Last week I released a new report, The Governance of Telecommunications Surveillance: How Opaque and Unaccountable Practices and Policies Threaten Canadians, through the Telecommunications Transparency Project. The Project is associated with the Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs, University of Toronto, and the report was funded through the Canadian Internet Registration Authorities’s .CA Community Investment Program.
The report examines how contemporary telecommunications surveillance is governed in Canada. In it, we ask how much telecommunications surveillance is occurring in Canada, what actors are enabling the surveillance, to what degree those actors disclose their involvement in (and the magnitude of) surveillance, and what degree of oversight is given to the federal governments’ surveillance practices. We conclude that serious failures in transparency and accountability indicate that corporations are failing to manage Canadians’ personal information responsibly and that government irresponsibility surrounding accountability strains its credibility and aggravates citizens’ cynicism about the political process. In aggregate, these failings endanger both the development of Canada’s digital economy and aggravate the democratic deficit between citizens and their governments.
For the past several years I’ve had the privilege of working with excellent colleagues, Rob Wipond and Kevin McArthur, in opposing how Automatic License Plate Recognition (ALPR) systems are deployed in BC. It’s been a long slog, and taken a long time, and led to an awful lot of writing, but after a favourable decision by the BC Privacy Commissioner about the technology (short: it’s permissible, in limited circumstances, so long as local police don’t upload innocent license plates snapped by the cameras, and confirm the validity of algorithmically identified guilty plates) it looked like the tides had turned.
And then we learned that the Commissioner’s decision wouldn’t necessarily apply to the RCMP. In response, Vincent Gogolek of the BC Freedom of Information and Privacy Association wrote piece about the limits of the BC Commissioner’s mandate, titled “It Takes Two To Kill Illegal Police Licence Surveillance.” His argument was that stopping the worst surveillance practices linked with ALPR would require ruling by the provincial and federal privacy commissioners. We also learned that some provincial police forces – which fell under the purview of the BC Commissioner – were refusing to comply with the Commissioner’s decision. This latter issue led Wipond to publishing an article titled “So it’s illegal surveillance, so what?”
In the wake of a stunning data breach the University of Victoria campus community could only hope that the institution would do everything it could to regain lost trust. One such opportunity arose this week, when controversial Google Streetview vehicles have been scheduled to canvas the campus. Unfortunately the opportunity was squandered: it is largely by accident that the campus community has – or will – learn that Google is capturing images and wireless access point information.
In this short post I want to discuss how seriously the University failed to disclose Google’s surveillance of the campus. I begin by providing a quick overview of Streetview’s privacy controversies. I then describe the serious data breach that UVic suffered earlier this year, which has left the institution with a significant trust deficit. A discussion of the institution’s failure to disclose Google’s presence to the community, and attempts to chill speech around Google’s presence, follows. I conclude by suggesting how institutions can learn from UVic’s failures and disclose the presence of controversial, potentially privacy invasive, actors in order to rebuild flagging trust deficits.
Google Streetview and Privacy
Streetview has been a controversial product since its inception. There were serious concerns as it captured images of people in sensitive places or engaged in indiscreet actions. Initially the company had a non-trivial means for individuals to remove images from the Google Streetview database. This process has subsequently been replaced with an option to blur sensitive information. Various jurisdictions have challenged Google’s conceptual and legal argument that taking images of public spaces with a Streetview vehicle are equivalent to a tourist taking pictures in a public space.
Image courtesy of UnlawfulAccess.Net
I’ll be presenting at a panel discussion on Canada’s forthcoming lawful access legislation this Thursday, January 12. It looks to be a terrific panel, and includes British Columbia’s Information and Privacy Commissioner, Elizabeth Denham, the BBCLA’s policy director, Michael Vonn, the producer of the documentary (Un)Lawful Access, Dr. Kate Milberry, and myself. Andrew Clement, professor at the University of Toronto and co-producer of (Un)Lawful Access will be moderating. In addition to a panel discussion, Drs. Milberry and Clement will be showing their documentary, (Un)Lawful Access, and the BCCLA will be revealing their report on lawful access. I’ve contributed research to the report, with my focus being on how lawful access powers are taken up and used by governments and authorities in the US and UK.
It should be a terrific event. If you’re in the area I highly recommend attending. Information is available at the event’s Facebook page and below: