Russ Harvey Consulting - Computer and Internet Services

Your Privacy at Risk

Basic Need | Everyone's Collecting | Metadata | Resources | Repeal C-51 | DRM

Your privacy is threatened like never before

A Lot to Absorb

This page has a lot of information on it. The issues are complex and have significant implications for our future as a free society.

People don't really understand privacy nor value what they've given away.

If we accept as normal and unavoidable that everything in our lives can be aggregated, sold, or even leaked in the event of a hack, then we lose so much more than data. We lose the freedom to be human. We deserve better. You deserve better. — Apple CEO, Tim Cook
As disheartening as it is for some of us to believe, it's not the privacy that bothers most people — otherwise we'd be far, far more careful about all the data we're already handing over to Google and Facebook in exchange for “free” services. It's the impact on performance. We don't all hate giving away data but we all seem to hate our browsers being slow. — iMore

Restoring Privacy

The purpose of this page is not to have you feel helpless, but to open your eyes to what is happening. The next step is to fight to protect our virtual privacy just as you employ locks on your doors to protect your physical privacy.

The companion page, Restoring Privacy, has tips and tools to help you restore your privacy.

We've all been bombarded with emails about updated privacy policies and terms of service. All those emails are a hint to disconnect from services you've forgotten about. — Mozilla
The GDPR is all about businesses establishing trust with clients, ensuring that their reputations remain intact, maintaining high levels of data security so that there are no risks of associated fines or penalties by failing to act in accordance with GDPR laws. — Data Entry Outsourced


Surveillance is the New Norm

Justified by terrorism, we're faced with unprecedented attacks on personal freedom by governments worldwide. We're being constantly spied upon.

If you're willing to sacrifice some freedom to feel safe, you deserve neither. — Thomas Jefferson
I don't want to live in a world where everything I say, everything I do, everyone I talk to, every expression of creativity and love or friendship is recorded. — Edward Snowden

Governments seek to collect and store virtually everything about their own citizens including their online activities. Everyone is considered guilty.

Although [Bill C-11] is primarily a bill to fight against piracy, [i]t also gives the Canadian government more power to monitor the Internet activities of its citizens. In fact, it requires that ISPs collect and store their users' data. It legally takes away all of your online privacy. There is also the Anti-Terrorism Act, Bill C-51. This bill gives Canada the opportunity to share datum with the government and their allies. — Top VPN Choice

The Changing Privacy Landscape

For a long time, internet privacy seemed to only concern the conspiracy theorists and worriers among us. But these days it's getting harder to tell the difference between reality and an episode of Black Mirror. — Mozilla

Collecting information based upon a warrant issued by a judge in a public court is very different than collecting information on innocent citizens just in case it may be useful in the future or because of warrants issued by secret courts.

Corporate Attacks on Personal Privacy

Our private data has become the new currency of business. Increasingly we're told that this is the price we need to pay for all the free information and products on the Internet.

We see corporations like Facebook become wealthy by creating profiles on their users which is sold to advertisers. Microsoft changed their business model from selling operating systems and office suites to one which collects personal information to sell to their unnamed “partners” and monetizes once-free features.

So yes, our phones are listening to us and anything we say around our phones could potentially be used against us. — VICE

Mozilla's IRL podcast, The “Privacy Policy” Policy gives a great example of how a “free” game can collect information to monetize their product, even from kids.

Everyday we hear about another undisclosed data breach. Private information being collected, sometimes sold, and given away without our knowledge or consent. CEOs sit before Congress saying they will "do better" while stories continue to break about negligence and wrong-doing. — Mozilla
“Location information can reveal some of the most intimate details of a person's life — whether you've visited a psychiatrist, whether you went to an A.A. meeting, who you might date,” said Senator Ron Wyden, Democrat of Oregon, who has proposed bills to limit the collection and sale of such data, which are largely unregulated in the United States. — NY Times
Statistics Canada plans to build an enormous information bank with the real-time financial transaction data of 500,000 people in Canada. This “individual-level financial transactions data” would include SINs, account balances, cash withdrawals from ATMs, bills paid and credit card payments. And it sounds like our Internet activities might be next. — OpenMedia

Your Personal Privacy at Risk

Your personal privacy is at risk like it has never been before, yet most folks think they have nothing to hide and therefore there is no need for concern.

They are wrong!

It's not necessarily that you're doing anything wrong at all, or that you have anything to hide, but we all should have a sphere of our life where we're not on stage or being scrutinized. And we're just able to develop and grow relationships and make mistakes and do stupid but not illegal things. And if we get rid of our privacy it's going to have a massive impact on our ability to develop as humans. — Jenny Afia

Our information is being handled by an increasingly smaller number of powerful companies where your privacy impedes profitability.

It feels like every tech giant has been racing to update their privacy policies these days so we wanted to ask. What did we just sign up for? What is this bargain? — Mozilla

More about this brave new world of one-sided transparency:

Governments are Lying About Terrorism Risks

We're being lied to about the necessity and effectiveness of constant surveillance on all of us (not just the criminals or terrorists). To make it worse, there is very little accountability and records of this activity are conveniently incomplete — if they exist at all.

Protection Against Terrorism Undeliverable

Governments continue to demand even more access to our personal privacy even though unprecedented spying on their own citizens has provided virtually no additional protection against terrorist attacks.

Governments cannot protect us from terrorism without destroying our own freedom. Therefore the cost is unacceptable, especially in terms of our lost privacy.

Safety of Children a Powerful but Flawed Argument

Imagine an Internet where the law required every message sent to be read by government-approved scanning software. Companies that handle such messages wouldn't be allowed to securely encrypt them, or they’d lose legal protections that allow them to operate. — EFF

Children's safety and the prosecution of child-based crimes is a noble action. However, while we see this argument used to justify removing rights like the right to privacy or encryption, they are far less aggressive in fighting privacy violations involving children if it profits big business.

Yet More Access is Demanded

Police and intelligence agencies are quick to point out the use of cell phones and encryption in terrorist attacks. They continue to demand new restrictions including special “back door” access.

Criminals and terrorists use many other services. Do we ban everything?

Criminals have used telephones and mobile phones since they were invented. Drug smugglers use airplanes and boats, radios and satellite phones. Bank robbers have long used cars and motorcycles as getaway vehicles, and horses before then. And while terrorism turns society's very infrastructure against itself, we only harm ourselves by dismantling that infrastructure in response — just as we would if we banned cars because bank robbers used them too. — Bruce Schneier

Back Doors Unsecure

Back doors inevitably are broken and become the tools of criminals. No one wants to share private data and financial information such as credit cards on the Internet without strong encryption.

It really never comes into play as being a personal issue or a real big factor for you personally until that information is either weaponized, used against you, or it feels personal. — The Grand Bargain

We Are the Victims

Besides their own spying, governments allowed corporations unprecedented access to our private data, then demanded access to those resources based upon the rulings of secret courts.

Democracy and privacy are the victims, not terrorism.

A lot of people assume that those who are under surveillance are quite deserving of that surveillance. That is not true. — Mailyn Fidler

These examples are only the very tip of the iceberg.

Return to top

Data Breaches Reveal Personal Data

Many companies now make at least some of their income by collecting and analyzing personal data from people on social media, websites and more. Companies like Facebook are based entirely on abusing that trust. I suspect that they fail to protect this data partly because they paid virtually nothing for it.

Each year the number and severity of data breaches, compromised accounts is becoming increasingly frequent and more severe.

In 2018 alone, we saw major data theft at Cathay Pacific, Ticketfly, Marriott, Facebook and others. Over and over again. Nearly 3 quarters of ALL US companies have experienced some kind of data breach. That means that millions of us have been affected. — IRL Podcast.

New Privacy Breaches

This is unprecedented: almost half of all people in Canada had their sensitive, personal information from a medical testing company hacked and stolen. And it took over 6 weeks for the public to be informed. — OpenMedia

See if you're affected then sign the OpenMedia petition for action.

Be sure to read the resource links at the bottom of the OpenMedia petition to understand the scope of the problem and why action must be taken to stop this loss of personal data.

Over 75% of Canadians Affected

In the first year that reports are mandatory under PIPEDA ending October 31, 2019, the OPC received 680 breach reports affecting more than 28 million Canadians, six times as many as the year before. Clearly breaches of private businesses has been greatly undereported.

Type of breach
Type of incident Total breach reports
Accidental Disclosure 147
Loss 82
Theft 54
Unauthorized Access 397
Grand Total 680

Where is the Accountability?

Would you simply shrug your shoulders if your bank “lost” your life savings because of lax security? Why should mass data breaches be any different?

Many of these companies either are unaware that the breach took place (indicating technical incompetence) or have opted not to report the breach to those affected (essentially fraud).

Probably the only thing that will slow down the rate of these security failures is to place the company executives in jail for not providing sufficient security resources to protect the information in their care.

First, as consumers we need to stop shrugging and accepting data leaks as business as usual. Security should influence our buying decisions: the organisations we deal with won't take security seriously unless customers and the public do, too. — ZDNet.

Canada's businesses and employees need to understand that this is not acceptable and that the consequences for businesses and employees involved could be significant.

Government Agencies and Political Parties

It should start with our government representatives. It is shocking that our federal parties totally ignore privacy laws and that our governments not only spy on us but share that information widely both internally and externally.

Responding to Privacy Breaches

Responding to such shocking numbers is important. A recent meeting of privacy leaders are calling for a revamping of Canada's privacy laws which are 35 years old and greatly out of date, especially compared with other countries.

A large number of breach incidents were the result of individual phishing attacks or phone scams which means that public education needs to be stepped up. It also calls for a look at how technology can be used to catch criminals or remove their access to Canadian phones and email accounts.

Employee snooping, whether malicious or simple curiosity, needs to be stopped. A “need to know” should be a first line of defense backed by severe penalties for failure to protect privacy.

Similarly, if companies faced massive fines for failing to protect the data they collect “just in case” its useful, they would be far more likely to not collect it and to secure it more effectively if they did collect it.

Probably the most effective

If You've Been Affected

These large numbers indicate that most individuals in Canada have already been affected. We need to stop unsafe practices and start treating ignorance as a public menace.

Legislation is Probably Required

Too often we try to tell folks how to protect themselves, but how to you protect yourself from credit card and other information stolen from retailers other than by strictly using cash and refusing any personal details such as requests for your email address to “email your receipt.”

You should receive a printed receipt with your transaction, so you're providing information with little return value to yourself compared to the future value of your email address to the retailer.

Corporations must be held legally and financially accountable for security breaches that affect customers. There need to be fines, investigations, and court-ordered consequences. Money needs to be spent on lawyers—a lot of money. The current model where customers have to spend their own money and energy to bring lawsuits to bear is unreasonable. — PCMag

The Motive: Financial Gain and Espionage

The primary purpose of hacking these sites is financial gain, although other factors such as espionage are likely factors.

Cyber criminals have placed 617 million hacked accounts for sale on the dark web, stemming from 16 separate data breaches. — Independent

2017 Equifax Data Breach

Probably the most glaring of the many reported (and unreported) data breaches is the 2017 Equifax data breach. Not only was the data was particularly sensitive, including credit reporting information on the majority of American and Canadian citizens but there was a delay in reporting the breach while the company executives cashed out.

A company like Equifax that has sensitive, personal information on most Americans should have the best data security in the industry. Instead, it has the worst. — US Senator, Elizabeth Warren

The data stolen in the Equifax breach provides more than enough information on over half the American adult population to commit identity theft, yet if you use the site set up to check if your personal identity has been compromised, you give up the right to sue. Seriously?

Equifax settled a lawsuit with the FTC by agreeing to provide either 10 years of credit monitoring or $125 settlement fee. But Equifax gamed the system by not providing enough funds for this settlement:

Equifax earmarked only $31 million for claims, meaning that if all 147 million people affected by the breach filed a claim, everyone would get just 21 cents.— The New York Times Editorial

The lack of quick action by the company's executives should have resulted in firings and severe financial penalties for the company. 21 cents provides no incentive to corporations to provide security for the information they hold about private citizens.

