Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.



Published on

Network privacy class

Published in: Education
  • Be the first to comment

  • Be the first to like this


  1. 1. Global Information Law and Practice Network Privacy January 16, 2018 professor michael geist university of ottawa, faculty of law
  2. 2. Network Privacy Case Study Emmanuel Goldstein, a well-known computer programmer, calls you in a panic. “I need to talk to you right away”, he says, barely able to catch his breath. “You’re the leading privacy expert in the country and I’ve just experienced the most bizarre hour of my life. I’m hoping you can provide some quick advice.” You tell Goldstein to calm down and tell you what happened. “Well, I was walking my dog around the neighbourhood, when suddenly a policeman approached me. He said that there had just been a robbery a few blocks away and they were investigating. He asked me to hand over identification and my mobile phone. My phone was on without password protection and he proceeded to search through my recent text messages. When I asked what he was doing, he told me that I was a suspect and that he was searching to see whether there was any relevant information on my phone. He then told me that he would be contacting my Internet provider to ask for my IP address in order to see if there were any online clues that might help the investigation as well as my wireless provider to check whether my cell phone contacted the tower near to the robbery. He told me he could obtain this information immediately without a warrant. Is that possible?”
  3. 3. Network Privacy Case Study Goldstein needs immediate answers: 1. Do you think the police search of the cellphone without a warrant is lawful? If so, why? 2. Do you think the ISP will provide the IP address without a warrant? 3. Do you think the wireless provider will provide the tower information on users in the area? How broad (timing, users, etc.) the disclosure might be? With or without a warrant?
  4. 4. Subscriber Information
  5. 5. Metadata Geo-location data Website data Social graph Payment data Content data
  6. 6. SCC – R. v. Spencer the Internet has exponentially increased both the quality and quantity of information that is stored about Internet users. Browsing logs, for example, may provide detailed information about users’ interests. Search engines may gather records of users’ search terms. Advertisers may track their users across networks of websites, gathering an overview of their interests and concerns. Cookies may be used to track consumer habits and may provide information about the options selected within a website, which web pages were visited before and after the visit to the host website and any other personal information provided. The user cannot fully control or even necessarily be aware of who may observe a pattern of online activity, but by remaining anonymous – by guarding the link between the information and the identity of the person to whom it relates – the user can in large measure be assured that the activity remains private.
  7. 7. Who Wants It? • Law Enforcement • Surveillance Agencies • Private Sector (law, marketing)
  8. 8. Law Enforcement • CRTC – 1980s - Prohibit disclosure unless written consent or legally required, exception for name, address & telephone number – LSPID • provider info subject to tariff (2001) • Requires law authority • Expanded to emergency situations in 2002
  9. 9. Law Enforcement • PIPEDA Section 7 (3) For the purpose of clause 4.3 of Schedule 1, and despite the note that accompanies that clause, an organization may disclose personal information without the knowledge or consent of the individual only if the disclosure is (c) required to comply with a subpoena or warrant issued or an order made by a court, person or body with jurisdiction to compel the production of information, or to comply with rules of court relating to the production of records; (c.1) made to a government institution or part of a government institution that has made a request for the information, identified its lawful authority to obtain the information and indicated that (i) it suspects that the information relates to national security, the defence of Canada or the conduct of international affairs, (ii) the disclosure is requested for the purpose of enforcing any law of Canada, a province or a foreign jurisdiction, carrying out an investigation relating to the enforcement of any such law or gathering intelligence for the purpose of enforcing any such law, or iii) the disclosure is requested for the purpose of administering any law of Canada or a province;
  10. 10. Law Enforcement • 2005 – Canadian Coalition Against Internet Child Exploitation (“CCAICE”) creates form to allow for “pre-warrant” disclosures • Most TSPs adopt position CNA disclosures do not require a warrant • But…not all • Becomes lawful access issue
  11. 11. Lawful Access Subscriber Info (Beta) • 2007 – CNA consultation – Assumes mandatory disclosure of subscriber information – Consultation about parameters of disclosures – Minister Stockwell Day backtracks when consult becomes public
