Facebook Faces the Canadian Privacy Commissioner

← Back to Stories (view on slashdot.org)

Facebook Faces the Canadian Privacy Commissioner

Posted by timothy on Sunday August 16, 2009 @03:20PM from the soory-aboot-that-yah dept.

dakohli writes "Canwest's Sarah Schmidt writes that Facebook has until Monday to find a way to fix its 'serious privacy gaps.' And if the Canadian Privacy Commissioner isn't happy with the Web Company's response, then she has two weeks to push it to the Canadian Federal Court in Ottawa. 'A spokeswoman for the commission said it's premature to say whether the feud will end up in court. This would be an international first for Facebook, which has grown to more than 200 million users since its launch in 2004.'"

140 comments

Min score:

Reason:

Sort:

Don't worry. by Anonymous Coward · 2009-08-16 15:22 · Score: 0, Insightful

I'm sure they just have to give them a little under the table campaign contribution and everything will be find and dandy. Pass the golden maple syrup, eh?
1. Re:Don't worry. by Magic5Ball · 2009-08-17 01:26 · Score: 1
  
  Yes, because that's worked out so well before:
  "Privacy commissioner probes PM's list":
  http://www.thestar.com/News/article/265982
  Or did you fail to read this story the first time it was posted, particularly the parts where Facebook has been working with the Privacy Commissioner for months to resolve the issues through technical and other changes?
  http://www.priv.gc.ca/cf-dc/2009/2009_008_0716_e.cfm
  
  --
  There are 1.1... kinds of people.
Just add to the EULA... by NotQuiteReal · 2009-08-16 15:23 · Score: 1

"void where prohibited"

--
This issue is a bit more complicated than you think.
1. Re:Just add to the EULA... by Anonymous Coward · 2009-08-16 15:25 · Score: 0
  
  especially the country that leads the worth in being just north of the US
2. Re:Just add to the EULA... by zappepcs · 2009-08-16 15:36 · Score: 5, Insightful
  
  That one phrase is one of the most interesting and most insulting that can be used. Void where prohibited is the same as saying we're not sure where a judge will rule this illegal, but in case they do, you lose. Why not be user friendly (anyone remember that phrase?) and say what laws you ARE in compliance with, perhaps listing a reference to your licensing documents? Even lawyers are prohibited from practicing law in regions they are not licensed for. Yes, I realize that the WWW is not quite the same thing, but in the EULA you should mention all the regions where it is legal and above board since the L in EULA stands for license. As a user, if you don't know where you are in compliance, how the hell am I supposed to know? While 'buyer beware' always applies, in this day and age, it's not unreasonable to expect that a service list where it is in compliance with privacy laws in their privacy statement.
  As far as Facebook users should be concerned, if the government of Canada thinks there are privacy violations, there are... at least until Facebook clears the matter up unequivocally and publicly. After all, how can I in good faith sign or accept a EULA if I cannot be sure your service is in compliance with the applicable laws? DING That is to say that EULAs are wrong from word one, but staying on point, if there is to be one, shouldn't the burden be on the provider to show what privacy laws they are in compliance with?
  
  --
  Support NYCountryLawyer RIAA vs People
3. Re:Just add to the EULA... by MindlessAutomata · 2009-08-16 15:58 · Score: 3, Interesting
  
  Or, how about, users research what they are getting into in the first place? Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them? That's impossible, and ridiculous. I can't seriously fathom how you could seriously consider forcing someone to go through laws everywhere stating how they are in compliance with them.
  Do you own a web site? Any sort of a web site? Good, because that same onus is now upon YOU to do the very same thing, if you collect any sort of user data. Have fun!
4. Re:Just add to the EULA... by thirty-seven · 2009-08-16 16:07 · Score: 5, Informative
  
  As far as Facebook users should be concerned, if the government of Canada thinks there are privacy violations, there are...
  The Privacy Commissioner is an officer of parliament (who reports directly to the Senate and the House of Commons), not an official of the Government of Canada.
  
  --
  Atheism is a religion to the same extent that not collecting stamps is a hobby.
5. Re:Just add to the EULA... by Trepidity · 2009-08-16 16:09 · Score: 2, Informative
  
  I can see it as being reasonable in some cases. One of the most common is with contests and giveaways, which essentially means, "if contests with cash prizes such as this one aren't allowed where you live, then you can't enter this contest, obviously".
  
  --
  10 PRINT CHR$(205.5+RND(1)); : GOTO 10
6. Re:Just add to the EULA... by Nefarious+Wheel · 2009-08-16 16:10 · Score: 2, Funny
  
  Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them?
  Just provide a link to Pacer and the Canadian equivalent. (grin)
  Reminds me of the old joke:
  GIVEN: The entire body of current mathematical thought;
  PROOF: The proof follows by examination. QED.
  
  --
  Do not mock my vision of impractical footwear
7. Re:Just add to the EULA... by Aeternitas827 · 2009-08-16 16:22 · Score: 1
  
  I can't seriously fathom how you could seriously consider forcing someone to go through laws everywhere stating how they are in compliance with them.
  Someone, somewhere, has to do it, whether the consumer or the provider of the service. Companies should be paying the 'nice' men in three-piece suits to say, actually do some work, rather than expecting the user (or the government) to point out when they've done fucked up. The casual user isn't likely to know the law very well, outside of the basics, nor do they have the resources to fully research and understand, particularly when it comes to determining judicial interpretation and precedent--unless they happen to be of the legal profession themselves.
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
8. Re:Just add to the EULA... by Brian+Gordon · 2009-08-16 16:25 · Score: 2, Funny
  
  Given: ZFC
  Prove: Fermat's Last Theorem
  This exam has a time limit of 2 hours. Begin.
9. Re:Just add to the EULA... by Taikutusu · 2009-08-16 16:42 · Score: 3, Interesting
  
  In this case it's probably more akin to -
  Given: ZFC
  Prove: The continuum hypothesis
  Given the legal systems of every country on Earth, I'm pretty sure you can find at least two contradictory laws.
10. Re:Just add to the EULA... by JNSL · 2009-08-16 16:44 · Score: 2, Insightful
  
  Nobody has to do it. This is just how the world works. You figure out what to do when/if somebody finds a problem/some non-compliance. The internet is such a different beast that you simply cannot (it's both a time and money issue) be assured of compliance. We tacitly accept this by using the internet. Throw in the fact that there are no reliable ways to find locations, and you really see the world the internet creates.
  
  Also, your portrayal of the lawyers is kind of ridiculous. Lawyers aren't being lazy. These companies do not have unlimited budgets. So because there are no clean solutions (laws change all the time, all over the world), you have to hedge your bets a bit.
  
  Finally, the casual user is the same person who makes Joe'sWebsite.com. You cannot hold corporations to a different standard, and these corporations have the same potential reach as the casual site owner: each jurisdiction in the world. And, believe me, just because you're a lawyer does not mean you have all the law down. Most lawyers never have even 1% of the law down. There's just too much of it. You're presented with problems (as a litigator) and you advocate. Or, if a transactional lawyer, you try to foresee problems, account for them, and then hedge your bets with some catchall language (which doesn't always work, mind you).
11. Re:Just add to the EULA... by Vectronic · 2009-08-16 16:56 · Score: 1
  
  especially the country that... is ...just north of the US
  especially the country that leads the world in being just north of the US (lol?)
  especially the country that lays... ...just north of the US
  Which is it?
12. Re:Just add to the EULA... by stagg · 2009-08-16 16:58 · Score: 2, Insightful
  
  I don't think the EULA is particularly significant compared to their violations of Canadian copyright law. To throw up an unjust comparison: You can host child porn behind a strict EULA all you want, but they'll still toss in you in jail.
13. Re:Just add to the EULA... by Anonymous Coward · 2009-08-16 17:01 · Score: 1, Funny
  
  I like the middle one. I'm not the same AC, but lets just pretend I am and say thats what I meant.
14. Re:Just add to the EULA... by Yoda's+Mum · 2009-08-16 18:09 · Score: 1
  
  If they're expecting to do business in and derive an income from those nations, they absolutely should be understanding and complying with the laws of those nations. If that income is insufficient to sustain that cost, they're more than welcome to not do business there.
15. Re:Just add to the EULA... by Xveers · 2009-08-16 18:15 · Score: 2, Informative
  
  Though one could also point out that as an officer of parliament, they -are- a part of the Government of Canada...
16. Re:Just add to the EULA... by BluBrick · 2009-08-16 18:37 · Score: 4, Funny
  
  I would first like to take this opportunity to complain about the size of the margins on the paper supplied to students...
  
