Privacy Story of the Week (PSotW) - January 27

by John Wunderlich

Happy International Data Privacy Day

What with a busy weekend, and data privacy day today, I’m a little delayed in identifying and posting last week’s privacy story of the week, which is:

Canada’s privacy watchdog wants answers over NETFILE web-service change

Canada’s privacy watchdog would like some answers from the government’s tax collector after it eliminated the need for a web-access code to file personal-income tax returns online.

I choose this for the privacy story of the week partially because when I got the mail from the Canada Revenue Agency, my first thought was to file a Freedom of Information Request for any copies of a Threat/Risk Assessment or Privacy Impact Assessment relating to the change. On the face of it it appears to be a reduction in the security of the NETFILE system. Before this change, each participant would receive a code through the mail. In essence this created a type of two factor authentication system. Going forward, people who want to NETFILE only need to provide their Social Insurance Number and their date of birth.

The CRA spokesman said in the coverage of this story that since the NETFILE system does not allow users to change their address or direct deposit information no confidential information is ever revealed. Those kind of changes required the “My Account" service which does require a separate security code..

What seems to me to be the most disturbing piece about this is that the CRA proceeded with planning and announcing this change without engaging the Privacy Commissioner’s office. In organizations to whom I provide advice I usually recommend that their needs to be a privacy impact policy that sets out when a privacy impact assessment (PIA) or a threat & risk assessment (TRA) should be carried out. While the goals of the two assessments are not the same, the triggers for that assessments should be similar: If there is a change proposed to a system that collects, uses, discloses, retains, or disposes of personally identifiable information, then the organization should assess the proposed change or new system to ensure a continuity of privacy (PIA) or security (TRA) protection.

According to iPolitics, the CRA says these changes will be safe, making filing returns easier and improve service. It seems only fair to point out in passing that this change is also likely to save the government money. While it’s good to save money, this shouldn’t be at the expense of citizens or their data. The determination about whether citizen data is at risk is the purpose of doing a PIA or a TRA. Let us all hope that this has all been done, and that the controversy has arisen simply as a result of the bad communications strategy on the part of the CRA.

Other privacy stories of note

Not just for modern warfare: RCMP to expand use of drone mini-helicopters

Unmanned surveillance drones with live-streaming video and thermal-imaging technology. What could possibly go wrong? Other than maybe a whole new You Tube channel…

WhatsApp violated Canadian law, says privacy commissioner

The Canadian and Dutch privacy commissioners jointly investigate a California based mobile chat app.

Privacy visor blocks facial recognition software

Wraparound plastic glasses designed to foil surveillance cameras.

Report finds B.C. Government’s $182 million Integrated Case Management system plagued with “fundamental deficiencies”

"The B.C. Ministry of Child and Family Development has issued an interim report by a consultant hired to review the problem-plagued Integrated Case Management System, and the results are damning." 

Prof offers $100 to any Canadian who can find a ‘privacy-compliant’ surveillance camera

"After two years of offering the $100 reward to his students for educational purposes, he’s now opening it up to the entire country."

ICT and human rights: A roundup of 2012 and challenges for 2013

"Freedom of expression and privacy, two rights intertwined with the information and communication technology (ICT) sector, were very much in the spotlight in 2012. Balancing the two is not easy, and companies in the sector continue to face many difficult choices."

Fitbit To Give Employers Your Fitness Report?

According to this piece,

According to a recent report, Fitbit is working with an insurance company to “determine whether individuals who use the mobile devices visit their physicians less than those who do not use the devices." Fitbit’s Chief Revenue Officer claims, that if Fitbit can make a direct connection to reduction in medical care costs, then the floodgates would be open."

McGill gets a D on the concept of transparency

by John Wunderlich

See the text of the CCLA piece below. There is a simple solution to McGill’s problem. If the information that is being requested by the students is information that is accessible through a Freedom of Information request, then wouldn’t be much simpler to make all such data openly available to the public? If the data that should be accessible were already accessible, and searchable, not only would FOI requests go down, but the availability of such information would build trust that the institution is being run in a manner consistent with its public mandate.

Freedom of Information and Privacy are together the two sides of a scale that reduces the imbalance in power between institutions and citizens. On the one hand, citizens in a democracy must have the ability to move about in their private lives and make their choices untrammelled by the chilling effect of pervasive surveillance. AT THE SAME TIME, those in power must be curtailed in their ability to operate in secret, to enable interested citizens to know how their money is being spent and what plans are being made. 

McGill seeks right to turn down future information requests

McGill University has asked Quebec’s access to information commission to give it the right to turn down future requests from students who have repeatedly requested information.

