This morning, I received a realistic looking message appearing to be from our hosting provider (linode) which was trying to convince me to send out my credit card information. Titled... "Linode Support Ticket 13142320 - Other - Account Limit reached. Please open a support ticket." This may even be more of a "spear phishing" thing as it it was broadly personalized to me, as I help manage the GTALUG account at linode. Something was looking suspicious about the URL... http://login.linode.com.login.return.to.https.21354545.paulinasfriends.com -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"
I got a message from someone phishing as UPS. The interesting thing was that I was expecting a package on the same day from Amazon. I do not get a lot of UPS tagged spam and this one was written to slide through as a plain text message with a word document attached. The closeness to an Amazon delivery makes me wonder if someone has access to Amazon delivery information. On 12/16/19 2:04 PM, Christopher Browne via talk wrote:
This morning, I received a realistic looking message appearing to be from our hosting provider (linode) which was trying to convince me to send out my credit card information. Titled... "Linode Support Ticket 13142320 - Other - Account Limit reached. Please open a support ticket."
This may even be more of a "spear phishing" thing as it it was broadly personalized to me, as I help manage the GTALUG account at linode.
Something was looking suspicious about the URL... http://login.linode.com.login.return.to.https.21354545.paulinasfriends.com -- When confronted by a difficult problem, solve it by reducing it to the question, "How would the Lone Ranger handle this?"
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
Alvin Starr via talk <talk@gtalug.org> writes:
I got a message from someone phishing as UPS. The interesting thing was that I was expecting a package on the same day from Amazon. I do not get a lot of UPS tagged spam and this one was written to slide through as a plain text message with a word document attached. The closeness to an Amazon delivery makes me wonder if someone has access to Amazon delivery information.
Interesting. But on 29 August my "Bank A" accounts were cleaned out leaving $1 in each of 2 accounts. Account "Bank A-2" has an overdraft given (ie Never requested) many years ago. "Bank A-2" including the overdraught accomodation were transferred into "Bank A-1" where the total balance apart from the $1 was Interac transferred to some recreant presumably with a throwaway account elsewhere in Canada. "Bank A" accounts are a sort of imprest accounts where I transfer in only enough to cover my monthly expenditures plus a couple of hundred for impulse items. "Bank B", my "main" bank luckily was not affected Some time later "Bank A" rectified the situation by reversing the fraudulent entries. But what they did not do was reverse the 10 NSF charges at $48 each leaving me $480 out of pocket before I could use "Bank B" to cover deficiencies. No banking information is stored on any user agent and bank contact on my iPhone is voice or digitally authenticated. However, recently, I got a letter from a corporation called "Financeit" who admitted to a security breach on August 26 and 27 but that only Loan Applicants were affected. I've never applied for a loan, am quite recently arrived in Canada from Portugal, and in any instance was 80 years old yesterday which I surmise might preclude anyone advancing me money even if I had applied. The closeness of the dates of the security breach and the defalcation of my funds makes me wonder. And adding insult to injury, a second page accompanying the Financeit confession/apology is blatant SPAM to sign up for their "Protection" service. It's a good job I retain a sense of humour. -- William Henderson aka Slackrat http://billh.sdf.org/slackware.jpg 9HS5203 ON HamSphere Ham Radio
On 12/16/19 3:48 PM, Slackrat wrote:
Alvin Starr via talk <talk@gtalug.org> writes:
I got a message from someone phishing as UPS. The interesting thing was that I was expecting a package on the same day from Amazon. I do not get a lot of UPS tagged spam and this one was written to slide through as a plain text message with a word document attached. The closeness to an Amazon delivery makes me wonder if someone has access to Amazon delivery information.
Interesting.
But on 29 August my "Bank A" accounts were cleaned out leaving $1 in each of 2 accounts. Account "Bank A-2" has an overdraft given (ie Never requested) many years ago. "Bank A-2" including the overdraught accomodation were transferred into "Bank A-1" where the total balance apart from the $1 was Interac transferred to some recreant presumably with a throwaway account elsewhere in Canada.
[snip] and should be replaced by a video of puppies playing because we need something to make us smile.
And adding insult to injury, a second page accompanying the Financeit confession/apology is blatant SPAM to sign up for their "Protection" service.
It's a good job I retain a sense of humour.
If your a Bell customer then you could have lost your key information there. A number of years ago I was on the phone with some guy in a Bell call center who asked me for my Social Insurance Number for verification purposes. I was completely freaked since to my knowledge a SIN should not be used for any identifying purposes by anybody other than the government. Tracking back many years before I bought a cell phone(brick like thing) and it required a credit check and they kept my details on file for anybody in the support dept to access. So you can be reasonable and careful but still get screwed over by one of the big careless corporations we need to deal with on a daily basis. But I'm not bitter. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, 16 Dec 2019 16:14:49 -0500 Alvin Starr via talk <talk@gtalug.org> wrote:
So you can be reasonable and careful but still get screwed over by one of the big careless corporations we need to deal with on a daily basis.
But I'm not bitter.
CBC on social engineering: https://www.cbc.ca/news/technology/marketplace-social-engineering-sim-swap-h... -- Howard Gibson hgibson@eol.ca jhowardgibson@gmail.com http://home.eol.ca/~hgibson
On 12/16/19 4:23 PM, Howard Gibson via talk wrote:
On Mon, 16 Dec 2019 16:14:49 -0500 Alvin Starr via talk <talk@gtalug.org> wrote:
So you can be reasonable and careful but still get screwed over by one of the big careless corporations we need to deal with on a daily basis.
But I'm not bitter. CBC on social engineering: https://www.cbc.ca/news/technology/marketplace-social-engineering-sim-swap-h...
This sums up my thoughts on social engineering pretty well: https://xkcd.com/538/ It's clearly the easier way to hack most systems, Nick
On 2019-12-16 04:14 PM, Alvin Starr via talk wrote:
and it required a credit check and they kept my details on file for anybody in the support dept to access.
That's illegal. The SIN can only be asked for things relating to income tax, Canada Pension, etc.. This could include investments that require reporting to Revenue Canada. Credit checks are flat out illegal use of SIN. BTW, my ex worked for Revenue Canada, income tax collections.
On 12/16/19 4:59 PM, James Knott via talk wrote:
On 2019-12-16 04:14 PM, Alvin Starr via talk wrote:
and it required a credit check and they kept my details on file for anybody in the support dept to access.
That's illegal. The SIN can only be asked for things relating to income tax, Canada Pension, etc.. This could include investments that require reporting to Revenue Canada. Credit checks are flat out illegal use of SIN.
