are seeing a growing trend in Canada that forces some serious thought about privacy. Private businesses are increasingly being conscripted to collect information on behalf of law enforcement or for law enforcement purposes. For example, money laundering legislation, no-fly lists operated by airlines, "lawful access" and databases of used goods sellers. Meanwhile, the Privacy Commissioners and privacy advocates are taking a stronger stand against this. We've seen various statements and submissions to legislative committees, unanimous declarations against the no-fly list and now the exercise of dramatic coersive powers. It will be very interesting to see how this all plays out.

Labels: , , , , , ,

Wednesday, September 05, 2007

If you touch personal information, act like a privacy officer 

Thanks to David Canton for leading me to this interesting article from IT Business. It discusses the recent breach in which unencrypted health information on a portable hard drive was lost in Toronto's airport. Looking at the issue from a practical angle, it concludes that all employees who touch personal information have to take responsibility for it.

IT Business: Everyone's a CPO: Why privacy needs to spread across every line of business

...Departmental executives need to do a couple of things. First, they need to perform an inventory on the devices they personally own but which may be used for work. What level of security is already in place and what might need to be upgraded? Are there technologies that could be added to help easily recover a device if it goes missing for some reason? Are there organization-wide guidelines or procedures with which personal devices need to comply before they can be used for work purposes? This is where a dialogue with IT should probably begin, and it may lead some IT managers to reject requests that such devices be able to access a corporate network.

A potentially bigger challenge will be for line of business executives to think in "big picture" terms of what kind of data they are managing, and what kind of responsibilities they have towards protecting the privacy of that information. We usually tackle these cases by looking at what kind of safeguards IT departments or senior management could have put in place from the beginning. As time goes on, the focus will be much more on what individual employees are doing to bolster those safeguards. No one is merely a VP of marketing, finance or HR anymore. If you touch customer or employee data in any way, shape or form, you're a chief privacy officer, too.

Labels: , , ,

Friday, August 31, 2007

Incident: Sick Kids physician loses portable hard-drive with unencrypted personal health information 

A physician from Sick Kids hospital who decided to travel with a portable hard-drive containing unencrypted health information on 3,300 patients lost the drive in Canada's busiest airport. This happened six weeks after the Information and Privacy Commissioner ordered that the hospital not allow electronic health information to leave the hospital unless it was encrypted. See: - living - Sick Kids doctor loses data on 3,300 patients.

Labels: , , , ,

Friday, August 10, 2007

US unveils more privacy-friendly no-fly list 

Apparently the American government is about to implement its latest version of the no-fly list, without data mining using commercial sources. It looks a lot like the Canadian "Passenger Protect" program:

Even Bruce Schneier thinks it shows common sense.

Feds offer simpler flight screening plan on Yahoo! News

By MICHAEL J. SNIFFEN, Associated Press Writer

Thu Aug 9, 6:34 PM ET

The government proposed a new version of its airline passenger screening program Thursday, stripped of the data mining that aroused privacy concerns and led Congress to block earlier versions.

It's been three years since the Sept. 11 Commission recommended and Congress ordered that the government take over from the airlines the job of comparing passenger lists with watch lists of known terrorist suspects to keep them off flights. Even this new version of the Secure Flight program is open for public comment and will be tested this fall before it can be implemented fully in 2008.

The third version of the program, once known as CAPPS II, drew positive reviews from privacy advocates and members of Congress who had objected to more elaborate earlier versions. Congress enacted legislation blocking earlier plans to collect private commercial data — like credit card records or travel histories — about all domestic air travelers in an effort to predict which ones might be terrorists.

The new plan would require passengers to give their full name when they make their reservations — either in person, by phone or online. They also will be asked if they are willing to provide their date of birth and gender at that time to reduce the chance of false positive matches with names on the watch lists.

