CPSC 329/602 W22

Surveillance vs Privacy: How much is too much?

On January 11, 2022, the European Court of Human Rights (ECHR) ruled that Bulgaria’s laws on secret surveillance violated its citizens right to privacy under Article 8 of the European Human Rights Convention. Furthermore, when citizens asked about whether they had been subjected to surveillance, they received an insufficient response. Because of this, Bulgaria must amend its domestic laws in order to comply with the European Human Rights Convention. This is a somewhat fortunate event, in that action was taken to ensure Bulgaria’s surveillance methods and laws surrounding surveillance were called into question and forced to change to ensure better transparency. This however, isn’t always the case.

During the George Floyd protests in San Francisco, police illegally used surveillance cameras to monitor protestors. This was illegal because in 2019, San Francisco passed a landmark ordinance that banned the SFPD and other city agencies from using facial recognition and needing approval to use other surveillance technologies. Currently, a few groups have taken the SFPD to court (these groups include the Electronic Frontier Foundation; a leading non-profit that defends digital privacy, free speech, and innovation, and the ACLU of Northern California). The lawsuit is ongoing, but this is an example of non-profit groups and the public having to step forward and take action against an authority for the misuse of surveillance, rather than an already established court or governing body (like the ECHR). So then, what do we do? I can’t help but always think of these questions; How much surveillance is too much and how can we ensure our governments and authorities are using it in our best interests and not totally abusing their power?

This idea of “how much is too much” is always an interesting topic of discussion. I think a lot of us would agree, surveillance is important in our society. It helps to prevent crime, and most of the time, surveillance does a good job at this. But I also think that a lot of us would agree that where things get out of hand is when authorities and figures of power try to push the boundary just a bit further. I think Dr. Benjamin Goold wrote it best:

“… we know that there is too much surveillance when citizens begin to fear the surveillance activities of the state, and no longer feel free to exercise their lawful rights for fear of unwanted scrutiny and possible censure.”

The other question is then, how to we keep government agencies and authorities accountable for their use of surveillance technology? One could suggest the use of laws to help regulate the use of these technologies, but depending on where you are in the world, this might not work out as intended, as we saw with the case in the George Floyd protests. Thankfully however, we have plenty of advocacy groups that we as citizens can lean on to help keep these governing bodies accountable, though it would seem like it is a constant battle no matter where you are.

I’ve only just skimmed the surface of the surveillance vs privacy debate, there almost seems to be an infinite number of angles and layers as to which we can approach this subject. So, I’ll leave the question with you; How much surveillance is too much, and what can we do to keep governments and authorities accountable for their use of surveillance technology?

References:

https://www.jurist.org/news/2022/01/echr-rules-bulgaria-surveillance-laws-violate-human-rights/

https://sfstandard.com/perspectives/san-francisco-police-illegally-used-surveillance-cameras-at-the-george-floyd-protests-the-courts-must-stop-them/

https://commons.allard.ubc.ca/fac_pubs/150/

Who Needs Microchips When You Have Cell Phones?

We’ve all heard the conspiracies about governments inserting microchips into vaccines so that they can track us and our daily activities. However, why would a government spare the expense to develop such an elaborate plan when they can use something as simple and innocuous as… a cellphone?

Could cell phone location data be used to track the activities of Canadian citizens? ²

On Monday, January 10th, the House of Commons ethics committee held an emergency meeting regarding the collection of millions of citizens’ cell phone data by the Public Health Agency of Canada (PHAC).¹ During the meeting, the committee voted for Health Minister Jean-Yves Duclos and Canada’s Chief Public Health Officer Theresa Tam to testify before them the purpose and details of the data collection.^1,3

This incident originally began in December, when the Public Health Agency of Canada (PHAC) requested the extension of their program for the collection of “depersonalized and de-identified” data¹. At this time, it was revealed that location data from 33 million mobile devices had been gathered from telecom operators, such as Telus Communications, to monitor population movement from December 2020 to October 2021.^1,4

The PHAC has stated that they intend to balance the protection of privacy with ensuring that they have the necessary data to gauge the effectiveness of public-health directives and manage the SARS-CoV-2 pandemic.¹ Additionally, they want to use mobile phone data for the next 5 years to study “other infectious diseases, chronic disease prevention and mental health”.⁴

Privacy Concerns

The request for an extension is raising concerns about privacy. Conservative MP John Brassard stated that information was being collected without their knowledge, and that Canadians were being tracked.^3,5 Opposed to this, Liberal MP Greg Fergus has reasoned that the anonymous state of the data prevents identification, thus upholding the privacy of Canadians.^3,5 However, there have also been concerns raised regarding the potential for the re-identification of depersonalized data.^1,4

Discussions will continue Monday, January 17^th, which will hopefully address concerns and shed light on how exactly the privacy of Canadians is or is not protected.⁵

Personal Thoughts

This topic is quite relevant to this class because, given that we all currently live in Canada and own a mobile device, it is likely that many of us have been impacted by this program.

