dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
20
share rss forum feed

JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL
reply to m3chen

Re: Teksavvy and PIPEDA

Case law is against you on this m3chen. R v Ward set the precedent that you do not have a reasonable expectation of privacy online when the ToS of the ISP allows for such disclosure. TSI's ToS/privacy policy specifically allows for this type of disclosure. In addition Voltage is not asking TSI to disclose your private logs, merely the customer's basic information (name/address/etc) associated with their logs. Such information is not protected by PIPEDA.

Edit: also, good luck getting a response from privacy@teksavvy.com - 8 days and nothing. Had TSI not been able to delay the decision until the 14th any response from them would have come too late to be of any use.


m3chen

join:2009-12-03
Toronto, ON
Reviews:
·TekSavvy DSL

1 edit

@ JMJimmy:

With regards to TS Policy on Privacy; Name, Address and IP information fall under PIPEDA as defined on the Office of the Privacy Commissioner's website:

"Your personal information includes your...

• name, race, ethnic origin, religion, marital status, educational level
e-mail address and messages, IP (Internet protocol) address
• age, height, weight, medical records, blood type, DNA code, fingerprints, voiceprint
• income, purchases, spending habits, banking information, credit/debit card data, loan or credit reports, tax returns
• Social Insurance Number (SIN) or other identification numbers.
"

If you have contacted the Tek Savvy's Privacy Ombudsman and have not received a response in a timely manner (i.e 1-5 business days); I urge you to file a complaint with the Office of the Privacy Commissioner and attach your original e-mail to the complaint.

As for case law (R vs Ward, see here for details: »www.ontariocourts.ca/decisions/2···0660.htm), you should note that was a case involving child pornography. In R vs Ward " police make this request following a protocol developed by the police and the ISPs, but without seeking or obtaining any prior judicial authorization. ". Saying that a copyright infringement case and a child pornography case are the same is stretching the word "reasonable" beyond what is actually reasonable. Here is the problem with your example of case law and where it applies in this particular unfolding case:

- Voltage Pictures (an American company) is not a law enforcement agency. While it has the right to protect it's intellectual property, it does not have the right to do so if it violates a Canadian citizen's privacy to do so. I would have to be busted selling pirated DVDs at a store with a computer with TSI internet service for them to have enough evidence to allege what they are alleging in their law suit and have a "law enforcement agency" (i.e Crown Attorney / RCMP / OPP / TPD) request the information. Requesting the information so that they can "fish" for evidence against me and use it to extort money from me with no intent to sue me (see NGN vs Does here:»New Canadian Bittorrent lawsuit: Who shared "Recoil"?) means I have a right to expect that my privacy will be kept by Tek Savvy as Voltage Pictures demands are unreasonable (they have NO concrete evidence against any one at this point).

Here is what i'm proposing is a reasonable:

If a law enforcement agency contacts TS for the purpose of an ongoing investigation / lawsuit, then I would expect them to contact me and tell my that they must hand over my information due to a criminal investigation and I should saddle up with a lawyer.

If a third party request my information and my consent is not given, I would expect that unless I was already identified as a part of a lawsuit and the information was requested by the court to "develop reasonable and probable grounds to obtain a search warrant for the customer’s residence and computer", such requests would be denied on the grounds that they conflict with the ISP's obligation to PIPEDA and the customer's section 8 rights in the Charter of Rights and Freedoms. If law enforcement agencies must face stringent requirements to get my private personal data, third parties must face even more stringent requirements to get at it.



TwiztedZero
Nine Zero Burp Nine Six
Premium
join:2011-03-31
Toronto, ON
kudos:5

Well said, m3chen See Profile!


JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL
reply to m3chen

Again, you're ignoring the R v Ward precedent. The major difference between R v Ward and previous rulings was that the judge took into account contract law. The justice determined that because of Bhell's ToS their customers have no reasonable expectation of privacy from law enforcement or otherwise. Read Teksavvy's ToS and privacy policy. They've got the right to disclose the information (name, address, phone number, and possibly email address) without needing a court order or consent. The fact that they are insisting on a court order is admirable.

