You Might be Interested In

Remarks delivered to the Annual Conference of the Canadian Association for Security and Intelligence Studies, October 30, 2009 by Chantal Bernier, Assistant Privacy Commissioner of Canada

… As you may know, I came to the Office of the Privacy Commissioner of Canada from the Department of Public Safety, where I had the privilege of serving as Assistant Deputy Minister in the Community Safety and Partnerships Branch.

As such, I have had substantial engagement in a range of security and intelligence files.

My entire presentation is premised on this tenet: Privacy and security are not at odds.

On the contrary: I would put to you that measures to protect privacy must be integral to any initiatives to fight terrorism or other crimes.

Why? Because we live in a free and democratic society where individuals enjoy the right to live, to move around, to communicate and to go about their daily lives, free from unwarranted interference by the state.

And for practical reasons too:

Any effort towards greater security that is strictly tailored to the actual risk – and that therefore minimizes the infringement of privacy or other rights – will be more targeted and more effective.

For example, an investigation that is carried out in accordance with the law, and in a way that respects privacy and other rights, will yield cleaner evidence and a more compelling case for the prosecution.

In other words, all the work that is poured into greater security is more likely to pay off if it is carried out in a strategic, targeted manner. And an essential consideration in that regard is due respect for the right to privacy.

…

Airport scanners

Another file in which we are deeply involved relates to plans by CATSA, the Canadian Air Transport Security Authority, to install millimetre-wave whole-body imaging scanners at several Canadian airports.

These machines can penetrate clothing to expose concealed objects such as weapons or drugs. Their principal advantage over metal detectors is that they can identify non-metallic objects, such as ceramic weapons or liquid or plastic explosives.

Our Office has examined two Privacy Impact Assessments, or PIAs, prepared by CATSA – first for a pilot test conducted at Kelowna Airport, and more recently for the full program.

As we told CATSA earlier this week in our response to its PIA, we consider this technology to be inherently sensitive as it reveals an outline of the traveller’s body. Many people may perceive it as privacy invasive.

As such, we have worked with CATSA to ensure appropriate privacy safeguards.

One of the key results is that the technology will be used only for secondary purposes, after an individual has already passed through the metal detector. What’s more, the scans will be voluntary, with passengers given the option of going through them, or having a physical pat-down.

And – this is key from a privacy perspective – the images will not be recorded, printed or transmitted. Indeed, they will be deleted as the passenger leaves the scanner.

Four tests

In weighing this and any other government initiative with a potential impact on privacy, our approach is to apply four tests: Necessity, proportionality, effectiveness, and the existence of less-intrusive alternatives.

We ask ourselves: Is the proposed measure really necessary? Have the proponents offered proof of a genuine problem, with no other viable solutions?

Our next criterion is proportionality. Many measures will infringe on privacy; that is just the price we pay for living in a community. Any benefit to the group will generally restrict some liberties of the individual, but the invasion of privacy must be proportionate to the benefit derived.

We also want some assurance of effectiveness. We want to ensure that a measure that infringes on privacy, in the name of the collective good, really meets that specific objective.

As for the fourth test: If a measure is proposed that will affect the privacy of individuals, we want to know that it is justifiable on the grounds that there are no less intrusive alternatives already available.

…

Are you a good digital citizen?

It seems that almost daily we hear of people experiencing negative consequences when the information they post online is seen by an unexpected audience, whether it be a prospective employer, an insurance company, or a law enforcement agency.  Inevitably, such people express surprise and feel deceived by the technology.  Through public education, organizations like the OPC are trying to ensure that people are provided with the resources they need to make informed decisions about managing their personal information online.

Many such tools were on display at the recent FOSI annual conference.  Those from commonsense media and YouTube stood out for their simplicity and straight forward message. The conference theme “Building a Culture of Responsibility: From Online Safety to Digital Citizenship” strongly resonates with us at the OPC.

We see privacy, or the right to control one’s personal information, as a fundamental part of the larger issue of digital citizenship.  In other words, exercising our individual right to privacy is one part of being an ethical and engaged citizen of the web.

The web provides many opportunities for communicating with friends and family, accessing educational resources, stimulating community involvement, and many other participatory activities.