"Finally, this appears to have a coherent, narrow and rational focus," said James Dempsey of the Center for Democracy and Technology, a privacy advocacy group. "This is a vast improvement over what we've seen before."

Even Democrats in Congress were cautiously positive.

"They've been slow to admit that minimizing invasions and breaches of Americans' privacy is part of their job," said Senate Judiciary Committee Chairman Patrick Leahy, D-Vt. "We will evaluate these steps to see if they measure up."

House Homeland Security Chairman Bennie Thompson, D-Miss., said he hoped the administration would stay alert to privacy issues. "I am extremely disappointed it has taken three years and passage of several pieces of legislation to get us to step one."

Thompson added that he hoped it was a sign of foresight that the new plan was announced along with new screening arrangements for international travelers.

At a news conference at Reagan National Airport, Homeland Security Secretary Michael Chertoff also announced that starting six months from now airlines operating international flights will be required to send the government their passenger list data before the planes take off rather than afterward, as is now the case.

Earlier sharing of passenger information is designed to give U.S. authorities more time to identify terrorists like Richard Reid, who attempted to light a shoe bomb on a trans-Atlantic flight in December 2001, and keep them off planes.

"Now the airlines give us their manifests after the plane has left the ground and that is too late," Chertoff said.

The Homeland Security chief said he was unaware of any specific, credible threat against airlines. But based on recent car bomb attempts in Great Britain and public statements by terrorists, he repeated his view that "we are entering a period where the threat is somewhat heightened."

"Look at the history of al-Qaida," Chertoff said. "The airplane has been a consistent favorite target of theirs."

On the domestic side, transferring watch-list checks to Transportation Security Administration officers "should provide more security and more consistency, and thus reduce misidentifications" that have frustrated passengers, Chertoff said.

Existing screening has been widely ridiculed because people like Sen. Edward M. Kennedy, D-Mass., other members of Congress and even infants have been blocked from boarding or delayed because their names are similar to names on the lists.

Chertoff said the new domestic system will avoid activities envisioned earlier that raised privacy concerns.

"Secure Flight will not harm personal passenger privacy," Chertoff said. "It won't collect commercial data (about passengers). It will not assign risk scores and will not attempt to predict behaviors."

Such plans alarmed Congress so much that it barred implementing the program until it passed 10 tests to ensure privacy and accuracy. The Government Accountability Office, Congress' auditing arm, found the previous version failed almost all of them.

Currently, only a passenger's full name is required when reservations are made although date of birth and gender usually become known to transportation security officers later in the boarding process.

Transportation Security Administrator Kip Hawley said volunteering those two items earlier would reduce misidentifications in watch-list matching.

"With the full name, we can resolve 95 percent of the cases correctly. The date of birth adds 3.5 percent to that, and the gender adds another one percent," Hawley said.

Privacy advocates like Dempsey and Bruce Schneier, chief technology officer at the security company BT Counterpane, also were pleased with limits on how long most records will be kept. A check that produces no match — which will be the case for the vast majority of travelers — would be kept only seven days. A false positive match would be kept seven years. Confirmed matches would be kept 99 years.

"On the surface, it looks pretty good," Schneier said. "I'm cautiously optimistic. It's nice to see some common sense."

Labels: , , , , ,

Thursday, June 21, 2007

Transport minister responds to critical coverage of no-fly list 

In the wake of some critical comments in recent news coverage, the Minister of Transportation has an op-ed piece in today's Chronicle Herald.

Nova Scotia News -

Program protects safety, respects rights


In view of recent articles on the introduction of the Passenger Protect Program in Canada on Monday, I would like to clarify some issues.

I must stress, in particular, that Passenger Protect relates to individuals who may pose an immediate threat to aviation security. The program will enable government law-enforcement and security organizations, working with Transport Canada, to alert air carriers to individuals who may pose a threat to a flight, in order to prevent boarding and unlawful interference during the flight that could endanger the general public, passengers and crew.

Such an individual is identified under strict guidelines. It can be someone who is or has been involved in a terrorist group, for example, or an individual who has been convicted of one or more serious and life-threatening crimes against aviation security.

The government began consulting with industry on passenger assessment in May 2004. The program was developed to include the privacy rights provisions needed and in consultations with different groups of the civil society: airlines, airports, police, labour representatives as well as civil liberties and ethnocultural groups. We continue to work with the Office of the Privacy Commissioner.

In short, the program has benefited from parliamentary and public scrutiny, and is based on public law. This government also has as a priority the privacy concerns of Canadians. To this end, we must be clear: Canada’s program has learned lessons from countries all over the world with respect to watch lists, and has taken necessary precautions. This is why the Canadians Specified Persons List took three years of parliamentary consideration, and two years of policy development.

In addition, Transport Canada has established an Office of Reconsideration to permit individuals to challenge a denial-of-boarding decision in a non-judicial, efficient manner. The office will be able to assist individuals to clear up ID issues, and provide a mechanism for review of a case by persons independent of those who made the original decision.

To address terrorism, we must learn from past events, assess evolving threats, and initiate efficient and effective programs that protect public safety and respect the rights of Canadians. Passenger Protect does just that.

I invite readers to get more information on the website, or by phoning 1-800-O-Canada (1-800-622-6232), ATS: 1-800-926-9105.

Lawrence Cannon is Canada’s minister of transport, infrastructure and communities.

Labels: , , ,

Tuesday, June 19, 2007

No-fly list has an apparently smooth takeoff 

With the no-fly list coming online in the last twenty-four hours, I haven't heard of any instances of people being excluded from flying on the first day. It will be interesting to see how it all shakes out.

I spoke with Chris Lambie of the Chronicle Herald yesterday morning and he spent part of the afternoon at the airport seeing how it went on. Here's his article:

Smooth lift-off for no-fly list -

Airline passengers seemed keen on heightened security

By CHRIS LAMBIE Staff Reporter

The federal no-fly list caused no problems Monday at Halifax Stanfield International Airport.

Passengers seemed keen on the idea of a list meant to screen out anyone who poses a potential threat to aviation security.

"As long as my name’s not on it, I’m happy," Mike Moir said as he waited for a flight back to Ontario.

"If the people are bad, I don’t want them on my plane."

The 67-year-old Hamilton, Ont., man was in Nova Scotia to work as an official for last weekend’s national canoe team trials on Lake Banook in Dartmouth.

The only dilemma he can see with the scheme to flag potentially dangerous flyers is if an innocent person has the same name as someone on the list.

"How many Smiths are there in the world?" Mr. Moir said. "If they just pick everybody with the same name, it could be a problem."

Still, he thinks the list is a necessity.

"With all the terrorism going on in this world nowadays, it’s a good measure."

Dawson Wentzell and his wife, Bethany, were waiting with their toy poodle, Bailey, to board a plane for Edmonton.

The list could prompt lawsuits against the federal government if people lose money because they couldn’t board flights due to name mix-ups, Ms. Wentzell said.

"If someone is delayed from work and this is the reason why, someone is going to get sued," she said.

They didn’t even think about the new security measure before checking in for their flight to Nova Scotia.

"We got up at 5 a.m. and believe me my mind wasn’t on lists," she said.

The couple from Daniel’s Harbour, N.L., wasn’t on the no-fly list and neither was their dog.

"God help us if he was," Ms. Wentzell said. "We’d really be in trouble then."

The no-fly list didn’t cause any problems at the facility, said airport spokesman Peter Spurway.

"If you didn’t know it was on, you wouldn’t know it was on," he said. "It has not made a single impact on our operations today or the operations of our partners in the airline business. I checked around a couple of times and it’s just been chugging along."

But David Fraser, a privacy lawyer in Halifax, won’t be surprised to hear from clients who suddenly discover their names are on the no-fly list.