  --
  Ahh - My eye!
  The doctor said I'm not supposed to get Slashdot in it!
17. Re:Just add to the EULA... by Guspaz · 2009-08-16 18:38 · Score: 1
  
  Care to define the difference? Because you're splitting hairs at best.
18. Re:Just add to the EULA... by MindlessAutomata · 2009-08-16 19:13 · Score: 2, Insightful
  
  They do business with people within those nations, but are not actually situated within those nations, unless of course they have some headquarters in that nation (or locality).
  The principle here that applies to facebook also applies to Joe Normals' personal website where he allows people to post comments or perhaps even has his own message board. As he is collecting and storing user information, he, as per the parent's suggestion, as the obligation to go through each and every legal district in the world (as anyolne can visit his website). It doesn't matter if he's a commercial entity or not; the concerns behind privacy violations are still the exact same.
  The only other solution is, of course, to restrict websites only to nations or localities where the legality of the website can be ensured. Is this how you want the internet to look? Sounds like a great way to censor oppressed peoples...! After all, I suppose there's a lot of people trying to say *illegal* things about the Iranian government (from within)...! I suppose when search engines are asked by oppressive foreign governments like the Chinese for information on what users have done or posted with them, it's a GOOD THING they are complying with the local laws--they are, after all, doing business with them, no?
  There's a strange premise behind all this, and that's that *FACEBOOK* should be responsible. Why not shift the onus on Canadian citizens so only they can go to websites with government-approved "privacy" schemes, with penalties or fines for citizens that do not comply. That's very progressive, right? Social responsibility? Yes? No?
19. Re:Just add to the EULA... by Anonymous Coward · 2009-08-16 19:13 · Score: 0
  
  The privacy commissioner does not respond to the governement (whichever party holds the majority in the house of commons), but to the entire house of commons and the senate. That's all (elected) MP and nominated (by the governor general) senators. The information, I would expect, is not first given to the government and made public by the government to the house.
  privacy commissioner is named for seven years and will survive an election of the term is not over, unlike ministers.
  the privacy commissioner works for the whole house of commons and not only for the party in power at the time. In effect, it makes it a non-partisan post. It's an important distinction, nto just hair splitting.
  (the following came up on about.com or something)
  Definition: The Privacy Commissioner of Canada is a federal government ombudsman and advocate for the privacy rights of Canadians. The Privacy Commissioner investigates complaints about personal information held by the federal government of Canada, under the Privacy Act. The Privacy Commissioner also investigates complaints about privacy issues in relation to private sector companies covered by the Personal Information Protection and Electronic Documents Act.
  The Privacy Commissioner reports directly to Parliament and is appointed for a seven-year term.
20. Re:Just add to the EULA... by Mashiki · 2009-08-16 19:23 · Score: 3, Informative
  
  Someone who reports directly to the house and senate is beholden to them. This means committees not individual people like normal bureaucrats, which means there is a much higher level of standard regarding issues when push comes to shove in a body like this. The privacy commissioner is not a regulatory agency like the CRTC, it's an actual oversight board and committee meant to safeguard the privacy of the citizens of Canada.
  
  --
  Om, nomnomnom...
21. Re:Just add to the EULA... by the_womble · 2009-08-16 19:26 · Score: 2, Insightful
  
  If you put the burden of websites to be compliant with every law in the world, it is going to be very difficult for small sites and startups.
22. Re:Just add to the EULA... by Aeternitas827 · 2009-08-16 19:31 · Score: 1
  
  And, believe me, just because you're a lawyer does not mean you have all the law down.
  Yes, but they have much more access to case law and ability to realize precedent than does Joe Six-Pack. It's much easier for one who's somewhat familiar with the law to do the research (knowing the linguistic hurdles used even in the 1% that they know, as well as having increased access and familiarity) that someone else.
  
  Quite frankly, your 'hedging your bets' assertion is also rather ridiculous; I don't care what sector you go to, privacy is a serious thing no matter where you go or what industry you're working in, and that's the root of this particular debate--the indefinite storage, by a company, of any party's Sensitive Personal Information. This affects potentially anyone, anywhere, and more than likely in negative ways, and should be a priority for any company engaging in any sort of information storage. If you don't have the budget to keep up on law; then do the initial research, and go with the BARE MINIMUM on data retention--that's your best bet, is to keep as little as possible, to reduce the amount of potential breaches, present or future. That gets down to Joe'sWebsite.com as well; if Joe, in his website, is retaining any sort of SPI, he better damn well understand what he's doing before he does it; the onus is STILL on him.
  
  This isn't a matter of someone finding some minor loophole, this is a major breach in the way this, and several other (very likely) companies (large or small) handle data retention.
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
23. Re:Just add to the EULA... by Anonymous Coward · 2009-08-16 19:46 · Score: 0
  
  The word "government", as used in several (most?) common law countries, is roughly equivalent to "executive branch of government", as used in the USA. "Parliament" similarly corresponds to "legislative branch of government". Although the members of the government and the members of the parliament overlap in a way which probably shocks USians, it is inaccurate to describe an office of one as an office of the other.
24. Re:Just add to the EULA... by plastbox · 2009-08-16 20:34 · Score: 2
  
  Wrong. If you put the burden of websites to be compliant with every law in the world, you make every site owner, hosting provider and ISP in the world a criminal.
25. Re:Just add to the EULA... by vux984 · 2009-08-16 21:31 · Score: 4, Insightful
  
  They do business with people within those nations, but are not actually situated within those nations, unless of course they have some headquarters in that nation (or locality).
  No. They don't need to headquarters in a nation. They don't even need a branch office. They don't need any staff at all. They only need to have a "presence".
  So what is a "presence"?
  Pretty much anything that is selling OR promoting your product or service in Canada would count -- "doing business in Canada".
  Facebook in particular has deals with the major wireless carriers to promote 'facebook on your mobile phone', and that would qualify it having a Canadian presence. It is actively doing business in Canada.
  But Joe Average American running a blog, per your example, is merely accessible from Canada, and he and his site don't have any Canadian presence.
  Now if facebook doesn't actually have any offices or staff in Canada, there's not really much that the Canadian government can do directly to them, even if they are deemed to have a presence. But it can go after facebooks canadian partners (such as the aforementioned wireless carriers) and force them to cease dealing with facebook which gives them some limited leverage over facebook insofar as they can make it so that if facebook wants to continue running promotions in Canada, and have its 'app' and 'bookmarks' and whatnot preloaded on phones then it has to meet whatever laws are in place.
  Meanwhile they would have zero leverage over your example Joe Average American blogger, who couldn't care what the Canadian governement does in Canada.
26. Re:Just add to the EULA... by dontmakemethink · 2009-08-16 21:48 · Score: 1
  
  The Privacy Commissioner is an officer of parliament (who reports directly to the Senate and the House of Commons), not an official of the Government of Canada.
  Officer == Official. He works for the government and is paid by Canadian taxpayers. He is ergo a government official.
  The presumption of corruption and abuse may now resume.
  
  --
  
  War as we knew it was obsolete
  Nothing could beat complete denial
  - Emily Haines
27. Re:Just add to the EULA... by ahankinson · 2009-08-16 22:32 · Score: 3, Interesting
  
  The Government of Canada is currently led by Stephen Harper. The Parliament of Canada is 308 House of Commons members and 105 Senators; the government answers to the House of Commons, and the Governor General asks the membership of the Commons to form a government from their membership which, by custom, is the leader of the majority party. Parliament is above the Government, and serves to keep the Government in check.
  Technically, then, the Government is a part of the Parliament, not the other way around.
  (Fun fact: There are actually three components of Parliament: The House, the Senate, and the Library of Parliament.)
28. Re:Just add to the EULA... by ceoyoyo · 2009-08-16 23:36 · Score: 1
  
  A parliamentary officer is much more likely to act in the interest of the people than is a government official. The parliamentary officer, particularly if he reports to BOTH houses, is probably not going to particularly partisan and has to worry less about being replaced if he irritates the prime minister.
29. Re:Just add to the EULA... by mindstormpt · 2009-08-17 00:03 · Score: 1
  
  In Canadian English, the word government is used to refer both to the whole set of institutions that govern the country, as well as the current political leadership, although with the latter usage the word is usually capitalized to make the distinction.[2] Thus, Canadians would say that Prime Minister Stephen Harper's Government is currently administering the Canadian government. Contrasts can be drawn with the British usage, where the government is referred to as the state, and the American usage, where the Government is referred to as the administration.
  http://en.wikipedia.org/wiki/Government_of_Canada
30. Re:Just add to the EULA... by Anonymous Coward · 2009-08-17 01:09 · Score: 1, Insightful
  
  I disagree. As a provider, you provide one, or at least a limited amount of services. You can target your research. There is no way a user coudl possiblly find the physical time required to research evertyhing they may need in their lives. And not all uses would have the savvy to research it. A provider of service should know which laws they are in compliance with from the start. That's what they provide, what they do. So they should know at least one jurisdiction in which they are in compliance. And if you're not from there, then you might look it up if you are still interested in the service (as a user).
31. Re:Just add to the EULA... by The+Faywood+Assassin · 2009-08-17 01:24 · Score: 2, Insightful
  
  An EULA is a contract, and the first rule of contracts is that they cannot constitute anything illegal. You may sign a contract giving a third party full permission to murder you, but since murder is illegal, a jury will still convict said third party.
  
