Calgary IT Security Professionals
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
May 6, 2002
Privacy Commissioner of Canada
(Check Against Delivery)
Let me begin by thanking the IT Security Professionals for Calgary for your kind invitation to join you today. Through these monthly meetings, you stay on the leading edge of security issues - issues which are of ever-increasing importance in our technology-driven society.
I know you've thought a lot about security, but this afternoon I would like to invite you to think about privacy and consider some issues that you may not have thought about regarding the right to privacy.
But first, let me tell you a bit about my role as Privacy Commissioner.
I'm an independent Officer of Parliament, which means I don't work for the government and I don't answer to the government. I work only for the people of Canada, and I answer only to our national Parliament.
My responsibility is to oversee and champion the privacy rights of all Canadians. I have oversight over two important pieces of legislation - the Privacy Act, that applies to all federal government institutions, and the new Personal Information Protection and Electronic Documents Act that extends our privacy protection rights to dealings with the private sector. I'll have more to say about the latter in just a moment.
My mandate is to ensure that these laws are obeyed - and, more generally, to ensure that Canadians are aware of their privacy rights.
So what is this "privacy" that I'm talking about? Why this increasing focus on its protection? Why has Parliament passed these laws? And more to the point, why should you as IT security specialists care about privacy?
To begin with, privacy is a fundamental human right, recognized as such by the United Nations. Indeed, it is the right from which all our other freedoms flow - freedom of speech, freedom of association, freedom of thought, virtually any freedom you can name.
To me, that's almost self-evident: How can we be truly free if our every move is watched, our every activity known, our every preference monitored?
But privacy is more than a fundamental human right - it's also an innate human need. When you go home at night, you probably close the blinds. It's not that you're trying to hide something. You just instinctively need your privacy, your freedom from being observed.
If you're on a bus or a plane, and someone starts reading over your shoulder, you probably feel uncomfortable. What you're reading isn't secret, it's just that your privacy is being invaded.
If you've ever had your home or even your car broken into, you'll know that the sense of intrusion, of having your privacy violated, can be even more painful than the loss of whatever was stolen.
And yet, almost every day, in some new and creative way, that innate human need, that fundamental human right - the right to privacy - is being chipped away. Sometimes the diminution is subtle, sometimes it's a full frontal attack - but the process is begun and it is a challenge we must answer.
To do that, we must first understand that privacy is not just an individual right - it is a public good. It reflects decisions we have made as a people about how we will live as a society.
And because it is a shared value, all of us - collectively - must be responsible for its preservation.
It isn't a question of balancing the individual right to privacy against the interests of society. It's understanding that the interests of society include the individual's privacy and that we are, all of us, the loser if individual liberty is lost.
That is not to say that privacy is an absolute right that trumps all others. There are times when it must bend to a compelling public interest.
But the starting point should be that people have the right to privacy, to control access to their person and to their personal information.
The onus must always be on those proposing to limit our privacy to make the case and demonstrate the need - not on those of us who want to protect that right.
When conflicts arise - and they will - every proposal that limits our privacy should be calmly and carefully assessed on its own merit and tested against four key criteria:
Is it demonstrably necessary to address some specific problem?
Is it demonstrably likely to be effective in addressing that problem?
Is the reduction in privacy proportional to the benefit to be derived?
And is there no other, less privacy-invasive alternative that could accomplish the same purpose?
Until recently, our privacy was essentially protected by the efforts required to violate it. When
personal information was largely held in paper records, scattered over a number of places, it required a great deal of trouble to locate it and sift through it all.
Today, new information technologies have removed the constraints of time, distance and cost. Armed with a PC and a modem, almost anyone can compile a pretty complete profile on anyone of us in a matter of minutes.
And that's not to mention all of the other new technologies - of surveillance, of location, of identification, of genetic analysis, that are readily available and that threaten our privacy.
Indeed, in many ways and on many fronts, our privacy is threatened as never before. Let me touch on just a few examples.
From Vancouver to Halifax and in cities right across Canada, including Calgary, local officials are considering the use of police video surveillance cameras on city streets. This means that every step you take on the streets of our Canadian cities and towns could soon be watched, monitored by agents of the state - Orwell's 1984, just a few years behind schedule.
