Week of 2025-03-24
Ford government ordered to dig deeper for possible traces of premier's office direction of Greenbelt removals
Charlie Pinkerton | The Trillium
Ontario’s Housing Ministry has been ordered to conduct a deeper search for any records that might show the Premier’s Office directed the removal of land from the Greenbelt. The directive comes from the Information and Privacy Commissioner’s Office, which suspects such records likely exist despite previous denials. The ministry must now submit an affidavit detailing its search process, clarify if any records were destroyed, and explain any gaps. This follows broader investigations, including an ongoing RCMP probe and the resignation of Housing Minister Steve Clark in 2023. The Ford government has since reversed its Greenbelt decision, but scrutiny over its handling of the issue continues.
JFK assassination files have been released on Trump’s order
Jaime Stengle | Global News
On March 18, 2025, the U.S. National Archives released over 63,000 pages of documents related to the 1963 assassination of President John F. Kennedy, following an executive order by President Donald Trump. This release aims to enhance public understanding of the events surrounding Kennedy's assassination. The documents include CIA communications and memos discussing Lee Harvey Oswald's interactions with Soviet and Cuban embassies in Mexico City, as well as investigations into potential Cuban involvement in the assassination. While these records provide additional context to the historical narrative, they do not substantiate longstanding conspiracy theories suggesting a broader plot beyond Oswald's actions.
As Above Doesn’t Have to Be Below: States Should Be a Counterweight to Eroding Federal Transparency
Kabbas Azhar | Epic
In a recent analysis, the Electronic Privacy Information Center (EPIC) highlights a growing crisis in federal transparency, emphasizing the need for states to serve as counterweights by enhancing their own public records laws. While the Freedom of Information Act (FOIA) was established to promote an informed citizenry and governmental accountability, challenges such as extensive backlogs and broad exemptions have hindered its effectiveness. Compounding these issues, reductions in the federal workforce have further strained transparency efforts. EPIC observes that some state legislatures are retreating from openness by imposing restrictive measures and prohibitive fee structures. To address this, EPIC advocates for state-level reforms, including implementing fee caps and proactive disclosure policies, to ensure greater public access to information and uphold democratic principles.
Artificial Intelligence and National Defence: A Strategic Foresight Analysis
Alex Wilner | Ryan Atkinson | CIGI
The Centre for International Governance Innovation (CIGI) has published a paper titled "Artificial Intelligence and National Defence: A Strategic Foresight Analysis," authored by Alex Wilner and Ryan Atkinson. This analysis explores the evolving role of strategic foresight in Canada and other Five Eyes nations—the United States, the United Kingdom, Australia, New Zealand, plus the Netherlands—focusing on the integration of artificial intelligence (AI) into national defence strategies. Utilizing methods such as horizon scanning and scenario planning, the paper examines the dual nature of AI, highlighting both the opportunities and challenges it presents, including the proliferation of deepfake technology and cyberthreats. The authors emphasize the importance of proactive regulatory measures and international cooperation to mitigate risks and harness AI's potential to enhance security policies. They advocate for robust legislative frameworks and the application of strategic foresight to navigate the complexities of AI in defence and security contexts.
Spain to impose massive fines for not labelling AI-generated content
Reuters
Spain's government has approved a bill imposing significant fines on companies that fail to properly label AI-generated content, aiming to curb the spread of "deepfakes." Non-compliance is classified as a "serious offence," with penalties reaching up to €35 million or 7% of the company's global annual turnover. The legislation aligns with the European Union's AI Act, enforcing strict transparency obligations on high-risk AI systems. Additionally, the bill prohibits manipulative practices, such as using subliminal techniques to influence vulnerable groups, and bans classifying individuals through biometric data for assessing behavior or risk. Enforcement will be overseen by Spain's newly established AI supervisory agency, AESIA.
Half a million people impacted by Pennsylvania State Education Association data breach
Jonathan Greig | The Record
In July 2024, the Pennsylvania State Education Association (PSEA) experienced a cyberattack compromising the personal data of over 500,000 individuals, including names, Social Security numbers, and financial information. The Rhysida ransomware gang claimed responsibility in September 2024, demanding a ransom of 20 Bitcoin (approximately $1.12 million at the time) to prevent data exposure. PSEA has offered affected individuals complimentary credit monitoring and identity restoration services. The breach underscores the critical need for robust cybersecurity measures within educational organizations to protect sensitive information.
Albania starts turning off TikTok amid concern over youth violence
Reuters
In December 2024, the Albanian government announced a one-year ban on TikTok, citing concerns that the platform was contributing to youth violence and bullying. This decision followed a tragic incident in November 2024, where a 14-year-old boy was fatally stabbed by a fellow student after disputes that began on social media. The ban officially took effect on March 13, 2025, with users reporting difficulties accessing TikTok via web browsers and anticipating further restrictions on the app itself. The National Authority for Cybersecurity (AKSK) has mandated all internet service providers to enforce this ban. While the government asserts this measure is to protect children, critics argue it infringes on freedom of expression and amounts to censorship.