The Mystery Resolved

For quite some time there was a mystery of what happened to the data because it didn't show up on the dark web like such breaches usually do. Equifax blamed it on an employee's error.

The Equifax data breach, which exposed the sensitive personal information of nearly 146 million Americans, happened because of a mistake by a single employee… — Richard F. Smith, Former Equifax CEO in October 2017

The theory that a foreign government was behind the attack was the most logical conclusion, later confirmed.

The great Equifax mystery: 17 months later, the stolen data has never been found…. Most experts familiar with the case now believe that the thieves were working for a foreign government and are using the information not for financial gain, but to try to identify and recruit spies. — Kate Fazzini, CNBC

In February 2020, it was revealed that four Chinese officers of the People's Liberation Army…were responsible for carrying out the largest theft of sensitive personal information by state-sponsored hackers ever recorded.

Breaches Go Back Years

Breaches have been progressively reported for several years in a row. Often initial reports understate the actual number of affected accounts.

One example is the Yahoo breach which initially reported 500 million accounts were breached in 2013. Now we know that all 3 billion Yahoo accounts were affected including Yahoo Mail, Tumblr, Flickr and Fantasy Football. Here's what to do.

We're Becoming a Police State

We've seen a series of laws and rules that greatly increase the power of the government and police to gather information on their own citizens and use it without the traditional requirement for warrants or probable cause.

This is the very definition of a police state.

Liberty requires security without intrusion, security plus privacy. Widespread police surveillance is the very definition of a police state. And that's why we should champion privacy even when we have nothing to hide. — Bruce Schneier: The Eternal Value of Privacy

Your Cellular Provider is Collecting and Sharing Personal Information

Your cellular provider already tracks your physical location at all times: it knows where you live, where you work, when you go to sleep at night, when you wake up in the morning, and — because everyone has a smartphone — who you spend time with and who you sleep with. — Bruce Schneier
We love cell phones. We love them to death. For all kinds of reasons. I mean, can you imagine? Suppose twenty years ago Congress had proposed a law saying every citizen had to wear a radio transponder around his neck, all day and all night, so the government could track him wherever he went. Can you imagine the outrage? But instead the citizens went right ahead and did it to themselves. In their pockets and purses, not around their necks, but the outcome is the same. — Lee Child, A Wanted Man

The laws that govern the ability of the governments to collect this information are woefully out of date.

The Privacy Act, which oversees the [Canadian] government's use of your data, came into effect in 1983 — years before the Internet, or cell phones. — OpenMedia

Current trends are increased surveillance and a corresponding loss of privacy:

Privacy a Basic Human Need

There is a reason we have locks on our doors and curtains in our windows.

Privacy is a basic human need.

Fear of Surveillance is Real

The fear of surveillance is realistic and stifles personal expression.

We act differently when we're being followed by a police car.

In the same manner, we don't feel as free to express our creativity when our conversations or Internet activities are being monitored.

Privacy is Not About Hiding Wrongs

Protecting your privacy DOESN'T mean you have something to hide.

How would you react if you found a stranger ripping open the letters and bills in your mailbox?

How would you feel about every document, photo and file on your computer being printed and posted in a public place?

Why should you react any differently when someone is peeking into your electronic identity?

The most common retort against privacy advocates — by those in favor of ID checks, cameras, databases, data mining and other wholesale surveillance measures — is this line: If you aren't doing anything wrong, what do you have to hide?

… [This] accept[s] the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect. — Bruce Schneier: The Eternal Value of Privacy

The debate between privacy and security has been framed incorrectly as a zero-sum game in which we are forced to choose between one value and the other. Why can't we have both? — Daniel J. Solove, Nothing to Hide
If you believe that you have "nothing to hide" from the prying eyes of the NSA, you shouldn't mind letting a stranger rifle through your bank statements, emails, and photos — right? — ZDNet

Blaming the Victim

This spying while blaming the victim has a strong echo of McCarthyism.

Even if we think we have nothing to hide, all of us, whether world leaders or ordinary citizens, have good reason to be concerned. — TomDispatch
[A] federal court in the Eastern District of Virginia held that individuals have no reasonable expectation of privacy in a personal computer located inside their home. — Electronic Frontier Foundation

More about why privacy matters:

Return to top

Everyone is Collecting Information

Everyone is collecting vast amounts of information about you — governments, businesses and the sites you visit on the Internet. “No big deal, right?”


Your personal data has become the currency of the Internet and is worth $130 billion per year!

Digital advertisers are making approximately $250 annually — roughly twice the cost of a Netflix subscription — off you and your browsing data. — Jeremy Tillman
Right now, our data is worth a lot of coin to a lot of companies. But privacy, it's priceless. It's a necessary part of a healthy functioning society. — Manoush Zomorodi
“Privacy is often framed as a matter of personal responsibility, but a huge portion of the data in circulation isn't shared willingly — it's collected surreptitiously and with impunity. Most third-party data collection in the US is unregulated,” said Cyphers. “The first step in fixing the problem is to shine a light...on the invasive third-party tracking that, online and offline, has lurked for too long in the shadows.” — EFF

ISPs Wanted in on the Action

No wonder the US ISPs were pressuring the government to allow them to cull user data like Facebook and Google do. However, their premise is flawed.

ISPs are Different

ISPs are not the same as “free” services. How many users would be on Facebook if they had to pay Facebook as much as their broadband Internet access costs each month?

ISPs not only charge for their services but have access to much more of your surfing details. I wonder how many of these ISPs would be so keen on the idea if they had to provide free unlimited Internet access to users?

This was a mistake that will dearly cost US consumers, both in terms of privacy and in their pocketbook.

ISPs Can Record Everything You Do Online

ISPs see everything you do online (not just when you're logged into Facebook or another service) and can create a much more accurate profile that will be worth much more than Facebook's profile of you (which is so detailed that advertisers can focus their message to a user base more precisely than virtually any other medium).