And with the biometric technologies already available today, your image can be digitized, classified and checked against images of known or suspected criminals, or used to connect your face with your name, address and other personal information.
Video surveillance of public streets is being pushed as a means of reducing crime. Trouble is, there's no evidence that it's necessary or effective.
Crime rates in Canada have been falling steadily, not increasing, over the past five years. So it's fair to ask why we need such a dramatically intrusive new measure.
Even more important, there's no solid evidence anywhere in the world that street video cameras are effective in reducing or deterring crime. At most, they displace it from where the cameras are to where they aren't.
London, England has more street surveillance cameras than any other city in the Western world, and last year it had more street cameras than ever before. And yet last year in London, street crime went up 40 per cent.
So what these cameras do is take away our privacy without giving enough back in return. We have a right to go about our peaceful, law-abiding business on our public streets without feeling under the systematic, relentless eye of agents of the state.
Or here's a very different example of the assault on privacy: those "anonymous" surveys you receive in the mail. Once they get through all that stuff about the kind of car you drive or the software you use, they ask lots of personal questions - age, income levels, gender, marital status, interests, etc.
And because they don't ask for your name or address, people tend to be much more forthcoming in these surveys - after all, they're "anonymous".
What we don't realize is that the company sponsoring the survey may have included a code on the return envelope that corresponds to your name and address, allowing the company to surreptitiously identify every respondent. The bottom line? Never assume you are anonymous - always think very carefully about what information you provide.
Now, you may say, what's the big deal? So what if somebody knows my surfing or magazine-reading habits, even what I buy or where I go?
Well, the big deal is that information from one or more sources can be used to make assumptions about you that can fundamentally affect your life. Sometimes the simplest of activities can be construed in the most bizarre ways.
Suppose you go to Las Vegas three or four times a year to visit a relative or a close friend. If your travel habits became known - for example, by someone getting access to your credit card or debit card records - you might look like a compulsive gambler. That could affect your ability to get a job or a bank loan.
Or maybe someone you know works for a company that likes to give bottles of wine or liquor as gifts to clients. Maybe it's his job to go to the liquor store regularly to stock up. Again, if his purchasing patterns became known, it could look like he has a real drinking problem, affecting everything from his ability to land a better job to his chances of getting insurance.
If you have to go through life knowing that everything you buy, everywhere you go, everyone you meet, anything you do may be observed, recorded, scrutinized, cross-referenced, judged, maybe misinterpreted and used against you by persons unknown - if you have to go through life like that, you're not truly free.
Maybe you'll think twice about a purchase, because of how it might look to someone. Maybe you won't take that trip, because someone might draw the wrong conclusion about you.
Lack of privacy makes us less free, and the more easily our privacy can be invaded - whether by private interests or by agents of the state - the less freedom we have.
So we have to keep insisting on a balance - a carefully reasoned balance - between the legitimate needs of law enforcement and security on one hand and the need to maintain our rights and freedoms on the other.
Moreover, we should remember that a government pervasive enough to protect us from every possible threat would be pervasive enough to strip us of every existing freedom.
Nor should we be under any illusions that new intrusions by government would only be for a limited time or purpose. These things have a way of becoming more pervasive, not less; of becoming more entrenched, not less.
Just remember that income taxes were supposed to be a temporary measure to help finance the First World War. And Social Insurance Numbers were only supposed to be used for administering the social insurance system.
So we have to be very careful whenever someone proposes to limit our right to privacy, just for a little while or just because the benefits will be very attractive.
Indeed, I believe protecting our right to privacy will be the defining issue of this decade.
Yogi Berra used to say that when you come to a fork in the road, take it. Today, we stand at an important fork - between relinquishing our right to privacy and defending it; between giving up and standing up.
The decisions we make will quite literally determine not only the kind of society we have for ourselves, but what kind of a society we leave for our children and our grandchildren.
Why? Because the choices we make now are likely to be irrevocable, both for individuals and for society. Once the right to privacy has been lost, once private information about you - whether accurate or not - is in the public domain, it is virtually impossible to recover it. What is known cannot become unknown. What is learned cannot become unlearned.
Anytime you are dealing with the irreversible, it pays to be careful.
