Category Archives: privacy

Which is preferable: Invasive or Intrusive? (aka the Future of Canadian Census)

Back in July, when the kerfuffle over the long form census was fresh, I accused the Harper government of being disengenuous in their claims that changing the long-form census from mandatory to voluntary was due to privacy concerns over the invasiveness of the census form.

Recent permanent appointment of new Chief Statistician of Canada Wayne R. Smith (necessary due to the 2010 resignation of Chief Statistician Munir Sheikh over the census issue) and subsequent media coverage of Smith’s approach pretty much confirm that view.

Apparently Harper has asked Smith to “rethink” the census for 2016, specifically directing the Chief Statistician to look into how other countries conduct censuses. (Oh, you mean like this freely-available Sept 2010 article in Canadian Public Policy did?) The buzz that is arising from this directive is all about register-based methods that avoid mailing surveys to individuals at all. And this reinforces my assertion that the claims of concern over privacy are bogus.

Register-based censuses link administrative databases so that an individual’s profile can basically be mined for the answers to questions that would have been asked on a paper census. This is exciting for researchers and statisticians, because these registries are generally very accurate. However, for privacy advocates, giving the federal government carte blanche to link and mine federal databases is a matter of concern.

The Online Party of Canada is hosting a discussion on this topic in a  forum on their website. The original post notes:

At first glance, it would seem that most of the vital information collected by the Canadian long-form census questionnaire (2B) is already being collected, at least in part, via other governmental sources (i.e. federal, provincial, municipal, etc.):

●      Age (Q1), gender (Q2), date of birth (Q3) and most labour market activities (Q34-46) information can all be linked to our Social Insurance Number (SIN) and/or Canada Revenue Agency (CRA) data.

●      Citizenship (Q10-11) via Citizenship and Immigration Canada;

●      Place of Birth (Q9) and parents’ POB (Q25) via Provincial Birth Certificates or country of origin under the Immigration Act;

●      Mobility (Q23-24) via Canada Post (theoretically);

●      Education (Q26-32) via Provincial Departments of Education, School Boards and Post-Secondary Institutions;

●      Only a few questions related to: Activities of daily living (Q7-8), Household Activities (Q33), Language (Q13-16), Commuting (Q47) and Dwelling (QH1-H8) could not presently be answered from other sources.

But then asks:

How would Canadians feel about this alternative?

No more census. Save millions in tax dollars. More accurate data.

But our personal information would have to be linked and completely centralized. What types of mechanisms would we need to implement in order to insure confidentiality and protect ourselves from government misuse or abuse of data?

Now I’ve never heard of the OPC before, but these questions are right at the heart of the matter. The only thing  I can think of that they leave out is the question of whether inconvenient questions – questions not represented in official data and also those asking things the current government might not wish to collect – things such as self-reported ethnic identity or unpaid work hours – would be scrapped under a register-based census plan. Given that the unpaid work hours question was already scrapped (much to the chagrin of feminists), I expect this is not a large concern of the current government.

So, How do we feel? How would you feel about your medical records being linked to your tax filing and your hydro bills and your school records  and your motor vehicle records and your vital stats records and your address as listed with Canada Post and…a bunch of other things? How would you feel about a law requiring you to register all address changes with the government? Denmark astutely points out that registering your address with one central body is highly efficient. But do we trust our government the way Danes trust theirs?

The researcher in me loves the idea of the high-quality data we could get with a registry-based system. (The researcher in me is also skeptical that Canada could pull together anything like that for 2016!) However, there would have to be some serious safeguards (including updated ethical review and data stewardship processes) put in place for the privacy advocate in me to feel comfortable with it. I’d also have to feel assured that the increased data infrastructure would be available for non-governmental researchers as well as internal government use.

Last year Harper supposedly changed the census due to its invasiveness. But that’s not the right word. A lot of us were using the wrong word, because it appears that perhaps he’d like to entertain the idea of a more privacy-invasive process, as long as it would be less intrusive into our lives. No pesky, visible forms taking up our time. No census takers knocking on our doors, asking us annoying questions, making sure the population is well aware of what info the census is aiming to collect. Instead just a quiet government data-mining operation. Invasive (possibly more invasive than now), but not so intrusive.

