Surfing While Muslim - PowerPoint PPT Presentation

1 / 43

About This Presentation

Title:

Surfing While Muslim

Description:

Surfing While Muslim. Privacy, Freedom of Expression and the Unintended ... Conclusions: Surfing While Muslim. Muslims have become the new margins, but it could ... – PowerPoint PPT presentation

Number of Views:58

Avg rating:3.0/5.0

Slides: 44

Provided by: Ken657

Category:

more less

Transcript and Presenter's Notes

Title: Surfing While Muslim

1
Surfing While Muslim

Privacy, Freedom of Expression and the Unintended
Consequences of Cybercrime Legislation

Jason Young
Student-at-Law
Deeth Williams Wall LLP

3
Cybercrime Timeline
Apr 2004 gen. prod. bill passed.
Nov 2001 Canada signs treaty
Aug 2002 Lawful Access proposal introduced
May 2003 1st reading of Bill C-46 (gen. prod.
orders)
Feb 1997 Council of Europe committee tasked to
draft cybercrime treaty
Sep-Dec 2002 public consultations
4
Lawful Access lowers the bar

Govts three justifications
3d party order less invasive
no r.e.p in traffic data
prod. orders have precedent

5
Four Threshold Criticisms

overemphasis on physicality
less intrusive does not mean more reasonable
availability of remedies
public inferences

6
1a. Overemphasis on Physicality

degree of intrusiveness is not a matter of where
the information is located, but rather impact on
r.e.p.
R. v. Edwards, 1996 1 S.C.R. 128 at para. 34

7
1a. Overemphasis on Physicality

r.e.p. not founded in location of info in which
expectation held
Del Zotto v. Canada (Minister of National Revenue)

8
1b. Less intrusive ? more reasonable

assumes 3d party search more reasonable because
it is less intrusive
not always true

9
1b. Less intrusive ? more reasonable

Yahoo! technicians do not selectively choose or
review the contents of a subpoenaed account, but
simply hand over entire contents
U.S. v. Bach, 310 F.3d 1063, 1065 (8th Cir. 2002)

10
1c. Remedies

how can you challenge a search you dont know
about?
much less likely to know about a 3d party search
govt foists responsibility for seeking remedies
on parties with no standing
s. 8 excludes ISPs and other intermediaries even
were they so inclined to take up this role

11
1c. Remedies

The question of breach must... be assessed in
terms of the interests protected by the section
and such remedy as the court can provide to
secure them.
R. v. Rahey, 1995 4 S.C.R. 588 at para. 111

12
1c. Remedies CAIP Privacy

CAIP has been ambiguous about protecting
subscriber privacy
Code of Conduct and Privacy Code indicate no
disclosure except as required by law
leave door open w/explanatory language
not every provider is a member
BMG v. John Doe

13
1d. Public inferences

ignores capacity of new tech. and new
public-private relationships to draw public
inferences about private activities
location becomes less relevant in determining
severity of intrusion
inversion of proximity

14
2. Sui generis production orders

suggests precendent
analogous to ones used under ITA, Competition
Act, and for dial number recorders, etc.
not difficult to distinguish these categories
tax, biz info collected for regulatory purposes
DNRs reveal much less about the biographical
core

15
2. Regulatory/Administrative vs. Criminal

inquisitorial and compulsive nature of criminal
investigations triggers higher safeguards
no precedent in Cdn. law

16
2. Criminal Investigations Attract Greater
Scrutiny

BC Securities Comm. v. Branch, 1995 2 S.C.R. 3
biz docs have lesser privacy rts than personal
records
R. v. Fitzpatrick, 1995 4 S.C.R. 154 at para.
49 records statutorily compelled as a condition
of participation have little expectation of
privacy (fishing records)

17
2. Criminal Investigations Attract Greater
Scrutiny

Dagg v. Canada (Minister of Finance), 1997 2
S.C.R. 403 biz records attract lower
expectation not b/c of any label, but because of
what these records typically contain
R. v. Plant, 1993 3 S.C.R. 281 at 293 hydro
billing records did not reveal intimate details
because electricity consumption reveals very
little about our personal lifestyles

18
2. Criminal Investigations Attract Greater
Scrutiny

even if you disagree with the result in Plant,
the court engaged in the appropriate contextual
analysis
left the door open to properly assess the impact
of new tech.
R. v. Tessling, 2004 SCC 67does not change this

19
No R.E.P. in TD?

Do we have a reasonable expectation of privacy in
traffic data?

20
3. Section 8 of the Charter

everyone has the right to be secure against
unreasonable search or seizure.
leading cases on s. 8 is R. v. Plant, 1993 3
S.C.R. 281
biographical core concept

21
3. The Biographical Core

info individuals dont want to disseminate to the
state
include info which tends to reveal intimate
details of the lifestyle and personal choices
lets go fishing!