As increasing numbers of Canadians rush to take advantage of online services and integrate new technologies into our lives, however, we need to step back and consider how we conduct ourselves online and manage our personal information in this rapidly evolving environment.

There is a role for every user in the evolution of the web — especially if it is to develop into a space that respects the values, ethics and rights we take for granted in the offline world.

Government, industry and educators must continue public education activities to increase awareness of the potential pitfalls of using technology and to teach individuals how to better protect themselves online.  Regulators have a role in identifying and enforcing standards. Industry must take concrete and early steps to build privacy into their technology.

For individuals, the responsibilities are clear cut.  Take the time to find out how the websites you visit manage your personal information and decide whether this site is appropriate for you. Often, the type of service being offered is a big clue – a site for sharing personal status updates will be specifically designed to broadcast your personal information. If you want to use a particular site but don’t like some of their practices, be vocal about it. Chances are other people agree with you and together you will have a stronger voice in pushing for change.

By taking an active role in protecting your privacy, you will be helping to shape the internet to reflect your values and ethics. That’s what being a good digital citizen is all about.

(from our news release)

The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has more personal information in its database than it needs, uses or has the legislative authority to receive.

This was one of the key findings of the Privacy Commissioner of Canada’s in-depth audit of the independent agency mandated to analyze financial transactions and identify suspected money laundering and terrorist financing in Canada …

Legislative changes passed in 2006 expanded the types of transactions that must be reported to FINTRAC, as well as the number of professionals and organizations that are required to collect information about clients and to report it to FINTRAC. Examples of entities required to report to FINTRAC include financial institutions, life insurance companies, accountants and casinos.

The audit found that FINTRAC needs to do more to ensure that the amount of personal information it acquires is kept to an absolute minimum. A random sample of files examined in the audit turned up several reports that did not clearly demonstrate reasonable grounds to suspect money laundering or terrorist financing.  For example:

• A reporting entity filed several reports stating it was “taking a conservative approach in reporting this … because there are no grounds for suspecting that this transaction is related to the commission of a money laundering offence, but there is a lack of evidence to prove that the transaction is legitimate.”
• An individual deposited a government cheque for an amount less than $300 and then withdrew the entire amount. The financial institution filed a suspicious-transaction report, but did not indicate why the transaction was deemed suspicious.
• A financial institution filed a report about an individual who had deposited a cheque from a law firm.  The institution was satisfied that the individual had provided legitimate reasons for the source of funds, but decided to notify FINTRAC anyway because of the individual’s ethnic origin and the fact that this person had visited a particular country.

“It is clear that such reports, containing not a shred of evidence of money laundering and terrorist financing, should not be making their way into the FINTRAC database,” says Commissioner Stoddart.

“It is a bedrock privacy principle that you collect only the personal information you need for a specific purpose,” she says. “The federal government needs to have a justifiable need to collect someone’s personal information. Clearly, FINTRAC needs to do more work with organizations to ensure it does not acquire personal information that it has no legislative authority to receive – and that it does not need or use.”

The audit recommended enhanced front-end screening of reports; stronger ongoing monitoring and review to ensure that information holdings are relevant and not excessive, and the permanent deletion of information that FINTRAC did not have the statutory authority to receive.

Under amendments passed in 2006, the Proceeds of Crime (Money Laundering) and Terrorist Financing Act requires the Privacy Commissioner to review FINTRAC every two years and report the results to Parliament.

“Your Smart Meter is Watching” – editorial by Ann Cavoukian and Jules Polonetsky

I had the chance earlier this week to attend The Public Voice, a conference in Madrid to help civil society groups share their work and their points of view on important privacy issues.

One presentation highlighted un barrio feliz – a community led project to protest and undermine the closed circuit surveillance cameras slowly rolling out across Madrid’s neighbourhoods.

This particular effort is a response to the 48 cameras that are being installed in Lavapies, a downtown neighbourhood sometimes criticised for its low-rent atmosphere and late night escort business.

The presenter, David, made a point of noting that the Madrid municipal government has presented different excuses for the cameras, based on individual neighbourhoods.

Around the Puerta del Sol, a popular tourist area, the cameras were installed to deter pickpockets. In Lavapies, the cameras are apparently needed to deter the escorts.

This summer, a local campaign was pulled together to protest the closed circuit surveillance. As part of the campaign, artists and activists designed 37 posters and images that criticise the initiative.

