This is the basis of the follow up letter from Digital Policy Canada drafted to the CIRA sponsored Canadian Internet Forum this week. The fundamental question we need to ask, what are Canadian regulators doing to protect Canadians, as well as their intellectual property, from foreign state actors who assert legal or technical controls over them? Right now for example, the American government is attempting to position itself as the global internet police, by taking down foreign domain names, even if no laws have been broken in that country.

If you run a website, that broke no Canadian laws, how would you feel if the American, or any, foreign government took it down because they didn’t like it?

Digital policy asked this question a year ago, and requested a follow up by the end of 2011. As no response was received, help us ask the question: what are our regulators doing to protect Canadian internet sovereignty?

If you’re on twitter, you can join the discussion using the #ciraif hashtag.

You can read the entire Digital Policy Canada letter here [pdf]

Disclosure: I am a co-founder and active member of Digital Policy Canada.

Do you think such a thing could be implemented without any public consultation or corporate media attention? It exists. About 6 months ago at an Ideas Victoria meeting, Kevin S McArthur brought up the fact Victoria Police were using cameras on some of their police cars, called Automatic Licence Plate Recognition, or ALPR. As Chris Parsons and myself were in attendance, no strangers to privacy issues in Canada, we immediately had a list of questions about such a system. Who was running it (later to find out the RCMP)? How wide spread was it? Where was the data sent and/or stored? Who had access to it? What type of information was stored? How was it claimed to be used, how could it be used?

Rob Wipond was also in attendance, one of Victoria’s last freelance journalists, and one of few I know who do investigative journalism… researching stories with more than a one day turn around for a quick hit. He was also very interested, and agreed to initiate the research by submitting some freedom of information (FOI) requests.

This story takes many bizarre twists and turns, including lies, misinformation and misunderstandings by everyone involved in this system. My thanks to the folks at FOCUS Online for supporting such research. This is the type of story that should be national, but none-the-less I’m proud a “little magazine from Victoria” can be responsible for disclosing such an important breach of our civil liberties.

You can read the entire article called Hidden Surveillance in the February 2012 issue of FOCUS, which is on newsstands now.

If the story interests you, Rob went a step further and published all of the documents he received from his FOI and Federal Access to Information requests!

Disclosure: I did not participate in most of the research, only in the initial planning stages, due to potential conflict of interest with my role on the Privacy and Access committee of the BC Civil Liberties Association and other committments.

On Vancouver Island, you might pick up the Times Colonist newspaper to see what’s happening. There are little to no privacy risks if you buy it from a stand. However on the internet, where the company has the opportunity to protect you even more than the physical space, they’ve decided to try a different angle… sharing your reading habits with other companies. If you use ghostery you can see that by viewing timescolonist.com, they are sharing your viewing habits on every page you visit to at least 10 different companies, with little to no disclosure on what those third parties do with your information.

If your local newspaper isn’t a concern, which it should be, what about your financial institution?

Why are these organizations providing your private news reading habits, and online financial transactions to 3rd party companies?  If you decided to ask them, perhaps also ask how much money are they making from providing your information?

How does your local news website score? What about your financial institution? Download ghostery and find out for yourself.

It should be noted that 10 trackers doesn’t necessarily mean worse than 1 tracker; if your personal information is provided to a tracker, you have no control of what happens to it when it gets there… they could sell it to 50 more companies.

If you find any other interesting results from ghostery, let us know on twitter and we might add it!

If you’ve not heard of #SOPA yet, you likely will today. As of right now, it’s only something that techies and internet crusaders seem to be aware of. Like many of the scariest laws of the last decade, you should name your legislation something that sounds really good, but in the end does the exact opposite of what the name implies. The US PATRIOT ACT  and the Canadian Safe Streets and Communities Act are perfect examples of this. Like the US Patriot Act, it’s easiest to pass draconian legislation through when citizens are distracted and afraid, using their fear against them. My speculation is today’s public outcry will have the bills tabled… until there’s some ‘emergency’ where they can be rammed through without proper public debate.