  --
  "I'm a humble person really,
  I'm actually much greater than I think I am"
32. Re:Just add to the EULA... by returnzer0 · 2009-08-17 03:36 · Score: 2, Informative
  
  I don't think most people realize that they also own facebook.ca. Registering a Canadian domain, by definition (as per the registration requirements), means that you have Canadian presence. They aren't just making themselves accessible to Canadians, but are in fact saying that they are Canadian too.
33. Re:Just add to the EULA... by jcrousedotcom · 2009-08-17 04:46 · Score: 1
  
  I guess, if it were me, and I was faced with major fines or business practices changes all because I had a .ca domain (giving me a 'presence' in Canada) - my quick fix would be to A. Create a new holding company in a different country (say USA or somewhere with desirable local laws) - transfer said .ca domain to new holding company. B. Change the main page to "This Site no longer exists. Try going to whatevermysiteis.COM" C. Tell offending government to go pound sand.
  
  I guess I am a little pig headed in all this - but really? Some country that you don't even have a presence in is telling you how to run your business? What are they going to do? Fine Facebook? Ok great.... Then what? since FB has no assets (presumably) in Canada - all they're going to get is a judgement. I recognize that these days, they may end up having assets in a banking institution that may have a presence in Canada which might result in a loss, but really, they are a US corporation doing things in the US. If you don't want your citizens going to the site or don't like its practices - tell the citizens to stop using the site or block them.
  
  I am not an advocate for censorship - please don't misunderstand, I am just so tired of government interference on *everything*. Sometimes people need to stand up and take responsibility for themselves. If you don't want the website to keep your personal infromation forever - I got an idea: Don't give it to them!
  
  Just my 2
  
  --
  Illiterate? Write for free help!
34. Re:Just add to the EULA... by hysma · 2009-08-17 05:20 · Score: 2, Informative
  
  A. Create a new holding company in a different country (say USA or somewhere with desirable local laws) - transfer said .ca domain to new holding company. B. Change the main page to "This Site no longer exists. Try going to whatevermysiteis.COM" C. Tell offending government to go pound sand.
  CIRA won't allow said holding company to take ownership of the domain unless said holding company has a Canadian presence. With .ca domains, they can't be under the control of anyone who isn't operating within Canada, for the most part.
35. Re:Just add to the EULA... by vux984 · 2009-08-17 05:51 · Score: 1
  
  Create a new holding company in a different country (say USA or somewhere with desirable local laws) - transfer said .ca domain to new holding company.
  Holding company has to have a Canadian presence to hold a .ca.
  Try going to whatevermysiteis.COM" C. Tell offending government to go pound sand.
  Except they can do more than pound sand, at least as long as FB is doing stuff in Canada, like running advertising.
  I guess I am a little pig headed in all this - but really? Some country that you don't even have a presence in is telling you how to run your business? What are they going to do? Fine Facebook? Ok great.... Then what? since FB has no assets (presumably) in Canada - all they're going to get is a judgement. I recognize that these days, they may end up having assets in a banking institution that may have a presence in Canada which might result in a loss,
  They have a enough of a presence that Canada can deny it to them, and cause a loss. No might. How significant the loss is anyone's guess, but they do have a presence. And it can be blocked or seized. Merely taking away their ability to advertise and run promotions in Canada etc will cost their bottom line.
  but really, they are a US corporation doing things in the US.
  They aren't only operating in America. They aren't merely passively accessible from other countries, they are actively conducting business in other countries.
36. Re:Just add to the EULA... by jcrousedotcom · 2009-08-17 05:58 · Score: 1
  
  Define "operating in Canada."
  
  I see what you're saying, but really, if I set up a website that is called SpeakingFrenchSucks.ca just to bash the French language, is that operating in Canada? The site consists of nothing but say a blog or a forum where folks can leave their thoughts - is that operating in Canada?" What if I add google ads and collect some ad revenue, do I have a presence now?
  
  There is nothing to stop a company from (via a unconnected holding company) creating a redirect page of sorts from their .ca page to a .com, .tv, .cc, uk.co or whatever..... Heck, if I wanted, I could change the main page of jcrouse.com to go to facebook - without their involvement. I realize that last statement is opening a whole other can of worms, lets pretend for a moment that FB would be ok with that. Am I any part of FB? What if it were jcrouse.ca (which I do not own but for the purposes of this discussion say that I do) and I redirected it to FB? They aren't doing business in Canada. Heck, even I am not really doing business, I am just redirecting.
  
  --
  Illiterate? Write for free help!
37. Re:Just add to the EULA... by jcrousedotcom · 2009-08-17 06:00 · Score: 1
  
  They aren't only operating in America. They aren't merely passively accessible from other countries, they are actively conducting business in other countries.
  You're saying this because they have obtained local domains (.ca, .jp, etc)?
  
  --
  Illiterate? Write for free help!
38. Re:Just add to the EULA... by Abcd1234 · 2009-08-17 07:18 · Score: 2, Informative
  
  I see what you're saying, but really, if I set up a website that is called SpeakingFrenchSucks.ca just to bash the French language, is that operating in Canada?
  No, you've got it entirely backwards.
  You *can't* register SpeakingFrenchSucks.ca *unless* you are "operating in Canada", as per the rules as set out by CIRA.
39. Re:Just add to the EULA... by jcrousedotcom · 2009-08-17 07:29 · Score: 1
  
  So the issue at hand here is really the registrar. Between my last comment and yours, I checked, I can register jcrouse.ca through godaddy - it didn't seem to care where I was.
  
  I think, correct me if I am wrong, what you're saying is, by registering this domain, I agree to be bound by the CIRA?
  
  --
  Illiterate? Write for free help!
40. Re:Just add to the EULA... by Abcd1234 · 2009-08-17 08:54 · Score: 2, Informative
  
  I think, correct me if I am wrong, what you're saying is, by registering this domain, I agree to be bound by the CIRA?
  Correct. Specifically, by registering a .ca domain, you are bound by CIRA's Registrant Agreement, which, among other things, includes the Canadian Presence Requirements. Violating those requirements will result in the cancellation of your domain name registration (assuming you're caught, of course... odds are Facebook would be).
41. Re:Just add to the EULA... by Abcd1234 · 2009-08-17 08:59 · Score: 1
  
  Oh, and I forgot to mention, in addition to the requirements placed on registrants, CIRA also has a set of rules for registrars. Of interest is item 2.1:
  
  Canadian Presence Requirements. Applicants must meet the requirements of CIRA's Canadian Presence Requirements for Registrants (located at www.cira.ca/en/document/CPR.pdf).
  So, not only did you violate the terms of the registrant agreement, but godaddy is also not doing their diligence to ensure they are enforcing the presence requirements. 'course, it may be that godaddy will eventually come around and revoke your registration... if not, it might be grounds for having them reported to CIRA.
42. Re:Just add to the EULA... by hysma · 2009-08-17 10:51 · Score: 2, Informative
  
  Once you register your domain with GoDaddy (or any other registrar), you'll get an email from CIRA asking you to accept their registration agreement and define what kind of Canadian you are (ie. a person, a corporation, a political party, Her Majesty the Queen, etc.). If you do not agree to the agreement or you don't complete this step, your registration is canceled.
43. Re:Just add to the EULA... by jcrousedotcom · 2009-08-17 13:09 · Score: 1
  
  Ok - that clears that up... Thanks for the informative post. I sometimes am one of those narrow minded Americans that think everything is done like it is here in the States. :)
  
  It probably wouldn't fly if I stated "Her Majesty the Queen" for the kind of Canadian I am.... ;)
  
  --
  Illiterate? Write for free help!
44. Re:Just add to the EULA... by crossmr · 2009-08-17 16:28 · Score: 1
  
  Do you seriously expect facebook to go through the law books on every national and local level and state which laws, where, they are in compliance with, AND keep up-to-date on them?
  Why not? Any brick and mortar store would have to if they tried to expand into an area. If companies can't be arsed to look up the laws which apply to their business in a country they support, then they shouldn't be doing business there.
45. Re:Just add to the EULA... by Anonymous Coward · 2009-08-17 18:00 · Score: 0
  
  Or try using a social networking site whose primary business objective is not to sell your information to a gaggle of advertisers.
Finally by Anonymous Coward · 2009-08-16 15:30 · Score: 5, Insightful

At least one country is going to try to close this massive loophole of never destroying a user's information when they want to remove their account. I mean I can understand that being able to just "deactivate" an account is useful when a user just wants to stop using facebook for a while but how hard is it to have a remove feature that deletes a users information?
1. Re:Finally by RobVB · 2009-08-16 15:38 · Score: 1
  
  how hard is it to have a remove feature that deletes a users information?
  Not very hard at all, but it's handy to keep your users' information even after they deactivate their accounts if it doesn't get you into trouble.
  Facebook could just implement some of these changes for Canadian citizens or people with a Canadian IP, but I hope this has international consequences.
  Leave it to Canada to solve all our problems, eh?
  
