Thursday, May 26, 2011

Cloud computing presentation to University of Windsor

On May 26, 2011, I had the pleasure of speaking at the University of Windsor's annual Campus Technology Day. Windsor has just recently made the decision to "Go Google" for student e-mail services.

My topic was cloud computing and privacy (with a little bit on copyright thrown in for good measure). Here is the presentation:


There were many active tweeters using #uwctd, in case you're looking for play-by-play commentary.

Tuesday, May 17, 2011

Patrick Leahy introduces update to Electronic Communications Privacy Act

Today, May 17, 2011, Patrick Leahy introduced a bill to amend and substantially fix the Electronic Communications Privacy Act (ECPA). The bill made sense at the time it was first authored by Leahy a quarter century ago, but it has needed a substantial re-write in this cloud computing age. The most problematic provision allows obtaining stored communications that are more than 180 days old with just a subpoena, rather than a warrant based on probable cause. Twenty-five years ago, you might consider an un-downloaded e-mail message to have been abandoned, but that is no longer the case when millions of users are keeping all of their e-mails and documents in the cloud.

The Digital Due Process Coalition has been heavily lobbying for this change for some time.

For more info: Patrick Leahy introduces update to electronic privacy law - Post Tech - The Washington Post

Friday, May 6, 2011

Canadian Privacy Commissioner releases consultation report on cloud computing and online profiling

The Privacy Commissioner of Canada has just today released her report that resulted from last year's consumer consultations, which focused on cloud computing, online tracking/profiling. The report is here: Report on the 2010 Office of the Privacy Commissioner of Canada's Consultations on Online Tracking, Profiling and Targeting, and Cloud Computing.

The summary is:

In the spring of 2010, the Office of the Privacy Commissioner of Canada (OPC) held consultations on online tracking, profiling and targeting, and cloud computing. The OPC received in total 32 written submissions and held public events in Toronto, Montreal and Calgary, attended by representatives of other privacy commissioner offices and industry, as well as academics, advocates and members of the public. On October 25, 2010, the OPC released a draft report on the consultations, seeking further comments on a range of issues, from the public/private divide to cloud computing. Twelve responses were received, addressing some of these issues.

With respect to online tracking, profiling and targeting, we heard primarily about the privacy issues related to behavioural advertising: what it is, what the benefits are, what risks to privacy exist, and what self-regulatory measures are in place. In terms of general privacy concerns, the blurring of the public/private divide and its effects on reputation was seen as a significant issue that arises from online tracking, profiling and targeting. Children's activities online and the need to incorporate privacy into digital citizenship programs were also items that were raised.

The consultations were an opportunity to examine the practices of online tracking, profiling and targeting through the lens of the Personal Information Protection and Electronic Documents Act (PIPEDA). While most industry participants were of the view that PIPEDA can handle the evolving technological environment, certain challenges with respect to applying the law were raised by many respondents and participants. Defining what is (or is not) personal information, determining the appropriate form of consent, limiting the use of personal information, implementing reasonable safeguards, providing access and correction to online information, and ensuring accountability were cited as PIPEDA-related issues that need careful attention. Online tracking, profiling and targeting are still largely invisible to most individuals, and most respondents and participants agreed that greater transparency is needed for the benefit of individuals and to ensure innovation.

With respect to cloud computing, the OPC learned about the different characteristics and models of cloud computing. We heard about its benefits and risks to enterprises and consumers. Again, most respondents and participants were of the view that PIPEDA can address issues that arise from cloud computing while others suggested that more should be done. Most of the PIPEDA-related issues concerned jurisdiction and availability of personal information to third parties; safeguards; new uses for the personal information and retention; and access.

The OPC is proposing to undertake specific activities in relation to online tracking, profiling and targeting, specifically in terms of research and outreach activities, as well as policy development. The OPC also intends to reach out to individuals and small and medium-sized enterprises with respect to privacy issues related to cloud computing. The comments related to PIPEDA compliance will also be considered in any review of the legislation.