how-to block ads
|
|
Uniqs:
3806 |
Share Topic
 |
 |
|
|
|
| reply to JonyBelGeul
Re: Teksavvy and PIPEDA A directory is essentially a list of association between at least two data.
Name - address
Name - phone #
Name - postal code
Name - email
Name - IP
There is no directory for name/IP nor for name/email.
--
My blog. Wanna Git My Ball on Blogspot. | | |
|
| reply to m3chen
It just occurred to me that if you specifically requested the maintainer of a directory to not put your name/address/phone on it, then this information is now private and not available through that directory, therefore is covered by the privacy agreement, and cannot be disclosed without your consent, since the privacy agreement specifically states "available through directories".
--
My blog. Wanna Git My Ball on Blogspot. | |
| reply to m3chen
Howard Knopf just posted an excellent post on TSI's possible responsibilities under PIPEDA in this case:
Voltage Pictures Mass Litigation: What is Teksavvy's Task?
»excesscopyright.blogspot.ca/2013···hat.html
--
My Canadian Tech Podcast: »canadiantechnetwork.podbean.com/
My Self Help and Digital Policy Blog: »jkoblovsky.wordpress.com/
| |
| reply to JonyBelGeul
said by JonyBelGeul:A directory is essentially a list of association between at least two data.
Name - address
Name - phone #
Name - postal code
Name - email
Name - IP
There is no directory for name/IP nor for name/email.
There doesn't need to be a "Name - IP" directory. The directory exception in PIPEDA is saying "you can't reasonably expect your name, phone number, and address to be private when it's listed right here in this public phone book"
If you requested your info be removed from the phone book or don't have a land line then that's a different story. Facebook can also be considered a "public directory"... perhaps even Google.
So if name/phone/address are public in a given case, Voltage can request the association be made between the IP they have and said public information. It sucks but it's legal.
The question is whether their information is solid enough to warrant a court ordering TSI to make the association.
One thing I do know: If the motion for disclosure is denied, TSI damn well better request some serious costs for notifying it's customers and all the other costs they had to endure. | |
| reply to jkoblovsky
Very well written article by Howard Knopf. Yes, protecting customers' privacy is part of Teksavvy's job, but I have a feeling that Teksavvy will roll over on Monday. It would be so sad if that happens. We will know after two days. | |
| reply to m3chen
PIPEDA requires private-sector organizations to collect, use or disclose your personal information by fair and lawful means, with your consent, and only for purposes that are stated and reasonable.
ALSO YOU CAN and should be told that using your private data for each purpose must have a request in writing or email ( both considered legal ) before it can be used.
my doc , my worker for disability all have to have me sign stuff to get personal information ....and do so each time. NOT a one off and go ahead for ever. | |
| reply to JMJimmy
said by JMJimmy:Case law is against you on this m3chen. R v Ward set the precedent that you do not have a reasonable expectation of privacy online when the ToS of the ISP allows for such disclosure. TSI's ToS/privacy policy specifically allows for this type of disclosure. In addition Voltage is not asking TSI to disclose your private logs, merely the customer's basic information (name/address/etc) associated with their logs. Such information is not protected by PIPEDA.
Edit: also, good luck getting a response from privacy@teksavvy.com - 8 days and nothing. Had TSI not been able to delay the decision until the 14th any response from them would have come too late to be of any use.
in fact jimmy case law is quite the opposite the fact is till now or more recently as this type a behaviour began it has not come to light what your rights really are so they have not been tested properly.
as i said in a post before....when my doc needs info i have to sign a form to allow him access to my personal data , same with my worker and in other instances and i have to do it each time.
NOW TSI might collect incidental data on usage and for congestion/networking purposes BUT no where did i sign anything stating that upon request of any 3rd party for whatever reason my data can be hap hazzardly handed over. NOW of course there are exceptions to this and one is when a warrant is issued and ill add that is a police matter not a 3rd party matter and the 3rd party and voltage should then hand over data to the police and let them obtain a warrant.... | |
| reply to m3chen
said by m3chen:@ JMJimmy:
With regards to TS Policy on Privacy; Name, Address and IP information fall under PIPEDA as defined on the Office of the Privacy Commissioner's website:
"Your personal information includes your...
