Member of Parliament Connections

By: kent

25 Jul 2013

Our Members of Parliament are required to disclose their investments, liabilities, business activities, and received gifts. This is clearly a good practice, as it's nice to know who else our elected representatives are working for!

To make these disclosures available to the public, the federal Office of the Conflict of Interest and Ethics Commissioner maintains an online database with this information. As David Akin noted on the CivicAccess mailing list, this information has recently helped reporters confirm that:

  • Precisely 3 MPs have declared income of $10,000 a year or more from "speaking fees": Justin Trudeau, Marc Garneau, and Kirsty Duncan.
  • Two MPs appear be in trouble with Canada's tax collector (declaring a liability of $10,000 or greater to Canada Revenue Revenue Agency or its Quebec counterpart): Hoang Mai and Tyrone Benskin
  • One MP collects $10,000 or more a year in revenue from a Crown Corporation while voting on and participating in debates about that Crown Corporation's funding: Andrew Cash.

However, a small problem remains that this online database is rather difficult to browse and search. The data is also not available in any machine readable format. Thus, I decided to put together a little fix for this problem with:

  1. A scraper to pull together this information in machine-readable format (YAML);
  2. A parser to roughly determine all the proper nouns (ie. the businesses and organizations) mentioned in the disclosures (YAML; JSON); and
  3. An interactive visualization to help browse these connections between MPs and businesses.
  4. Click here to load up the visualization in a new tab. I highly recommend Chrome or Safari; Firefox will work, but it'll be quite sluggish! Yes, there're still a few glitches in places, such as text flowing off the page -- but hey, it's a quick hack-together in an evening and a half. Feel free to pull the code from GitHub.

The Case of the Missing Button

By: kent

10 Oct 2012

Whether you need a new phone number, a new phone, or simply wish to change your mobile services, you can do just about everything online these days, rather than needing to stay on hold for half an hour while you wait for assistance. This is wonderful. It's faster. It's easier. It's less prone to error.

However, there's one button you will never find on the website for your telecom service provider. As some of my blog readers already know, at the end of this month I will be moving to Democratic Republic of the Congo for a year. Thus, the time has come around once again when I need to cancel all of my telecommunications services. Try as I might, I could find no cancellation button anywhere in sight -- not for canceling my internet, not for canceling my phone.

An obvious reason for this missing button is that the telecom service providers want to convince you to change my mind. They can best do so voice-to-voice. It is widely known that the cancellation departments are authorized to give much better deals than the ordinary representatives, all in a bid to keep you on as a loyal customer.

However, it is quite possible there is a more nefarious reason as well: lowering their legal risks. Given that this scenario is where specialized and complicated deals are often made, and where last-ditch efforts to keep you as a customer occur, much more can go wrong. Perhaps the agent will misrecord your "customized deal" or simply mistype your cancellation date. Perhaps the agent has a performance review coming up and clicks the "Convinced customer to reconsider -- and got him to buy a new iPhone 5!" button rather than the "Customer canceled" button. In any case, with the conversation conducted entirely over the phone, with no paper trail or solid evidence, it's going to be difficult to point out any mistake. It will be your word against theirs.

This is not a good position to be in. Here, a person's most likely redress is a complaint through the CCTS -- but, given that they are an industry-sponsored organization, the CCTS is not exactly known to be the most consumer-friendly organization in the world. You need your i's dotted and t's crossed in any CCTS complaint -- "your word" is not likely to meet this threshold. Even after a lengthy process of filing a complaint, the CCTS may not side with you.

The best pro-active option to ensure a smooth cancellation is to keep everything in writing. Conduct your cancellation by e-mail. This is a perfectly valid and legal option -- but, alas, you need to be prepared to fight with your telecommunications provider about it. Telecom customer service representatives do not seem to take kindly to this evidentiary tactic; however, it's wise to insist upon it to ensure that you have evidence of everything agreed upon. From the experiences I've been having, insisting on a written record reminds me of the "I know you are but what am I game" that we played as children:

  • "We are unable to cancel services via e-mail"
  • No, there is absolutely nothing in our contract that says I cannot cancel by e-mail.
  • "We are unable to cancel services via e-mail"
  • No, actually, the Ontario Electronic Commerce Act is quite explicit that electronic forms of communications are legally binding and fully enforceable.
  • "We are unable to cancel services via e-mail"
  • Well, no, we've been through this, but can you provide any basis for this assertion?
  • "We are unable to cancel services via e-mail"

I've had to move around a lot over the last few years and this is the typical treament I have received -- from Rogers, Telus and Mobilicity. They are entirely wrong and misinformed, of course, but still frustratingly persistent with vague assertions that you can only cancel by phone. Unless there is wording to the contrary in your contract -- and I have never seen any such stipulation -- email cancellation is perfectly acceptable. For example, Telus' Service Terms state merely that you need to "notify TELUS". Without any stipulation as to how, using their very own secure online contact firm to cancel most certainly constitutes proper notification. Moreover, it is clear that a signed written letter would also be effective, given the strong legal history of signed letters constituting effective legal notice. By extension, email also has similar enforceability in any province that has enacted legislation based on the Uniform Electronic Commerce Act (“UECA”) (this is most provinces; in Ontario, it is the Electronic Commerce Act, 2000, SO 2000, c 17). This legislation establishes that electronic communications are functionally equivalent to paper ones.

