The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Thursday, April 01, 2010
A US Federal Court has declared that the Bush-era "warrantless wiretap" program was unlawful. The administration, up to and including the Obama administration, argued that in a time of war, it was lawful to eavesdrop on communications without a warrant, particuarly international communications. The decision is here: http://cryptome.org/alharamain-v-nsa.pdf and the New York Times' has an article on the decision here: Federal Judge Finds N.S.A. Wiretaps Were Illegal - NYTimes.com.
Monday, December 07, 2009
Over the last little while, there has been much discussion about cooperation between telcos and ISPs, on one hand, and law enforcement, on the other hand. We've certainly seen a lot of talk about "lawful access" in Canada.
If you're curious about some of the goings on behind the scenes at American telcos and ISPs in this regard, Cryptome and Wikileaks both have some interesting leaked documentation about policies and procedures for companies like MySpace, Sprint, Yahoo! and others. Just go to Cryptome.org and WikiLeaks.org and do a little digging around.
Thursday, September 10, 2009
The federal, provincial and territorial Privacy Commissioners meeting together in St. John's have issued a statement calling for "caution" on the expansion of investigative powers proposed by the conservative government.
They issued the following media release, referring to resolutions available on the federal Commissioner's website:
Privacy commissioners urge caution on expanded surveillance plan
ST. JOHN'S, Sept. 10 /CNW Telbec/ - Parliament should take a cautious approach to legislative proposals to create an expanded surveillance regime that would have serious repercussions for privacy rights, say Canada's privacy guardians.
Privacy commissioners and ombudspersons from across the country issued a joint resolution today urging Parliamentarians to ensure there is a clear and demonstrable need to expand the investigative powers available to law enforcement and national security agencies to acquire digital evidence.
The federal government has introduced two bills aimed at ensuring that all wireless, Internet and other telecommunications companies allow for surveillance of communications, and comply with government agency demands for subscriber data - even without judicial authorization.
"Canadians put a high value on the privacy, confidentiality and security of their personal communications and our courts have also accorded a high expectation of privacy to such communications," says Jennifer Stoddart, the Privacy Commissioner of Canada.
"The current proposal will give police authorities unprecedented access to Canadians' personal information," the Commissioner says.
The resolution is the product of the semi-annual meeting of Canada's privacy commissioners and ombudspersons from federal, provincial and territorial jurisdictions across Canada, being held in St. John's.
The commissioners unanimously expressed concern about the privacy implications related to Bill C-46, the Investigative Powers for the 21st Century Act and Bill C-47, the Technical Assistance for Law Enforcement in the 21st Century Act. Both bills were introduced in June.
"We feel that the existing legal regime governing interception of communications - set out in the Criminal Code and carefully constructed by government and Parliament over the decades - does protect the rights of Canadians very well," says Ed Ring, the Information and Privacy Commissioner for Newfoundland and Labrador and host of the meeting.
"The government has not yet provided compelling evidence to demonstrate the need for new powers that would threaten that careful balance between individual privacy and the legitimate needs of law enforcement and national security agencies."
The resolution states that, should Parliament determine that an expanded surveillance regime is essential, it must ensure any legislative proposals:
- Are minimally intrusive;
- Impose limits on the use of new powers;
- Require that draft regulations be reviewed publicly before coming into force;
- Include effective oversight;
- Provide for regular public reporting on the use of powers; and
- Include a five-year Parliamentary review.
At the meeting in St. John's, the commissioners and ombudspersons also passed a resolution about the need to protect personal information contained in online personal health records.
The resolution emphasizes the importance of empowering patients to control how their own health information is used and shared. For example, it calls for developers of personal health records to allow patients to gain access to their own health information, set rules about who else has access, and to receive alerts in the event of a breach.
"Personal health records have the potential to deliver significant benefits for patients and their health care providers. However, given the highly sensitive personal information involved, developers need to ensure they build in the highest privacy standards," says Commissioner Ring.
Both resolutions are available on the Privacy Commissioner of Canada's website, http://www.priv.gc.ca/.
The resolutions are here:
Wednesday, May 27, 2009
Halifax Police plan to augment their network of surveillance cameras with hidden cameras in public places. Law abiding citizens have nothing to fear, according to the Mayor. Besides, the Mayor says, people are used to being surveilled on private property. What he doesn't seem to get is that private property is "private" property that you enter on the terms set out by the property owner. Public places do not have those stipuations. Or at least they shouldn't.
From the Halifax Chronicle Herald:
Police plan more camera surveillance - Nova Scotia News - TheChronicleHerald.ca
Halifax police intend to step up camera surveillance in public places, the city’s police chief said Tuesday.
Chief Frank Beazley said Halifax Regional Police officers will be using portable digital equipment in the near future to record images at "hot spots" in the municipality and public gatherings like rock concerts.
He told a city hall budget meeting the new gear won’t need to be installed — the police department already has fixed cameras at several locations — because police personnel will simply arrive at a potential trouble spot with cameras and leave with the pictures they’ve collected.
Mayor Peter Kelly supports more secret camera use at different sites. He said cameras tracking public goings-on are already a fact of life here and in other cities.
Asked if extra police snooping is an invasion of privacy, Mr. Kelly said law-abiding citizens have nothing to fear.
"For those who cause concern for others, you’ll have things to worry about," the mayor said, adding, additional surreptitious camera work will hopefully lead to crime prevention and the arrests of lawbreakers.
Mr. Kelly said people are routinely photographed on private property, such as banks, stores, parking lots and elsewhere, and the police plan to beef up surveillance at common areas used by many people makes sense.
Chief Beazley acknowledged the enhanced camera gear will be used at various locations throughout the city.
"If we have a hot spot — there’s crime going on in certain areas — we’re going to be able to take these mobile cameras and surreptitiously (use) them" without the knowledge of those being photographed, he told regional council’s committee of the whole.
Metro has seen a month of violent crime, including three murders. The most recent shootings in the city occurred Friday night and Saturday afternoon. Nobody was killed in either attack.
Saturday’s shooting took place at a house in a residential neighbourhood in Fall River, prompting RCMP to say police are concerned an innocent bystander could get hurt, or worse.
Saturday, May 09, 2009
I was stunned to read that British police use new anti-terror powers to stop and search people every three minutes. Section 44 of the Terrorism Act has been used 170,000 to search people in 2008 alone according to the BBC. (See: BBC NEWS | England | London | Capital sees rise in terror stops.) These searches have led to 65 arrests (0.035% success) and zero convictions (0.000% success). Of course there are no official stats on how many times Section 44 was used as a pretense for some other motive.
Draw your own conclusions.
Sunday, April 12, 2009
Saturday, April 11, 2009
Monday, April 06, 2009
As of today, all internet service providers in Europe are required by law to retain information about every e-mail and VOIP call made by their users thanks to the European Data Retention Directive.
BBC NEWS Technology Net firms start storing user dataAnd, as an aside, I'm not sure many will find comfort in the idea that RIPA will act to protect privacy: RIPA surveillance may break human rights laws - ZDNet.co.uk.
Details of user e-mails and net phone calls will be stored by internet service providers (ISPs) from Monday under an EU directive.
The plans were drawn up in the wake of the London bombings in 2005.
ISPs and telecoms firms have resisted the proposals while some countries in the EU are contesting the directive.
Jim Killock, executive director of the Open Rights Group, said it was a "crazy directive" with potentially dangerous repercussions for citizens.
All ISPs in the European Union will have to store the records for a year. An EU directive which requires telecoms firms to hold on to telephone records for 12 months is already in force.
The data stored does not include the content of e-mails or a recording of a net phone call, but is used to determine connections between individuals.
Authorities can get access to the stored records with a warrant.
Governments across the EU have now started to implement the directive into their own national legislation.
The UK Home Office, responsible for matters of policing and national security, said the measure had "effective safeguards" in place.
There is concern that access to our data is widening to include many public bodies ISPs across Europe have complained about the extra costs involved in maintaining the records. The UK government has agreed to reimburse ISPs for the cost of retaining the data.
Mr Killock said the directive was passed only by "stretching the law".
The EU passed it by "saying it was a commercial matter and not a police matter", he explained.
"Because of that they got it through on a simple vote, rather than needing unanimity, which is required for policing matters," he said.
Sense of shock
He added: "It was introduced in the wake of the London bombings when there was a sense of shock in Europe. It was used to push people in a particular direction."
Sweden has decided to ignore the directive completely while there is a challenge going through the German courts at present.
"Hopefully, we can see some sort of challenge to this directive," said Mr Killock.
Isabella Sankey, Policy Director at Liberty, said the directive formalised what had already been taking place under voluntary arrangement for years.
"The problem is that this regime allows not just police to access this information but hundreds of other public bodies."
In a statement, the Home Office said it was implementing the directive because it was the government's priority to "protect public safety and national security".
It added: "Communications data is the where and when of the communication and plays a vital part in a wide range of criminal investigations and prevention of terrorist attacks, as well as contributing to public safety more generally.
"Without communications data resolving crimes such as the Rhys Jones murder would be very difficult if not impossible.
"Access to communications data is governed by the Regulation of Investigatory Powers Act 2000 (Ripa) which ensures that effective safeguards are in place and that the data can only be accessed when it is necessary and proportionate to do so."
Sunday, March 22, 2009
Google Street View went live in the UK last week. Despite the prevalence of surveillance in Britain, complaints have rolled in and Google has taken down hundreds of pictures. See: Google forced to black out hundreds of Street View photos after privacy protests - but site gets record hits Mail Online.
Wednesday, February 18, 2009
I blogged earlier this week about a decision from the Ontario Superior Court of Justice that held that Bell Sympatico customers do not have a reasonable expectation of privacy when the police come knocking for the name and address behind an IP address. (See: Canadian Privacy Law Blog: Police get warrantless access to Sympatico customer's data.) I managed to get a copy of the decision in R. v. Wilson (6MB PDF file).While I disagree with the judge's determination that there is no "reasonable expecation of privacy" in this information, what must be remembered is that Bell voluntarily handed the information over.
Saturday, February 14, 2009
Here we go again .... the government is preparing a new "lawful access" law. The media coverage seems to suggest that it covers both eavesdropping of internet based communications (with a warrant) and obtaining subscriber data (without a warrant).
globeandmail.com: New law to give police access to online exchanges
From Thursday's Globe and Mail
February 12, 2009 at 3:39 AM EST
OTTAWA — The Conservative government is preparing sweeping new eavesdropping legislation that will force Internet service providers to let police tap exchanges on their systems - but will likely reignite fear that Big Brother will be monitoring the private conversations of Canadians.
The goal of the move, which would require police to obtain court approval, is to close what has been described as digital "safe havens" for criminals, pedophiles and terrorists because current eavesdropping laws were written in a time before text messages, Facebook and voice-over-Internet phone lines.
The change is certain to please the RCMP and other police forces, who have sought it for some time. But it is expected to face resistance from industry players concerned about the cost and civil libertarians who warn the powers will effectively place Canadians under constant surveillance.
Public Safety Minister Peter Van Loan confirmed the plan yesterday during an appearance before a House of Commons committee and offered further explanation afterward.
Public Safety Minister Peter Van Loan confirmed the plan. (Sean Kilpatrick/The Canadian Press)
"We have legislation covering wiretap and surveillance that was designed for the era of the rotary phone," Mr. Van Loan said.
"If somebody's engaging in illegal activities on the Internet, whether it be exploitation of children, distributing illegal child pornography, conducting some kind of fraud, simple things like getting username and address should be fairly standard, simple practice. We need to provide police with tools to be able to get that information so that they can carry out these investigations."
Mr. Van Loan said there have been situations where the police want to act quickly to stop a crime, but can't because of the current laws.
"In some of these cases, time is of the essence," he said. "If you find a situation where a child is being exploited live online at that time - and that situation has arisen before - police services have had good co-operation with a lot of Internet service providers, but there are some that aren't so co-operative."
Although police agencies have been calling for such a law since at least the mid-1990s, this would be the first legislative effort in this direction by the Conservatives.
The reaction can be predicted, however, because Paul Martin's Liberal government faced stiff resistance when his public safety minister, Anne McLellan, introduced a "lawful-access" bill in November, 2005, shortly before that government was defeated.
The Conservative justice critic at the time, Peter MacKay, who is now in the Conservative cabinet, expressed concern with the bill, and Privacy Commissioner Jennifer Stoddart went further, saying there was no justification for such a law.
The concern of critics is that unlike a traditional wiretap that cannot commence without judicial approval, lawful-access legislation in other countries has forced Internet providers to routinely gather and store the electronic traffic of their clients. Those stored data can then be obtained by police via search warrant.
"That means we're under surveillance, in some sense, all the time," said Richard Rosenberg, president of the B.C. Freedom of Information and Privacy Association. "I think that changes the whole nature of how we view innocence in a democratic society."
RCMP Commissioner William Elliott said yesterday the lack of such legislation is causing problems for police.
"We're speaking generally about the development of technology that is difficult or impossible to wiretap," Mr. Elliott said after appearing alongside Mr. Van Loan at the House of Commons Public Safety and National Security Committee.
"In the old days, for a wiretap it was pretty simple. You sort of clicked onto the physical wires. So we have some instances where the court authorizes us and other police forces, for example, to intercept communications, but we don't have the technical ability to do that. So certainly the RCMP is supportive of changes of legislation that would allow those kind of intercepts."
Thursday, November 06, 2008
Last weekend, after a day of meetings, I wandered around downtown Ottawa. When I lived there in 1999-2000, I noticed that a number of light poles in the downtown area have directional antennas on top of them. I had only seen them in the vicitinty of Parliament Hill. Being paranoid, I wondered what they were. I even called the city and asked what they were and whose they are. The city was not able to answer my question, though they acknowledged that the poles are theirs and putting anything on them would require the city's ok.
You can read the text on the label on the back, which says it's made by TIL-TEK, model TA-2408. The TIL-TEK brochure describes it as:
The TA-2408 is a vertically or horizontally polarized panel antenna. The antenna consists of a printed broadband dipole array enclosed in an aluminum cavity with a UV stabilized ASA radome for superior weatherability. It is designed for wireless data in the ISM band and is at DC ground to aid in lightning protection.
Here are two other pictures:
If anyone knows anything about these, please help satisfy my curiosity ... Email me or put something in the comments.
Wednesday, November 05, 2008
The good news: Toronto police are removing the CCTV cameras that have kept an eye on people at Queen Street West and Bathurst.
The bad news: Apparenly they're just being moved. Where to? I do not know.
See: Torontoist: Smile! You're Not on the Police Camera, via the eagle-eyed, ever-vigilant, but never intrusive Rob Hyndman.
Monday, October 20, 2008
This past Saturday I found myself with an hour to kill downtown. I had my camera with me and my GPS-equipped blackberry, so I decided to do a quick inventory of surveillance cameras. I only took photos of cameras that are in public spaces or were pointed at public spaces.
You can check out the Flickr set or the map.
Sunday, October 19, 2008
The Office of the Privacy Commissioner of Canada is seeking comments on a draft guidance document on covert surveillance. If you have something to say, you have until November 14, 2008:
Consultation on Covert Video Surveillance Draft Guidance Document (October 2008)
The Privacy Commissioner of Canada has prepared a draft guidance document that sets out good practice rules for private sector organizations that are either contemplating or using covert video surveillance.
Through our experience in investigating complaints about covert video surveillance under the Personal Information Protection and Electronic Documents Act (PIPEDA), we have identified a need to educate organizations on the obligation to ensure that covert video surveillance is conducted in the most privacy sensitive way possible. Although the use of covert video surveillance may be appropriate in some circumstances, we view the technology as being inherently intrusive.
We welcome feedback on the draft guidance below. In particular, we seek the comments of those directly affected by covert video surveillance, including unions representing employees of federally regulated organizations as well as consumer associations.
Thank you for your time and attention and we look forward to your comments.
Elizabeth Denham, Assistant Privacy Commissioner
Thursday, October 16, 2008
The Independent is reporting that the British government is planning to announce a 1 BILLION POUND project that would involve the creation of a database to log every e-mail, telephone call and website click and retain the information for one year.
The project seems to be universally panned: the independent reviewer of UK anti-terrorism laws says "as a raw idea it is awful". The Information Commissioner calls it a "step too far".
If anyone had asked me (which they didn't, but I have constitutional rights here in Canada and get to say what I want), I would have said the idea is not surprising given the way things are going in England, but it is a clear step into the abyss of giving up any sense of private life in the country. See: Exclusive: Storm over Big Brother database - Home News, UK - The Independent. Big thanks to DP thinker: Proposed Database for pointing to the story.
Friday, October 10, 2008
The ridiculous degree of surveillance in the UK, supported by the Regulation of Investigatory Powers Act, is finally leading to a significant backlash as surveillance powers are being used to catch people who don't scoop their poop. Thanks to Rob Hyndman for the link.
Orwellian U.K. Angers People With Tree Cameras, Snooping Kids
By Caroline Alexander and Howard Mustoe
Oct. 10 (Bloomberg) -- Hidden in foliage next to a path in the southeast England seaside town of Hastings are digital cameras. Their target: litterbugs and dog walkers.
The electronic eyes feed images to a monitoring unit, where they're scanned and stored as evidence to prosecute people who discard garbage or fail to clean up after pets, a spokeswoman for the town council said.
``It's becoming a bit Big Brother-like,'' said Sandra Roberts, 50, a Hastings kiosk manager, invoking George Orwell's 1949 book ``Nineteen Eighty-Four,'' about a Britain where authorities pry into all aspects of citizens' lives.
Local authorities are adopting phone-record logging, e-mail taps and camera surveillance to police such offenses as welfare fraud, unlawful dumping of waste and sick-day fakery. Telecommunications companies are about to join the list of crime monitors. Already, 4.5 million closed-circuit cameras watch public places across Britain, or about 1 camera for every 15 people, the highest ratio in the world.
``There's too much of it now, all this spying,'' said Ivor Quittention, 80, a retired owner of three hardware stores who lives in Hastings. The town's spokeswoman, who declined to be identified, said spying is the most effective way of dealing with something residents complain about most.
The Regulation of Investigatory Powers Act, dubbed ``the snoopers charter'' by London-based civil-rights group Liberty, was passed by the ruling Labour Party in 2000 to legislate methods of surveillance and information gathering. The purpose of the law, known also as Ripa, was to help prevent crime, including terrorism, according to the Home Office.
`Too Much Power'
Initially, only security and intelligence services could invoke the Act's provisions. In 2003, Parliament extended powers to the 474 local councils in England, Scotland and Wales, as well as to 318 other state bodies, including 11 Royal Parks, the Post Office and Chief Inspector of Schools.
Since then, local authorities have been expanding their use of the provisions to dozens of lesser offenses.
The law has loopholes and councils like Hastings aren't doing anything wrong when they invoke it for minor crimes, according to Gus Hosein, a professor from the London School of Economics specializing in technology and privacy.
``Ripa just gives too much power to any Tom, Dick or Harry related to government,'' he said.
The latest proposed expansion of the Act requires telecommunications providers to store the text of all e-mails and details of all phone calls transmitted over their lines.
The government is seeking the views of the public on the proposal until Oct. 31. The bill will then go to Parliament for consideration.
Of the 163 U.K. councils that replied to calls and Freedom of Information requests from Bloomberg, 95 percent said they use Ripa. Nine said they don't, including Barnet, Basingstoke and Deane, Broadland, Halton, Harrogate, Shepway, West Devon, Slough and the Shetlands, a group of islands off Scotland where sheep outnumber people. Three declined to provide details without payment of an administrative fee.
East Hampshire, in south England, applied the law to catch vandals defacing tombstones. Derby, in northern England, invoked it to send children with recording gear into shops to see if they'd unlawfully be sold cigarettes and alcohol.
``It's unreal,'' said Dean Price, 24, a graphic designer in London. ``We've been sleep-walking into this. Everyone talks about Orwell and 1984 but no one ever does anything about it.''
A spokesman for the Home Office, which oversees Ripa, said the extension is vital to intelligence gathering and will help investigators identify suspects, track them and examine their contacts. He declined to be identified, in line with policy.
The Association of Local Government, which represents councils, said through a statement by outgoing Chairman Simon Milton that the ``crime-busting powers'' are an essential tool in gathering evidence needed to stop criminal activity.
At the same time, Milton said he wrote to all councils in June asking them not to invoke the law for petty offenses.
``It's ironic that a nation that was once a bastion of privacy, one in which `an Englishman's home is his castle' and that did away with National ID Cards in 1952, is now one of the most surveilled in the world,'' said Toby Stevens, founder of London's Enterprise Privacy Group.
The opposition Conservative Party is against Ripa in its current form and will amend it if it wins the next election, due by 2010, home affairs spokesman Dominic Grieve said.
Mark Jewell, a councilman for the U.K.'s third party, the Liberal Democrats, said more checks and balances are needed to ensure Ripa isn't abused. ``At the moment, you don't need to have done anything wrong to get snooped on,'' he said. No other European Union government has similar regulations.
Among councils which responded to Bloomberg's questions, those in northern England, Wales and Scotland used the law more than those in the south. Durham, in northeast England, was the biggest user, invoking the provisions 144 times in the past year, as authorities cracked down on offenses including fraud.
In April, council workers spent two weeks tailing a couple in Poole, southeast England, they wrongly suspected were planning to send their daughter to a school outside their designated area. Tim Joyce and Jenny Paton called the intrusion into their lives ``hugely disproportionate.''
In August, Paul Griffiths was taken to court and fined 1,000 pounds for allowing his dog to foul grass outside his home in Bristol. Griffiths said he's innocent and his pet had only been urinating when she was spotted on camera.
Brian Clements, a 79-year-old retired teacher from Clacton- on-Sea, south England, said the measures are ``like using a sledge hammer to crack a nut.''
``Wouldn't the Gestapo have loved all those little cameras,'' he said.
To contact the reporter on this story: Caroline Alexander in London at firstname.lastname@example.org.
Last Updated: October 9, 2008 19:01 EDT
Monday, September 29, 2008
The Open Rights Group in the UK is planning to crowdsource a photographic survey of the United Kingdom's surveillane aparatus on October 11. Participants are encouraged to:
- Spot something that embodies the UK’s wholesale transformation into the surveillance society/database state. Subjects might include your local CCTV camera(s), or fingerprinting equipment in your child’s school library
- Snap it
- Upload it to Flickr and tag it “FNFBigPicture” - please use an Attribution Creative Commons license*
Check out: The Open Rights Group : Blog Archive » Capturing the database state: community photocall. I'll post a selection of the photos on the blog. (Via the ever-vigilant Boing Boing.)
Sunday, September 28, 2008
A system designed to track motorists in the UK is being expanded to collect fifty million automobile movement records for five years, instead of the already intrusive two years originally announced. Alread pervasive CCTV cameras are being upgraded to capture license plates, adding to what is being said to be the largest oracle database in Europe.
Thanks to SpyBlog.org.uk for the link.
Tuesday, September 02, 2008
One of the most interesting phenomena (at least to me) is that privacy is not only being taken away on a number of fronts, the wider front is the mass surrender of privacy by the millions of people who put loads of personal data online.
Some people may think it's ironic that I'm on Facebook or Flickr, but I'm pretty mindful of what I put online and who is my "friend". When I was young and foolish, I posted stuff that's still to be found on the internet. Nothing scaldalous: stuff like a travelogue of a visit to Romania and contributions to listservs about academic freedom. But kids these days, armed with digital cameras, are posting vast quantities of personal information that will hang around for years. And is there for those who may not be their friends.
I happened upon an interesting illustration of this on MetaFilter today (It's not dead, it's just resting MetaFilter). Check out these two videos in which private investigator Steve Ramblan discusses his tradecraft:
Hope2604 – Privacy Is Dead – Get Over It In 2006, privacy expert Steven Rambam’s two hour panel was disrupted by federal authorities who arrested him at the conference just prior to its commencement. In the end, he was completely vindicated and went on to finally give his talk several months later to a packed house at a local university. This year, Steven will be on for three hours, in part to make up for what you may have missed last time, but mostly because what he says about the state of privacy in our society will captivate you. Since 1980, Pallorium's investigators have successfully closed more than 9,500 cases, ranging from homicide investigations to missing persons cases to the investigation of various types of sophisticated financial and insurance frauds. Steven Rambam has coordinated investigations in more than fifty (50) countries, and in nearly every U.S. State and Canadian province. Steven specializes in international and multi-jurisdictional investigations, and within the past few years he has conducted investigations in Israel, South Africa, Holland, France, England, India, Mexico, Guatemala, Spain, Portugal, Bulgaria, Germany, Abu Dhabi, China, Mongolia, the Philippines, Thailand, Laos, Jordan, Vietnam and Brazil, among other locations. For More Information Visit www.pallorium.com
Wednesday, August 06, 2008
Sorry about the headline. I thought I could do beter than the one written by Stuff.co.nz.
