Democratic implications of privacy issues take centre stage at ‘Privacy in Peril’

By Carlo Javier

It was fitting to end Data Privacy Day on Jan. 28 with a talk called Privacy in Peril.

Organized by the Vancouver Public Library and the SFU Library, the event saw Mike Larsen of the BC Freedom of Information and Privacy Association (FIPA) and Micheal Vonn of the BC Civil Liberties Association (BCCLA) cast a light on modern issues surrounding data, surveillance, and privacy.

Larsen opened the discussions with a statement that might best capture the complicated nature of privacy amidst our increasingly digital and interconnected world: “Privacy is a collective good. Thinking about the perils that privacy faces right now requires us to think about privacy as a democratic good.” The principle is especially critical of the framework often used to analyze privacy – one that isolates issues as strictly individual-based cases (think consent forms, website cookie policy notifications). Larsen’s suggestion is to look at privacy with a holistic perspective and to see how privacy rights have implications not only to an individual, but to many other agents that may either be directly or indirectly involved.

He then put forward two concepts he deemed to be main pillars of the current state of privacy: Surveillance Capitalism as discussed in Shoshana Zuboff’s new book and Bernard E. Harcourt’s study on the Expository Society.


“Privacy is a collective good. Thinking about the perils that privacy faces right now requires us to think about privacy as a democratic good.”

– Mike Larsen

The two ideas were both entirely unsurprising, yet undeniably unsettling. While the monetization of data has become fairly well-known (and seemingly accepted), Larsen disputed the belief that the collection of our digital footprint is dedicated solely to economic means like marketing and advertising. I heard noticeable gasps from around the audience when he delved into the other side of surveillance, the one we don’t talk about enough: prediction of behaviour, political sentiment, and voting practices – and information such as these can open the possibility for the steering and manipulation of the public.

Micheal Vonn (left) of the BCCLA and Mike Larsen (right) of BC FIPA discusses the complicated state of privacy amidst an increasingly digital and interconnected society.

Although the discussion on the Expository Society veered towards a more academic vernacular, the subject in its most basic nutshell did hit close to home. It is essentially a critique on how the digital age and the dawn of social media have changed our habits, how we have become more incentivized and inclined to share personal information in public spaces, which in turn builds copious amounts of vulnerable data.

The concern about the safety of our data was a sentiment that Vonn echoed in her discussion, stating that we create more data than most places, but unfortunately, “we can’t really protect it.” Vonn also delved into sovereignty and transparency, citing the lack of ability to hold government bodies accountable, relative to the amount of access government has to our personal information. As for tips and solutions, Vonn proposed a tactic she admittedly described as unpopular – go analog. A self-confessed Luddite, Vonn spoke of the security measures created by simply leaving devices like laptops (and yes, even phones) at home when travelling or crossing the US-Canada border.

Although we only celebrate Data Privacy Day once a year, the discussion it generates allow for issues surrounding data, surveillance, and privacy to permeate our general discourse. And while the meaningful action that we seek can come so few and far between, these discussions do represent a small victory. At the end of the day, we want as many people talking and caring about these issues. After all, privacy is a collective good.

Eager to get involved in the fight for our rights? Click here to join the cause.

Carlo Javier is the community awareness and outreach coordinator at BC FIPA. He has a Bachelor’s Degree in Communication Studies from Capilano University.

Caution is necessary as artificial intelligence continues to shift the Canadian digital economy

Artificial intelligence (AI) has long been reshaping the way we live and this summer marked an important stride in Canada’s path to an even more digitally-driven economy and government.

From Jan. 19 to Sept. 21, Minister Navdeep Bains of Innovation, Science, and Economic Development (ISED) led a series of roundtables as part of the National Digital and Data Consultations – an initiative designed to determine how the country can move forward as a leader in digital innovation, while also maintaining the integrity of privacy rights and consent.

Attendee breakdown of the ISED’s National Digital and Data Consultations from this past summer. Data was gathered from an ATI request by BC FIPA.

Though Minister Bains has expressed his enthusiasm with how technological advancements – especially AI – can position the country as a global leader in innovation, critics like national Privacy Commissioner Daniel Therrien have voiced their concerns about the road we seem to be heading to. “At a time when new and intrusive targeting techniques are already influencing democratic processes and data analytics, automated decision-making technologies and artificial intelligence are raising important ethical questions that have yet to be answered, Canadians need stronger privacy laws, not more permissive ones,” Therrien told Teresa Wright of The Canadian Press.