Facebook Tracking

You're vulnerable to Facebook when

Using common factors, Facebook will attempt to link up the anonymous account with an actual account or combine multiple anonymous accounts into one profile.

Google Tracking

You're providing data to Google when you use their search facilities directly (instead of an intermediary like or use a Google product like Gmail, Chrome, YouTube, Google Maps, etc. or when you visit the 86% of sites that use Google Analytics.

You're particularly exposed when you're logged in to your Google account while using Chrome, YouTube or Google Search.

Tracking Mobile Device Users

The choices for mobile users is even more distinct based upon the mobile operating system:

  • Android users a always being tracked except by following a complex process.
  • iOS users can disable tracking by going into the Privacy settings, then Location Services then selecting “While Using” or “Never” for Google apps like Google Maps.

In my opinion, it is unfortunate that a very capable company like Google (Alphabet) did not continue to “do no evil” (their original motto, since replaced with “do the right thing”).

Governments Collecting Domestic Phone Records

The “official” purpose of NSA (and Canadian) collection of personal phone records is to prevent future terrorist attacks.

However, the process is incredibly invasive to our privacy and cannot be justified by any improvements in public safety from terrorist threats since it was introduced.

The NSA surveillance program collects hundreds of millions of phone records daily. One federal judge criticized the program as beyond Orwellian and likely unconstitutional.Fight 215

We're No Safer

This abuse of privacy has made us no safer.

We have not yet seen any evidence showing that the NSA's dragnet collection of Americans' phone records has produced any uniquely valuable intelligence. — Senator Ron Wyden

Big Corporations Hijacked the Internet

The Internet was made for everyone but is being hijacked by big corporations that are turning people into products without their knowledge or consent. — The Hidden Business of the Internet
The data market is massive, how big? Well the going estimate puts it at over 130 billion dollars now and maybe as much as 200 billion in the next three years. Those in the business of buying and selling data, we call them data brokers. — Veronica Belmont

And it is probably going to get worse. Like sharks smelling blood, corporations are after any data they can cull. They keep it insecurely (remember, it cost them little to obtain) just in case it comes in useful later.

Trade deals like TPP, TISA and TTIP have all been open to input from industry but closed to input from both non-profit groups that look out for the public interest as well as many of our elected government representatives.

It appeared that we'd defeated the TPP then the US negotiation team began making the same demands within NAFTA. One example: they are seeking to invalidate Canadian laws protecting privacy and copyright so that US cloud providers face no restriction on doing business here.

Currently, policies in British Columbia and Nova Scotia require public-sector information — data from universities, hospitals, and government institutions — to be stored in Canada with the intent to prevent public information from being accessed elsewhere. However, that protection no longer applies if that data is stored in the US, and its own protections don't extend to non-citizens. — MotherBoard

Canada has bowed to US pressure to approve the new NAFTA agreement which contains many of the worst aspects of the TPP. Expect to pay more for US services and to have fewer protections.

Big Data: Tracking Your Every Move

Big Data is the current mantra of organizations. How to obtain it, store it, process it.

The modern ad industry is about the buying and selling of individuals, says Jeff Chester, executive director at the Center for Digital Democracy. All the investments is aggressively pushing toward much more granular personalized targeting.The Verge
Dating sites collect sensitive personal information like drug usage habits and sexual preferences. They also have dozens of trackers that can collect profile information, as well as information on where a user clicks or looks. — Axios

There is only one word that can be used to describe this practice: sleazy.

If you're using privacy software like Ghostery on your web browser, you've probably noticed that most sites now use invisible web beacons, analytics services, page widgets and other third-party page elements that are secretly tracking your every move.

[W]eb tracking has become so pervasive that approximately ten percent of websites send the data they've collected to ten or more different companies, and 15 percent of all page loads on the internet are monitored by ten or more trackers. — Jeremy Tillman

Even the videos and comments section on these sites are marketing tools. You quickly find that by blocking tracking elements, you can no longer view embedded videos nor see the comments left by other site visitors.

Creepy Recording of Individual Surfing Sessions

Many of today's largest websites are not only storing generic analytics data, but individualized recordings of visits to their site, including keystrokes, mouse movements, clicks and the pages visited. These scripts even record keystrokes that aren't submitted (including your typed passwords).

"Session replay scripts" can be used to log (and then playback) everything you typed or clicked on a website. — Motherboard

While these sites claim the purpose is to improve their website, much more information is obtained which allows sites to create a precise profile about you. This data may be shared without your permission (or be revealed in a data breach) and this could have significant repercussions for your privacy in the future.

Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes. — Freedom to Tinker
PayPal shares your data with over 600 companies

More About Big Data

There's more about Big Data on these pages:

Social Media

Social media is a very important aspect of privacy because so much personal information is collected including facial recognition software, comparative and linked data (such as the Facebook "Like" button) and more.

  • Most, if not all, social media data is being stored outside Canada and doesn't have the protections afforded by Canadian law.
  • Most webmail is stored on servers in the US or other countries.
  • Your emails are scanned to profile you to serve ads, alter search results, and other purposes based upon the emails you send and receive if you're using Gmail, Yahoo! mail and similar services.
If the government said you have to have a tracking device, for certain you would rebel. But the government doesn't have to say that because you do it willingly and they just get a copy of the data. — Bruce Schneier on BBC

The Guardian reports that

  • 300 hours of video are uploaded to YouTube every minute.
  • 500 million tweets are sent every day.
  • 30 billion WhatsApp messages are sent every day.
  • 40 million photos are uploaded to Instagram every day.
From the dawn of civilization until 2003, humankind generated five exabytes of data. Now we produce five exabytes every two days…and the pace is accelerating. — Eric Schmidt

Artificial Intelligence

Artificial intelligence (AI) has been seen and promoted as having huge potential for good but also has the ability to work against humanity. Machines don't suffer a conscience like humans do unless it is programmed into the machine.