The latest attack is on the internet as we know it, and it’s entitled the Stop Online Piracy Act. While this sounds good simply by the name, if you read it, it’s scary. It allows American private sector organizations to effectively control the global internet. They could turn your organization’s website off, if they wanted to. There’s a lot more to it, which you should read about and understand for yourself. It’s so scary, that many of the internet’s most popular websites have declared today a “blackout day”, to give you an idea of what the internet can and will be like should this legislation pass. As of writing this, Wikipedia, Google, XKCD, boingboing, reddit, oatmeal, craigslist USA, the Whitehouse and dozens of others have at least taken an official anti SOPA stance, if their site isn’t blacked out altogether for Jan 18th, 2012.

The organizations that support SOPA are American, and rely on legacy and outdated policies and legislation around copyright and intellectual property. Instead of effectively working with technology and technologists, and their users, to make the world better, they insist on controlling it with SOPA, a virtual weapon. This is like trying to ban CDs if you’re a company that makes 8 tracks. This entire industry will be completely different in 10 years, and SOPA will be an embarrassment to all involved at that time, even more so than it is now.

After the F8 conference, there is even more concern than before about what personal information Facebook has on an individual. I was sent Facebook’s personal data request form which I was told was created specifically for people in the EU. It made me think that the same request could be made under PIPEDA which is a Canadian law that gives individuals the right to expect the personal information an organization holds about them to be accurate, complete and up-to-date, and what better way to ensure this than to have the data to verify against.

As an aside, for those also in British Columbia, there is PIPA which states you have the right to:

• request corrections to your personal information
• request access to your personal information

PIPA provisions that consent must be garnered for collection of personal information; once you receive this data they have on you, did you consent to it? It’s also worth nothing that they give 40 days as a turn around time, but my understanding is under Canadian legislation they must respond within 30 days.

Interested? Fill out the form here, referencing PIPEDA and/or PIPA depending on your jurisdiction.

Right after the Facebook F8 keynote, a 15 year old noted he didn’t understand this new model Facebook was about to roll out. What might not be obvious, is that he is not the customer, he is the product. There are two sources that are motivated to get the information that Facebook has; the American administration, and private sector organizations. Imagine you are Spotify, or Nike, what would you do to get all of the information Facebook has, to do with as you wish? It’s no wonder what appears to be over 100 organizations are being integrated with the new Facebook as open graph apps. This means when you use those apps, not only does Facebook get all of that information, but also the application developer does as well.

Before adding an app, take a look at that organization’s privacy policy, specifically under the section that talks about sharing your personal information with others. Read it very carefully. Often it will say it will only share your information with it’s affiliates, but who exactly are those affiliates?

The new Facebook timeline becomes very ineffective if you’re not adding apps. Let’s say they assume the average person will install 15 of these apps, that means your personal information is now going to each of these 15 organizations as well as Facebook. You’re providing a lot of personal information to a lot of  third party organizations beyond your control.

Also this new idea of one click per app  (“reducing friction”) sounds great from a usability perspective, but it removes the ability for privacy controls on a per item basis. Imagine an app developers excitement as Facebook tells them, the user won’t be able to block any usage of the app, without blocking the entire thing?

Don’t get me wrong, I think from a usability perspective, the integration of media makes Facebook more attractive, it’s just too bad that there were no concerns for the privacy of the user’s personal information in the process. The advantage of having the amount of users they have is that users are complacent; they might complain, a few may leave, but their revenue stream will likely increase significantly, thanks to all of the personal information you provide them.

It’s been well reported on Google’s kowtowing to the Chinese government in regards to censorship. This was based on the requests of a foreign government. However that was recently changed.

More recently, I’ve discovered that Google censors specific domain names from using its hosted Google apps service. In the example below, a combination of letters in the domain name spell a swear word, like PenIsland:

Just when I start to wonder how many other things they filter, it is discovered today they’ve decided to start filtering based on requests from the American private sector movie and music industry! As reported today by Torrentfreak, they’ve even gone as far as forbidding keywords such as “uTorrent”, which is completely legal software used to download things using peer two peer networks. If you’ve ever downloaded Ubuntu GNU/Linux for example, you likely used this impressive technology. The implications of such a simple filter are staggering, it has the ability to kill a company, as well as a network protocol.

While Google had often been thought of as being open and free, even though they had the potential to filter out content, domains, software, and network protocols, the fact that they’ve now demonstrated their ability to filter each one of these means it’s time for us to hope for some competition.