Therrien’s stance is reflective of the current climate: as developments in AI continue to shift the technological landscape, issues surrounding privacy and consent have also grown. To address concerns with the responsibility that comes with AI, Minister Bains, along with Scott Brison, President of the Treasury Board and Minister of Digital Government, noted on TechVibes that the summer-long consultations included a diverse group of attendees from academia, civil society, and industry. Moreover, in advance of the consultations, the ISED stated that the diversity mandate means that groups representing visible minorities will also be consulted with.

Data retrieved through an Access to Information Request by the BC Freedom of Information and Privacy Association revealed that over 65% of the people consulted came from the industry sector, academia stood at 19%, while civil society was represented by 9% of the attendees. Another 5% of the reported attendees represented local government departments of their respective cities.

Attendance diversity from the four most popular consultations.

Held in 16 cities across Canada, the conferences included a session in Silicon Valley in the United States, as well as phone calls with Indigenous leaders from the First Nations Technology Council and from the First Nations Information Governance Centre. Beyond the calls, only Winnipeg, Whitehorse, and, Toronto included groups dedicated to First Nations causes. Additionally, only Winnipeg and Calgary had groups that represented the inclusion of women in the tech industry, while only Vancouver had groups representing immigration. Attendees for the Silicon Valley roundtable predominantly came from the industry sector with only one representative from academia. The consultation south of the border surprisingly featured no civil society groups, despite the proximity of groups such as the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) of Northern California.

Diversity may not always be the first issue to be addressed regarding AI responsibility, but Minister Bains and Minister Brison both reiterated on TechVibes that bias in AI systems is a matter that their respective departments are looking very closely at. They indicated that the issue will not be seen as solely a cause for concern, but also as a “potential for learning,” writing that since AI algorithms are comprised of real-life data, they can then be repurposed to flag human biases.

It is the complex logic that can lead to convoluted, bureaucratic messages like this:

“You may have heard media reports about bias found in some AI systems. This is a subject we are closely studying, both as an area of concern and of potential learning. We’re exploring automated methods to scan for these biases, and flag decisions for human reviewers if they are detected. But, by the same token, AI can help us to identify and avoid bias. Because AI systems are fed with real-life data, AI can actually help reveal existing human biases so we can account for them.”

Essentially, in order to maximize the capabilities of data-driven systems that deal with machine-learning and decision-making, more data is needed to be collected.

The ISED’s National Digital and Data Consultations included a stop in Silicon Valley.

I am no Luddite. I can be fascinated and engaged with the latest tech development just as much as anyone. I like that I can have an ongoing crossword puzzle app on my smartphone, or that I can access my fantasy basketball team from just about any internet-connected device – I am very much a fan of technology as a tool. But what we are seeing here is much bigger, I dare say even dangerous. We are already well aware that data regarding online habits and behavior have been manipulated for political means, and Minister Bains said it himself, “to say that AI is coming would be to miss the fact that it’s already here.” What we don’t have are the laws and protections that will render our privacy rights impervious to the seemingly limitless capacity of AI.

 

Therrien’s words to the ETHI committee ring an ominous, yet rightfully cautious bell. “Individual privacy is not a right we simply trade off for innovation, efficiency or commercial gain. No one has freely consented to having their personal information weaponized against them…. Similarly, we cannot allow Canadian democracy to be disrupted, nor can we permit our institutions to be undermined in a race to digitize everything and everyone simply because technology makes this possible.”

Canada has a bridge to cross when it comes to Artificial Intelligence. Some of us are already on the other side, and that should not mean that we should allow follow suit. Last I checked, that was what democracy was all about.

BC FIPA has filed more ATI requests on this matter and we will report on our findings as the process moves.

Carlo Javier is the Community Awareness and Outreach Coordinator at BC FIPA. He holds a Bachelor’s Degree in Communication Studies from Capilano University.

Updated: Two pieces of scotch tape that show why Statistics Canada doesn’t care about your privacy

***

Update:

As of December 3rd, 2018, one week following the publication of this blog post, and a couple of weeks after more than 400 Canadians exercised their privacy rights and requested their personal information through an OpenMedia campaign that FIPA assisted with, Statistics Canada has announced that they are suspending their practice of obtaining personal credit records from TransUnion and are delaying their plans to access the banking details of 500,000 Canadians.

Information contained in this blog post was cited in an article in the Globe and Mail that originally broke the story. 

***

I wish that was some kind of elaborate metaphor.

When I heard that Statistics Canada had been accessing the credit scores of Canadians, I wanted to find out if I was affected. I filed a request under the Privacy Act for “any records or data related to me that was received by Statistics Canada from TransUnion,” which is one of Canada’s two credit bureaus.

As someone interested in privacy and privacy rights, I was curious as to why Statistics Canada would be interested in my personal financial information and how they would safeguard it.

The offending envelope, replete with scotch tape and addressed to the wrong person.

The letter I received confirmed that Statistics Canada had, in fact, accessed my complete credit history. It was apparently protected though; the letter went on to explain that any personal information that could identify me had been scraped from my financial information. They had only recombined the information and re-identified me in order to fulfill my request (Click on the image to the below right to read the full letter).

Then they tucked these sensitive records, which contain my complete credit profile, into an envelope, attempted to close it with two pieces of scotch tape, and sent it to me in the mail.

Two pieces of scotch tape.

Forget for the moment that I had asked for electronic copies of my records and that Statistics Canada made a choice to print this sensitive financial information and send it through the mail.

Please also forget that the envelope was addressed to the wrong person.

Click the image to read about Statistics Canada’s “essential security” measures

Because I’m able to open the package, read the letter from Statistics Canada detailing the importance of safeguarding my personal financial information, flip through several pages that contain my Social Insurance Number, birth date, address, contact information, all of my banking information, including available credit, debts, accounts, balances, and more—and then I’m able to seal the envelope closed again with those same two pieces of scotch tape.

I would never know if this envelope had been opened prior to arriving at my residence.

If Statistics Canada does, in fact, take privacy seriously and does believe that it can responsibly hold the detailed and sensitive financial records of Canadians, then it needs to be able to comply with the Privacy Act in a way that doesn’t mean sacrificing privacy. That is the tragically ironic position that Statistics Canada finds itself in.

Here is one possible solution that Statistics Canada could consider employing as an additional “essential security measure”: Send an encrypted CD-ROM through the mail and provide a password in a separate letter or through email. This two-step authentication method means that anyone who interrupts the original package won’t have access to the sensitive records that Statistics Canada holds.

It would also mean providing access to the records through the means that I had initially requested.

The back of the envelope shows an intact seal.

But Statistics Canada made a choice about how they were going to respond to the request that I made through the Privacy Act. In doing so, they both fulfilled my request and put my privacy at tremendous risk. Perhaps, they were trying to send a message: Don’t bother us about our security measures if you want your data to be kept safe.

But alas, there is a saying that goes something like, “Attribute not to malice what can be attributed to incompetence.” This example illustrates why Statistics Canada shouldn’t have access to the sensitive financial information of 500,000 Canadians.

In era where trust in public bodies is eroding, and progressive technologists look towards adopting decentralized models like block chain, our government needs to be rebuilding trust. For Statistics Canada, that starts with taking decisive steps towards protecting the privacy of Canadians, of doing the fundamental work to earn the trust of its stakeholders.

And, quite frankly, two pieces of scotch tape won’t cut it.

Bryan Short is the Program Director at BC FIPA. He holds a master’s degree in Journalism and a bachelor’s degree in English Literature from the University of British Columbia. 

Civic duty and the values of an informed society

How the government’s action regarding the long-overdue FIPPA reform reflects our collective attitudes towards political issues

“International justice and privacy” by EFF-Graphics is licensed under CC BY 3.0 US

By Carlo Javier

We have an interesting relationship with our rights – especially those dealing with our freedom to access information and privacy. On one hand, conversations around such issues have certainly become more welcome in the general Canadian discourse, and on the other, conversations are ultimately just that – conversations.

I bring this to attention after quite an inspiring event took place at this year’s Right to Know Week. With the signed support of several important figures from Canada’s host of esteemed advocacy groups, the BC Freedom of Information and Privacy Association (BC FIPA) called on Premier John Horgan and Minister of Citizens’ Services Jinny Sims to immediately act on the long-overdue reforms for the Freedom of Information and Privacy Protection Act (FIPPA).

Said reforms reflect recommendations made by a review committee commissioned by the Legislative Assembly in 2016, and focus on four primary pillars:

  • To do away with an ‘oral government’ and implement a ‘duty to document’ under FIPPA’s jurisdiction, which would mandate government officials to maintain accurate and detailed records of their work;
  • To refine existing provisions – especially in sections 12 and 13 – and alleviate exploitation of loopholes;
  • To bring all subsidiaries of educational and other public bodies within the scope of the FIPPA;
  • To create real repercussions for government officials who impede freedom of information rights processes.

Notably, BC FIPA asked that the law reform be implemented before the next provincial elections (2021) and that the government commit to a tangible timetable.

In their official response, Minister Sims wrote that the government is “committed to openness and transparency” and that dramatic improvements on a legislation that dictates how the government handles and shares records cannot be done with haste. Furthermore, the response included that “updating policies, regulation and legislation” are necessary tasks prior to any actual reforms. While there is no mention of the requested timetable, Minister Sims did note that feedback from their consultations with both internal and external stakeholders should arrive in the “coming months.”

The response may seem like a strategic communications reply, but it is progress nonetheless.

Among the most resonant parts of BC FIPA’s letter to Premier Horgan and Minister Sims was a critique on how government bodies tend to react to inquiries that challenge their stance on transparency, accountability, and the right to know. For the most part, responses will be rich with endearing and supportive messages of hope and promise, but empty of meaningful and substantive action – the things that lead to actual legislative changes.

One of the signatories of the letter is Toby Mendel, Executive Director of the Centre for Law and Democracy. Toby reiterates a critical view of the government’s commitment to FIPPA reform, noting that although politicians may be keen on discussing their priorities, “concrete promises to take action” don’t exactly come as often.

“Unfortunately, Minister Sim’s letter falls precisely into this talk without walk category,” he says. “She speaks eloquently about the importance of transparency and notes that her government is ‘examining’ practically every aspect of this issue, but significantly fails to actually promise anything. We do not need another examination.”

In fairness to the government, the delay could very well be attributed to the possibility of including privacy matters and the Personal Information Protection Act (PIPA) to any impending reform. Such reasons would certainly be understandable considering the gravity of the act, but if the delay is ultimately just a means to stall, then it is only right for us to expect and demand for better.

According to Toby, FIPPA has been researched exhaustively and its shortcomings are all abundantly clear. BC’s FIPPA is especially lacking, scoring just 97 out of 150 in its Right to Information (RTI) Rating – putting it 14 points behind Canada’s top scoring jurisdiction in Newfoundland and 43 other countries around the globe.

By no means do I intend to be scathingly critical of government action or inaction, but what I can be critical of is how such attitudes – which some might even describe as bordering on apathetic – are eerily reflective of our collective mentality as citizens.

We deeply value our ability to protect our digital privacy and our right to access information. So much so that conversations within these issues are no longer happening exclusively among privacy and FOI advocates, but the general public, too. Just this year alone, we saw considerable uproar after Facebook came under fire for security breaches and data harvesting. The same reaction was directed to Air Canada and Statistics Canada after their own respective security and privacy practices became subject to controversy.

Maybe BC FIPA’s critique on government can be applied to society as well, speaking on transparency, accountability, and the right to know is one thing, but meaningful action is another.

It is baffling how these issues have so provocatively permeated the public discourse, yet meaningful progress have been so stagnant. The issue could be with how we see and accept the realities of our rights. Ideas that feel so personal and so close to home are infinitely more accessible than any acts and legislation full of legalese and political jargon. I have only been with BC FIPA for a short period, but I have seen the depth and the magnitude of our rights to protect our privacy and our rights to access information.

The two intrinsically linked ideas may seem inherently about the digital world, but it is a tremendous understatement to say that they are much more than that. FOI and privacy are our couriers to a true democracy. They are among the institutions that keep us well-informed and equipped to participate in the political environment. Nothing captures this notion better than the revelation that data collected through Facebook was used to manipulate voter choices in the 2016 US Presidential Elections and the Brexit campaign – two incidents that feel nothing short of violation of democratic rights.

BC FIPA’s letter to Premier Horgan and Minister Sims ends with the suggestion that quickly acting on the FIPPA reform will give the government an opportunity to exhibit “true leadership.” And if the government were to provide these reforms with the promptness and effort it deserves, maybe that approach will reflect itself in us too, as citizens, and as members of an informed society.

Actions speak louder than words and you don’t have to wait for legislative reform to take action, click here to exercise your democracy now.

Carlo Javier is the new Community Awareness and Outreach Coordinator at BC FIPA. He is a graduate of Capilano University’s School of Communications and is the former Editor-in-Chief of the Capilano Courier.