I have reported on toilet cams on this site in the past, but all of those I've heard about installed by businesses have ended up to be fakes. That is until this report from New Zealand where a drunk student was roughed up by bouncers who were covertly watching him rip down a poster above the urinal.
Sunday, July 20, 2008
As part of its contributions program (Contributions Program 2008-2009 - Backgrounder - Privacy Commissioner of Canada), the Ofice of the Privacy Commissioner of Canada is funding a project to look into surveillence in Canada:
Organization: Queen’s University —The Surveillance Project, Department of Sociology
Funding amount: $50,000
Project title: Camera Surveillance in Canada: Current Trends
Project description: There is a surprising lack of Canadian research to date on the development of camera surveillance, and the proliferation of surveillance cameras in Canada is occurring without enough oversight or public debate. This project will outline Canadian trends in camera surveillance in public and private spaces by analyzing documentary sources and through interviews with key stakeholders. As part of the project, a final research report will be presented at the International Conference of Data Protection Commissioners in Strasbourg, France (Sept. 2008).
Something like this is sorely needed as police forces and others push for more surveillance of public places, while research in other countries suggest that it just moves crime from one area to another.
Saturday, June 28, 2008
Sometimes CCTV can prove that someone is innocent. And that the cops framed them.
wcbstv.com - Undercover NYPD Officers Frame 4 On Drug Charges
....The undercover NYPD officers are seen on video dancing in the street, then attempting to frame four innocent men.
"I asked police officer why are you arresting me," said Maximo Colon. "Never did I get an answer."
The investigators swore under oath they bought drugs from the four men. Jose and Maximo colon say that didn't happen.
"The cops are supposed to help us," said a shaken Jose Colon.
Defense lawyers say the surveillance cameras proved their clients were framed.
"It was nauseating," said defense lawyer Rochelle Berliner.
Two hours of video showed no contact at all between the four men arrested and undercover officers - proof that lead prosecutors to drop charges against the four men, and even declare in court the men did not commit the crime....
The American Library Association has always been a reasoned and reasonable voice for privacy in libraries and the wider community. I was interested to learn they are doing a panel tomorrow at their annual get-together in Anaheim, California entitled "Privacy: Is it time for a revolution":
Protecting reader privacy and confidentiality has long been an integral part of the mission of ALA and its members. Should it continue to be a priority? In an age when people increasingly use social networking to expose intimate life details, does privacy still matter to information seekers? Does anyone care if their library records and online searches are being tracked? If they don't, why should they? A panel of thought leaders from the information economy including author Cory Doctorow, Wired senior writer Dan Roth, and Privacy Rights Clearinghouse director Beth Givens will debate the importance of privacy and what's at stake if the persistent erosion of privacy continues unchecked. Join us for a provocative examination of a librarian's role in the future of privacy.
In looking into the session, I happened upon the following outrageous story out of Cleveland.
Lakewood library aggressive on checking computer users for porn- cleveland.comI think this is the first time I've ever heard such sentiments from a library professional, who usually advocate computers in libraries as often the sole source of internet access for those without the resources to purchase their own. Should only those who can afford privacy have access to it?
... Every 15 minutes, a staff member takes a stroll around the center to make sure library patrons are not looking at pornography, engaging in illegal gambling or visiting other questionable Web sites.
Now the library, which recently opened a new technology center, might expand its monitoring policy by using free software, called virtual network computing, that allows librarians to remotely monitor what a patron is viewing on a computer screen.
Warren has been an avid supporter of keeping an eye on the public access computers since the library first offered the Internet to patrons in 1995.
"If you need privacy, you should get your own computer," Warren said.
Warren's views on privacy for library computer users clash with those of the American Library Association, the oldest and largest library organization in the United States.
The association recommends that a library set a comprehensive, written Internet policy, distribute the policy widely and then respect the privacy of patrons.
Update: Notes from the session are up at: The Shifted Librarian » ALA2008 Privacy Revolution Panel and Loose Cannon Librarian » Privacy Panel ALA 2008.
Because actions speak louder than words, one can easily assume that the British populace is completely passive and accepting of the explosion of CCTV surveillance throughout the green and pleasant lands of England. There is some dissent. Witness: Marina Hyde who has an interesting opinion piece in The Guardian.
Marina Hyde: This surveillance onslaught is draconian and creepy Comment is free The Guardian
Closed-circuit TV cameras are the crime-fighting tool so fiendishly sophisticated that they can be foiled by the wearing of a hood. Yet having stuck 4.2 million of the things around this country, with nary a consultation on the matter - nor any significant impact on crime statistics - efforts to pimp them to 2.0 status continue
This week it emerged that scientists at Portsmouth University are developing "listening" cameras. Artificial intelligence software will be able to recognise sounds such as breaking glass, so that, when such a noise is detected, they can rotate in its direction and capture the act of vandalism/terrorism/God that resulted in a milk bottle falling off your doorstep. I paraphrase slightly, but given that the most recent Home Office report on the matter found that better street lighting is seven times more effective at cutting crime than CCTV, the truly suspicious behaviour is our deepening obsession with surveillance.
The past few years have thrown up dozens of instances which made one wince to be a citizen of this septic isle, but a personal low came with the discovery that 500,000 bins had been fitted with electronic tracking devices. Transponders in bins ... Could any morning news item be more designed to force one back against the pillows, too embarrassed about one's country to start the day? Yes, as it turned out. A couple of months ago it was discovered that Poole borough council, in Dorset, had used the Regulation of Investigatory Powers Act - designed to track serious criminals and terrorists - to determine whether a school applicant and her parents lived where they said they did. They did, and were appalled to discover they had been spied on for three weeks, the subject of surveillance notes such as "female and three children enter target vehicle and drive off". Target vehicle, if you please! The thought of some deep-cover council drone jotting this stuff down as though it were an elite Delta Force operation is not as funny as it is horrifying.
Just who are these people, these swelling legions of unelected, ill-qualified monitors who wield such extraordinary power in our surveillance society? Clarification in one case came last year, when the civilian in charge of a Worcester police station's surveillance team was suspended after detectives found, among one day's footage, a 20-minute sequence of close-ups of a woman's cleavage and backside as she walked oblivious through the streets. Whether the woman ever discovered she was the star of a kind of pervert Truman Show is not recorded. But the offending monitor escaped with a warning and was - unbelievably - back in post within weeks.
In some city centres, such as Middlesbrough, speakers have been put on the cameras, so that those monitoring can interact with potential miscreants. Let's hope these remote bossy boots imagine they're involved in some high-level negotiation, in which they talk down a teenager from his decision to drop a hamburger wrapper on the pavement.
The former home secretary John Reid, on whose draconian watch the Middlesbrough scheme was approved, even suggested at its launch that schoolchildren should enter a competition to become the voice of the cameras - once again laying bare the government's desire to co-opt its citizens into the surveillance process at all levels. We are, of course, coming up to the time of year when we are ordered to shop our neighbours for acts of hosepipe, while the Shoreditch Trust recently trialled a scheme encouraging residents to watch live CCTV feeds on a special local channel, the better to assist in policing.
For all this creepy "outreach", though, the only hands-down beneficiaries of our CCTV obsession (apart from the revenue gatherers) have been broadcasters. For no good reason, all manner of TV networks have been furnished with hours of footage to pad out their witless police chase documentaries, or offensively cheap "street crime UK" shows. Britain's CCTV network: proudly supporting the Bravo channel.
The worst thing is the blithe insistence that this is all necessary and normal. We are watched more closely, by more cameras, with each passing day. But so faultlessly designed is our society that we have never come close to having a say on it.
