As the Internet, cellphones and digital cameras become a bigger part of everyday life for Canadians, old issues of privacy in the public sphere are facing new dilemmas.
Google, the online search giant, tracks user habits in order to customize its advertising and refine its search alogithms. Online social networks like Facebook and MySpace often display personal information in a very public way - but offer a new, nuanced method of communication for millions.
Surveillance cameras worry many privacy advocates, but they are incredibly valuable as a law-enforcement tool. Last week's day-time shooting at a Toronto subway station illustrates this point: Within a few hours, a photo of the supected shooter was on the police website, as reported in the Globe's story, Police find trusty partner in CCTV.
Globe writer Kirk Makin alludes to this tension between privacy and technology in his Wednesday article, Technology straining paper-era privacy laws.
The problem some judges face, he writes, is an obligation to use laws written at a time when communications tended to involve pens, paper, file folders or a single telephone call.
"The courts are really struggling with how to reconcile the realities of technology with our own expectations about what it means to live private lives without the intruding eye of government," says Scott Hutchison, an expert in both privacy and new technology.
How can we expect privacy laws to adapt as technology changes? And what can we ask of corporations in order to ensure privacy and personal information continue to be protected?
Sorting through the legal and ethical implications of new technology can be incredibly complex. That's why we were excited to have Ann Cavoukian, Ontario's Information and Privacy Commissioner, with us to talk about this complex topic. You can continue the conversation on this topic by using our comment tool .
Dr. Cavoukian is recognized as one of the leading privacy experts in the world. She was appointed Commissioner in 1997, and is the first to be reappointed for a second term.
An avowed leader in the role that technology can play in protecting privacy, Dr. Cavoukian's leadership has seen her office develop a number of tools and procedures to ensure that privacy is protected in Ontario - and around the world. "Privacy by Design," a term coined by the Commissioner in '90s, has now become the primary approach to ensuring privacy in networked world - by embedding privacy into the design specifications of various technologies, thereby achieving the strongest protections.
Dr. Cavoukian's published works include Who Knows: Safeguarding Your Privacy in a Networked World, written in 1997 with Don Tapscott, and, The Privacy Payoff: How Successful Businesses Build Customer Trust, written in 2002 with Tyler Hamilton.
Editor's Note: globeandmail.com editors will read and allow or reject each question/comment. Comments/questions may be edited for length or clarity. HTML is not allowed. We will not publish questions/comments that include personal attacks on participants in these discussions, that make false or unsubstantiated allegations, that purport to quote people or reports where the purported quote or fact cannot be easily verified, or questions/comments that include vulgar language or libellous statements. Preference will be given to readers who submit questions/comments using their full name and home town, rather than a pseudonym.
Matt Frehner, globeandmail.com: Thank you, commissioner, for joining us today. I'll start us off with a question of my own.
Two recent shootings in Toronto have shown the utility of surveillance video in identifying suspects for police. You have said that this technology does not violate privacy standards. I'm wondering, with the increasing sophistication of surveillance techniques, is there the possibility for this technology to be taken too far? And, if so, what kind of technology do you see as potentially infringing on Canadians' right to privacy? What measures would you take to protect such infringements?
Dr. Cavoukian: Yes, all technology can be taken too far. But it's not just about technology, it's important to focus on process, governance and accountability. My full set of recommendations relating to ensuring privacy in video surveillance technology programs is contained in the Privacy and Video Surveillance in Mass Transit Systems: A Special Investigation Report MC07-68, available on our website ( www.ipc.on.ca).
We need to proceed in two areas: one is embedding privacy protections directly into technology ("Privacy by Design") and the second is ensuring that there is a strong protocol that provides the highest level of privacy and security.
In my travels, since I am often invited to speak at international conferences, I end my speech by issuing a challenge to the audience: I ask them if they can point me to any system of mass transit that has a higher degree of privacy protection than ours here in Toronto to let me know, because I would then take that information back to the TTC and expand the set of protections I called for in my report. You may be interested to know that I have yet to hear from anyone, which confirms my view that we have the most privacy-protective system of mass transit in the world.
Albin Forone from Canada writes: Are you most concerned right now about expanding direct government technological surveillance of those it is interested in, or by government's increasing use of electronic data that citizens have voluntarily supplied to the Googles, ISPs, cell phone providers, banks and vendors, etc? (By the way, I much admired your forcing a reasonable compromise on the Ontario adoptee/birth parent issue.)
Dr. Cavoukian: For your information, my office's jurisdiction only extends to Ontario provincial and municipal government organizations, and the health sector. Accordingly, I am less concerned with secondary uses of information in these categories because I have the ability to do something about it. You, as a member of the public can complain to me if you feel that an government organization is engaging in some unauthorized collction, use or disclosure of your personal information, electronic or otherwise. However, my hands are tied when it comes to private sector transgressions (outside of the health care system).