However, as legally correct as one may be, this does not necessarily change the robotic-like repetition of a telecom customer service representative misstating the law. The best bet is probably to cancel via phone, but follow-up with a written confirmation by e-mail that one can point back to if any problem arises. If you're doing this, explicitly ask the telecom service provider to let you know if their understanding of your cancellation differs from what you have written in the email.

For myself, this particular time around, I needed to cancel both a Mobilicity phone and a Koodo phone. Mobilicity is already well into their incorrect "we are unable to cancel services via e-mail" routine and I'm waiting to hear back further. I would almost have given Koodo (a Telus-owned brand) some kudo's for properly acknowledging my e-mail cancellation. I wrote them on October 2nd to cancel for November 7th, and all seemed well. The response I received was "Your account will be cancel on November 7 2012." Great.

Unfortunately, my Koodo phone suddenly stopped working on October 7th instead of November 7th. Upon calling Koodo, the agent carefully explained to me that cancellations are always and unwaveringly effective at the end of the billing cycle in which you request them. "Are you telling me that a cancellation is effective at the end of the month, even if I clearly specify differently, and even if one of your customer service representatives confirms cancellation effective a different date?" "Yes, sir, we apologize for any misunderstanding". Sigh. This is not a misunderstanding, this is called your mistake, Koodo. After re-activating my service, the agent astonishingly then told me that my November 7 cancellation was also no longer effective and that I would have to call back later to re-cancel! Umm, really? Finally, I was transferred to the cancellation department to re-cancel after my canceled cancellation. I followed up by email, of course.

Lessons from the cancellation process? Well, even if exercising my right to cancel via email feels like hitting my head against a wall, I'll certainly always make sure to follow-up any voice conversation via email. While I am also tempted to never use Rogers, Telus, Koodo or Mobilicity again, options are getting thin. Maybe, just maybe, Wind can do better the next time I need a cell phone?

CanLII: Gratuit but not Free

By: kent

12 Aug 2012

There is an unfortunate confusion in the English language when it comes to the word "free". This word holds two related, but markedly different, connotations. The etymology of one meaning comes from the same root as "freedom" and refers to being free of restrictions. The other connotation denotes the availability of goods or services without cost. In free and open source software communities, you often hear these two meanings clarified as "free as in speech" versus "free as in beer".

In recent years, the Free Access to Law Movement (FALM) has gained a lot of interest and momentum. Which connotation does "Free" refer to here? In my opinion, it's crystal clear that this movement is about freedom.

The first and key indicator that I always flip to when I come across a policy document with the word "free" is the french language text. The French language carries no such confusion about the word free: each of the two meanings respectively translate to libre (free as in speech) and gratuit (free as in beer).

The declaration that launched the worldwide FALM movement at a meeting in Montreal in 1992 is entitled Déclaration de Montréal sur l'Accès libre au droit in the french text. The content of the declaration is also very much consistent with a freedom/libre-based interpretation.

With this in mind, when we turn to the policies of legal information databases in Canada, it quickly becomes clear that we don't have much of a Free Access to Law Movement in our country.

Now, our flagship project for helping provide the public with access to the law is CanLII. With the financial support of all lawyers through our respective law societies, this organization has done a wonderful and commendable job of expanding gratuit access to law in Canada. This is a great first step. However, CanLII does not go far enough. The organization has not substantively joined the Free Access to Law Movement yet and does not yet provide any libre access to the law. It would be great to see this change.

Putting an eye to CanLII's existing policies, the organization most often refers to participating in the mission for l'accès gratuit au droit, not the FALM's mission for l'Accès libre au droit. It's not clear why CanLII doesn't adopt the loftier mission for libre access, as this could produce so many more benefits.

Semantics aside, a quick survey of LII's around the world also shows that Canada's LII is amongst the group of LII's with the most restrictive and least free usage policies. Although several others such as AsianLII, AustLII (Australia), and BailLII have similarly non-free terms of use, quite a few LII's do much better in this respect. For example, the original U.S. LII out of Cornell places no restrictioons on access and explicitly licenses all value-added information under a Creative Commons license. The South African LII merely requires attribution.

