On Telecoms, Privacy and Tyranny
It is a perilous path when companies and governments decide that the law does not matter and the corporation is merely an agent of the state for however it may wish to monitor customers.
Yesterday, it was reported that the customer records of more than 3.4 million Canadians were stolen in mid-January. It took four weeks before the theft was revealed to Bell Canada’s customers. And while the information was eventually recovered, no explanation has been provided as to what shortcomings existed in its system that would have permitted such a huge breach of privacy. It is hard to imagine that these records were adequately protected if they could be stolen on such a scale. And their theft raises serious questions about how well more sensitive data, including the banking records of customers, is protected. The delay in bringing the breach to the public’s attention shows again that there is need for legislation that would force companies to advise customers immediately when a theft of their information occurs –not weeks after the fact.
Once again, we note that Canada’s Privacy Commissioner is noticeably absent from this file. Twenty-four hours after the theft was made public, the Commissioner’s website hasn’t even acknowledged the incident, much less indicated that it has commenced an investigation. Speed is not a function typically associated with this office. There still has been no explanation of the result of any investigation in connection with the disappearance in 2006 of the personal financial information of 470,000 CIBC customers, which we wrote about here.
In the United States, a breach of a different kind occurred yesterday, when the Senate voted to give giant telecoms immunity from lawsuits as a result of their assisting authorities in the warrantless wiretapping of calls made by their customers to overseas destinations. The telecoms, including giant AT&T, lobbied the Bush Administration and Congress for the bill, and they were more than happy to oblige. For its part, business expects that customers will play by the rules. Legions of lawyers are employed to ensure that they do. It is not unreasonable, it seems to us, that customers are entitled to expect that business will also play by the rules as they exist at the time, and when its does not, whether in privacy matters or wiretapping, consequences should follow.
Retroactive legislation seldom makes for good law or sound public policy. It is a perilous path when companies and governments decide that the law does not matter and that the corporation is merely an agent of the state for however it may wish to monitor customers. Yahoo’s CEO was recently castigated by the House Foreign Affairs Committee for that company’s role in turning over customer emails to security officials of the government of China. In the 1930s, major players in the German business sector eager to be seen as cooperating with the new Hitler Reich during its infamous Gleichschaltung period, volunteered to turn over personal information about their Jewish customers and employees. They argued it was in the national interest to do so.
Fighting terror is a necessary cause in the preservation of liberty and civilization. But in that fight, the distinction between the values of the terrorists and the values of their democratic targets must never be lost. Islamic extremists do not value individual rights, personal freedom or privacy. These are the hallmarks of western democracies. And when elected governments begin to erode these rights in the so-called defence of democracy, they place both in jeopardy.
Telecoms routinely boast about their commitments to protecting customer privacy. But these events show that individuals can depend little on such claims and even less upon the public officials and policy makers who are supposed to be on the frontline of ensuring that protection.