BTW, my ex worked for Revenue Canada, income tax collections.
That it what I thought. I took it up with the privacy commissioner and the response was( paraphrasing here ). Bell said "Trust us. We know what we are doing" and that's ok by us. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Mon, Dec 16, 2019 at 9:17 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 12/16/19 4:59 PM, James Knott via talk wrote:
On 2019-12-16 04:14 PM, Alvin Starr via talk wrote:
and it required a credit check and they kept my details on file for anybody in the support dept to access.
That's illegal. The SIN can only be asked for things relating to income tax, Canada Pension, etc.. This could include investments that require reporting to Revenue Canada. Credit checks are flat out illegal use of SIN.
BTW, my ex worked for Revenue Canada, income tax collections.
That it what I thought. I took it up with the privacy commissioner and the response was( paraphrasing here ).
Bell said "Trust us. We know what we are doing" and that's ok by us.
Maybe time to remind the commissioner of what their job is?
On 2019-12-16 10:35 PM, o1bigtenor via talk wrote:
That's illegal. The SIN can only be asked for things relating to income tax, Canada Pension, etc.. This could include investments that require reporting to Revenue Canada. Credit checks are flat out illegal use of SIN.
BTW, my ex worked for Revenue Canada, income tax collections.
That it what I thought. I took it up with the privacy commissioner and the response was( paraphrasing here ).
Bell said "Trust us. We know what we are doing" and that's ok by us.
Maybe time to remind the commissioner of what their job is?
Here's what the government says: https://www.canada.ca/en/employment-social-development/programs/sin/protect....
well, a comment. On Mon, 16 Dec 2019, James Knott via talk wrote:
Here's what the government says: https://www.canada.ca/en/employment-social-development/programs/sin/protect....
That is a fine resource. it stateshowever that while the practice of asking for a SIN in private company sectors is strongly discouraged, it is not illegal. Which is a dreadful shame, because I have encountered more than my share of real estate agents who refuse services if not given a sin. What is more, I know first hand from a bell Senior corporate staff member that at least for a while bell used the request to screen out mobile applicants who were not Canadian Citizens. I wonder why, especially in this data stealing age, the practice is not firmly against the law? Kare ---
On Mon, Dec 16, 2019 at 10:52 PM Karen Lewellen via talk <talk@gtalug.org> wrote:
well, a comment.
On Mon, 16 Dec 2019, James Knott via talk wrote:
Here's what the government says: https://www.canada.ca/en/employment-social-development/programs/sin/protect....
That is a fine resource. it stateshowever that while the practice of asking for a SIN in private company sectors is strongly discouraged, it is not illegal. Which is a dreadful shame, because I have encountered more than my share of real estate agents who refuse services if not given a sin. What is more, I know first hand from a bell Senior corporate staff member that at least for a while bell used the request to screen out mobile applicants who were not Canadian Citizens. I wonder why, especially in this data stealing age, the practice is not firmly against the law?
LIkely because the boffins like the data slurp - - - yes?
| From: Karen Lewellen via talk <talk@gtalug.org> | That is a fine resource. it stateshowever that while the practice of asking | for a SIN in private company sectors is strongly discouraged, it is not | illegal. | Which is a dreadful shame, because I have encountered more than my share of | real estate agents who refuse services if not given a sin. Real-estate agents now have FINTRAC obligations. Perhaps they need a SIN for that. <https://www.fintrac-canafe.gc.ca/guidance-directives/transaction-operation/indicators-indicateurs/real_mltf-eng> | What is more, I know first hand from a bell Senior corporate staff member that | at least for a while bell used the request to screen out mobile applicants who | were not Canadian Citizens. To what end? Why should they care? In the US, my son found it hard to do a lot of things without being a citizen or having a green card. Even though he legally held a good job. Postpaid phones do involve granting credit but prepaid ones do not. If you grant credit, you might want all sorts of assurances. Maybe in that case you don't want people who could be kicked out of the country. | I wonder why, especially in this data stealing age, the practice is not firmly | against the law? Yes. And the boundaries clearly marked.
On Tue, Dec 17, 2019, 10:28 AM D. Hugh Redelmeier via talk, <talk@gtalug.org> wrote:
| From: Karen Lewellen via talk <talk@gtalug.org>
| That is a fine resource. it stateshowever that while the practice of asking | for a SIN in private company sectors is strongly discouraged, it is not | illegal. | Which is a dreadful shame, because I have encountered more than my share of | real estate agents who refuse services if not given a sin.
Real-estate agents now have FINTRAC obligations. Perhaps they need a SIN for that.
< https://www.fintrac-canafe.gc.ca/guidance-directives/transaction-operation/i...
| What is more, I know first hand from a bell Senior corporate staff member that | at least for a while bell used the request to screen out mobile applicants who | were not Canadian Citizens.
To what end? Why should they care?
In the US, my son found it hard to do a lot of things without being a citizen or having a green card. Even though he legally held a good job.
Postpaid phones do involve granting credit but prepaid ones do not. If you grant credit, you might want all sorts of assurances. Maybe in that case you don't want people who could be kicked out of the country.
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets. Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule. Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge. ---
Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
On 12/17/19 2:27 PM, Russell Reiter via talk wrote: [snip]
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets.
Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule.
Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge.
Its not that I was giving out my SIN voluntarily. It was a requirement of getting service from a telecom provider. Yes I could have refused to fill out the the application and walked out of the store. But then I would not have had the telecom service that I needed at the time. So now the Telecom provider has my SIN. Are they free to use as they wish? Could they use it as my client ID and paste it on the front the bills they send out to me? Part of my concern was that enough personal information for someone to completely steal my identity was provided to a call center in a third world country with little or no oversight. The carrier should have an obligation of care with my information. But the only obligation that the carrier has is to maximize the shareholder value. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 12/17/19 2:27 PM, Russell Reiter via talk wrote: [snip]
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets.
Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule.
Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge.
Its not that I was giving out my SIN voluntarily. It was a requirement of getting service from a telecom provider. Yes I could have refused to fill out the the application and walked out of the store. But then I would not have had the telecom service that I needed at the time.
Yes you did volunteer the information when they asked for it. The law presumed you have a choice in the matter. There are enough providers who don't collect SIN numbers that you could have used one of them. You jumped into the canyon by wanting services immediately. There is an old saw that says decide in haste, repent at leisure. The law of contracts is offer and acceptance. Getting a cell phone contract is not the same as applying for a loan. The business may do a credit check and withdraw the offer if you don't meet a credit threshold, but they don't need a SIN number to do that. However having the SIN it makes it easier for them to get access to your funds through the court system if you owe them a significant debt.
So now the Telecom provider has my SIN. Are they free to use as they wish?
No, they have a fiduciary duty to you to protect that sensitive information. It was collected as a kind of trust article. Could they use it as my client ID and paste it on the front the bills they
send out to me?
I think if they did that you could sue for injunctive relief, assuming that they didn't reveal that was their contractual policy at the outset. It would be on your copy of the contract if they did.
Part of my concern was that enough personal information for someone to completely steal my identity was provided to a call center in a third world country with little or no oversight.
You don't have to live in a marginalized area of the world to suffer from a lack of oversight in your own actions. Just saying ...
How did that happen? You purchased the service from a brick and mortar location, in Canada I presume. Accounting and financial data are different than technical and service information. It would be highly unlikely that a service technician or even a first tier collection representative would have access to your complete data file.
The carrier should have an obligation of care with my information.
But the only obligation that the carrier has is to maximize the shareholder
value.
Cybercare of personal information starts with the individual, unfortunately it's all downhill from there.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
| From: Russell Reiter via talk <talk@gtalug.org> | Yes you did volunteer the information when they asked for it. "ask" isn't quite accurate. "demand" is closer. I'm sure that no negotiation was possible. | The law | presumed you have a choice in the matter. There are enough providers who | don't collect SIN numbers that you could have used one of them. Do you know this? Or are you guessing? I do think that you are probably right: I don't remember being asked for my SIN for phone contracts. | However having the SIN it makes it easier for | them to get access to your funds through the court system if you owe them a | significant debt. Really? How would that work? | > So now the Telecom provider has my SIN. | > Are they free to use as they wish? | > | | No, they have a fiduciary duty to you to protect that sensitive | information. It was collected as a kind of trust article. Really? "Fiduciary duty" is a very strong standard. Can you point to anything that says they have such a duty? | > Could they use it as my client ID and paste it on the front the bills they | > send out to me? | | I think if they did that you could sue for injunctive relief, assuming that | they didn't reveal that was their contractual policy at the outset. It | would be on your copy of the contract if they did. I don't know the limits of "injunctive relief", but my guess is that it just means a court order to "stop doing that". No penalty. No undoing of damage. If so, that's not very satisfactory. | > Part of my concern was that enough personal information for someone to | > completely steal my identity was provided to a call center in a third world | > country with little or no oversight. Or: transfer your data to a datacenter in the US where the laws are different and nasty. That's completely normal in Canada. | How did that happen? You purchased the service from a brick and mortar | location, in Canada I presume. Accounting and financial data are different | than technical and service information. It would be highly unlikely that a | service technician or even a first tier collection representative would | have access to your complete data file. Strangers have access to poorly stored corporate data. Just look at the LifeLabs case revealed yesterday. | > The carrier should have an obligation of care with my information. | > But the only obligation that the carrier has is to maximize the shareholder | > value. Not a "fiduciary responsibility" to the customer that you claimed earlier? | Cybercare of personal information starts with the individual, unfortunately | it's all downhill from there. There are many components to this. We need to push back on unreasonable requests. We need to have better privacy legislation. We need better consumer education. We need consumers to demand better privacy. We need real competition, so bad actors suffer in the market. And so on. Right now, the power imbalance between a customer and a corporation limits the effectiveness of your statement. Some aspects of privacy are like vaccination. Privacy is easier to defend if we all have it. If we each stand alone, we will lose. You are essentially "blaming the victim". That's not completely wrong but it seems like this is mostly a systemic failure. A friend of mine probably died due to standing on such principles. (In the US, he could not afford health care. He had wealth that he could not access due to these principles.)
On Wed, Dec 18, 2019 at 9:36 AM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: Russell Reiter via talk <talk@gtalug.org>
| Yes you did volunteer the information when they asked for it.
"ask" isn't quite accurate. "demand" is closer.
I'm sure that no negotiation was possible.
You could always leave demanded information out of a screening form and see what happens. While it is not unlawful to ask for information and it is not unlawful to provide information there is usually a third option If such negotiation is not possible,
| The law | presumed you have a choice in the matter. There are enough providers who | don't collect SIN numbers that you could have used one of them.
Do you know this? Or are you guessing?
Well I presume in this case, since he was in a store, he could have walked into another store. This is assumed to be part of the free market economy we use.
I do think that you are probably right: I don't remember being asked for my SIN for phone contracts.
| However having the SIN it makes it easier for | them to get access to your funds through the court system if you owe them a | significant debt.
Really? How would that work?
Using metada. Just knowing there is a SIN number on a biling record or contract
form, should be enough for most court iniated inqueries. | > So now the Telecom provider has my SIN.
| > Are they free to use as they wish? | > | | No, they have a fiduciary duty to you to protect that sensitive | information. It was collected as a kind of trust article.
Really? "Fiduciary duty" is a very strong standard. Can you point to anything that says they have such a duty?
Ok I snagged this from Wikipedia and havent checked the authority but this is the essence of a trust. A fiduciary is someone who has undertaken to act for and on behalf of another in a particular matter in circumstances which give rise to a relationship of trust and confidence. — Lord Millett <https://en.wikipedia.org/wiki/Peter_Millett,_Baron_Millett> , *Bristol and West Building Society v Mothew <https://en.wikipedia.org/wiki/Bristol_and_West_Building_Society_v_Mothew>* [4] <https://en.wikipedia.org/wiki/Fiduciary#cite_note-4> Generally under private law a signed contract between people or an Individual and a Corporation is a trust document. Questions asked on a screening form have to have a rational purpose connected to the establishement of a trust arangement.
| > Could they use it as my client ID and paste it on the front the bills they | > send out to me? | | I think if they did that you could sue for injunctive relief, assuming that | they didn't reveal that was their contractual policy at the outset. It | would be on your copy of the contract if they did.
I don't know the limits of "injunctive relief", but my guess is that it just means a court order to "stop doing that". No penalty. No undoing of damage. If so, that's not very satisfactory.
That would be a preliminary relief, you might be entitled to more if you plead for it.
| > Part of my concern was that enough personal information for someone to | > completely steal my identity was provided to a call center in a third world | > country with little or no oversight.
Or: transfer your data to a datacenter in the US where the laws are different and nasty. That's completely normal in Canada.
| How did that happen? You purchased the service from a brick and mortar | location, in Canada I presume. Accounting and financial data are different | than technical and service information. It would be highly unlikely that a | service technician or even a first tier collection representative would | have access to your complete data file.
Strangers have access to poorly stored corporate data. Just look at the LifeLabs case revealed yesterday.