-Greyson

ps – Incidentally, if you’re interested in reading it, the Globe & Mail has published a transcript of their whole interview with Mr. Smith, and it’s pretty enlightening. For example, until reading that I had no idea StatsCan is assuming there would be only a 50% response rate to the voluntary survey that replaced the long-form census. In this fascinating read, Smith says amazing things, including:

“The one thing we know with absolutely certainty is the response rate going to fall from making the survey voluntary.”

and

“But there is no guarantee this data will not be usable. There is no guarantee it will be subject to major non-response bias beyond the levels we’ve traditionally seen in the census.”

He also denies that there is *any scientific reason* to expect non-response bias from groups such as Inuit, non-English speakers, or immigrants.

Wow.

Advertisements

1 Comment

Filed under democracy, ethics, government, government information, inclusion/exclusion, privacy

Census Privacy is the Harper gov’t’s Girl-Power Barbie

I’m going to go ahead and assume anyone who’s reading this blog knows about the Canadian government’s recent decision to scrap the mandatory long-form national census, and attempt to replace it with a voluntary “National Household Survey” (NHS).

I’m going to assume you all know that the information from long form census is used for all kinds of governmental and non-governmental planning, including social programs, financial allotments for various uses, and, yes, library service planning.

I’m going to assume that readers all have the basic statistical proficiency (that the leaders of the Conservative party apparently lack) to know that a mandatory survey with near 100% compliance given to 20% of the population will almost certainly have greater validity that a voluntary survey of 33% of the population, because even if the absolute numbers of responses are the same under both surveys the response rate in the latter will almost certainly be lower and thus reflect self-selection/non-response bias. This, by the way, is a neat way to create policy-based evidence.

I’m also going to assume you know that the Tories are holding fast to their position, even in the face of the Chief Statistician of Canada’s resignation and overwhelming outcry from people who are not always allies on the issues.

Throughout this whole kerfuffle, the Harper government has insisted that the change is due to privacy concerns. They insist that the long form is too invasive. That people think the state should not be requiring that individuals report such personal information as the number of bedrooms in their dwellings and how we travel to work. Etc.

You probably also know that little evidence has been produced to back up the claim that many people are concerned about the invasiveness of the questions on the long-form (although in the most recent 2006 census there were refuseniks on the basis of the gov’t subcontracting census work to Lockheed, an issue that is going unmentioned today).

Privacy, eh?

Privacy, my foot! This change has nothing to do with privacy. Scrapping the long form does incredibly little to improve privacy of Canadians, and in fact may even make our personal data less private and secure.

Here’s some info about the long-form census, and voluntary StatsCan surveys, in terms of privacy. All of this is written to the best of my knowledge, so if anyone works with census data or has StatsCan connections and can clarify or expand on any of the below points, please do let me know.:

Public Release of Data

Full census data is normally released to the public after 92 years. Since the passage of S-18 in 2005, there has been an opt-in check box on the census, which must be checked in order to release that data after 92 years. Opt-in, while frustrating to researchers and genealogists who wanted opt-out instead, is a pretty high standard of privacy protection. Voluntary surveys are not released to the public, ever. Thus, it would seem that the NHS would be more private, 93 years from now, than the census. Or, rather, it would seem so if Tony Clement hadn’t assured us that they were changing things so the NHS will also be available after 92 years No word as of yet on whether the NHS will have an opt-in box.

Commercial Interest Intervention

Commercial firms do not have access to the census planning process. Commercial firms as well as non-profit researchers may purchase modules  for many voluntary surveys from Stats Can (e.g., the Canadian Community Health Survey), however. Should the long form census remain a voluntary survey, I would not be surprised at all if business were eventually granted access to this survey too. In fact, I would expect it, if the survey loses the “sacredness” of the National Census.