Just as the mechanization and technology of the industrial revolution ushered in important new debates over wages and working conditions and the rights of workers, so too does the information age raise new questions about individual rights.
Indeed, many of the great social and technological developments of the past brought with them previously unexplored questions about how we organize ourselves as a society, or relate to one another as citizens.
Just consider the women's liberation movement of the 1960's and '70's. Attitudes, practices and policies that were totally acceptable in the world of "Leave it To Beaver" are anathema in the world of "Ally McBeal". Discriminatory laws have been changed - or struck down. New policies have been put in place. The workplace has changed and a new mindset taken over.
Similarly with the environmental movement, beginning with the Club of Rome Report in 1972 and then with the release of the Brundtland Report in 1987, there was a fundamental re-examination of our relationship to the world around us.
Again, laws were changed and a new awareness was created. As a result, the concept of sustainable development has gone from a lofty ideal to a principle of sound business practice that many companies have made part of their daily operations.
Today, I believe a similar awareness is being created with respect to privacy - a realization that a right which was once taken for granted can now too easily be taken away for good.
But if awareness is growing, it's clear we still have a long way to go. And that's where you come in.
A few decades ago, employers were saying: "Women don't want access to executive jobs. They're happier staying home with the kids."
Polluters were saying: "Nobody cares about the environment. All that matters is jobs."
And then a few brave people at first, then a growing number, and finally a tidal wave of public opinion began saying: "How dare you make such an argument."
That's what we need now - an ever-growing wave of respect for privacy rights and contempt for arrogant violators of privacy.
My job as Privacy Commissioner is to help create that wave, to be one of those initially lonely voices on some important privacy issues, and to hope that others join me.
I need the help of all Canadians - and particularly of people like you, whose skills and expertise are invaluable - to help ensure that important challenges to privacy are recognized and overcome.
To be sure, government has started to respond. An important step forward was taken with the passage of the Personal Information Protection and Electronic Documents Act. As I mentioned earlier, this law aims to protect the privacy rights of Canadians in their dealings with the private sector.
It is overseen by me and my office. We enforce the law and provide redress.
Basically, the Act says that with very limited exceptions, no private sector organization covered under the Act, can collect, use or disclose personal information about someone without their consent.
Moreover, any information that is collected, used or disclosed can only be for the purpose for which consent was given. And even if consent is given, it can only collect information that a reasonable person would think is appropriate.
The Act also provides individuals with the right to see personal information that has been collected about them and to correct any errors.
At the moment, the Act applies to those parts of the private sector that are federally regulated - banks, transportation, telecommunications and broadcasting. It also applies to the sale of personal information across provincial or national borders and applies to all businesses in the territories and to personal health information in federal, works, undertaking and businesses in all provinces.
By 2004, it will apply to all commercial transactions in Canada, except in those provinces where substantially similar legislation has been passed. In those cases, the provincial law will apply to the provincially-regulated private sector. The Act will continue to apply to federal, works, undertaking and businesses in all provinces.
The bottom line is that Canadians, from coast to coast, will have their privacy protected when dealing with the private sector.
As I've said, this is an important step forward. But it's not enough. To really bring about the kind of attitudinal shift necessary to protect our privacy, we need not only acts of Parliament, but actions by Canadians. And those of you in IT security have a crucial role to play.
To understand why, let me return to the concept of privacy and how it's different from security and confidentiality.
Privacy is our fundamental right as individuals to control the collection, use, and disclosure of information about ourselves. The right to privacy means that individuals get to decide what and how much information to give up, and to whom it is given, and for what uses.
Confidentiality is different. It's the obligation of a custodian to protect the personal information that it's been entrusted with. A promise of confidentiality imposes a duty of care to maintain the secrecy of the information, and not misuse or wrongfully disclose it.
Security is something else again. It's the process of assessing the threats and risks posed to information, and taking steps to protect the information against unauthorised or unintended access, use, intrusion, loss, or destruction.
Privacy drives the duty of confidentiality and the responsibility for security. You have to respect and address the right of privacy first, before you deal with confidentiality and security.
If you don't respect privacy-if you collect, use, or disclose information about someone without their consent-it doesn't matter that you ensure confidentiality and security. If you encrypt the information and protect it with the best firewalls, you may well have assured its security. But that doesn't change the essential fact that you've violated the individual's privacy.
