Connect with us

Technology

Canadians up in arms: Privacy without consent and the dangerous precedent

Published

on

Canada data concept, DepositPhotos
Share this:

It’s the news that has taken Canada by storm of late, on Twitter, in the headlines, and in today’s parliamentary debate: Statistics Canada, Canada’s agency which issues statistical research on the state of Canada, its population, the economy and culture, unwittingly walked into the spotlight when Global News revealed the agency had asked TransUnion, a credit bureau that amasses credit information for many financial institutions to provide financial transactions and credit histories on approximately 500,000 Canadians, without their individual prior consent. The Liberal government has endorsed this move.

During the parliamentary debate, Conservative opposition Gérard Deltell declared,

If the state has no business in people’s bedrooms, the state has no business in their bank accounts either. There is no place for this kind of intrusion in Canada. Why are the Liberals defending the [Statistics Canada] indefensible? 

The data being demanded, according to Global News, consists of private information including name, address, date of birth, SIN, account balances, debit and credit transactions, mortgage payments, e-transfers, overdue amounts, and biggest debts on 15 years worth of data. Equifax, the other credit reporting agency that supports financial institutions in Canada has not been asked to provide data.

Francois-Philippe Champagne, Minister of Infrastructure and Communities was vague in his response. While he affirms StatsCanada’s upstanding practices in anonymizing and protecting personal data, he also admitted proper consent was not received,

StatsCan is going above the law and is asking banks to notify clients of this use. Stats Canada is on their side… We know data is a good place to start to make policy decisions in this country, and we will treat the information in accordance with the law. They can trust Statistics Canada to do the right thing.

Statistics Canada and the Liberal government failed to disclose the explicit use of this information, however,

By law, the agency can ask for any information it wants from any source.

I posed this question to former 3-term Privacy Commissioner, Ann Cavoukian, who currently leads the Privacy by Design Practice at Ryerson University, Toronto:

Ann Cavoukian Twitter

Ann Cavoukian Twitter

What’s troubling is that while the opposition cried foul, lashing out accusations of authoritarianism and surveillance, the latter outcome is not implausible.

According to Personal Information Protection and Electronic Documents Act (PIPEDA) Guidelines to Obtain Meaningful Consent, these are the main exceptions

  • if the collection and use are clearly in the interests of the individual and consent cannot be obtained in a timely manner;
  • if the collection and use with consent would compromise the availability or the accuracy of the information and the collection is reasonable for purposes related to investigating a breach of an agreement or a contravention of the laws of Canada or a province;
  • if disclosure is required to comply with a subpoena, warrant, court order, or rules of the court relating to the production of records;
  • if the disclosure is made to another organization and is reasonable for the purposes of investigating a breach of an agreement or a contravention of the laws of Canada or a province that has been, is being or is about to be committed and it is reasonable to expect that disclosure with the knowledge or consent of the individual would compromise the investigation;
  • if the disclosure is made to another organization and is reasonable for the purposes of detecting or suppressing fraud or of preventing fraud that is likely to be committed and it is reasonable to expect that the disclosure with the knowledge or consent of the individual would compromise the ability to prevent, detect or suppress the fraud;
  • if required by law.

For Statistics Canada, its broad legal reach is enough for the agency to circumvent explicit disclosure of data use and permission. This alone sets a dangerous precedent that wrestles with current European GDPR mandates, which will be referenced in the updated PIPEDA Act, at a time yet to be determined.

However, this privilege will not make StatsCanada immune to data breaches, but in fact, will make it a stronger target for data hackers. According to the Breach Level Index, since 2013 there have been 13+ billion records lost or stolen, with an average of 6.3+ million lost on a daily basis. The increasing centralization of data makes this more likely. For Statistics Canada, which has been collecting tax filings, census data, location, household, demographic, usage, health and economic data, it is increasingly amassing its data online. According to National Newswatch, the dwindling survey completions and costly census programs have necessitated a move to compile information from other organizations such as financial institutions, which come at more reasonable costs and better data quality.

If this is the catalyst to aggregate compiled information, with the goal of record linking, it will unearth significant privacy alarms in the process. For StatsCanada, which has received significant government support because of the critical information it lends to policy decisions, there are looming dangers of being the purveyor of every Canadian’s private information, beyond data breach vulnerabilities.

Anonymized Data Doesn’t Mean Anonymous Forever

I spoke to Alejandro Saucedo, the Chief Scientist at The Institute for Ethical AI & Machine Learning, a UK-based research center that develops industry standards and frameworks for responsible machine learning development and asked him to weigh in on this issue:

Canadians are rightly worried. It concerns me that StatsCanada is suggesting that just discarding names and addresses would be enough to anonymize the data. Not to point out the obvious, but data re-identification is actually a big problem. There have been countless cases where anonymized datasets have been reverse engineered, let alone datasets as rich as this one. 