Privacy Safeguards

While we might never be fully confident that stewards of any data could never possibly misuse it, the census is subject to privacy safeguards above and beyond other surveys. Disclosure for any purpose prior to the 92-year blackout period would be subject to fines and penalties under the Statistics Act, which requires StatsCan employees working with this data to be sworn to secrecy. Unlike other StatsCan surveys, the Census is not available to researchers outside StatsCan as a full microdata file. It is also not eligible to be linked with other databases, unlike other data sources including other StatsCan surveys. Again, should the long-form census turn into and assume the norms of a voluntary survey, these safeguards will likely be lost.

The Short Form & Privacy

The still-mandatory short form, which nobody appears to be speaking out against, provides plenty of information on which to base discrimination (name, age, sex, marital status including whether partner is same or opposite sex, first language learned). Sexual orientation is pretty personal and invasive to ask everyone to disclose on a mandatory basis, if you ask me — perhaps more so than many of the questions on the long-form. First language-learned gives a lot of ethnicity & immigration information, even without the long form asking about where your ancestors came from.

As comment poster LindL on the Worthwhile Canadian Initiative blog writes, of the move to scrap the long form but retain the short form,

“If it’s wrong, it’s wrong. What you’re arguing is equivalent to ‘Stealing is wrong. So I’m not going to steal a car, instead I’ll just steal a bicycle’.”

Harper’s Privacy = Girl-Power Barbie

The Harper government is using privacy as a red herring here. Calling these changes to the census good for privacy is like calling a “girl power Barbie” feminist – in other words disingenuous cooptation of a real issue in order to improve market share. I fear that to take the Harper/Clement argument at face value – that this change is about privacy – is to play right into their hands.

What is the Harper government’s interpretation of Census privacy? Well, apparently that applies to the government need/ability to make private and unseen the concerns of Canadians regarding the census changes! The long-form census, although second top rated issue by participants in the recent digital economy econsultation, was buried on the site(Although I wouldn’t vote for this very specific issue to be the top concern of Canada’s digital economy, I am quite impressed that it got so many votes, continuing to add votes and hold second place *even after it was buried* on the site and could only be accessed via a direct URL.)

As a privacy and social justice advocate, the long-form census is not what I am worried about. There are a lot of less secure sources of data out there, with less redeeming social value to worry about. For me, the benefits of  responsible, privacy-sensitive data collection and stewardship sometimes outweigh the risks, but I can respect opposing opinions.

It’s one thing if you oppose any government collection of personal data. That I can respect. I think it’s a perspective that usually comes from a position of privilege, and I don’t take this stance myself, but I can respect it if you think the long form should be scrapped along with a whole bunch of other things, on principle. But THIS? Only scrapping the long form? That is not about privacy. If you want to campaign for the end of all government information gathering, fine, but the census is really not the place to start. And don’t think for a moment that the Conservative government is on your side  an end to government information-gathering

However, in a practical sense, this change is not improving the privacy of Canadians in any measurable way, and is in fact eroding the privacy of those who answer the voluntary survey as well as hurting those who don’t by virtue of providing a skewed and unreliable demographic profile of Canada.

Silver Lining?

On the upside, if they do go ahead with this plan to convert the long-form to voluntary National Household Survey, I think it’s likely that whoever is in power in 2016 will change it back. In that case, while we’ll lose the 2011 data for planning and research purposes, it will be interesting to see how and to what extent making a survey voluntary creates deviations from trends (i.e., we may be able to tease out which subgroups will & won’t respond to a voluntary survey). A natural experiment in the making!

-Greyson

ps – For whatever it’s worth, I agree with Sandra Finley that the census software etc should not be subcontracted to Lockheed Martin – much like I do not think the BC MSP data should be with Maximus. But that’s another kettle of fish.

pps- Tracey over at datalibre.ca has been researching the census as part of her PhD research and has been chronicling this recent debacle quite comprehensively.

