Over the past week, there has been considerable debate among privacy advocates about the comments made by a senior U.S. security official at a conference in October. A portion of his speech is copied below:

Donald Kerr, the principal deputy director of national intelligence, at the 2007 GEOINT Symposium, October 23, 2007 in San Antonio:

“When I’m at work, and throughout my day, security is safety, as a barrier against physical or emotional harm. When I go home at night, security is privacy, as an expectation of freedom from unnecessary burdens. In the intelligence community, we have an obligation to protect both safety and privacy…..

concern for privacy. Too often, privacy has been equated with anonymity; and it’s an idea that is deeply rooted in American culture. The Long Ranger wore a mask but Tonto didn’t seem to need one even though he did the dirty work for free. You’d think he would probably need one even more. But in our interconnected and wireless world, anonymity – or the appearance of anonymity – is quickly becoming a thing of the past…

Anonymity results from a lack of identifying features. Nowadays, when so much correlated data is collected and available – and I’m just talking about profiles on MySpace, Facebook, YouTube here – the set of identifiable features has grown beyond where most of us can comprehend. We need to move beyond the construct that equates anonymity with privacy and focus more on how we can protect essential privacy in this interconnected environment.

Protecting anonymity isn’t a fight that can be won. Anyone that’s typed in their name on Google understands that. Instead, privacy, I would offer, is a system of laws, rules, and customs with an infrastructure of Inspectors General, oversight committees, and privacy boards on which our intelligence community commitment is based and measured. And it is that framework that we need to grow and nourish and adjust as our cultures change.

I think people here [at the 2007 GEOINT Symposium], at least people close to my age, recognize that those two generations younger than we are have a very different idea of what is essential privacy, what they would wish to protect about their lives and affairs. And so, it’s not for us to inflict one size fits all. It’s a need to have it be adjustable to the needs of local societies as they evolve in our country. Eventually, we can only hope that people’s perceptions – in Hollywood and elsewhere – will catch up.

Our job now is to engage in a productive debate, which focuses on privacy as a component of appropriate levels of security and public safety…”

On the second day of the Terra Incognita conference, we had the opportunity to hear about recent innovations in radio frequency identification tags (RFIDs).

RFIDs have been presented as a tremendous technological advancement that will help companies large and small track their inventory, expedite shipments and protect goods in a retail environment. By design, they are also tracking devices. This can have an effect on personal privacy if RFID technology is linked to information that can identify an individual.

Two distinct perspectives were presented. Dr. Kathryn Albrecht, the Director of Consumers Against Supermarket Privacy Invasion and Numbering, delivered a critical broadside against radio tags and their consumer applications. On the other hand, Dr. Ann Cavoukian, the Information and Privacy Commissioner of Ontario, argued the benefits of building privacy guarantees into technologies such as RFIDs. She focused specifically on her Office’s work and the development of the IPC Privacy Guidelines for RFID Information Systems.

We have transferred both Dr. Albrecht and Dr. Cavoukian’s presentations to video.google.ca. They are embedded below as well.

In addition, the Conference research papers and presentations on RFIDs are available online.

As part of the Office of the Privacy Commissioner’s outreach effort, we are exploring other vehicles for communicating important privacy issues. We have already begun this blog, are experimenting with videos on YouTube and Google Video, and now have finished a Flash presentation.

The Flash presentation found below asks “what would you want a friend of a friend of a friend to know about you?” From our point of view as privacy advocates, a lot of online users do not take the time to really read and understand the user agreements required by all social networks. As online media consumers, we are used to “clicking” a box and ignoring the text inside.

It’s becoming obvious that a lot of Canadians - and others - are signing over their privacy rights to these companies in exchange for access to increasingly popular social networks.

This is a choice they can make, but we would hope that people would take a minute to think about their choices - and how much information they end up handing over to corporations, advertisers and marketing companies.

View the presentation: What does a friend of a friend of a friend need to know about you?

Last week, British Prime Minister Gordon Brown spoke on the subject of liberty - a wide ranging speech that touched on British constitutional history as well as modern concepts of liberty, privacy and access to information.

It’s important to remember that the British system of laws and government is different to the Canadian system, but we have similar values about privacy, access to information and liberty.

“… I want to explore how together we can write a new chapter in our country’s story of lliberty - and do so in world where, as in each generation, traditional questions about the freedoms and responsibilities of the individual re-emerge but also where new issues of terrorism and security, the internet and modern technology are opening new frontiers in both our lives and our liberties…

… In my view, the key to making these hard choices in a way that is compatible with our traditions of liberty is to, at all times, apply the liberty test, respecting fundamental rights and freedoms, and wherever action is needed by government, it never subjects the citizen to arbitrary treatment, is transparent and proportionate in its measures and at all times also requires proper scrutiny by, and accountability to, Parliament and the people…

… The information age has, as Tom Friedman has so well drawn out, flattened hierarchies and potentially increased the power of all citizens. So we should not fear the advent of the information age - and it should not lead us to abandon or fear for our values - but at the same time I believe we require a new and imaginative approach to accountability and to winning people’s trust in the ways in which information is held and used…” (Text of Speech)

On the second day of our conference, Professor Valerie Steeves spoke about how children interact with popular sites like Webkinz, Neopets and Barbie Girls. We have already provided a brief summary of her presentation and her fellow speakers on the subject, but thought you would like to see her speech. The presentation deck she used for her speech, and to which she refers, is also available online.

