Blog

30.1: The Argument for Change

This is the second post in a blog series that questions the risks that we’re willing to assume and examines the hazards that are present in the current information technology landscape. Although it’s never a one-size-fits-all situation, British Columbia’s current legal framework has a specific provision that affects everyone in the province. You can read the first post, here.

In this blog post, we’re going to review the perspective of those arguing to amend section 30.1 of B.C.’s FIPPA. The Research Universities Council of British Columbia (RUCBC) is, amongst some regional health authorities, arguing to make amendments to the act.

But before we get into that, I want to explain how my interest in a relatively unknown section of a provincial privacy act originated.

Why I care

I’m a UBC student and one day I needed to pick something up from the Enrolment Services Professionals in Brock Hall. So I dropped by and was prepared to wait in a line as I had done on the few occasions that I had been there before. But this time they had a new system called QLess. Instead of waiting in a line, you would input your name and phone number into a computer and receive a text message when it was your turn to be served.

Obviously, this is a better system. But there was a problem. While registering, I noticed that I needed to consent to have my personal information sent into the United States, where the system was hosted. In Canada, our names are considered personal information. I would argue that so should our phone numbers.

Because of section 30.1, UBC was required to ask for consent before sending that information to the U.S., however, because there didn’t seem to be an equivalent alternative to using that system. So: Could I really be giving my consent freely? Or was this an example of what is often called “forced consent”? If so, is this type of consent otherwise not meaningful?

From there, I began wondering how UBC was dealing with section 30.1 in other contexts and I began discovering that it was causing significant difficulties in many settings. What follows, is my investigation into a relatively unknown section of B.C.’s provincial privacy act and its impact on higher education.

Arguments for change

The RUCBC is comprised of the University of British Columbia, Simon Fraser University, the University of Victoria, the University of Northern British Columbia, Royal Roads University, and Thompson Rivers University.

But they’re not alone. B.C.’s health authorities have also joined the fight. So it’s representatives from both the public health and education sectors that are arguing for a change.

UBC counsel for information and privacy, Paul Hancock, on behalf of four other members of the Research Universities Council of British Columbia (SFU was initially absent but later signed on), gave a presentation to a special committee at the provincial legislature whose mandate is to review FIPPA every seven years.

Mr. Hancock’s presentation outlined the arguments for change as the following:

  • Administrative efficiency and security
  • International engagement and student recruitment
  • Online learning offerings
  • Academic integrity

Mr. Hancock made that presentation in November of 2015. Although later the special committee and B.C.’s former privacy commissioner both recommended that section 30.1 not be amended. However, last month, in an interview, Mr. Hancock reaffirmed that the RUCBC’s position hasn’t changed and that section 30.1 still needs to be amended.

Let’s have a look at each of the points individually.

Administrative Efficiency and Security

One of the greatest restrictions introduced through 30.1 is the inability to use cloud based computing services. This causes some administrative delays around storing and accessing information through applications that make use of the cloud, like those that deal with payroll and human resource processing.

But Mr. Hancock makes the argument that our current information technology infrastructure that meets the requirements of section 30.1 is less secure than a system that fully encrypts data that’s in motion and still. Meaning, an amendment to 30.1 would mean student data would be more secure than it currently is.

He said that student privacy is at risk from hacking attempts from foreign and state actors with the current system. An amendment to 30.1, according to Mr. Hancock, would mean student data could be kept safer by making the act more intelligent and encouraging higher security.

Additionally, when it comes to attracting faculty to UBC, the limitations that are created from 30.1 impacts the way these world-class educators and researchers are able to work and communicate. Perhaps, Mr. Hancock says, this has an effect on UBC’s international reputation and ability to compete, which brings us to the second the point.

International engagement and student recruitment

It’s no secret that UBC recruits a lot of international students. 14,434 to be exact. These efforts are enabled by proactive strategies led by the International Student Initiative, which sends recruiters all around the world. But because of 30.1, overseas offices and recruiters have difficulties accessing information that needs to be stored on Canadian soil.

What does this mean for students? Likely nothing. But for recruiters, they need to employ complicated systems to circumnavigate or appease section 30.1, but for the everyday student, even international students, there doesn’t seem to be much of an inconvenience.

Online learning offerings

This a big one. UBC, specifically, is relying on outdated technology. Blackboard Connect is the learning management system currently in use at UBC. It’s an outdated, invasive, and clunky system that is patched together to supposedly rival the cloud-based systems that other universities outside of British Columbia can access.

UBC is currently looking at alternatives as the license for Blackboard Connect is expiring. Due to the limitations created by section 30.1, UBC is in a tougher position to find a new learning management system.

Academic integrity

The point relates to the use of an online plagiarism detection service called Turnitin.com. You may not know this, but most universities scan every essay electronically to detect plagiarism. You can implement this quite simply through a built-in version hosted through a learning management system like Blackboard Connect.