CanLII imposes its restrictive terms of use on anyowe who conducts a search on CanLII or uses CanLII materials in a way that implicates copyright. You first of all agree to not use any "automated mechanism" or bulk download of any of the legal materials on CanLII. This immediately puts a major barrier in front of any citizen developer or entrepreneur who might otherwise wish to develop apps or websites to bring the public better or easier access to legal information.

The terms of use also explicitly and strongly reserve rights in CanLII's "website’s graphic, navigation and search tool design". Although the scope of this assertion remains ambiguous, it likely covers the icons and formatting that are so difficult to avoid when printing or distributing CanLII documents (difficult because the service also not provide any API or machine-readable metadata that would come free of such designs or trade-marks).

This lack of machine-readable data also poses another access barrier. CanLII sits on a data goldmine of metadata and data relationships, but at this point this is all strictly off-limits to the public.

It's a little disheartening to see the gutteral ownership impulse of "it's mine, hands off" prevelant in our business so quickly extend even to public interest organizations. One of the strongest justifications for even having a system of copyright is that we trade-off some the public interest in having free and open access to a work in exchange for the innovation incentive of a time-limited commercial monopoly. It's thus more than a little ironic when the public is making this trade-off in order to give a public-interest organization a monopoly to guard the very information it has a mission to free!

However, there's good news: these ownership restrictions are easy to remedy. A few terms of use tweaks here, and a small API release there...voila! A "CanLII Free Access to Law Portal" could lead the way in opening up the world's legal information. In fact, CanLII is apparently already contemplating providing an API -- let's just hope that they embrace open access and loosen their licensing restrictions at the same time.

Of course, CanLII is certainly not the only public sector party exercising an unnecessary protective impulse when it comes to legal data. One would think that if there was anything our governments would not try to restrict access to, it would be the laws of our country which everyone has a duty to know and follow. Nope. Sorry. Not the case. Nearly all the Queen's printers in Canada assert Crown Copyright and place numerous burdensome restrictions on legal documents. Now, I've heard the claim that this helps ensure accuracy in these materials; however, if this were the case, the only license restriction in place would be "accurate reproduction". Again -- not the case.

I would love to see LII's and government legal information providers borrow a page from the open data movement. If you provide it, the developers will come! This has largely been the case where governments have already opened up their non-legal data. The Open Government Data movement has spawned an ecosystem of innovative and user-friendly apps from citizen developers, non-profit groups, and entrepreneurs.

In the same way that the open government data movement has provoked developers to create and innovate, access to legal data could similarly lead a wave of apps to help citizens access the law. This could prove a huge boon to access to justice.

Evolving Democracy

By: kent

12 Aug 2012

Alright, back to the blog with a post on democracy! No, I'm not finished my novel -- but I have a solid start on it and decided I can't stay away from the blogosphere. I need it as at outlet to share my thoughts and ideas!

I want to talk about a couple initiatives I'm involved with in trying to bring Democracy 2.0 into reality. The core of our democratic process -- elections -- hasn't changed too much since it was first introduced in Athens around 500 B.C. It's well time for an overhaul.

Actually, our present "first-past-the-post" election system has been criticized since it's inception in ancient greece. Athenians smartly viewed this system as undemocratic, as it favoured the powerful and the wealthy. They preferred an alternative system called selection by allotment.

Incredibly, we're still using first-past-the-post for everything from resolutions in the corporate board room to political elections. Well, I've been working with a joint venture between PartyX and Evolition to finally try to change this.

In a decision making process, if any party or group carries 51% of a vote, this should entitle them to "have it their way" only 51% of the time -- not 100%. Clearly, we need better methods to make fairer and more balanced decisions. Thus, the key iniative of Evolition is to develop an innovative platform for fair collective decision making that moves away from flawed majority-vote systems.

My core participation in Evolition and PartyX is the development of Ethelo, the back-end voting software. Although the math gets a bit involved, the core principle of Ethelo is simple: it provides a way a way of saying "okay, I concede, we'll go with your choice this time -- but let's give my concerns and goals serious consideration next time around". With multiple decisions over time, Ethelo helps a group make choices that maximize the group's overall satisfaction, while minimizing any unfairness or marginalization of minority opinions.

This Ethelo engine -- along with a slick platform on top called PublicForums -- aims to make it easy for groups to use this fair voting process. Hopefully we'll start to see it everywhere from corporate board rooms to community groups, and optimistically even state governments.

Of course, when it comes to the government itself, a fair voting process is necessary but not sufficient to establish a truly participative Democracy 2.0. We need transparency so citizens can obtain the information they need to make sound voting decisions. We need a way for citizens to meaningfully communicate with legislators and administrative decision makers.