Amazon is removing an Echo privacy setting that keeps Alexa recordings from the company
Anthony Robledo | USA Today
Amazon is updating its Alexa privacy settings, impacting users of Echo Dot 4th Gen, Echo Show 10, and Echo Show 15 devices. Starting March 28, 2025, the "Do Not Send Voice Recordings" feature will be discontinued, meaning all voice commands will be processed in Amazon's cloud servers to support new generative AI capabilities. Amazon assures users that these recordings will be deleted after processing and emphasizes that only a small percentage of users currently utilize this feature. However, this change has raised privacy concerns among users, prompting some to consider alternative devices that prioritize data security.
Back to cash: life without money in your pocket is not the utopia Sweden hoped
Miranda Bryant | The Guardian
Sweden's rapid shift towards a cashless society, with only one in ten purchases made using cash, has prompted concerns about national security and societal resilience. In response, the Swedish Defence Ministry distributed a brochure titled "If Crisis or War Comes," advising citizens to keep at least a week's worth of cash in various denominations to enhance preparedness. The Swedish central bank has also emphasized the need to strengthen cash infrastructure to ensure functionality during crises. This reassessment underscores the importance of maintaining cash availability alongside digital payment systems to safeguard against potential disruptions.
Report: Central Bank Digital Currency: What it is and how it could impact privacy, security, and anonymity
Privacy & Access Council of Canada
A recent report by the Justice Centre for Constitutional Freedoms, in collaboration with Sharon Polsky, President of the Privacy & Access Council of Canada, examines the potential implications of adopting a Central Bank Digital Currency (CBDC) in Canada. The report raises concerns that a CBDC could enable unprecedented government surveillance of financial transactions, potentially infringing on Canadians' privacy, autonomy, and access to economic participation. It highlights that, without robust legislative protections and oversight, a CBDC might allow authorities to monitor purchases, donations, and investments, thereby exerting control over individual behaviors deemed undesirable by the government. The authors advocate for maintaining cash as a safeguard against such risks and call for comprehensive public discourse and legislative measures to protect citizens' rights in the face of digital currency initiatives.
U.S. Senate Introduces Genomic Data Protection Act
Libbie Canter | Elizabeth Brim | Natalie Maas | Covington
On March 5, 2025, Senators Bill Cassidy (R-LA) and Gary Peters (D-MI) introduced the Genomic Data Protection Act (GDPA), aiming to enhance privacy protections for individuals' genomic information. This bipartisan bill seeks to regulate direct-to-consumer genomic testing companies by granting consumers rights to access and delete their genomic data, as well as request the destruction of biological samples. It also mandates clear and conspicuous notices about data usage and requires companies to inform consumers in the event of mergers or acquisitions. The GDPA reflects growing concerns over genetic privacy and aligns with efforts at both federal and state levels to safeguard sensitive personal information.
India's Apollo Hospitals bets on AI to tackle staff workload
Rishika Sadam | Reuters
Apollo Hospitals, one of India's largest healthcare providers with over 10,000 beds, is increasing its investment in artificial intelligence (AI) to alleviate the workload of its medical staff. The hospital has allocated 3.5% of its digital budget to AI over the past two years and plans to raise this investment further. The goal is to free up two to three hours daily for doctors and nurses by automating routine tasks such as medical documentation, transcribing doctors' observations, generating discharge summaries, and creating daily schedules from nurses' notes. Additionally, Apollo is developing an AI tool to assist clinicians in prescribing the most effective antibiotics. This initiative aims to reduce the workload on nurses, addressing a 25% attrition rate that is expected to rise to 30% by the end of fiscal 2025.
Paragon Spyware Tool Linked to Canadian Police, Watchdog Says
Ryan Gallagher | Financial Post
A recent report by the Citizen Lab at the University of Toronto has uncovered potential links between the Ontario Provincial Police (OPP) and Paragon Solutions, an Israeli firm known for its military-grade spyware, Graphite. This revelation raises concerns about the extent of spyware usage by Canadian law enforcement agencies. The OPP has stated that any interception of private communications requires judicial authorization and is conducted in compliance with Canadian laws. However, the findings highlight a growing ecosystem of surveillance tools within Ontario's police services, prompting calls for legal reforms to address associated security and human rights risks.
Will Alberta have a new privacy law before the federal government?