However, Mr. Hancock says that UBC can’t use this system because Turnitin, a U.S. company, has the authority to reach into the system and scoop out data at any time, including names and other personal information, which contradicts section 30.1. Therefore, UBC can’t use Turnitin in this way.

There’s a much more complicated, manual way of using the system. This involves having students manually submit their essays through an online portal with the option of using a fake name, but nonetheless their essays, that content, and their IP address (which is the subject of some debate over whether it can be considered personal information) are all travelling outside of Canada.

I’ve also heard of another work-around solution where Teaching Assistants are asked to remove the names from submitted essays, assign a unique identifier, scan them into the system and check for plagiarize, translate the unique identifier back to the name, and then submit them for grading with the instructor. But, as you can imagine, this involves a lot of work and time. You might not be surprised to find out that not all the Teaching Assistants are diligent enough to protect the identities of the students and take shortcuts that sacrifice privacy and contravene the law.

What do you think?

There’s a lot of compelling arguments that have been made for amending section 30.1 of B.C.’s FIPPA. A change would mean that the university would access to an array of new tools and technology that could enhance the learning experience at UBC and increase administrative efficiency. But would be the sacrifice?

In the next instalment of the series, I’ll explore arguments that have been made against amending section 30.1 by an array of concerned parties, including privacy advocates and journalists. Since the act was passed, many have rightfully argued that section 30.1 has only increased in its importance, especially considering the current political situation in the United States.

But based on what you know right now, are in favour of amending section 30.1?

 

The Artist Project 1: VPN to IRL

Artist Series One: VPN to IRl

@ XPACE Cultural Center

As boundaries between our digital lives and our “real lives” are becoming increasingly blurred, artists are responding in playful, critical and innovative ways. Digital Tattoo decided to connect with some of these artists within our communities to have conversations and look into what new metaphors are being created to represent our rapidly changing social, cultural, and political landscape. For our first meeting, we interviewed Tak Pham, who recently curated an exhibition titled VPN to IRL at XPACE Cultural Center in Toronto’s West end. Four artists, Sophia Oppel, Tommy Troung, Marlon Kroll and Ronnie Clarke, were featured in the show. Our conversation with Tak introduced us to these emerging artists and helped us to understand better the multi-media installations that made up the show. The common thread that brought together the four artists was an inquiry into the role that invisible data collecting technology plays in contemporary life. As Tak explained, his curatorial goal was to create a kind of “virtual private network” within the architectural space of XPACE.

One of the first things you notice upon entering the exhibition is an over-sized QR code. This was Tommy Troung’s piece, Blind Date, 2017. Visitors can activate the work by scanning the code with a smartphone, which redirects you to a webpage (coded by Tommy) upon which text appears, revealing specific identifiers about your device, your location, and whether or not your device has a camera. This functions as an uncomfortable reminder that our tools also have a grasp on us, as it reminds us that our devices are always tracking us. The small amount of information revealed on the screen is a small sample of the mass of data we produce as we use our smartphones throughout the day.

Tell Me Everything You Saw, and What You Think It Means, by Marlon Kroll, is a collection of photos featuring film stills of people’s backs. Kroll’s work raises questions around the ethics of watching others, the power dynamics of a one-sided gaze which reflects a data collector’s perspective on users. Kroll’s photos locate the viewer in the position of the surveyor. However, the point of view on the subjects of these photographs is obscure, while you can gather some minor details about the figure’s gestures and activities much is left to the imagination. The data we produce creates a portrait of us, incomplete representations of complex people using abstracted data points. The limitation of our “data portraits” leads analysts to interpret users, make inferences and categorize behavior.

Sophia Oppel’s piece Terms of Service was interactive, playfully using elements of visual surveillance by live streaming and projecting gallery visitors onto an adjacent wall. Terms of Service considers the decentralized power inherent in digital infrastructure, specifically looking at the invisibility of elements that structure the internet, like terms of service agreements. Oppel is concerned that the invisibility of power on the internet can be used by corporations as a tool for exploitation. In this piece, she installed transparent acrylic sheets with quotes derived from terms of service contracts from Facebook and Instagram. These sheets only became visible from certain vantage points shaping the experience of visitors as they navigated the space of the gallery. One of the acrylic sheets states: “You give consent by entering the establishment”.

Reading Together by  Ronnie Clarke explores the impact that our devices have on our bodies, influencing our physicality and affecting how we move through space. Her work includes a VR headset constructed from cardboard, it displays text too close to read comfortably and causes you to spin around tilting your head back to try to read a full sentence. Accompanying the VR set is a film documenting Ronnie Clarke and a friend performing the body movements as directed by the text. The two do a strange disconnected dance, demonstrating through their bizarre movements a breakdown in communication as the performer’s body moves in a puppet-like jolted fashion.