Re: filing a complaint over no response... I'll let it slide seeing as Marc has personally addressed my concerns about the lack of response and I expect a call shortly to get the issue sorted. Way way above and beyond. I could not be more impressed with Teksavvy and how they've handled the issue. I'd hate to be a Bhell/Robbers/Cogeco customer right now (or ever).


bt

join:2009-02-26
canada
kudos:1

1 recommendation

reply to m3chen

said by m3chen:

Here is what i'm proposing is a reasonable

That is reasonable... but it's not current reality.

An issued court order based on a request from a private party in a civil matter carries the same weight as an issued court order based on a request from a law enforcement agency in a criminal matter.

Voltage doesn't have the legal authority to force TSI to hand over that information - but the Courts do.

Nor does it matter what nationality the company in question is. Canadian companies don't have more rights under our new Copyright laws than companies from other countries.

Baraka

join:2012-12-11
Toronto, ON

1 edit

1 recommendation

reply to JMJimmy

»canlii.ca/en/on/oncj/doc/2008/20···355.html

Oh yeah, R. v. Ward. Yet another kiddie porn case where privacy rights were gutted for the rest of us. It's funny (maybe the wrong word) how copyright trolls continually try to conflate file sharing with child pornography. If you look at Voltage's legal filings so far, they cite two specific cases, R. v. Ward being one of them, where courts in Ontario and Saskatchewan ruled that internet subscribers have no reasonable expectation of privacy when it comes to their IP addresses. Both kiddie porn cases, of course. Almost all of Voltage's legal argument for obtaining TekSavvy's customer information rests on these two cases, in fact.

I guess if you want to follow the law these days and gain a reasonable expectation to privacy, you must become an outlaw (in most parts of the world) and pay for it. That means subscribing to a VPN service. I wonder how long it'll be before those are outlawed too, based on some future kiddie porn cases? Or maybe terrorism? Always beware when you hear a politician say, "it's for The Children", or "it's to keep us safe from The Terrorists".


JonyBelGeul
Premium
join:2008-07-31
reply to JMJimmy

said by JMJimmy:

Again, you're ignoring the R v Ward precedent. The major difference between R v Ward and previous rulings was that the judge took into account contract law. The justice determined that because of Bhell's ToS their customers have no reasonable expectation of privacy from law enforcement or otherwise. Read Teksavvy's ToS and privacy policy. They've got the right to disclose the information (name, address, phone number, and possibly email address) without needing a court order or consent. The fact that they are insisting on a court order is admirable.

Re: filing a complaint over no response... I'll let it slide seeing as Marc has personally addressed my concerns about the lack of response and I expect a call shortly to get the issue sorted. Way way above and beyond. I could not be more impressed with Teksavvy and how they've handled the issue. I'd hate to be a Bhell/Robbers/Cogeco customer right now (or ever).

Actually, the privacy policy is clear. No, TSI does not have the right to disclose information which is not available through directories. IP is not available through directory, nor is the name/IP information available through directory.
--
My blog. Wanna Git My Ball on Blogspot.

JonyBelGeul
Premium
join:2008-07-31

A directory is essentially a list of association between at least two data.

Name - address
Name - phone #
Name - postal code
Name - email
Name - IP

There is no directory for name/IP nor for name/email.
--
My blog. Wanna Git My Ball on Blogspot.


JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL

said by JonyBelGeul:

A directory is essentially a list of association between at least two data.

Name - address
Name - phone #
Name - postal code
Name - email
Name - IP

There is no directory for name/IP nor for name/email.

There doesn't need to be a "Name - IP" directory. The directory exception in PIPEDA is saying "you can't reasonably expect your name, phone number, and address to be private when it's listed right here in this public phone book"

If you requested your info be removed from the phone book or don't have a land line then that's a different story. Facebook can also be considered a "public directory"... perhaps even Google.

So if name/phone/address are public in a given case, Voltage can request the association be made between the IP they have and said public information. It sucks but it's legal.

The question is whether their information is solid enough to warrant a court ordering TSI to make the association.