This is a function of all the Corporate deregulation since the 60's and the dilution of CSR in operations. Apparently now that everyones got a self employed under contract gig, either micromanaging or being micromanaged by computer, nobody understands Corporate Charters and the trust we are supposed to invest in our Institutions in Canada; including private business which deals directly with our personal data. Privatization of our health testing and the data that comes with it, was a very slippery slope. Lifelabs indicates the scope of that slope as we begin the slide down it. In Alvins Telecommunications case, It's kind of funny in a way. Since a computer is an RF device, by using it you are a broadcaster under license. You are responsible for any RF interference it creates.That is the broadcasters responsibility, carriers are a different part of the story and their duties are limited under contract and the specific requirements of their carrier agency permit.
| > The carrier should have an obligation of care with my information. | > But the only obligation that the carrier has is to maximize the shareholder | > value.
Not a "fiduciary responsibility" to the customer that you claimed earlier?
Umm that was a bit from Alvin's post. I should have responded to his post first, then this one. Sorry about that.
| Cybercare of personal information starts with the individual, unfortunately | it's all downhill from there.
There are many components to this.
We need to push back on unreasonable requests.
We need to have better privacy legislation.
We need better consumer education. We need consumers to demand better privacy. We need real competition, so bad actors suffer in the market. And so on.
Yes we need all those things as we move deeper into the Electronic Frontier.
Right now, the power imbalance between a customer and a corporation limits the effectiveness of your statement.
Some aspects of privacy are like vaccination. Privacy is easier to defend if we all have it. If we each stand alone, we will lose.
You are essentially "blaming the victim". That's not completely wrong but it seems like this is mostly a systemic failure.
I thought I was highlighting some of the alternative choices that people would usually have when shopping for Telecommunications services and the inherent assumption of risk involved when providing personal information under contract law.
A friend of mine probably died due to standing on such principles. (In the US, he could not afford health care. He had wealth that he could not access due to these principles.)
Not sure I understand this bit about your friend standing on principles. But I do admire principled people. ---
Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
| From: Russell Reiter via talk <talk@gtalug.org> "fiduciary duty" "injunctive relief" "trust" I don't think that these legal words mean what you think they mean. They are fairly technical. Using them lends an air of expertise. Unless you use them carelessly. That has the opposite effect. | You could always leave demanded information out of a screening form and see what happens. | While it is not unlawful to ask for information and it is not unlawful to provide information | there is usually a third option If such negotiation is not possible, What are the options you are thinking of? - fill it out correctly - leave it blank - fill it out with misinformation (phone number 555 555 5555) The third option might expose one to legal liability. | | However having the SIN it makes it easier for | | them to get access to your funds through the court system if you owe them a | | significant debt. | | Really? How would that work? | | Using metada. Just knowing there is a SIN number on a biling record or contract | form, should be enough for most court iniated inqueries. That's hand waving. Having a SIN number proves nothing about the existence of a contract or its terms or any outstanding debt. That's why I asked. (I think you mean "metadata", "billing", and "initiated". But when it comes to spelling, I live in a glass house.) | | No, they have a fiduciary duty to you to protect that sensitive | | information. It was collected as a kind of trust article. | | Really? "Fiduciary duty" is a very strong standard. Can you point to | anything that says they have such a duty? | | | Ok I snagged this from Wikipedia and havent checked the authority but this | is the essence of a trust. | | A fiduciary is someone who has undertaken to act for and on behalf of another | in a particular matter in circumstances which give rise to a relationship of trust | and confidence. | — Lord Millett, Bristol and West Building Society v Mothew[4] | | Generally under private law a signed contract between people or an Individual and a | Corporation is a trust document. Questions asked on a screening form have to have | a rational purpose connected to the establishement of a trust arangement. A fiduciary must act in your interest, not in their own or their organization's interest. Few business relationships are like that. "Trust" is a very technical term in Canadian law (similar to UK and US law). | | > Could they use it as my client ID and paste it on the front the bills they | | > send out to me? | | | | I think if they did that you could sue for injunctive relief, assuming that | | they didn't reveal that was their contractual policy at the outset. It | | would be on your copy of the contract if they did. | | I don't know the limits of "injunctive relief", but my guess is that it | just means a court order to "stop doing that". No penalty. No undoing of | damage. If so, that's not very satisfactory. | | | That would be a preliminary relief, you might be entitled to more if you plead | for it. You said "injunctive relief". My impression (IANAL) is that monetary awards are not part of injunctive relief. If you just said "sue them", that would have been covered. | Or: transfer your data to a datacenter in the US where the laws are | different and nasty. That's completely normal in Canada. | | Strangers have access to poorly stored corporate data. Just look at | the LifeLabs case revealed yesterday. | | | This is a function of all the Corporate deregulation since the 60's and the dilution of | CSR in operations. What's "CSR"? I don't see how this relates to deregulation. We've actually gotten more privacy regulation since the 1960's. | Privatization of our health testing and the data that comes with it, was a very slippery | slope. Lifelabs indicates the scope of that slope as we begin the slide down it. Actually, health care in Ontario was largely private until OHIP (introduced in the 1960s). | In Alvins Telecommunications case, It's kind of funny in a way. Since a computer is an RF | device, by using it you are a broadcaster under license. You are responsible for any | RF interference it creates.That is the broadcasters responsibility, carriers are a different | part of the story and their duties are limited under contract and the specific requirements | of their carrier agency permit. I neither understand that nor see how it relates to privacy. | I thought I was highlighting some of the alternative choices that people | would usually have when shopping for Telecommunications services and the | inherent assumption of risk involved when providing personal information under | contract law. It's good for people to know their options. But some options are more theoretical than practical. John Gilmore is not allowed on planes or trains or buses (he wore a button that read "suspected terrorist" and refused to remove it (I have one of those buttons too)). He has no driver's license because the California authorities require some information of him that they are not allowed to require (SSN? I don't remember). This is a steep price to pay for standing up for your rights. Random google hit: <https://boingboing.net/2003/08/03/why-john-gilmore-is.html> | A friend of mine probably died due to standing on such principles. | (In the US, he could not afford health care. He had wealth that he | could not access due to these principles.) | | | Not sure I understand this bit about your friend standing on principles. But I do | admire principled people. Sorry, for privacy reasons I don't wish to lay it all out. In this case, death was an indirect consequence.
On Wed, Dec 18, 2019, 2:03 PM D. Hugh Redelmeier via talk, <talk@gtalug.org> wrote:
| From: Russell Reiter via talk <talk@gtalug.org>
"fiduciary duty"
From the case law link example I posted of an agent acting for both parties as a form of trust as an equitable obligation.