But conversely, an organization can have the best privacy policies in the world. But if it doesn't have adequate IT security, personal information is liable to end up in the wrong hands - and privacy will be violated. Security is crucial. Your role is crucial.
Now, some have said that just as IT has created new threats to our privacy, so it will provide the solutions. I agree, but I don't think that it's technology that will save us. I think it's people like you, who can bring a new mindset and a new awareness about privacy concerns.
Let me explain. Today, exciting new breakthroughs in anonoymizers, encryption and user-controlled smart cards are touted as the answer. But I have to confess that I'm not a big fan of developing technological solutions to privacy problems.
Here's why. All of the proposed "solutions" - anonymizers, encryption, are essentially a system for "technological opt-out". In other words, it puts the onus on individuals to say to those who want to use their private information that we don't want them to - that we opt out.
In the world of pen and paper, opt out systems require us to check off a box saying we don't want this month's "book of the month"; or to write a letter saying that we don't want to be part of some company's mailing list.
If we don't exercise our option to opt out, they carry on as if we've consented. I just don't think that's the best way of protecting privacy.
After all, consent is the key to privacy protection. Opt-out is a very weak form of consent. In fact, it presumes consent unless you say otherwise.
Let me repeat: privacy is a fundamental human right. We shouldn't have to jump through hoops, technological or not, to protect it.
In the cyber world, the default setting should be one that protects privacy, not one which requires you to re-write the program. Just as in the pen and paper world, there are many circumstances where you shouldn't have to opt out to have your privacy protected.
I'm saying don't build systems that invade privacy.
Companies, organizations and institutions need to, in Stephen Covey's wonderful phrase, "begin with the end in mind" - by making privacy their first thought - not an afterthought.
The best way to do that is by conducting a privacy impact assessment for every information system you're involved with.
I am delighted that the federal government recently introduced a Privacy Impact Assessment Policy. I had been advocating such a policy for more than a year and Canada is now the only country in the world to require privacy impact assessments before projects or services can receive funding.
If you're new to these kinds of assessments, have someone who knows privacy evaluate them for you. Let them give you a heads up if there are weaknesses in the plan.
So what would a privacy-friendly information system look like? Let me offer two quick suggestions.
First, anonymity should be the starting point. In other words, if people can be anonymous in dealing with your systems, let them be anonymous. If identifying themselves isn't necessary, don't make it necessary. Instead, design your system so that it reflects the way people want to be treated - with respect for their privacy.
Second, if you need to establish identities, if you need to authenticate, build privacy into the authentication process. Don't let one smart card or one identifier be a gateway to every possible source of information. Use multiple cards. Walls between data bases aren't all bad. The tradeoff in "efficiency" will be more than paid for in enhanced privacy and yes, customer appreciation.
And what do we really mean by "efficiency" anyway? Efficiency is just the relationship between ends and means. If we define the end as customer privacy, then the most efficient system is one that puts that first and builds around it.
So let me sum up. Privacy is a fundamental right and a basic human need. We all understand that intuitively. Today, new and intrusive technologies are threatening that right. How we respond will determine the level of privacy we enjoy today and our children enjoy tomorrow.
The government is taking these issues seriously and those of you in the private sector need to understand the new laws and how they will affect your businesses. While technology holds the potential to help secure privacy, what is really required is a new mindset on the part of those developing it.
My message today is that the successful businesses of tomorrow are the ones that pay attention to privacy concerns today. That think about privacy issues before they build their information systems; that understand that Canadians are becoming increasingly aware of their privacy rights and will react strongly if those rights are violated - taking their concerns public and their business elsewhere.
Make no mistake, people care about their privacy. And you will lose their trust if you don't respect that privacy. Far better to honour that at the outset then retrofit your IT systems later at greater cost and after the damage has been done to your customer relations.
More than half a century ago, Justice William O. Douglas of the U.S. Supreme Court, cautioned that "To be let alone is indeed the beginning of all freedom." Today, at the start of the 21st century, that right to be left alone is under siege as never before.
Don't let the right to privacy slip away through indifference or inattention. My office stands ready to provide advice and support. I look forward to working with you as we protect that right together.
- Date modified: