The Canadian Privacy Law Blog: Developments in privacy law and writings of a Canadian privacy lawyer, containing information related to the Personal Information Protection and Electronic Documents Act (aka PIPEDA) and other Canadian and international laws.
The author of this blog, David T.S. Fraser, is a Canadian privacy lawyer who practices with the firm of McInnes Cooper. He is the author of the Physicians' Privacy Manual. He has a national and international practice advising corporations and individuals on matters related to Canadian privacy laws.
For full contact information and a brief bio, please see David's profile.
Please note that I am only able to provide legal advice to clients. I am not able to provide free legal advice. Any unsolicited information sent to David Fraser cannot be considered to be solicitor-client privileged.
The views expressed herein are solely the author's and should not be attributed to his employer or clients. Any postings on legal issues are provided as a public service, and do not constitute solicitation or provision of legal advice. The author makes no claims, promises or guarantees about the accuracy, completeness, or adequacy of the information contained herein or linked to. Nothing herein should be used as a substitute for the advice of competent counsel.
This web site is presented for informational purposes only. These materials do not constitute legal advice and do not create a solicitor-client relationship between you and David T.S. Fraser. If you are seeking specific advice related to Canadian privacy law or PIPEDA, contact the author, David T.S. Fraser.
Tuesday, June 23, 2009
The Japanese Communications Ministry has concluded that Google's Street View complies with Japan's data protection laws provided it continues to blur individual faces. It appears to be a preliminary opinion as more public input is being sought over the coming months.
The Hindu News Update ServiceJapan says 'Ok' to Google's Street View service
Tokyo (PTI): Japan's government has concluded that Google's popular Street View service does not violate the country's privacy laws if the search engine giant takes safeguards like blurring people's faces.
An advisory panel of the communications ministry has determined that Google's Street View service would be consistent with Japan's personal information protection law if the US-based firm takes appropriate measures such as blurring identifiable images, such as faces, ministry officials said.
The pronouncement marks the first time that the Internal Affairs and Communications Ministry has expressed an opinion on the legality of the Google service, which provides close-up, 360-degree colour views of city streets, as they were caught by Google's Street View cameras installed on vehicles.
It amounted to turning down requests by dozens of city Assemblies across Japan -- including Tokyo's Machida city Assembly and Nara Prefecture's Ikoma city Assembly -- which adopted resolutions calling on the government to place curbs on the service, Kyodo news agency reported.
The ministry will release its final conclusion possibly in August after soliciting views from citizens.
Google launched its Street View service for 12 Japanese cities in August last year.
Labels: google, google street view, japan, privacy
Thursday, June 18, 2009
Yesterday, executives from Google Canada testified to the Parliamentary Standing Committee on Ethics, Privacy and Access to Information about their Street View product and how Google is addressing privacy concerns.
Here's some of the media coverage from the Ottawa Citizen, which I'll supplement with the actual testimony when it's posted on the Committee's site:
Google ‘Street View’ amended to allay privacy concerns, executive tells MPs
OTTAWA — Google’s controversial “Street View” feature won’t infringe on Canadians’ privacy rights, the company’s head of Canadian operations said Wednesday in advance of an appearance before a House of Commons committee.
Jonathan Lister, head of Google Canada, was to stand before a federal government committee Wednesday afternoon to defend Google’s Street View service.
Lister came to Ottawa equipped with testimonials from Street View users all over the world — including Boris Johnson, mayor of London. He also offered data that suggest Canadians might be eager to see their home country represented on the new service, as more than 100 million Street View images from other countries have been pulled up by Canadians.
“It has been extremely well received and as people use it, they find more uses for it,” said Lister. “We’re getting indications that it’s going to be popular in Canada. We’ve got testimonials and accolades from tourism officials, the mayor of London, and Australian tourism officials that support the fact that it’s been widely well received.”
Lister was being brought before the access to information, privacy and ethics committee after the committee passed a motion demanding Google explain any impact its new Street View service may have on Canadians’ privacy rights.
The feature allows someone using Google Maps or Google Earth to click on a street or a building and see a picture of the area. The cameras used to capture the picture allow onlookers to swivel 360 degrees within the image and even allows Internet users the ability to take a virtual stroll through neighbourhoods.
Google has been preparing for the roll-out of Street View in Canada since March. The Internet search giant has also been in intense discussions with the federal privacy commissioner’s office since that time, trying to negotiate a solution that would allow Google to offer Street View images from Canada to the rest of the world without contravening Canadian privacy law.
“We think the product is compliant, but we are certainly not going to launch it until we have satisfied our concerns,” said Lister. “We continue to work with the commissioner’s office. As we get closer to rolling the product out we plan on working with local law enforcement officials and stakeholder groups.”
Lister said Google has recently revamped its internal policies to cut the amount of time the company will archive Street View pictures. The move addresses one of the privacy commissioner’s biggest concerns.
“Recently we’ve revised our retention policy such that we have made a decision to only retain these images for an adequate but not-excessive period of time, after which they will be deleted,” said Lister.
Street View also automatically blurs the faces and identifying features of people or licence plates caught by Street View’s cameras and anyone who sees their picture, or a picture of their home or vehicle can ask Google to remove the image.
Lister would not define how long an “adequate” period of time will be. He also refused to commit to a date for the official launch of Street View in Canada. Vehicles having been cruising Canadian streets and suburbs in 32 cities taking pictures for the new service over the past two months.
The access to information, privacy and ethics committee is reviewing Canada’s privacy laws to determine whether they need to be updated. The committee will roll Lister’s comments into a final report on the state of Canadian privacy legislation, which is due later this year.
Labels: google, google street view, privacy
Wednesday, March 25, 2009
With Google's recent launch of Street View in Europe and imminent photographing of Canadian cities, I thought I'd do some quick looking around at how effective their "face blurring" technology may be. It only took one minute of wandering around London and I was able to see where it might fall off the rails.
In this particular image, the anti-war protesters are recognizable but - THANKFULLY - the image of what's probably George W. Bush has been blurred out. But not blurred to the point of non-recognition.
Google: You've come a long way, baby, but there's work to be done.
Labels: europe, google, google street view, privacy, uk
Sunday, March 22, 2009
Google Street View went live in the UK last week. Despite the prevalence of surveillance in Britain, complaints have rolled in and Google has taken down hundreds of pictures. See: Google forced to black out hundreds of Street View photos after privacy protests - but site gets record hits Mail Online.
Labels: europe, google, google street view, privacy, surveillance, uk
Wednesday, February 18, 2009
I blogged a while ago about a lawsuit brought against Google by the Boring family, alleging that Google's Street View was an invasion of their privacy by showing images of the Borings' house. (Google moves to have lawsuit thrown out, arguing complete privacy does not exist , Boring lawsuit over Google's "Street View" ).
According to CNET, the case has been thrown out by the Federal Court (here's the decision).
Via: Google wins Street View privacy suit Digital Media - CNET News.
For more on this topic generally, see postings tagged with "google street view".Labels: google, google street view, privacy
Monday, January 26, 2009
STREET WITH A VIEW: a project by Robin Hewlett & Ben KinsleyStreet With A View introduces fiction, both subtle and spectacular, into the doppelganger world of Google Street View.
On May 3rd 2008, artists Robin Hewlett and Ben Kinsley invited the Google Inc. Street View team and residents of Pittsburgh’s Northside to collaborate on a series of tableaux along Sampsonia Way. Neighbors, and other participants from around the city, staged scenes ranging from a parade and a marathon, to a garage band practice, a seventeenth century sword fight, a heroic rescue and much more...
Street View technicians captured 360-degree photographs of the street with the scenes in action and integrated the images into the Street View mapping platform. This first-ever artistic intervention in Google Street View made its debut on the web in November of 2008.
An incredible cast of real-life characters contributed their time, energy and talents to creating pseudo-street life on Sampsonia Way. Please check out the scene breakdown, the participant page and the video documentation to learn more about the artists, groups and participants that made Street With A View possible.
Bravo!
Labels: google, google street view, privacy
Friday, January 02, 2009
Five years ago, on January 2, 2004, a new age of privacy was creeping across Canada and this blog was born. The day before, at the stroke of midnight, the Personal Information Protection and Electronic Documents Act (Canada) had come fully into force. The Alberta and British Columbia Personal Information Protection Acts also became effective on the first day of 2004.
Since then, we have seen dramatic changes in privacy throughout the world: Identity theft is on the rise; there have been literally thousands of data breaches exposing the personal information of millions of people; governments are looking for easier access to personal information; video surveillance is more widespread; more personal information is generated digitally and aggregated in private hands.