There's a great bit in Woody Allen's movie Deconstructing Harry when Robin Williams's character goes out of focus, appearing as a sort of fuzzy version of himself, which sounds increasingly like the sort of sickness that should be courted by any attractive woman keen to walk through Worcester. That said, she could always don a hood. Yet there does seem a vaguely depressing irony in governments insisting that constant surveillance is essential to prevent our being overrun by repressive regimes who'd make us all cover our heads and the like. It's these initiatives that drive even the most pliant members of society to dream of taking just that precaution themselves, if only for a bit of privacy.
Sunday, June 01, 2008
Shops track customers via mobile phone - Times Online
The surveillance mechanism works by monitoring the signals produced by mobile handsets and then locating the phone by triangulation measuring the phone’s distance from three receivers.
The Information Commissioner's Office (ICO) expressed cautious approval of the technology, which does not identify the owner of the phone but rather the handset's IMEI code -- a unique number given to every device so that the network can recognise it.
But an ICO spokesman said, "we would be very worried if this technology was used in connection with other systems that contain personal information, if the intention was to provide more detailed profiles about identifiable individuals and their shopping habits.”
Only the phone network can match a handset's IMEI number to the personal details of a customer.
Path Intelligence, the Portsmouth-based company which developed the technology, said its equipment was just a tool for market research. "There's absolutely no way we can link the information we gather back to the individual,” a spokeswoman said. “There's nothing personal in the data."
Liberty, the campaign group, said that although the data do not meet the legal definition of ‘personal information’, it "had the potential" to identify particular individuals' shopping habits by referencing information held by the phone networks.
This is similar to a form of "cookies" for the offline world. On the one hand, we have assurances that the phones' serial number will not be connected with other personal information, but there really is no assurance that will not happen. And once this information is collected, it will be in the system available to law enforcement and others who do have the ability to match it to personal information.
Saturday, May 17, 2008
Naomi Klein has an interesting piece in the most recent Rolling Stone on the emerging high-technology surveillance state being built in China, with help from some of largest US defence contractors:
China's All-Seeing Eye : Rolling Stone
... Now, as China prepares to showcase its economic advances during the upcoming Olympics in Beijing, Shenzhen is once again serving as a laboratory, a testing ground for the next phase of this vast social experiment. Over the past two years, some 200,000 surveillance cameras have been installed throughout the city. Many are in public spaces, disguised as lampposts. The closed-circuit TV cameras will soon be connected to a single, nationwide network, an all-seeing system that will be capable of tracking and identifying anyone who comes within its range — a project driven in part by U.S. technology and investment. Over the next three years, Chinese security executives predict they will install as many as 2 million CCTVs in Shenzhen, which would make it the most watched city in the world. (Security-crazy London boasts only half a million surveillance cameras.)
The security cameras are just one part of a much broader high-tech surveillance and censorship program known in China as "Golden Shield." The end goal is to use the latest people-tracking technology — thoughtfully supplied by American giants like IBM, Honeywell and General Electric — to create an airtight consumer cocoon: a place where Visa cards, Adidas sneakers, China Mobile cellphones, McDonald's Happy Meals, Tsingtao beer and UPS delivery (to name just a few of the official sponsors of the Beijing Olympics) can be enjoyed under the unblinking eye of the state, without the threat of democracy breaking out. With political unrest on the rise across China, the government hopes to use the surveillance shield to identify and counteract dissent before it explodes into a mass movement like the one that grabbed the world's attention at Tiananmen Square.
Remember how we've always been told that free markets and free people go hand in hand? That was a lie. It turns out that the most efficient delivery system for capitalism is actually a communist-style police state, fortressed with American "homeland security" technologies, pumped up with "war on terror" rhetoric. And the global corporations currently earning superprofits from this social experiment are unlikely to be content if the lucrative new market remains confined to cities such as Shenzhen. Like everything else assembled in China with American parts, Police State 2.0 is ready for export to a neighborhood near you....
Friday, May 09, 2008
This is too funny.
Apparently Manchester band "The Get Out Clause" recorded a music video by performing in the vicinity of CCTV cameras and then requesting the footage under the UK Data Protection Act.
Wednesday, April 30, 2008
Campaign to lick lollipop rage UK news guardian.co.uk
For generations, lollipop men and women have shepherded schoolchildren safely across roads armed only with their trusty signs.
But they are about to undergo a Robocop-style makeover: their signs are to be equipped with cameras in an effort to combat "lollipop rage" by aggressive drivers.
The new signs, which cost £890 each, will allow lollipop men and women - officially known as school crossing patrol officers - to record dangerous driving and capture car number plates, say council leaders.
Thursday, April 24, 2008
I reported last month that the Information and Privacy Commissioner has issued a report on the proposal to dramatically increase video surveillance on public transit in Toronto. (Canadian Privacy Law Blog: Ontario Commissioner releases detailed report on TTC surveillance cameras)
InterGovWorld.com has an extensive article on the Commissioner's suggestion that reversible faceblurring technology may make the system more palatable. I spoke with the author, Rosie Lombardi, at length on the topic who has done a good job of summing up my take on the topic:
More privacy-boosting technology begets more video surveillance
... A point that's often overlooked is that privacy legislation is ultimately about feelings, says David TS Fraser, a privacy lawyer at Halifax-based law firm McInnes Cooper. "Although the legislation is written in a way that talks about personally identifiable information and identity theft, it's ultimately designed to protect people's sensibilities about unwanted intrusions," he says.
PET technology may not be enough to address those sensibilities unless the rules governing the use of surveillance are stated. "While the technology may do a good job of limiting the actual intrusions, I'm not sure it does much to address people's feelings about being watched. Unless the policies and procedures around surveillance are clearly communicated, it won't diminish that visceral feeling of unease about being spied upon."
Fear of the unknown is at the core. "If you see a cop at a corner, you can tell from his uniform who he is, what he's looking at, and if you've aroused his suspicions," he says. "But a camera is completely faceless. You don't know who's watching and how the information captured is used - will it wind up on late-night television?"
He notes a significant number of videos in these shows displaying people caught in embarrassing situations come out of Britain, where an extensive network of cameras in public places is rousing a public backlash. Cavoukian noted in her report that U.K. camera operators have caught entertaining themselves by zooming in on attractive women. "If you're going to outsource surveillance to a bunch of badly-paid guys locked in dark rooms, they're going to see more bums than bombs," agrees Fraser.
He concedes that automating the enforcement of policies and procedures around surveillance with PET technology rather than relying on fallible human operators to refrain from misusing the information offers some comfort. But he warns this may have the unintended effect of increasing video surveillance. "Unfortunately, this stuff makes it more acceptable to put video cameras all over the place, and by making it better and safer with less intrusive technology, it may ironically lead to more surveillance."
Tuesday, April 22, 2008
The Inquirer is reporting that UK authorities have signed a secret pact that would allow real-time access to video surveillance feeds to foreign intelligence services. The scheme is said by critics to be a violation of UK data protection laws. See: Secret pact allows the US to spy on UK motorists - The INQUIRER.
Friday, April 18, 2008
Greater details in this Flickr set.
Wednesday, April 16, 2008
Here is a shocking example of why intrusive powers need to be carefully circumscribed and subject to judicial oversight, otherwise they will be abused.
A local council in the UK (not surprisingly) has used the Regulation of Investigatory Powers Act, designed for serious crimes and terrorism, to surveil a three-year-old to determine if her parent's were misrepresenting place of abode to get into a better school. See: Council uses criminal law to spy on school place applicants Society The Guardian.
"The Home Office said the RIPA legislation did not appear to have been used inappropriately."
Friday, April 11, 2008
Some people, I am sure, will savor the irony that many London police officers are complaining about creepy surveillance and Big Brother tactics inherent in a new technology that will allow desk-riding senior cops to keep tabs on the location and activities of cops on the beat.
Apparently they don't like feeling like they're being watched. Some are concerned that innocent and lawful activities could be misinterpreted. Oh, and others are worried that information originally collected for safety and resource planning may be used for some other purpose. Pity.
Check it out:
Met Police officers to be 'microchipped' by top brass in Big Brother style tracking scheme the Daily Mail
Every single Metropolitan police officer will be 'microchipped' so top brass can monitor their movements on a Big Brother style tracking scheme, it can be revealed today.