This is where a group called Open North is doing amazing work. They're first of all very active in the open data space, where they're helping bridge the informational divide between governments and citizens. They're accomplishing this with apps like Represent, MaMairie and Resto-Net. Open North is really the only group in Canada that I've seen pursue the full power of open data: the improvement government transparency. They're also trying to turn around the information flow between governments and citizens so that it's a two-way street. Projects such as CitizenBudget allow citizens to participate in government decision making.

The long list of work products from Open North's small non-profit team is really quite astounding (and I'd encourage everyone to help support their work if you like what they're doing). I've joined the board of directors OpenNorth and will be helping with legal issues and overall direction in their exciting upcoming initiatives.

The Threats

These last couple of months have seen no shortage of threats to the open internet. Most readers of this blog have probably heard about SOPA, the U.S. Congress's attempt to grant the government powers to censor websites. If it were not for the backlash that stopped the bill in its tracks, the U.S. government would have been able to force internet service providers to block domain names; essentially, ISP's would have needed to lie about the existence of any website that the government deemed blacklistable, all on the basis of questionable U.S. copyright policies.

The internet has been no safer on Canada's side of the border. Earlier this week, the government introduced "lawful access" legislation aimed at giving law enforcement wide surveillance powers, including authority to collect information on anyone using the internet -- without even so much as a warrant.

Such threats will continue next week. Tunisia's top court is set to rule on whether the Tunisian Internet agency can choose to censor websites they deem to be pornographic.

Now, fortunately, SOPA is dead. The Canadian government back-tracked is also back-tracking on their online spying proposals (though they have not promised to get rid of them). But the threats will keep coming.

The problem

Although these three aforementioned threats arise from different policy issues, they have roots in the same technology weaknesses: in each case, the proposed implementation relies on what I like to call "internet choke points".

Problematic state activities such as censoring and mass spying both rely on the state misappropriating points of the internet infrastructure in places where it can to exert power over a large number of internet users. In most cases, this point of power is an internet service provider, where the state can tap into the communications of all users and filter their traffic. In other cases, the power point could be the domain name system with its top-down architecture.

Like trying to fit a peg into a round hole, these internet choke points don't fit well with the internet's overall architecture and abilities. Like trying to fit a round peg in a square hole, these choke points end up ramming a power pyramid onto a beautifully interconnected rhizome.

Getting rid of the choke points

It doesn't have to be this way. The high density of connections on the internet means that it's easy to distribute infrastructure -- and therefore distribute power and freedoms. Protocols such as bittorrent and tor are already leading the way in flattening out the internet to a state where equality can thrive. However, we need to work on removing the remaining internet choke points and making the internet as peer-to-peer as possible.

I have a few ideas on how to do this, which I'll be sharing over the next few blog posts; once I finally finish my bar exams next month, I might even have time to implement some of them!

Canada's first namecoin DNS server!

Right now, however, I want to share a new initiative that's paving the way to removing the internet's archaic DNS pyramid. Based on bitcoin technology, namecoin is an entirely peer-to-peer DNS system. It creates a new set of ".bit" domains which anyone can obtain for next-to-nothing (other than a bit of technical know-how in its infancy right now) and which involves no single choke point of failure. I encourage you to check out how you can get on-board to browse ".bit" domains.

I've also setup and currently host Canada's first namecoin DNS server at Please feel free to use it! The easiest way to get started with namecoin is to simply point your network settings (or router settings) at this DNS server. You'll then be able to visit sites that have the “.bit” ending.

Last week, I discussed cutting the cord cable television and switching over completely to the internet. In this article, I talk about doing the same for the old telephone.

The Current Context

Remember back when long distance rates were sky-high? Well, I barely do, but I do remember they were high. Really high. Rates were a few dollars for a phone call lasting only a few minutes, even within Canada.

The reason? Largely, because the CRTC permitted only a single company to serve each area in Canada. These high rates are what happens in a monopoly market.

Granted, there were legitimate reasons for the monopolies. The infrastructure cost of creating a telephone network was enormous. But this is all history. In 1992, we got deregulation. The CRTC took down the walls and started allowing competition in the long distance market. Sure enough, long distance rates took a steep plunge.

Unfortunately, phone bills remained high! The Big Seven incumbent phone companies simply raised their local calling rates to compensate. The CRTC hadn't deregulated local phone plans, so the major phone companies were able to continue raking in revenues after a period of "rate rebalancing" in favour of higher local rates.

Finally, the CRTC did deregulate the local market in the late 1990's. Unfortunately, the local rates have still remained high, as the infrastructure cost of setting up local services has remained enormous. This fact has been true until recently -- that is, until the advent of high-quality VOIP (voice-over-IP internet phones).