And in the past year specifically, things have remained interesting on the privacy front. We've seen debate over changes to PIPEDA without anything definitive coming from the mandatory five year review. We've also seen arguments put forward to reform the public sector Privacy Act. Focus has also been drawn to the increasing practice of examining laptops at US border crossings. Litigation between Viacom and Google has raised awareness of log information that's often retained by internet companies. And Google has also been sued by a couple claiming their privacy has been violated by presenting pictures of their house in Google Street View. But in the last year, the one big privacy story that was supposed to have the largest impact on Canadians was the implementation of the National Do Not Call List. Whether it has, in fact, had an impact is the subject of debate.
I'd like to thank the many thousands of readers of the blog for visiting this site and thanks to those who have contacted me with comments, compliments, suggestions and links to interesting news. It's been a pleasure to write and I plan to keep it going as long as there's interesting privacy news to report.
Birthday cake graphic used under a creative commons license from K. Pierce.
Labels: border, dncl, google, google street view, identity theft, incident, laptop, lawful access, pipeda review, privacy, privacy act, telemarketing, video surveillance
Just posted on Slaw:
Slaw: Log retention initiativesI wrote two weeks ago about privacy issues related to the log files that are created and retained by internet companies. The moral of that story was that there is a significant amount of information that is collected in these logs and when they are retained and collated, they can reveal a lot of personal information. I concluded by saying:
I don’t think it’s too far fetched to think of a day when it will become standard for all investigations involving the internet to include a warrant served on Google or Yahoo! or Microsoft for all logs related to a particular user or IP address or both.In Canada, many may remember "lawful access", which was the subject of a number of consultations beginning in 2002. The consultation backgrounder and FAQ solicited comment on preservation orders (here) but the topic was not addressed when the Liberal government introduced the Modernization of Investigative Techniques Act (MITA). I am sure that preservation orders remain on the wish lists for law enforcement in Canada, but they're not here yet.
Europe has taken a different path. In 2006, the European Union adopted Directive 2006/24/EC entitled "on the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks". The Directive is meant to harmonize the retention rules of the members of the European Union. It requires that member states adopt rules or legislation to make it mandatory for communications providers to retain certain log-type data for at least six to twelve months. From the "Subject Matter and Scope" clause of the Directive:
1. This Directive aims to harmonise Member States' provisions concerning the obligations of the providers of publicly available electronic communications services or of public communications networks with respect to the retention of certain data which are generated or processed by them, in order to ensure that the data are available for the purpose of the investigation, detection and prosecution of serious crime, as defined by each Member State in its national law.The Directive goes beyond web communications and includes e-mail, telephone, VOIP and mobile phones. The sort of data that has to be collected and retained is that which identifies the source of the communication, the destination of the communication, the device that was used to make the communication and the "user ID" (defined to mean "a unique identifier allocated to persons when they subscribe to or register with an Internet access service or Internet communications service"). The Directive makes is plain that communications providers are not to retain the content of the communication (Article 5(2)).
While the Directive is aimed at saving information so that it can be obtained after the fact in connection with investigations, the debate over data retention in the United States has mainly focused on what has been reported to be informal and secret arrangements made by the National Security Agency and various telephone companies to save telephone calling information. This story was broken by USA Today: USATODAY.com - NSA has massive database of Americans' phone calls.
In addition, US criminal law permits law enforcement to make a written request for the preservation of records for 90 days (renewable for a further 90 days) (US CODE: Title 18, s. 2703(f)):
(f) Requirement To Preserve Evidence.—(1) In general.— A provider of wire or electronic communication services or a remote computing service, upon the request of a governmental entity, shall take all necessary steps to preserve records and other evidence in its possession pending the issuance of a court order or other process.
(2) Period of retention.— Records referred to in paragraph (1) shall be retained for a period of 90 days, which shall be extended for an additional 90-day period upon a renewed request by the governmental entity.
More recently, the Bush Administration has been pushing for broader retention requirements: FBI, politicos renew push for ISP data retention laws | Politics and Law - CNET News.
This posting has presented a brief snapshot of some legal initiatives that affect internet log retention in a selection of countries. It does not seem likely to me that the debate is over; we will likely see EU-type proposals put forward in both Canada and the US in the coming years.
Labels: google, ip address, privacy, retention
Friday, December 19, 2008
In the past two weeks, the New York Times reported that Microsoft has made a minor concession with European privacy authorities about how long it retains its log files. A committee of European privacy regulators had asked that these logs be kept for only six months. Microsoft's response? Eighteen months.Yahoo used to keep them for thirteen months and just announced it will cut retention to 90 days. Google keeps them for nine.
The privacy implictions of these innocuous log files have been underestimated, particularly when you think about the fulsome picture of your private life that companies like Google may be assembling about you. The information in an ordinary web-server log usually contains the just a tid-bit of information. One "hit" on a website may look like this (but all on one line):
127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326 "http://www.example.com/start.html" "Mozilla/4.08 [en] (Win98; I ;Nav)"The first bundle of numbers is the IP address of the computer that requested a particular web-page. "Frank" refers to a userid, which is usually not eabled. The next field is the date" Following that, and usually preceded by "GET" is the command your web-browser sent to the server. The next bits are the status code returned by the server and then the size of the entity requested. Next is something called a "referer" (mis-spelled) , followed by details about your browser.
Since many people often share the same IP address (it could be one IP for an entire company or just a group of people in a house using the same internet connection), some have argued it is not personal information and a log-file doesn't contain personal information. The problem is that even if an IP address is not directly connected to one individual, one can do some easy analysis to make the connections. After AOL released supposedly de-identified search logs to researchers, an intrepid reporter was able to track down at least one of the users who had some very personal health-related searches in the logs (see: Users identifiable by AOL search data).
What's additionally troubling from a privacy point of view is that the large inernet companies, like Google, Yahoo and Microsoft, don't just have your search queries. Increasingly, they have a huge trove of data sources in their logs.
Take Google, for example. Google has their famous Google search. They also have GMail, Google Analytics, Google AdSense, Google Documents, Google Toolbar and more. Each time you "hit" one of their sites, you're in their logs. Most internet users hit Google's logs dozens of times a day and on many of those occasions aren't even aware that they're using a Google service. Google has what is probably the most popular and widely used network of online advertising: AdSense. Each time you go to a website that features Google's ads, your computer sends a request to Google's servers and that "hit" goes into their logs, along with the information about what site you were visiting, when you visited and what ad was served. If you click on the ad, even more information is collected and logged. But even if you don't visit a site with Google's ads, there's a very good chance that the webmaster is using Google Analytics to find out about useage of his or her site. (Full disclosure: I use Google Analytics for my site at www.privacylawyer.ca.) I should also note that Yahoo! and MSN also have advertising networks, which collect the same sort of information.What this means is that Google, Yahoo and Microsoft register in their logs a significant portion of your usage of the internet.
And if you have a Google, Yahoo! or MSN account, that hit can be connected to your account details, includig your name.
I don't think it's too far fetched to think of a day when it will become standard for all investigations involving the internet to inlcude a warrant served on Google or Yahoo! or Microsoft for all logs related to a particular user or IP address or both.
Next week, I'll discuss efforts being made by governments and law enforcement to make log rentention mandatory.
Labels: google, health information, ip address, privacy, retention
Sunday, December 07, 2008
This is interesting ...
Intel, Google Asked to Help Revise EU Data Protection Laws (PC World) by PC World: Yahoo! TechIntel, Google Asked to Help Revise EU Data Protection Laws (PC World)
Posted on Fri Dec 5, 2008 6:55PM EST
- The European Commission has set up an advisory panel including executives from Google and Intel to help it revise European Union laws on data protection.
"The aim of the group is to identify issues and challenges raised by new technologies. We are not reviewing the main data protection laws at present, but this could be a first step," said European Commission spokesman Michele Cercone.
He added that the executives were chosen in a private capacity, rather than as representatives of their companies.
Peter Fleischer, Google global privacy counsel, along with David Hoffman, Intel's group counsel for eBusiness and privacy will sit alongside data protection lawyers and regulators on the panel, which held its inaugural meeting Thursday.
"I am delighted to have been asked," Fleischer told journalists.
Many aspects of the existing E.U. legislation have been made obsolete by advances in technology, Fleischer said, referring to the E.U.'s cornerstone law, the 1995 data protection directive.
He will urge the Commission to adopt a system where companies only have to deal with one national data protection authority, instead of having to meet the demands of all 27, as they do at present.
"There is a need for harmonization of data protection enforcement in Europe," he said, adding that a system of mutual recognition among national authorities will go a long way in achieving that aim.