  12. 12. Lawful Access Subscriber Info 1.0 • name and address • telephone number • electronic mail address • Internet protocol address • mobile identification number • electronic serial number (ESN) • local service provider identifier • international mobile equipment identity (IMEI) number • international mobile subscriber identity (IMSI) number • subscriber identity module (SIM) card number that are associated with the subscriber’s service and equipment.
  13. 13. Lawful Access Subscriber Info 2.0 • name and address • telephone number • electronic mail address • Internet protocol address • local service provider identifier
  14. 14. Lawful Access Subscriber Info 3.0 • No mandatory disclosure • Expanded voluntary disclosure – Bill C-13 – full civil and criminal immunity for voluntary disclosures – Bill S-4 – expanded investigative bodies provision – permits voluntary disclosure to any private sector organization
  15. 15. SCC – R. v. Spencer “in the totality of the circumstances of this case, there is a reasonable expectation of privacy in the subscriber information. The disclosure of this information will often amount to the identification of a user with intimate or sensitive activities being carried out online, usually on the understanding that these activities would be anonymous. A request by a police officer that an ISP voluntarily disclose such information amounts to a search.”
  16. 16. SCC – R. v. Spencer Given that the purpose of PIPEDA is to establish rules governing, among other things, disclosure of personal information in a manner that recognizes the right of privacy of individuals with respect to their personal information (s. 3), it would be reasonable for an Internet user to expect that a simple request by police would not trigger an obligation to disclose personal information or defeat PIPEDA’s general prohibition on the disclosure of personal information without consent.
  17. 17. Rogers – Tower Info • I appreciate that cell phone data is not right up there with Wikileaks and Ashley Madison in terms of information likely to be hacked and published. It remains that it is information Canadians certainly regard as private. The law supports this conclusion.
  18. 18. Rogers – Tower Info a) One – a statement or explanation that demonstrates that the officer seeking the production order is aware of the principles of incrementalism and minimal intrusion and has tailored the requested order with that in mind. – An awareness of the Charter requirements is obviously essential to ensure that production orders are focused and Chartercompliant. b) Two – an explanation as to why all of the named locations or cell towers, and all of the requested dates and time parameters, are relevant to the investigation. – This obviously flows from what is now the s. 487.014(2)(b) Criminal Code requirement that there be reasonable grounds to believe that the documents or data requested will afford evidence respecting the commission of the offence. c) Three – an explanation as to why all of the types of records sought are relevant. - For example, the Production Orders sought bank and credit card information, and information as to name and location of the party to the telephone call or text communication who was not proximate to the robbery location. This information was clearly irrelevant to the police investigation. d) Four – any other details or parameters which might permit the target of the production order to conduct a narrower search and produce fewer records. – For example, if the evidence indicates that a robber made a series of calls lasting less than one minute this detail might permit the target of the order to narrow the search and reduce the number of records to be produced. If the evidence indicates that the robber only made telephone calls then there may be no grounds to request records of text messages. (Although the use of voice recognition software may make it difficult to distinguish between a person making a telephone call and a person dictating a text message.)
  19. 19. Rogers – Tower Info e) Five – a request for a report based on specified data instead of a request for the underlying data itself. – For example, in this case a report on which telephone numbers utilized towers proximate to multiple robbery locations would contain identifying information concerning only a small number of robbery suspects and not the personal information of more than 40,000 subscribers which the Production Orders sought. This would avoid the concern expressed by Mr. Hutchison that 99.9% of vast amounts of tower dump personal information relates to individuals who are not actually suspects. f) Six – If there is a request for the underlying data there should be a justification for that request. – In other words, there should be an explanation why the underlying data is required and why a report based on that data will not suffice. g) Seven – confirmation that the types and amounts of data that are requested can be meaningfully reviewed. – If the previous guidelines have been followed the production order should be focused which will minimize the possibility of an order to produce unmanageable amounts of data. This confirmation does, however, provide an additional assurance of Charter compliance.
  20. 20. Supreme Court of Canada Marakah Can Canadians ever reasonably expect the text messages they send to remain private, even after the messages have reached their destination? Or is the state free, regardless of the circumstances, to access text messages from a recipient’s device without a warrant? The question in this appeal is whether the guarantee against unreasonable search and seizure in s. 8 of the Canadian Charter of Rights and Freedoms can ever apply to such messages.