Melika Mostowfi | Dentons Data
Alberta is moving toward a major overhaul of its Personal Information Protection Act (PIPA), with a 2025 legislative report recommending updates to align with global privacy standards. Proposed changes include stronger protections for minors, clearer consent rules, limits on the use and sale of de-identified data, and new transparency obligations around automated decision-making. The reforms would also grant Alberta’s Information and Privacy Commissioner enhanced enforcement powers, including the ability to issue administrative monetary penalties. These developments come as Canada’s federal Bill C-27 remains stalled in Parliament, raising the possibility that Alberta could enact its modernized privacy law ahead of federal legislation. If passed, Alberta would become a national leader in digital privacy reform.
Toronto doubling number of speed cameras on its streets — and hopes they won't bring in money
Ethan Lang | CBC News
Toronto is set to double its number of automated speed enforcement (ASE) cameras from 75 to 150 by mid-April 2025. This initiative aims to enhance road safety by targeting areas with high incidences of speeding and collisions. Of the new cameras, 25 will be permanently installed on poles, while the remaining 50 will rotate locations every three to six months within designated community safety zones. The city has posted warning signs 90 days in advance, as required, to inform drivers of the upcoming installations. Transportation Services General Manager Barbara Gray emphasized that these cameras have effectively reduced speeding in problematic areas, thereby decreasing the risk of serious injuries and fatalities.
More States Propose Privacy Laws Safeguarding Neural Data
Linda K. Clark | Carson Martinez | Morrison Forester
Several U.S. states are advancing legislation to protect neural data, which encompasses information derived from the activity of an individual's nervous system. Following the lead of Colorado and California, states like Connecticut, Illinois, and Massachusetts have introduced bills to regulate the collection and processing of neural data. For instance, Connecticut's SB 1356 proposes classifying neural data as sensitive under its consumer privacy law, requiring explicit consent for its processing. Similarly, Illinois's HB 2984 seeks to amend the Biometric Information Privacy Act (BIPA) to include neural data, imposing stringent notice and consent requirements. These initiatives reflect a growing recognition of the need to safeguard neural data amid rapid advancements in neurotechnology.
OCDSB seeking court order in bid to unmask anonymous 'redditor'
David Fraser | CBC News
The Ottawa-Carleton District School Board (OCDSB) is seeking a court order to compel Reddit to disclose the identity of an anonymous user accused of posting defamatory comments about staff at Pinecrest Public School. The board alleges that these posts were intended to defame employees, though these claims have not been proven in court. Reddit contends that revealing the user's identity would undermine its commitment to user anonymity, a core aspect of its platform. The case highlights the tension between protecting anonymous online speech and addressing potential defamation. Legal experts suggest the court will need to balance the public interest in safeguarding anonymous expression against the board's need to protect its staff from alleged defamation.
Doug Ford appoints new education, housing, mines ministers in cabinet shakeup
Charlie Pinkerton | Sneh Duggal | Jessica Smith Cross | The Trillium
Ontario Premier Doug Ford has announced a cabinet shuffle, appointing Paul Calandra as the new Minister of Education and Rob Flack as the Minister of Municipal Affairs and Housing. Calandra, who previously held the housing portfolio, is recognized for his assertive approach during the Greenbelt controversy, where he reversed several policies of his predecessor. Flack, the MPP for Elgin—Middlesex—London, brings experience as a farmer and businessman to his new role. This reshuffle reflects the government's focus on addressing challenges in education and housing amid ongoing economic uncertainties.
Clearview AI and Compliance with Canadian Privacy Laws
Teresa Scassa
In December 2024, the BC Supreme Court upheld an order from the province’s Privacy Commissioner requiring Clearview AI to comply with Canadian privacy laws. The U.S.-based company had scraped billions of images from the internet to build a facial recognition database, which it marketed to law enforcement agencies, including some in Canada. Canadian privacy authorities found this violated laws by collecting and using personal data without consent for inappropriate purposes. Clearview argued that Canadian laws didn’t apply due to its U.S. location, but the court ruled that its activities had a substantial connection to Canada, triggering legal obligations. The decision reinforces that foreign tech companies must respect Canadian privacy laws when dealing with Canadians’ personal data.
Server encryption that makes data inaccessible is a privacy breach, even without access or exfiltration
Jaime Cardy | Dentons Data
In Privacy Complaint Report MR21-00090, the Information and Privacy Commissioner of Ontario (IPC) determined that ransomware attacks encrypting personal information, thereby rendering it inaccessible to authorized users, constitute an unauthorized "use" under the Municipal Freedom of Information and Protection of Privacy Act (MFIPPA). This interpretation aligns with earlier IPC decisions under the Personal Health Information Protection Act (PHIPA) and the Children, Youth and Family Services Act (CYFSA), where encryption alone, without evidence of data exfiltration, was deemed a privacy breach. The case involved the Sault Ste. Marie Police Service, whose servers were encrypted by a ransomware attack, leading the IPC to conclude that such incidents trigger privacy breach notification obligations, even absent evidence of data access or theft.