Re-identification is used to reverse-engineer the anonymity data state and uses alternative data sources to link information to identity. Using publicly available data, easily found in today’s BigData environment, coupled with the speed of advanced algorithms, Saucedo points to successful attempts of re-identification: reverse engineering credit card data, or when this engineer was able to create a complete NYC taxis data dump of 173 million trips and fare logs by decoding the cryptographically secure hashing function that anonymized the medallion and taxi number.

Ethical hacks are not new to banking or any company that collects and manages significant data volumes. These are intentional hacks propagated internally and intentionally by corporations against their existing infrastructure to ensure mitigation of vulnerabilities on-premise and online. This practice ensures the organization is up to par with the latest methods for encryption and security as well as current breach mechanisms. As Saucedo points out:

Even if StatsCanada didn’t get access to people’s names (e.g. requested the data previously aggregated), it concerns me that there is no mention of more advanced methods for anonymization. Differential Privacy, for example, is a technique that adds statistical noise to the entire dataset, protecting users whilst still allowing for high-level analysis. Some tech companies have been exploring different techniques to improve privacy – governments should have a much more active role in this space.

Both Apple and Uber are incorporating Differential Privacy. The goal is to mine and analyze usage patterns without compromising individual privacy. Since the behavioral patterns are more meaningful to the analysis, a “mathematical noise” is added to conceal identity. This is important as more data is collected to establish these patterns. This is not a perfect methodology but for Apple and Uber, they are making momentous strides in ensuring individual privacy is the backbone of their data collection practices

Legislation Needs to be Synchronous with Technology

GDPR is nascent. Its laws will evolve as technology surfaces other invasive harms. Government is lagging behind technology. Any legislation that does not enforce fines for significant breaches in the case of Google Plus, Facebook or Equifax will certainly ensure business and government maintain the status quo.

Challenges of communicating the new order of data ownership will continue to be an uphill battle in the foreseeable future. Systems, standards and significant investment into transforming policy and structure will take time. For Statistics Canada and the Canadian government, creating frameworks that give individuals unequivocal control of their data require education, training, and widespread awareness. Saucedo concedes,

 A lot of great thinkers are pushing for this, but for this to work we need the legal and technological infrastructure to support it. Given the conflict of interest that the private sector often may face in this area, this is something that the public sector will have to push. I do have to give huge credit to the European Union for taking the first step with GDPR – although far from perfect, it is still a step in the right direction for privacy protection.

 (Update) As of Friday, November 1, 2018, this Petition E-192 (Privacy and Data Protection) was put forward to the House of Commons calling for the revocation of this initiative. 21,000 signatures have been collected to date. Canadians interested in adding their names to this petition can do so.
Petition to the House of Commons
Whereas:
  • The government plans to allow Statistics Canada to gather transactional level personal banking information of 500,000 Canadians without their knowledge or consent;
  • Canadians’ personal financial and banking information belongs to them, not to the government;
  • Canadians have a right to privacy and to know and consent to when their financial and banking information is being accessed and for what purpose;
  • Media reports highlight that this banking information is being collected for the purposes of developing “a new institutional personal information bank”; and
  • This is a gross intrusion into Canadians’ personal and private lives.
We, the undersigned, Citizens and Residents of Canada, call upon the Government of Canada to immediately cancel this initiative which amounts of a gross invasion of privacy and ensure such requests for personal data never happen again.

This post first appeared on Forbes.

Share this:

Technology

The importance of data access for digital initiatives

A new report from MuleSoft found that just 37% of organizations have the skills and technology to keep up with digital projects.

Published

on

Share this:

In a global survey of over 1,700 line of business employees in organizations with at least 250 employees, MuleSoft found that just 37% of organizations have the skills and technology to keep up with digital projects.

The resulting report — The State of Business and IT Innovation — reveals four key ideas that IT leaders need to know in order to drive digital innovation forward.

These four key findings are:

  • Collaboration is key 
    • 68% of respondents believe IT and LoB users should jointly drive digital innovation.
  • Keep up the pace 
    • 51% expressed frustration with the speed at which IT can deliver projects.
  • Integration challenge
    • 37% cite security and compliance as the biggest challenge to delivering new digital services, followed by integration (i.e. connecting systems, data, and apps) at 37%.
  • Data access
    • 80% say that in order to deliver on project goals faster, employees need easy access to data and IT capabilities.  

“This research shows data is one of the most critical assets that businesses need to move fast and thrive into the future,” said MuleSoft CEO Brent Hayward

“Organizations need to empower every employee to unlock and integrate data — no matter where it resides — to deliver critical, time-sensitive projects and innovation at scale, while making products and services more connected than ever.”

Want to read through the whole report? Download it from MuleSoft

Share this:
Continue Reading

Technology

Where is the financial value in AI? Employing multiple human-machine learning approaches, say experts

According to a new study, only 10% of organizations are achieving significant financial benefits with AI.