With the help of the internet, it's finally time to take down the last barriers keeping the monopolies of the telecom era intact. Voice over the internet means zero infrastructure other than what's already there for the internet, leaving the market open for competition...right?

Right. Just about. There are still some regulations that are slowing VOIP uptake in Canada. For example, Skype blames these regulations for the lack of Skype-in in Canada. Canadians can make calls with Skype, but cannot get a local Skype phone number to receive calls.

Overall, I think Canadian VOIP services are merely slowed, but not halted. Other companies are taking the leap to comply with the CRTC regulations. Unlike the largely paternalistic regulation of the Broadcasting Act (thou-shalt-watch-Canadian-TV), I also actually have few qualms about these remaining VOIP regulations. Most of them are minimal and necessary. We're talking about essential services such as 911, and consumer protection measures such as requiring phone number portability.

The Solution

Excellent solutions to cutting your phone cord are already here. First, the cheapest way to take advantage is of VOIP is to make internet-to-internet calls. Both Google and Skype allow you to do this for free. The rates for this in Canada are as cheap as anywhere else. In fact, there is not even the possibility for any regulation to increase rates in Canada, as the Telecommunications Act only applies to a "transmission facility". This is the wires between any two points, but not the points themselves. The internet calls of Skype and Google only operate to connect people, but the companies own only servers to accomplish this task and no phone lines.

However, internet calls probably isn't enough for most people. As handy as it is to be able to call someone from my GMail sidebar, there's a lot of people that I'm never going to see there. A phone number is necessity.

Fortunately, there has recently been a small explosion of companies offering local phone numbers. I use Vbuzzer, paying all of $5 for my Ottawa phone number and an additional $15 for absolutely unlimited calling to anywhere in 32 countries. This is just the service I happen to use -- there are other similar services available.

Most of these VOIP services use the SIP protocol. You can get an app for an Android phone called CSimpleSIP that works seamlessly to receive and dial out phone calls. I have WIFI at home and at work, so can make calls at these locations for free, avoiding costly cellphone charges in addition to already avoiding the cost of a land line.

<Snip>, coaxial cable. <Snip>, telephone cord. It's all just internet now.

One cord for telephone, one cord for cable, and another for the internet. Why do we all have so many cords when it's all just internet in this modern day and age?

The short answer is, in fact, very short: money. The ability to bill you multiple times for the same product is a boon for cable and telephone companies. A consumer they can bill four times is a jackpot for these industry players. The quadruple sale of cable, phone, internet and wireless is commonly known in the industry as the "quadruple play". It's not clear whether the origin of this term derives from the baseball triple play, or from the fact that the consumer gets played -- four times.

All four of these services are simply an exchange of digital bits. I don't mind paying a reasonable fee to send and receive my 0's and 1's over the internet, but paying for different costly cable infrastructures that do the exact same thing is ridiculous. In this four-part blog series, I will discuss what's holding back the convergence of these services into one pipe. I will also discuss the available options for cutting the cord today. First up: cable television.

The Present Predicament

If you think that hefty cable bill you received last month was justifiable to pay for all the content you watched, think again. Under a basic cable package, you weren't paying for the content. Rather, you were paying for the distribution of the television signal. You paid the cable company to send you the cable signal down a coaxial cable, even though the internet could have sent you it just as well.

In fact, cable companies pay no more than a whopping $0.71 cents per subscriber to content providers for the rights in the basic content they send you (based on 2008 figures). The broadcasters providing the content have no choice but to license their broadcasts to the cable companies at this rock-bottom rate. Under the regime set out in the Copyright Act, this low royalty fee is set out by the Copyright Board (as the Retransmission of Distant Radio and Television Signals tariff).

Having to pay only this low fee, cable companies install receivers to pick up over-the-air signals which they then retransmit to their subscribers. They, of course, place many near the U.S. to pull in the coveted U.S. channels that us Canadians love. The cableco pays their $1, sends the signal to you for many many dollars, and walks away with a pocket full of money.

Normally, the marketplace in a capitalistic system corrects these market failures. However, in this case the cable companies have a natural monopoly. The cost of installing coaxial cables into every home is tremendous, creating a barrier to would-be market entrants.

Of course, there is no such barrier to internet distribution. You'd think that the grand monopoly of the cableco's would collapse under internet competition. You'd think quick-thinking entrepreneurs would pay the $1 content fee, stream television to internet users for $2, and collect a dollar from every single Canadian as they make the switch.

Well, entrepreneurs did just that. Back in 1999. In fact, these entrepreneurs didn't even charge their customers any money at all, but rather chose to support this low-cost operation through internet advertising.

The first of these, iCraveTV, became ensnared in legal battles in the U.S. and soon closed shop as a result. The company was unfortunately reckless about putting in place any safeguards to localize access to within Canada (the $1 royalty doesn't cover U.S. subscribers).

