“Identity theft” law comes into force

You may know someone who has been a victim of identity theft. What you may not know is that, before today, police couldn’t charge fraudsters with “identity theft”. That changed when Bill S-4 was given Royal Assent by Parliament earlier today.

Thanks to the bill, titled An Act to amend the Criminal Code (identity theft and related misconduct), there are now three new Criminal Code offences related to identity theft:

• Obtaining and possessing identity information with the intent to use the information deceptively, dishonestly or fraudulently in the commission of a crime;
• Trafficking in identity information, an offence that targets those who transfer or sell information to another person with knowledge of, or recklessness as to, the possible criminal use of the information; and
• Unlawfully possessing or trafficking in government-issued identity documents that contain information of another person.

Before Bill S-4 came into effect, police had to use other Criminal Code provisions to target identity theft. Today’s development should help law enforcement officials attack a growing problem: the Canadian Council of Better Business Bureaus has estimated that identity theft may cost Canadians more than $2 billion annually.

Can you get sued for hyperlinking?

The number of cases involving Internet defamation seem to be growing every day. So too, are the number of related issues that businesses need to consider in relation to online activities. Case in point is the recent British Columbia Court of Appeal decision of Crookes v. Newton, where the court was asked if providing a hyperlink to another website containing defamatory comments constituted Internet defamation.

A key hurdle that claimants must prove in defamation lawsuits is that defendants “published” defamatory words. Internet defamation is no different, and in the Crookes case, the court concluded that providing a hyperlink does not necessarily equal the “publishing” of defamatory content. If a website simply provides a hyperlink, or describes a hyperlink’s content in a neutral manner, then according to the court in Crookes, the hyperlink is not adopting the offending words as its own and is not indirectly “publishing” them. However, if the linking website endorses the content of the hyperlink material or encourages the reader to click the hyperlink to the website that contains defamatory material, the defendant may be just as liable for defamation as the original author of the offending material.

The Crookes case provides useful guidance, but businesses should be reminded that each Internet defamation case will turn on its own specific facts, and factors that will be considered include the wording, tone and placement of hyperlinks. To help minimize the risk of being sued for the publication of defamatory comments, business owners should seek legal advice prior to hyperlinking to any potentially defamatory materials on the Internet.

Privacy vs. security in the Internet age

The Federal Government’s recent initiative to modernize law enforcement related legislation for the Internet age has (at least within law enforcement and privacy circles) once again propelled the issue of privacy vs. security to the forefront. The issues are incredibly important for Canadians, yet there has been little debate within the wider public. That being said, I’m pleased to read Ian MacLeod’s recent Ottawa Citizen article, which (even if you don’t agree with some of the points) does a good job of raising the issues in plain language. For a more technical analysis of the legal issues, you may want to read fellow blogger David Fraser’s post regarding the debate about warrantless access to ISP customer information.

The debate surrounding the “lawful access” legislation stems from real challenges affecting Canada’s law enforcement agencies and their need for access to personal information in the course of investigations. What is concerning, however, is the prospect of warrantless searches without judicial oversight. As a citizen in a free and democratic society, it troubles me to see any legislative initiative that could lead to investigations without appropriate checks and balances.  Privacy and security don’t need to be mutually exclusive. Let’s hope that through the upcoming Parliamentary Hearings on the “lawful access” legislation we see a balance emerge between privacy and security in such a way that empowers law enforcement agencies while preserving the judicial oversight that Canadians have come to rightfully expect in our society.

Another anonymous blogger outed

A widely reported and controversial issue these days relates the identification of anonymous bloggers (I’ve commented on this issue in previous posts). On point, Cook County (Illinois) Circuit Court Judge Jeffrey Lawrence has ordered the identification of an anonymous commenter.  According to the Daily Herald, Judge Lawrence has ruled that the Daily Herald and Comcast must reveal the identity of a person who posted a comment on dailyherald.com.

It seems that website operators are being increasingly asked, or ordered, to reveal the identity of  anonymous commentators or bloggers, many of whom have likely presumed that their identity would never be disclosed. However, Northwestern University law professor and First Amendment scholar Martin Redish tells the Daily Herald, “[a]ssume a worst-case scenario”. “Proceed on the assumption that your identity can be revealed.”

Americans are very fond of their First Amendment right to free speech (in Canada we call it Freedom of Expression). However, this right does not protect writers whose comments are defamatory. As I’ve said before, this is a rapidly emerging area of law and it’s becoming increasingly important to stay on top of developments.

Summer is over but “phishing” continues

BBC News is reporting that thousands of Hotmail accounts have been compromised in a phishing attack, which has reportedly affected at least 10,000 individuals.

Phishing involves identity thieves attempting to obtain personal information, such as user names, passwords and financial information, by pretending to be trustworthy organizations in need of such data.

Coincidentally, the Privacy Commissioner of Canada released her annual report today, which stresses the importance of making informed choices when sharing personal information online. The Privacy Commissioner reminds Canadians that there is a risk that unguarded personal information could be exploited by identity thieves. The Hotmail phishing attack, as well as the Privacy Commissioner’s annual report, should also remind businesses to remain vigilant in protecting their brands – or online reputations – from being damaged by identity thieves that use phishing attacks to exploit the well-earned trust that such businesses have built with their customers.