3 Comments

Filed under ethics, government, government information, inclusion/exclusion, privacy

Privacy vs. Data: Electronic Medical Records (EMR)

My province, British Columbia, is one of many jurisdictions currently in the process of implementing eHealth, which is (in part) basically a large scale, provincially-coordinated  implementation of the Electronic Medical Record (EMR).

And I’m gonna come out and say it: I’m a privacy advocate who is pretty much in favour of government-administrated EMRs.

(Of course, there is a catch…)

I work with health data. I mean, I don’t actually lay my own grubby librarian hands on most of it, but I work in a data-rich environment and with researchers who are analyzing lots of health system data. This stuff is highly privacy sensitive. There are parts of my office I’m not even allowed in without an escort, passing a security cam, and signing a log. And that is how it should be.

I sincerely appreciate the tension between

a) the researchers who want data access and linking in order to do good research and improve health and healthcare, and

b) data stewards and privacy officers who want to protect our privacy first and foremost.

Sometimes the privacy laws and regulations make it harder to do good research, but that’s part of the process.

For example: here, we’re not allowed to identify subpopulations with particularly diagnoses anymore, to survey them, because that’s considered invasive of their privacy. Fair enough – I wouldn’t necessarily want to be subject to lots of survey requests from people who somehow found out I had disease X. However, this also understandably makes it harder to research disease X, when we can’t just pull a representative sample (or all patients) to survey/study.

Both sides – the research/access and the privacy protection side – need good advocates in order to find the best (or at least an appropriate) balance. And I do believe in that balance.

It’s kind of like how in domestic violence shelters there’s often a staff member advocating for a mother who is in shelter, and another staff members advocating for the mother’s child. Usually what’s best for mum (the primary shelter client) is best for the whole family, and there’s no apparent need for the child’s advocate. But sometimes that’s not the case, and both mum and child deserve a strong advocate who is primarily concerned with their welfare, in order to strike a balance and find a solution that is in the best interest of most people.

I’m not a perfect privacy advocate.  I do not believe the government having any information on me is necessarily a bad thing. Sure, there are days when I dream of living off the grid and having babies who never get social insurance/social security numbers. Mostly, though, I think of myself as a realist whose goal is to help the government find an appropriate balance of privacy and data.

Why? Well, because I do have some faith in evidence based practice, despite the somewhat flawed way that medical evidence (the EBP “gold standard”) has been implemented. So I do want the government to have some data on me, because I certainly don’t trust private companies more than I do public institutions, and without data, there is no evidence.

So, when I think of EMR, I think first of the good that can come of it.

Yes, there is the clinical potential: possibly reducing adverse drug reactions/interactions, and the like. Yes, likely improving communication between docs working with the same patient. But beyond those (mostly unproven) claims of the potential of the EMR, the potential for research is phenomenal, really. Even the potential for a patient to finally have access to their own, fairly complete, medical records is pretty awesome.

THEN come the “buts”: the caveats, the necessary policies and procedures to ensure optimal stewardship of this type of linkable – and in some cases already linked – data.

I have to say, up front, that there is absolutely the risk of significant breach of privacy with EMRs.

BUT most of this risk already exists. We already carry electronic data. Several existing individual databases that will combine to form the EMR in this province are already personally identifiable and potentially incriminating. Take PharmaNet, for example. PharmaNet tracks every prescription dispensed in the province. It’s made possible some research in BC that hasn’t been done anywhere else (e.g., this cool stuff that some of my colleagues are doing). However, there is certainly a need for good data stewardship, as there’s a chockload of sensitive information in that database (and there have been some noted breaches – e.g. in this .doc from FIPA).

Combining multiple database may raise the ease of identification, and give more information, but what my real concern is isn’t the linking and interoperabilityof the datasets (because, really, if PharmaNet shows an AZT script, does anyone really need corroborating doctor records to out you as HIV+?), but the privacy and security policies and procedures of the data stewards. This is the same concern today as it will be once the EMR is implemented in my province.