  --
  I'd rather you rationally disagree than irrationally agree.
2. Re:Finally by Anonymous Coward · 2009-08-16 15:46 · Score: 0
  
  but how hard is it to have a remove feature that deletes a users information?
  Surprisingly hard in a system that has a comprehensive backup strategy. You have have dozens or even hundreds of backups of said data, which may or may not be fully accounted for.
3. Re:Finally by Alphanos · 2009-08-16 16:06 · Score: 5, Insightful
  
  It's more complicated when the data may be the result of collaborative effort. If two users have a detailed conversation, then one wants all data associated with them deleted, what happens when the other user complains?
  Now in that case it still seems fairly clear that the privacy concern should come first, but as we get increasingly collaborative works, where is the line drawn? Let's say someone makes a Facebook app that lets multiple users create works of art together, or literature. There is another side to this issue.
  
  --
  Alphanos
4. Re:Finally by Aeternitas827 · 2009-08-16 16:26 · Score: 4, Insightful
  
  You have have dozens or even hundreds of backups of said data, which may or may not be fully accounted for.
  If anyone who has my personal data can't account for what they've done with it, that's a much bigger concern than not deleting it; quite frankly, if someone tells me they don't know where (X) went, how can they tell me that entity (Y) doesn't have it?
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
5. Re:Finally by Aeternitas827 · 2009-08-16 16:30 · Score: 1
  
  That is a special case, yes, but I would assume that, with a collaborative work, when one person dissents to continued display or holding of that work, the other(s) can't over-rule them on that, and the content would have to be taken down/removed. Just speculation, IANAL after all.
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
6. Re:Finally by SanityInAnarchy · 2009-08-16 17:06 · Score: 1
  
  That may be how things work.
  Is that how they should work?
  
  --
  Don't thank God, thank a doctor!
7. Re:Finally by stagg · 2009-08-16 17:10 · Score: 1
  
  I don't think it's your posts on other people's walls and photos and such that are of concern. It isn't the collaborative content. If you check out the link on the OP the biggest concern is 3rd party applications. They could also destroy all the information, pictures, etc saved on your wall or profile without touching anyone else's account. If the user can currently delete it themself, then Facebook could certainly delete the same information from their backups.
8. Re:Finally by lennier · 2009-08-16 17:11 · Score: 2, Insightful
  
  "That is a special case, yes, but I would assume that, with a collaborative work, when one person dissents to continued display or holding of that work, the other(s) can't over-rule them on that, and the content would have to be taken down/removed."
  IANAL either, but it seems on a naive reading that that policy would be incompatible with Open Content such as the GFDL/cc-by-sa. Because the first rule of open content is that nobody gets to remove ANYTHING after it's published, 'privacy' or any other personal preference be damned. If it's published, it's published forever. So collaboration sites allowing privacy takedowns would have to not use Open Content licences, and therefore, any content produced by them would not be able to be imported into general sites like Wikipedia. That data is efffectively walled off forever.
  Have we even touched on the copyright/licencing implications of Semantic Web style mashups of data? What if Facebook exports status updates as RDF and Wikipedia exports pages as RDF and some computer algorithmically links the two? What licence is the resulting RDF dataset under?
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
9. Re:Finally by s4m7 · 2009-08-16 17:33 · Score: 2, Insightful
  
  if someone tells me they don't know where (X) went, how can they tell me that entity (Y) doesn't have it?
  Well it's incredibly difficult to prove the negative statement. The burden of proof would ordinarily fall upon you to prove that Y does have it before accusing X of having passed it to them, and that's assuming that Z didn't breach a contract with X while passing the information to Y.
  Basically the lesson is, if you don't want the information public, don't post it on the internet.
  
  --
  This comment is fully compliant with RFC 527.
10. Re:Finally by Gerafix · 2009-08-16 17:40 · Score: 1
  
  We already have with our homemade BC Bud Bombs, guaranteed to prevent terrorist attacks and good acting.
11. Re:Finally by syousef · 2009-08-16 18:19 · Score: 1
  
  Now in that case it still seems fairly clear that the privacy concern should come first
  Does it? Why are you posting on slashdot? You can't delete your posts once posted! I think once you post something you make it public. No take backs allowed. It's not a privacy concern. If I run out and tell everyone I eat worms, I don't get to destroy everyone else's memories if I decide I want to take it back. If I print an ad in the newspaper I can't ask for all copies of the paper destroyed if I change my mind.
  It's only a privacy issue if you never intentionally made the information public in the first place. If you disclosed it to just one friend on Facebook and others can see it when that wasn't the status of the post in the first place, that's a problem. If Facebook made it reasonable to expect it was so that's a problem (I'm not talking about fools who jump on the net without understanding the difference between a public and private post. I'm talking about someone experience being duped). If you made no effort to make it private and you want to take it back, well tough luck.
  
  --
  These posts express my own personal views, not those of my employer
12. Re:Finally by j-stroy · 2009-08-16 18:56 · Score: 2, Informative
  
  The roots of this go right down to the core of: The Canadian Charter of Rights and Freedoms, and the equivalent legal tracts in other countries.
  vs
  The corporate charter that companies such as Facebook are granted.
  
  Corporate charters historically were granted very rarely and can be revoked (still). The legal prop that gives so many ball-busting industrial monoliths the power to trample governments, and citizens is that an incorporated company has become a weird person/non-person hybrid. This relentless legal craftwork is an intentional product designed to protect the corporate entity. People were afraid of Artificial Intelligence taking over, but the real threat is the mindless, ruthless, psychopathic corporate hive and the lawyer/accountant fraternity that Buckminister Fuller described very well in "Critical Path" in chapter 3 "Legally Piggily".
13. Re:Finally by Aeternitas827 · 2009-08-16 19:16 · Score: 1
  
  It's actually the onus of the possessor of the information to prove that it's secure. If I provide such information, on good faith, to a company (who issues a privacy policy detailing how they disseminate and secure my information), they are responsible for making sure it doesn't fall into someone else's hands. Thus, if there's reason to believe (not necessarily proof) that such information may have been leaked, the possessor of the information has to be able to prove that it did NOT leak--otherwise, they pretty well satisfy the Petitioner's Burden of Proof for them; saying "Well, we made all these copies of the data, but we don't know where 1% of them are" is essentially saying "1% of our backups are outside the control of our company", thus creating a breach of privacy.
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
14. Re:Finally by nacturation · 2009-08-16 19:56 · Score: 2, Insightful
  
  At least one country is going to try to close this massive loophole of never destroying a user's information when they want to remove their account. I mean I can understand that being able to just "deactivate" an account is useful when a user just wants to stop using facebook for a while but how hard is it to have a remove feature that deletes a users information?
  If I close my Slashdot account, will Slashdot purge all of my posts as well?
  
  --
  Want to improve your Karma? Instead of "Post Anonymously", try the "Post Humously" option.
15. Re:Finally by Mia'cova · 2009-08-16 21:24 · Score: 1
  
  I'm going to disagree with you. I've seen an explanation from facebook follow quite the same logic as your post. Without being rude, I'd like to say maybe you've seen that and taken the idea too far. It's certainly true that an entity such as an 'email' can exist in two places (their sent box, your inbox). With a closed system, this will typically be handled in two ways, either make two copies or two references to the same copy. In both cases, when both users request deletion, the content should be erased completely. With email as an established model, if one user leaves, the content should not be erased.
  To me, they're doing this for a MUCH different reason. Often users return to facebook. As I understand it (I haven't done this myself), they're often surprised when their account is fully restored with their old friends and content. By not deleting data, they've conveniently made it impossible for users to close accounts completely. They can always reactivate them. The self-proclaimed facebook addicts who quit all end up back sooner or later, says my experience. YMMV.
  If they're forced to come into compliance for Canadian laws, I can pretty much guarantee you this will not be universal. It's too valuable to fb to delete. (Of course, there are other financially beneficial reasons to keep data, I just think the usability benefits for returning users is a much bigger issue.)
16. Re:Finally by Opportunist · 2009-08-16 22:36 · Score: 2, Insightful
  