It can be easy to forget that information communication technology depends on its capacity to extract information from users in the form of data. This process of data extraction is often not on the mind of users as we enjoy our devices, the terms of service are opaque, and the infrastructure that supports the internet’s function is invisible. Artists such as Sophia, Ronnie, Marlon, and Tommy offer fresh perspectives through embodied, multi sensory experience of the gallery. They create a ground for the public to engage in conversation around what it means to be a digital citizen, what power dynamics are at play in our online spaces and how we might take control of our digital lives.

(The music in the video is by Big Blood)

30.1: The Fight for Data Sovereignty

This blog series questions the risks that we’re willing to assume and examines the hazards that are present in the current information technology landscape. Although it’s never a one-size-fits-all situation, British Columbia’s current legal framework has a specific provision that affects everyone in the province. 

Why it matters

This year, there have been a few anecdotal reports of travellers from Canada being rejected at the United States’ border. These stories are often about how a person’s private activities affect their ability to travel freely; how information given at one location can be used at another.

While statistics from a recent report refutes that Canadians are being turned away in greater numbers, the political climate in the U.S. does demonstrate how our digital identities may impact our real lives. Can you imagine being rejected entry into the U.S. because of something you wrote on Facebook? How about something you wrote in a paper for a university course?

And in the world of big data, you don’t actually need to physically cross the border or publicly disclose your personal opinion for profiling to begin. Personal data is passively collected in staggering quantities and we don’t how or when it’s going to be used. But if you’re physically crossing the border, your devices are now subject search and seizure measures, which adds another layer of concern.

What we can do

So how do we keep ourselves safe amongst all this uncertainty? In British Columbia, we’re protected by the Freedom of Information and Protection of Privacy Act (FIPPA). This act mandates how public institutions treat our personal information. It gives B.C. residents the power to know what is being collected about them, where it is being stored, and how it is being used.

For example, when I enquired about what kinds of personal information are being collected through UBC’s Blackboard Connect, I used a provision in the FIPPA that allowed me to make a formal request for my data. Without the act, UBC wouldn’t have been compelled to provide me with that information. The act helps to ensure that public bodies are respecting the privacy of British Columbians.

The debate about 30.1

But there’s a provision within the act that has been under controversy: 30.1 is a specific section of the act which dictates that all personal information must be stored and accessed in Canada. The section went under review at the provincial legislature and compelling arguments were made on both sides.

UBC, along with other organizations and research universities in B.C., argue that 30.1 makes it difficult to compete on an international level and puts personal information at greater risk. Therefore, they say that 30.1 needs to be amended so that personal information can be stored in the U.S., provided that it’s encrypted. By amending 30.1, UBC and other research universities will have access to modern cloud computing services.

British Columbia is the only province in Canada with a data sovereignty provision like 30.1. So if amendments to the act are made, then personal information would flow into the U.S. and become subject to the Patriot Act. Suddenly, the opinion expressed in a political science paper could be used against you the next time you decide to cross the border—or it could be used in any number of ways that we won’t ever know about.

The next steps

Although the border scenario is pretty extreme, it’s not beyond the realm of possibility. It would take supercomputers years to un-encrypt this data, but they can do it. In the end, this is all about balancing risks: Is accessing new technology and tools worth the potential sacrifice to privacy? Last year, our former privacy commissioner and a special committee said that it wasn’t.

But proponents for amending the act argue that a change to 30.1 will allow us to use new tools and systems that encourage learning, improve the overall academic experience at UBC, and keep personal information safer through enhanced security measures. And they might be right.

Over the course of this blog series, I’m going to breakdown the arguments on both sides of the debate around 30.1 and explain the consequences and realities of data access and storage. When it comes to privacy, we each have to make up our own minds about what level of security is acceptable and understand that we’re exchanging it for the services that we receive.

Guerrilla Archiving

On December 17, 2016 The Faculty of Information at the University of Toronto hosted a Guerrilla Archiving Event to preserve American environmental data in preparation for the incoming President. There was concern leading up to the inauguration that the new administration under Trump would be hostile to evidence based environmental studies.  I had the pleasure of connecting with two integral pieces of the event, Patrick Keilty and Sam-Chin Li to discuss their roles in preserving environmental data that may have been lost.

The event, which took place on a Saturday afternoon in the Faculty’s Library, the Inforum, brought together people from various academic backgrounds concerned about the deletion of environmental data. Coders, environmental scientists, librarians and information professionals, as well as a number of volunteers gathered to participate in a hack-a-thon to save data from the EPA.

