Article on privacy legislation shortfalls in Canada
Privacy breaches expose flaws in law
January 22, 2007
MICHAEL GEIST
http://www.thestar.com/Business/article/173418
-or-
http://www.michaelgeist.ca/content/view/1626/159/
Privacy took centre stage in Canada late last week as TJX Cos., the parent company of retail giants Winners and HomeSense, disclosed that as many as 2 million Canadian credit cards may have been accessed by computer hackers. Fewer than 24 hours later, the CIBC revealed that account information for 470,000 customers of its subsidiary Talvest Mutual Funds had been lost when a computer file went missing while in transit between company offices.
These two incidents, which follow a steady stream of similar security breaches in the United States, highlight the fragility of sensitive, personal information that is entrusted to Canadian businesses as well as the inadequacy of current Canadian privacy legislation.
Business groups have cautioned against privacy law reforms, yet as the risk of identity theft grows, the calls for change are likely to become more vocal.
CAUCE Canada's letter of support for the MAAWG Senders' BCP
To whom it may concern,
Having reviewed the document at http://www.maawg.org/about/MAAWG_Senders_BCP, our comments are as follows:
We feel this additional point under Section 1 b) would be appropriate;
iii. Additional consideration must be reviewed for the secondary use of personally identifiable information, when considering contact outside of the original scope of consent provided by the email user,
while remaining in line with item 1 a) for each level of consent.
Additionally, we would be interested in co-sponsoring the document, pending final review of the edits made during the public consultation process.
Congratulations on an excellent piece of work.
Yours truly,
Neil Schwartzman
Chair, Board of Directors
CAUCE Canada: The Canadian Coalition Against Unsolicited Commercial Email
CAUCE (US) and CAUCE Canada positions on WHOIS data
The following message was sent in response to ICANN's solicitation of public commentary regarding the concept of obfuscating WHOIS data:
CAUCE, the Coalition Against Unsolicited Commercial E-mail and CAUCE Canada are the leading North American grassroots anti-spam organizations. They are both members of many cross-industry groups including the London Action Plan and the Anti-Spyware Coalition . Both CAUCE and CAUCE Canada are accredited ICANN At Large Structures.
Spam and related misbehavior such as phishing and spyware take a heavy toll on Internet users. Networks large and small devote an ever-increasing part of their resources to anti-spam measures merely to keep their e-mail usable. Phishing and other online fraud cause direct damage to the users who are tricked into responding, and cause all Internet users to be less confident in the Internet and less willing to use it.
WHOIS has always been a key tool for both networks and law enforcement to track and shut down spammers and phishers. Both private and government investigators use it every day to track spammers. Even forged data, which is regrettably common in WHOIS, still allows skilled investigators to link domains to habitual spammers by way of patterns found in the data.
The vast majority of Internet users will never register a domain of their own, and are instead consumers of domains. We are primarily concerned with the interests of the non-registrant majority, but we recognize that some registrants do have privacy concerns, and believe that existing registrar anonymizing servers are adequate to protect them and do not put an unreasonable burden on registrants.
A change to WHOIS that allows criminals a further opportunity to obfuscate their activities by cloaking all WHOIS data will lead to increased levels of privacy violations of by way of spam, viruses and spyware. Removing WHOIS data might provide marginally more privacy to the relatively small number of individuals who register domains, at a disproportionate cost to Internet users at large. We oppose such a change.
Letter to the Minister of Industry The Right Honourable Maxime Bernier
As you are doubtless aware, representatives from industry, Internet Service Providers (ISPs), consumer groups and government and law enforcement gathered together from May 2004-2005 in a group known as the Federal Task Force on Spam. We are two of the members of the Task Force, representing Canadian consumers and Internet users, worldwide.
The Federal Task Force on Spam submitted a comprehensive report to your predecessor, the Right Honorable David Emerson in May 2006, which he accepted and offered public assurances that its recommendations would be implemented. Among those recommendations were laws to help deal with the new threat of spam.
CAUCE Joins the London Action Plan and the Anti-Spyware Coalition
CAUCE looks forward to working with the various governments to help enforce the anti-spam laws that exist, to better understand how the laws do and don't work, and to learn how better laws might be written.
CAUCE Chair Neil Schwartzman attended the meetings in London in October, 2005.
We've also joined the Anti-Spyware Coalition, a group of makers of anti-spyware software and public interest groups. The ASC is hoping to build consensus about definitions and best practices in the area of spyware and other unwanted technologies. The group is made up of representatives from the Center for Democracy & Technology, the Canadian Internet Policy and Public Interest Clinic, AOL, Microsoft, McAfee, Symantec and many others.
While spyware isn't CAUCE's direct area of concern, the legal remedies overlap with those against spam, and the bits of the government that address spyware are the same ones that address spam. The ASC has had several private meetings to work on policy; Neil Schwartzman and John Levine attended the meetings held in Chicago and Berkeley, California in recent months.
The ASC will be holding public events on February 9, 2006 in Washington D.C. and on May 16, 2006 in Ottawa.