  Quite an interesting analogy between corporations and AI. Mostly because a corporation is already what we'd fear most in an AI: Intelligence without moral or conscience.
  Sure, a corporation is still staffed with humans and every human might have a conscience. But he can put it at ease and silence it, citing the "necessity" to do what he does. Take layoffs. Joe in accounting is going to be sacked, with a pregnant wife, three kids and mortgage payments he can't handle if he didn't have this job. You're his superviser. But you have a family yourself, and if you don't fire Joe, you'll be fired yourself and someone else is going to sack Joe. So you sack him. That game goes up the ladder to the top management. And while those people usually don't know anything about the grunts they hire and fire, even if he did know, he would have to see the 'big picture', that his stocks would go down (even more than they do) if he didn't fire Joe and the others being sacked, and that would mean that even more people would get laid off. It's all due to stock portfolio managers only caring about the performance of your stock. The stock broker in turn can't take pity in Joe. There are many people who trusted him with their money, maybe their whole retirement fund, he can't give "Joe a break" and keep failing stocks, so many people's money is at stake, he has to follow the lead of the stocks' index.
  Now, to make matters worse, Joe invested in those bonds. So Joe's to blame for losing his job. Well, not really, he just wanted to invest his hard earned money, hoping he might eventually reach retirement...
  Basically, nobody is to blame. There's no big bad bastard, no greedy Scrooge that doesn't care about the misery created by his want for wealth. If you want to blame anyone, blame the system itself that twists everyone's conscience into thinking of the "greater need" and the "need of the many vs. the need of one".
  We're already at the moral-less, conscience-less AI that we fear so much. Only that the intelligence is human driven, not artificial per se. We just managed to get any moral inhibitions out of the way, making room for pure intelligence driven decisions that are not tarnished by pangs of conscience.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
17. Re:Finally by bigngamer92 · 2009-08-17 02:54 · Score: 1
  
  What is it with all of these "Privacy Concerns" with Facebook? It's a Social Network! When you use it you are voluntarily opening your life to the world. A privacy expert saying that Facebook has gaps in its privacy policy is like a safety expert saying that theres gaps in the safety policy of a Dirt Bike company...
  
  --
  Common Sense
18. Re:Finally by s4m7 · 2009-08-17 11:00 · Score: 1
  
  If I provide such information, on good faith, to a company (who issues a privacy policy detailing how they disseminate and secure my information)
  I'd like to familiarize you with a part of the facebook privacy policy relevant to the claims you are making:
  
  You post User Content (as defined in the Facebook Terms of Use) on the Site at your own risk. Although we allow you to set privacy options that limit access to your pages, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users with whom you may choose to share your pages and information. Therefore, we cannot and do not guarantee that User Content you post on the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site. You understand and acknowledge that, even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User Content.
  Translation: "we don't really secure your information."
  
  --
  This comment is fully compliant with RFC 527.
19. Re:Finally by Aeternitas827 · 2009-08-17 17:47 · Score: 1
  
  And when a breach does occur, do you honestly believe this will waive any liability to Facebook, in this particular case? The only way it does is if someone has to go to extraordinary measures to obtain any lost data; it's more likely to be lax security on their part that would lead to something like that happening.
  
  Secondly, the remainder of the Privacy Policy does give information on how and when your information, whether Personally Identifying or not, is disseminated, and what controls the end user has to limit such dissemination within certain bounds--which really gets outside the persistent backup that they seem to insist on, and has become a point of contention, as deleted accounts/information is generally be available to members of Facebook (@ Section Changing or Removing Information) .
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
20. Re:Finally by laurabetterly · 2009-08-18 00:44 · Score: 1
  
  Nothing on the net is totally secure as we can easily see. I think an individual should never post anything that would put themselves at risk...ie the picture of them drinking at a strip club comes to mind... I think there is a propensity to lose privacy on the net. Web finger http://www.techcrunch.com/2009/08/14/google-points-at-webfinger-your-gmail-address-could-soon-be-your-id/ is moving toward a digital ID for everyone on the net. Scary.
  
  --
  Laura Betterly Yada Yada Marketing Firm
Keeping your information private on Facebook... by MickyTheIdiot · 2009-08-16 15:31 · Score: 4, Insightful

Keep your private information private by not posting it on Facebook!
1. Re:Keeping your information private on Facebook... by Anonymous Coward · 2009-08-16 16:17 · Score: 5, Insightful
  
  The only way to do that is never use facebook at all, perhaps the solution I should adopt myself, but it's a bit too late.
  The problem I have been having is what other people in my network post about me. I have no control over that and no right to demand it be removed other than politely asking but most people dont listen to such requests because they dont understand why someone might care. Apart from being tagged in numerous photos most of the events i go to are listed as having me invited regardless of the fact I never read the invites.
  Basically from a careful computer aided study of facebook you can find out for the average user:
  A 3d model of their whole body with especially detailed facial features
  Their location a percentage of the time without variable certainty
  A fairly accurate weighted graph of most of their associates and friends (plus all the listed information about those people)
  A rough idea of their habits, personality and political leaning
  I am no privacy nut but this is more information than i want about me on the web. I think people fail to understand how much can be extrapolated from a massive database of small details.
2. Re:Keeping your information private on Facebook... by stagg · 2009-08-16 17:01 · Score: 2, Insightful
  
  Absolutely. But the job of the Canadian Privacy Commissioner is certainly not to tell citizens to keep their mouths shut if they want their secrets kept.
3. Re:Keeping your information private on Facebook... by Anonymous Coward · 2009-08-16 17:04 · Score: 0
  
  Amusingly, I used Facebook a couple days ago as part of figuring out the address of a random person on the internet, given only their first name, the state they lived in, and assorted thoughts posted on their blog.
4. Re:Keeping your information private on Facebook... by QuantumG · 2009-08-16 17:18 · Score: 2, Insightful
  
  You do have the option of having no friends on Facebook. Similarly, if you don't go out in public you don't have the problem of your friends taking pictures of you. There's always the unibomber style shack life, consider it.
  
  --
  How we know is more important than what we know.
5. Re:Keeping your information private on Facebook... by buchner.johannes · 2009-08-16 17:25 · Score: 1
  
  Actually, I use Facebook because I can control what of my private information I put out on the web. If I used my blog or twitter, or posted my photos on Flickr, everyone would be able to see them. With Facebook I can address a closed, authenticated user group.
  It really depends on how you use Facebook IMO, and yeah, if other people leave stuff about you, that's bad.
  I guess people love communication and hate feeling alone; not using social networks can not be the answer. It's like "don't use phones" because text messaging is overpriced or "don't use computers" when you hear about a new virus.
  
  --
  NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
6. Re:Keeping your information private on Facebook... by lennier · 2009-08-16 17:27 · Score: 1
  
  1. Cross-link Facebook, Slashdot, Twitter, Second Life, Google Earth
  2. Create detailed 3D body model for all Slashdotters
  3. Render 3D models to latex masks.
  4. Render 3D models to simulated virtual environment
  5. Capture, drug and equip Slashdotters with goggles
  6. Replace real-world Slashdotters with robot duplicates.
  7. Profit!
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC
7. Re:Keeping your information private on Facebook... by m0rph3us0 · 2009-08-16 17:33 · Score: 2, Insightful
  
  Actually that is the best way to keep a secret, and it works for more than just Facebook too. Seriously though, if people don't like Facebook's policies just stop using Facebook.
8. Re:Keeping your information private on Facebook... by BungaDunga · 2009-08-16 17:38 · Score: 1
  
  Here is an interesting privacy issue that Facebook has had for YEARS.
  Alice posts an album with one photo that has her friend, user Bob, tagged in it. User Charles, who is friends with Bob (but not Alice) will more likely than not get an update saying "Your friend Bob just got tagged in an album!" and now Charles can see the entire album that Alice posted, whether or not Bob is actually in any more than one photo. This can also happen if Bob, instead of being tagged in the album, merely comments on a photo in the album.
  Meaning, for all intents and purposes, all albums you post can not only be viewed by your friends and the people in the album, but also friends of anyone tagged in the album.
9. Re:Keeping your information private on Facebook... by HJED · 2009-08-16 18:23 · Score: 2, Informative
  This is incorrect Facebook has a number of different privacy settings for photos:
  
  Everybody - everyone on Facebook can see these
  Friends of Friends - Your Friends and there friends.
  Friends - Your Friends
  Just you- self explanatory
  X only gets update about Y(who he doesn't knows) photos if one of the first two is selected (must people chose the first).
  --
  null
10. Re:Keeping your information private on Facebook... by syousef · 2009-08-16 18:31 · Score: 1
  