Initially participants highlighted all vulnerable programs and data on the United States Environmental Protection Agency (EPA) website for safekeeping. Then, those volunteers who were more technically skilled conducted web crawls, scraping that data and sending it to the Internet Archive’s End of Term Project. By the end of the day, thousands of URLs were sent to the Internet Archive including 192 at-risk programs and data sets. This event gained national and even worldwide recognition bringing attention to the concept of ‘guerrilla archiving’ and have encouraged many people to get involved.[1]

Guerrilla Archiving” is a relatively new term and essentially refers to archiving things that are political in nature. Patrick Keilty, Assistant Professor in the Faculty of Information at the University of Toronto (UofT) and one of the main organizers of the December event, believes that guerrilla archiving actions are inherently activist in nature and involve a grassroots element. Keilty notes however, that the procedures of guerilla archiving can vary, “There is normally not a found process for archiving the things we focused on. With the EPA, data would normally be subjected to a standard internet crawl but the fear is that some data, like that contained in spreadsheets, would be missed.”

Sam-Chin Li, the Reference/Government Publications Librarian at U of T and one of the event’s facilitators noted that, “Content on the Web is continually being updated, replaced, or lost so it is important to ensure the continued ability to access valuable content like government information, political candidates’ campaign websites and etc.” Guerrilla archiving is not just limited to the protection of data from the EPA but any organization where there is a real concern over data being lost.

Interested in getting involved? If so, check out the Environmental Data Governance Initiative (EDGI), which grew out of the Guerrilla Archiving Event at UofT. The EDGI contains resources, ways to participate, a digital toolkit, and a calendar of upcoming events. “While technical skills like knowledge of coding, are an asset they are not necessary,” Keilty explained. Above all else, research skills are desired. Knowing what to look for, what’s important to preserve, and what might be missed by standard web crawls is just as, if not more important, that having technical skills. Keilty’s advice, “Archive information you know about, or are passionate about.”  If Canadian contexts on the subject spark your interest, be sure to check out the Erasure of Information post by Bryan Short.

 

[1] UofT Preserving Environmental Data Ahead of Donald Trump Presidency

Toronto’s ‘Guerrilla’ Archivists to Help Preserve US Climate Data

UofT Head ‘Guerrilla Archiving Event” to Preserve Climate Data Ahead of Trump Presidency 

The Erasure of Information

Canadian scientists and academics are helping to secure endangered data in the United States.

Using lessons learned under Stephen Harper and the Conservative party’s administration—which saw the vast suppression of scientific communication and the destruction of data archives—Canadian scientists and academics are helping their neighbours to the south.

The new threat to information comes from Donald Trump and the Republican party’s administration in the United States. In an open letter to Prime Minister Justin Trudeau, Canadian scientists and academics write that “all life on earth now depends on maintaining efforts in environmental and related sciences.”

The Foreign Situation

University of Victoria environmental law professor, Chris Tollefson, says that the Trump administration poses a real risk the open scientific communication and is actively deleting scientific data, which “will undermine years of research in various areas.”

On President Trump’s Inauguration Day, the White House’s information page on climate change was deleted from the web and replaced with a statement about eliminating “harmful and unnecessary policies.”

The Canadian Context

This isn’t so different than what happened in Canada under Harper. The term libricide was invented to describe the destruction of invaluable data archives. Scientists were also unable to freely speak about their research without approval from government communication personnel.

A 2013 report called The Big Chill, reported the results of a survey that illustrated to the extreme nature of censorship under the Harper administration. According to Hakai magazine, nearly nine out of ten federal scientists said “that they couldn’t share their concerns about public safety or the environment without censure or retaliation.”

The Cross-Over

Gizmodo calls the situation in the United States “eerily reminiscent of attempts to suppress science in Canada during Stephen Harper’s tenure as Prime Minister.”

The the major concerns facing science in the United States are:

  1. Donald Trump’s anti-vaccination views
  2. Donald Trump denial of climate change (and temporarily banning all Environmental Protection Agency staff from talking with the media)
  3. And Donald Trump’s further measures to control scientific research and communications

The Future

Scott Dallimore, a Natural Resources Canada research scientists, says that the persistence of the Canadian media reporting on the issue of the muzzling of scientists in Canada helped to turn the tide in the 2015 Federal Election, which Harper’s Conservatives lost by a significant margin to Trudeau’s Liberals.

Michael Rennie, a former Canadian government scientist and current professor, has a blog called UnmuzzledScience that offers advice to scientists in the United States.

His major tips:

  1. Continue to educate the public, even if you need to do so anonymously
  2. Engage in collaborations across universities and preserve copies of data
  3. And get a personal email address

Encouragingly, a lot of this work has already begun. Check out Katie’s blog post about how Canadian academics are using a tactic called guerrilla archiving to preserve scientific data.

What do you think?

Do you see a threat to science in these examples of government intervention? How might the impact extend beyond science?

Let us know in the comments below.

 

 

 

Was this helpful?
60

Comments are closed, but trackbacks and pingbacks are open.