As jokingly as I made the title and introduction, I think that there are many concerns about the actions of the PHAC. The government has essentially claimed that the collection of data is necessary to monitor and manage the pandemic, supporting the claim that national security takes precedence over personal privacy. They have bypassed any need to receive consent, or inform Canadians of their actions, by claiming that since the data collected is anonymous, the Privacy Act is unrelated.⁴ However, studies have shown that such information can be re-identified to a high degree of likelihood.⁶

Due to these issues, I would personally reject the extension of this program at this time. I do, however, understand the rationale and potential benefits that this initiative may provide. Ultimately, I think that my opinion might change depending on the details that are revealed in the days to come. Perhaps, if there is transparency and strong safeguards in place to protect privacy, I will look more favorably upon the data collection.

Conclusion

So, what do you think? Do you think that the government should be granted this extension? Or do you think they are up to something far more nefarious?

Let me know in the comments and thanks for reading!

References

Woolf M. Ethics committee summons Duclos, Tam on mobile-phone data collection during pandemic. National Post [Internet]. 2022 Jan 13 [cited 2022 Jan 16]; Available from: https://nationalpost.com/pmn/news-pmn/canada-news-pmn/mps-call-for-commons-committee-to-launch-emergency-probe-of-use-of-mobile-data
Mobile devices [Internet]. Electronic Frontier Foundation [cited 2022 Jan 16];Available from: https://www.eff.org/mobile-devices
Bailey I. Ethics committee calls Duclos and Tam to testify on cellphone data collection. The Globe and Mail [Internet]. 2022 Jan 13 [cited 2022 Jan 16]; Available from: https://www.theglobeandmail.com/politics/article-ethics-committee-calls-duclos-and-tam-to-testify-on-cellphone-data/
Oli S. Canada’s public health agency admits it tracked 33 million mobile devices during lockdown. National Post [Internet]. 2021 Dec 27 [cited 2022 Jan 16]; Available from: https://nationalpost.com/news/canada/canadas-public-health-agency-admits-it-tracked-33-million-mobile-devices-during-lockdown
Opposition MPs push to suspend public health officials’ use of cellphone location data. Global News [Internet]. 2022 Jan 13 [cited 2022 Jan 16]. Available from: https://globalnews.ca/news/8508501/suspend-phac-cell-program-opposition-mps/
Rocher L, Hendrickx JM, de Montjoye Y-A. Estimating the success of re-identifications in incomplete datasets using generative models. Nature Communications 2019;10(1):3069.

Apple’s Controversial Private Relay and What it Says About Privacy as a Right

With IOS 15, Apple has introduced a new privacy feature to iCloud users… or at least those who are willing to pay. Available as a setting on iCloud+ accounts, Apple’s iCloud Private Relay functions somewhat similarly to a VPN, offering increased privacy and security when navigating the internet¹. However, the implementation of this feature has not been without controversy, receiving pushback from mobile carriers internationally.

Apple Privacy Logo – Found on the Verge²

Many carriers, mostly in Europe, have blocked the relay, citing various justifications³. In America, T-Mobile has stated that users utilizing parental controls or T-Mobile’s “Web Guard” feature are restricted from the relay simply due to interference, though justifications have been inconsistent internationally³. In the UK, for example, T-Mobile has joined other European carriers, like Orange and Vodafone, in protesting Apple’s Private Relay, citing concerns that the relay would:

Undermine access to network metadata³
Limit the ability of carriers to manage their networks³
“Impair others to innovate and compete in downstream digital markets,” as per a letter to European lawmakers⁴

Carriers are also citing antitrust sentiments in an effort to ban the feature entirely, apparently concerned with alleged anti-competitive practices by Apple³.

Whatever the reasons given, it is clear that many carriers are against the relay as shown by their calls for regulation. In a letter to European lawmakers, carriers jointly suggested that Apple’s Private Relay should be outright banned³^{, 4}. While similar sentiments have not been outwardly shared in North America, Jason Cross of Macworld points out that T-Mobile is restricting the Relay rather than giving consumers the choice of safety features¹, making their view apparent. To further complicate the matter, both T-Mobile and Apple have recently contradicted previous statements and actions by denying carrier involvement in blocking the Relay, bringing into question how much of a reputation hit carriers need to take for fighting against user privacy until they begin to backpedal.