Fiduciary Obligations (1977), p. 2, he is not subject to fiduciary obligations because he is a fiduciary; it is because he is subject to them that he is a fiduciary.
"injunctive relief"
If you need someone to stop a behaviour you see as harming your interests, you apply to the courts for an injunction. In fact it is possible to get an injunction without having to actually file a lawsuit, depending on how you plead it befre the courts.
"trust"
I don't think that these legal words mean what you think they mean.
".. an equitable obligation binding a person (who is called a trustee) to deal with property over which he has control (which is called the trust property), for the benefit of persons (who are called beneficiary or cestui que trust), of whom he may himself be one, and any one of whom may enforce the obligation. Any act or neglect on the part of a trustee which is not authorised or excused by the terms of the trust instrument, or by law, is called a breach of trust." http://www.duhaime.org/LegalDictionary/T/Trust.aspx In essence a telecommunications provider controls property known as radio frequencies, this is the trust property; they do this for the benefits of the corporation, the beneficaries; The consumer is the third party who may enforce the obligations they agreed to whey they joined into the trust and paid the fees for service every month. I think they do mean what I think they mean. So we will have our differences of opinion on this.
They are fairly technical. Using them lends an air of expertise. Unless you use them carelessly. That has the opposite effect.
They are also commonplace in the lexicon of business documentation. But lets face it who actually reads the fine print on a contract they have just signed.
| You could always leave demanded information out of a screening form and see what happens. | While it is not unlawful to ask for information and it is not unlawful to provide information | there is usually a third option If such negotiation is not possible,
What are the options you are thinking of?
- fill it out correctly
- leave it blank
- fill it out with misinformation (phone number 555 555 5555)
The third option might expose one to legal liability.
| | However having the SIN it makes it easier for | | them to get access to your funds through the court system if you owe them a | | significant debt. | | Really? How would that work? | | Using metada. Just knowing there is a SIN number on a biling record or contract | form, should be enough for most court iniated inqueries.
That's hand waving. Having a SIN number proves nothing about the existence of a contract or its terms or any outstanding debt. That's why I asked.
Having a written request to provide a SIN in a business screening form can prove a lot of things, like the reason it was asked for in the first place. If that reason is inconstiant with the law then it is invalid. Actually to put it in the context of Alvins issue of asking if a SIN could be used as a Customer ID; having a copy of a contract form requesting a SIN, could be grounds to obtain an injunction, that is if the SIN voluntarilly provided is not used for the purpose stated in the contract. Like using it as a customer ID without the consent of the customer. An injunction is usually a first step used to avoid having to actually sue in these types of private contracts.
(I think you mean "metadata", "billing", and "initiated". But when it comes to spelling, I live in a glass house.)
I swipe type from various devices a lot and that is fraught with its own difficulties, in that letters are sometimes dropped or the spelling is changed and I am not necessarily aware of that before I hit send. Notwithstanding that I am a terrible speller in the first place. Sorry about that.
| | No, they have a fiduciary duty to you to protect that sensitive | | information. It was collected as a kind of trust article. | | Really? "Fiduciary duty" is a very strong standard. Can you point to | anything that says they have such a duty? | | | Ok I snagged this from Wikipedia and havent checked the authority but this | is the essence of a trust. | | A fiduciary is someone who has undertaken to act for and on behalf of another | in a particular matter in circumstances which give rise to a relationship of trust | and confidence. | — Lord Millett, Bristol and West Building Society v Mothew[4] | | Generally under private law a signed contract between people or an Individual and a | Corporation is a trust document. Questions asked on a screening form have to have | a rational purpose connected to the establishement of a trust arangement.
A fiduciary must act in your interest, not in their own or their organization's interest. Few business relationships are like that.
Actually there are many types of fiduciaries depending on the structure of the trust issue at stake.
"Trust" is a very technical term in Canadian law (similar to UK and US law).
If I address the SIN in one context, as raised by Dhaval in another post: A deposit may be rationally used to establish a trust account. When Rogers requitred a deposit in the absence of voluntary provision of a SIN, they asked for a monitary deposit as a trust surty. This act itself was not unlawful. Although certain classes of persons might find the provision of funds to be held without payment of interest on the witheld monies an unncessary financial burden. It would be up to the courts to decide if Rogers profitted unjustly by holding those funds as a deposit and not paying interest on the monies at regular intervals.
| | > Could they use it as my client ID and paste it on the front the bills they | | > send out to me? | | | | I think if they did that you could sue for injunctive relief, assuming that | | they didn't reveal that was their contractual policy at the outset. It | | would be on your copy of the contract if they did. | | I don't know the limits of "injunctive relief", but my guess is that it | just means a court order to "stop doing that". No penalty. No undoing of | damage. If so, that's not very satisfactory. | | | That would be a preliminary relief, you might be entitled to more if you plead | for it.
You said "injunctive relief". My impression (IANAL) is that monetary awards are not part of injunctive relief.
If you just said "sue them", that would have been covered.
Actually a temporary injunction can be otbtained on an application without notice. It may lead to a lawsuit, or it may not, depending on the relief the applicant asserts as being necessary. The last thing the courts want to do is settle issues where both parties had a duty to inform themselves and did not. There is a term used by the deciders called rough justice. This is often used when the courts must impose a solution, after the parties are unable to reach consensus on their own. Ultimately they are long drawn out messy affairs. One trope states that the courts are not truely satisfied unless both parties go away unhappy. This would be an objective warning to parties to structure their contracts with crystal clear intent.
| Or: transfer your data to a datacenter in the US where the laws are | different and nasty. That's completely normal in Canada. | | Strangers have access to poorly stored corporate data. Just look at | the LifeLabs case revealed yesterday. | | | This is a function of all the Corporate deregulation since the 60's and the dilution of | CSR in operations.
What's "CSR"?
In older Corporate SAP documentation it was Customer Service Response. Depending on the organizational mandate these days it is now used in the context of Corporate Social Responsibilites.
I don't see how this relates to deregulation. We've actually gotten more privacy regulation since the 1960's.
Well dergulation in the 60's eliminated the necessity that all business operations in Canada be incorporated. This radical change provided for the opertation of Sole Propritorships. Initially this was done so that the professions of Doctor, Lawyer and Engineer could be practiced more easily and without having to join into large corporate groups. As time went by and more and more specialized educational programs developed, so too did the kinds of sole propritorships on offer to the general public increase. Now its at the point where anyone can go into any business and any oversight is purely reactive. This cut the cost of government's proactive enforcement of business regulations. So I actually assert that due to deregulation we have less privacy now than the 60's. What we do have is more and more people telling us they are trustworthy and fewer actual examples of trustworthyness.
| Privatization of our health testing and the data that comes with it, was a very slippery | slope. Lifelabs indicates the scope of that slope as we begin the slide down it.