"We’re likely to hear people are going to have some difficulty in Canada simply because of the way that these sorts of lists have to be structured in order to catch or include in them people with non-English or French names that have to be transliterated or made into English equivalents, and some of them can be common names," Mr. Fraser said. "So there’s probably a fair amount of wiggle room in the way that they match against peoples’ names."

The Specified Persons List, announced last fall, includes the name, birth date and gender of anyone who might pose an immediate threat to aviation security. Airlines that fly into and out of Canada must check the names of their passengers against the list.

"There’s really the opportunity that a whole bunch of people who aren’t actually on the list, just people who have similar names and similar birthdates and other identifying characteristics (as those) on the list," Mr. Fraser said.

"I think that there’s a good chance that people will be not allowed to fly based on that sort of confusion."

Travellers only find out their name is on the list when they try to check in and get a boarding card.

"Vacation plans can be ruined," Mr. Fraser said. "There’s no real accountability at that end for the real sort of negative impact that inclusion on this list might have."

Ottawa has refused to release the number of people on the list.

"There’s always a very delicate balance when you’re dealing with national security issues, Mr. Fraser said. "It’s a delicate balance between openness and necessary secrecy. I think the whole process needs to be done in sunlight.

"Everything related to the process of the inclusion criteria and how it’s actually applied and recourse that individuals might have to get off the list really needs to be completely open and transparent and subject to significant scrutiny.

"We are talking about a potential infringement on an individual’s constitutional right to travel within Canada and also the right to leave Canada. It’s right there in the charter that you have those rights. And many of those rights, in a country as large as Canada, can only be exercised by air travel."

Imam Jamal Badawi, professor emeritus of religious studies at Saint Mary’s University, said Muslims, including himself, often have problems flying in the United States, where a similar list is already in place.

"I’ve heard of many horror stories where a child, for example, five years old, they say, ‘No, his name matches the potential terrorist to look for,’ and still they have to go through the clearance (process)," Mr. Badawi said.

The Canadian Council on American-Islamic Relations has called on Ottawa to scrap the no-fly list until it fixes fundamental flaws in the program.

"Some people suspect that the lists made here in Canada may not totally be homegrown," Mr. Badawi said. "It’s quite possible also that, because of the co-operation between the intelligence agencies in both countries, that some of the names on the watch list in the U.S. might end up here on our lists in Canada."

That could make some Canadian Muslims reluctant to fly, he said.

"It’s part of the very unfortunate trend in the post 9-11 era that, in the name of security, there is a great deal of encroachment on privacy, a great deal of encroachment on civil liberties," Mr. Badawi said.

He doubts the list will make flying safer.

"Anybody intent on wrongdoing, they probably will find some other way of carrying out their plans," Mr. Badawi said. "But even if there is some slight improvement in security, what is the price? The worst scenario, really, is that democratic countries would move toward totalitarian regimes in the name of security."

Labels: , , , , , ,

Sunday, June 17, 2007

Privacy Commissioner subpoenaed to appear before Air India Inquiry 

This is a bit odd. Jennifer Stoddart has been ordered to appear before the Air India Inquiry. Apparently she had informed the Commission of Inquiry that she had nothing further to say but subsequently gave a media interview that was critical of the Government's no-fly list.

It all sounds a little snarky:

Privacy chief called on carpet over no-fly list

Air India inquiry head John Major has ordered Canada's privacy commissioner to appear before him after she publicly criticized a no-fly list being implemented next week.

Mr. Major said yesterday that his Ottawa inquiry was earlier informed by the office of Jennifer Stoddart that she had nothing more to say related to the mandate of his commission into the June 23, 1985, Air India bombing and subsequent investigation.

But Mr. Major said Ms. Stoddart then gave a "free-wheeling" media interview in which she commented on testimony at the inquiry last week about the introduction on June 18 of a Canadian no-fly list.