Published

on

Share this:

AI is everywhere these days — especially as we work to fight the spread of COVID-19

Even in the “before times,” AI was a hot topic that always found itself in the center of most digital transformation conversations. A new study from MIT Sloan Management Review, BCG GAMMA, and BCG Henderson Institute, however, prompts a crucial question:

Are You Making the Most of Your Relationship with AI?

Finding value

Despite the proliferation of the technology and increased investment, according to the report, just 10% of organizations are achieving significant financial benefits with AI. The secret ingredient in these success stories? “Multiple types of interaction and feedback between humans and AI,” which translated into a six-times better chance of amplifying the organization’s success with AI.

“The single most critical driver of value from AI is not algorithms, nor technology — it is the human in the equation,” affirms report co-author Shervin Khodabandeh.

 

View this post on Instagram

 

A post shared by MIT Sloan Management Review (@mitsmr)

From a survey of over 3,000 managers from 29 industries based in 112 countries — plus in-depth interviews with experts — the report outlined three investments organizations can make to maximize value:

  • The likelihood of achieving benefits increases by 19% with investment in AI infrastructure, talent, and strategy.
  • Scalability. When organizations think beyond automation as a use case, the likelihood of financial benefit increases by 18%.
  • “Achieving organizational learning with AI (drawing on multiple interaction modes between humans and machines) and building feedback loops between human and AI increases that likelihood by another 34%.”

According to report co-author Sam Ransbotham, at the core of successfully creating value from AI is continuous learning between human and machine:

“Isolated AI applications can be powerful. But we find that organizations leading with AI haven’t changed processes to use AI. Instead, they’ve learned with AI how to change processes. The key isn’t teaching the machines. Or even learning from the machines. The key is learning with the machines — systematically and continuously.” 

Continued growth

While just 1 in 10 organizations finds financial benefits with AI, 70% of respondents understand how it can generate value — up from 57% in 2017.

Additionally, 59% of respondents have an AI strategy, compared to 39% in 2017, the survey found. Finally, 57% of respondents say their organizations are “piloting or deploying” AI — not a huge increase from 2017 (46%). 

One of the biggest takeaways? According to co-author David Kiron, “companies need to calibrate their investments in technology, people, and learning processes.”

“Financial investments in technology and people are important, but investing social capital in learning is critical to creating significant value with AI.”

Share this:
Continue Reading

Technology

Bringing DX to the food supply chain in a pandemic

In a new paper, supply chain stakeholders share how COVID-19 has affected the transformation of the sector.

Published

on

Share this:

There’s little doubt that COVID-19 had a profound effect on the food supply chain.

As one example, just think back to roughly March of this year, when virus transmission was rapidly picking up speed. Remember the reports of food and beverage companies only producing their most popular or essential products? Or how it would take slightly longer than usual to restock certain products? What about the rush to integrate — or quickly improve the efficiency of — digital and e-commerce. 

Panning out a bit, think about food safety and quality professionals. The need to stay safe — and in many cases, stay at home — meant performing the very hands-on job of monitoring, auditing, inspecting at a distance, i.e. digitally. 

When the food supply chain was hit by storages, delays, breakdowns, and lockdowns, the end result was — like in so many sectors — a rapid digital transformation.

As The Food Safety Market — an SME-powered industrial data platform dedicated to boosting the competitiveness of European food certification — elaborates in a new discussion paper, “technology has played an important role in enabling business continuity in the new reality.”

The paper — Digital Transformation of Food Quality & Safety: How COVID-19 accelerates the adoption of digital technologies across the food supply chain — features industry experts from companies like Nestlé, Ferrero, PepsiCo, McCormick & Company, and more discussing the effects of the pandemic on the supply chain.

A few highlights from the paper:

  • John Carter, Area Europe Quality Director for Ferrero put the issue of food access into perspective at the start of his interview:

“The production of food defines our world. The effects of agriculture on our daily lives are so omnipresent that they can be easy to overlook; landscapes and societies are profoundly influenced by the need to feed our growing population. But much has been taken for granted. Only occasionally are we forced to consider: ‘where does our food come from?'”

  • Ellen de Brabander, Senior Vice President of R&D for PepsiCo provided insight on the cost benefits of digital transformation:

“The need for customization is a big driver for accelerating digital transformation and moving away from a ‘one size fits all’ approach. This means that the cost to develop and produce a product must be lower and digital technologies provide a clear opportunity here.” 

  • Clare Menezes, Director of Global Food Integrity for McCormick & Company brought up one area where digital tools need to go:

“There aren’t any areas where digital tools “fail”, but there is a need for tools that ‘prove out’ predictions around where the next integrity event will play out and how it could lead to quality or food safety failure. These tools are an obvious candidate for AI given the number of PESTLE factors that might come into play.” 

Want to read all of the interviews? Check out the paper here.

Share this:
Continue Reading

Featured