Thinking about privacy and security isn’t about just fighting cybercrime anymore – it’s about considering where our data is headed and how it’s being used.
That’s according to Michael Geist, Canada’s research chair on the Internet and e-commerce law. Thanks to Edward Snowden and his leaks of the National Security Agency (NSA)’s surveillance activities, people are increasingly on their guard – and there are probably many more stunning revelations on Canada’s role in all this, waiting to come to light, he said.
“The Internet is a friend. Clearly we can’t live without it, but there are foes,” said Geist, who is also a law professor at the University of Ottawa. “We often talk about cybersecurity, and the need for policies and agenda, but sometimes those foes are less clear and less obvious.”
Geist was delivering a keynote at Technicity 2013, an event by IT World Canada aiming to boost Toronto’s profile as a hub of the ICT sector. With this year’s event focusing on cybersecurity, he gave a comprehensive overview of where things stand in the privacy and security landscape.
While fighting cybercrime is still an important facet of security, there’s “an elephant in the room” – Snowden, and the revelations he uncovered on the NSA, he added.
“I think harder questions within our own communities, within our own country, of the role about our agency and our government within these activities, will have to be asked. And the bigger question is about the ramifications of these.”
For example, right now, one of the biggest shifts is within the cloud industry, he said.
Since Snowden came forward in May, many foreign companies have stopped hosting their data with U.S.-based cloud services providers. Many of them have become demanding their own local clouds, keeping their data within their own countries’ jurisdictions.
This isn’t the first time this has happened, Geist noted. About 10 years ago, the government of B.C. was seeking to outsource its healthcare management data, with two U.S. companies bidding for the contract.
However, the affected union stepped in, saying that would affect the privacy of that data. The upshot was that as a response, the provincial government ended up writing legislation, saying some of the data had to be kept local.
And while business customers are thinking more about their privacy and security, so are the big players in tech, Geist added. For example, this week Twitter Inc. announced it is now ramping up its encryption efforts as a strike back against the NSA. And Microsoft Corp. is also following suit. It has also said it will be encrypting some of its communications in its services.
“This suggests that we’re moving to a technological arms race, but while the arms race itself is no longer of tech companies and service providers, as against the criminals from a cybercrime perspective,” he said.
“Instead, rather amazingly … it seems to me, it’s against our own governments and the activities that are taking place by the organizations such as the NSA. It’s something not long ago, a few would have predicted, but it’s clear that’s what’s taking place … Just because you’re paranoid, doesn’t mean you’re wrong.”
Still, what needs to happen is a stronger response from lawmakers, Geist said. He pointed to some poor efforts, the Conservatives’ unveiling of Bill C-30, when then-public safety minister Vic Toews famously said, “You can stand with us, or with the child pornographers.”
But there are some laws that may be moving forward, he said. Though the Safeguarding Canadians’ Personal Information Act, or Bill C-12, died with the prorogation of Parliament last month, it wouldn’t surprise him if there was another privacy law forthcoming on the books. One of the key elements would be requiring organizations to disclose if they had had a data breach, he added.
And three years after Canada’s Anti-Spam Legislation received Royal Assent, the laws will finally go into effect, despite a “long and tortured history”, he added, with its task force banding together about a decade ago. The government will be unveiling its regulations “any day now,” he said, with the laws officially taking effect in 2014.
What this all means, he said, is that the Internet is a friendly force. However, it’s still riddled with regulatory challenges – especially now that people are more aware that their governments may be collecting their data. That prompted one attendee to ask, could we have foreseen our governments would be placing us under surveillance?
We could have “read the tea leaves,” Geist said, with some officials dropping hints here and there about metadata and other indicators. But that wasn’t the same as the furor Snowden created when he first leaked his information about the NSA.
“Without Snowden, this wouldn’t be possible. We wouldn’t be talking about this,” he said in an interview after his keynote. “Initially, [Snowden’s revelations] didn’t resonate with the average person, but now after months, there’s a steady stream of growing awareness.”
And while efforts by the Electronic Frontier Foundation are a good step forward, like its privacy policy template for governments, it’s only the beginning, Geist said. In the next six to 12 months, we may be seeing more of a push back, especially as foreign governments in Europe demand changes from the U.S.’ current surveillance policies.
And if there are more Canadian documents coming out, as journalist Glenn Greenwald has revealed, this won’t be the last we hear of this, he said.
“Our own government’s willingness to do anything about it will depend on the reaction, and I think there’s growing concern with the public. So it may say, let’s take a closer look at these kinds of issues … I think we may start seeing pressure for change.”
