Connect with us

Technology

Canadians up in arms: Privacy without consent and the dangerous precedent

Published

on

Canada data concept, DepositPhotos
Share this:

It’s the news that has taken Canada by storm of late, on Twitter, in the headlines, and in today’s parliamentary debate: Statistics Canada, Canada’s agency which issues statistical research on the state of Canada, its population, the economy and culture, unwittingly walked into the spotlight when Global News revealed the agency had asked TransUnion, a credit bureau that amasses credit information for many financial institutions to provide financial transactions and credit histories on approximately 500,000 Canadians, without their individual prior consent. The Liberal government has endorsed this move.

During the parliamentary debate, Conservative opposition Gérard Deltell declared,

If the state has no business in people’s bedrooms, the state has no business in their bank accounts either. There is no place for this kind of intrusion in Canada. Why are the Liberals defending the [Statistics Canada] indefensible? 

The data being demanded, according to Global News, consists of private information including name, address, date of birth, SIN, account balances, debit and credit transactions, mortgage payments, e-transfers, overdue amounts, and biggest debts on 15 years worth of data. Equifax, the other credit reporting agency that supports financial institutions in Canada has not been asked to provide data.

Francois-Philippe Champagne, Minister of Infrastructure and Communities was vague in his response. While he affirms StatsCanada’s upstanding practices in anonymizing and protecting personal data, he also admitted proper consent was not received,

StatsCan is going above the law and is asking banks to notify clients of this use. Stats Canada is on their side… We know data is a good place to start to make policy decisions in this country, and we will treat the information in accordance with the law. They can trust Statistics Canada to do the right thing.

Statistics Canada and the Liberal government failed to disclose the explicit use of this information, however,

By law, the agency can ask for any information it wants from any source.

I posed this question to former 3-term Privacy Commissioner, Ann Cavoukian, who currently leads the Privacy by Design Practice at Ryerson University, Toronto:

Ann Cavoukian Twitter

Ann Cavoukian Twitter

What’s troubling is that while the opposition cried foul, lashing out accusations of authoritarianism and surveillance, the latter outcome is not implausible.

According to Personal Information Protection and Electronic Documents Act (PIPEDA) Guidelines to Obtain Meaningful Consent, these are the main exceptions

  • if the collection and use are clearly in the interests of the individual and consent cannot be obtained in a timely manner;
  • if the collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;
  • if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records;
  • if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
  • if the disclosure is made to another organization and is reasonable for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that the disclosure with the knowledge or consent of the individual would compromise the ability to prevent, detect or suppress the fraud;
  • if required by law.

For Statistics Canada, its broad legal reach is enough for the agency to circumvent explicit disclosure of data use and permission. This alone sets a dangerous precedent that wrestles with current European GDPR mandates, which will be referenced in the updated PIPEDA Act, at a time yet to be determined.

However, this privilege will not make StatsCanada immune to data breaches, but in fact, will make it a stronger target for data hackers. According to the Breach Level Index, since 2013 there have been 13+ billion records lost or stolen, with an average of 6.3+ million lost on a daily basis. The increasing centralization of data makes this more likely. For Statistics Canada, which has been collecting tax filings, census data, location, household, demographic, usage, health and economic data, it is increasingly amassing its data online. According to National Newswatch, the dwindling survey completions and costly census programs have necessitated a move to compile information from other organizations such as financial institutions, which come at more reasonable costs and better data quality.

If this is the catalyst to aggregate compiled information, with the goal of record linking, it will unearth significant privacy alarms in the process. For StatsCanada, which has received significant government support because of the critical information it lends to policy decisions, there are looming dangers of being the purveyor of every Canadian’s private information, beyond data breach vulnerabilities.

Anonymized Data Doesn’t Mean Anonymous Forever

I spoke to Alejandro Saucedo, the Chief Scientist at The Institute for Ethical AI & Machine Learning, a UK-based research center that develops industry standards and frameworks for responsible machine learning development and asked him to weigh in on this issue:

Canadians are rightly worried. It concerns me that StatsCanada is suggesting that just discarding names and addresses would be enough to anonymize the data. Not to point out the obvious, but data re-identification is actually a big problem. There have been countless cases where anonymized datasets have been reverse engineered, let alone datasets as rich as this one. 

Re-identification is used to reverse-engineer the anonymity data state and uses alternative data sources to link information to identity. Using publicly available data, easily found in today’s BigData environment, coupled with the speed of advanced algorithms, Saucedo points to successful attempts of re-identification: reverse engineering credit card data, or when this engineer was able to create a complete NYC taxis data dump of 173 million trips and fare logs by decoding the cryptographically secure hashing function that anonymized the medallion and taxi number.

Ethical hacks are not new to banking or any company that collects and manages significant data volumes. These are intentional hacks propagated internally and intentionally by corporations against their existing infrastructure to ensure mitigation of vulnerabilities on-premise and online. This practice ensures the organization is up to par with the latest methods for encryption and security as well as current breach mechanisms. As Saucedo points out:

Even if StatsCanada didn’t get access to people’s names (e.g. requested the data previously aggregated), it concerns me that there is no mention of more advanced methods for anonymization. Differential Privacy, for example, is a technique that adds statistical noise to the entire dataset, protecting users whilst still allowing for high-level analysis. Some tech companies have been exploring different techniques to improve privacy – governments should have a much more active role in this space.

Both Apple and Uber are incorporating Differential Privacy. The goal is to mine and analyze usage patterns without compromising individual privacy. Since the behavioral patterns are more meaningful to the analysis, a “mathematical noise” is added to conceal identity. This is important as more data is collected to establish these patterns. This is not a perfect methodology but for Apple and Uber, they are making momentous strides in ensuring individual privacy is the backbone of their data collection practices

Legislation Needs to be Synchronous with Technology

GDPR is nascent. Its laws will evolve as technology surfaces other invasive harms. Government is lagging behind technology. Any legislation that does not enforce fines for significant breaches in the case of Google Plus, Facebook or Equifax will certainly ensure business and government maintain the status quo.

Challenges of communicating the new order of data ownership will continue to be an uphill battle in the foreseeable future. Systems, standards and significant investment into transforming policy and structure will take time. For Statistics Canada and the Canadian government, creating frameworks that give individuals unequivocal control of their data require education, training, and widespread awareness. Saucedo concedes,

 A lot of great thinkers are pushing for this, but for this to work we need the legal and technological infrastructure to support it. Given the conflict of interest that the private sector often may face in this area, this is something that the public sector will have to push. I do have to give huge credit to the European Union for taking the first step with GDPR – although far from perfect, it is still a step in the right direction for privacy protection.

 (Update) As of Friday, November 1, 2018, this Petition E-192 (Privacy and Data Protection) was put forward to the House of Commons calling for the revocation of this initiative. 21,000 signatures have been collected to date. Canadians interested in adding their names to this petition can do so.
Petition to the House of Commons
Whereas:
  • The government plans to allow Statistics Canada to gather transactional level personal banking information of 500,000 Canadians without their knowledge or consent;
  • Canadians’ personal financial and banking information belongs to them, not to the government;
  • Canadians have a right to privacy and to know and consent to when their financial and banking information is being accessed and for what purpose;
  • Media reports highlight that this banking information is being collected for the purposes of developing “a new institutional personal information bank”; and
  • This is a gross intrusion into Canadians’ personal and private lives.
We, the undersigned, Citizens and Residents of Canada, call upon the Government of Canada to immediately cancel this initiative which amounts of a gross invasion of privacy and ensure such requests for personal data never happen again.

This post first appeared on Forbes.

Share this:

Technology

Avoiding the falsification of medicines with blockchain

Published

on

pharmaceuticals
Share this:

Counterfeit medicines are a problem around the world, with many producers of false medicines attempting to illegitimate drugs from pharmaceutical companies. Blockchain could be the answer to stem the tide and the U.S. FDA are interested.

Concerns with falsified medicines extend to where drugs which are targeted at those who are seriously ill. These types of medicines may be contaminated or they can contain the wrong ingredient or no active ingredient at all. Alternatively, the drugs may have the right active ingredient but at the wrong dose. In other words, such medicines may harm the patient or exert no beneficial effect at all.

The rise in counterfeit medicines is linked to a general increase in the number of people using the Internet to purchase commodities and this includes those using the Internet to self-diagnose and self-prescribe. This practice can lead to people purchasing ineffective medicines; medicines that normally require a prescription; or purchasing what they think are legitimate medicines but which are in fact fake.

For many years regulators, such as the U.S. Food and Drug Administration (FDA), Health Canada and the European Medicines Agency have taken measures to prevent counterfeit medicines from entering the drug supply chain. One such example of a practice designed to reduce counterfeiting is by implementing product serialization. Serialization requires a comprehensive system to track and trace the passage of prescription drugs through the entire supply chain.

An alternative could be based on blockchain. “Blocks” on the blockchain are made up of digital pieces of information, which store information about transactions, say the date, time, and transaction price. Blocks also store information about who is participating in transactions, and information that distinguishes the block from other blocks. The system is designed to provide transparency and security.

In theory, with a pharmaceutical blockchain it would be impossible to tamper with a medicine or to swap legitimate medicines with fake medicines. In addition, someone purchasing a medicine would be able to assess where the medicine came from (that is, did it come from a bona fide manufacturer?)

It is for this reason that the U.S. FDA is examining the potential for blockchain, as Engadget reports. The federal agency has begun a pilot program that enables the drug supply chain explore ways to track prescription medicine.

According to the FDA, blockchain will enable the “use of innovative and emerging approaches for enhanced tracing and verification of prescription drugs in the U.S. to ensure suspect and illegitimate products do not enter the supply chain.”

Pharmaceutical companies have until March 11, 2019 to apply. The pilot will not produce actionable results until 2023. In the meantime, more conventional methods for seeking to eliminate counterfeit medicines will have to suffice.

Share this:
Continue Reading

Agriculture

Big data analytics provides first world vegetation maps

Published

on

agriculture
Share this:

Artificial intelligence and big data analytics have been applied to produce the first global map of the world’s regions where vegetation can and cannot be grown.

The Valencia University study assesses the global abundance of the phosphorus and nitrogen content in vegetation. Also assessed is the efficiency in water use. The scientists’ aim is to show where the best places are for agriculture and where environmental conditions are changing in response to climate change. The application of artificial intelligence and big data methodologies also enables an assessment to be made of our planet’s biodiversity.

Together with carbon, hydrogen, oxygen and sulfur, nitrogen and phosphorus are the principal chemical elements incorporated into living systems. They are strong signals of the suitability of different parts of the Earth for agriculture. Both nitrogen and phosphorus are needed by plants in large amounts (although excessive quantities can also cause environmental damage). In soil, nitrogen and phosphorus are typically found in the form of nitrates and phosphates.

The new global maps produced by the researchers gathered information from Google mass satellite observation data and then used a specially developed artificial intelligence program to assess the data and produce the color-coded maps. The satellites gathered temporal and spatial observations, and this produced a series of maps characterizing different biophysical parameters. To develop the maps required numerous observation-measurement pairings to be number crunched.

Speaking with Phys.org, lead researcher Álvaro Moreno explained why the maps were significant: “Until now, it was impossible to produce these maps because the required conditions weren’t available. We didn’t have powerful and accurate machine learning statistical tools, nor did we have access to great bodies of data or cloud computing.”

The new maps and the process behind them are published in the journal Remote Sensing, in a paper titled “Regional Crop Gross Primary Productivity and Yield Estimation Using Fused Landsat-MODIS Data” and an companion article in Remote Sensing of Environment titled “A methodology to derive global maps of leaf traits using remote sensing and climate data.”

The next steps are to use the technology to further assess the impact of climate change and to assess other important societal and ecological questions like the pressure on food production to meet population growth and the development of new technologies, like biofuel production.

Share this:
Continue Reading

Culture

Which innovations will shape Canadian industry in 2019?

Published

on

Canada
Share this:

Canada is in the midst of an economic shift. New and traditional industries are increasingly being driven by innovation and these advances in technology are shifting the economic landscape at an unprecedented pace.