  21. 21. Supreme Court of Canada Marakah The subject matter of the search at issue was not Mr. Winchester’s iPhone, from which the text messages in this case were recovered. Neither the iPhone itself nor its contents generally is what the police were really after. The subject matter must, therefore, be defined more precisely. Correctly characterized, the subject matter of the search was Mr. Marakah’s “electronic conversation” with Mr. Winchester. To describe text messages as part of an electronic conversation is to take a holistic view of the subject matter of the search. This properly avoids a mechanical approach that defines the subject matter in terms of physical acts, spaces, or modalities of transmission. It also reflects the technological reality of text messaging..
  22. 22. Supreme Court of Canada Marakah The personal nature of the information that can be derived from text messages is linked to the private nature of texting. People may be inclined to discuss personal matters in electronic conversations precisely because they understand that they are private. The receipt of the information is confined to the people to whom the text message is sent. Service providers are contracted to confidentiality. Apart from possible police interception — which cannot be considered for the purpose of determining a reasonable expectation of privacy— no one else knows about the message or its contents. Indeed, it is difficult to think of a type of conversation or communication that is capable of promising more privacy than text messaging. There is no more discreet form of correspondence. Participants need not be in the same physical place; in fact, they almost never are.
  23. 23. Supreme Court of Canada Marakah a person does not lose control of information for the purposes of s. 8 simply because another person possesses it or can access it. Even where “technological reality” deprives an individual of exclusive control over his or her personal information, he or she may yet reasonably expect that information to remain safe from state scrutiny.
  24. 24. WHOIS
  25. 25. Whois
  26. 26. Whois
  27. 27. Whois Two Key Issues: • What information is collected? • What information is displayed? – To whom? – In what circumstances?
  28. 28. WhoisICANN Registrar Agreement At its expense, Registrar shall provide an interactive web page and a port 43 Whois service providing free public query-based access to up-to-date (i.e., updated at least daily) data concerning all active Registered Names sponsored by Registrar for each TLD in which it is accredited. The data accessible shall consist of elements that are designated from time to time according to an ICANN adopted specification or policy. Until ICANN otherwise specifies by means of an ICANN adopted specification or policy, this data shall consist of the following elements as contained in Registrar's database:
  29. 29. WhoisICANN Registrar Agreement The name of the Registered Name; The names of the primary nameserver and secondary nameserver(s) for the Registered Name; The identity of Registrar (which may be provided through Registrar's website); The original creation date of the registration; The expiration date of the registration; The name and postal address of the Registered Name Holder; The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the technical contact for the Registered Name; and The name, postal address, e-mail address, voice telephone number, and (where available) fax number of the administrative contact for the Registered Name.
  30. 30. Whois Required Provisions in Service Agreements with Registrants Registrar shall require all Registered Name Holders to enter into an electronic or paper registration agreement with Registrar including at least the following provisions: The Registered Name Holder shall provide to Registrar accurate and reliable contact details and promptly correct and update them during the term of the Registered Name registration, including: the full name, postal address, e-mail address, voice telephone number, and fax number if available of the Registered Name Holder; name of authorized person for contact purposes in the case of an Registered Name Holder that is an organization, association, or corporation; and the data elements listed in Subsections, and
  31. 31. Whois Required Provisions in Service Agreements with Registrants Registrar shall require all Registered Name Holders to enter into an electronic or paper registration agreement with Registrar including at least the following provisions: A Registered Name Holder's willful provision of inaccurate or unreliable information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder's registration shall constitute a material breach of the Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name registration.
  32. 32. Whois Intersection with: • Intellectual property • Security/Law Enforcement • Privacy • Spam/Phishing • Free Speech • Government
  33. 33. CIRA Whois • Major change in 2008 • Remove data on individual registrants (personal info) --> 45% of registrations • CIRA serves as intermediary for contacting registrants • Exceptions for: – Law enforcement – IP issues