Québec’s privacy regulator prohibits retailer’s use of facial recognition for loss prevention
François Joli-Coeur | Joanna Fine | Andy Nagy | Gregory Corosky | Osler
On February 18, 2025, the Commission d’accès à l’information du Québec (CAI) issued a decision prohibiting a major grocery and pharmacy retailer from using facial recognition technology (FRT) for loss prevention purposes. The CAI found that the retailer's implementation of FRT violated Québec's Act Respecting the Protection of Personal Information in the Private Sector, as the collection and use of biometric data without explicit customer consent were deemed excessive and intrusive. This ruling underscores the CAI's commitment to safeguarding individual privacy rights and sets a precedent for the regulation of biometric surveillance technologies in retail environments within Québec.
US lawmakers urge UK spy court to hold Apple ‘backdoor’ secret hearing in public
Zack Whittaker | Tech Crunch
A group of bipartisan U.S. lawmakers, including Senators Ron Wyden and Alex Padilla, along with Representatives Zoe Lofgren, Andy Biggs, and Warren Davidson, have urged the U.K.'s Investigatory Powers Tribunal (IPT) to conduct public hearings on Apple's challenge to a secret government order. This order reportedly compels Apple to create a "backdoor" in its iCloud encryption, granting U.K. authorities access to user data. The lawmakers contend that such transparency is essential for public discourse and oversight, emphasizing that the order infringes upon constitutionally protected speech and hampers their ability to perform congressional duties. In response to the order, Apple has allegedly withdrawn its Advanced Data Protection feature from U.K. customers to avoid compliance. The IPT is scheduled to hear the case in a closed session, a move that has drawn criticism from various civil rights organizations advocating for open proceedings.
UK sets timeline for country’s transition to quantum-resistant encryption
Daryna Antoniuk | The Record
The UK’s National Cyber Security Centre (NCSC) has issued guidance urging organizations to begin transitioning to quantum-resistant cryptographic algorithms in anticipation of future threats from quantum computing. These powerful computers could eventually break current encryption methods, endangering sensitive data across sectors like finance, healthcare, and telecommunications. The NCSC recommends a phased migration, with organizations assessing systems by 2028, prioritizing upgrades by 2031, and completing transitions by 2035. Early preparation is essential to avoid disruptions and maintain cybersecurity resilience. The guidance highlights the growing urgency to adopt post-quantum cryptography (PQC) before quantum capabilities become practically viable.
DOJ to appeal court decision ruling broad cell phone tower searches are unconstitutional
Suzanne Smalley | The Record
The U.S. Department of Justice (DOJ) plans to appeal a recent court ruling that deemed broad cell tower data searches unconstitutional. On February 21, 2025, U.S. Magistrate Judge Andrew Harris refused to authorize search warrants for "tower dumps," which involve collecting data from all devices connected to specific cell towers during certain periods. Judge Harris determined that such practices violate the Fourth Amendment's protection against unreasonable searches, likening the approach to searching for a needle by seizing the entire haystack. This decision challenges a common law enforcement technique used to identify suspects by analyzing large sets of location data. The DOJ's appeal indicates the government's intent to defend the use of tower dumps in criminal investigations.
Hackers know half of passwords entered online, Cloudflare finds
Ernestas Naprys | Cyber News
A recent analysis by Cloudflare reveals that 41% of successful logins to online services involve the use of compromised passwords. This widespread reuse of breached credentials significantly heightens the risk of unauthorized account access and account takeover (ATO) attacks. The study also found that 95% of login attempts using leaked passwords are executed by bots, indicating a high prevalence of credential-stuffing attacks. To mitigate these risks, it's crucial to employ unique, strong passwords for each account and implement multi-factor authentication (MFA) wherever possible. Utilizing a password manager can assist in generating and securely storing complex passwords, thereby enhancing overall cybersecurity.
U.S. federal workers clamp down on their communications in climate of DOGE-induced fear
Sylvia Thomson | CBC News
In early 2025, the Department of Government Efficiency (DOGE), led by Elon Musk under President Donald Trump's administration, initiated efforts to dismantle the U.S. Agency for International Development (USAID). This move involved accessing USAID's systems without proper security clearances, leading to significant disruptions in the agency's operations. On February 3, 2025, Musk announced the shutdown of USAID, resulting in staff being locked out of their systems and operations halted. These actions drew criticism from various quarters, including former USAID administrators, who questioned Musk's understanding of international development. Subsequently, on March 18, 2025, U.S. District Judge Theodore Chuang issued a preliminary injunction, ruling that the dismantling of USAID was likely unconstitutional and ordering the restoration of employees' access to their systems.