He also will try to persuade the Commission to move away from a location-based approach. "It worked when data was stored on paper, but with the Internet that concept is obsolete because data travels around the world and is commonly stored in many different locations at once. There is a strong need for data protection laws to take the new technology into consideration," Fleischer said.
He pointed to Canada's approach, which is not location-based, but calls on data controllers, such as companies, to be responsible for data safety.
Finally, he wants data protection laws to apply to public institutions as well as to private companies, pointing out that some of the most serious threats' to potential threats to people's data and their privacy are posed by governments, not corporations. The 1995 law only applies to the private sector.
Privacy campaign groups are critical of Google's own approach to privacy. However, none were available to comment.
Saturday, October 11, 2008
This blog is familiar with previous privacy issues raised by Google's street view (see: posts tagged "google street view"), but this seems a little over the top. A group is calling for the removal of Pittsburgh from Google street view because predators could use it to locate schools, playgrounds and other places where children might congregate. Hmm. I guess there's no other way of getting that information.
See: Children's safety group wants city off of Google's Street View
Labels: google, google street view, privacy
Tuesday, September 09, 2008
Google has just announced that they are cutting their log retention period in half: from 18 monts to 9 months.
From the Official Google Blog:
Official Google Blog: Another step to protect user privacyToday, we're announcing a new logs retention policy: we'll anonymize IP addresses on our server logs after 9 months. We're significantly shortening our previous 18-month retention policy to address regulatory concerns and to take another step to improve privacy for our users.
Back in March 2007, Google became the first leading search engine to announce a policy to anonymize our search server logs in the interests of privacy. And many others in the industry quickly followed our lead. Although that was good for privacy, it was a difficult decision because the routine server log data we collect has always been a critical ingredient of innovation. We have published a series of blog posts explaining how we use logs data for the benefit of our users: to make improvements to search quality, improve security, fight fraud and reduce spam.
Over the last two years, policymakers and regulators -- especially in Europe and the U.S. -- have continued to ask us (and others in the industry) to explain and justify this shortened logs retention policy. We responded by open letter to explain how we were trying to strike the right balance between sometimes conflicting factors like privacy, security, and innovation. Some in the community of EU data protection regulators continued to be skeptical of the legitimacy of logs retention and demanded detailed justifications for this retention. Many of these privacy leaders also highlighted the risks of litigants using court-ordered discovery to gain access to logs, as in the recent Viacom suit.
Today, we are filing this response (PDF file) to the EU privacy regulators. Since we announced our original logs anonymization policy, we have had literally hundreds of discussions with data protection officials, government leaders and privacy advocates around the world to explain our privacy practices and to work together to develop ways to improve privacy. When we began anonymizing after 18 months, we knew it meant sacrifices in future innovations in all of these areas. We believed further reducing the period before anonymizing would degrade the utility of the data too much and outweigh the incremental privacy benefit for users.
We didn't stop working on this computer science problem, though. The problem is difficult to solve because the characteristics of the data that make it useful to prevent fraud, for example, are the very characteristics that also introduce some privacy risk. After months of work our engineers developed methods for preserving more of the data's utility while also anonymizing IP addresses sooner. We haven't sorted out all of the implementation details, and we may not be able to use precisely the same methods for anonymizing as we do after 18 months, but we are committed to making it work.
While we're glad that this will bring some additional improvement in privacy, we're also concerned about the potential loss of security, quality, and innovation that may result from having less data. As the period prior to anonymization gets shorter, the added privacy benefits are less significant and the utility lost from the data grows. So, it's difficult to find the perfect equilibrium between privacy on the one hand, and other factors, such as innovation and security, on the other. Technology will certainly evolve, and we will always be working on ways to improve privacy for our users, seeking new innovations, and also finding the right balance between the benefits of data and advancement of privacy.
Labels: google, ip address, privacy, retention
Tuesday, August 26, 2008
Yesterday's Wall Street Journal had an interesting Op/Ed on privacy, highlighting contemporary expectations of privacy.
Information Age - WSJ.comPrivacy? We Got Over It.
August 25, 2008; Page A11
In 1988, Congress banned video stores from disclosing the titles of films that people rent. The issue arose because in the battle to block Robert Bork from the Supreme Court, someone leaked his video rentals.
Fast-forward to this summer, and a federal judge hearing a $1 billion copyright complaint by Viacom ordered YouTube to turn over online records about which computer addresses were used to watch which videos on the site. The judge dismissed privacy concerns as "speculative." How quickly our expectations of privacy have changed.
Privacy advocates objected that with access to Internet protocol addresses, it would be possible to track who watched what. Hundreds of millions of people have watched videos on YouTube since its founding in 2005 -- indeed, by one estimate, virtually everyone who uses the Web has watched a video on the site. This makes it surprising that there was such little public outcry about this potential loss of privacy. Google, which owns YouTube, has complied with the judge's order by using encryption to hide individual records, but it is indeed "speculative" how much people would object to disclosing this online behavior.
This incident is a telling moment. We seem to be following the advice of Scott McNealy, chairman of Sun Microsystems, who in 1999 said, "You have zero privacy anyway. Get over it." And the observation by Oracle CEO Larry Ellison: "The privacy you're concerned about is largely an illusion. All you have to give up is your illusions, not any of your privacy."
These comments could be dismissed as technology executives trying to minimize complaints about technology. But whatever we say about how much we value privacy, a close look at our actual behavior suggests we have gotten over it. A recent study by AOL of privacy in Britain found that 84% of people said they would not disclose details about their income online, but in fact 89% of them willingly did.
Amazon closely records our taste in books, Gmail scans our emails to deliver relevant ads, and electronic tolls track where we drive. Profiles on MySpace and Facebook are accessible, forever. The disclosure that Judge Bork liked to rent British comedies seems quaint in comparison.
Records about us are no longer kept in scattered manila files in dusty cabinets, but digitally, which means in permanent records that can be combined with other records to paint a full picture of our tastes and habits. Information held by different retailers, insurers and government agencies can be mined to create constantly updated files more complete than the most tenacious intelligence report on a suspected criminal a generation ago.
Privacy advocates do their jobs by reminding us of these risks, but our choices all seem to be in the direction of trading away privacy. The fantastic power and convenience of digital life has led us to change what we consider private in ways that we can only begin to understand.
Indeed, our expectations of privacy have changed radically over time. Stanford law professor Lawrence Friedman in his recent book, "Guarding Life's Dark Secrets," documents the total lack of privacy expectations through the medieval period, when people lived together with no option for privacy, to a period of privacy for some people and some purposes as part of what he calls the "Victorian compromise." Propriety was defined through social norms focused on reputation, which included significant freedom for otherwise scandalous behavior if it was done carefully, in private.
"If the nineteenth century was a world of privacy and prudery, a world of closed doors and drawn blinds," Mr. Friedman writes, "then the world of the twenty-first century is the world of the one-way mirror, the world of the all-seeing eye."
We now seem happy to trust companies with our information for benefits such as one-click buying and online searches for personally relevant results. In a digital world where it is possible to know more than ever about everything, including one another, the new vice may be the flip side of privacy -- concealing information about ourselves of legitimate value to others.
In the physical world, surveillance cameras, satellites and bio-recognition systems have redefined privacy expectations. We have learned that "privacy can be very dangerous," as federal appeals judge Richard Posner has observed. "Obviously if you're a terrorist, privacy is enormously important. So the more we think of privacy as endangering us, that will reinforce these commercial incentives to surrender privacy."
Privacy remains a virtue, or at least we still say it does. But the balance has been tipped by other values, such as transparency, a free flow of information and physical security. We're in the early stages of adapting to more digital and visible lives, with privacy expectations better defined by what we do than by what we say.
Labels: aol, facebook, google, privacy, social networking
Thursday, July 31, 2008
In the "Street View" lawsuit with the Borings (see: Boring lawsuit over Google's "Street View"), Google has filed a motion to have the suit dismissed. Google argues that in the 21st century, complete privacy does not exist. The Smoking Gun has Google's motion here: Google: "Complete Privacy Does Not Exist" - July 30, 2008
Labels: google, google street view, privacy
Wednesday, July 16, 2008
When the order was made that Google provide Viacom with its raw user logs (a move which significantly compromised user privacy), I wrote that the court could have ordered that the information be anonymised. (Canadian Privacy Law Blog: Commentary on the YouTube / Viacom order)
I don't think I can take any credit for this next move, but I'm sure the loud outcry has had an influence: Google and Viacom have agreed to anonymise the data using a one-way function so that the actual IP addresses cannot be reverse-engineered and Viacom has agreed to not even try. The stipulation filed with the court is here. Extract:
IT IS HEREBY STIPULATED AND AGREED, by and between the undersigned counsel of record:1. Substituted Values: When producing data from the Logging Database pursuant to the Order, Defendants shall substitute values while preserving uniqueness for entries in the following fields: User ID, IP Address and Visitor ID. The parties shall agree as promptly as feasible on a specific protocol to govern this substitution whereby each unique value contained in these fields shall be assigned a correlative unique substituted value, and preexisting interdependencies shall be retained in the version of the data produced. Defendants shall promptly (no later than 7 business days after execution of this Stipulation) provide a proposed protocol for this substitution. Defendants agree to reasonably consult with Plaintiffs’ consultant if necessary to reach agreement on the protocol.