• name, race, ethnic origin, religion, marital status, educational level
• e-mail address and messages, IP (Internet protocol) address
• age, height, weight, medical records, blood type, DNA code, fingerprints, voiceprint
• income, purchases, spending habits, banking information, credit/debit card data, loan or credit reports, tax returns
• Social Insurance Number (SIN) or other identification numbers."
If you have contacted the Tek Savvy's Privacy Ombudsman and have not received a response in a timely manner (i.e 1-5 business days); I urge you to file a complaint with the Office of the Privacy Commissioner and attach your original e-mail to the complaint.
As for case law (R vs Ward, see here for details: »www.ontariocourts.ca/decisions/2···0660.htm), you should note that was a case involving child pornography. In R vs Ward " police make this request following a protocol developed by the police and the ISPs, but without seeking or obtaining any prior judicial authorization. ". Saying that a copyright infringement case and a child pornography case are the same is stretching the word "reasonable" beyond what is actually reasonable. Here is the problem with your example of case law and where it applies in this particular unfolding case:
- Voltage Pictures (an American company) is not a law enforcement agency. While it has the right to protect it's intellectual property, it does not have the right to do so if it violates a Canadian citizen's privacy to do so. I would have to be busted selling pirated DVDs at a store with a computer with TSI internet service for them to have enough evidence to allege what they are alleging in their law suit and have a "law enforcement agency" (i.e Crown Attorney / RCMP / OPP / TPD) request the information. Requesting the information so that they can "fish" for evidence against me and use it to extort money from me with no intent to sue me (see NGN vs Does here:»New Canadian Bittorrent lawsuit: Who shared "Recoil"?) means I have a right to expect that my privacy will be kept by Tek Savvy as Voltage Pictures demands are unreasonable (they have NO concrete evidence against any one at this point).
Here is what i'm proposing is a reasonable:
If a law enforcement agency contacts TS for the purpose of an ongoing investigation / lawsuit, then I would expect them to contact me and tell my that they must hand over my information due to a criminal investigation and I should saddle up with a lawyer.
If a third party request my information and my consent is not given, I would expect that unless I was already identified as a part of a lawsuit and the information was requested by the court to "develop reasonable and probable grounds to obtain a search warrant for the customer’s residence and computer", such requests would be denied on the grounds that they conflict with the ISP's obligation to PIPEDA and the customer's section 8 rights in the Charter of Rights and Freedoms. If law enforcement agencies must face stringent requirements to get my private personal data, third parties must face even more stringent requirements to get at it.
and the RCMP WILL go after you doing the example and they have.
thats my point of the differance between commercial and NON commerical infringment.
if they get the right to lump both together we all might as well start selling shit everywhere
i do not think that is what the govt wants nor the rcmp
I WILL add if i brought as say a crown attorney a case agaisnt you for first degree murder that was clearly manslaughter OR not even murder how would you feel too. the pain and suffering you'd suffer for being wrongly accused of something you did not do.
IVE BEEN THERE and it cost me a ton a money to clear my name.
In the end i had a crown attorney sounding like a crazy persona nd filled court room trying to have her justify why they would not try and get DNA on a knife...
case dismissed. If i had resources( and therein lies another aspec to of this ...the predatory preying on hte weak, typical of americans) i'd have gone sideways back on her, the police which were shown to lie on the stand and the person that started all of that.... | |
1 edit | reply to JMJimmy
said by JMJimmy:said by JonyBelGeul:A directory is essentially a list of association between at least two data.
Name - address
Name - phone #
Name - postal code
Name - email
Name - IP
There is no directory for name/IP nor for name/email.
There doesn't need to be a "Name - IP" directory. The directory exception in PIPEDA is saying "you can't reasonably expect your name, phone number, and address to be private when it's listed right here in this public phone book" If you requested your info be removed from the phone book or don't have a land line then that's a different story. Facebook can also be considered a "public directory"... perhaps even Google. So if name/phone/address are public in a given case, Voltage can request the association be made between the IP they have and said public information. It sucks but it's legal. The question is whether their information is solid enough to warrant a court ordering TSI to make the association. One thing I do know: If the motion for disclosure is denied, TSI damn well better request some serious costs for notifying it's customers and all the other costs they had to endure. If the information is public, then motion to disclose is unwarranted. If there is motion to disclose, then it is warranted, then the information is not public.
