Mobile penetration is extremely high in Canada. 78% of Canadian households had a mobile phone in 2010, in young households 50% exclusively have mobiles, and 33% of Canadians generally lack landlines. Given that mobile phones hold considerably more information than ‘dumb’ landlines and are widely dispersed it is important to consider their place in our civil communications landscape. More specifically, I think we must consider the privacy and security implications associated with contemporary mobile communications devices.
In this post I begin by outlining a series of smartphone-related privacy concerns, focusing specifically on location, association, and device storage issues. I then pivot to a recent – and widely reported – survey commissioned by Canada’s federal privacy commissioner’s office. I assert that the reporting inappropriately offloads security and privacy decisions to consumers who are poorly situated to – and technically unable to – protect their privacy or secure their mobile devices. I support this by pointing to intentional exploitations of users’ ignorance about how mobile applications interact with their device environments and residing data. While the federal survey may be a useful rhetorical tool I argue that it has limited practical use.
I conclude by asserting that privacy commissioners, and government regulators more generally, must focus their attention upon the Application Programming Interfaces (APIs) of smartphones. Only by focusing on APIs will we redress the economics of ignorance that are presently relied upon to exploit Canadians and cheat them out of their personal information.
Digital literacy is a topic that is regularly raised at Internet-related events across Canada. As Garth Graham has noted, “some people will remain marginalized even when everyone is online. It’s not enough to give those who are excluded basic access to the technologies. It requires different social skills as much as different technical skills to come in from the cold of digital exclusion” (29). Perhaps in light of Canadians’ relative digital illiteracy, key Canadian policy bodies and organizations have seemingly abandoned their obligations to protect Canadian interests in the face of national and foreign belligerence. Bodies such as Industry Canada, the Canadian Radio-television Telecommunications Commission (CRTC), and the Canadian Internet Registry Authority (CIRA) are all refusing to take strong leadership roles on key digital issues that affect Canadians today.
In this post I want to first perform a quick inventory of a few ‘key issues’ that ought to be weighing upon Canadian policy bodies with authority over the Internet. I then transition to focus on what CIRA could do to take up and address some of them. I focus on this organization in particular because they are in the process of electing new members to their board; putting votes behind the right candidates might force CIRA to assume leadership over key policy issues and alleviate harms experienced by Canadians. I’ll conclude by suggesting one candidate who clearly understands these issues and has plans to resolve them, as well as how you can generally get involved in the CIRA elections.
Elections Canada recently stated that sometime after 2013 it intends to trial online voting, a system that lets citizens vote over the Internet. Fortunately, they are just committing to a trial but if the trial is conducted improperly then Elections Canada, politicians, and the Canadian public may mistakenly come to think that online voting is secure. Worse, they might see it as a valid ‘complement’ to traditional voting processes. If Canadians en masse vote using the Internet, with all of its existing and persistent infrastructural and security deficiencies, then the election is simply begging to be stolen.
While quick comparisons between the United States’ electronic voting system and the to-be-trialed Canadian online voting system would be easy to make, I want to focus exclusively on the Canadian proposition. As a result, I discuss just a small handful of the challenges in deploying critical systems into known hostile deployment environments and, more specifically, the difficulties in securing the vote in such an environment. I won’t be writing about any particular code that could be used to disrupt an election but instead about some attacks that could be used, and attackers motivated to use them, to modify or simply disrupt the Canadian electoral process. I’ll conclude by arguing that Elections Canada should set notions of online voting aside; paper voting requires a small time investment that is well worth its cost in electoral security.
Christena Nippert-Eng’s Islands of Privacy is an interview-intensive book that grapples with how her sample group of Chicago residents attempt to achieve privacy, and the regular issues they face in maintaining privacy on a day-to-day basis. She finds a strong correlation between those who have had their privacy violated and those who want to secure and defend privacy as a concept and important element of their lived experience. 74 interviews were conducted with residents of Chicago and she makes very clear that her findings and conclusions are consequently highly contingent: other populations across America and the world would likely result in very different understandings of what constitutes privacy and a violation.
Privacy is defined quite early as “about nothing less than trying to live both as a member of social units – as part of a number of larger wholes – and as an individual – a unique, individuated self” (6). Further, privacy is identified as something to be managed: it exists by managing public information. Information is seen by participants as inherently public, with effort required to make it private, though interviewed subjects do not necessarily stick to this understanding of privacy throughout their interviews. On the whole, the approach to privacy remains wrapped up in the language on control, seclusion, and selective sharing of information; in this sense, Nippert-Eng’s work can be seen as a fusion of Westin’s Privacy and Freedom and key tenets of Nissembaum’s work in Privacy in Context: Technology, Policy, and the Integrity of Social Life.
The Canadian SIGINT Summaries includes downloadable copies, along with summary, publication, and original source information, of leaked CSE documents.
Parsons, Christopher; and Molnar, Adam. (2021). “Horizontal Accountability and Signals Intelligence: Lesson Drawing from Annual Electronic Surveillance Reports,” David Murakami Wood and David Lyon (Eds.), Big Data Surveillance and Security Intelligence: The Canadian Case.
Parsons, Christopher. (2015). “Stuck on the Agenda: Drawing lessons from the stagnation of ‘lawful access’ legislation in Canada,” Michael Geist (ed.), Law, Privacy and Surveillance in Canada in the Post-Snowden Era (Ottawa University Press).
Parsons, Christopher. (2015). “The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians,” Telecom Transparency Project.
Parsons, Christopher. (2015). “Beyond the ATIP: New methods for interrogating state surveillance,” in Jamie Brownlee and Kevin Walby (Eds.), Access to Information and Social Justice (Arbeiter Ring Publishing).
Bennett, Colin; Parsons, Christopher; Molnar, Adam. (2014). “Forgetting and the right to be forgotten” in Serge Gutwirth et al. (Eds.), Reloading Data Protection: Multidisciplinary Insights and Contemporary Challenges.
Bennett, Colin, and Parsons, Christopher. (2013). “Privacy and Surveillance: The Multi-Disciplinary Literature on the Capture, Use, and Disclosure of Personal information in Cyberspace” in W. Dutton (Ed.), Oxford Handbook of Internet Studies.
McPhail, Brenda; Parsons, Christopher; Ferenbok, Joseph; Smith, Karen; and Clement, Andrew. (2013). “Identifying Canadians at the Border: ePassports and the 9/11 legacy,” in Canadian Journal of Law and Society 27(3).
Parsons, Christopher; Savirimuthu, Joseph; Wipond, Rob; McArthur, Kevin. (2012). “ANPR: Code and Rhetorics of Compliance,” in European Journal of Law and Technology 3(3).