So no, I don’t want to Opt Out. Call me deluded, but I want all health care professionals who treat me to have access to appropriate data on my health history. I want the ER staff, when I arrive on a stretcher the day a crazy driver finally plows into my bicycle, to know about my life-threatening medication allergies ASAP.

And I’m not alone. Heck, there are people who want an EMR badly enough that they are trusting companies like Google and Microsoft with their medical information! I certainly can’t claim to fully trust my government, but I’ll take the Ministry of Health over a publicly traded company any day, when it comes to my health care and private information!

HOWEVER, I do want a Real Dialogue and some transparency about the handling of the EMR, as well as other government data. Because while I’m not signing on the Opt Out bandwagon, I do think the concerns about:

  • lack of government transparency,
  • lack of a publicly-available privacy policy governing EMR data sharing,
  • selection of a US based company managing/holding the information,
  • and lack of clarity regarding who will have access to which modules/portions of the EMR

are very valid and legitimately alarming.

We have some pretty good models of data stewardship here. Let’s learn from them, and listen to our privacy advocates and commissioners, as we move toward the inevitable EMR.

-Greyson

Leave a comment

Filed under digitization, government, Health, privacy

Librarianly committments + Privacy improvements = Facebook for me?

In my previous facebook post I said it would take 2 things to get me on Facebook (FB): trust and better terms of service (ToS, which FB now calls “Statement of rights and responsibilities”).

Since then, it has become likely that I will end up using FB as part of a KT (“knowledge trnslation,” aka making research into something that makes sense to regular non-researchy people) project for a health research group I do a bit of volunteer work with. And while I have a hunch I could possibly manage that project without actually having a personal FB account, that seems kind of awkward to me, and I don’t think I’d be able to do it as well. I got my own self into this position because the group was exploring 2.0 KT methods and of course I felt it was my duty as the librarian in the room to volunteer to shepherd such things. The upshot of this is that I’ve been appreciating this irony, and enjoying the special feeling of being someone about to go do something I’m fairly well-known for opposing. It doesn’t taste quite like crow, or my own words, but it does have a somewhat similar flavour.

However, perhaps as the spoonful of sugar helping the Facebook go down, it appears that FB may be making some of the changes I wanted (not in any way due to my request).

Right before I went on summer holidays, I noted that the privacy commissioner of Canada had issued the results of her investigation into CIPPIC’s allegations that FB infringed on users’ privacy, according to Canadian privacy law.

Maybe, just maybe, FB is responding well to the Privacy Commissioner’s requests.

Trust:

If this good response proves to be the case, it will certainly improve the company’s standing in my eyes – not to the level of a firm that sets out to do the right thing from the start, but at least to that of a firm that can be held accountable via legal measures when need be.

According to the CBC coverage,

“Facebook has agreed to prevent an application from accessing information until it obtains express consent for each category of personal information.

It also agreed to make it clear to users that they can either deactivate or delete their accounts, where deleting will remove the information entirely. And for non-users or deceased users, the company promised to change the wording of its terms of use statement and privacy policy to better spell out its practices.”

“Facebook has agreed to a timetable for the changes, and the privacy commissioner said they expect the changes to be put in effect within a year.”

Terms of Service (ToS)

The privacy commissioner’s requests address some of my ToS complaints. Looking at FB today, under “Sharing your content and information” the TOS now includes the following:

“1.  For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account (except to the extent your content has been shared with others, and they have not deleted it).

2. When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).”

Of course I’d like to know what exactly is “a reasonable period of time” and I think the Privacy Commissioner of Canada would as well. However, this is great progress, in my view, because it pretty much eliminates the risk that a picture of my kid I might upload could be used for other purposes after I delete it. I’m not really convinced that it eliminates the risk of such a picture my cousin uploads and never deletes, though. However it is a MILLION times better than what was in the TOS when I wrote about this back in February. And, whether or not this is merited, seeing this movement and responsiveness from the company makes me feel like it’s less repugnant to me.