The real information is not name/IP, it's name/TSI customer at the time of the allegations whereby IP is merely one aspect of this information. In fact, the verification by TSI proved this to be the case. Some names were not customers of TSI at the time of the allegations. Neither information are public. Motion to disclose is in fact asking TSI to disclose its customers' names.
The question asked by motion to disclose is: Who's your customer?
The default answer of course is: It's none of your business.
And this is why it's critically important that you do not reveal your real name on this forum. And even if you did, the information retained by this forum (IP logs/username/pwd for example) is still not public, since it's part of DSLreports own privacy agreement.
Let's put it another way. Give us one situation where the information requested by motion to disclose is public, therefore can be obtained without motion to disclose, therefore renders motion to disclose nul and void by virtue of imposing superfluous responsibilities/costs to a third party (TSI) to collect/verify/disclose the information, therefore gives TSI reason to oppose motion and then sue Voltage for superfluous costs incurred by the very motion and subsequent opposition?
Better yet, give us one situation where TSI can prove that the information can be obtained elsewhere, therefore can disclose it without much fuss?
We can argue all we want, but these are the real tests of the privacy agreement.
--
My blog. Wanna Git My Ball on Blogspot. | |
| reply to funny
said by funny:said by JMJimmy:Case law is against you on this m3chen. R v Ward set the precedent that you do not have a reasonable expectation of privacy online when the ToS of the ISP allows for such disclosure. TSI's ToS/privacy policy specifically allows for this type of disclosure. In addition Voltage is not asking TSI to disclose your private logs, merely the customer's basic information (name/address/etc) associated with their logs. Such information is not protected by PIPEDA.
Edit: also, good luck getting a response from privacy@teksavvy.com - 8 days and nothing. Had TSI not been able to delay the decision until the 14th any response from them would have come too late to be of any use.
in fact jimmy case law is quite the opposite the fact is till now or more recently as this type a behaviour began it has not come to light what your rights really are so they have not been tested properly. as i said in a post before....when my doc needs info i have to sign a form to allow him access to my personal data , same with my worker and in other instances and i have to do it each time. NOW TSI might collect incidental data on usage and for congestion/networking purposes BUT no where did i sign anything stating that upon request of any 3rd party for whatever reason my data can be hap hazzardly handed over. NOW of course there are exceptions to this and one is when a warrant is issued and ill add that is a police matter not a 3rd party matter and the 3rd party and voltage should then hand over data to the police and let them obtain a warrant.... funny, have you even read R v. Ward? It clearly states that contract law can trump privacy law if we agree to it. TSI also states in it's privacy policy that such information can and will be disclosed if ordered by a court and such disclosure does not require consent or notice. "Ordered disclosure by a court" is an intended use of the data - it doesn't have to specify every possible reason for said order. | |
m3chen
join:2009-12-03
Toronto, ON Reviews:
 ·TekSavvy DSL
| @JMJimmy:
I'm really shocked that you would still read that as a legal conclusion. You either must have gotten a lawyer who gave you, in my opinion, bad legal advice, or you have somehow come to this conclusion based on some very different points in the case.
I would only agree with you that users are not entitled to privacy when being investigated for a criminal matter and the investigation is done by law enforcement.
For those interested in reading R v Ward, here's a link:
»www.ontariocourts.ca/decisions/2···0660.htm
Key Highlights from the conclusions of " Is the Expectation Objectively Reasonable: The Relationship Between the Appellant and Bell Sympatico"
1.) The appellant and Bell Sympatico had a commercial relationship whereby Bell Sympatico provided a variety of services, including Internet access to the appellant for a fee. Unlike for example a doctor-patient relationship, there was nothing inherently confidential in the relationship between Bell Sympatico and the appellant. In the private law context, their relationship, including any obligation Bell Sympatico had to maintain the confidentiality of information provided by the appellant, was governed by the terms of the service agreement between Bell Sympatico and the appellant, related documents referred to in the service agreement, and the terms of PIPEDA. As Gomboc demonstrates, it is necessary to look at the controlling contractual and legislative provisions when determining whether a person has a reasonable expectation of privacy in information that a third party service provider has given to the police.
2.) Like any service provider, Bell Sympatico had a legitimate interest in preventing the criminal misuse of its services, particularly in circumstances where the misuse effectively constituted the actus reus of a crime. That interest may be seen as purely a self-interest or, perhaps more appropriately, as a form of “civic engagement” reflecting a corporate commitment to assist in law enforcement’s struggle to rid the Internet of child pornography: see Gomboc, at paras. 41-42, Deschamps J., concurring; Slane & Austin, at p. 490. | |
| [107] The contractual provisions in this case tend to reinforce my reliance on PIPEDA as indicative of the nature of the appellant’s reasonable expectation of privacy. Like PIPEDA, the contractual terms speak both of Bell Sympatico’s duty to protect the privacy of clients’ information and its willingness to disclose information in relation to investigations involving the alleged criminal misuse of its services. That willingness clearly qualifies any duty of confidentiality assumed by Bell Sympatico. While there is no single provision in the agreement or related documents that spells out Bell Sympatico’s willingness to disclose information to the police as clearly as did the regulation under consideration in Gomboc, the overall thrust of the documentation is to the same effect. In particular, the Accepted Use Policy (“AUP”) makes it clear that uploading or downloading child pornography is a breach of the AUP and that Bell Sympatico would “offer full cooperation with law enforcement agencies in connection with any investigation arising from a breach of this AUP.” That cooperation would, it seems to me, obviously extend to the disclosure of subscriber information which, by the terms of the service agreement, could be disclosed if “[n]ecessary to satisfy any laws, regulations or other governmental request ... or as necessary ... to protect ... others.” | |
m3chen
join:2009-12-03
Toronto, ON Reviews:
·TekSavvy DSL
| All I can say is that I strongly disagree with your reading / interpretation of R v Ward and if I were hit with this; I would file a complaint with the PrivCom as nothing about handing my information over to a third party for mass litigation is reasonable nor the intended use of keeping IP logs.
And as mentioned previously; THERE IS NO COURT ORDER AT THE MOMENT. | |
resa1983Premium
join:2008-03-10
North York, ON
kudos:7 Reviews:
 ·TekSavvy Cable
| reply to JMJimmy
I'm just going to respond to a few different things.. Excuse the mess.  said by JMJimmy:said by nitzguy:said by resa1983:They specifically asked for it to be handed over in Excel format.
What if TSI doesn't use Microsoft Excel in their business, perhaps they can hand it over in CSV format?  . Or OpenOffice.org format?.... I mean they can't force a company to hand over data in a certain way....also if I was TSI I'd make it difficult, and I feel like I could do that in an excel format even . TSI has a legal obligation to ensure that Voltage places the same safeguards on the information that TSI does. TSI can refuse to disclose the information (even under a court order) until the safeguards are in place. Once they are in place any court order must be upheld. If TSI uses a certain type of encryption, data separation, user access controls, etc then so must Voltage. The only problem is, the last 2 copytroll cases (1 which was Voltage in Fall 2011, 1 which was NGN Fall 2012), the courts accepted the plaintiff's request as to the format of the information, and ordered it as such. So there is some history here already. said by JMJimmy:One thing I do know: If the motion for disclosure is denied, TSI damn well better request some serious costs for notifying it's customers and all the other costs they had to endure.
They will be requesting remuneration for their costs. Nothing more, nothing less. Whatever that amount may be. said by funny:NOW TSI might collect incidental data on usage and for congestion/networking purposes BUT no where did i sign anything stating that upon request of any 3rd party for whatever reason my data can be hap hazzardly handed over. NOW of course there are exceptions to this and one is when a warrant is issued and ill add that is a police matter not a 3rd party matter and the 3rd party and voltage should then hand over data to the police and let them obtain a warrant....