University spokesperson Julie Fortier told the CBC that requests filed by 14 students abuse the system and would disrupt operations at the school. The requests in question include large demands, which Fortier calls “excessive”:

“She said the requests in question include demands for ‘all floor plans or maps of all buildings, tunnels and spaces maintained or operated by McGill, including emergency exits like fire escapes’ as well as ‘invoices for the filling of the fridge in the office shared by the staffs of the provost and the principal from 2002 to 2012.’” – CBC News

The motion submitted to the commission alleges the requests are “a retaliation measure against McGill in the aftermath of the 2011-2012 student protests”. Christopher Bangs, one of the respondents named in the motion and founder of the website McGilliLeaked which has published documents obtained in past access requests, says there was no coordinated effort.

The university wants to turn down the current requests. However, the university has also asked for the right to turn down future requests from any McGill student, any student journalist at the McGill Daily or Concordia University’s The Link, and anyone linked to the website McGilliLeaked if they have certain characteristics. These include requests that are “overly broad”, “frivolous”, “target trivial information” or that are “associated to one or more categories of documents and information published on McGilliLeaked”.

Privacy Story of the Week (PWotW) - January 20

by John Wunderlich

The end of genetic privacy?

Our genetic information is irreducibly and uniquely tied to who we are. Is it a surprise that as genetic analysis becomes both cheap and publicly available, we can be identified this way?

An article in Science magazine showed how researchers could use data donated by individuals to identify those individuals. A BBC article presents a nice summary of how this was done. The short version is this:

  • Individuals donated genetic material ‘anonymously’ to the 1000 Genomes project to help find the the most genetic variants that have frequencies of at least 1% of the population (the consent form for the donation provided assurances about privacy, but no guarantees - as one would expect)
  • The researchers accessed the donated data, and correlated it with open access genealogy databases, to back identify individuals  that had donated their genetic material.
  • 50 individuals were identified

The issues here are fraught, and while researchers who say that there is enormous potential in these data are correct, they fail to note that there is enormous potential for health research and also enormous potential for fraud, identity theft, and invasion of privacy. This is particularly the case in the U.S. where medical fraud is a multi-billion dollar enterprise, or where people regularly self-medicate rather than risk loss of medical insurance or employment through revealing private medical information.

Research consistently shows that people want their medical information protected at the highest level. Treating it as research data to be shared widely without protections with other researchers fails to meet that expectation. According to one survey, “43.2 percent of Canadian patients stated they have withheld or would withhold information from their care provider based on privacy concerns." When I train people on medical privacy I use the example of a patient expressing concern about their hospital gown that leaves their backside exposed and the nurse replying, “Don’t worry, I’ve seen it all before". People usually laugh at the joke but it reveals how some medical staff regularly trivialize patients’ concerns about privacy. This removes agency from a patient when they are feeling there most vulnerable and adds stress that they don’t need.

Trust by patients is at risk because of this. As more and more medical privacy breaches come to light, patients are likely to reveal less and less to their physicians and will be less likely to give consent to research. Unless and until the medical community, especially the research community, starts to actively listen and be open with patients about data AND starts to teach itself how to apply security to health IT systems more consistently, trust will continue to erode.

Other privacy stories of note

B.C. Health Ministry alerting thousands about privacy breach of personal data

Sad to say there is another government privacy breach, where the breach happened months ago and only now is there action.

On Facebook, users can no longer hide from search results

Facebook introduces "Graph Search”.  The New York Times calls it a Privacy Test, saying that Facebook’s greatest triumph has been to persuade a seventh of the world’s population to share there their personal information online. While this is an overstatement, as many people manager their online personas even if they don’t manage their privacy settings, it’s not over the top either. You only have to look at what Gizmodo found to reinforce the two basics rules to understand and use social networking sites:

  • SInce you are getting the service for free, you are not the customer - your personal information is the product. Remember this when using ‘free’ on-line service.
  • Post nothing on a social network unless you are comfortable with the same thing posted on a billboard outside your parent’s home or your workplace. 

Surveillance Strategy Is ‘Privileged and Confidential,’ FBI Says

It is clearly the case that most police have a NIMBY attitude towards protecting privacy. “Privacy should be protected, but we are the good guys and you can trust us." seems to sum it up. Another way to look at it is that some police regard everyone as suspects first and citizens second. 

We Must Choose Privacy Or Medical Breakthroughs: Statisticians ID Anonymous Study Participants

Many people would agree that scientists need free and open access to data, and to the results of their studies in order to facilitate research. I suspect that most people would also expect that scientists would also accept their responsibilities to ensure the confidentiality of the data that they have, and this is where the false dichotomy of this kind of analysis breaks down. There could be both research and privacy/security if medical researchers consistently applied basic IT security to their systems and their practices. The frequency of medical breaches suggest that medical IT practices don’t live up to this expectation.

TSA removing ‘virtual strip search’ body scanners

"Backscatter" machines being removed after failing to meet congressional deadline to install privacy software on the machines. It’s important to note here that both these and the millimeter wave machines that do have the privacy software installed collect the data for a much more detailed image than the one displayed, which means that this is more of a privacy by remediation than a privacy by design solution.