One thing I do know: If the motion for disclosure is denied, TSI damn well better request some serious costs for notifying it's customers and all the other costs they had to endure.

funny0

join:2010-12-22
reply to JMJimmy

said by JMJimmy:

Case law is against you on this m3chen. R v Ward set the precedent that you do not have a reasonable expectation of privacy online when the ToS of the ISP allows for such disclosure. TSI's ToS/privacy policy specifically allows for this type of disclosure. In addition Voltage is not asking TSI to disclose your private logs, merely the customer's basic information (name/address/etc) associated with their logs. Such information is not protected by PIPEDA.

Edit: also, good luck getting a response from privacy@teksavvy.com - 8 days and nothing. Had TSI not been able to delay the decision until the 14th any response from them would have come too late to be of any use.

in fact jimmy case law is quite the opposite the fact is till now or more recently as this type a behaviour began it has not come to light what your rights really are so they have not been tested properly.

as i said in a post before....when my doc needs info i have to sign a form to allow him access to my personal data , same with my worker and in other instances and i have to do it each time.
NOW TSI might collect incidental data on usage and for congestion/networking purposes BUT no where did i sign anything stating that upon request of any 3rd party for whatever reason my data can be hap hazzardly handed over. NOW of course there are exceptions to this and one is when a warrant is issued and ill add that is a police matter not a 3rd party matter and the 3rd party and voltage should then hand over data to the police and let them obtain a warrant....

funny0

join:2010-12-22
reply to m3chen

said by m3chen:

@ JMJimmy:

With regards to TS Policy on Privacy; Name, Address and IP information fall under PIPEDA as defined on the Office of the Privacy Commissioner's website:

"Your personal information includes your...

• name, race, ethnic origin, religion, marital status, educational level
e-mail address and messages, IP (Internet protocol) address
• age, height, weight, medical records, blood type, DNA code, fingerprints, voiceprint
• income, purchases, spending habits, banking information, credit/debit card data, loan or credit reports, tax returns
• Social Insurance Number (SIN) or other identification numbers.
"

If you have contacted the Tek Savvy's Privacy Ombudsman and have not received a response in a timely manner (i.e 1-5 business days); I urge you to file a complaint with the Office of the Privacy Commissioner and attach your original e-mail to the complaint.

As for case law (R vs Ward, see here for details: »www.ontariocourts.ca/decisions/2···0660.htm), you should note that was a case involving child pornography. In R vs Ward " police make this request following a protocol developed by the police and the ISPs, but without seeking or obtaining any prior judicial authorization. ". Saying that a copyright infringement case and a child pornography case are the same is stretching the word "reasonable" beyond what is actually reasonable. Here is the problem with your example of case law and where it applies in this particular unfolding case:

- Voltage Pictures (an American company) is not a law enforcement agency. While it has the right to protect it's intellectual property, it does not have the right to do so if it violates a Canadian citizen's privacy to do so. I would have to be busted selling pirated DVDs at a store with a computer with TSI internet service for them to have enough evidence to allege what they are alleging in their law suit and have a "law enforcement agency" (i.e Crown Attorney / RCMP / OPP / TPD) request the information. Requesting the information so that they can "fish" for evidence against me and use it to extort money from me with no intent to sue me (see NGN vs Does here:»New Canadian Bittorrent lawsuit: Who shared "Recoil"?) means I have a right to expect that my privacy will be kept by Tek Savvy as Voltage Pictures demands are unreasonable (they have NO concrete evidence against any one at this point).

Here is what i'm proposing is a reasonable:

If a law enforcement agency contacts TS for the purpose of an ongoing investigation / lawsuit, then I would expect them to contact me and tell my that they must hand over my information due to a criminal investigation and I should saddle up with a lawyer.