According to respected industry magazine Police Review, the plan - which affects all 31,000 serving officers in the Met, including Sir Ian Blair - is set to replace the unreliable Airwave radio system currently used to help monitor officer's movements.
The new electronic tracking device - called the Automated Personal Location System (APLS) - means that officers will never be out of range of supervising officers.
But many serving officers fear being turned into "Robocops" - controlled by bosses who have not been out on the beat in years.
According to service providers Telent, the new technology 'will enable operators in the Service's operations centres to identify the location of each police officer' at any time they are on duty - whether overground or underground.
Although police chiefs say the new technology is about 'improving officer safety' and reacting to incidents more quickly, many rank and file believe it is just a Big Brother style system to keep tabs on them and make sure they don't 'doze off on duty'.
Some officers are concerned that the system - which will be able to pinpoint any of the 31,000 officers in the Met to within a few feet of their location - will put a complete end to community policing and leave officers purely at the beck and call of control room staff rather than reacting to members of the public on the ground.
Pete Smyth, chairman of the Met Police Federation, said: "This could be very good for officers' safety but it could also involve an element of Big Brother.
"We need to look at it very carefully."
Other officers, however, were more scathing, saying the new system - set to be implemented within the next few weeks - will turn them into 'Robocops' simply obeying instructions from above rather than using their own judgement.
One officer, working in Peckham, south London, said: "They are keeping the exact workings of the system very hush-hush at the moment - although it will be similar to the way criminals are electronically tagged. There will not be any choice about wearing one.
"We depend on our own ability and local knowledge to react to situations accordingly.
"Obviously we need the back up and information from control, but a lot of us feel that we will simply be used as machines, or robots, to do what we are told with little or no chance to put in anything ourselves."
He added: "Most of us joined up so we could apply the law and think for ourselves, but if Sarge knows where we are every second of the day it just makes it difficult."
Another officer, who did not want to be named, said: "A lot of my time is spent speaking to people in cafes, parks or just wherever I'm approached. If I feel I've got my chief breathing down my neck to make another arrest I won't feel I'm doing my job properly."
The system is one of the largest of its kind in the world, according to Telent, the company behind the technology, although neither the Met nor Telent would provide Police Review with any more information about exactly how the system will work or what sort of devices officers will wear.
Nigel Lee, a workstream manager at the Met, said: "Safety is a primary concern for all police forces.
"The area served by our force covers 620 miles and knowing the location of our officers means that not only can we provision resource more quickly, but should an officer need assistance, we can get to them even more quickly."
Forces currently have the facility to track all their officers through GPS devices on their Airwave radio headsets, but this is subject to headsets being up to date and forces buying the back office systems to accompany them, according to Airwave.
Steve Rands, health and safety head for the Met Police Federation, told Police Review: "This is so that we know where officers are. Let us say that when voice distortion or sound quality over the radio is lost, if you cannot hear where that officer telling you where he is, you can still pinpoint his exact position by global positioning system.
"If he needs help but you cannot hear him for whatever reason, APLS will say where he is."
Monday, March 31, 2008
There have been some interesting releases from the Information and Privacy Commissioner of Alberta's office:
Adjudicator rules personal information released in contravention of Personal Information Protection ActAn Adjudicator with the Office of the Information and Privacy Commissioner has ruled that the Alberta Teachers’ Association contravened the Personal Information Protection Act (PIPA), when it published an article containing the personal information of former members.
The Complainants filed the complaint when the ATA published their names in a newsletter stating that they no longer were required to adhere to the ATA’s Code of Professional Conduct.
The ATA argued while it had published personal information, it had done so for “journalistic purposes” and that PIPA did not apply.
The Adjudicator determined that PIPA did apply and that the information was disclosed contrary to sections 7 and 19 of PIPA.
Adjudicator finds Alberta Energy and Utilities Board did not disclose personal information in contravention of the FOIP Act
Information and Privacy Commissioner, Frank Work, has ruled that the parents of a student had no legal standing in a complaint over the seizure of their son’s cell phone. The Commissioner says he was not presented with any evidence under section 84 of the Freedom of Information and Protection of Privacy Act (FOIP) that the parents were authorized to act on behalf of their son, nor is there any evidence that the son is even aware of a complaint being made on his behalf.The parents complained to the Commissioner their son’s cell phone had been seized by school administrators who had accessed photographs contained on the phone.
During an inquiry into the matter, the Commissioner found the evidence did not establish that the parents had standing to make a complaint. The Commissioner also found there was little evidence that the son’s personal information had been collected or used by the school.
Commissioner releases investigation report on DeVry Institute of Technology, related to discovery of identity theft.
Commissioner releases investigation report related to discovery of identity theft
New guidelines set out how companies should evaluate the use of video surveillance that respects privacy rights and complies with the law.
Adjudicator upholds decision not to release Crown Prosecutor records
Adjudicator rules company tried to find applicant's personal information
Thursday, March 27, 2008
According to Information Age, privacy concerns have at least delayed the implementation of fingerprint biometrics at Heathrow's new Terminal 5 (For some background, see: Canadian Privacy Law Blog: A small step for biometrics; a giant leap for the UK surveillance state). See: Privacy fears delay Terminal 5 fingerprint biometrics | Information Age.
Tuesday, March 25, 2008
I was interviewed some time ago for a Globe & Mail article on workplace surveillance, which appeared yesterday. The piece discusses keystroke loggers, access cards and video surveillance. See: globeandmail.com: Smile, Big Brother's watching.
After the recent spate of toilet cam stories (Canadian Privacy Law Blog: Montreal mall fake toilet-cam raising concerns, Canadian Privacy Law Blog: Montreal Second Cup owner forced to take down bathroom surveillance camera), I was at first shocked, puzzled and then amused by the sticker that was posted on Boing Boing. It had been spotted in a bathroom in a San Francisco coffee shop. It turns out it was part of a prank created by Sean Savage at Cheesebikini, though commentators at Boing Boing say they were originally part of a set of stickers produced by Maxim Magazine. In the interests of science, I've discovered that there are others who put stickers up in bathrooms suggesting you are being watched, including a Flickr user who puts labels of "THIS IS A CAMERA" on bathroom fittings. For more info and a handy PDF to make your own labels, see: cheesebikini? » Blog Archive » Bathroom Prank.
Saturday, March 08, 2008
Passengers flying through Heathrow Airport, Terminal 5, will be photographed and fingerprinted twice before being permitted to board domestic flights. The British Airport Authority, which runs the new terminal through which all British Airways passengers will travel say this measure is "necessary to prevent criminals, terrorists and illegal immigrants trying to bypass border controls."
The only reason why this may be necessary is that the design of the new terminal permits international and domestic passengers to mingle in the secure area. Theoretically, transiting international passengers would be able to swap boarding passes with a domestic passenger circumventing border controls. On balance, it just makes sense to ramp up the big brother factor if it means the BAA doesn't have to follow the non-intrusive but universal designs used by every other airport I have ever been through.
The BAA also says the fingerprints will be discarded after 24 hours, unless -- of course -- they are of interest to the police. See: Heathrow airport first to fingerprint - Telegraph. Via the ever vigilant Boing Boing: Heathrow Terminal 5 to fingerprint domestic passengers - Boing Boing.
Thursday, March 06, 2008
The Privacy Commissioners of Canada, British Columbia and Alberta today have released Guidelines for Overt Video Surveillance in the Private Sector to help businesses consider privacy matters when deciding whether to and how to implement overt video surveillance. (I wonder whether they'll also produce guidelines on covert surveillance?)
From the media release:
Privacy Commissioners Release New Video Surveillance Guidelines
Privacy Commissioners Release New Video Surveillance Guidelines
OTTAWA, March 6, 2008 — Private-sector organizations considering video surveillance systems must take specific steps to minimize the impact on people’s privacy, say video surveillance guidelines released today.
The new guidelines set out how companies should evaluate the use of video surveillance and ensure any surveillance they undertake is conducted in a way that respects privacy rights and complies with the law.
These guidelines have been endorsed by Jennifer Stoddart, the Privacy Commissioner of Canada, Frank Work, the Information and Privacy Commissioner of Alberta, and David Loukidelis, the Information and Privacy Commissioner for British Columbia.
“We have seen a dramatic increase in the use of surveillance cameras by private-sector organizations. Many of our day-to-day activities are now captured by these cameras,” says Commissioner Stoddart.
