Citadel of the Blogs The Inbox of the Internet (really)

thoughtful summary of Creative Commons licenses

interesting and insightful analysis of American air tactics over three decades or, how i stopped worrying and learned to love the bombing.

very impressive Egg stacking (kind of like design with dominoes but more interesting)

Semi-useful map of where and how evolution is taught in the US « strange maps

In any case, I strongly encourage you to check out the website itself. wow! what an interesting collection of maps. I liked Keroac’s hitch-hiking map. Where else on earth could I have seen that?

My organization has recently considered switching to Gmail to save money. Lots of privacy issues arising as a result.

One thing that puzzles me about privacy protection in regards to email is that it is not truly information that a service provider “collects”. If I apply for a service, I provide the company with my personal information (name, email, DoB, etc.) in order to set up the acccount. If it is a private company in Canada, this account information is protected under PIPEDA. If it is provided to a public institution, the account info is (generally) protected under FIPPA. But the email correspondence (as opposed to the account info itself) is not something I provide to the organization. Rather, it is simply what I do with their service. So it seems to me that email privacy protection is more likely subject to the service agreement I originally consented to when creating an account. Sound reasonable?

Regardless, opinion is divided on the validity of extra-territorial aspects of access/privacy legislation. In the case of the Patriot Act, any information stored in the US or on US-affiliated companies here in Canada are subject to it. But assuming the information can be mined, it is not clear what can truly come of this.

An interesting investigation by the Federal Privacy Commissioner has clarified foreign access to Canadian information under subpoena. This case pertained to SWIFT, the Society for Worldwide Interbank Financial Telecommunication, a European-based financial cooperative, that supplies messaging services and interface software to a large number of financial institutions in more than 200 countries, including Canada. The investigation arose because it was alleged that SWIFT inappropriately disclosed to the US Department of Treasury (UST) personal information originating from or transferred to Canadian financial institutions.

“Since her appointment, Ms. Stoddart [privacy commissioner for Canada] has raised concerns about the personal information of Canadians flowing across borders. In her Report, the Commissioner stressed that organizations operating and connected in a substantial way to Canada are subject to PIPEDA and they must abide by the Act. “Simply because companies might operate in two or more jurisdictions does not relieve them of their obligations to comply with Canadian law,” said Ms. Stoddart.”

In regards to Gmail, I think this gives us a framework to work with. While we can never guarantee what the American reaction will be, it is at least apparent what Canadian expectations are. So it is safe to predict that Canadians could “reasonably” expect privacy protection in their private, personal email hosted on Gmail.

But this report also showcases that the law (PIPEDA) does a reasonably good job protecting us from foreign non-state privacy invasions but not from foreign states.

“The American government obtained the information via a subpoena. Under PIPEDA, this made it acceptable, according to the Report of Findings. “Our Act has a provision that we respect subpoenas. We determined that these subpoenas were indeed valid and legal subpoenas,” said Klein. “PIPEDA provides for exceptions. It’s not as if SWIFT is selling the information.””

Sound reasonable? I’m not so sure. You decide.

[Update: In March ‘07, Michael Geist observed that Canada.com’s email privacy FAQ claimed that PIPEDA no longer applied once data was sent to the U.S. One week later, Canada.com had updated its FAQ and removed the references to PIPEDA and the suggestion that the Canada.com privacy policy no longer applies. Citing, David Fraser, “I’m pretty confident that you can’t wave a magic wand and say that PIPEDA no longer applies.”