This has been tested extensively, with a bunch of defamation suits. » espn.go.com/golf/story/_/id/7533···famation resulted in » webcache.googleusercontent.com/s···irefox-a» zvulony.ca/2012/articles/interne···ostings/Geist himself even wrote about this: » www.michaelgeist.ca/content/view/5955/135/ quote:
In sorting out the balance, the court relied on a legal test established in 2010 Ontario defamation case that similarly involved anonymous online postings. That case identified four factors to consider: (1) Whether there was a reasonable expectation of anonymity; (2) Whether the plaintiff established a prima facie case of wrongdoing by the poster; (3) Whether the plaintiff tried to identify the poster and was unable to do so; and (4) Whether the public interest favouring disclosure outweigh the legitimate interests of freedom of expression and right to privacy of the persons sought to be identified if the disclosure is ordered.
In this particular instance, the court sided with the posters and refused to order the disclosure of their identities. Since the plaintiff (who has since indicated she plans to appeal) did not identify the specific defamatory words, she failed to establish a prima facie case of defamation.
So, lets go through the test with this case, shall we? 1. Reasonable expectation of privacy? Yes. 2. Prima facie case of wrongdoing? Yes, until the evidence is tried anyways (which isn't required for a court order) 3. Plaintiff tried to identify the poster & unable to? Yes. 4. Public Interest favouring disclosure outweighs freedom of express & privacy... Yes. The only thing people HAVE been able to do, is argue to stay anonymous with representation, conduct a full trial, while the judge knows who you are. I'm sorry to say that you have no right to privacy whatsoever if libeling someone, or breaking the law (ie copyright infringement). --
Battle.net Tech Support MVP | |
| said by resa1983:I'm just going to respond to a few different things.. Excuse the mess.
The only problem is, the last 2 copytroll cases (1 which was Voltage in Fall 2011, 1 which was NGN Fall 2012), the courts accepted the plaintiff's request as to the format of the information, and ordered it as such. So there is some history here already.
They will be requesting remuneration for their costs. Nothing more, nothing less. Whatever that amount may be.
This has been tested extensively, with a bunch of defamation suits.
»espn.go.com/golf/story/_/id/7533···famation resulted in »webcache.googleusercontent.com/s···irefox-a
»zvulony.ca/2012/articles/interne···ostings/
Geist himself even wrote about this:
»www.michaelgeist.ca/content/view/5955/135/
So, lets go through the test with this case, shall we?
1. Reasonable expectation of privacy? Yes.
2. Prima facie case of wrongdoing? Yes, until the evidence is tried anyways (which isn't required for a court order)
3. Plaintiff tried to identify the poster & unable to? Yes.
4. Public Interest favouring disclosure outweighs freedom of express & privacy... Yes.
The only thing people HAVE been able to do, is argue to stay anonymous with representation, conduct a full trial, while the judge knows who you are.
I'm sorry to say that you have no right to privacy whatsoever if libeling someone, or breaking the law (ie copyright infringement).
This point with respect to privacy is not helpful in describing where the responsibility lies in this particular case. Consumers are owed crystal clear answers moving forward with respect to their rights. Businesses do not have to directly challenge the issues with respect to privacy. What they do have to do under PIPEDA is to ensure that the merits of the requests and evidence presented are sound prior to release, which in this case falls on TSI to do DIRECTLY. » excesscopyright.blogspot.ca/2013···hat.html--
My Canadian Tech Podcast: »canadiantechnetwork.podbean.com/
My Self Help and Digital Policy Blog: »jkoblovsky.wordpress.com/
| |
| reply to resa1983
said by resa1983:So, lets go through the test with this case, shall we?
1. Reasonable expectation of privacy? Yes.
2. Prima facie case of wrongdoing? Yes, until the evidence is tried anyways (which isn't required for a court order)
3. Plaintiff tried to identify the poster & unable to? Yes.
4. Public Interest favouring disclosure outweighs freedom of express & privacy... Yes.
No. 1 is a toss up, but I really don't see how you get Yes on No. 4., how is the public interest served by allowing 2,000 suits for commercial copyright infringement with no proof? It is obvious from Votage's filing that claim is 100% made up. Which makes it a waste of the court's time and of public money. Anyway, let's see how the court looks at this, if CIPICC gets standing all these questions will get answered one way or another. | |
|
