Proceedings of the 2014 ACM conference on Web science
May 20, 2014 The Regime Complex for Managing Global Cyber Activities
The Regime Complex for Managing Global Cyber Activities
JOSEPH S. NYE JR.
PUBLISHED: TUESDAY, MAY 20, 2014
When we try to understand cyber governance, it is important to remember how new cyberspace is. The World Wide Web was conceived in 1989, but only in the last 15 years have the number of websites burgeoned, with businesses beginning to use this new technology to shift production and procurement in complex global supply chains. The Internet has become a substrate of modern economic, social and political life. Analysts are now trying to understand the implications of ubiquitous mobility, the “Internet of everything” and the storage of “big data.” The advances in technology have, so far, outstripped the ability of institutions of governance to respond. Internet governance is the application by governments, the private sector and civil society of principles, norms, rules, procedures and programs that shape the evolution and use of the Internet. Naming and numbering is only a small part of Internet governance, and while Internet governance is at the heart of cyberspace, it is only a subset of cyber governance.
Global Commission on Internet Governance / @OurInternetGCIG
Website code released under the MIT license on GitHub.
Source: By Christopher Parsons, The Citizen Lab Responding to the Crisis in Canadian Telecommunications.
A Template to Request Access
The following template can be used to compel information your telecommunications provider to disclose the personal information it collects, retains, manages, and discloses about you. The text is written without an assumption of you sending it by email or letter mail, nor is is written for specific services (i.e. for just wireless or just internet services information). As a result, you should be able to send the letter to whatever companies that are providing you with telecommunications service.
Feel free to modify the text as you deem necessary. Sections that are bolded require you to insert information, such as the company, the mailing address, your personal information, or your account information.
[Subscriber mailing address]
[Mailing information for company]
To: [Company] Privacy Officer,
Re: [Name of Account Subscriber]
Dear Privacy Officer:
I am subscriber to your telecommunications service, and am interested in understanding the kinds of personal information that you maintain and retain about me. So this is a request to access my personal data under Principle 4.9 of Schedule 1 and section 8 of Canada’s federal privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA).
I am requesting a copy of all records which contain my personal information from your organization. The following is a non-exclusive listing of all information that [name of company] may hold about me, including the following:
- All logs of IP addresses associated with me, my devices, and/or my account (e.g. IP addresses assigned to my devices/router, IP addresses or domain names of sites I visit and the times, dates, and port numbers)
- Listing of ‘subscriber information’ that you store about me, my devices, and/or my account
- Any geolocational information that you may have collected about me, my devices, and/or associated with my account (e.g. GPS information, cell tower information)
- Text messages or multi-media messages (sent and received, including date, time, and recipient information)
- Call logs (e.g. numbers dialed, times and dates of calls, call durations, routing information, and any geolocational or cellular tower information associated with the calls)
- Information collected about me, or persons/devices associated with my account, using one of your company’s mobile device applications
- Any additional kinds of information that you have collected, retained, or derived from the telecommunications services or devices that I, or someone associated with my account, have transmitted or received using your company’s services
- Any information about disclosures of my personal information, or information about my account or devices, to other parties, including law enforcement and other state agencies
If your organization has other information in addition to these items, I formally request access to that as well. Please ensure that you include all information that is directly associated with my name, phone number, e-mail, or account number, as well as any other account identifiers that your company may associate with my personal information.
You are obligated to provide copies at a free or minimal cost within thirty (30) days in receipt of this message. If you choose to deny this request, you must provide a valid reason for doing so under Canada’s PIPEDA. Ignoring a written request is the same as refusing access. See the guide from the Office of the Privacy Commissioner at: http://www.priv.gc.ca/information/guide_e.asp#014. The Commissioner is an independent oversight body that handles privacy complaints from the public.
Please let me know if your organization requires additional information from me before proceeding with my request.
Here is information that may help you identify my records:
Full Name: [Name]
Account Number: [Number]
Email Associated With Account: [Email address]
Phone Number Associated with Account: [Phone number]
The following includes contact information for many of Canada’s telecommunications companies. It parallels the list of companies that Citizen Lab previously asked to voluntarily disclose how, how often, and why they share information with government agencies.
The Office of the Bell Privacy Ombudsman
160 Elgin St.
Ottawa ON K2P 2C4
Attn: Privacy Manager
1st Floor, Fort William Building
P.O. Box 2110
St. John’s, NL A1C 5H6
Attn: Privacy Officer
P.O. Box 8660, Station A
6080 Young Street, 8th Floor
Halifax, NS, B3K 5M3
COGECO CABLE INC.
