Slashdot Mirror

The Office of the Privacy Commissioner of Canada said Tuesday that the Canada-based online dating and social networking service Ashely Madison used inadequate privacy and security technology while marketing itself as a discreet and secure way for consenting adults to have affairs. CBC.ca reports: "In a report Tuesday, the privacy watchdog says the Toronto-based company violated numerous privacy laws in Canada and abroad in the era before a massive data breach exposed confidential information from their clients to hackers. The hack stole correspondence, identifying details and even credit card information from millions of the site's users. The resulting scandal cost the company about a quarter of its annual revenues from irate customers who demanded refunds and cancelled their accounts. Working with a similar agency in Australia, the privacy group says the company knew that its security protocols were lacking but didn't do enough to guard against being hacked. The company even adorned its website with the logo of a 'trusted security award' -- a claim the company admits it fabricated." The report found that "poor habits such as inadequate authentication processes and sub-par key and password management practices were rampant at the company" and that "much of the company's efforts to monitor its own security were 'focused on detecting system performance issues and unusual employee requests for decryption of sensitive user data.'" What's more is that Ashley Madison continued to store personal information of its users even after some of which had deleted or deactivated their account(s). These people then had their information included in databases published online after the hack.

An anonymous reader writes: The Privacy Commissioner of Canada has released the long-awaited decision on Bell's targeted ads program. The Commissioner's press release soft-pedals the outcome — "Bell advertising program raises privacy concerns" — but the decision is clear: Bell's so-called relevant ads program violates Canadian privacy law. As Michael Geist explains, the key issue in the case focused on whether Bell should be permitted to use an opt-out consent mechanism in which its millions of customers are all included in targeted advertising unless they take pro-active steps to opt-out, or if an opt-in consent model is more appropriate. The Commissioner ruled that opt-in consent is needed, but Bell is refusing to comply with the ruling.

An anonymous reader writes: The Privacy Commissioner of Canada has released the long-awaited decision on Bell's targeted ads program. The Commissioner's press release soft-pedals the outcome — "Bell advertising program raises privacy concerns" — but the decision is clear: Bell's so-called relevant ads program violates Canadian privacy law. As Michael Geist explains, the key issue in the case focused on whether Bell should be permitted to use an opt-out consent mechanism in which its millions of customers are all included in targeted advertising unless they take pro-active steps to opt-out, or if an opt-in consent model is more appropriate. The Commissioner ruled that opt-in consent is needed, but Bell is refusing to comply with the ruling.

An anonymous reader writes Last fall, Daniel Therrien, the government's newly appointed Privacy Commissioner of Canada, released the annual report on the Privacy Act, the legislation that governs how government collects, uses, and discloses personal information. The lead story from the report was the result of an audit of the Royal Canadian Mounted Police practices regarding warrantless requests for telecom subscriber information. Michael Geist now reports that a secret internal memo reveals the situation was far worse, with auditors finding the records from Canada's lead law enforcement agency were unusable since they were "inaccurate and incomplete."

Myriad and a number of other readers passed along the news that the Canadian Privacy Commissioner has made a determination that Facebook violates Canadian privacy law in four different respects. Canada has the highest per-capita facebook participation in the world — about a third of the population — according to coverage in The Star. The EU is also expressing similar privacy concerns, though Canada's action "represents the most exhaustive official investigation of Facebook privacy practices anywhere in the world," says Michael Geist. The CBC's coverage spells out the areas of privacy concern, in particular that nearly a million developers of Facebook apps in 180 countries have full access to the entirety of users' private data. Also of concern: Facebook holds on to your data indefinitely after you quit the site. The BBC notes that Facebook is working with the privacy commission to resolve the issues, and quotes a Facebook spokesman thus: "Overall, we are looking for practical solutions that operate at scale and respect the fact that people come to share and not to hide." (Schneier recently blogged about research on "privacy salience," and cited Facebook's practices among others' as practical examples of how social networking sites have learned not to push the privacy issue in users' faces.)

Deep Packet Inspection, or DPI, is at the heart of the debate over Network Neutrality — this relatively new technology threatens to upset the balance of power among consumers, ISPs, and information suppliers. An anonymous reader notes that the Canadian Privacy Commissioner has published a Web site, for Canadians and others, to educate about DPI technology. Online are a number of essays from different interested parties, ranging from DPI company officers to Internet law specialists to security professionals. The articles are open for comments. Here is the CBC's report on the launch.