“There are some legitimate reasons to conduct video surveillance, but privacy laws in Canada impose restrictions and obligations when, where and how businesses can conduct this kind of surveillance,” says Commissioner Loukidelis.
“These guidelines make it clear that businesses must carefully evaluate why they are installing video surveillance equipment, and what they will do with the information that is collected,” says Commissioner Work.
The Commissioners say it is disturbing to hear stories about video surveillance operators deliberately pointing cameras to ogle women, as well as surveillance images of people caught in unflattering situations finding their way onto video sharing sites like YouTube and Vimeo.
The new guidelines are aimed at businesses subject to the Personal Information Protection and Electronic Documents Act, or PIPEDA. They are also targeted at businesses subject to the provincial Personal Information Protection Acts in Alberta and British Columbia.
The overarching principle for video surveillance – which stems from the key legal test under the federal and provincial laws – is that it should be used only for purposes that a reasonable person would consider appropriate in the circumstances.
The guidelines state that, in order to limit the impact on privacy, cameras should be positioned to avoid capturing the images of people not being targeted (e.g., someone walking outside a store). As well, cameras should not be used in areas where people have a heightened expectation of privacy, such as washrooms, and through building windows.
The guidelines also say:
- People should be notified about the use of cameras before they enter the premises.
- Individuals whose images are captured on videotape should, upon request, be given access to this recorded personal information.
- Organizations must ensure that video surveillance equipment and videotapes are secured and used for authorized purposes only.
- Individuals who operate video surveillance systems should understand the privacy issues related to surveillance and their obligations under the law.
- Video surveillance recordings should be retained only as long as necessary and destroyed securely.
The complete guidelines for private-sector organizations are available at www.privcom.gc.ca, www.oipc.ab.ca and www.oipc.bc.ca. The Office of the Privacy Commissioner of Canada and the Office of the Information and Privacy Commissioner for British Columbia have previously published guidelines for the use of video surveillance in public places by police and law enforcement authorities.
All three privacy commissioners are statutorily mandated to oversee compliance with the Acts and are advocates and guardians of privacy and the protection of personal information rights of Canadians.
Monday, March 03, 2008
The Information and Privacy Commissioner of Ontario has released an extensive report on the use of video surveillance by the Toronto Transit Commission. The report can be found here: Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report - Privacy Investigation Report MC07-68.
From the media release:
TTC’s surveillance cameras comply with privacy Act, but additional steps needed to enhance privacy protection, says Privacy Commissioner Ann Cavoukian
TORONTO – Ontario Information and Privacy Commissioner Ann Cavoukian ruled today that the Toronto Transit System’s expansion of its video surveillance system, for the purposes of public safety and security, is in compliance with Ontario’s Municipal Freedom of Information and Protection of Privacy Act – but she is calling on the TTC to undertake a number of specific steps to enhance privacy protection.
The Commissioner’s office conducted a four-month special investigation that went beyond the scope of the usual privacy investigation conducted in that it included:
- A detailed review of the literature and analysis from various parts of the world on the effectiveness of video surveillance;
- An examination of the role that privacy-enhancing technologies can play in mitigating the privacy-invasive nature of video surveillance cameras; and
- A detailed investigation into a privacy complaint by U.K-based Privacy International about the expansion of the TTC’s video surveillance system.
“Video surveillance presents a difficult subject matter for privacy officials to grapple with impartially because, on its face, it is inherently privacy-invasive due to the potential for data capture – despite that fact, there are legitimate uses for video surveillance … that render it in compliance with our privacy laws,” said the Commissioner. “Mass transit systems like the TTC, that are required to move large volumes of people, in confined spaces, on a daily basis, give rise to unique safety and security issues for the general public and operators of the system.”
“The challenge we thus face is to rein in, as tightly as possible, any potential for the unauthorized deployment of the system. We have attempted to do this by ensuring that strong controls are in place with respect to its governance (policy/procedures), oversight (independent audit, reportable to my office) and, the most promising long-term measure, the introduction of innovative privacy-enhancing technologies to effectively eliminate unauthorized access or use of any personal information obtained.”
While the expectation of privacy in public places is not the same as in private places, it does not disappear. People have the right, the Commissioner stresses in her report, to expect the following when it comes to video surveillance:
- That their personal information will only be collected for legitimate, limited and specific purposes;
- That the collection will be limited to the minimum necessary for the specified purposes; and
- That their personal information will only be used and disclosed for the specified purposes.
“These general principles,” said Commissioner Cavoukian, “should apply to all video surveillance systems. Where developments such as video surveillance in mass transit systems, like the TTC, can be shown to be needed for public safety, you must also ensure that threats to privacy are kept to an absolute minimum.”
Among the 13 recommendations the Commissioner is making to the TTC are the following:
- That the TTC reduce its retention period for video surveillance images from a maximum of seven days to a maximum of 72 hours (the same standard as the Toronto Police), unless required for an investigation;
- That the TTC’s video surveillance policy should specifically state that the annual audit must be thorough, comprehensive, and must test all program areas of the TTC employing video surveillance to ensure compliance with the policy and the written procedures. The initial audit should be conducted by an independent third party using Generally Accepted Privacy Principles, and should include an assessment of the extent to which the TTC has complied with the recommendations made in this special report;
- That the TTC should select a location to evaluate the privacy-enhancing video surveillance technology developed by University of Toronto researchers, K. Martin and K. Plataniotis; and
- That, prior to providing the police with direct remote access to the video surveillance images, the TTC should amend the draft memorandum of understanding (MOU) with the Toronto Police to require that the logs of disclosures be subjected to regular audits, conducted on behalf of the TTC. A copy of the revised draft MOU should be provided to the Commissioner prior to signing.
EMERGING PRIVACY-ENHANCING TECHNOLOGY
The Commissioner devotes part of her 50-page special report, and a specific recommendation, to the area of emerging privacy-enhancing video surveillance technology.
“In light of the growth of surveillance technologies, not to mention the proliferation of biometrics and sensoring devices, the future of privacy may well lie in ensuring that the necessary protections are built right into their design,” said the Commissioner. “Privacy by design may be our ultimate protection in the future, promising a positive sum paradigm instead of the unlikely obliteration of a given technology.”
As an example of the research being conducted into privacy-enhancing technologies, the Commissioner cites the work of researchers Karl Martin and Kostas Plataniotis at the University of Toronto, who used cryptographic techniques to develop a secure object-based coding approach. While the background image captured by a surveillance camera can be viewed, the sections where individuals are caught in the image would automatically be encrypted by the software. Designated staff could monitor the footage for unauthorized activity, but would not be able to identify anyone. Only a limited number of designated officials with the correct encryption key could view the full image.
The Commissioner is recommending that the TTC select a location to evaluate the video surveillance technology developed by Martin and Plataniotis.
A copy of the special report is available on the IPC’s website, www.ipc.on.ca.
Wednesday, February 27, 2008
What's the deal with surveillance cameras in bathrooms? I suppose that the WC is the last bastion of privacy, so it was bound to be invaded by surveillance cameras sooner or later.
Here's a story from the UK where school officials conceded to furious students to remove CCTV cams from school bathrooms: School removes CCTV cameras from children's toilets after furious protest from parents the Daily Mail
Wednesday, February 20, 2008
In a long awaited decision, the Information and Privacy Commissioner of Alberta has ordered a nightclub to cease scanning drivers licenses. The practice is an unreasonable collection of personal information and is not justified under the Personal Information Protection Act.
From the decision, the Commissioner didn't see the connection between the collection of drivers license information and the supposed purposes for collecting it:
[para 31] From my review of the evidence and the parties’ submissions, I find that, at best, the Organization offers conjecture that collecting driver’s license information of patrons may act as a deterrent to violent behaviour. The Organization did not submit any evidence to establish that collecting the Complainant’s driver’s license information, or that of other patrons, is in any way a deterrent to violent behavior. In addition, it did not provide any evidence regarding the causes of violence in bars or statistics relating to the incidence of violence in bars before and after the implementation of a driver’s license collection program. I draw the inference that the Organization is unable to produce any evidence to draw a correlation between violence, patron safety, and collecting driver’s license information. As a result, the Organization has failed to establish any reasonable relationship between collecting driver’s license information and any of its stated purposes for scanning driver’s licenses. I am therefore unable to conclude that the Organization has a reasonable purpose within the meaning of section 11 when it scans patrons’ driver’s licenses.