Things in the TOS are not all ironed out yet. Here’s an area where there’s still a privacy/IP problem: “Share Links” is supposedly only to be used to link to your OWN content.  I doubt this rule is being followed, and the way the TOS is written, FB assumes you are following this rule and giving FB permission to “Use such content” (that is linked to) on Facebook. <–Not cool.  Still need to work on that one, guys.

However, I think the “Special Provisions Applicable to Developers/Operators of Applications and Websites” and “Special Provisions Applicable to Advertisers” have improved since I last looked at the TOS.  Good on you, FB for actually tightening this up, saying you will not share user info with advertisers, and starting to limit the access application developers have to users info.

In Summary:

  • FB may be responding reasonably well to the privacy commissioner’s requests
  • FB’s Terms of Service do appear to be improving
  • FB is becoming increasingly difficult for me to avoid, professionally, despite my successful resistance in my personal and activist life for the past several years

The upshot is that I may well end up there, for better or for worse. Weird, eh?

-Greyson

Leave a comment

Filed under copyright, globalization, IP, privacy, technology

Unicorns don’t exist; net neutrality is just distastefully fair

The top story on the CBC News website this evening is “Net Neutrality doesn’t exist, CRTC told.

Laugh or cry?

Internet congestion is inevitable and net neutrality does not exist, Canada’s internet regulator was told Monday at hearings on how internet providers control and manage internet traffic and speed.

But here’s the best part:

Congestion is a natural occurrence on the internet, partly due to unexpected events such as Michael Jackson’s death, said Don Bowman, chief technology officer for the network technology company Sandvine Inc.            

Got that?  It is Michael Jackson’s fault that you are being throttled! Hee.

According to the same CBC coverage, Bowman also asserts that deep packet inspection is necessary in order to keep VOIP from breaking up due to congestion.  I’m no ISP, but I have a hunch there are other options here…for example deploying other “shaping” technologies that don’t invade customer privacy, or the radical path of increasing available bandwidth.(On this note, I am quite intrigued by Scott Stevens’ suggestion “that some internet traffic management could be carried out by customers themselves rather than the ISPs” and interested in how that could work!)

What’s disturbing is that Bowman is not only acting as a CTO but speaking at this CRTC hearing, apparently without knowing that net neutrality is.  He is quoted as saying:

“In times of congestion, an unmanaged network is not a neutral network,” he said. “Inequalities in application design and user behaviour mean that an unmanaged network inherently favours certain applications and their users.”

Actually…an “unmanaged” network *is* a neutral network.  That’s pretty much the defninition, if by unmanaged you mean the ISP is not allowed to tamper with or discriminate among the content flowing across their lines.  A neutral network is a highway with no toll roads, no right to pull you over to see if you have pornography or the Little Red Book in your backpack in the passenger seat, and no ability to say that Hondas get a fast lane but Fords have to take the slow lane.

I don’t get how this guy can say net neutrality doesn’t exist.  However, if it works for him, I’m going to start declaring things I find either personally distasteful or bad for my wallet nonexistant.  Like…paying rent.  Rent payments definitely do not exist, you know.  They are but flights of fancy which we should no longer indulge. Also torture —  It doesn’t exist anymore.  And those people who say “liberry” and “I could care less” — totally fictional, you know.

Figments of the imagination.

Unicorns.

Leave a comment

Filed under government, net neutrality, privacy, privatization, technology

The Olympic Games & Information Issues (for those who don’t live here)

Most people who live in British Columbia are well aware of the multitudinous controversies surrounding the 2010 Winter Olympic Games, which will take place in Greater Vancouver & Whistler next February. However, when I talk to friends and family from other places, I am reminded what a bubble I live in.  Most people are not hearing about Olympics-related issues on a daily basis, particularly not the information policy related issues. Therefore, I thought I’d just give a little sampler of some of the oft-ridiculous but all-too-serious issues related to privacy, freedom of speech, and access to information issues arising from these games, and the doings of VANOC, the Vancouver Organizing Committee for the 2010 Olympic and Paralympic Winter Game.