Attn: Caroline Dignard, Chief Privacy Officer
5 Place Ville-Marie, Suite 1700
Montréal, Québec, H3B 0B3
Distributel Communications Limited. c/o Privacy Officer
177 Nepean St. Suite 300,
Ottawa, ON, K2P 0B4
Chief Privacy Officer
800 De La Gauchetière Street West
Montréal, Quebec, H5A 1K3
Allstream Privacy Officer
200 Wellington Street West, Suite 1200
Toronto, Ontario M5V 3G2
Primus Telecommunications Canada Inc.
Primus Legal Department c/o Privacy Officer
5343 Dundas Street West
Toronto, ON, M9B 6K5
Chief Privacy Officer
Rogers Group of Companies
333 Bloor Street East
Toronto, Ontario, M4W 1G9
Chief Privacy Officer
13th Floor, 2121 Saskatchewan Drive
Regina , SK. S4P 3Y2
Shaw Privacy Officer
630–3rd Ave. S.W.
Calgary, AB, T3P 4L4
TekSavvy Solutions Inc.
800 Richmond Street
Chatham, Ontario N7M 5J5
TELUS Communications Company Privacy Request Centre
PO Box 2590, Station M
Canada T2P 5J6
Attn: Alain Charlebois, Vice-President, Human Resources
612 St-Jacques Street West, 4th floor, North Tower
Montreal (Quebec) H3C 4M8
Globalive Wireless Management Corp.
Chief Privacy Officer
207 Queen’s Quay West
Suite 710, PO Box 114
Toronto, ON M5J 1A7
Xplornet Communications Inc.
Attn: Chief Privacy Officer
300 Lockhart Mill Road
P.O. Box 9060
Woodstock, NB, E7M 6B5
Why they spy on us all: it is cheap and easy.
Originally posted on Ashkan Soltani:
Graph showing the difference in hourly cost between various location tracking techniques.
The Yale Law Journal Online (YLJO) just published an article that I co-authored with Kevin Bankston (first workshopped at the Privacy Law Scholars Conference last year) entitled “Tiny Constables and the Cost of Surveillance: Making Cents Out of United States v. Jones.” In it, we discuss the drastic reduction in the cost of tracking an individual’s location and show how technology has greatly reduced the barriers to performing surveillance. We estimate the hourly cost of location tracking techniques used in landmark Supreme Court cases Jones, Karo, and Knotts and use the opinions issued in those cases to propose an objective metric: if the cost of the surveillance using the new technique is an order of magnitude (ten times) less than the cost of the surveillance without using the new technique, then the new technique violates a reasonable expectation of privacy. For example…
View original 304 more words
Publiée le 2014-01-06
How Should We Think About Freedom | Quentin Skinner
Quentin Skinner, Barber Beaumont Professor of the Humanities, Queen Mary University of London
November 8, 2013
In this lecture, Quentin Skinner, Barber Beaumont Professor of the Humanities at Queen Mary University of London, will discuss the concept of individual freedom, arguing that the usual practice of defining it in negative terms as “absence of interference” is in need of qualification and perhaps abandonment. Because the concept of interference is such a complex one, there has been much dispute, even within the liberal tradition, about the conditions under which it may be legitimate to claim that freedom has been infringed.
View more videos at https://video.ias.edu
Institute for Advanced Study, Einstein Drive, Princeton, New Jersey 08540 USA (609) 734-8000
The Cyber Index: International Security Trends and Realities
The Cyber Index is intended to serve as a “snapshot” of current cybersecurity activities at the national, regional, and international levels, to help policymakers and diplomats understand the complexity of the arena. In addition, the Index seeks to elucidate some approaches towards mitigating the risks of misperceptions in the cyber domain that threaten to elevate international tensions or perhaps even lead to conflict. The subject matter is multifaceted, highly complicated, and controversial—thus no one study could adequately cover all aspects in depth. Nonetheless, the Cyber Index will help to underpin ongoing discussions and debates by providing facts and fact-based analysis of today’s challenges and opportunities regarding international stability and security in the cyber domain.
National Capabilities, Doctrine, Organization and Building Transparency and Confidence for Cyber Security: An Assessment
Cyber Threats: Information as a Weapon?
As long as the US refuses to recognize foreigners’ Universal Human Rights Law, the US is in fact stimulating a balkanized Internet. because their arguments are morally and legally wrong.
Originally posted on National Post | Full Comment:
Over the past six months, the steady stream of disclosures from former U.S. National Security Agency (NSA) contractor Edward Snowden has revealed a massive surveillance infrastructure that seemingly touches all Internet and telephone communication across the globe.
While the issue has generated robust debates in many countries, the Canadian political response has been relatively quiet. In an effort to address the lack of oversight over Canadian surveillance activities, Liberal MP and former public safety minister Wayne Easter recently introduced Bill C-551, which would establish a National Security Committee of Parliamentarians.