Next up, JumpTV came on the scene. Trying to avoid iCraveTV's mistakes, they proceeded to do everything by the book. However, before they could get off the ground, the legislature stepped in to put a stop to all this internet funny business. This was the kicker and the real set back for convergence and innovation: Parliament effectively banned use of the internet as a broadcasting pipe.

Parliament accomplished this ban in 2002 through a Catch 22 that's a devious mind would find quite beautiful in its circular form. With amendments to the Copyright Act by Bill C-11, An Act to Amend the Copyright Act, the low $1 content fee way snatched away from any broadcaster that transmits over the internet through reliance on the CRTC's New Media Exemption Order. That is, in simpler terms, Parliament told internet broadcasters to go ask the CRTC. The CRTC replied that they don't do internet licensing (they have still not created any new license categories for internet rebroadcasters nearly ten years later).

This may not be true for too many more years. The CRTC is once again taking a look at New Media in its current OTT ("over-the-top" video) hearings. Perhaps, in time, we'll see an end to the New Media Exemption in the next while and the establishment of new license categories -- though a much better solution would for Parliament to reconsider the door it slammed shut with its Copyright Act amendments.

For now, although regular broadcasts are off-limits for internet users, you can still cut the cable and partake in the over-the-top and internet video goodness that the CRTC is immediately discussing. Netflix reports to the CRTC that there is currently virtually no evidence of Canadian cord cutting. It's time for this to change. Let's cut 'em.

The Solution

While Netflix is the cord-cutting option that immediately comes to mind for those looking to cut the cord, the offerings of their Canadian version isn't exactly stellar or scissor-inducing.

However, there are other options. A surprisingly strong alternative (or a Netflix companion) is Boxee. On the plus side, it's also free (you can either buy the set-top box that the company offers, or simply download the software and install it onto any old computer or laptop with a tv-compatible output).

A couple weeks ago, I tried installing several other applications such as XBMC, but it appears only Boxee caters to Canadians. This software works by aggregating the many online offerings of websites that make videos available, such as CBC and CTV. Here are a couple screenshots demonstrating a few of the shows available:

Over-the-air is an another alternative not to pass up, especially now that Canada's digital tv transition is finally a go for August 31. For hi-definition lovers, keep in mind that over-the-air digital television is even better quality than it's HD cable counterpart (cableco's compress the signals a lot so as to fit them all down their one little pipe).

I get great over-the-air quality from a $50 Hauppauge WinTV antenna that I plug-in to the same old computer system on which I run Boxee. With the combination of the two, I get all the television I need.

While I'm admittedly not a television addict by any stretch, this setup is great if you only want a few basic channels and a reasonable selection of on-demand shows. Cutting the cable is a real option, right now.

For those television viewers that require more, you'll have to wait until the CRTC and Parliament stop protecting an obsolescent monopoly.

Groupon and Your Consumer Rights

By: kent

19 Jun 2011

Wired Magazine posted an intriguing article yesterday about some allegedly questionable business practices of Groupon, the group-buy website that has exploded in popularity over the past year. Consumer protection advocates Benjamin Edelman and Paul Kominers estimate that Groupon may potentially pilfer consumers out of $140 million in 2011.

Well...not quite. This hypothetical amount rests on the assumption that merchants collect tax on the full, undiscounted amount of a good or service. In the U.S., as well as for most cases for Groupon deals under Canadian tax law, merchants should only collect tax on the amount actually paid (not the regular-priced "value").

Groupon leaves the collection practices up to the individual merchants, who may or may not follow proper procedure in calculating the tax. Perhaps Groupon should take more initiative in properly educating its partners, but it is centainly not at fault per se for any miscollection of tax.

In fact, overall, Groupon's policies appear quite commendable from a consumer perspective. Their stated return policy is wide in scope: "if your Groupon experience ever lets you down, let us know and we'll refund your purchase. Period."

However, the one area where their practices do often fall short of consumer protection requirements is in the expiry date of coupons. For example, in Ontario, in spite of Groupon's stated coupon expiry dates, a longer expiration date is often applicable under the Consumer Protection Act, 2002, SO 2002, c 30 and associated regulations:

  • In the case of a Groupon that is for more than one good or service, or for a non-specific good or service, the Groupon does not expiry (CPAR, s. 25.1 & 25.3.)

  • In the case of a Groupon for one specific good or service, the merchant needs to give detailed information on delivery of the good or service, if it costs more than $50. This includes, among other details, their exact address, a detailed description of the services, the total price including any taxes, any additional charges that apply, and the exact date that the coupon is to be redeemed (CPA, s. 21(1), 22; CPAR, s. 23.1, 24). Unless all of these specific details are provided by the merchant and agreed upon, the coupon may be cancelled up to one year later (CPA s. 23, 26(1); see also CPA s. 26(4)). In my experience, Groupons for services never comply with this requirement; thus, you have the option to cancel within a year.