The reality is, AI is everywhere. AI helps diagnose our diseases, decide who gets mortgages, and power our TVs and toothbrushes. It can even judge our creditworthiness. And the impacts — touching on issues of fairness, privacy, trust, safety, and transparency — will only get more profound as our reliance on AI increases with each passing day. — Mozilla Foundation

AI allows for rapid manipulation of massive amounts of data and commercial and government entities have been collecting more data than they could possibly sift through. AI gives them the ability to make use of that collected data.

AI is being rapidly deployed and not everyone is ensuring that our privacy is being protected. We see YouTube video suggestions that reflect the extreme rather than the norm, leading many down a rabbit hole that can be destructive. Other online resources have similar issues where choices are being made by formulas managed by machines rather than people.

I strongly recommend you read Mozilla's approach to trustworthy artificial intelligence (AI) where they look at these issues.

Facial Recognition

Facial recognition is nearly perfect and is now being deployed in businesses and government services around the world. There has been an explosion of the number of cameras in public areas — often accessible via the Internet.

[F]ace recognition may seem convenient and useful, but is actually a deeply flawed technology that exposes people to constant scrutiny by the government…. — EFF
The British security industry association figures there are nearly six million CCTV cameras in the UK. That's one camera for every 11 people. — Veronica Belmont
Chinese scientists have developed an artificial intelligence (AI)-enabling 500 megapixel cloud camera system able to capture thousands of faces at a stadium in perfect detail and generate their facial data for the cloud while locating a particular target in an instant. — Global Times

The legal framework to protect your privacy has fallen far behind the technology. Searches at the border are based upon the needs of an age when everything was on paper but are being used to justify copying everything on your phone or computer. This places us at risk.

A report by Georgetown Law Center for Privacy and Technology estimates that about half of US adults — more than 117 million people — have their images logged in a facial recognition network of some kind — a trend civil liberties group the Electronic Frontier Foundation describes as “a real and immediate threat” to privacy. — BBC
This has never happened before. It hasn't happened with fingerprints, it hasn't happened with DNA. Until now there's been a line, that unless you commit a crime we don't record the facts of your body. — Alvaro Bedoya

Facial Recognition Errors

It's bad enough that you can be recognized in photo and documents everywhere, enlarging the massive profile advertisers and governments have on you. What if there are serious errors?

In 2014, Steven was living an ordinary life as a financial broker in Denver. In the month's before a couple of bank robberies had taken place in Denver. There was a video clip from a security camera and it played on the local news. Three people who thought it could be him phoned in a tip…so the cops came for him.

Steven spent months in jail before his lawyer proved it wasn't him. Proved he was at work when the robberies took place. They let him go.

A year goes by and then he's arrested again. This time, the cops were sure it was him. They were wrong. More evidence proved he wasn't the suspect. Again, he was a free man, but the damage was done. You can't keep a job in the finance industry when you've been accused of robbing a bank.

Because of what's happened Steven Talley is currently homeless. — Veronica Belmont

The Ring

You've probably seen the ads for The Ring, the door bell/video camera that allows you to see who is at your door even when away from home. Sounds like a great security tool, right?

However, Ring owners can share video from their Ring's camera with other Ring owners as well as provide that footage to local police without a warrant. Even if you don't have a Ring, your neighbour's Ring shows everything going on at your house.

In just a year and a half, Amazon's Ring has set up more than 500 partnerships with law enforcement agencies to convince communities to spy on themselves through doorbell cameras and its social app, Neighbors. The company is moving recklessly fast with little regard for the long-term risks of this mass surveillance technology. These partnerships threaten free speech and the well-being of communities, vastly expand police surveillance, undermine trust between police and residents, and enable racial profiling by exacerbating suspicion and paranoia. — EFF
Law enforcement partnerships with @ring don't make neighborhoods safer—they turn our front doors into vast, unaccountable surveillance networks. — EFF on Twitter

Windows 10 is Spyware

Windows 10 is spyware and Microsoft cannot fully be trusted.

Windows 10 is spying on you, especially if you're using the default privacy settings during installation, log in using your Microsoft Account and use Cortana.

Windows 10 tracks and knows where you are, what programs are installed on your computer, when they are used, what they are used for, they can also access your microphone and webcam. That's in addition to being able to access your calendar, emails, and contacts. Even your messages and call history are all saved on their server. — Top VPN Canada

Microsoft has adopted the same practice of culling your information for profit as Google and Yahoo!, except this time it is your operating system rather than a free email program or search engine doing the collecting of personal information.

Like many tech companies, Microsoft gathers certain information about you—what you do in Windows and on the web, how and where you use your devices, and what type of content and data you access. — PCMag

Privacy information about Windows 10 at launch was much harder to control. Microsoft wasn't up front in what it collected. Since then it has developed and provided tools to allow you to manage what is collected and allowing you to remove much of what has already been collected.

This information is already collected by mobile devices.

By making Windows 10 mobile-first, cloud-first on desktops and laptops, Microsoft effectively extended this lack of privacy.

Windows 10 will soon become the only Microsoft option and it is already difficult to purchase a new computer with anything else unless you choose Apple (or rarely, Linux).

Prior versions of Windows, including Windows 7 and Windows 8.1, have limited support when running on new processors and chipsets from manufacturers like Intel, AMD, nVidia, and Qualcomm. — Microsoft

Microsoft's Unethical Practices

Microsoft's tricks and schemes to get Windows 7 and 8 users to move to Windows 10 were unethical at best:

In May 2016, in an action designed in a way we think was highly deceptive, Microsoft actually changed the expected behavior of a dialog window, a user interface element that's been around and acted the same way since the birth of the modern desktop. Specifically, when prompted with a Windows 10 update, if the user chose to decline it by hitting the ‘X’ in the upper right hand corner, Microsoft interpreted that as consent to download Windows 10. — Electronic Frontier Foundation

Updates Reset Privacy Settings

Microsoft initially made automatic updates mandatory in Windows 10 and seems to reset privacy options to their more-revealing defaults during major updates rather than respecting the user's wishes for privacy.