This is the assessment by Borden Ladner Gervais, which is Canada’s largest law firm. The company has issued a new thought leadership report, titled “Top Innovative Industries Shaping the Canadian Economy”.

The report weighs in on the opportunities and risks Canada faces in order to maintain its status as an international leader in innovation across eight key industries: cybersecurity, the Internet of Things, smart cities, cryptocurrency and blockchain, autonomous vehicles, fintech, renewable energy and cannabis.

To find out more about the report and its implications for Canadian businesses, Digital Journal spoke with Andrew Harrison, a partner at BLG.

Digital Journal: Where does Canada stand as a global tech innovator?

Andrew Harrison: Canada has always been at the forefront of innovation. Products developed by Canadians or Canadian companies encompass a variety of industries and include medicinal insulin, the snowmobile, the telephone, the pager, BlackBerry Messaging, IMAX, the Canadarm and the goalie mask, to name a few. Canadians are also fast adopters of new technologies; email money transfer between individuals, which was inconceivable only a few years ago, has been used by 63 per cent of Canadians.

This is why Canada is recognized worldwide for its research and technological know-how, but we have to be mindful of the challenges in a global competitive market.

DJ: What potential does Canada have to grow faster? Is this sector specific?

Harrison: Canada is well positioned to succeed and take the lead in all innovative industries, but there are definitely sector-specific challenges that could limit this growth. For example, the lack of regulation as to whether cryptocurrencies are considered securities or not is creating uncertainty, which may restrain investment in this sector.

DJ: What are the risks that could hamper innovation and development?

Harrison: For any new product, financing is always an issue; with innovation, money becomes an even more crucial element. Companies must have access to capital – including from individual and institutional investors – if they want to bring their innovative product/process to life. Evolving politics and policies can also have a significant impact.

DJ: What framework will Canada need in the future to secure its innovation potential?

Harrison: The key element is finding a proper balance between regulating the issues that might be created by the innovation itself or its use and providing a space where innovations can thrive without too many restrictions.

DJ: What does the Canadian government need to do?

Harrison: In many cases, laws and regulations were enacted long before we saw these innovative technologies and products brought to life, so they need to be updated. In certain sectors, such as cryptocurrencies and autonomous vehicles, the Canadian government has yet to provide a framework that would define the playing rules for all participants.

The government will also need to take a look at its current regulations on privacy: the coming into force in May 2018 of the European General Data Protection Regulation (“GDPR”) and recent high-profile data breaches have created the need for stronger privacy guidelines. Failure to do so could prevent Canadian businesses from accessing the European market.

DJ: What can academia contribute?

Harrison: Universities play a big role in fostering innovation – they could be the home of research and innovation and incubators of ventures, entrepreneurs, and tech talent. Universities can partner with industry players and have their researchers work closely to solve key industry issues. This is already happening in Canada. The Smith School of Business and Scotiabank, for instance, have partnered to set up the Scotiabank Centre of Customer Analytics at Smith School of Business to bring together professors, graduate students and analytics practitioners to collaborate on applied research projects in customer analytics. The academia plays a big role in creating an innovation ecosystem.

DJ: What is Canada’s most pressing technological need?

Harrison: There is still much work to be done to connect with Canada’s rural and remote communities. In 2016, the Canadian Radio-television and Telecommunications Commission (CRTC) declared that broadband Internet amounted to an essential service and adopted minimal performance standards across Canada: 50 megabit per second download and 10 megabit per second upload. However, the evidence presented to the Committee by a variety of stakeholders shows that the digital divide remains prominent in Canada – it is estimated that it will take roughly 10 to 15 years for the remaining 18% of Canadians to reach those minimums. Canada needs to develop a comprehensive rural broadband strategy in partnership with key stakeholders and make funding more accessible for small providers.

DJ: What type of investment is needed with skills and training?

Harrison: Canada has a serious shortage of tech talent, which makes it imperative for both the government, the education, and the business sector to invest in raising and fostering STEM talents. To help businesses attract the talent they require, the federal government is offering hiring grants and wage subsidies to offset payroll costs for recent post-secondary STEM students and graduates.

Share this:
Continue Reading

Featured