  The only way to do that is never use facebook at all
  Bingo!
  perhaps the solution I should adopt myself, but it's a bit too late.
  Only for older information.
  The problem I have been having is what other people in my network post about me. I have no control over that and no right to demand it be removed other than politely asking but most people dont listen
  You've got no control over what people say about you period, beyond the ability perhaps to sue (which is one way to solve the problem, sue all your friends and pretty soon you have none).
  to such requests because they dont understand why someone might care.
  Some people just aren't as paranoid.
  Apart from being tagged in numerous photos most of the events i go to are listed as having me invited regardless of the fact I never read the invites.
  My wife and I have asked people generally not to tag photos of our infant son, and with only a couple of exceptions, they've been good about it.
  Basically from a careful computer aided study of facebook you can find out for the average user:
  A 3d model of their whole body with especially detailed facial features
  From blurry facebook photos. Now I KNOW you're paranoid. Been watching too many episodes of CSI with it's infinite zoom cameras.
  Their location a percentage of the time without variable certainty
  That's true of any event you decide to sign up for, any club you regularly join, any church you go to, any gym, any restaurant etc. You don't need Facebook.
  A fairly accurate weighted graph of most of their associates and friends (plus all the listed information about those people)
  HAHAHAHA. I'm friends with everyone on Facebook. People I barely know. If you based your profile of me on Facebook, even with some detailed intelligence associated, you'd get a pretty inaccurate view of who I am.
  A rough idea of their habits, personality and political leaning
  I'm getting that from this post! Habits: Paranoia. Personality: None. Political Leaning: Slightly Left of Tin Foil Hat Brigade.
  I am no privacy nut
  Could've fooled me.
  but this is more information than i want about me on the web.
  What's so special about the web? Anyone that wants to use this against you can get this information from the local community.
  Have you ever posted a resume? Are you in the phone book? Is your membership at any organisation you are part of publicly listed? Do your neighbours, friends, waiters, baristas, gym/dance/karate instructor know you by name?
  I think people fail to understand how much can be extrapolated from a massive database of small details.
  Extrapolation is always possible but the accuracy depends on quality of data, and for most purposes there are better sources than Facebook.
  
  --
  These posts express my own personal views, not those of my employer
11. Re:Keeping your information private on Facebook... by syousef · 2009-08-16 18:34 · Score: 1
  
  1. Cross-link Facebook, Slashdot, Twitter, Second Life, Google Earth
  2. Create detailed 3D body model for all Slashdotters
  3. Render 3D models to latex masks.
  4. Render 3D models to simulated virtual environment
  5. Capture, drug and equip Slashdotters with goggles
  6. Replace real-world Slashdotters with robot duplicates.
  7. Profit!
  Steps 1-5 are a lot of effort when you could just create a large number of over and under weight asexual robots with no body strength that consume caffeine and pizza, and end up with a pretty close approximation.
  
  --
  These posts express my own personal views, not those of my employer
12. Re:Keeping your information private on Facebook... by Anonymous Coward · 2009-08-16 19:11 · Score: 0
  
  The problem I have been having is what other people in my network post about me.
  Why should you be able to restrict their freedom of speech?
13. Re:Keeping your information private on Facebook... by the_womble · 2009-08-16 19:37 · Score: 1
  
  Who do you think will do the analysis. Some people can get the data anyway.
  
  A 3d model of their whole body with especially detailed facial features
  The government can already get that from your passport photo, driver license photo, security camera photos etc.
  
  Their location a percentage of the time without variable certainty
  If you carry a mobile phone your phone company and the government can both track you far better. The government knows when you enter and leave the country, and, in many countries, knows where you are going (at least initially). Uising credit cards or ATMs or any other interaction with a bank creates a trail that can be followed.
  
  A fairly accurate weighted graph of most of their associates and friendsty
  The government and telecoms companies again. More accurate as everyone has a phone, not everyone uses Facebook
  
  (plus all the listed information about those people)
  There are a lot of sources to pull data on people from.
  
  A rough idea of their habits, personality and political leaning
  Bank records, especially what credit and debit card purchases and ATM withdrawals. Loyalty card schemes.Surveillance of protests. Activities which require registration or government checks (anything that involves visiting a school more than once a month in Britain, for example),
14. Re:Keeping your information private on Facebook... by Opportunist · 2009-08-16 22:45 · Score: 1
  
  I do have an account on various online media. None of which contain any information about me that would immediately allow you to make a connection to the person that I really am. There are no names, there are no locations (going so far that I try to avoid as good as I can to tell what country I come from), there are no friends that aren't exclusive for the online medium I participate in. There are different ICQ numbers and mail accounts for every online group, with different names. The names I choose are usually from dictionaries and will not generate any leads in google or other search engines.
  What usually stays the same is my position towards various topics in discussion. Fortunately, I share that position with many geeks out there, so linking the online informations you can draw from those online sites is fairly hard to pull off.
  You will find no pictures of me on the internet. Oh, wait, there is one. I couldn't avoid that. This picture and the context it is shown in cannot be traced to any other online activity of me.
  Yes, I google my real name every now and then. Who doesn't? :)
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
15. Re:Keeping your information private on Facebook... by compro01 · 2009-08-17 03:59 · Score: 1
  
  Seriously though, if people don't like Facebook's policies just stop using Facebook.
  The thing at issue is that doesn't solve the problem of them having your data.
  
  --
  upon the advice of my lawyer, i have no sig at this time
16. Re:Keeping your information private on Facebook... by stagg · 2009-08-17 04:46 · Score: 1
  
  Again: It's not the job of governing/enforcement agencies to tell people it's their fault. That's akin to the police telling an assault victim that they shouldn't have been out at night anyway. It may be true, but these agencies are here to prevent the exploitation of citizens. It's also entirely unreasonable to expect everyone to have the knowledge to properly protect their own privacy by abstaining from things like Facebook. It's not obvious or intuitive that you need to be careful, not at all.
17. Re:Keeping your information private on Facebook... by PhotoGuy · 2009-08-17 06:43 · Score: 1
  
  I think the average person grossly overestimates the value of this data. In short, unless you're a celebrity, or stalked by an ex, or something, *NOBODY CARES* about this data. (Other than friends, viewing it for its intended purposes, of course.)
  And if you're a celebrity, or being stalked, odds are you take some extra privacy measures in your every day life (don't leave blinds up, etc.), so maybe you should take similar measures online (don't publish friends lists to the world).
  Facebook does have some privacy holes, but in general you can keep your profile details pretty hush-hush, except to those you choose.
  It amazes me how many people are so paranoid. I see almost everyone I know enjoying Facebook, and I've never heard of a single identity theft or other ill effect of it.
  The apps is do find annoying (some third party company, not vetted at all, getting all your details when you accept a cheesy gift, etc..); and that's part of the Canadian govt's investigation. Again, I simply don't accept apps.
  (Personally, I'm kinda bored with Facebook, only check in occasionally, and find it rather "meh"; but I'm the type with a fairly small and close group of friends to start with, so maybe that's why.)
  
  --
  Love many, trust a few, do harm to none.
18. Re:Keeping your information private on Facebook... by hysma · 2009-08-17 09:22 · Score: 1
  
  Yes, I google my real name every now and then. Who doesn't? :)
  Well if you tell Google your real name, and Google saves searches for future data mining, not to mention they have ads on many, many sites which they can track as well, I'd say it wouldn't be too complicated for them to figure out what kind of sites you frequent. Further data mining may be able to identify who you are based on URLs that ads are loaded from.
  How much do you trust Google?
One week later ... by tjstork · 2009-08-16 15:33 · Score: 2, Funny

Facebook announces that it will open up a new data center in Ontario.

--
This is my sig.
Canwest, eh... by Anonymous Coward · 2009-08-16 15:40 · Score: 0

Take anything and everything that Canwest reports with several large grains of salt. This is a media company that forbids the editors of their local newspapers from writing their own articles. At Canwest all opinions must come from head office.
1. Re:Canwest, eh... by inject_hotmail.com · 2009-08-16 17:08 · Score: 2, Informative
  
  Take anything and everything that Canwest reports with several large grains of salt. This is a media company that forbids the editors of their local newspapers from writing their own articles. At Canwest all opinions must come from head office.
  Why do I need opinions from the news?
2. Re:Canwest, eh... by Anonymous Coward · 2009-08-16 18:00 · Score: 0
  
  Why do I need opinions from the news?
  All news is mostly opinions. From what to report as news to how and where to deliver it, you just can't get away from the opinion part.
3. Re:Canwest, eh... by Zontar+The+Mindless · 2009-08-16 18:10 · Score: 2, Informative
  
  Why should news publications not offer any editorials or analysis... as they've been doing for centuries? Raw data in and of itself is not particularly useful.
  And why was this modded Informative when in fact it's just the opposite?
  
  --
  Il n'y a pas de Planet B.
4. Re:Canwest, eh... by inject_hotmail.com · 2009-08-23 23:12 · Score: 1
  
  Yeah...and that's the problem...people are impressionable, and the media outlets know this. It's exploited for personal gain.
  Oh well...I just live here.
5. Re:Canwest, eh... by inject_hotmail.com · 2009-08-23 23:22 · Score: 1
  
  Ok...editorials are fine...analysis is fine...if it's disclaimed and unbiased. Years ago it wasn't acceptable to inject a quick shot of opinion into a news cast (well, at least if it was apparent). Now, every news bit is laced with left or right leaning ideas. How many times can one hear the phrase "some might say..." or "many people are saying..." on CNN? It's disgusting, and is obvious to anyone with any sort of critical thought in their head. Raw data can be very useful. I would rather know the raw data than someone's have baked politically directed opinion. If a media outlet is going to analyze something 'for me', I demand it be objective. Anything else is absolutely useless because the raw data is obfuscated, and at that point it may as well not be reported at all.
6. Re:Canwest, eh... by Zontar+The+Mindless · 2009-08-24 02:28 · Score: 1
  
  Too bad there's no such thing as an unbiased editorial or analysis. Filtering or summarising data requires that assumptions be made as to what's relevant/important/etc. And -- as I discovered when I worked in the industry (~8 years doing radio news) -- no matter how "objective" you try to be, someone is always going to give you grief because your writeup of the story doesn't jibe with their own bias.
  I agree that one should be aware of and acknowledge one's biases, but you ask for the impossible.
  
  --
  Il n'y a pas de Planet B.
Typical Government by Anonymous Coward · 2009-08-16 16:07 · Score: 0

Does anybody really believe the Canadian Privacy Commissioner is keeping anybody safe? Anybody... Ferris?!?!?
1. Re:Typical Government by Plugh · 2009-08-16 16:09 · Score: 0, Troll
  
  I am sure the Canadians are happy to pay the salary of their Privacy Commissioner. He keeps them safe! ... and if they don't want to pay the Commissioner's salary, then nice men with guns will come and take their house away.
  
  --
  Part of the Second American Revolution!
monday morning by s4m7 · 2009-08-16 16:11 · Score: 1, Troll

block all canadian access to facebook. put an explanation of why with the contact person from the canadian privacy comission. problem solved.

--
This comment is fully compliant with RFC 527.
1. Re:monday morning by Aeternitas827 · 2009-08-16 16:33 · Score: 1
  
  This wouldn't be of any assistance; those Canucks are rather industrious, and would find ways around such filtering. Thus, Canucks would still exist on Facebook, and there would be a pissed off Privacy Commision bloke getting calls at their office getting increasingly pissed at Facebook.
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
2. Re:monday morning by Anonymous Coward · 2009-08-16 16:48 · Score: 1, Insightful
  
  Yeah, that sure makes sense given that Canada has the highest per-capita Facebook usage in the world. How nice of you to think it acceptable just to cut off Canadians. What a fucking asshole. You know, we would really appreciate a way to solve this without just banning us from the service.
3. Re:monday morning by stagg · 2009-08-16 16:54 · Score: 2, Interesting
  
  You say that like it's a joke, but it wouldn't be the first time a website had been blocked on a national level, and it isn't necessarily a bad idea. ...and somehow I suspect the lost advertising revenues would get facebook's attention long before the calls of irate citizens annoyed the answering service at the Canadian privacy commission. Only one in a thousand people will bother to call the government and complain, most will probably just fill out internet polls on whatever new social networking site they move to. Those advertising dollars are lost immediately though.
4. Re:monday morning by Anonymous Coward · 2009-08-16 16:59 · Score: 0
  
  I, as a Canadian and Facebook user, agree. There is no reason for Facebook to allow any John Doe to write a useless application with the sole intent of collecting user data. Many off the so called 'applications' do very little...or nothing at all...
  Facebook should be blocked...while they're at it, they should also block the data collection division of the US Government...Google (or should I say Big Brother...Master of Evil)
  I even post as an Anonymous Coward on this site...why should I give /. my information when it is not necessary to read or post?
5. Re:monday morning by Anonymous Coward · 2009-08-16 17:02 · Score: 0
  
  If you don't like it, fix your laws so as to not require foreign companies to go out of their way to meet your draconian requirements before being blessed for Canadian use.
6. Re:monday morning by inject_hotmail.com · 2009-08-16 17:10 · Score: 1
  
  block all canadian access to facebook. put an explanation of why with the contact person from the canadian privacy comission. problem solved.
  awesome idea...then no one would be able to delete their own accounts...and they couldn't complain either...right?
7. Re:monday morning by s4m7 · 2009-08-16 17:11 · Score: 1
  
  But the point would be that Facebook would no longer be conducting its business within Canada, and therefore not subject to Canadian law. Canada probably has roughly 10 million Facebook users, or about half a percent of the Facebook usership. Would the half a percent in ad revenue really be worth the IT salaries in coming up with a way to delete user data from multiple server backups and working analysis copies and the lawyer salaries to verify that satisfies the Canadian law?
  
  --
  This comment is fully compliant with RFC 527.
8. Re:monday morning by SanityInAnarchy · 2009-08-16 17:15 · Score: 1
  
  You know, we would really appreciate a way to solve this without just banning us from the service.
  Actually, that's the purpose of just banning you from the service -- getting you pissed off enough to call this person, who, if she gets enough calls, would presumably let Facebook do whatever they want.
  I don't agree with this -- I think Facebook really should just start actually deleting people's information when they make that request. But there have been times when I really think a website should've taken similar steps -- for example, one of the bigger ways for Google to help net neutrality would be to confirm which ISPs don't care about net neutrality, and show a message to those users (without actually blocking search) that encourages them to switch ISPs and/or write their congressmen.
  
  --
  Don't thank God, thank a doctor!
9. Re:monday morning by robbrit · 2009-08-16 17:17 · Score: 1
  
  Definitely a good point. There are currently around 11 million Canadian Facebook users, which is about a third of the national population. That's a lot of advertising eyeballs!
10. Re:monday morning by s4m7 · 2009-08-16 17:19 · Score: 1
  
  no joke at all. Working from my estimate of 10 million Canadian Facebook users (which would be about 1 in 3 Canadians, an awfully generous ratio) you're looking at about a half a percent of Facebook's advertising revenues. if only 1 in 1000 of them call the privacy office that's still 10,000 calls: A volume I would wager the CPC isn't equipped for. if the number of users is significantly lower than that, it's a rounding error on Facebook's balance sheet.
  
  --
  This comment is fully compliant with RFC 527.
11. Re:monday morning by s4m7 · 2009-08-16 17:23 · Score: 1
  
  they should also block the data collection division of the US Government...AT&T
  
  Fixed that for ya.
  
  --
  This comment is fully compliant with RFC 527.
12. Re:monday morning by gnud · 2009-08-16 18:27 · Score: 1
  
  Well, maybe if other countries could be likely to raise similar demands.
13. Re:monday morning by Aeternitas827 · 2009-08-16 19:21 · Score: 1
  
  That's the point; as soon as Canadians circumvent the filtering, Facebook is once again conducting business in Canada; it would solve NOTHING. As soon as a Canadian citizen is involved, even if the packet hits Facebook via a proxy server set up in Kazakhstan, Canadian law applies, and Facebook would have to comply. They'd waste the time/energy on that change, and STILL have to deal with the Privacy Commission.
  
  --
  I don't post AC. I like my -1, Flamebaits. Trump/Sheen 2012 on the Batshit Insane ticket!
14. Re:monday morning by mkendall · 2009-08-16 19:43 · Score: 1
  
  Canada probably has roughly 10 million Facebook users, or about half a percent of the Facebook usership.
  Ten out of 200 is five percent, not half.
Finally by miracle69 · 2009-08-16 16:54 · Score: 2, Funny

This will force the Canadians to Bomb the Baldwin family.

--
Linux - Because Mommy taught me to Share.
Re:Canada? Does it matter? by stagg · 2009-08-16 16:59 · Score: 1

10.6 million according to Facebook. http://themeaningofweb.com/facebook-user-profile-canada-2008/ So yes. That's a lot of advertising revenues.
Re:Canada? Does it matter? by Fractal+Dice · 2009-08-16 17:11 · Score: 4, Insightful

More importantly to Canada, it means roughly a third of the entire country is on Facebook. That's getting into the realm of national security concerns when detailed information that much of your population resides in a foreign country.
MOD PARENT TROLL by inject_hotmail.com · 2009-08-16 17:23 · Score: 1, Insightful

I don't want to feed the troll, but I have to say...
Anyone that would express, in public no less, such a statement is inherently less important by whichever ignorant metric a person like you would measure such things.
Re:Canada? Does it matter? by Anonymous Coward · 2009-08-16 17:27 · Score: 1, Informative

...Facebook, which has grown to more than 200 million users... from summery

10.6 million according to Facebook.
http://themeaningofweb.com/facebook-user-profile-canada-2008/
So yes. That's a lot of advertising revenues.
200 million / 10.6 million is a little over 5%
Re:Canada? Does it matter? by buchner.johannes · 2009-08-16 17:27 · Score: 2, Funny

Canada? Does it matter?
Is that another US-American saying I have yet to learn?

