Boosting Big Brother: Canada and the Digital Privacy Act
Knowledge, claimed Francis Bacon, is power. It is also money. Which is why Canada’s newly drafted Digital Privacy Act, Bill S-4, is considered by the privacy fraternity to be a demon of some proportions, Binoy Kampmark writes
23 Apr 14

(Image: Shutterstock)

(Image: Shutterstock)

(Image: Shutterstock)

Knowledge, claimed Francis Bacon, is power. It is also money.  Which is why Canada’s newly drafted Digital Privacy Act, Bill S-4, is considered by the privacy fraternity to be a demon of some proportions.  As Gillian Shaw of the Vancouver Sun (Apr 14) explains, “If you worry Big Brother is reporting everything you do on the Internet, changes introduced to Canada’s privacy legislation last week may prove your worries are not totally unfounded.”

The bill has striking similarities to proposed US legislation that proved so contentious it wound up in the deep freeze of US Congressional contemplation.  The US Cyber Information Sharing and Protection Act (CISPA) would have granted blanket immunity to companies sharing user content with governments on the pretext of a pressing “cyber threat”.  S-4, however, goes further, increasing the sharing of such user information with parties beyond government to private organisations.

The aim of such legislation is twofold: re-enforcing copyright barriers via the umbrella pretext of fighting crime and contractual infringement while eroding privacy protections.  The snooping incentive in the case of Bill S-4 is considerable: to monitor those habits of downloading and use of material that just might breach intellectual property laws.

As with laws purportedly targeting digital piracy, it does more.  University of Ottawa’s law professor, Michael Geist, has kept his eye on developments in the area of Canadian privacy law for some time.  He is far from impressed by the latest measures on the part of the Canadian government.  “Unpack the legalese and you find that organizations will be permitted to disclose personal information without consent (and without a court order) to any organization that is investigating a contractual breach or possible violation of any law” (Vancouver Sun, Apr 14).

Other effects follow on from S-4, read along with C-13 (the “cyber-bullying bill).  Immunity to organisations disclosing subscriber or customer information to law enforcement authorities, or copyright trolls, will be granted.  The mere fact that an investigation is taking place, be it into contractual breach, actual or potential, can trigger the need to disclose the confidential data of users of the service.  Those users will not be informed of such disclosure, and organisations engaging in such acts will be under no obligation to do so.

One of the amending provisions states, for instance, that “an organization may collect personal information without the knowledge or consent of the individual only if it is reasonable to expect that the collection with the knowledge or consent of the individual would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province.”

Geist makes various important points, noting how judicial management has been indispensable in keeping the information trawlers at bay. He cites the file sharing case of Voltage Pictures, a U.S. company which sought an order asking the internet service provider TekSavvy to disclose the names and addresses of thousands of users it claimed had infringed copyright.  TekSavvy requested the Canadian Internet Policy and Public Interest Clinic to intervene for the purposes of informing the court over privacy and copyright trolling concerns.

The disclosure was granted by the federal court, but the move came with various safeguards with the intention of discouraging copyright trolling lawsuits.  The point was considered fundamental by the court – compelling ISPs to reveal the private details of their subscribers would create a monumental strain on the court system.  Many infringements would be of a non-commercial nature, and taking these to court would see a needless use of judicial resources.  Even more significant, the cap of $5000 on liability for such non-commercial infringements “may be miniscule compared to the cost, time and effort in pursuing a claim against the subscriber.”

The court found Voltage’s conduct in seeking such disclosure potentially improper, though not sufficient to refuse the motion.  Instead, the company was asked to guarantee that any subscriber information obtained would remain confidential, not be used for any other purposes, not be made public and not be disclosed to third parties.  The fees for TekSavvy behind the disclosure would also be covered by Voltage.

The decision suggests heavy judicial oversight over the grants of such disclosure motions.  Important safeguards include court involvement over the contents of the “demand letter” sent to subscribers. As Geist notes, the letter must include the message that “no Court has yet made a determination that such subscriber has infringed or is liable in any way for payment of damages.”

S-4 would make such protections redundant, stifling court scrutiny and enabling a ready disclosure of private user information between companies.  In Geist’s words, “If Bill S-4 were the law, the court might never become involved in the case.  Instead, Voltage could simply ask TekSavvy for the subscriber information, which could be legally disclosed (including details that go far beyond just name and address) without any court order and without informing their affected customer.”

The legislative moves on the part of the Canadian government reveal the addictive nature of such copyright legislation.  Privacy is a subsidiary concern to the use of material provided by an ISP, while broadening the policing function against illegal use of information is paramount.  The current Digital Privacy Act seems a less than distant echo of the Personal Information Protection and Electronic Documents Act (PIPEDA), Bill C-29.  The government has evidently been there, but hasn’t yet done that.

Warrantless disclosure of private information is the holy grail of government regulation.  The sacrificial lamb is always the privacy of citizens. This, goes the official drum roll, is necessary to protect the public. In truth, it is designed to protect corporate legal interests and pull down the walls of data protection.

This article was posted on 23 April 2014 at

By Binoy Kampmark

Dr. Binoy Kampmark was a Commonwealth Scholar at Selwyn College, Cambridge and ran for the Australian Senate for the WikiLeaks Party with Julian Assange. He lectures at RMITUniversity, Melbourne.