Free Expression:

Trademarking

VANOC trademarked not only part of the Canadian national anthem (don’t worry, they say they will still let us sing the anthem before hockey games without a lawsuit :eyeroll:), but also common words that one would think un-trademark-able such as “winter,” “Gold” and “Silver,” thanks to a bill (C 47) pushed through the House of Commons last year, which makes using several such phrases a violation of the law.

VANOC has gone so fas as to take legal action against the pre-existing small local businesses Olympic Pizza and Olympic First-Aid Services.  (Good thing the Olympics aren’t being held south of the border; they might sue the Olympic Peninsula for infringement!)

Curtailing artistic and expressive speech in other ways

The Vancouver city council’s recently passed charter amendment (currently awaiting provincial approval) that, among other things, states that “the city may remove illegal signs from real property with limited notice, and may charge the owner for the cost of such removal.”  Illegal here being about Olympic trademark infringement, of course.  Naturally, artists who create social commentary works are up in arms about this.

Privacy:

We’re now aware that there will be  an unknown (to the public) number of security cameras that will be going up (but possibly not coming down?) by the Olympics, and the Giuliani-style police crackdown on our most vulnerable community members has begun.

One local community centre rescinded its offer to be an Olympic venue, citing privacy concerns for the local community. (Coincidentally, this centre’s bid for facility upgrade funds in the new capital budget was denied, while the neighbouring community centre that allowed VANOC to commandeer their facility had its request fulfilled.) However, this local area remains marked on the official security map, and we can only wait and see what that means.

A new wave of transit ads recently went up around the region, encouraging regular folk to report suspicious behaviour to the authorities. Look here for an example of this “Report the suspicious, not the strange” campaign. The image linked to, in case you can’t get it, is a poster encouraging you to “Call a paranormal investigator” if you see a transparent person taking a picture of a security camera in a public place in an airport, but “Call us” (the transit police) if an actual person is carrying out that same, perfectly legal activity of photographing an object in a public place. Here is a link to a transit representative’s explanation and defense of said ad campaign, with pictures of the other, less offensive, ads.

There’s going to be a conference in the fall of 2009 on “The Surveillance Games” that should prove quite provocative and fascinating to any interested in this type of privacy issues, btw.

Access to Information/FOI

It was identified by the in a “Threat Assessment” as early as 2007 that the “Access to Information and Privacy (A-TIP) can adversely affect the security of the Games…” (PDF here, heavily redacted after being subject of a FOI request by the Vancouver Sun). And VANOC seems to be taking that threat seriously.

Although they spend the public’s money (how much? we don’t know yet…), VANOC is not subject to the BC Freedom of Information Act.  Until early 2008, VANOC did, however, forward its meeting minutes to the Monistry of Economic Development, where they would then be subject to FOI requests.  This stopped abruptly and without explanation when VANOC apparently stopped taking minutes.  Interestingly, the ministry lost track of all back minutes they had received at the same time.

Not that the heavily redacted and sparse-to-begin-with minutes were a huge venue for public awareness, and input, but they were something. The fact that they contained as little information as they did and were still deemed too much to make public is impressive. When the smoke clears, likely in about 2012, one wonders what, if anything, will be left in the hands of the province to account for the billions in public funding that went into these Games.

Just for giggles

This isn’t strictly information related, but it certainly is social justice-y, so I thought I’d throw in a link here to the “2010 Inclusive Winter Games Commitment Statement.” (pdf here) Why?  Because it includes such a gems as:

  • “Make affordable tickets available for Vancouver’s low-income inner-city residents, including at risk youth and children”
  • “Develop opportunities for existing and emerging local inner-city businesses and artisans to promote their goods and services”
  • “Provide for lawful, democratic protest that is protected by the Canadian Charter of Rights and Freedoms”
  • “Ensure people are not made homeless as a result of the Winter Games”

Do you think the people who write those things believe in them, and just get disillusioned afterward, or is it tongue-in-cheek from the beginning?

-Greyson

Leave a comment

Filed under community development, copyright, government information, IP, privacy, privatization

What would it take to get me on Facebook?