Mr. Major said Ms. Stoddart should have made her comments in evidence at the Air India inquiry and not to a reporter. He issued a subpoena for her to appear today.

A lawyer for Ms. Stoddart responded by telling inquiry counsel later yesterday that the privacy commissioner would be happy to appear "willingly" but is on her way to Beijing.

An appearance date is expected to be determined this afternoon.

Ms. Stoddart's views on the controversial no-fly list appeared on June 8.

She said the list could become "quite a nightmare" for ordinary Canadians.

"Every time we go to the airport, do we expect to be challenged? That may be the new world," she said.

Ms. Stoddart also said she was surprised when an Transport Canada official testified before Mr. Major that the list could end up in the hands of foreign governments if their state-owned airlines pass it on to them.

"The commission could have benefited in preparing recommendations on air security from hearing from informed points of view with respect to that," she said.

Mr. Major said of Ms. Stoddart's comments: "She apparently had no hesitation in giving information to the public and the press that should have properly been given to this commission when the opportunity presented itself."

Mr. Major has expressed impatience several times during the inquiry when agencies or companies have expressed reluctance or declined entirely to testify.

He said yesterday that some people do not understand what a royal commission is and that he has the power to compel their testimony.

As for the subpoena for Ms. Stoddart, Mr. Major said: "This should not cause her much inconvenience as she appeared to have no difficulty last Friday in expressing publicly those thoughts to the press."

Labels: , , , ,

Tuesday, May 15, 2007

FRONTLINE: Spying on the home front 

Update: The video of the full show is available online:

Check out tonight's Frontline on PBS:

FRONTLINE: coming soon: spying on the home front PBS

Spying on the Home Front coming May. 15, 2007 at 9pm (check local listings)

(60 minutes) FRONTLINE addresses an issue of major consequence for all Americans: Is the Bush administration's domestic war on terrorism jeopardizing our civil liberties? Reporter Hedrick Smith presents new material on how the National Security Agency's domestic surveillance program works and examines clashing viewpoints on whether the president has violated the Foreign Intelligence Surveillance Act (FISA) and infringed on constitutional protections. In another dramatic story, the program shows how the FBI vacuumed up records on 250,000 ordinary Americans who chose Las Vegas as the destination for their Christmas-New Year's holiday, and the subsequent revelation that the FBI has misused National Security Letters to gather information. Probing such projects as Total Information Awareness, and its little known successors, Smith discloses that even former government intelligence officials now worry that the combination of new security threats, advances in communications technologies, and radical interpretations of presidential authority may be threatening the privacy of Americans. (read the press release)


"So many people in America think this does not affect them. They've been convinced that these programs are only targeted at suspected terrorists. ... I think that's wrong. ... Our programs are not perfect, and it is inevitable that totally innocent Americans are going to be affected by these programs," former CIA senior attorney Suzanne Spaulding tells FRONTLINE correspondent Hedrick Smith in Spying on the Home Front, airing Tuesday, May 15, 2007, at 9 P.M. ET on PBS (check local listings) and available for viewing after broadcast at

9/11 has indelibly altered America in ways that people are now starting to earnestly question: not only perpetual orange alerts, barricades and body frisks at the airport, but greater government scrutiny of people's records and electronic surveillance of their communications. The watershed, officials tell FRONTLINE, was the government's shift after 9/11 to a strategy of pre-emption at home--not just prosecuting terrorists for breaking the law, but trying to find and stop them before they strike.

President Bush described his anti-terrorist measures as narrow and targeted, but a FRONTLINE investigation has found that the National Security Agency (NSA) has engaged in wiretapping and sifting Internet communications of millions of Americans: The FBI conducted a data sweep on 250,000 Las Vegas vacationers, and along with more than 50 other agencies, they are mining commercial-sector data banks to an unprecedented degree, and they have even been assigning suspicion ratings to anyone who travels across a U.S. border.

