Thoughts

This category identifies postings that are philosophical in nature.

How To Get Your Personal Information From Social Networks

/ Christopher Parsons / 5 Comments

Photo by Evan Long

Canadian news routinely highlights the ‘dangers’ that can be associated with social networking companies collecting and storing information about Canadian citizens. Stories and articles regularly discuss how hackers can misuse your personal information, how companies store ‘everything’ about you, and how collected data is disclosed to unscrupulous third parties. While many of these stories are accurate, insofar as they cover specific instances of harm and risky behaviour, they tend to lack an important next step; they rarely explain how Canadians can get educated on data collection, retention, and disclosure processes.

Let’s be honest: any next step has to be reasonable. Expecting Canadians to flee social media en masse and return to letter writing isn’t an acceptable (or, really, an appropriate) response. Similarly, saying “tighten your privacy controls” or “be careful what you post” are of modest value, at best; many Canadians are realizing that tightening their privacy controls does little when the companies can (and do) change their privacy settings without any notice. This post is inspired by a different next step. Rather than being inspired by fear emergent from ‘the sky is falling’ news stories, what if you were inspired by knowledge that you, yourself, gained? In what follows I walk you through how to compel social networking companies to disclose what information they have about you. In the process of filing these requests you’ll learn a lot more about being a member of these social networking services and, based on what you learn, can decide whether you want to change your involvement with particular social media companies.

I start by explaining why Canadians have a legal right to compel companies to disclose and make available the information that they retain about Canadian citizens. I then provide a template letter that you can send to social networking organizations with which you have a preexisting relationship. This template is, in effect, a tool that you can use to compel companies to disclose your personal information. After providing the template I explain the significance of some of the items contained in it. Next, I outline some of the difficulties or challenges you might have in requesting your personal information and a few ways to counteract those problems. Finally, I explain how you can complain if a company does not meet its legal obligation to provide you with a copy of your personal information. By the end of this post, you’ll have everything you need to request your personal information from the social networking services to which you subscribe. Continue reading

The BC Services Card and Confused Public Outreach

/ Christopher Parsons

Photo by Jonny Wikins

Last week members of the BC government engaged in a media blitz to promote the proposed BC Services Card. As part of the blitz, BC’s Health Minister gave an interview to CBC’s All Points West to explain some of the proposed Services Card’s features. As a key Minister involved in the Services Card she understandably has been an outspoken advocate for the new initiative. Previously, BC’s Health Ministers have stridently argued that the Services Card would defray fraud, though this rhetoric has since been toned down: now the cards will remedy unknown levels of fraud, save unknown amounts of money, and facilitate undetermined kinds of data migration across government.

In what follows, I analyze the Minister’s interview with CBC to identify the confused and problematic nature of the Services Card, as it is being presented to the public. I start by noting an area where I think most residents likely support the government – some basic updates to the present CareCards – and then proceed to deficiencies in how the Minister is introducing the new Cards. I conclude by focusing on the frankly bizarre methods that the provincial government is using to ‘sell’ the card to the public and ask whether these cards could be a significant election issue later this year.

Continue reading

Checking the Numbers Behind BC CareCard Fraud

/ Christopher Parsons / 1 Comment

Image by ivers

On January 7, 2013, the British Columbia government (re)announced that the province’s new identity card, the BC Services Card, would be arriving on February 15, 2013. To date, the Office of the Information and Privacy Commissioner of British Columbia has not released her analysis of the Services Card. To date, the provincial government has been particularly recalcitrant in releasing any information about the cards short of press releases. Though members of civil society are concerned about the card it remains unclear whether they can mobilize to effectively delay or stop the card: indeed, this lack of capacity is something that is explicitly recognized in government documents that were released by ICBC.

This will be the first of a few posts on the proposed Services Card. In aggregate, the posts will examine pragmatic (e.g. fraud, security, biometric privacy) and principled (access to information problems, lack of democratic discussion surrounding the cards, secret usage of citizens’ data, function creep) criticisms of the Services Card. This particular post examines the government’s misleading claims surrounding CareCard fraud. Specifically, I interrogate the government’s assertion that there are many more CareCards in circulation than there are residents and statements that fraud presently costs the province $260 million/year or more. I conclude by stating that the government ought to clearly tell citizens what is driving the cards, given that the primary driver is almost certainly not medical fraud.