22
3. What is traffic data?

what does it traffic data actually represent?
no international consensus on legal defn
often analogized to info on outside of envelope
accurate in the analog environment, but highly
problematic in the digital environment

23
Figure 1 Traffic data on a plain old telephone
system (POTS)

20021021070824178 165 0187611205 6139574222
----------001------003sth 46 5145281768-----0013
1410260

Date Time
Caller No.
Recipient No.
Duration
24
Figure 2 Traffic data from two callers on a
wireless network

time GMT20010810010852 Cell ID115 MAC
ID00022D204724 (A)
time GMT20010810010852 Cell ID115 MAC
ID00022D042930 (B)
time GMT20010810011254 Cell ID129 MAC
ID00022D1F53C0
time GMT20010810011254 Cell ID129 MAC
ID00022D042930 (B)
time GMT20010810011254 Cell ID129 MAC
ID00022D204724 (A)
time GMT20010810011256 Cell ID41 MAC
ID00022D0A5CD0

Date Time
Location at 10852 AM (Dorval Airport)
Cell Location
Location at 11254 AM (Hilton Hotel)
25
Figure 3a Traffic data from a user connecting to
a web server

295.47.63.8 - - 05/Mar/2002151934 0000
"GET/cgi-bin/htsearch?config htdigxwordsstartre
k HTTP/1.0"20 2225
295.47.63.8 - - 05/Mar/2002151944 0000
"GET/cgi-bin/htsearch?config htdigwordsstartrek
avi HTTP/1.0"200x
192.77.63.8 - - 05/Mar/2002152035 0000
"GET/cgi-bin/htsearch?config htdigwordsconflict
war HTTP/1.0"200
211.164.33.3 - - 05/Mar/2002152132 0000
"GET/cgi-bin/htsearch?confi ghtdigxwordsSTDcli
nicKingston

Search query
Date Time
IP Address
26
3. In re Pharmatrak

identical fact pattern to Doubleclick and Avenue
A cases, but no permission to collect p.i.
accidental collection through GET method data on
Detrol.com
GET data would be considered traffic under LA,
but was not by Pharmatrak ct.

27
3. Context is important

digital traffic data in the hands of average
person may be meaningless
others with tech. or legal means, could reveal
intimate details
relates to value represented by data and
relationship of subject to third party

28
3. Traffic data should attract R.E.P.

persistence, pervasiveness, permanence changes
the nature of the info.
structural characteristics of the interface(s)
affect our understanding and behaviour
tech. inverts proximity of p.i. to subject to
extent that invasions rarely take place w/o
complicity of 3d parties

29
3a. The Three Ps

quantity/quality of data available changes the
nature of the data
richness allows profiling/meta-profiles
new info-relationships

30
3b. Interface ignorance

structural characteristics of the network fool us
ignorance about what is behind the screen
trust is a difficult thing to judge online
do we enjoy more privacy in visiting Playboy.com
than corner store?

31
3b. Interface ignorance

techno-illiteracy/opacity encourages false
assumptions
ignorance of the law is no excuse, but is
ignorance of code?
if our actions remain unmitigated, should we
suffer less privacy?

32
GET/cgi-bin/htsearch?config htdigwordsMrJason
Young261_Laurier_AveOttawaONMay_11_1973
33
3b. Interface ignorance

In U.S., no r.e.p. in what a person knowingly
exposes to the public
Canadian courts more interested in the effect of
breach on freedom and dignity of the individual
in some cases, ISPs may owe fiduciary
responsibility to subscribers

34
3b. Interface ignorance

behaviour of individuals suggests they hold
expectation of privacy
may be misplaced, but could still be reasonable
only other conclusion is that people just dont
care not supported by polling data

35
3c. Inversion of proximity

every day we engage in private behaviour on the
public Internet
R. v. Shearing, 2002 SCC 58 mundane entries in
diary still attract r.e.p. b/c of where they were
R. v. Law, 2002 SCC 10 r.e.p. derived not from
contents, but from fact they locked docs in safe

36
3c. Inversion of proximity

Shearing and Law if we take steps to preserve
privacy, this could trigger s. 8
What if we take ineffective, but bona fide steps?

37
3c. Inversion of proximity

r.e.p. email because account password protected
and little risk that any messages he sent would
be retrieved or read by anyone other than the
intended recipients for the same reason
United States v. Maxwell, 1995 42 M.J. 568, 576

38
Unintended Consequences

check against the unfettered discretion
operates as a record of accountability subject to
audit of abuse and defects in the law
diluted judicial standards grant too much
subjective discretion to individual law
enforcement officers
more difficult to audit

39
Unintended Consequences

Highway Traffic Act standards for search and
seizure have been diluted in ways similar to that
now proposed in Lawful Access
dilution of probable cause under the R.I.D.E.
program was mitigated, to an extent, by its
high-visibility and by its more or less equal
application to all motorists transiting
stationary checkpoints

40
Unintended Consequences

R.I.D.E. now replaced by random roving stops
police stop for any reason must be related to
highway safety, but very hard for courts to
ascertain this
social science data shows us that unfettered
discretion becomes a form of social control

41
Unintended Consequences