While this resetting may prevent unrequested programs from gaining default status, it also makes it difficult to move away from Microsoft's money-generating defaults.

Too Little, Too Late?

Microsoft has responded to these issues.

Users of Windows 10 Home are able to stop updates but at the cost of losing the support of their device one year after the last major update.

On January 10, 2017 a new web-based privacy dashboard was released where you could manage your browse data, clear your search history on Bing, review and clear your location data and edit Cortana knows about you.

But is it enough to restore trust?

Your Devices Are Watching You

The problem of privacy is only going to get worse as the Internet of Things evolves. Already there are more connected devices than people in the world. There is an imminent explosion of devices that will track every aspect of our lives.

Any bed that monitors your heart rate, breathing, and movement could allow people with access to that data to determine when you get up in the morning, when you go to bed at night, or even when and how often you have sex. — Mozilla
The reason I smartened up my house was to find out whether it would betray me. — The House That Spied on Me

“Consented” Eavesdropping

Virtually every “smart” device is gathering information on you (perhaps including your private conversations). From connected baby monitors to smart TVs to video cameras, everything is being connected — the majority in a very insecure manner that can be hacked.

…[W]e learned that Samsung televisions are eavesdropping on their owners. At some level, we're consenting to all this listening. A single sentence in Samsung's 1,500-word privacy policy…. — Bruce Schneier

This isn't an isolated incident. Vizio surrendered to a lawsuit charging them with collection viewing data on 11 million consumer TVs.

Printer Tracking

Many people feel safe with a printed document, assuming it can't be traced.

The US government made a secret deal to place yellow dots onto every page printed from many (perhaps most) colour laser printers, ostensibly to track counterfeiters.

We've found that the dots from at least one line of printers encode the date and time your document was printed, as well as the serial number of the printer. — Electronic Frontier Foundation

Smart Meters Reveal Much About You

Analogue meters simply recorded the total amount of electricity used between readings.

Smart meters do more than simply remove the need for meter readers to visit your home or business a few times a year. They record the timing, duration and quantity of electricity you use.

Like any collected data, it reveals much about you, including highly marketable data using technology with significant health risks as discussed in this YouTube video.

Privacy information begins at the video's 24:24 mark but I strongly recommend watching the entire presentation.

Apple Treating Privacy Differently

It doesn't have to be like that. As we move into an era where more and more personal data is required in order to provide services that require personal data like map services, health information tracking, etc. Apple wants to have your trust. They make their money on products, not by monetizing the data required to operate these devices.

[S]ome of the most prominent and successful companies have built their businesses by lulling their customers into complacency about their personal information. They're gobbling up everything they can learn about you and trying to monetize it. We think that's wrong. And it's not the kind of company that Apple wants to be. — The Washington Post

Legislation Needed

Legislation will likely be required to manage this “no holds barred” collection of personal data just as certain questions are no longer acceptable on an employment application and access is provided to challenge your credit reporting data.

Corporations have not protected the personal data they've collected “just in case” it might be financially valuable in the future. Instead they've allowed it to be hacked over and over because they had no real investment in the data (unlike their own proprietary secrets).

The European GDPR, which came into effect on May 25, 2018, is a good start. It puts control of private information back into the hands of those that suffer the most when it is compromised.

Current trends in the US are contrary to this protection and it will be an uphill battle.

Not only is this culling of data extremely profitable, but these companies spend a great deal of money lobbying for a relaxation of existing laws. Even politicians that should be protecting our rights want to know the demographics that will get them re-elected regardless of the threat to our privacy.

President Trump signed the bill allowing ISPs to collect and sell their client's surfing data on April 3, 2017.

Not only have [US lawmakers] voted to repeal a rule that protects your privacy, they are also trying to make it illegal for the Federal Communications Commission to enact other rules to protect your privacy online. — Bruce Schneier
This isn't just your browsing history or cookies. It's geolocation data, financial info, passwords, health info, even your Social Security Number. Anything you do, any data you enter, any online video you watch, any email you write. Your ISP could store it all and sell it for their own profit if Congress throws out the FCC rulings. —

Remember, this is much more than what you're typing into your browser. More and more our applications have moved from our computer to become Software as a Service (SaaS) — software running on the Internet. Even our operating systems (e.g. Windows 10) are moving that direction. If this trend is allowed to continue, we'll soon have even less control (ownership) of our own data in the future.

There are bound to be abuses by law enforcement of any tracking system.

No Privacy for Canadians in the US

Trump's 'no privacy for non-Americans' order is not encouraging but don't be fooled into thinking that other governments are benevolent.

Private data for citizens of Lithuania, Estonia, Malta and the Netherlands receive greater legal protection from the US than Canadians' data does. Canada is NOT designated as a “covered country” even though we share a huge common border and they are our largest trading partner and have some of the toughest copyright laws.

Fight for our Privacy

To make matters worse, a great deal of Canadian Internet traffic flows in and out of the US

Add your name to the letter to these ministers to demand that they take action to fight for our privacy at Fight for our Privacy.

Return to top

“We're Only Collecting Metadata”

Many organizations indicate that they are “only collecting metadata” yet are very vague about what they do with our data and who they share it with.

[M]etadata is characterized as data used to describe other data. As a result, an assessment of whether bulk collection of telephony metadata violates a reasonable expectation of privacy seems to have been rooted in three constitutionally relevant dichotomies, namely content vs. non-content data, private records vs. business records held by third parties, and hard-to-obtain information vs. information “in plain view.” — Kift & Nissenbaum

Significant is our inability to determine how those collecting our information will aggregate, store, combine and analyze that data, and the extent to which we, the data subjects, assume the risk of metadata being shared beyond the purpose for which it was provided.

The number and size of data breaches demonstrates how little regard these organizations have for the consequences of their failure to protect our data. The implication is that we allowed them this information so they are no longer responsible.

That's like blaming you for how your credit card was used following its theft including its use in the commission of a crime.