In a word: Trust.

Nearly every week, I consider making a Facebook account. I get notices about events for which the full details are on Facebook. I hear stories about people connecting with old friends. My old students and old friends are surprised that they are unable to find me.

I love being in touch with people. I moved around a bit growing up and became quite the correspondent. I have boxes of letters I still move from house to house with me, treasured belongings even though I never look back at them.

Parenthood sucked up the leisure time I used to use for letter-writing, and now I email with some folk, and most years put stamps only on those embarrassing holiday letters we all send out. (Confession: Okay, I actually love reading people’s holiday letters, but I feel very unhip and un-GenX for saying that without irony.)

Friendster seemed interesting (yes, I am really GenX), but in my pre-librarian life I had rural dial-up Internet, and was still writing actual letters. Now I am online all day long, have no time for letter writing, and would be the perfect candidate for Facebook…except that I went to library school and developed this little hangup about privacy.

Privacy…ah, Facebook how you smirk at my privacy concerns. Yes, I know that Beacon was a folly that you now regret, and this week’s terms of service kerfuffle may have been overblown. But to me these moves are indicators that you are a company that doesn’t think through the privacy implications before making changes.

And while actions speak louder than words, your words worry me too, Facebook. Your terms of service (the “old”/”reinstated” ones) make me worry that someday, maybe long into the future, many terms of service later, after you have been bought and the buyer bought and that buyer bought, I will someday see my then-adult son’s young face staring back at me from an advertisement for, well, who knows what. All because my cousin uploaded a photo of him after a family vacation in 2008.

By the way, note that this is not a privacy concern because I am doing anything illicit; it is privacy concern because I would feel violated at this use of my son without my express permission, even though it would be perfectly legal and within the terms of service to which the photo copyright owner agreed.

What can you do, Facebook, to earn my trust?

1) Change your terms of service. I don’t mean leave them as they are/were before you made everyone mad this week.  I mean change them all together. Stop requiring that we:

…automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, publicly perform, publicly display, reformat, translate, excerpt (in whole or in part) and distribute such User Content for any purpose, commercial, advertising, or otherwise, on or in connection with the Site or the promotion thereof, to prepare derivative works of, or incorporate into other works, such User Content, and to grant and authorize sublicenses of the foregoing.

I don’t care if you say you don’t want to put my son’s photo on a billboard, because what you say on your blog or to a reporter does not outweigh the legal contract you are asking people to sign/click through.

This is just plain creepy. And greedy. AND uncool to boot.

2) Start acting trustworthy. Make your privacy settings comprehensible to the average user. You’ve taken steps in this direction, but it really just isn’t enough.  Your aunt who still types emails in ALL CAPS should be able to understand her setting and their implications. Be clear about the risks and benefits of new apps. Don’t globally implement apps and then require people to opt-out of things; rather allow them to opt-in. Do good in the world.  Please.

Of course, half of me knows it’s a good thing for my own time management and personal life that I am not on Facebook. I could suck up hours tracking down all my teenage crushes and long-losts, and that’s really the last thing I need when I barely have the time for a cup of tea with my here-and-nows.  However, the other half of me – the one that wants to get sucked into staying up too late finding out how many kids so-and-so has and whether the morose violinist from my school bus days is still playing music or at least doing okay – offers these suggestions.  If you don’t take them, well, I’m sure in a few more years there will be a new social networking platform that everyone’s on, and maybe I’ll jump on board that time around.

-Greyson

Full disclosure here: I do *sort of* have a Facebook account. What I mean is that I have a fake Facebook account under a made up name, with virtually no information in it save a made up birthdate. I use this account for the times when I need to look something up that is only on Facebook. I rarely use it, and am forever forgetting my password, and have had to create a fake Gmail account under the same name to deal with the password reset requests…and this is just getting convoluted and complicated. I wish Facebook would just get its act together so I could join in good faith and stop pretending to be a 28 year old male online just to find out when a meeting will be happening.

7 Comments

Filed under IP, privacy, technology