[para 32] For these reasons, I find that the Organization did not comply with the requirements of either section 11(1) or (2) when it scanned the driver’s license information of the Complainant, as its collection of personal information is not reasonable related to its purpose....
On the topic of whether putting up a poster results in informed consent:
[para 53] The Complainant’s evidence is that his driver’s license was scanned before he could raise an objection. He had assumed that the Organization’s employee would check his birth date, but she instead scanned the information on the license into a database. The Organization does not challenge the Complainant’s version of events, but points to a poster it has now posted for patrons explaining why it collects driver’s licenses and what it does with them. It argues that this poster satisfies the requirements of section 13(1).
[para 54] As noted above, the poster explains that its collection practice is intended “to encourage our patrons to behave responsibly and deter those who are seeking to ruin your experience with us, from entering the venue.” The poster is not clear about the purposes of the Organization in collecting the information and does not warn patrons that information will be retained for a period of 7 – 10 days or longer by the Organization.
[para 55] I find that the poster is misleading and does not provide sufficient information for patrons to provide informed consent to the Organization’s collection of personal information. In addition, the Organization provided no evidence that the poster was in place when it scanned the Complainant’s driver’s license. In fact, paragraph 8 of the Organization’s affidavit establishes only that the notice was posted on August 24, 2006, the date of the affidavit.
[para 56] I find that the Complainant did not consent to the scanning of the information on the face of his driver’s license, other than to permit the Organization employee to confirm his date of birth. I also find that the Organization did not provide adequate notice to the Complainant of its collection of his personal information. As none of the provisions of 14 apply, and because an individual cannot consent to the unreasonable collection of personal information, I find that the Organization was required to provide notice of its collection and did not. As a result, I find that the Organization contravened section 13 of the Act when it collected the Complainant’s personal information.
The Calgary Sun reports that the owner of the bar is considering appealing and is "furious" about the decision: The Calgary Sun - Bar owner furious after licence checks halted.
Not interested in being captured on CCTV? Wear an IR light emitting headband. Apparently this device from Germany offers "protection from the protection". This is courtesy of Boing Boing, where one commentator says this is only useful to thwart IR cameras as most CCTV cameras have an IR filter attached. I don't know if this is the case, but it's clever. See Google's translated version of http://www.oberwelt.de/projects/2008/Filo%20art.htm
Monday, February 04, 2008
I got a number of calls today from media outlets today about a controversy that has erupted in Montreal. It appears a Second Cup franchisee recently installed a fake surveillance camera in bathroom stalls in an effort to dissuade drug users from using the bathrooms to shoot up.
My thoughts are summed up in the following quote from the Canadian press:
The Canadian Press: Montreal Second Cup owner forced to take down bathroom surveillance camera
... Still, privacy advocates are uncomfortable with the creeping presence of cameras in more intimate places such as bathrooms. Whether the camera works or not, the effect, they say, is the same.
"One of the weird things about this area of law is the fact that it is designed in many ways to protect people's feelings," said David Fraser, a privacy lawyer based in Halifax. ."It's about people not wanting to feel they're under surveillance."
For Fraser, the underlying issue is the sense of violation that comes with feeling one's private space is being subjected to anonymous, prying eyes.
"There isn't any real material difference between a fake camera and a real camera," he said. "Whether they're real or fake, you still have the feeling of being watched." ...
Thursday, January 17, 2008
This is weird, and creepy:
Microsoft seeks patent for office 'spy' software - Times Online
Microsoft is developing Big Brother-style software capable of remotely monitoring a worker’s productivity, physical wellbeing and competence.
The Times has seen a patent application filed by the company for a computer system that links workers to their computers via wireless sensors that measure their metabolism. The system would allow managers to monitor employees’ performance by measuring their heart rate, body temperature, movement, facial expression and blood pressure. Unions said they fear that employees could be dismissed on the basis of a computer’s assessment of their physiological state....
Monday, January 14, 2008
Personal information practices of bars and nightclubs are coming under increasing scrutiny, particularly with repect to video surveillance in Nova Scotia and the practice of scanning identification documents. Complaints related to the latter practice are pending in British Columbia and Alberta. It appears that a decision of the Alberta Commissioner is to be expected shortly: Alberta privacy commission to rule on bar scans.
Sunday, January 06, 2008
An editorial in today's Halifax Chronicle Herald is coming out in favour of the apparent clampdown on bars in Halifax, including the doubling of surveillance cameras and giving the police access to the feeds.* They even come out with the old line, "if you aren't breaking the law, you have nothing to worry about":
Nova Scotia News - TheChronicleHerald.ca:
"Some critics have raised concerns about the misuse of increased security cameras, or giving police and liquor licence inspectors access to the images. Bars, however, are public places. If individuals are not breaking the law, they have little need to worry. That said, any misuse of the security cameras should be punished."
Today's paper had the following letter to the editor:
Nova Scotia News - TheChronicleHerald.ca
Pretty public privacy
I read with amazement the Dec. 30 article "Lawyer: Cops watching bar videos a worry." It left me wondering how anyone could have any expectation of privacy in a public place.
By definition, "public" is the opposite of "private." One cannot have both at the same time.
There are those who claim that their privacy is taken away by video cameras in bars and on the street. Well, folks, you never had privacy in these public places in the first place, so how is it taken away from you?
If these people want privacy, I suggest they look for it in their homes or in a voting booth. Get over it.
John D. Spearns, Dartmouth
This is a fallacious supposition. Halifax is a small city. There's actually a pretty good chance that the person watching the monitor is a neighbour, a member of your church or at least somehow intersects with your social circle. (Just go to the public market on a Saturday morning and you'll see how small a city this is.)
People at bars routinely do things that are not -- I repeat, NOT -- illegal but they wouldn't want recorded for posterity and perhaps clipped and sent around in an e-mail. People go to bars to relax, to undwind, to meet people and maybe even do foolish but lawful things. I am sure that on any given night, extramarital affairs are begun at bars around town. (A bit foolish in such a small city, but ....) None of this is illegal and none of it merits the scrutiny of law enforcement. Having cameras that are being transmitted to the police in realtime can have a chilling effect on lawful behaviours. Just because you are publicly visible shouldn't mean that you surrender all rights to privacy. (One must remember, also, that a bar is not a "public place" but a private establishment into which the public is invited.)
It may be a different matter if the cameras were only used as an investigative tool to look into incidents after the fact, but there has been no indication that there will be any controls on these cameras.
Even the law-abiding bar patron has cause to worry.
*See: Canadian Privacy Law Blog: Offsite surveillance in Halifax bar may set precedent and Canadian Privacy Law Blog: Halifax bar gets liquor license back on condition that cops have off-site access to surveillance system.
Thursday, January 03, 2008
Just before New Year's, the Nova Scotia Utility and Review board reinstated the liquor license of a popular bar in Halifax on the condition (among others) that the bar double the number of surveillance cameras and allow liquor inspectors and the cops to have offsite access to the feeds (see: Canadian Privacy Law Blog: Offsite surveillance in Halifax bar may set precedent and Canadian Privacy Law Blog: Halifax bar gets liquor license back on condition that cops have off-site access to surveillance system).
When this report came out, I voiced some concerns that this may set a dangerous precedent. Any move to implement such a scheme has to include very tight controls over how this new-found surveillance power will be used lest it be a license for unimpeded and unrestricted intrusiveness.
In case you were wondering what the slippery slope of function creep (to mix my metaphors) looks like, look no further than random ID checks in casinos in Illinois. Random identification checks by law enforcement officers were put in place to deal with excluded problem gamblers. Assurances were given that there would be no other use of that information or other abuse of this power. Now it's reported, shockingly, that the cops in Illinois casinos are checking for problem gablers, sex offenders, outstanding warrants and other micreants. See: Daily Herald Police admit ID checks in casinos turn up more than problem gamblers.
To put it bluntly, function creep is a very real phenomenon that needs to be anticipated and guarded against whenever a new intrusive technique or technology is rolled out.
The Canadian Privacy Law Blog is licensed under a Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.