If a third party request my information and my consent is not given, I would expect that unless I was already identified as a part of a lawsuit and the information was requested by the court to "develop reasonable and probable grounds to obtain a search warrant for the customer’s residence and computer", such requests would be denied on the grounds that they conflict with the ISP's obligation to PIPEDA and the customer's section 8 rights in the Charter of Rights and Freedoms. If law enforcement agencies must face stringent requirements to get my private personal data, third parties must face even more stringent requirements to get at it.

and the RCMP WILL go after you doing the example and they have.
thats my point of the differance between commercial and NON commerical infringment.

if they get the right to lump both together we all might as well start selling shit everywhere
i do not think that is what the govt wants nor the rcmp
I WILL add if i brought as say a crown attorney a case agaisnt you for first degree murder that was clearly manslaughter OR not even murder how would you feel too. the pain and suffering you'd suffer for being wrongly accused of something you did not do.
IVE BEEN THERE and it cost me a ton a money to clear my name.
In the end i had a crown attorney sounding like a crazy persona nd filled court room trying to have her justify why they would not try and get DNA on a knife...
case dismissed. If i had resources( and therein lies another aspec to of this ...the predatory preying on hte weak, typical of americans) i'd have gone sideways back on her, the police which were shown to lie on the stand and the person that started all of that....

JonyBelGeul
Premium
join:2008-07-31

1 edit
reply to JMJimmy

said by JMJimmy:

said by JonyBelGeul:

A directory is essentially a list of association between at least two data.

Name - address
Name - phone #
Name - postal code
Name - email
Name - IP

There is no directory for name/IP nor for name/email.

There doesn't need to be a "Name - IP" directory. The directory exception in PIPEDA is saying "you can't reasonably expect your name, phone number, and address to be private when it's listed right here in this public phone book"

If you requested your info be removed from the phone book or don't have a land line then that's a different story. Facebook can also be considered a "public directory"... perhaps even Google.

So if name/phone/address are public in a given case, Voltage can request the association be made between the IP they have and said public information. It sucks but it's legal.

The question is whether their information is solid enough to warrant a court ordering TSI to make the association.

One thing I do know: If the motion for disclosure is denied, TSI damn well better request some serious costs for notifying it's customers and all the other costs they had to endure.

If the information is public, then motion to disclose is unwarranted. If there is motion to disclose, then it is warranted, then the information is not public.

The real information is not name/IP, it's name/TSI customer at the time of the allegations whereby IP is merely one aspect of this information. In fact, the verification by TSI proved this to be the case. Some names were not customers of TSI at the time of the allegations. Neither information are public. Motion to disclose is in fact asking TSI to disclose its customers' names.

The question asked by motion to disclose is: Who's your customer?

The default answer of course is: It's none of your business.

And this is why it's critically important that you do not reveal your real name on this forum. And even if you did, the information retained by this forum (IP logs/username/pwd for example) is still not public, since it's part of DSLreports own privacy agreement.

Let's put it another way. Give us one situation where the information requested by motion to disclose is public, therefore can be obtained without motion to disclose, therefore renders motion to disclose nul and void by virtue of imposing superfluous responsibilities/costs to a third party (TSI) to collect/verify/disclose the information, therefore gives TSI reason to oppose motion and then sue Voltage for superfluous costs incurred by the very motion and subsequent opposition?

Better yet, give us one situation where TSI can prove that the information can be obtained elsewhere, therefore can disclose it without much fuss?

We can argue all we want, but these are the real tests of the privacy agreement.
--
My blog. Wanna Git My Ball on Blogspot.

JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL
reply to funny0

said by funny0:

said by JMJimmy:

Case law is against you on this m3chen. R v Ward set the precedent that you do not have a reasonable expectation of privacy online when the ToS of the ISP allows for such disclosure. TSI's ToS/privacy policy specifically allows for this type of disclosure. In addition Voltage is not asking TSI to disclose your private logs, merely the customer's basic information (name/address/etc) associated with their logs. Such information is not protected by PIPEDA.