2. Non-Circumvention: The parties agree that they shall not engage in any efforts to circumvent the encryption utilized pursuant to Paragraph 1 this Stipulation. This Paragraph does not limit in any way any party’s rights under Paragraph 8 below.
For background, see all posts tagged: Viacom v Google. Also, the Ontario Privacy Commissioner applauds this move: CNW Group | OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER/ONTARIO | Commissioner Cavoukian Applauds Agreement Protecting YouTube Users' Privacy
Labels: google, ip address, litigation, privacy, Viacom v Google
Friday, July 11, 2008
More commentary on the Viacom v. Google/YouTube case, this time from MIT's Technology review:
Technology Review: Privacy protections disappear with a judge's orderPrivacy protections disappear with a judge's order
By Associated Press
NEW YORK (AP) _ Credit card companies know what you've bought. Phone companies know whom you've called. Electronic toll services know where you've gone. Internet search companies know what you've sought.
It might be reassuring, then, that companies have largely pledged to safeguard these repositories of data about you.
But a recent federal court ruling ordering the disclosure of YouTube viewership records underscores the reality that even the most benevolent company can only do so much to guard your digital life: All their protections can vanish with one stroke of a judge's pen.
"Companies have a tremendous amount of very sensitive data on their customers, and while a company itself may treat that responsibly ... if the court orders it be turned over, there's not a lot that the company that holds the data can do," said Jennifer Urban, a law professor at the University of Southern California.
In the past, court orders and subpoenas have generally been targeted at records on specific individuals. With YouTube, it's far more sweeping, covering all users regardless of whether they have anything to do with the copyright infringement that Viacom Inc., in a $1 billion lawsuit, accuses Google Inc.'s popular video-sharing site of enabling.
It's a scenario privacy activists have long warned about.
"What we're seeing is (that) the theoretical is becoming real world," said Lauren Weinstein, a veteran computer scientist. "The more data you've got, the more data that's going to be there as an attractive kind of treasure chest (for) outside parties."
U.S. District Judge Louis L. Stanton dismissed privacy arguments as speculative.
Last week, Stanton authorized full access to the YouTube logs -- which few users even realize exist -- after Viacom and other copyright holders argued that they needed the data to prove that their copyright-protected videos for such programs as Comedy Central's "The Daily Show with Jon Stewart" are more heavily watched than amateur clips.
"This decision makes it absolutely clear that everywhere we go online, we leave tracks, and every piece of information we access online leaves some sort of record," Urban said. "As consumers, we should all be aware of the fact that this sensitive information is being collected about us."
Mark Rasch, a former Justice Department official who is now with FTI Consulting Inc., said the ruling could open the floodgates for additional disclosures.
Though lawyers have known to seek such data for years, Rasch said, judges initially hesitant about authorizing their release may look to Stanton's ruling for affirmation, even though U.S. District Court rulings do not officially set precedence.
The YouTube database includes information on when each video gets played. Attached to each entry is each viewer's unique login ID and the Internet Protocol, or IP, address for that viewer's computer -- identifiers that, while seemingly anonymous, can often be traced to specific individuals, or at least their employers or hometowns.
Elsewhere, search engines such as Google and Yahoo Inc. keep more than a year of records on your search requests, from which one can learn of your diseases, fetishes and innermost thoughts. E-mail services are another source of personal records, as are electronic health repositories and Web-based word processing, spreadsheets and calendars.
One can reassemble your whereabouts based on where you've used credit cards, made cell phone calls or paid tolls or subway fares electronically. One can track your spending habits through loyalty cards that many retail chains offer in exchange for discounts.
Though companies do have legitimate reasons for keeping data -- they can help improve services or protect parties in billing disputes, for instance -- there's disagreement on how long a company truly needs the information.
The shorter the retention, the less tempting it is for lawyers to turn to the keepers of data in lawsuits, privacy activists say.
With some exceptions in banking, health care and other regulated industries, requests are routinely granted.
Service providers regularly comply with subpoenas seeking the identities of users who write negatively about specific companies, at most warning them first so they can challenge the disclosure themselves. The music and movie industries also have been aggressive about tracking individual users suspected of illegally downloading their works.
Law enforcement authorities also turn to the records to help solve crimes.
The U.S. Justice Department had previously subpoenaed the major search engines for lists of search requests made by their users as part of a case involving online pornography. Yahoo, Microsoft Corp.'s MSN and Time Warner Inc.'s AOL all complied with parts of the legal demand, but Google fought it and ultimately got the requirement narrowed.
In the YouTube case, Viacom largely got the data it wanted.
Google has said it would work with Viacom on trying to ensure anonymity, and Viacom has pledged not to use the data to identify individual users to sue. The YouTube logs will also likely be subject to a confidentiality order.
But privacy advocates warn that there's no guarantee that future litigants will be as restrained or that data released to lawyers won't inadvertently become public -- through their inclusion as an attachment in a court filing, for instance.
And retailers, government agencies and others are regularly announcing that personal information, stored without adequate safeguards, is being stolen by hackers or lost with laptops or portable storage drives.
"You just never know," said Steve Jones, an Internet expert at the University of Illinois at Chicago. "There are some circumstances under which what seems to be private information is going to be shared with a third party, and the court says it's OK to do that."
Copyright Technology Review 2008.
Labels: aol, google, health information, laptop, litigation, privacy, retention, Viacom v Google
Thursday, July 10, 2008
It is not often that a columnist for a major national newpaper calls a federal court judge a moron, but that's just what Michael Arrington on the Washtington Post website calls Judge Stanton, referring to Viacom v. Google/YouTube. See: Judge Protects YouTube's Source Code, Throws Users To The Wolves - washingtonpost.com.
Labels: google, litigation, privacy, Viacom v Google
Hot off the presses: The Information and Privacy Commissioner of Ontario has written to Google calling for Google to appeal the recent Viacom v. Google disclosure order:
CNW Group OFFICE OF THE INFORMATION AND PRIVACY COMMISSIONER/ONTARIO Privacy Commissioner Ann Cavoukian urges Google to appeal YouTube rulingPrivacy Commissioner Ann Cavoukian urges Google to appeal YouTube ruling
TORONTO, July 10 /CNW/ - Ontario Information and Privacy Commissioner Ann Cavoukian is urging Google to appeal the recent ruling of U.S. District Court Judge Louis Stanton, requiring the disclosure of YouTube users' information to Viacom. YouTube, a popular website, is owned by Google.
In a letter to Sergey Brin, Google's President of Technology, the Commissioner emphasized her deep concerns about the privacy implications of the ruling, which she was asked to outline earlier this week on Canada AM.
Commissioner Cavoukian said "I was astounded to learn that Google had been ordered to disclose certain YouTube information, which includes users' login IDs and IP addresses, for use in Viacom's copyright infringement lawsuit against YouTube." The Commissioner felt that Judge Stanton had "failed to consider that user login IDs and video viewing habits can reveal a great deal of sensitive personal information."
In response to suggestions that the data be "anonymized" before its release to Viacom's legal counsel, the Commissioner noted that it is possible to re-identify individuals by linking their data with publicly available personal information, such as that found in telephone directories. "Simply stripping certain data fields from a database is not sufficient to safeguard the privacy of individuals" warned the Commissioner.
Despite the Judge's associated protection order which attempts to limit the authorized uses of YouTube users' information by Viacom, this does not eliminate the Commissioner's concerns. Companies simply cannot guarantee that information, once obtained, will not be subject to unauthorized use or disclosure. "Witness the example of identity theft" she noted. "The majority of instances of identity theft result from insider abuse."
"While I have sympathy for the rights of intellectual property holders, businesses should not rely on the surveillance of consumers to protect their copyright interests. It is not acceptable to allow copyright enforcement to come at the expense of users' privacy."
The full text of the letter to Google may be found on the Commissioner's website at www.ipc.on.ca in the What's New section.
Previously: Commentary on the YouTube / Viacom order, Judge orders that YouTube hand over viewer records.