Why Metadata Matters

Research has shown that using only call metadata, the government can determine what your religion is, if you purchased a gun or got an abortion, and other incredibly private details of your life. Former director of the NSA and CIA, Michael Hayden, recently admitted: We kill people based on metadata. And former NSA General Counsel Stu Baker said: metadata absolutely tells you everything about somebody's life. If you have enough metadata, you don't really need content.
Electronic Frontier Foundation

How revealing metadata can be is demonstrated in these three (rather obvious) examples presented by Kurt Opsahl at CCC on December 30, 2013:

  1. They know you rang a phone sex service at 2:24 a.m. and spoke for 18 minutes. But they don't know what you talked about.
  2. They know you called the suicide prevention hotline from the Golden Gate Bridge. But the topic of the call remains a secret.
  3. They know you spoke with an HIV testing service, then your doctor, then your health insurance company in the same hour. But they don't know what was discussed.

Why metadata matters further expands this concept and helps you to better understand what metadata is and how it affects us.

Anonymous No More

A more intensive look at telephone metadata reveals much more. Your privacy could be compromised by linking the timing of anonymous data to data that directly identifies you via credit card, hotel stays and more.

All this can be used to build a profile of you that may make judgement calls which are then processed as “facts” by other parties. Metadata IS surveillance.

Even something like Alfred Kinsey's sex research data from the 1930s and 1940s isn't safe. Kinsey took great pains to preserve the anonymity of his subjects, but in 2013, researcher Raquel Hill was able to identify 97% of them. — Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World by Bruce Schneier

Much more data is collected today. We can no longer blindly provide access to all our personal data assuming it is truly anonymous.

Hacks and Security Breaches

While organizations are happy to collect your private data, they aren't committed to protecting it as carefully as they do their own private information. Instead, much of this data is protected only with the least effective (and least expensive) technology and some companies leave the information unprotected and available to anyone that can locate the server it is stored on.

These companies seldom report the loss until much later (often years later) and are not financially responsible because of their vague terms of service and poor privacy policies.

You only need to look at the way Facebook, Hotmail and others so quickly changed their privacy policies to enhance their profitability. You're on your own when it comes to protecting your identity.

If the service is free, then you are the product. — The Day We Lost Everything

Governments Collecting More

[K]now that every border that you cross, every purchase you make, every call you dial, every cellphone tower you pass, friend you keep, site you visit, and subject line you type, is in the hands of a system whose reach is unlimited but whose safeguards are not. — CITIZENFOUR documentary

Everything We Know About NSA Spying is an excellent YouTube video about NSA spying. It shows just how extensive the reach of this program is and how easy it is to become a target.

In the “new propaganda era” we are entering, where the frontier between information, communication and propaganda becomes blurry, the world needs independent journalists, who engage in the pursuit of the truth, who respect standards of ethics, and whose mission is to give citizens of this world tools to understand what surrounds them. That is to say, in a word, free journalists. — Defence Handbook For Journalists and Bloggers

Governments Collecting More Personal Information

Governments are collecting more about you and your Internet activities.

Never in history has a surveillance state and a representative form of government existed side by side. A free society and a surveillance society cannot be reconciled. Biometrics is the linchpin to a surveillance society. — Constitutional Alliance
Never give a government a power you would not want a despot to have. — John Gilmore

Canadian Government Double Standard

The Canadian government will not allow its data to be stored on servers outside Canada. Canadians should be similarly concerned about the loss of privacy and protection.

However, the government is much less concerned about your privacy. They continue to share data about their own citizens with the US and other Five Eyes partners — even unconfirmed data that has cost innocent individuals their freedom.

Overseas Privacy Threatened

Microsoft successfully fought a December 2013 federal search warrant demanding that the company release emails stored in Ireland.. This demand that data stored on overseas servers be made available should concern everyone. The US is not the only country doing this.

The revelations of NSA searches on US servers has cost American tech companies, forcing them to build servers overseas rather than hosting them all in the United States. This case clearly had implications for these companies being abandoned if foreign customers felt their privacy was threatened even with servers hosted in their own country.

You can find out more about governments collection of personal information at:

Other reports about privacy and surveillance:

Return to top


Recommended Reading

“Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World” by Bruce Schneier

Data and Goliath: The Hidden Battles to Capture Your Data and Control Your World by Bruce Schneier is an imperative read for everyone. Read the introduction.

The powers that surveil us do more than simply store this information. Corporations use surveillance to manipulate not only the news articles and advertisements we each see, but also the prices we're offered. Governments use surveillance to discriminate, censor, chill free speech, and put people in danger worldwide. And both sides share this information with each other or, even worse, lose it to cybercriminals in huge data breaches.

Much of this is voluntary: we cooperate with corporate surveillance because it promises us convenience, and we submit to government surveillance because it promises us protection. The result is a mass surveillance society of our own making.

But have we given up more than we've gained?

In Data and Goliath, security expert Bruce Schneier offers another path, one that values both security and privacy. He shows us exactly what we can do to reform our government surveillance programs and shake up surveillance-based business models, while also providing tips for you to protect your privacy every day.

You'll never look at your phone, your computer, your credit cards, or even your car in the same way again.

Recommended Documentaries

Frontline: ‘United States of Secrets’

Frontline's United States of Secrets is a powerful look at the dangerous spying by the NSA on their own citizens and the revelations following the release of the Snowden documents.

Frontline investigates the secret history of the unprecedented surveillance program that began in the wake of the 9/11 attacks and continues today.

Episode 1 (Transcript) shows how the dangerous plan to greatly increase the power of surveillance on the American (and international) public was secretly authorized with the stated goal of finding unknown terrorists within our midst.

Several members of the NSA and other government bodies opposed the plan on the basis that it overstepped the requirements and undercut civil liberties enshrined in the US Constitution without any real oversight.

Episode 2 looks at the increasing commercial surveillance by companies like Google and later Microsoft, Facebook and others to generate massive advertising income. This information was later co-opted by the NSA and, in the process, further eroding every citizen's privacy. There is no evidence that any of this surveillance has made us any safer (think of the Boston Marathon attacks — the sort of event this program was supposed to prevent).