--
NB: The message above might reflect my opinion right now, but not necessarily tomorrow or next year.
Re:Canada? Does it matter? by Anonymous Coward · 2009-08-16 17:36 · Score: 1, Interesting

I'm very proud to be one Canadian that is not on facebook.
Re:Canada? Does it matter? by m0rph3us0 · 2009-08-16 17:39 · Score: 1, Interesting

Um... is anyone aware that in Canada we send sensitive and CLASSIFIED information on our citizens to foreign goverments, and no that information does not get deleted on user request. I think if the policy is good enough for Facebook it's certainly good enough for the CIA/FBI/State Department. We also let foreign government's run experiments with illicit drugs on our citizens, but I'm sure it's far more important for the privacy commissioner to investigate voluntarily shared information with another company than to investigate that. Remember folks: corporations = bad, government = good.
Re:Canada? Does it matter? by m0rph3us0 · 2009-08-16 17:47 · Score: 1

RMCP: o hai!
FBI: i can haz your citizens informazions?
RMCP: here r ur recordz of bill mahr arar, many lulz
FBI: free trip to syria courtesy of Club Fed.
RMCP: o rly?
FBI: rly!
RMCP: kthxbye!
Re:Canada? Does it matter? by Mashiki · 2009-08-16 19:28 · Score: 2, Informative

Unless you're amazing enough to actually show up on a CSIS or RCMP watch list, then you're not getting your information shared with other governments. If you're at that point already, then there's a national security issue for nations which you're friendly with. Figure that one out yet?
So here's a big surprise, personal information of 10m citizens that are silly enough to post it is actually a rather big issue. And not to forget that the privacy act does exist for a reason, but I'm sure you've already read it and know what it means like most people who have a passing interest in law. Because if you didn't, you wouldn't understand the first part I posted.

--
Om, nomnomnom...
disgraceful book by NSN+A392-99-964-5927 · 2009-08-16 20:15 · Score: 1

Really, Social networking sites need to be hit very hard! Not only that another /.er "in the know" should do an article on how much spam emails are generated by these sites. I am going to go out on a limb and saying that I do not have a profile on facebook, however some people I know, add my email address so as for privacy issues they should be slammed big time. I am *furious* really I really am.

--
All cows eat grass!
Tip of the iceberg.. by cheros · 2009-08-16 21:09 · Score: 1

If that gets you angry you better not use Google's web albums. I wonder why on earth the NSA gets so much money for IT taps where Google is already doing everything required.
That's not all, have you ever read their Terms of Service? If not, I suggest a quick read of specifically point 11 and see if you understand what happens if you use ANY Google service..
Searching, fine. Anything else - avoid, it is most certainly NOT free..

--
Insert .sig here. Send no money now. Owner may sue, contents will settle. Batteries not included.
Re, Would it really cost that much..... by Anonymous Coward · 2009-08-16 23:23 · Score: 0

......for facebook to add a delete profile function? I don't understand why facebook can't simply add the "delete my profile" option, then anyone that feels the need to do so could.
Wouldn't that make it a non issue?
Unless of course there is a grand scheme for using the stored profiles of peoples pets, imaginary friends and fake profiles (after all who REALLY puts in their real address?) to build a list for (insert conspiracy theory here) nefarious uses.........
Coming soon, SCANDAL, the internets is storing your info!
Re:Canada? Does it matter? by influenza · 2009-08-16 23:42 · Score: 1

Actually, police records are shared between Canada and the US. The police keep a file on you if they've ever spoken to you (and taken your name, birthday and address) whether you're actually in trouble or just a witness. American police have access to those files. If a Canadian is pulled over by the police in the US, the US police officer will see their Canadian police file when they do their check.
Re:Canada? Does it matter? by Anonymous Coward · 2009-08-17 01:05 · Score: 0

US already has all the info on Canada. A US firm process all of the Canadian census... Since the homeland security does not need a real warrant and the effected firms can not tell their respective clients about the actives request by homeland... my tin foil wrapped head tells me that a copy off all the Canadian census data is in the hands of the US homeland security. Nothing fear about subcontracting all your countries personal data out to a foreign country that has such organizations as the Homeland security.
Avoiding Gmail is getting hard by betterunixthanunix · 2009-08-17 01:37 · Score: 1

I am all for avoiding Gmail, but it is no longer possible. My undergraduate university has switched to Gmail for its primary email provider, claiming that running our own email servers is too expensive (when I asked why they did not try saving money by ditching Sunguard's proprietary, expensive, and poorly functioning course management system, their eyes glazed over -- the cost of that system is equivalent to the salaries of roughly 6 IT workers). I just graduated, and was hoping that the university I am going to for graduate school would be different; sadly, it seems that they made the same switch over a year ago, for the exact same reason.

How can anyone avoid Gmail when they are forced to use it? Official university email, some of which is actually important, is sent to my university email address, so I truly am forced to use Gmail, despite my every objection.

--
Palm trees and 8
Obnoxious Ads by quatin · 2009-08-17 02:03 · Score: 1

Anyone else who click on the link get an obnoxious full screen ad of some lame "anti-virus" spyware that shows a video of your computer being scanned and flashing "Virus Detected! Download me and pay me $10.99 or you are screwed!"?
Re:Canada? Does it matter? by ubercam · 2009-08-17 03:10 · Score: 1

Just to add to this, if you've ever crossed into the US (land/sea/air, doesn't matter), you may have been asked if you've ever been arrested, charged, or been in court, etc. That information is right there on their computer screen as they ask you. They usually just want you to verify it.. "Why yes officer, I have in fact been to court, but the case was dismissed and no charges were laid."
Also, if you've ever applied for a foreign visa (I have), that country's intelligence service will probably ask your home country's intelligence service for any information on you to see if they actually want you there in the first place. It's just part of the application process. That's one of the main roles of CSIS actually, to provide that information, and also to receive it from foreign countries whose nationals are applying for visas and other stuff in Canada.
Question: Why should Facebook care? by Otto · 2009-08-17 03:50 · Score: 1

Last I checked, Facebook was a US company with no presence in Canada. Do they really have to care about Canada's laws?
I mean, if I start a website and let anybody use it, I'm not suddenly subject to Canada's privacy laws just because some Canadian uses it.
Or am I mistaken somehow, and FB does have an actual physical presence in Canada?

--
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
1. Re:Question: Why should Facebook care? by Abcd1234 · 2009-08-17 05:08 · Score: 2, Informative
  
  Last I checked, Facebook was a US company with no presence in Canada.
  When was the last time you checked, exactly? And, yes, owning a .ca domain means they have a Canadian presence.
2. Re:Question: Why should Facebook care? by crossmr · 2009-08-17 16:44 · Score: 1
  
  Created: 2005-01-26
  At least 4.5 years ago...
Re:Canada? Does it matter? by Mashiki · 2009-08-17 04:52 · Score: 1

Access does not equal retained. Repeat that after me. If you don't understand that, there's no hope for you. Welcome to the cold, cold world of reality. American police don't have direct access to CPIC FYI, no American agency does. They still have to request information the old fashioned way. If you have information in the US via the internal US system, well that means you've managed to get on the internal databases, that means you've been stopped, are already on the watch lists in Canada and there via sharing for criminal data, etc.
And keeping information on you for witness/talk/etc via incident reports is not the same as criminal reports. Not even in the same league. Speaking of which if you live in Canada, and want to see yours, you can go to your local police service and get it.

--
Om, nomnomnom...
When you're wearing Levis' Three-Legged Jeans... by Impy+the+Impiuos+Imp · 2009-08-17 07:49 · Score: 1

> Facebook has until Monday to find a way to fix its 'serious privacy gaps.'
> And if the Canadian Privacy Commissioner isn't happy with the Web Company's
> response, then she has two weeks to push it to the Canadian Federal Court in Ottawa.
"Disable all Canadian accounts, and redirect any from there to a web page saying 'The Canadian Privacy Commissioner is worried about your facebook page. You can contact here at phone number xxx-xxx-xxxx. Your local MP is soandso. You can contact him at xxx-xxx-xxxx. Have a nice day.' "

--
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
IPTABLES by fremean · 2009-08-17 11:32 · Score: 1

Canadians getting you down?
Threatening to sue because you won't conform?
iptables is your answer!
Simply make it impossible for Canadians to access your site and you will be protecting their privacy in the ultimate way!
Re:Canada? Does it matter? by influenza · 2009-08-17 19:30 · Score: 1

Are you sure about that? From the quick facts side-bar on the CPIC overview page:

The Automated Canada United States Police Information Exchange System (ACUPIES) provides CPIC users a link to the U.S. National Crime Information Centre data banks, and all U.S. users access to the CPIC files. Currently, this link is processing over 12 million transactions per year.
Wikipedia links to a reference that claims that the "wandering persons" database (for tracking alzheimers patients) is not shared with the US. So they don't get complete access, but they can access CPIC.