Labels: google, litigation, privacy, Viacom v Google
Tuesday, July 08, 2008
I had the chance yesterday to read the decision in Viacom International v. YouTube (previously: Canadian Privacy Law Blog: Judge orders that YouTube hand over viewer records). The request and the order are appalling from a privacy point of view, in my humble opinion.
It appears clear from the decision that Viacom, et al. were ostensibly not looking for information about users of Google Video and YouTube, but this will certainly be the side-effect. In the preliminary motion, Viacom was seeking a number of orders from the court to help it build its billion dollar case for copyright infringement against the video sites. Because the vast majority of the content is uploaded by users, Viacom is going after YouTube on the basis that they assist and encourage the violation of copyright by users and are therefore responsible financially for it. The reason put forward by Viacom for seeking the full user logs was to compare the viewership (aka hits) of allegedly pirated content against viewership of non-pirated materials. If they can show that allegedly pirated content is more popular, the reasoning goes, they can show that YouTube has a financial interest in allowing pirated content on the site.
Google attempted to argue to the Court that handing over the raw logs would be intrusive of privacy for the sites' users. Unfortunately for the users, the Court didn't put much weight in these arguments as it referred to Google's past positions that IP addresses cannot identify individuals:
Defendants argue that the data should not be disclosed because of the users’ privacy concerns, saying that “Plaintiffs would likely be able to determine the viewing and video uploading habits of YouTube’s users based on the user’s login ID and the user’s IP address” (Do Decl. ¶ 16).
But defendants cite no authority barring them from disclosing such information in civil discovery proceedings, and their privacy concerns are speculative. Defendants do not refute that the “login ID is an anonymous pseudonym that users create for themselves when they sign up with YouTube” which without more “cannot identify specific individuals” (Pls.’ Reply 44), and Google has elsewhere stated:
We . . . are strong supporters of the idea that data protection laws should apply to any data that could identify you. The reality is though that in most cases, an IP address without additional information cannot.Google Software Engineer Alma Whitten, Are IP addresses personal?, GOOGLE PUBLIC POLICY BLOG (Feb. 22, 2008), http://googlepublicpolicy.blogspot.com/2008/02/are-ip-addresses-personal.html (Wilkens Decl. Ex. M).
So why does Viacom need the full logs? Because they need to try to determine unique viewership of the content. They need a way to distinguish one viewer from another.
Do they need full IP addresses? I don't think so. While we are talking about terabytes of data, it would be trivial to run all the logs through a software routine that would use a "one way hash" to make each IP address unique while not disclosing the IP address itself.
Why the big deal? While Viacom obtained the information for one purpose (to build its case against YouTube), it may be able to use the information for other purposes. At least in Canada, that would be covered by the implied undertaking rule that would require court permission before using it for any other purpose. But the bigger deal is the chilling effect on viewers. Casual web surfers may know that somewhere their digital footprints are being recorded, but they don't spend a lot of time thinking about it. This case should make internet users think carefully about where they are surfing, what they are viewing and the fact that once personal information is recorded and retained, it will be available for all kinds of secondary uses. Some of these secondary uses, such as litigation or criminal investigations, are beyond their control and there is no opt-out. The Viacom order includes the personal information of innocent viewers who were only viewing public domain or properly licensed content. Those logs include my IP addresses, which includes information about what I've viewed and what my kids have viewed. I'm sure that it includes your IP address too.
What to do? If you are an online service provider, don't create logs. If you create logs, don't keep them. It's that simple. (If you are about to be served with a subpoena, don't delete them. It's too late and you'll be hit with accusations of spoliation.) If you are an internet user, look into Tor.
Labels: google, ip address, litigation, privacy, Viacom v Google
Thursday, July 03, 2008
This is some pretty scary stuff. Not only has Viacom (shame on Viacom) demanded that Google hand over the records of all users who viewed certain YouTube videos (yup, viewed not uploaded) but a Judge has actually ordered this. Perhaps not surprisingly, Google's argument that IP addresses are not personal information has been used against its arguments that handing over this information would be unduly intrusive of personal privacy. See: Judge Orders YouTube to Give All User Histories to Viacom Threat Level from Wired.com.
Labels: google, litigation, privacy, Viacom v Google
Sunday, June 01, 2008
According to Computerworld Security, Google has started collecting images of European streets for its Street View feature, but is holding off putting the data online until it has figured out the local privacy law challenges. See: Google takes Street View snaps in Paris; lawsuits could follow.
Labels: europe, google, google street view, privacy, street view
Thursday, May 15, 2008
According to the CBC, Google has started implementing an algorithm to automatically blur peoples' faces in Google Street View. This follows complaints that the online service violates privacy by showing people without their consent. See: Google starts blurring faces on Street View.
For some background, see: Canadian Privacy Law Blog: Google Street View raises privacy concerns, Canadian Privacy Law Blog: Google modifying street view to meet Canadian privacy expectations.
Labels: google, google street view, privacy, street view
Monday, April 21, 2008
I've never been liveblogged before, but there's a first time for everything. I'm currently in Montreal at http://legalit.ca/en/2008program. I had the honour of being on a panel with the Privacy Commissioner of Canada, Jennifer Stoddart, and Professor Pierre Trudel.
My presentation from this morning was summarized by Patrick Cormier on Slaw.ca. See: Slaw - Social networking and privacy
.You can see my PowerPoint slides here: http://docs.google.com/Presentation?id=ddpx56cg_107g8chjhff
.Labels: facebook, google, presentations, privacy
Monday, April 07, 2008
The BBC is reporting that the Article 29 Working Group in Europe is calling on search engines to render their logs anonymous after six months.
BBC NEWS Technology Search engines warned over data... The report from the Article 29 Data Protection Working Party said search engine providers had "insufficiently explained" why they were storing and processing personal data to their users.
It said "search engine providers must delete or irreversibly anonymise personal data once they no longer serve the specified and legitimate purpose they were collected for".
The report said the personal data of users should not be stored or processed "beyond providing search results" if the user had not created an account or registered with the search engine.
The advisory body also said it preferred search engines did not collect and use personal data to serve personalised adverts unless the user had consented and signed up to the service....
Google has recently reduced its log retention to eighteen months while other search engines are in the one year to one-and-a-half year ballpark.
Via the ever vigilant Slaw. For Google's previous announcement on retention, check out Canadian Privacy Law Blog: Google to anonymize older data.
Saturday, April 05, 2008
(I couldn't resist.)
Mr. and Ms. Boring of Pittsburgh is suing Google for intentional invasion of privacy since Google's Street View feature shows a picture of the home despite the fact that their street is marked as a private road. The Smoking Gun has the facts and their pleadings:
Couple Sues Google Over "Street View" - April 4, 2008If you look at the pictures of their property, you might think that if the Borings were concerned about their privacy they would have put a fence around their pool. I'm just saying ...APRIL 4--A Pittsburgh couple is suing Google for invasion of privacy, claiming that the web giant's popular "Street View" mapping feature has made a photo of their home available to online searchers. Aaron and Christine Boring accuse Google of an "intentional and/or grossly reckless invasion" of their seclusion and privacy since they live on a street that is "clearly marked with a 'Private Road' sign," according to a lawsuit the couple filed this week in Allegheny County's Court of Common Pleas. A copy of the April 2 complaint can be found below. According to the Borings, they purchased their Oakridge Lane home in late-2006 for "a considerable sum of money," noting that a "major component of their purchase decision was a desire for privacy." But when Pittsburgh was added last October to the roster of cities covered by Google's "Street View" feature, the Borings allege, their "private information was made known to the public," causing them "mental suffering" and diminishing the value of their home (which cost the couple $163,000, according to property records). The Borings are seeking in excess of $25,000 in damages and want a court order directing Google to destroy images of their home. Click here for some photos of the Boring property, which is now even easier to locate via Google Maps, since the plaintiffs included their home address on the lawsuit's first page. And while they are litigating, perhaps the Borings should consider suing Allegheny County's Office of Property Assessments, which includes a photo of their home (which was built in 1916 and sits on 1.82 acres) on its web site. Here's a screen grab. (8 pages)
UPDATE (2008.04.06): The Wall Street Journal's Law Blog has a response from Google:
There is no merit to this action. It is unfortunate litigation was chosen to address the concern because we have visible tools, such as a YouTube video, to help people learn about imagery removal and an easy-to-use process to facilitate image removal.As a matter of policy, imagery for Street View is taken in public streets and what any person can readily capture or see in the public domain. Street View is a popular, engaging feature that allows people to easily find, discover, and plan activities relevant to a location.