  • Only in the case of a Groupon for one specific good or service that costs under $50 (or where the exact date and details are pre-agreed upon) does Groupon's written expiry date fully apply.

In summary, I'd still give Groupon a B+ on their practices. Just watch out for the correct calculation of tax; also try to hit the expiry dates--but double check your rights before fretting about missed ones.

Securing Electronic Health Records

By: kent

19 Jun 2011

At the First Summit on the Future of Health Privacy last Monday, there was a lot talk of interesting talk about electronic health records, as these are are now being widely rolled out in the U.S. In general, I'm an advocate of technological solutions to policy problems, with the law to backup the technology where necessary. The privacy issues raised by electronic health records are no exception.

Professor Ross Anderson and several other speakers lent strong support to ensuring privacy through "system architecture". The essence of this proposal is that we should avoid central databases. Where a database is local to a particular clinic, hospital, or even municipality, the number of people with access to the database is inherently limited. Thus, the thinking is that The consequences of any data breach are likewise limited to only those patients in the database.

To illustrate the architectural problem, Ross gave a great example from the U.K. Within hours of a central health records system going live, one doctor had accessed the records of the Prime Minister, as well as that of many celebrities. With every doubling of the system size, you double the number of health professionals with access and double the likelihood of authorizing an unscrupulous individual.

This is the right type of thinking. However, although limiting the system size is one solution to this problem, it's not a great one overall. One of the key advantages of an electronic health records system is that it can allow patient data to be quickly and easily transmitted to where its needed. A doctor should be able to pull up the relevant and necessary health history data of an unconscious patient wherever it's needed. Patients should also be able to fill prescriptions at any pharmacies where they choose to give the pharmacy access to electronic prescriptions.

Location-restricting encryption

Fortunately, there's technological way to limit the scope of access to patient data, even while maintaining the convenience of a central database. In fact, this can be done with much better granularity than limiting access through system architecture to a particular region. The data needs to be encrypted, with careful consideration as to who is given the keys.

A first layer of encryption needs to mirror the security that architectural limits can provide. The read/write key should, in the first instance, only be accessible by a patient and her or his GP. The patient's health card should contain this key, giving the patient the ability to hand it over to any health clinic, hospital, or pharmacy that the patient visits. A patient's GP could also transmit to any health facility or pharmacy that requires it.

This effectively constrains the scope of an individual's records to only the places physically visited or otherwise authorized; this is much finer granularity than would be provided by limiting the size of a database, and with more flexibility.

No access by Data Providers

For these "location-restricting" keys, the data provider (where the records are stored) must NOT have access to them.

To illustrate, consider another great example from the U.K. that was discussed by Ross. A police officer asked a gynecologist for all health records of patients under the age of 16 years. The justification was that anyone under the age of 16 who has been involved in sexual relations has committed a crime. The doctor at the clinic rightfully refused and told the officer she'd see him in court. Problematically, could we really trust a network administrator at a data centre to do the same? It's important that the data centre itself is not able to access the records.

Additionally, where the keys are not even at the data centre, the information would not be compromised by unauthorized access. Quite frankly, I'd be very concerned about any type of electronic health record system whatsoever where the data is either unencrypted, or where the data provider has full access. With all the security breaches recently, including major banks and even the CIA, it would only be a matter of time before everyone's records would be compromised.

Access control

Of course, the scope of employees at a particular health clinic that has been given this encryption key is still a wide net. An audience member at the Health Privacy Summit, who worked at Oracle, noted that just about everyone from the top management down to the janitors at the U.S. Department of Veteran Affairs have access to the records there. There needs to be finer-grained control.

This is where a second layer of encryption comes in. The data provider needs to create services for granting and controlling access to different groups of personnel. Ideally, the data provider should provide a web portal through which a patient and a patient's doctor can monitor the various access grants.

Importantly, an access control system implemented in this manner inherently creates traceability. A data provider can easily record each access in an audit log. I think it's only reasonable that a patient should at least know who has access to this personal information records. If a medical insurance company provides health data to third parties for analysis, a patient should be able to track who this third party is and what records they are accessing. With access control, the data provider can even record what particular records any person accesses.

At the conference, there was also a lot of talk about data segregation. This technology allows different access controls on different health records. If a patient wants to hide certain records that are not relevant to a particular doctor, he or she can do so. It appears there are a lot if companies pouring a lot of money into these solutions.