Actually, health care in Ontario was largely private until OHIP (introduced in the 1960s).
In those days there were few testing labratories outside of hospitals, or xray machines for that matter. By the end of the 70's, health complex's came into being, They served to house independant doctors and testing labs would then pay rent along with them in order to share facilities. These grew into what are now known as LHIN's, Local Health Improvement Networks, here in Ontario anyway.
| In Alvins Telecommunications case, It's kind of funny in a way. Since a computer is an RF | device, by using it you are a broadcaster under license. You are responsible for any | RF interference it creates.That is the broadcasters responsibility, carriers are a different | part of the story and their duties are limited under contract and the specific requirements | of their carrier agency permit.
I neither understand that nor see how it relates to privacy.
Well wireless communications go over the public airwaves. Interference takes many forms, like cyberstalking and harassment. Your sent and received call record is your own record stored on the company server and your provider has to protect that call record from disclosure. It is not easy to breach this trust arrangement, but this is why a warrant can be obtained for an individuals private phone and banking records in certain circumstances.
| I thought I was highlighting some of the alternative choices that people | would usually have when shopping for Telecommunications services and the | inherent assumption of risk involved when providing personal information under | contract law.
It's good for people to know their options. But some options are more theoretical than practical.
All Canada's laws are a part of broad legal theory. They are tested from time to time in the courts of justice and the results are published for all interested parties to read and come to their own understandings. It is a fundamental principal of the law that all persons of the age of majority, are legally able to understand and follow the law. This is not always true. For instance a contract may be struck down if it is signed by a party who is under the influence of alcohol, as the person may be deemed to be non compose mentis (not of sound mind) at the time. Or, there are cooling off perions proscribed under law for when someone comes to your door and solicts your business and you sign a contract. You have as certain amount of time to void the contract before it takes legal effect.
John Gilmore is not allowed on planes or trains or buses (he wore a button that read "suspected terrorist" and refused to remove it (I have one of those buttons too)). He has no driver's license because the California authorities require some information of him that they are not allowed to require (SSN? I don't remember). This is a steep price to pay for standing up for your rights.
Random google hit: <https://boingboing.net/2003/08/03/why-john-gilmore-is.html>
Free speech is rarely free, there will always be a price to pay in one way or another..
| A friend of mine probably died due to standing on such principles. | (In the US, he could not afford health care. He had wealth that he | could not access due to these principles.) | | | Not sure I understand this bit about your friend standing on principles. But I do | admire principled people.
Sorry, for privacy reasons I don't wish to lay it all out. In this case, death was an indirect consequence. --- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
On 12/18/19 7:48 AM, Russell Reiter wrote:
On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
On 12/17/19 2:27 PM, Russell Reiter via talk wrote: [snip]
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets.
Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule.
Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge.
Its not that I was giving out my SIN voluntarily. It was a requirement of getting service from a telecom provider. Yes I could have refused to fill out the the application and walked out of the store. But then I would not have had the telecom service that I needed at the time.
Yes you did volunteer the information when they asked for it. The law presumed you have a choice in the matter. There are enough providers who don't collect SIN numbers that you could have used one of them. You jumped into the canyon by wanting services immediately. There is an old saw that says decide in haste, repent at leisure.
The law of contracts is offer and acceptance. Getting a cell phone contract is not the same as applying for a loan. The business may do a credit check and withdraw the offer if you don't meet a credit threshold, but they don't need a SIN number to do that. However having the SIN it makes it easier for them to get access to your funds through the court system if you owe them a significant debt. Here is a bit of a thought experiment.
Lets say I am interviewing to hire someone. I ask the person for sexual favors to get the job. If they say yes then they have accepted my offer and we have a contract. So its a lawful transaction and the person providing the favors has little right to suffer buyers remorse following your logic. As distasteful as the above example may be, it may still be legal. Contracts are funny things. Clearly if you beat someone to force them to sign a contract, the agreement is unenforceable. If I gently say "Oh come on its a good deal" then likely the contract would stand. Where is the line between force and gentle coercion, then add into that a power imbalance.
So now the Telecom provider has my SIN. Are they free to use as they wish?
No, they have a fiduciary duty to you to protect that sensitive information. It was collected as a kind of trust article.
The only fiduciary responsibility is to the shareholders. Short of committing premeditated murder there is little that can pierce the corporation other than doing something that deliberately dis-advantages the shareholders.
Could they use it as my client ID and paste it on the front the bills they send out to me?
I think if they did that you could sue for injunctive relief, assuming that they didn't reveal that was their contractual policy at the outset. It would be on your copy of the contract if they did.
It was an a bit of an extreme example but the point to be made is what are the limits of the businesses use of that personal information. Yes there is always the remedy of legal action but that in general only happens long after the damage is done.
Part of my concern was that enough personal information for someone to completely steal my identity was provided to a call center in a third world country with little or no oversight.
You don't have to live in a marginalized area of the world to suffer from a lack of oversight in your own actions. Just saying ...
I never actually said that I was hard done by or that I was taken advantage of. My point is that the personal information gleaned is being badly handled. Just saying ...
How did that happen? You purchased the service from a brick and mortar location, in Canada I presume. Accounting and financial data are different than technical and service information. It would be highly unlikely that a service technician or even a first tier collection representative would have access to your complete data file.
This was first tier support person who was asking for my SIN as a proof of who I was. The information he had included my address, account information, past bills and my SIN. The first questions were about my invoice/account and since I was on a train I had not access to that information at which point I was asked for my SIN. The conversation stopped quickly at that point because there was no way I was reading out my SIN in a crowded public location over a phone. This event occurred several(5-10) years after the initial purchase through a bricks and mortar reseller. So if you believe that the first person you speak to on the phone at Bell,Rogers et al does not have ALL your personal details on the screen in front of them you are sadly mistaken.
The carrier should have an obligation of care with my information.
But the only obligation that the carrier has is to maximize the shareholder value.
Cybercare of personal information starts with the individual, unfortunately it's all downhill from there.
That is true and this was something like 30 years ago I was much more naive then. The environment has changed in the intervening time. When I was a child access to personal information was controlled by physical access to paper and security was a matter of locks and keys. The rules around information protection are woefully inadequate in today's hyper connected environment. For example I later this morning will need to start looking at what of my information LifeLabs has leaked. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Wed, Dec 18, 2019, 11:16 AM Alvin Starr <alvin@netvel.net> wrote:
On 12/18/19 7:48 AM, Russell Reiter wrote:
On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 12/17/19 2:27 PM, Russell Reiter via talk wrote: [snip]
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets.
Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule.
Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge.
Its not that I was giving out my SIN voluntarily. It was a requirement of getting service from a telecom provider. Yes I could have refused to fill out the the application and walked out of the store. But then I would not have had the telecom service that I needed at the time.
Yes you did volunteer the information when they asked for it. The law presumed you have a choice in the matter. There are enough providers who don't collect SIN numbers that you could have used one of them. You jumped into the canyon by wanting services immediately. There is an old saw that says decide in haste, repent at leisure.
The law of contracts is offer and acceptance. Getting a cell phone contract is not the same as applying for a loan. The business may do a credit check and withdraw the offer if you don't meet a credit threshold, but they don't need a SIN number to do that. However having the SIN it makes it easier for them to get access to your funds through the court system if you owe them a significant debt.
Here is a bit of a thought experiment.
Lets say I am interviewing to hire someone. I ask the person for sexual favors to get the job.
If you are a corporate employee that is grounds for sanction. You expose them to a lawsuit for sexual harassment. If you are a sole or small business proprietor, that's just plain creepy. If they say yes then they have accepted my offer and we have a contract.
This kind of agreement is not supported under contract law and the courts are enjoined to respect that fact and they cannot enforce it's terms. So its a lawful transaction and the person providing the favors has little
right to suffer buyers remorse following your logic. As distasteful as the above example may be, it may still be legal.
Contracts are funny things.
Clearly if you beat someone to force them to sign a contract, the agreement is unenforceable. If I gently say "Oh come on its a good deal" then likely the contract would stand. Where is the line between force and gentle coercion, then add into that a power imbalance.
So now the Telecom provider has my SIN. Are they free to use as they wish?
No, they have a fiduciary duty to you to protect that sensitive information. It was collected as a kind of trust article.
The only fiduciary responsibility is to the shareholders. Short of committing premeditated murder there is little that can pierce the corporation other than doing something that deliberately dis-advantages the shareholders.
A corporation has a fiscal responsibility to shareholders, they have fiduciary obligations to all the person's they contract with.
Could they use it as my client ID and paste it on the front the bills they
send out to me?
I think if they did that you could sue for injunctive relief, assuming that they didn't reveal that was their contractual policy at the outset. It would be on your copy of the contract if they did.
It was an a bit of an extreme example but the point to be made is what are the limits of the businesses use of that personal information.
Yes there is always the remedy of legal action but that in general only happens long after the damage is done.
Part of my concern was that enough personal information for someone to completely steal my identity was provided to a call center in a third world country with little or no oversight.
You don't have to live in a marginalized area of the world to suffer from a lack of oversight in your own actions. Just saying ...
I never actually said that I was hard done by or that I was taken advantage of. My point is that the personal information gleaned is being badly handled. Just saying ...
How did that happen? You purchased the service from a brick and mortar location, in Canada I presume. Accounting and financial data are different than technical and service information. It would be highly unlikely that a service technician or even a first tier collection representative would have access to your complete data file.
This was first tier support person who was asking for my SIN as a proof of who I was. The information he had included my address, account information, past bills and my SIN. The first questions were about my invoice/account and since I was on a train I had not access to that information at which point I was asked for my SIN. The conversation stopped quickly at that point because there was no way I was reading out my SIN in a crowded public location over a phone.
This event occurred several(5-10) years after the initial purchase through a bricks and mortar reseller.
So if you believe that the first person you speak to on the phone at Bell,Rogers et al does not have ALL your personal details on the screen in front of them you are sadly mistaken.
I would hope, for billing and service inquiries, they would have all the personal information I provided to them. I wouldn't give my SIN to a phone provider tho. I don't ever remember giving it out to get a landline or cable service and the agents I use now never have asked me for a SIN in order start services.
The carrier should have an obligation of care with my information.
But the only obligation that the carrier has is to maximize the
shareholder value.
Cybercare of personal information starts with the individual, unfortunately it's all downhill from there.
That is true and this was something like 30 years ago I was much more naive then.
The environment has changed in the intervening time. When I was a child access to personal information was controlled by physical access to paper and security was a matter of locks and keys. The rules around information protection are woefully inadequate in today's hyper connected environment.
For example I later this morning will need to start looking at what of my information LifeLabs has leaked.
As you say times have changed. I only recently found out, in the recent past, that they don't even issue replacement SIN cards anymore.
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133alvin@netvel.net ||
--
Russell
On 12/18/19 12:32 PM, Russell Reiter wrote:
On Wed, Dec 18, 2019, 11:16 AM Alvin Starr <alvin@netvel.net <mailto:alvin@netvel.net>> wrote:
On 12/18/19 7:48 AM, Russell Reiter wrote:
snip
Here is a bit of a thought experiment.
Lets say I am interviewing to hire someone. I ask the person for sexual favors to get the job.
If you are a corporate employee that is grounds for sanction. You expose them to a lawsuit for sexual harassment. If you are a sole or small business proprietor, that's just plain creepy. Sanction depends on those who control the corporation. Look at the recent number of revelations about payouts to cover over xEO's behaving badly.
If they say yes then they have accepted my offer and we have a contract.
This kind of agreement is not supported under contract law and the courts are enjoined to respect that fact and they cannot enforce it's terms.
It was a bit of an extreme example but how many contracts can be enforced to the detriment of the less powerful party in the contract?
So its a lawful transaction and the person providing the favors has little right to suffer buyers remorse following your logic. As distasteful as the above example may be, it may still be legal.
snip
A corporation has a fiscal responsibility to shareholders, they have fiduciary obligations to all the person's they contract with.
The fiduciary obligation is there to the extent of the contract and little more. The corporate executives are contracted to the corporation and have a fiduciary responsibility to the corporations fiscal responsibility to the shareholders. Unless otherwise part of an employment contract the executives have no responsibility of care to anybody the corporation deals with. This is the kind of thing that results in products or processes that kill customers and employees. Its a nice deal. The corporation may have responsibilities to the customers and others but as an executive I have responsibility only to the corporation. If I make a decision that causes harm I am virtually immune to any responsibility. snip
So if you believe that the first person you speak to on the phone at Bell,Rogers et al does not have ALL your personal details on the screen in front of them you are sadly mistaken.
I would hope, for billing and service inquiries, they would have all the personal information I provided to them. I wouldn't give my SIN to a phone provider tho. I don't ever remember giving it out to get a landline or cable service and the agents I use now never have asked me for a SIN in order start services.
