surveillance – PrivaSecTech Wed, 13 Nov 2019 18:33:45 +0000 en-US hourly 1 Supreme Court of Canada says a wiretap is needed for text messages Wed, 27 Mar 2013 17:22:42 +0000 Continue reading Supreme Court of Canada says a wiretap is needed for text messages]]> In the Supreme Court of Canada’s case of R v. Telus, a 5-2 decision was made that law enforcement need wiretap authorization to intercept text (SMS) messages. No longer will a search warrant suffice. You can read the Canadian Civil Liberties factum [pdf], as they intervened in the case.

A few interesting quotes:

“over the last few years, Telus has received tens of thousands of search warrants, production orders and interception authorizations from police, requiring them to hand over customer information and communications” – CCLA

“Electronic surveillance has been described as the greatest leveler of human privacy ever known” R. vs Commissio 

Thanks to CCLA and CIPPIC for intervening in this case!

Are surveillance systems using biometric scanning really privacy-friendly? Fri, 31 Aug 2012 15:05:52 +0000 Continue reading Are surveillance systems using biometric scanning really privacy-friendly?]]> I read a post today on the IAPP‘s Daily Dashboard talking about a “privacy-friendly” “positive side of facial recognition”. It suggests that Ontario’s Information and Privacy Commissioner Ann Cavoukian has endorsed this usage of biometric encryption. Having a strong understanding of privacy and only a basic understanding of biometrics, I wondered how these claims were possible. The story points to an article in Business Week which only states two technical points regarding facial recognition in a casino:

First, it does scan the face of each person entering a casino, but if there is no match against the list of 15,000 addicts, the image is removed instead of being stored in a database. Second, the casinos use a form of biometric encryption for the face and personal information databases. Essentially, this means that the personal information is stored in an encrypted fashion and can be unlocked only when a face serves as a key. If a hacker were to break into the database, he would find only garbled strings of numbers and letters.

With regard to the first point, one should ask how it is verified that non-hit data is removed from the database? What are the repercussions if it is not? What stops that information from being added in the future as currently being requested with ALPR?

It mentions non-hit images will be removed from the database, if it’s non-hit data, why was it stored initially? Was the database backed up during that short time? How long does the non-hit data sit in the database?

The second part is the big mystery though – removing technical details from the article to maintain readability for the lowest common denominator reader; the idea that a hacker would only find garbled strings of letters and numbers sounds great in theory, but everything in a computer is such, as you know. Even the word “password” or a 3D full resolution image of a face, in software, is numbers and/or letters to a computer; that’s how they work.

Perhaps it’s intended as a red herring, but the phrase, “Essentially, this means that the personal information is stored in an encrypted fashion” is frightening.  What does essentially mean? What is an encrypted fashion? It’s either encrypted, or it isn’t.

There is no mention of the false positives rate in the article. In ALPR, which is simple letters and numbers comparitively, false positive estimates I’ve read are between 11% and 38% with the complex points in a face, I can only imagine a much higher number.

While I understand that a lot of the technical details have been left out of the article, the few that have been used, scream of abuse potential.

In summary, there is no evidence that
– non-hit data is not, or will never be stored, and no mechansim to detect such
– the hit data has a really high false positive rate, recording innocent people have, causing them to be interrogated
– all of the data collected and stored is encrypted in a fashion that any security related developer can’t easily reverse engineer it

It seems like this system will undoubtably affect many non-addicts who don’t want to participate in this system. This suggests this technology is not privacy friendly at all.


Kris Constable
Technical Advisor



]]> 0
Canada’s massive public traffic surveillance system Fri, 03 Feb 2012 07:14:12 +0000 Continue reading Canada’s massive public traffic surveillance system]]> Do you think such a thing could be implemented without any public consultation or corporate media attention? It exists. About 6 months ago at an Ideas Victoria meeting, Kevin S McArthur brought up the fact Victoria Police were using cameras on some of their police cars, called Automatic Licence Plate Recognition, or ALPR. As Chris Parsons and myself were in attendance, no strangers to privacy issues in Canada, we immediately had a list of questions about such a system. Who was running it (later to find out the RCMP)? How wide spread was it? Where was the data sent and/or stored? Who had access to it? What type of information was stored? How was it claimed to be used, how could it be used?

Rob Wipond was also in attendance, one of Victoria’s last freelance journalists, and one of few I know who do investigative journalism… researching stories with more than a one day turn around for a quick hit. He was also very interested, and agreed to initiate the research by submitting some freedom of information (FOI) requests.

This story takes many bizarre twists and turns, including lies, misinformation and misunderstandings by everyone involved in this system. My thanks to the folks at FOCUS Online for supporting such research. This is the type of story that should be national, but none-the-less I’m proud a “little magazine from Victoria” can be responsible for disclosing such an important breach of our civil liberties.

You can read the entire article called Hidden Surveillance in the February 2012 issue of FOCUS, which is on newsstands now.

If the story interests you, Rob went a step further and published all of the documents he received from his FOI and Federal Access to Information requests!


Disclosure: I did not participate in most of the research, only in the initial planning stages, due to potential conflict of interest with my role on the Privacy and Access committee of the BC Civil Liberties Association and other committments.