As we mentioned several weeks ago, Michael Chertoff spoke at the opening session of the 29th International Conference of Data Protection and Privacy Commissioners.

The Secretary of Homeland Security spoke about the tension between privacy and security, and questioned whether every step taken to strengthen national security must come at the expense of privacy? A few more details are available on the Secretary’s own blog.

Today, we finally uploaded his 30 minute speech. It’s available on video.google.ca, and we’ve embedded it below as well.

Parliament passed Canada’s public sector privacy law back in 1982 – the same year the Commodore 64 computer hit the market. At the time, both were considered pioneering.

The Commodore 64, which looked like an over-sized keyboard and had 64 KB of RAM and a 1-Mhz chip, was the first affordable computer designed for home use. This Canadian invention has often been compared to the Ford Model T.

The passage of the Privacy Act marked the first time in Canada that privacy was dealt with under separate legislation. Until then, more limited privacy protections were provided as an appendage to the Canadian Human Rights Act. Privacy rights had taken an important step forward.

But that was a quarter century ago. Back in 1982, Time magazine broke with its tradition of naming a “Man of the Year,” instead naming the computer as its “Machine of the Year.” Time’s article, which described how the computer had become a tool for the masses, was written on a typewriter.

Times have changed – and so too has the privacy environment. Technology has created new and complex privacy issues.

In 1982, the Internet, global positioning systems, Radio Frequency Identification Devices (RFIDs), cross-border outsourcing and data mining were novel ideas. Today, these technologies are commonplace and are the key issues keeping privacy advocates up at night. Another generation of technologies that carry privacy risks – brain scans and smart dust, for example – is just around the corner.

The privacy challenges for government today are compounded by increased globalization and heightened concerns over national security in the wake of the 9-11 terrorist attacks.

The Privacy Act was not designed to address the era we now live in and it is not up to the job of protecting Canadians in this changed world. In fact, it has been desperately out of date for many years.

Proposals for reforming the Act date back to 1987. Unfortunately, successive federal governments have not heeded the numerous – and increasingly urgent – calls for improvements.

Canada’s private-sector privacy law, the Personal Information Protection and Electronic Documents Act (PIPEDA), came into effect in 2001 – making the shortcomings of its public sector sister legislation all the more evident. It is unfortunate that Canadians have stronger privacy safeguards for personal information in the hands of the private sector than they do for that held by government. …

(an extract from our 2006-2007 Annual Report on the Privacy Act, tabled in Parliament today)

Chatting, texting, blogging and spending time on sites like Facebook and Myspace are part of everyday life for millions of students.

Most of us post information about ourselves to stay in touch with friends. We think about our personal sites as private, when in reality, many of them can be seen by friends, employers, university officials, and even parents. Our information may be seen and used by someone we don’t even know.

What can you do to protect yourself and to avoid embarrassment?

• Never expect absolute privacy. Know what you’re getting into by reading the privacy statement and policies. Many sites allow all registered users to view all the information you post on your site with no exceptions.
• Before you join a site and post your profile, find out if you can join a closed network, where only those with an email address from your school can register, for example. Find out if the site allows others to see your profile without your consent.
• Choose the highest and most restrictive security setting available and do not give out information like your birthday, full name, phone number, Social Insurance Number or address.
• Take a second to think about what you’re posting about yourself and your friends. Is it something you would post if your professor, boss, kid sister or arch rival was standing right behind you? Even though we tend to think about our personal sites as private, in reality, many can be seen by just about anyone. Is there information about you that is embarrassing or that fraudsters could use? Remember that what you post could be online forever.
• Keep in mind that even sites with extensive privacy options may be required to make your personal information available to certain authorized persons, including law enforcement agencies. Actually, you might want to remember to call your parents regularly before they resort to checking your Facebook page for updates.

Dr. Ann Cavoukian, the Ontario Information and Privacy Commissioner, recently spoke to the Computer Science Club at the University of Waterloo. (video available in several formats)

Dr. Cavoukian has argued that software developers need to build privacy concerns right into their work, and her speech is receiving favourable attention online:

“… There’s something incredibly refreshing about hearing a high-ranking government official say things like, “Privacy is integral to freedom. You cannot have a free and democratic society without privacy. When a state morphs from a democracy into a totalitarian regime, the first thread to unravel is privacy.”…” (BoingBoing)

“… Privacy is really important, and watching this talk makes me realize, I have not being doing my part as a software developer to respect users privacy. Hell I log way too much information, just to make debugging a little easier on the off chance I have to debug it in production. I’d encourage all software developers out there to watch this talk, and take its message to heart. …” (Slashdot comments)

We heard from Peter Fleischer, the Chief Privacy Officer for search company Google, on Friday.

Speaking in French, he touched upon how Google faced different expectations to protect personal information and privacy from consumers and advocates in different countries and jurisdictions around the world.

As could be expected, he also argued for the creation of global privacy standards. Mr. Fleischer also emphasized that some data needs to be retained in order to personalize the services offered by Google and other online applications - and emphasized that users find the personalization of services extremely valuable and convenient.

The video is divided into two parts, and is only available in French. Sorry.