Evidence of meeting #134 for Access to Information, Privacy and Ethics in the 42nd Parliament, 1st Session. (The original version is on Parliament’s site, as are the minutes.) The winning word was facebook.
A recording is available from Parliament.
Associate Professor, Parsons School of Design, The New School, As an Individual
I can relate that to my home state of New York. A major telecom cable provider, as a condition of a merger, was supposed to provide broadband services to rural areas in the state of New York, but failed to do so. The state threatened to kick this provider out of the state if they did not comply. It comes down to enforcement. When you give these companies privileges, they need to pay back.
Conservative
The Chair Conservative Bob Zimmer
Thank you. We have three five-minute rounds here.
We'll start with Mr. Saini, Ms. Vandenbeld, and then Mr. Erskine-Smith to finish.
Go ahead, Mr. Saini.
Liberal
Raj Saini Liberal Kitchener Centre, ON
Mr. Carroll, I have a quick question for you.
You brought up the past. I thought we had studied and finished the Cambridge Analytica study. You prompted one question for me. I still have not received an answer.
Facebook claims the data was deleted. Cambridge Analytica has claimed that they were asked to delete the data, and it was deleted. Do we have any confirmation that this data has been deleted?
Associate Professor, Parsons School of Design, The New School, As an Individual
We have no confirmation yet that the data has been deleted. The information—
Liberal
Raj Saini Liberal Kitchener Centre, ON
We don't yet know whether 50-million Facebook profiles been deleted.
Associate Professor, Parsons School of Design, The New School, As an Individual
Correct.
I can say that just last week at the Sundance Film Festival, a documentary on Netflix premiered. I think some members of this committee are in the film, because the DCMS committee is featured prominently. A former employee featured in the film shows evidence that Facebook-like data was still being pitched to clients after they claimed it was deleted.
We're still seeing evidence bubble up that there haven't been truthful statements. That's why it's not over yet.
Liberal
Raj Saini Liberal Kitchener Centre, ON
The reason I suggest this is that.... As you know, Cambridge Analytica closed down in London. The corporate entities have disassembled, in one way or another, and have been recreated with the same players, but with different names. Really, those 50-million profiles are still out there, and companies can still harvest that information. Not only that, they can still build on the information they have. Is that true?
Associate Professor, Parsons School of Design, The New School, As an Individual
Yes. I have seen concerns dealing with the insolvency proceedings. Mr. Vickery has also shown me forensic evidence that adds to your concerns.
Liberal
Raj Saini Liberal Kitchener Centre, ON
The other question I have is this. We've talked a lot about data breaches. I just want to change the conversation, in a way. I think our outlook has been that we have to prevent data breaches, but I don't think you'll ever be able to prevent a data breach. I don't care what the entity is, whether it's government or private corporations. Private corporations that have immense wealth are still prone to data breaches.
Is it not better for us to think about different ways? Either we can increase the penalties for those people.... Sometimes, these are non-state actors, and they're outside our jurisdiction—I get that, but in many ways, we can increase the penalties, and more importantly, also maybe diversify the information.
Part of the study is the digital government piece. In Estonia, the data is not held in one database. It's held in multiple databases, and there's an X-Road that connects everything. If you penetrate one aspect of that, you are not going to get the complete information.
Is that a different way to be thinking about things? Eventually, whether this year or next year, we're going to have to come up with some solution. Technology cannot be stopped. We cannot stop citizens from utilizing services. We can't go back to paper and pencil. Either we're going to have to manage the problem or figure out how to limit the damage when a problem occurs. What's your thought on that?
Associate Professor, Parsons School of Design, The New School, As an Individual
I think that enforcing transparency in the system is a first important step, giving people this right of access that, when they exercise it, will lift the veil off the black box. I mean that beyond just getting your data, but also the confidence values of predictions—what Chris is talking about, the way our data gets put into data models, then applied to other things and all that stuff requiring transparency.
Related to that, liability for data collection would then reduce the amassing and consolidation of it. As we've discussed here, the fact that two companies have amassed such massive profiles gives them their outsized power.
Liberal
Raj Saini Liberal Kitchener Centre, ON
This is something that I think people may not completely understand. When government begins to get into the data collection business, it becomes a competitor of the private data collection business. How do we make sure private entities are part of the solution, as opposed to interfering, impugning or trying to minimize the...? Data collection is king, as you know. When the government starts to collect data—data that maybe private companies don't have access to, such as private health records—how do we make sure that the private sector is part of the solution, as opposed to being competitive?
Associate Professor, Parsons School of Design, The New School, As an Individual
The incentives are quite different between a private entity that is trying to monetize data and a government entity that is trying to provide services that are not directly linked to the monetization. You pay your taxes, and you get services, as opposed to your data being used to merchandise your attention. There are technical issues that need to be discussed, but it's hard to equate these two different directionalities with each other.
Liberal
Raj Saini Liberal Kitchener Centre, ON
There's going to have to be a point where there's a nexus, where the private sector will have to reveal some information to the government, because, if you hold a bank account or you hold some other financial information at an institution, and the government requires you to fill out your tax form, then there has to be some way of connecting pieces from both the public sector and the private sector.
February 5th, 2019 / 5:15 p.m.
Associate Professor, Parsons School of Design, The New School, As an Individual
Yes, it's weird in the United States. The Internal Revenue Service knows all of our transactions and could do our taxes for us; they're just not allowed to. I think there are interesting ways this does play out, yes.
Conservative
Liberal
Anita Vandenbeld Liberal Ottawa West—Nepean, ON
Thank you for some very good information.
I want to visit this idea of ownership and right of access, building on the idea of government having very different incentives of providing services, not monetizing. On ownership of data, if it's a company or a political party, and you say you'd like this deleted, then it's easy for us to see why they would have to delete your data. If you want to look at your criminal record or your CRA file or something like that, obviously the citizen doesn't have the same kind of right to delete, amend, change or even to see everything that's there. We're looking at a very different kind of circumstance when we're looking at government collecting data. I wanted to put that to you.
Mr. Vickery especially, you were the one who said that the only way you can have ownership of data is if databases are not talking to each other. You also mentioned translating between databases, but government is doing that all the time, or at least that's something that would be proposed if we had this kind of system.
How do you see those kinds of privacy rules, ownership, consent and right of access in the context of digitized government?
I'll start with Mr. Carroll and then Mr. Vickery, if you want to add anything.
Associate Professor, Parsons School of Design, The New School, As an Individual
The right of access definitely needs specific exemptions on the government side, but I would also bring up another necessary exemption, which is to protect journalism and journalists. I think there is GDPR to an extent, but the idea is that journalists need to protect sources, and an opponent of a story could reveal a source inadvertently through the subject access request. You have to be very thoughtful about where you carve out these privileges and responsibilities, and they exist in the private sector in certain ways and definitely in the government sector.
I think you can definitely take a default position that transparency is desirable, so it's about where transparency does not work rather than looking for transparency opportunities.
Liberal
Associate Professor, Parsons School of Design, The New School, As an Individual
Privileges, yes.