Even government officials with experience since 9/11 are nagged by anxiety about the jeopardy that a war without end against unseen terrorists poses to our way of life, our personal freedoms. "I always said, when I was in my position running counterterrorism operations for the FBI, `How much security do you want, and how many rights do you want to give up?'" Larry Mefford, former assistant FBI director, tells correspondent Smith. "I can give you more security, but I've got to take away some rights. ... Personally, I want to live in a country where you have a common-sense, fair balance, because I'm worried about people that are untrained, unsupervised, doing things with good intentions but, at the end of the day, harm our liberties."

Although the president told the nation that his NSA eavesdropping program was limited to known Al Qaeda agents or supporters abroad making calls into the U.S., comments of other administration officials and intelligence veterans indicate that the NSA cast its net far more widely. AT&T technician Mark Klein inadvertently discovered that the whole flow of Internet traffic in several AT&T operations centers was being regularly diverted to the NSA, a charge indirectly substantiated by John Yoo, the Justice Department lawyer who wrote the official legal memos legitimizing the president's warrantless wiretapping program. Yoo told FRONTLINE: "The government needs to have access to international communications so that it can try to find communications that are coming into the country where Al Qaeda's trying to send messages to cell members in the country. In order to do that, it does have to have access to communication networks."

Spying on the Home Front also looks at a massive FBI data sweep in December 2003. On a tip that Al Qaeda "might have an interest in Las Vegas" around New Year's 2004, the FBI demanded records from all hotels, airlines, rental car agencies, casinos and other businesses on every person who visited Las Vegas in the run-up to the holiday. Stephen Sprouse and Kristin Douglas of Kansas City, Missouri, object to being caught in the FBI dragnet in Las Vegas just because they happened to get married there at the wrong moment. Says Douglas, "I'm sure that the government does a lot of things that I don't know about, and I've always been OK with that--until I found out that I was included."

A check of all 250,000 Las Vegas visitors against terrorist watch lists turned up no known terrorist suspects or associates of suspects. The FBI told FRONTLINE that the records had been kept for more than two years, but have now all been destroyed.

"To simply say, you know, `as a matter of national security we need to know the name of every single person checking into your hotel at any given moment,'" says Alan Feldman, vice president of MGM Mirage, "that seems extremely unusual and, I think, extremely troubling."

In the broad reach of NSA eavesdropping, the massive FBI data sweep in Las Vegas, access to records gathered by private database companies that allows government agencies to avoid the limitations provided by the Privacy Act, and nearly 200 other government data-mining programs identified by the Government Accounting Office, experienced national security officials and government attorneys see a troubling and potentially dangerous collision between the strategy of pre-emption and the Fourth Amendment's protections against unreasonable search and seizure.

Peter Swire, a law professor and former White House privacy adviser to President Clinton, tells FRONTLINE that since 9/11 the government has been moving away from the traditional legal standard of investigations based on individual suspicion to generalized suspicion. The new standard, Swire says, is: "Check everybody. Everybody is a suspect."

Spying on the Home Front is a FRONTLINE co-production with Hedrick Smith Productions, Inc. Hedrick Smith is correspondent and senior producer. The program is produced and directed by Rick Young. FRONTLINE is produced by WGBH Boston and is broadcast nationwide on PBS. Funding for FRONTLINE is provided through the support of PBS viewers. Additional funding for FRONTLINE is provided by The Park Foundation. Additional funding for Spying on the Home Front is provided by The JEHT Foundation. FRONTLINE is closed-captioned for deaf and hard-of-hearing viewers and described for people who are blind or visually impaired by the Media Access Group at WGBH. FRONTLINE is a registered trademark of WGBH Educational Foundation. The FRONTLINE executive producer for special projects for is Michael Sullivan. The executive producer for FRONTLINE is David Fanning.

Labels: , , , ,

This page is powered by Blogger. Isn't yours? Creative Commons License
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License. lawyer blogs