While there are many familiar themes among the images (which, in itself, is a depressing statement for a privacy advocate), there are two that play off the colours and graphics used to support Madrid’s recent 2016 Olympic bid. Here is one (the other is a little rude):

These images remind us of similar measures being put in place to ensure security during Vancouver’s 2010 Winter Games – measures we have followed with interest.

The rest of the images can be found on a common flickr page, and they’re all CC Attribution 2.0 Generic.

Smart utility grids and consumer privacy

Now that Canada has officially entered the “second wave” of the H1N1 flu season, and the United States President has proclaimed the H1N1 pandemic to be a national emergency, Canadians are staring at the possibility of a significant flu outbreak. The sense of concern and urgency about how to respond to this situation presents interesting challenges for protecting the right to privacy.

As anyone who has stood in the long lines to get the new H1N1 vaccine can tell you, preparing for the potential disruptions in our daily lives as a result of the flu outbreak may well be new territory for organizations, employees, as well as customers.  And business continuity plans don’t always address important privacy questions!

To help bridge this gap, we’ve developed guidance for organizations and a fact sheet for employees to explain how privacy laws apply in the private sector workplace during the H1N1 pandemic. This important work was prepared in consultation with our counterparts in Alberta and British Columbia.

Right now, in Canada’s current “non-emergency” situation, it’s important to remember that privacy laws apply in the usual way. For example, employers can collect only the minimum amount of personal information necessary to meet a business need.

However, it’s a different story if an emergency is declared. For example, if an outbreak is declared to be a public emergency, the powers to collect, use and disclose personal information to protect the public health may be very broad. Privacy legislation would not prevent the sharing of information in the event that H1N1 is declared to be an emergency pandemic.

This guidance will be updated as circumstances warrant.

A survey commissioned by American academics and privacy advocates reveals that Americans are generally suspicious of efforts to track their behaviour online and to target advertising based on this tracking.

While you might expect older Americans to be suspicious of efforts to track their behaviour on individual websites, and even more so if tracking their behaviour on multiple sites, there seems to be opposition from younger Americans as well. 55% of 18 to 24 year-olds do not want to be subject to tailored advertising – and this number increases significantly if the advertiser is compiling data from a number of sources in order to target.

Interestingly, promises to anonymize the data do not seem to win many supporters:

“Even when they are told that the act of following them on websites will take place anonymously, Americans’ aversion to it remains: 68% “definitely” would not allow it,  and 19% would “probably” not allow it.”

The June/July survey was conducted by telephone interviews with a national sample of 1,000 adult internet users living in the continental United States, using both land line and cellular service.

The report by Joseph Turow, Jennifer King, Chris Hoofnagle, Amy Bleakley and Michael Hennessy is available on the Social Sciences Research Network.

Privacy and the 2010 Olympics – some resources

As you might have noticed, we’ve spent quite a bit of time over the past year looking at the privacy issues surrounding social networks.

While we released the report into our investigation of Facebook in July, in recent weeks we have also made public other research we have commissioned.

Last week, it was a report on a series of focus groups examining Canadian’s attitudes towards privacy on social networks. These were originally held in December 2008, and seem to confirm observations made in the U.S. and Europe: the users of social networks will say they are concerned about their privacy online, will argue that they have taken steps to protect their privacy, but will gradually admit that they don’t invest too much time or thought into the process.

This week, we are releasing a research paper that examines the privacy protections available on social networks popular with Canadians: Facebook, Linkedin, Livejournal, MySpace, Hi5 and Skyrock.

This paper, by Jennifer Barrigar, was not meant as an exhaustive examination of these networks’ privacy practices: instead, it should provide users with a general indication of the protection each network provides. It also lists a number of steps social networks of any stripe can take to make themselves more privacy protective and respectful of the information their users make available.

As I note in a foreword to the paper, Jennifer originally finished her work in February 2009. As we all know, many social networks and online services regularly revise their privacy policies and improve the protections they make available to their users. As a result, you will likely find that this paper is out of date in places (say, the Facebook section).

Nevertheless, we are releasing the paper because we feel it is an important contribution to an ongoing discussion about privacy protection in social networks – and on many other online services. Jennifer’s observations serve as a useful reminder to these services that their users are increasingly expecting more from their providers.