The bill is a welcome move towards providing greater transparency and accountability for Canadian intelligence agencies, yet attention to oversight is not enough. We also need to address the legal framework under which these agencies operate, and the privacy protections granted to Canadians under the law.
This is true not only for Canada — our law’s 20th-century privacy protections are…
View original 777 more words
Originally posted on To Promote the Progress?:
Gabriel J. Michael / gmichael at gwu dot edu
Update 12/12: This post is now available in a significantly less technical form at The Washington Post’s Monkey Cage Blog. If you notice differences between the graphs, you’re paying attention. They exist for two reasons. First, in order to keep things understandable, I used simpler axis scales in the other piece. Second, MDS uses a simulation process to generate the positions of points on the graph. When combined with jitter, points shift slightly each time I reproduce the graphs, although not enough to affect substantive interpretation.
I could have normalized distances across chapters by dividing by the number of proposals per chapter. This would permit all graphs to use the same scale. However, it might also understate/overstate distances.
Please share widely and repost with attribution. This content is licensed CC BY-SA 3.0. Comments, suggestions, and criticism are welcome.
View original 2,009 more words
Taking note of the publication of the report, but unconvinced about the five priorities suggested below, in particular of the distinction between “collection” and “uses”:
Reinventing Privacy Principles for the Big Data Age – New Report
6 December 2013 Oxford Internet Institute
A report co-authored by OII Professor Viktor Mayer-Schönberger together with Professor Fred Cate of Indiana University) and Peter Cullen (General Manager, Trustworthy Computing Governance, Microsoft) and made public today (6 December 2013) through the Oxford Internet Institute sketches out core principles to protect information privacy in the age of Big Data.
The Data Protection Principles for the 21st Century report is based on a drafting workshop hosted by the Oxford Internet Institute, and co –chaired by Professors Mayer-Schönberger and Cate in January 2013.
Viktor Mayer-Schönberger, OII Professor of Internet Governance and Regulation, co-convener of the workshop, pointed at the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data that were first issued more than three decades ago in 1980 as an early and important framework of privacy principles. In the age of Big Data, however, these principles need to be augmented and improved to ensure that they remain relevant. “The OECD Privacy Principles served us well for the first decades of the digital revolution, but now they need updating, so that we can ensure effective privacy protection in the future – while enabling the many benefits (including for society) that Big Data promises to bring.”
The report offers five priorities in revising and updating the existing OECD principles, including:
Reduce the focus on data collection and the attending notice and consent requirements, and focus more on a practical assessment of the risks (and benefits) associated with data uses.
Eliminate or substantially reduce the role of the Purpose Specification and Use Limitation principles, which require a specific, articulated purpose for collecting personal data usually at the time of collection and restrict data uses to that purpose or related, “not incompatible” purposes.
Restore the balance between privacy and the free flow of information that was the original goal of the OECD Guidelines, and avoid suppressing innovation with overly restrictive or inflexible data privacy laws.
Make data users more accountable for the personal data they access, store, and use, and hold them liable when harm to data subjects occurs.
Adopt a broader definition of the “harms” that inappropriate uses of personal data can cause, and put in place practical frameworks and processes for identifying, balancing, and mitigating those harms.
The report is the most recent in a series of initiatives designed to make privacy protection more workable and more effective that began with global data protection dialogues convened in 2012 by Microsoft in Washington, D.C., Brussels, Singapore, Sydney, and São Paulo for small groups of leading regulators, industry executives, public interest advocates, and academic experts.
These events culminated in a global privacy summit in Redmond, Washington, at which Microsoft convened more than 70 privacy and data protection experts from 19 countries on five continents to consider the future of data sources and uses and practical steps to enhance privacy protection. The summit called for reexamination of the OECD Fair Information Privacy Principles in today’s report as well as the examination of data uses and impacts that is discussed in a companion report released today by Center for Applied Cybersecurity Research (CACR) at Indiana University. That report, too, is co-authored by Professors Cate and Mayer-Schönberger as well as Microsoft’s Peter Cullen and available online.
The next step in this reconsideration of privacy protection is a series of events focusing on assessing and managing risks surrounding the use of data. CACR hosted one of those events—a tutorial on risk management for data protection experts—in November and will be hosting another—a workshop to help create frameworks for identifying and assessing risks presented by data uses—in late spring 2014. Both events have been funded by The Privacy Projects.
F. H. Cate, P. Cullen, V. Mayer-Schönberger (2013) Data Protection Principles for the 21st Century: Revising the 1980 OECD Guidelines. Microsoft Corporation.
Oxford Internet Institute, University of Oxford, 1 St Giles Oxford OX1 3JS, United Kingdom Telephone: +44 (0)1865 287210 Fax: +44 (0)1865 287211 Email: firstname.lastname@example.org
Last updated on: 6 December 2013