Continue reading

Brief: Social Networking and Canadian Privacy Law

/ Christopher Parsons

Image by Jessica

Last year I was invited to submit a brief to the Canadian Parliament’s Access to Information, Privacy and Ethics Committee. For my submission (.pdf), I tried to capture some of of the preliminary research findings that have been derived from social media and surveillance project I’m co-investigating with Colin Bennett. Specifically, the brief focuses on questions of jurisdiction, data retention, and data disclosure in the context of social media use in Canada. The ultimate aim of the submission was to give the committee members insight into the problems that Canadians experience when accessing the records held by social networking companies.

The project, and our research for it, has been funded through the Office of the Privacy Commissioner’s Contributions Program. Anything contained in the brief is not necessarily representative of the Office’s own positions or stances.

Abstract/Introduction:

In this submission, I highlight some of our analyses of 20 social networking sites’ privacy  policies and findings about Canadians’ ability to access their own personal information that social networking sites store. These findings let us understand how the companies running these services understand their legal jurisdictional obligations and the retention of personally identifiable information. Moreover, these discoveries let us ascertain the actual access that Canadians have to profiles that they and the identities that networking services Canadians associate with are developing. Together, these points reveal how social networking companies understand Canadians’ personal information, the conditions of data sharing, and the level of ease with which Canadians can access the information that they themselves contribute to these services. I conclude this submission by suggesting a few ways that could encourage these companies to more significantly comply with Canadian privacy laws.

Download (.pdf) “Social Networking and Canadian Privacy Law: Jurisdiction, Retention, and Disclosure

Review: In the Plex

/ Christopher Parsons

intheplexSteven Levy’s book, “In the Plex: How Google Things, Works, and Shapes Our Lives,” holistically explores the history and various products of Google Inc. The book’s significance comes from Levy’s ongoing access to various Google employees, attendance at company events and product discussions, and other Google-related cultural and business elements since the company’s inception in 1999. In essence, Levy provides us with a superb – if sometimes favourably biased – account of Google’s growth and development.

The book covers Google’s successes, failures, and difficulties as it grew from a graduate project at Stanford University to the multi-billion dollar business it is today. Throughout we see just how important algorithmic learning and automation is; core to Google’s business philosophy is that using humans to rank or evaluate things “was out of the question. First, it was inherently impractical. Further, humans were unreliable. Only algorithms – well drawn, efficiently executed, and based on sound data – could deliver unbiased results” (p. 16). This attitude of the ‘pure algorithm’ is pervasive; translation between languages is just an information problem that can – through suitable algorithms – accurately and effectively translate even the cultural uniqueness that is linked to languages. Moreover, when Google’s search algorithms routinely display anti-Semitic websites after searching for “Jew” the founders refused to modify the search algorithms because the algorithms had “spoke” and “Brin’s ideals, no matter how heartfelt, could not justify intervention. “I feel like I shouldn’t impose my beliefs on the world,” he said. “It’s a bad technology practice”” (p. 275). This is an important statement: the founders see the product of human mathematical ingenuity as non-human and lacking bias born of their human creation.

Continue reading

Understanding the Lawful Access Decryption Requirement

/ Christopher Parsons

Photo by walknboston

For several months I and a handful of others in the Canadian privacy and security community have been mulling over what Bill C-30, better known as Canada’s ‘lawful access’ legislation, might mean for the future of encryption policy in Canada. Today, I’m happy to announce that one of the fruits of these conversation, a paper that I’ve been working on with Kevin McArthur, is now public. The paper, titled “Understanding the Lawful Access Decryption Requirement,” spends a considerable amount of time considering the potential implications of the legislation. Our analysis considers how C-30 might force companies to adopt key escrows, or decryption key repositories. After identifying some of the problems associated with these repositories, we suggest how to amend the legislation to ensure that corporations will not have to establish key escrows. We conclude by outlining the dangers of leaving the legislative language as it stands today. The full abstract, and download link, follows.

Abstract

Canada’s lawful access legislation, Bill C-30, includes a section that imposes decryption requirements on telecommunications service providers. In this paper we analyze these requirements to conclude that they may force service providers to establish key escrow, or decryption key retention, programs. We demonstrate the significance of these requirements by analyzing the implications that such programs could have for online service providers, companies that provide client software to access cloud services, and the subscribers of such online services. The paper concludes by suggesting an amendment to the bill, to ensure that corporations will not have to establish escrows, and by speaking to the dangers of not implementing such an amendment.

Download paper at the Social Sciences Research Network