Sheriff’s Office wants to fly drones over Orange County skies

Once a military technology is built, the building company will always look for new markets. This dovetails nicely with the current climate of fear about <insert random threat of the week> and enables police to surveil everywhere.


Before you rush to judgement on this one, imagine if these were ‘democracy activists’ in the old East Germany. Wouldn’t the destruction of surveillance cameras be considered a defence of civil liberties? 

Privacy Story of the Week (PSotW) - January 13

by John Wunderlich

No need for papers, we have your license plate 

Cheap data storage, better surveillance equipment, and the false belief that knowing more instead of knowing better makes us safer leads police to a place where they end up acting like the secret police in a cheap thriller. 

There were a number of stories this week about automated license plate recognition systems (ALPR) being tested or used in a number of cities, including Ottawa and Vancouver where the privacy commissioner ordered the police to change the way that they used the cameras. While known by many names or acronyms, these systems combine character recognition technology with (usually) infrared cameras to record the license plate number of ever vehicle that they ‘see’. The systems were originally designed for fixed use, such as in a camera over an intersection (like a red-light or speeding camera).

In Ottawa the system is used to cross-check the plate number to search for outstanding warrants, stolen vehicles and driving infractions. In Vancouver, where the system was used for similar purposes, the issue for the privacy commissioner was the ‘non-hit’ data (about 98% of the data collected), that is to say the information about all the drivers whose license plate, time and location was recorded who did not have a stolen vehicle, an outstanding warrant, or a driving infraction. It turns out that this data was being turned over to the RCMP so that they could compile a list of innocent drivers in case an alibi ever needs to be checked. This reeks of the ‘If you’ve got nothing to hide, why does this bother you?" argument that is often used by surveillance advocates. Of course this misses the point of entirely. As Daniel Solove has pointed out, the prior question is, “What gives you the right?".  It is worth remembering here the 2004 case of the Edmonton Sun reporter Kerry Diotte who was critical of photo radar systems in Edmonton and was consequently targeted by some police officers, in part by using the system itself.

The head of the Ottawa Police Board seems to understand the gravity of the nature of the potential rights infringement here, and has asserted that these readers will be subject to a full public discussion about privacy safeguards. For example, the Ontario Provincial Police, working with the Ontario Privacy Commissioner’s office have engineered to delete ‘non-hit’ data within 20 minutes of collection. This seems in stark contrast to the Victoria police who have, according to an op-ed in the Victoria Times-Colonist, refused to comply with the BC Privacy Commissioner’s order and to continue to collect, store, and forward information to the RCMP. It’s not clear from the story what the original scope of the BC Commissioner’s order was. If it was for a specific police force, and not directed to the Victoria force, then they are necessarily defying a Commissioner’s order. Nonetheless it is clearly the case that the Victoria Police Board (who voted on this in-camera) have placed the convenience of their investigation above the privacy rights of the citizens they are supposed to protect. This is the attitude of a force that sees the citizenry as objects of suspicion and that need to be controlled. This is not the attitude of a police force in a modern democracy. 

Finally, in related news, even if you do manage to maintain some semblance of anonymity by not having your license plate tracked, your car has a black box that is collecting information about you and your driving habits. 

Other privacy stories of note

Privacy breach at HRSDC (again)

This time it was an unencrypted external hard drive, containing the information about 583,000 Canada Student Loan borrowers. Just what they needed on top of paying off the debts - the possibility that their data could be used for identity theft to put them farther in debt. You can see the Globe and Mail story here.

Canadian Government Unveils Big Loopholes in Anti-Spam Regulations

Intensive lobbying by business groups have watered down the effectiveness of the proposed regulations, so that we can expect continued intrusions upon our privacy. You should consider reading this in conjunction with the CBC story,Offshore telemarketers defy Canada’s do-not-call list

When Privacy and Enhanced User Experience Collide Online

Disney World’s new plan to track visitors with wireless bracelets….coming soon to a theatre near you?

Obama OKs Netflix-to-Facebook Sharing as E-Mail Privacy Reform Falters

Do you really want the default on your Netflix or other streaming video to be to share?

U.S. Spy Law Authorizes Mass Surveillance of European Citizens: Report

Is anyone surprised that the U.S. self-declared policeman to the world, arrogates to itself the right to infringe on non-U.S. citizens data sovereignty?

How Generation Y really feels about online privacy

A group of consumer panelists shared their candid thoughts on online privacy during a tell-all panel discussion on Generation Y and digital media at CES.

Report on the European Commission’s data protections (this link opens the pdf of the report)

See the commentary about this on the Privacy and Information Law Blog. Of note in the context of this week is the contradiction between the report author’s expectation of scope extending to non EU-based controllers and the above mentioned “U.S. Spy Law". More privacy conflicts ahead for the EU and the US. The tech industry, especially those that depend on user data and profiled advertising will not be pleased, according to a Wired UK piece.

Checking the Numbers Behind BC CareCard Fraud

A nice analysis, with more to come, on the proposed hi-tech provincial identity card for services.