What's most interesting -- at least from my perspective -- is that this argument doesn't hold much water in Canada. Up here, there are two different privacy laws. There is some caselaw that's similar to tort law in the US suggesting that you can sue for invasion of privacy, if there's been an "unreasonable invasion of privacy". In the US, there is no expectation of privacy in the streets or in a public place and, other than in Quebec, that's probably the law in Canada. The second law is PIPEDA, which is a separate statute that governs all collection, use and disclosure of personal information in connection with commercial activity. Since Google's doing commercial activity, the law requires consent for the collection and disclosure of personal information. (There's some serious doubt that the photo of your house without any other information would be your personal information.) Since street view often includes photos of people, Google would require consent to use those photos for commercial purposes. Since the Google street sweepers do not get consent, there's no easy way to have street view in Canada.
I expect that Google will have technology to blur out individuals so they can take street view to Canada and other jurisdictions where privacy laws would prohibit photos of pedestrians.
Labels: google, google street view, privacy, street view, tort
Monday, March 31, 2008
Google has announced a revamp of the Google Privacy Center:
Official Google Blog: Privacy made easier3/28/2008 07:20:00 AM Posted by Jane Horvath, Senior Privacy Counsel, and Peter Fleischer, Global Privacy Counsel
Because we're strongly committed to protecting your privacy, we want to present our privacy practices in the clearest way possible. Over the past year, we've been experimenting with video to clarify and illustrate the privacy practices set forth in our Google Privacy Policy. We've used videos to communicate with you about things like cookies, IP addresses, and logs. (Check out the Google Privacy Channel on YouTube.) And you've told us that the screen shots, whiteboard drawings, and pointers from the engineers and product managers we've captured on video are helping you better understand the fine points of our Privacy Policy.
With that in mind, today we're announcing a revamp of our Privacy Center. The new Center is a one-stop shop for privacy resources, with various multi-media formats aimed to help you further understand how we store and use data, how to control who you share your data with, and how we protect your privacy. We hope this new Center will help you make more informed privacy choices whenever you use Google products and services.
Saturday, March 29, 2008
I was interviewed last week by Out-Law.com, a service of UK firm Pinsent Masons, for an article on the recent stories out of Canadian universities about hesitation to use Google's services due to USA Patriot Act concerns. See: US Patriot Act deters Canadians from Google service OUT-LAW.COM.
Out-law also has a weekly podcast that featured this story, which includes portions of my interview. See: High quality recording (10MB, 12 minutes) or Low quality recording for 27/03/2008 (2MB, 12 minutes).
Labels: google, patriot act, privacy
Sunday, March 09, 2008
According to Reuters, the proposed merger of Google and Doubleclick is expected to clear all regulatory hurdles in the European Union despite protests of privacy advocates. See: EU set to clear Google/DoubleClick merger Technology Reuters.
Sunday, February 03, 2008
Here's a really great read from Bruce Schneier:
Schneier on Security: Security vs. PrivacyIf there's a debate that sums up post-9/11 politics, it's security versus privacy. Which is more important? How much privacy are you willing to give up for security? Can we even afford privacy in this age of insecurity? Security versus privacy: It's the battle of the century, or at least its first decade.
In a Jan. 21 New Yorker article, Director of National Intelligence Michael McConnell discusses a proposed plan to monitor all -- that's right, all -- internet communications for security purposes, an idea so extreme that the word "Orwellian" feels too mild.
The article (now online here) contains this passage:
In order for cyberspace to be policed, internet activity will have to be closely monitored. Ed Giorgio, who is working with McConnell on the plan, said that would mean giving the government the authority to examine the content of any e-mail, file transfer or Web search. "Google has records that could help in a cyber-investigation," he said. Giorgio warned me, "We have a saying in this business: 'Privacy and security are a zero-sum game.'"I'm sure they have that saying in their business. And it's precisely why, when people in their business are in charge of government, it becomes a police state. If privacy and security really were a zero-sum game, we would have seen mass immigration into the former East Germany and modern-day China. While it's true that police states like those have less street crime, no one argues that their citizens are fundamentally more secure.
We've been told we have to trade off security and privacy so often -- in debates on security versus privacy, writing contests, polls, reasoned essays and political rhetoric -- that most of us don't even question the fundamental dichotomy.
Security and privacy are not opposite ends of a seesaw; you don't have to accept less of one to get more of the other. Think of a door lock, a burglar alarm and a tall fence. Think of guns, anti-counterfeiting measures on currency and that dumb liquid ban at airports. Security affects privacy only when it's based on identity, and there are limitations to that sort of approach.
Since 9/11, approximately three things have potentially improved airline security: reinforcing the cockpit doors, passengers realizing they have to fight back and -- possibly -- sky marshals. Everything else -- all the security measures that affect privacy -- is just security theater and a waste of effort.
By the same token, many of the anti-privacy "security" measures we're seeing -- national ID cards, warrantless eavesdropping, massive data mining and so on -- do little to improve, and in some cases harm, security. And government claims of their success are either wrong, or against fake threats.
The debate isn't security versus privacy. It's liberty versus control.
You can see it in comments by government officials: "Privacy no longer can mean anonymity," says Donald Kerr, principal deputy director of national intelligence. "Instead, it should mean that government and businesses properly safeguard people's private communications and financial information." Did you catch that? You're expected to give up control of your privacy to others, who -- presumably -- get to decide how much of it you deserve. That's what loss of liberty looks like.
It should be no surprise that people choose security over privacy: 51 to 29 percent in a recent poll. Even if you don't subscribe to Maslow's hierarchy of needs, it's obvious that security is more important. Security is vital to survival, not just of people but of every living thing. Privacy is unique to humans, but it's a social need. It's vital to personal dignity, to family life, to society -- to what makes us uniquely human -- but not to survival.
If you set up the false dichotomy, of course people will choose security over privacy -- especially if you scare them first. But it's still a false dichotomy. There is no security without privacy. And liberty requires both security and privacy. The famous quote attributed to Benjamin Franklin reads: "Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety." It's also true that those who would give up privacy for security are likely to end up with neither.
This essay originally appeared on Wired.com
Labels: air travel, airlines, google, privacy, schneier
Wednesday, January 23, 2008
This is an interesting development.
In 2003, the Privacy Commissioner of Canada released a finding that strongly suggested that an IP address is "personal information" for the purposes of PIPEDA (Commissioner's Findings - PIPEDA Case Summary #25: A broadcaster accused of collecting personal information via Web site - November 20, 2001 - Privacy Commissioner of Canada). Now the European Union is taking a similar position.
This determination has implications for a range of businesses that operate websites, but particularly affects companies like Google, Yahoo! and the like.
Wired News - AP News - EU Official: IP Is PersonalBy AOIFE WHITE
AP Business Writer
BRUSSELS, Belgium (AP) -- IP addresses, string of numbers that identify computers on the Internet, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.
Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law.
He told a European Parliament hearing on online data protection that when someone is identified by an IP, or Internet protocol, address "then it has to be regarded as personal data."
His view differs from that of Google, which insists an IP address merely identifies the location of a computer, not who the individual user is - something strictly true but which does not recognize that many people regularly use the same computer terminal and IP address.
Scharr acknowledged that IP addresses for a computer may not always be personal or linked to an individual. For example, some computers in Internet cafes or offices are used by several people.
But these exceptions have not stopped the emergence of a host of "whois" Internet sites that apply the general rule that typing in an IP address will generate a name for the person or company linked to it.
Treating IP addresses as personal information would have implications for how search engines record data.
Google led the pack by being the first last year to cut the time it stored search information to 18 months. It also reduced the time limit on the cookies that collect information on how people use the Internet from a default of 30 years to an automatic expiration in two years.
But a privacy advocate at the nonprofit Electronic Privacy Information Center, or EPIC, said it was "absurd" for Google to claim that stripping out the last two figures from the stored IP address made the address impossible to identify by making it one of 256 possible configurations.
"It's one of the things that make computer people giggle," EPIC executive director Marc Rotenberg told The Associated Press. "The more the companies know about you, the more commercial value is obtained."
Google's global privacy counsel, Peter Fleischer, however, said Google collects IP addresses to give customers a more accurate service because it knows what part of the world a search result comes from and what language they use - and that was not enough to identify an individual user.
"If someone taps in 'football' you get different results in London than in New York," he said.
He said the way Google stores IP addresses meant one of them forms part of a crowd, giving valuable information on general trends without infringing on an individual's privacy.
Google says it needs to store search queries and gather information on online activity to improve its search results and to provide advertisers with correct billing information that shows that genuine users are clicking on online ads.
Internet 'click fraud' can be tracked down by showing that the same IP address is jumping repeatedly to the same ad. Advertisers pay for each time a different person views the ad, so dozens of views by the same person can rack up costs without giving the company the publicity it wanted.