A server-side access control system could seamlessly provide this type of control, although I'm not sure it's entirely necessary (and it could introduce another layer of complexity that must be dealt with by over-resourced doctors). I think it's much more important to control WHO has access, rather than WHAT they have access to.

Fiduciary Duties

The WHO of who has access should remain small. In fact, this WHO should only be people that can be trusted with the privacy of your health data. Primarily, this is the patients themselves and their own physicians. The law protects this trust between patients and their doctors by making it a fiduciary relationship, mandating the highest standard of care and good faith.

Doctors who are legally mandated with this high standard of care should be the only ones (other than patients) that can grant others access to health records. This is analogous to the paper-world, where doctors have physical control of health records and are responsible for who they give them to. If a doctor carelessly or needlessly distributes access to others, he or she would be in breach of fiduciary duties. A legal remedy would be available.

To recap, a first layer of encryption should provide data safety from unscrupulous law enforcement officers, compromised data centres, and anyone facility without the authority to access any particular patient's records. A second layer should provide access control on a person or group-based granularity, allowing access auditing and flexible security measures such as data segregation and the removal of previously-issued security certificates. This second layer should be controlled only by patients and their doctors, keeping control of the records within the trust circle of a fiduciary relationship.

Last week, the Electronic Frontier Foundation (EFF) launched The EFF Tor Challenge to encourage individuals and organization to setup Tor server relays. Tor is a P2P security network that permits users to protect online anonymity and to access an open internet. EFF writes:

  • Activists worldwide use Tor to protect their anonymity online and to circumvent Internet censorship. But they all rely on a limited number of user-provided "relays" to protect themselves and communicate with others. Internet users worldwide need your help to make the Tor network stronger and faster, so take the Tor Challenge today!

I've taken up this challenge to do my part in support freedom of expression online. The Tor relay took only 15 minutes to setup -- I'd encourage anyone with any extra server capacity and even a little bit of tech savvy to do the same. EFF has a how-to video; preferring a static document that I could keep glancing at, I personally chose to follow the Tor Project's instructions.

Of course, the Conservative government may force me to take my Tor relay down within the next couple months. An omnibus crime bill that the Conservatives have promised to push through this fall is likely to put a legal stopper on individuals running Tor servers in Canada.

This omnibus crime bill will most likely include a rehash of some previously proposed legislation which I've recently been looking in my work at CIPPIC. The government dubs it "Lawful Access", but, in a less Orwellian world, we would call it "State Surveillance". It sets out requirements for internet service providers, and other parties, to maintain the technological capability for police to conduct internet wiretaps. It also sets out how they must provide law enforcement with information on subscribers. Additionally, the proposals set out the various legal mechanisms by which police can gain access to this information -- in some cases, no warrant is necessary and even a hunch will do

Aside from the headline issues that have seen some public debate in the past, there are smaller but serious sideblows in the legislation that could severely impact some existing and emerging technologies. Although the proposed legislation provides many exemptions to its burdensome technological requirements for wiretap support, there are many organizations and technology enterprises that may still suddenly face the task of having to maintain wiretap capabilities. This is definitely not a task for the faint of heart, nor any organization with a shallow pocketbook. Simply put, the legislation could stifle many innovative ventures and technologies.

Tor is one such technology service caught in the legislation's overly wide net. Under Bill C-52, the Investigating and Preventing Criminal Electronic Communications Act, nearly anyone running a service, whether it's peer-to-peer or not, is a "telecommunications service provider" and must provide wiretap capabilities. For individuals with servers and non-profit advocacy groups, both of whom are amongst the primary supporters of Tor, there are no exemptions that apply. These individuals and organization will have to implement and maintain the capability to allow law enforcement to wiretap all communications.

Problematically, even if a wiretap setup is within your capabilities and budget, it would be highly problematic to leave such a gaping wiretap-able hole in your Tor relay. The compromised security would jeopardize those depending on the security of Tor.

Now, if you were considering setting up a Tor network, perhaps at this point you're heaving a sigh and thinking, "well, okay, I'll resign to just running my Tor relay as a middleman, not communicating with any end users." Unfortunately, even this will not protect you from the legal and technology burdens of the proposed legislation. Although exemptions exist for telecommunications middlemen, they only apply to servers "that do not modify particular communications transmitted and that do not authenticate the end users". A Tor relay encrypts the traffic, most likely placing it outside of the scope of this exception.

It is not clear whether the legislators intend to shutdown services such as Tor, or whether their inclusion is an oversight. In any case, I can assure you that these issues have not been debated in the legislature, nor will they be debated in any depth if the lawful access legislation is pushed quickly through with the government's omnibus crime bill. The heavy-handed lawful access legislation as previously proposed needs a sober, careful look and a substantive debate to consider all of its potential impacts.

Please setup a Tor relay now, then tell your MP that you want to keep running it!