Edit: also, good luck getting a response from privacy@teksavvy.com - 8 days and nothing. Had TSI not been able to delay the decision until the 14th any response from them would have come too late to be of any use.

in fact jimmy case law is quite the opposite the fact is till now or more recently as this type a behaviour began it has not come to light what your rights really are so they have not been tested properly.

as i said in a post before....when my doc needs info i have to sign a form to allow him access to my personal data , same with my worker and in other instances and i have to do it each time.
NOW TSI might collect incidental data on usage and for congestion/networking purposes BUT no where did i sign anything stating that upon request of any 3rd party for whatever reason my data can be hap hazzardly handed over. NOW of course there are exceptions to this and one is when a warrant is issued and ill add that is a police matter not a 3rd party matter and the 3rd party and voltage should then hand over data to the police and let them obtain a warrant....

funny, have you even read R v. Ward? It clearly states that contract law can trump privacy law if we agree to it. TSI also states in it's privacy policy that such information can and will be disclosed if ordered by a court and such disclosure does not require consent or notice. "Ordered disclosure by a court" is an intended use of the data - it doesn't have to specify every possible reason for said order.

m3chen

join:2009-12-03
Toronto, ON
Reviews:
·TekSavvy DSL

@JMJimmy:

I'm really shocked that you would still read that as a legal conclusion. You either must have gotten a lawyer who gave you, in my opinion, bad legal advice, or you have somehow come to this conclusion based on some very different points in the case.

I would only agree with you that users are not entitled to privacy when being investigated for a criminal matter and the investigation is done by law enforcement.

For those interested in reading R v Ward, here's a link:

»www.ontariocourts.ca/decisions/2···0660.htm

Key Highlights from the conclusions of " Is the Expectation Objectively Reasonable: The Relationship Between the Appellant and Bell Sympatico"

1.) The appellant and Bell Sympatico had a commercial relationship whereby Bell Sympatico provided a variety of services, including Internet access to the appellant for a fee. Unlike for example a doctor-patient relationship, there was nothing inherently confidential in the relationship between Bell Sympatico and the appellant. In the private law context, their relationship, including any obligation Bell Sympatico had to maintain the confidentiality of information provided by the appellant, was governed by the terms of the service agreement between Bell Sympatico and the appellant, related documents referred to in the service agreement, and the terms of PIPEDA. As Gomboc demonstrates, it is necessary to look at the controlling contractual and legislative provisions when determining whether a person has a reasonable expectation of privacy in information that a third party service provider has given to the police.

2.) Like any service provider, Bell Sympatico had a legitimate interest in preventing the criminal misuse of its services, particularly in circumstances where the misuse effectively constituted the actus reus of a crime. That interest may be seen as purely a self-interest or, perhaps more appropriately, as a form of “civic engagement” reflecting a corporate commitment to assist in law enforcement’s struggle to rid the Internet of child pornography: see Gomboc, at paras. 41-42, Deschamps J., concurring; Slane & Austin, at p. 490.


JMJimmy

join:2008-07-23
Reviews:
·TekSavvy DSL

[107] The contractual provisions in this case tend to reinforce my reliance on PIPEDA as indicative of the nature of the appellant’s reasonable expectation of privacy. Like PIPEDA, the contractual terms speak both of Bell Sympatico’s duty to protect the privacy of clients’ information and its willingness to disclose information in relation to investigations involving the alleged criminal misuse of its services. That willingness clearly qualifies any duty of confidentiality assumed by Bell Sympatico. While there is no single provision in the agreement or related documents that spells out Bell Sympatico’s willingness to disclose information to the police as clearly as did the regulation under consideration in Gomboc, the overall thrust of the documentation is to the same effect. In particular, the Accepted Use Policy (“AUP”) makes it clear that uploading or downloading child pornography is a breach of the AUP and that Bell Sympatico would “offer full cooperation with law enforcement agencies in connection with any investigation arising from a breach of this AUP.” That cooperation would, it seems to me, obviously extend to the disclosure of subscriber information which, by the terms of the service agreement, could be disclosed if “[n]ecessary to satisfy any laws, regulations or other governmental request ... or as necessary ... to protect ... others.”

By the privacy policy stating that it will turn over information under court order and that basic subscriber information is not considered private (name, address, phone number, email) then there's not much of a legal leg to stand on.

m3chen

join:2009-12-03
Toronto, ON
Reviews:
·TekSavvy DSL

All I can say is that I strongly disagree with your reading / interpretation of R v Ward and if I were hit with this; I would file a complaint with the PrivCom as nothing about handing my information over to a third party for mass litigation is reasonable nor the intended use of keeping IP logs.

And as mentioned previously; THERE IS NO COURT ORDER AT THE MOMENT.