Microsoft does not record the IP address that identifies an individual computer when it logs search terms. Its Internet strategy relies on users logging into the Passport network that is linked to its popular Hotmail and Messenger services.
The company's European Internet policy director, Thomas Myrup Kristensen, described the move as part of Microsoft's commitment to privacy.
"In terms of the impact on user privacy, complete and irreversible anonymity is the most important point here - more impactful than whether the data is retained for 13 versus 18 versus 24 months," he said.
But neither of the search engines received a pat on the back from Spain's data protection regulator, Artemi Rallo Lombarte, who criticized them for not trying to make their privacy policies accessible to normal people.
Their privacy policies "could very well be considered virtual or fictional ... because search engines do not sufficiently emphasize their own privacy policies on their home pages, nor are they accessible to users," he said, describing the policies as "complex and unintelligible to users."
Labels: europe, google, ip address, privacy
Tuesday, January 22, 2008
Google was able to coast through regulatory review in the US without any consideration of privacy, but Europe is a different matter:
Google spars with European lawmakers over privacy | ReutersMon Jan 21, 2008 1:54pm EST
By David Lawsky
BRUSSELS (Reuters) - Google attacked European parliamentarians and privacy advocates on Monday for trying to have competition authorities consider the handling of personal information in its $3.1 billion takeover of rival DoubleClick.
The argument was the centerpiece of a European Parliament hearing to consider the burgeoning role of the Internet in impinging on the privacy of citizens.
The U.S. Federal Trade Commission (FTC) signed off last month on Google's $3.1 billion deal, which combines its dominance in pay-per-click Internet advertising with DoubleClick's market-leading position in display ads.
After listening to a visiting FTC commissioner, U.S. and European privacy advocates and European parliamentarians question the impact of the deal on European citizens' on-line privacy, Google's global privacy counsel shot back.
"People (are) trying to take a privacy case and shoehorn it into a competition law review ... I can understand that people continue to peddle this theory in Europe after having lost in the United States," Peter Fleischer said. His attack did little to calm the waters.
"The reason you want to have the data is because it gives you a competitive advantage. It is business. I don't think they can be completely disconnected. And we should discuss that side of things too," said Sophie in 't Veld, the Dutch parliamentarian who sought the hearing.
She called information a competitive factor and declared: "Having that much information is market power."
Federal Trade Commissioner Pamela Harbour said her four colleagues at the FTC had taken a traditional approach and excluded questions of privacy in their decision. She dissented.
"I believe a traditional approach does not capture the interests of all the parties. There is no proxy for the consumer whose privacy is at stake," she said.
The European Commission has said it will not take privacy into consideration. In the past six years, it has not turned down any all-U.S. deal approved by U.S. authorities.
Fleischer, asked about the deal rationale, said Google wanted to get into banner advertising. He said his firm did not build dossiers on individuals through searches, instead using the words of each search to decide what ads to display with it.
Contractual limits would prevent Google from using DoubleClick information from individuals, he said.
Stavros Lambrinidis of Greece, who chaired the meeting, asked whether Google turned information over to government authorities.
Fleisher said that if authorities go "through a valid legal process we will respond to it".
(Editing by Dale Hudson)
Labels: doubleclick, europe, google, privacy
Wednesday, January 02, 2008
On New Year's Eve, Steve Matthews published his Clawbie awards for Canadian Legal Blogs. I was honoured to be a runner-up in the practitioner support category:
Clawbies.ca2) Best Practitioner Support Blog - Garry Wise - Year-in and year-out, Garry is one committed law blogger. He offers his opinions on almost everything, and if you do a Google search for Toronto lawyer you’ll see how blogging benefits the online exposure of his practice. If you didn’t read his Starting a law firm post back in February, please do. Garry Wise consistently offers great vision to a lot of solos across the country. Runner ups: David Fraser’s Canadian Privacy Law Blog, Hull & Hull’s Toronto Estate Law Blog
Steve has been a big promoter of this blog and I'm grateful to have gotten to know him over the past years. Check out the full listing and support your local legal blogger!
Labels: google, media-mention, privacy, vanity
Sunday, December 30, 2007
More "year in review" content, this time the worst privacy quotes of the year from CSO Magazine:
Privacy: The Worst Quotes of the Year - Web Exclusives - Online Column - CSO Magazine...And the Privvy for Doubleplusgood Newspeak of the Year goes to... Deputy Director of National Intelligence Donald Kerr
"Too often, privacy has been equated with anonymity; and it’s an idea that is deeply rooted in American culture.... But in our interconnected and wireless world, anonymity—or the appearance of anonymity—is quickly becoming a thing of the past.... We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment. Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that."Privacy advocates seized on Kerr’s Orwellian attempt to singlehandedly change the definition of privacy because, hey, it’s really hard. (Source: Office of the Director of Naval Intelligence.)
Thanks to Pogo for the link.
Labels: 2007 in review, google, privacy
Saturday, December 22, 2007
This past week, the US Federal Trade Commission gave the green light to the merger of Google and DoubleClick. As is highlighted in the official Google blog entry on the topic, privacy didn't play any part in the FTC's decision:
Official Google Blog: Analysis: The FTC clears our acquisition of DoubleClickPrivacy not a part of the merger review. Though we strongly believe in protecting our users' privacy, the FTC clearance decision reaffirmed the law by noting that privacy concerns played no role in its merger review. This is an important principle, as privacy issues need to be addressed on an industry-wide basis, and not on a company-by-company basis. The FTC wrote, "although such issues may present important policy questions for the Nation, the sole purpose of federal antitrust review of mergers and acquisitions is to identify and remedy transactions that harm competition. Not only does the Commission lack legal authority to require conditions to this merger that do not relate to antitrust, regulating the privacy requirements of just one company could itself pose a serious detriment to competition in this vast and rapidly evolving industry." The FTC also noted, however, "that the evidence does not support a conclusion" that this particular transaction will harm consumer privacy.
Data combination wouldn't pose problems. The FTC rejected the suggestion from competitors that Google would combine user information with DoubleClick's customers' data to obtain an advantage in the market, writing that the data is owned by DoubleClick’s customers and that "at bottom, the concerns raised by Google’s competitors regarding the integration of these two data sets -- should privacy concerns not prevent such integration -- really amount to a fear that the transaction will lead to Google offering a superior product to its customers." Moreover, "a number of Google’s competitors have at their disposal valuable stores of data not available to Google. For instance, Google’s most significant competitors in the ad intermediation market, Microsoft, Yahoo!, and Time Warner have access to their own unique data stores."
Labels: doubleclick, google, privacy
Tuesday, December 18, 2007
I just got a new Blackberry Curve 8310, with built-in GPS. But just before giving up my old Blackberry 8700 I installed the new Google Maps with the "my location" feature. The "my location" feature is somewhat handy but the privacy geek in my has a few questions.
The feature uses signals from the cell phone network to approximate your location within a few hundred metres (depending on the density of cell towers in your area). When I installed it, I didn't have to give it any special permission to get access to carrier information or other stuff. Handy if I want it, but it makes me wonder whether any software installed on my Blackberry can get access to this data and perhaps transmit it in the background. That certainly raises privacy issues.
If anyone knows, please let me know.
In the meantime, here's a Google promotional video on the new Google Maps:
Thursday, December 13, 2007
Seth Godin has an interesting take on privacy, particularly online:
Seth's Blog: People don't truly care about privacyPeople don't truly care about privacy
There's been a lot of noise about privacy over the last decade, but what most pundits miss is that most people don't care about privacy, not at all.
If they did, they wouldn't have credit cards. Your credit card company knows an insane amount about you.
What people care about is being surprised.
If your credit card company called you up and said, "we've been looking over your records and we see that you've been having an extramarital affair. We'd like to offer you a free coupon for VD testing..." you'd freak out, and for good reason.
If the local authorities start using what's on the corner surveillance cameras to sell you a new kind of commuter token, you'd be a little annoyed at that as well.
So far, government and big companies have gotten away with taking virtually all our privacy away by not surprising most of us, at least not in a vivid way. Libertarians are worried (probably with cause) that once the surprises start happening, it'll be too late.
This leads us to Ask.com's new Eraser service, which promises to not remember stuff about your searching. The problem they face: most people want Google and Yahoo and Amazon to remember their searches, because it leads to better results and (so far) rarely leads to surprises.
The irony is that the people who most want privacy are almost certainly the worst possible customers for a search engine. These are the folks who are unlikely to click on ads and most likely to visit the dark corners of the Net. If I were running a web property, I'd work hard to attract the people who least want privacy and want to share their ideas with everyone else
Make promises, keep them, avoid surprises. That's what most people (and the profitable people) want.