Return to top


Repeal Bill C-51

Trudeau promised to amend the controversial and Draconian anti-terrorist Bill C-51.

The law is vague and undefined, making it possible to collect and trade information between agencies without either proper oversight or just cause. It essentially turns Canada into a police state.

Instead, the Trudeau government appears to be making it easier for police to access information and to defeat encryption (essential for online commerce and protection of documents online).

Need more reasons to stop Bill C-51? Read the section below.

It Threatens Canadian Business and Online Safety

Even without the increasingly permissive data disclosure practices enabled by C-51, federal government agencies have seen over 3000 breaches of the highly sensitive private information of an estimated 750,000 innocent Canadians in recent years.

In particular we find the following elements from the national security consultation extremely concerning:

  1. It appears to favour the undermining or breaking of the encryption that many of our businesses and workers rely on.
  2. It floats and positively frames mandatory interception powers to access our sensitive business and customer data.
  3. It suggests that mandatory access to subscriber data such as an IP address without a warrant is akin to looking up a number in a phone book. This is an appalling and incorrect analogy for a piece of data that can unlock the highly intimate details of the lives of law-abiding Canadians.
  4. It raises the idea of forced customer data retention and suggests practices such as purging user data as problematic when such practices actually strengthen data security and customer privacy.
The Star

The Need Has Been Overstated

Imagine how you would feel if the government installed cameras in your home that recorded everything you did, then gave police the power to review the footage without a warrant, whenever they want.

If that sounds to you like a gross violation of your privacy, you should probably be aware that the federal Liberals are contemplating pretty much exactly that for the digital world. — Huffington Post
The Act does not require individualized suspicion as a basis for information sharing amongst government agencies. There is no impediment in the Act to having entire databases shared with CSIS or the RCMP. The standard for ‘sharing’ is very, very low.

The bar is so low that effectively “having a look around just in case” is sufficient justification for sharing massive amounts of information under the Act. — BC Civil Liberties Association

The use of IMSI catchers (“StingRay”) to capture cellular traffic around Capital Hill in Ottawa has people upset. The R.C.M.P., Winnipeg and Vancouver police have used the same technology since 2005 without clear oversight.

It's hard to think of a clearer invasion of privacy. It's like the police reaching into your pocket and examining your wallet, [except instead] they've reached into your cellphone by tricking it into communicating with the police equipment instead of a real cell tower. — Defence Lawyer Alan Gold

Balancing Privacy and Security

Law enforcement agencies are clamoring for even easier access to meta-data. We are fast approaching the very definition of a police state where everything about you is openly known by the police.

Far from “going dark,” the amount of data available to policing agencies in Canada and abroad is at historic heights, making this truly the golden age of investigative surveillance. — The Star
Everyone can agree that the police and national security agencies need adequate tools to protect us, and that these tools need to be adapted to the digital world.

But state powers have already been significantly expanded, particularly with Bills C-51 and C-13. At the same time, we have seen too many cases of inappropriate and sometimes illegal conduct by state officials that have impacted on the rights of ordinary citizens not suspected of criminal or terrorist activities. In my view, those serious incidents were caused by deficient legal standards that failed to set appropriate limits on government actions.

These key lessons from history remind us that clear safeguards are needed to protect rights and prevent abuse, that national security agencies must be subject to effective review, and that any new state powers must be justified on the basis of evidence. Government should only propose and Parliament should only approve new state powers if they are demonstrated to be necessary and proportionate — not merely convenient. — Privacy Commissioner Therrien
A lot of what classifies as terrorism in the political context — individuals that the news calls terrorist — are really common criminals. But they do not constitute the kind of super criminal threat that is represented by our terrorism legislation. — Edward Snowden

CSIS a de facto Secret Police

We're at a tipping point where we need to decide whether to continue evolving into a surveillance society, or whether to rein in the government's spying apparatus before more lives are ruined by information disclosures. — OpenMedia
While a democracy can incorporate the need for an intelligence agency to operate with considerable secrecy, there is no place in a democracy for a secret police. Full stop. — BC Civil Liberties Association

Return to top


DRM is supposed to stop illegal use of software and media while not interfering with legal use.

DRM creates a damaged good; it prevents you from doing what would be possible without it. — Defective by Design
…trying to make digital files uncopyable is like trying to make water not wet. — Bruce Schneier

DRM is based upon the supposed millions of dollars of lost sales due to piracy. The main assumption in punishing piracy is that everyone that downloads a pirated song or movie would have paid for it. The EU suppressed a 300-page study that found piracy doesn't harm sales.

DRM places unreasonable restrictions that sacrifice your privacy to ensure corporate profit.

These companies don't want a free web. They think they make money by limiting your freedom. — Defective by Design

DRM Affects Privacy

If consumers even know there's a DRM, what it is, and how it works, we've already failed.Peter Lee, Disney Executive in 2005.

One example of how DRM can affect your privacy is Amazon's tracking of where you are in a Kindle ebook. They tell you how long it would take to finish it at your current reading speed but also control how you use Kindle content.

DMCA Abuses

Too often the Digital Millennium Act (DMCA) has been used to stiffle legitimate uses.

  • John Deere used it to prevent farmers from repairing their own equipment.
  • Volkswagen used it to hide faked emission control data.
  • Researchers are prevented from discovering security flaws in software.
It's certainly easier to implement bad security and make it illegal for anyone to notice than it is to implement good security. — Bruce Schneier

DRM Fallout

Some users report losing copies of their own music when unsubscribing from the Apple Music service after Apple changed their DRM policies.

I also experienced this removal of music NOT sourced by Apple Music. As a result seldom listen to music on my iPhone or iTunes anymore. It was simply too much trouble to restore the music I was actually listening to.

TPP and other trade agreements are designed to increase corporate control worldwide.

Return to top

Related Resources

Related resources on this site:

or check the resources index.

Return to top

If these pages helped you,
buy me a coffee!
Updated: March 30, 2020