With respect to your first point, all privacy laws and the Criminal Code give wide latitude to law enforcement. We work closely with the police to ensure that appropriate controls are in place to minimize abuses of the system.
Blue Horseshoe from Toronto Canada writes: I think right now privacy is an illusion. What expectations should the average person hold for their own privacy over the next 5-10 years?
Dr. Cavoukian: Let me be clear: privacy is no illusion. The expectations of privacy you hold over the next ten years should be the same as the ones you hold now, provided that we can ensure that privacy is embedded into the design of technology. Just yesterday, I held a conference called The "Privacy by Design Challenge" ( www.PrivacybyDesign.ca) where I challenged the major tech companies to show me (and hundreds in the audience) how they were embedding privacy into the design of the technologies they develop. To my delight, all the major heavy hitters were there: IBM, Microsoft, HP, Intel, Sun Microsystems, and others. Privacy will only become an illusion if we stop asking for it. Check out our website for more ideas how to embed privacy into the design specifications of all new technologies.
V. E. from Ontario writes: Recent news reports indicated that telephone do-not-call lists may be for sale and people on them may be even bigger targets for telemarketers. How big is this danger, and are we now actually better off not putting our names on that list?
Dr. Cavoukian: Like you, I too find it appalling that the Do-Not-Call lists are being misused in this manner. The irony is that the U.S. introduced a Do-Not-Call list several years ago and somehow avoided problems of this magnitude. Regrettably, this is not my jurisdiction but I understand that an investigation has been launched.
Matt Frehner, globeandmail.com: I'd like to ask a follow up to a couple of the previous questions. Can you offer some examples of technology that is making use of "privacy by design", and also some that you think fall short of what you expect from tech companies?
Dr. Cavoukian: Yes, three quick examples of Privacy by Design:
1. Biometric Encryption, which embeds privacy into the design of biometrics (e.g. fingerprints, face, voice, etc) - see our white paper on our website
2. Secure Visual Object Coding, which embeds privacy into video surveillance cameras (see our TTC investigation report and Transformative Technologies paper on our website)
3. Embedding an on/off switch in identity cards containing to Radio Frequency IDentification (RFID) chips (see our Bill 85 submission and news release)
Check out www.PrivacybyDesign.ca for more ideas and examples.
Matt H from Scarborough writes: Where does personal responsibility enter into the mix? Should MySpace and Facebook really be blamed for their lapses in security? And what does it say about our society and the millenial generation that they are willing to share so many personal details on Facebook and MySpace?
Dr. Cavoukian: Yes of course, people should take personal responsibility for their actions online and offline. For this reason I regularly speak to students in high schools and universities, alerting them to the five "P's" that they should be aware of:
2. Professors (and teachers)
3. Prospective Employers
All of these categories of individuals may potentially access the information posted to your profile. Make sure you're okay with that -- it's your choice. Check out our website ( www.ipc.on.ca) for more information and our Youth Privacy Online conference that we organized last year ( www.verney.ca/ypo2008/ )
C.N. from Toronto writes: As a parent of a child who uses facebook, twitter, an iphone and things that I'm sure I'm not even aware of, what should I be talking with her about?
Dr. Cavoukian: For starters, go to our website and check out our Facebook Tipsheet "Protecting Your Privacy on Facebook." It provides the most advanced detailed instructions on how to protect your privacy and set your privacy controls on Facebook.
Or just send an email to firstname.lastname@example.org and we will send you a DVD and other materials on how to protect your privacy in online social networks.
Also, please see my answer to the previous question. The most important thing is opening up a dialogue with your children, which you clearly have initiated.
Online social networks are the way that kids communicate today, and are clearly the way of the future. That's the reason why we are reaching out to parents, teachers and users.
Kitty Burgers from Hamilton Canada writes: I would like to know if it is legal for any company (telecommunication companies and organisations, in particular), to request my SIN or drivers licence number. I have, on more than one occasion, been asked for my SIN number, but refused to provide that information. Is a company permitted to refuse service if one does not provide this information to them?
Dr. Cavoukian: Although use of the SIN is a matter of federal jurisdiction, generally the SIN may only be required by a limited number of organizations for special purposes, such as banks. For further information please see the federal Privacy Commissioner's website.
In Ontario, we regulate OHIP health cards and these may only be requested and used for health care services.
It's not uncommon for a retailer to ask to see a Driver's Licence to verify identity. However, they should not be allowed to record or photocopy it.
Matt Frehner, globeandmail.com: And that's all the time we have. I'd like to thank Dr. Cavoukian for taking questions today. Please feel free to join the conversation about privacy and technology on the comment page.