Labels: google, privacy, surveillance
Friday, November 30, 2007
Today I had the privilege of speaking at the annual professional development event of the Nova Scotia Criminal Lawyers Association, in association with the Nova Scotia Barristers' Society. The theme of the conference was very privacy-centric: Listening, Snooping and Searching: What's Right, What's Wrong.
I was also privileged to speak alongside S/Sgt Al Langille of the RCMP's integrated technology crime unit. He is a thirty-year veteran of law enforcement, including fifteen in technology crimes and computer forensics. A great guy and very privacy conscious.
My presentation, for those who may be interested, is here: http://docs.google.com/Presentation?id=ddpx56cg_48hcdnqv.
Labels: google, law enforcement, lawful access, lawful authority, media-mention, presentations, privacy, vanity, warrants
Wednesday, November 21, 2007
The Canadian federal government is planning to table legislation in Parliament today to add additional offenses to the criminal code to deal with activities that are precursors to identity theft.
I was interviewed earlier today by CTV Newsnet on the topic (on Google Video):
Here is the media release:
Government of Canada Introduces Legislation to Tackle Identity TheftGOVERNMENT OF CANADA INTRODUCES LEGISLATION TO TACKLE IDENTITY THEFT
OTTAWA, November 21, 2007 – Minister of Justice and Attorney General of Canada, the Honourable Rob Nicholson, P.C., Q.C., M.P. for Niagara Falls, today introduced legislation to help combat identity theft, which has been identified as a fast-growing problem throughout North America.
“This Government is following through on its commitment to give police the tools they need to better protect Canadians by stopping identity theft activity before the damage is done,” said Minister Nicholson. “I have tabled legislation that will make it an offence to obtain, possess or traffic in other people's identity information if it is to be used to commit a crime.”
The misuse of another person's identity information, generally referred to as identity fraud, is covered by current offences in the Criminal Code , such as personation and forgery. But the preparatory steps of collecting, possessing and trafficking in identity information are generally not captured by existing offences. The proposed legislation would create three new offences directly targeting aspects of the identity theft problem, all subject to five-year maximum sentences:
- obtaining or possessing identity information with intent to use it to commit certain crimes;
- trafficking in identity information with knowledge of or recklessness as to its intended use in the commission of certain crime; and
- unlawfully possessing and trafficking in government-issued identity documents.
Additional Criminal Code amendments would create new offences of fraudulently redirecting or causing redirection of a person's mail, possessing a counterfeit Canada Post mail key and possessing instruments for copying credit card information, in addition to the existing offence of possessing instruments for forging credit cards.
Moreover, a new power would also be added permitting the court to order, as part of a sentence, that an offender be required to pay restitution to a victim of identity theft or identity fraud where the victim has incurred expenses related to rehabilitating their identity, such as the cost of replacement cards and documents and costs in relation to correcting their credit history.
“Our Government understands that new and rapidly evolving technologies have made identity theft a widespread criminal activity that often involves organized crime,” added Minister Nicholson. “This is an issue that is harming Canada 's families, seniors and businesses. We are therefore taking action to tackle this serious problem.”
This legislative proposal is one in a new series of tackling community crime bills the Government of Canada will be introducing in this new session of Parliament. This series is in addition to the comprehensive Tackling Violent Crime Act that aims to better protect youth from sexual predators, protect society from dangerous offenders, get serious with drug impaired drivers and toughen sentencing and bail for those who commit serious gun crimes.
In addition to its plan to protect Canadians against identity theft, the Government of Canada has:
- introduced a National Anti-Drug Strategy, including legislation that would provide mandatory jail time for serious drug crimes;
- tabled legislation to strengthen the Youth Criminal Justice Act ; and announced a comprehensive review of this Act in 2008;
- invested in crime prevention community projects across Canada that target youth;
- passed legislation to increase penalties for those convicted of street racing; and
- passed legislation to end conditional sentences for serious crimes such as personal injury offences.
An online version of the legislation will be available at www.parl.gc.ca.
Here is additional coverage from CTV:
CTV.ca Tory legislation to target identity theftTory legislation to target identity theft
Updated Wed. Nov. 21 2007 11:58 AM ET
CTV.ca News Staff
The federal Conservatives will introduce legislation today aimed at charging people accused of identity theft even before stolen information is used to commit a crime.
Currently, the law makes it illegal to misuse someone's personal information to create false identification or for other fraudulent purposes.
However, it is not against the law to collect, possess or traffic another person's identity information.
The Tories want to amend the Criminal Code to make it an offence to possess someone's personal identifying information with the intent of selling it or using it to commit fraud.
"I think there's always a challenge in proving intent but we have a number of offences in our Criminal Code where intent is an important portion of proving the charge," David Fraser, a lawyer that specializes in privacy issues, told CTV.ca.
"You can do that by looking at the totality of the circumstances -- you don't necessarily have to look directly into the head of the accused."
In 2006, almost 8,000 victims reported losses of $16 million to PhoneBusters, the Canadian Anti-fraud Call Centre.
"There are probably even more who don't report it... (and) there isn't mandatory reporting from the banks or the credit bureaus who might be the first to hear about it," said Fraser.
He said the Tory initiative will give law enforcement an additional tool to help them deal with identity theft offences.
However, Fraser said attention should also be given to ensuring that businesses properly secure personal information in the first place.
"That's one of the places where information often gets into the hands of identity thieves," he said.
"Another part of it might be simply to make it a little more challenging in order for credit granters to extend credit to individuals."
Consumers can also take practical steps to protect their information by regularly checking bank statements and shredding personal documents, said Fraser.
The identity theft legislation is the latest in a flurry of anti-crime initiatives the Tories have announced this week.
On Tuesday, the Harper government introduced new legislation proposing mandatory sentencing for individuals convicted of serious drug-related crimes.
Federal Justice Minister Robert Nicholson said the new bill is designed to impose tough sentences on Canadians profiting from organized crime and violence.
If passed, Bill C-2 will impose the first mandatory sentences under the Controlled Drugs and Substances Act for people convicted of drug-related crimes.
On Monday, the Tories proposed changes to the Youth Criminal Justice Act.
The key proponents of their proposal are:
- Tougher sentences
- Allowing for pre-trial detention
- Allow courts to consider deterrence and denunciation as objectives of youth sentences
Labels: google, identity theft, media-mention, privacy, vanity
Monday, November 12, 2007
In a speech to a conference on GEOINT, Donald Kerr (principal deputy director of national intelligence) called for a redefinition of what is privacy. And his definition excludes the concept of anonymity.
The speech is worth a read as it contains such nuggets:
And that leads you directly into the concern for privacy. Too often, privacy has been equated with anonymity; and it’s an idea that is deeply rooted in American culture. The Long Ranger wore a mask but Tonto didn’t seem to need one even though he did the dirty work for free. You’d think he would probably need one even more. But in our interconnected and wireless world, anonymity – or the appearance of anonymity – is quickly becoming a thing of the past.Anonymity results from a lack of identifying features. Nowadays, when so much correlated data is collected and available – and I’m just talking about profiles on MySpace, Facebook, YouTube here – the set of identifiable features has grown beyond where most of us can comprehend. We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment. Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that. Instead, privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured. And it is that framework that we need to grow and nourish and adjust as our cultures change.
I think people here, at least people close to my age, recognize that those two generations younger than we are have a very different idea of what is essential privacy, what they would wish to protect about their lives and affairs. And so, it’s not for us to inflict one size fits all. It’s a need to have it be adjustable to the needs of local societies as they evolve in our country. Eventually, we can only hope that people’s perceptions – in Hollywood and elsewhere – will catch up.
Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety. This is work that the Office of the DNI has started to do, and must continue and make a high priority. This careful balance we need to strike, however, is nothing new. With the advent of telephones, we entered a new frontier that required careful balancing between safety and privacy. We faced this challenge again at the end of the ’70s in the aftermath of the Church-Pike Hearings. And now, in the era of new technologies, we have to work to continue to keep that balance, to earn that trust, and re-earn it every day through our actions. But we also have to be willing to reopen the laws and regulations that were based on technologies that existed 1978 and adjust them to the realities of 2007 and 2008.
For some reaction to the speech, see: The Associated Press: Definition Changing for People's Privacy and US intelligence honcho channels Orwell, redefines privacy - Boing Boing.
Labels: facebook, google, privacy, social networking
The Canadian Privacy Law Blog is licensed under a
Creative Commons Attribution-Noncommercial-No Derivative Works 2.5 Canada License.