This blog series questions the risks that we’re willing to assume and examines the hazards that are present in the current information technology landscape. Although it’s never a one-size-fits-all situation, British Columbia’s current legal framework has a specific provision that affects everyone in the province.
Why it matters
This year, there have been a few anecdotal reports of travellers from Canada being rejected at the United States’ border. These stories are often about how a person’s private activities affect their ability to travel freely; how information given at one location can be used at another.
While statistics from a recent report refutes that Canadians are being turned away in greater numbers, the political climate in the U.S. does demonstrate how our digital identities may impact our real lives. Can you imagine being rejected entry into the U.S. because of something you wrote on Facebook? How about something you wrote in a paper for a university course?
And in the world of big data, you don’t actually need to physically cross the border or publicly disclose your personal opinion for profiling to begin. Personal data is passively collected in staggering quantities and we don’t how or when it’s going to be used. But if you’re physically crossing the border, your devices are now subject search and seizure measures, which adds another layer of concern.
What we can do
So how do we keep ourselves safe amongst all this uncertainty? In British Columbia, we’re protected by the Freedom of Information and Protection of Privacy Act (FIPPA). This act mandates how public institutions treat our personal information. It gives B.C. residents the power to know what is being collected about them, where it is being stored, and how it is being used.
For example, when I enquired about what kinds of personal information are being collected through UBC’s Blackboard Connect, I used a provision in the FIPPA that allowed me to make a formal request for my data. Without the act, UBC wouldn’t have been compelled to provide me with that information. The act helps to ensure that public bodies are respecting the privacy of British Columbians.
The debate about 30.1
But there’s a provision within the act that has been under controversy: 30.1 is a specific section of the act which dictates that all personal information must be stored and accessed in Canada. The section went under review at the provincial legislature and compelling arguments were made on both sides.
UBC, along with other organizations and research universities in B.C., argue that 30.1 makes it difficult to compete on an international level and puts personal information at greater risk. Therefore, they say that 30.1 needs to be amended so that personal information can be stored in the U.S., provided that it’s encrypted. By amending 30.1, UBC and other research universities will have access to modern cloud computing services.
British Columbia is the only province in Canada with a data sovereignty provision like 30.1. So if amendments to the act are made, then personal information would flow into the U.S. and become subject to the Patriot Act. Suddenly, the opinion expressed in a political science paper could be used against you the next time you decide to cross the border—or it could be used in any number of ways that we won’t ever know about.
The next steps
Although the border scenario is pretty extreme, it’s not beyond the realm of possibility. It would take supercomputers years to un-encrypt this data, but they can do it. In the end, this is all about balancing risks: Is accessing new technology and tools worth the potential sacrifice to privacy? Last year, our former privacy commissioner and a special committee said that it wasn’t.
But proponents for amending the act argue that a change to 30.1 will allow us to use new tools and systems that encourage learning, improve the overall academic experience at UBC, and keep personal information safer through enhanced security measures. And they might be right.
Over the course of this blog series, I’m going to breakdown the arguments on both sides of the debate around 30.1 and explain the consequences and realities of data access and storage. When it comes to privacy, we each have to make up our own minds about what level of security is acceptable and understand that we’re exchanging it for the services that we receive.
People said…