“Privacy to us is a human right… this is like freedom of speech and freedom of the press, and privacy is right up there for us”
– Tim Cook, Apple’s CEO, as reported by CNBC in 2018⁵

Regardless of the international inconsistencies in messaging, it seems apparent that these calls for regulation are based on concerns over competition and Apple’s status as a tech monopoly. While a more cynical individual might bring up that Apple’s Relay would make it more difficult for carriers to collect and sell data to targeted advertisers³, it may also be mistaken to crown Apple as champions of privacy before examining their own apparent perspective. Apple is restricting use of this feature to only accounts in good standing who have paid for an iCloud+ subscription⁶, making two things abundantly clear; Apple believes privacy is a privilege to be earned, not a right to be protected regardless of their public messaging, and that this privilege should only be given to those who, beyond paying for an Apple product itself, are ready to pay. Rather than viewing this controversy as a battle of mobile privacy, it may be more prudent to view it as one of profit (shocking, I know). Apple seems to agree with carriers that users aren’t entitled to control over their mobile data. The two parties simply disagree about whether this control is for sale, and who should ultimately profit from the data itself.

If Apple Thinks Privacy is a Right, why not Campaign Instead of Charging People? – Illustration by Jack Ohman of the Tribune Media Services, Found on the Washington Times⁷

References

iCloud+ Private Relay FAQ: Everything you need to know [Internet]. Macworld. 2022 [cited 17 January 2022]. Available from: https://www.macworld.com/article/348965/icloud-plus-private-relay-safari-vpn-encryption-privacy.html
How to use Apple’s Private Relay feature with iCloud Plus [Internet]. The Verge. 2022 [cited 17 January 2022]. Available from: https://www.theverge.com/22573519/apple-private-relay-icloud-plus-ios-15-ipados-macos-monterey-how-to
Carriers Are Blocking Apple’s VPN-Like Private Relay Feature | Digital Trends [Internet]. Digital Trends. 2022 [cited 17 January 2022]. Available from: https://www.digitaltrends.com/mobile/apple-icloud-private-relay-carrier-blocking/
Nast C. Apple’s Private Relay Roils Telecoms Around the World [Internet]. Wired. 2022 [cited 17 January 2022]. Available from: https://www.wired.com/story/icloud-private-relay-blocking/
Apple CEO Tim Cook: ‘Privacy to us is a human right…a civil liberty’ [Internet]. 2022 [cited 17 January 2022]. Available from: https://www.cnbc.com/2018/04/10/apple-ceo-tim-cook-on-the-importance-of-consumer-privacy.html
Prepare Your Network or Web Server for iCloud Private Relay – Support – Apple Developer [Internet]. Developer.apple.com. 2022 [cited 17 January 2022]. Available from: https://developer.apple.com/support/prepare-your-network-for-icloud-private-relay/
https://www.washingtontimes.com T. I’ll put the cell phone privacy stuff in later … [Internet]. The Washington Times. 2022 [cited 17 January 2022]. Available from: https://www.washingtontimes.com/cartoons/obama-presidency/ill-put-cell-phone-privacy-stuff-later/

Hyperlinks

iCloud+ Private Relay FAQ: Everything you need to know [Internet]. Macworld. 2022 [cited 17 January 2022]. Available from: https://www.macworld.com/article/348965/icloud-plus-private-relay-safari-vpn-encryption-privacy.html
T-Mobile Concedes iOS 15.2 Did NOT Disable ‘iCloud Private Relay’ for Its Customers | Here’s What Happened [Internet]. iDrop News. 2022 [cited 17 January 2022]. Available from: https://www.idropnews.com/news/t-mobile-concedes-ios-152-did-not-disable-icloud-private-relay-for-its-customers-heres-what-happened/177139/
Ng G. Apple Says No Carrier Partners Have Blocked iCloud Private Relay [Internet]. iPhone in Canada Blog. 2022 [cited 17 January 2022]. Available from: https://www.iphoneincanada.ca/news/apple-says-no-carrier-partners-have-blocked-icloud-private-relay/

Blog Post Reservation

Welcome to the Winter 2022 CPSC 329/602 blog! Looking forward to some fun and interesting discussions.

Please reserve the topic for your blog post by adding a comment to this post, stating the topic you plan to cover, a short justification, and one or more links to external cites as evidence that your topic has indeed occurred in the last 7 days. We will approve your requests or offer comments if it is not deemed to be suitable. The main criteria for suitability are relevance to the course, whether the topic is sufficiently current, and whether it has already been covered by another student.

Please post your topic reservation requests at most 72 hours before your posting date and at least 24 hours, excluding weekends. For example, if you are posting on a Monday make sure to submit your reservation request by Friday at the latest. I will be sure to approve any outstanding requests by 4:30 PM every Monday through Friday.

When you are ready to make your post, please create a new post as opposed to commenting on this one – comments on this post will be reserved for topic reservations and approvals. Note that you can post any time on the day you reserved.