Really?? Telus runs a business providing practice management services to medical professionals including managing health data. Would you like your phone provider to have access to all your personal data? That could include your medical records? I can just hear the conversation: "Yes sir. To verify your identity could you tell us the results from your last prostate exam?" You may not have have provided your SIN as part of a credit application 30 years ago and in that case you are a much wiser person than I.
The carrier should have an obligation of care with my information.
But the only obligation that the carrier has is to maximize the shareholder value.
Cybercare of personal information starts with the individual, unfortunately it's all downhill from there.
That is true and this was something like 30 years ago I was much more naive then.
The environment has changed in the intervening time. When I was a child access to personal information was controlled by physical access to paper and security was a matter of locks and keys. The rules around information protection are woefully inadequate in today's hyper connected environment.
For example I later this morning will need to start looking at what of my information LifeLabs has leaked.
As you say times have changed. I only recently found out, in the recent past, that they don't even issue replacement SIN cards anymore.
That's an interesting tidbit. -- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Wed, Dec 18, 2019 at 2:18 PM Alvin Starr <alvin@netvel.net> wrote:
On 12/18/19 12:32 PM, Russell Reiter wrote:
On Wed, Dec 18, 2019, 11:16 AM Alvin Starr <alvin@netvel.net> wrote:
On 12/18/19 7:48 AM, Russell Reiter wrote:
snip
<snip>
I would hope, for billing and service inquiries, they would have all the personal information I provided to them. I wouldn't give my SIN to a phone provider tho. I don't ever remember giving it out to get a landline or cable service and the agents I use now never have asked me for a SIN in order start services.
Really?? Telus runs a business providing practice management services to medical professionals including managing health data. Would you like your phone provider to have access to all your personal data? That could include your medical records?
I can just hear the conversation:
"Yes sir. To verify your identity could you tell us the results from your last prostate exam?"
Me being who I am, if an employee of a telecommunications provider asked me that in order for me to buy into a service contract, I might just turn around and drop my pants in the office and say check for yourself.
You may not have have provided your SIN as part of a credit application 30 years ago and in that case you are a much wiser person than I
Well I think I did provide my SIN to my Bank when I first applied for an account and since I'm not one to abuse credit or take on excessive debt, I get along without having to disclose much more than the minimum necessary
The carrier should have an obligation of care with my information.
But the only obligation that the carrier has is to maximize the
shareholder value.
Cybercare of personal information starts with the individual, unfortunately it's all downhill from there.
That is true and this was something like 30 years ago I was much more naive then.
The environment has changed in the intervening time. When I was a child access to personal information was controlled by physical access to paper and security was a matter of locks and keys. The rules around information protection are woefully inadequate in today's hyper connected environment.
For example I later this morning will need to start looking at what of my information LifeLabs has leaked.
As you say times have changed. I only recently found out, in the recent past, that they don't even issue replacement SIN cards anymore.
That's an interesting tidbit.
Yea I lost my original card, had one replacement which was held together with scotch tape for ten out of 30 years and it finally fell apart. https://settlement.org/ontario/employment/social-insurance-number/your-socia... --
Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133alvin@netvel.net ||
-- Russell
On Wed, Dec 18, 2019 at 4:48 AM Russell Reiter via talk <talk@gtalug.org> wrote:
On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 12/17/19 2:27 PM, Russell Reiter via talk wrote: [snip]
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets.
Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule.
Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge.
Its not that I was giving out my SIN voluntarily. It was a requirement of getting service from a telecom provider. Yes I could have refused to fill out the the application and walked out of the store. But then I would not have had the telecom service that I needed at the time.
Yes you did volunteer the information when they asked for it. The law presumed you have a choice in the matter. There are enough providers who don't collect SIN numbers that you could have used one of them. You jumped into the canyon by wanting services immediately. There is an old saw that says decide in haste, repent at leisure.
Russell, I disagree with you here. When someone new to Canada comes over, they do not know what is true or not. I recall refusing to provide my SIN when I moved to Canada (because I was aware) to rogers, and I had to put in additional deposit (note, it was a deposit, but not an additional fee). If you were to have suggested teksavvy at that time, i would have laughed you away, because in the beginning I want something that is "bigger and therefore safer". The law is meant to protect the vulnerable, and folks who are new to Canada are probably the most vulnerable to predatory practices (simply because they don't know when they can or can not push back. They may also not have the financial resources to put in that bigger deposit that a service provider wants). You, Alvin, Hugh and I are in a group of people who understand their rights and are willing to psuh back. The newcomers are still learning, and this is a first bad impression they get of our country. And, let's be honest. We do not do a good job of talking about why the SIN is important. You cannot have SIN used as identity as well as verification. How do I know when it is and it is not OK to give your SIN? Why do you need SIN as a proof of identity for a credit check? It can be an identifier, but give me some other "verification" means, which I control. Doesn't that take away a lot of issues that a SIN leak causes? I would rather not blame the victim here, especially when the victim is a more vulnerable class that represented on this list. Dhaval
On Wed, Dec 18, 2019, 12:59 PM Dhaval Giani, <dhaval.giani@gmail.com> wrote:
On Wed, Dec 18, 2019 at 4:48 AM Russell Reiter via talk <talk@gtalug.org> wrote:
On Tue, Dec 17, 2019, 2:57 PM Alvin Starr via talk <talk@gtalug.org> wrote:
On 12/17/19 2:27 PM, Russell Reiter via talk wrote: [snip]
| I wonder why, especially in this data stealing age, the practice is not firmly | against the law?
Yes. And the boundaries clearly marked.
The problem is that its a matter of private law. The government would essentially fetter itself if it actually made it illegal for you to give out your SIN voluntarily. This might be the case in settlement if someone has sued you, won and now has the right to a full accounting of your income and assets.
Enforcing laws is expensive and there is a threshold which is bounded by economy of scale. As a general matter of private law, caveat emptor (let the buyer beware) is the rule.
Its kind of like the government is a national park with a grand canyon running through it. The can put up signs which say don't get too close to the edge or you may fall in but they can't really stop you from jumping off the edge.
Its not that I was giving out my SIN voluntarily. It was a requirement of getting service from a telecom provider. Yes I could have refused to fill out the the application and walked out of the store. But then I would not have had the telecom service that I needed at the time.
Yes you did volunteer the information when they asked for it. The law presumed you have a choice in the matter. There are enough providers who don't collect SIN numbers that you could have used one of them. You jumped into the canyon by wanting services immediately. There is an old saw that says decide in haste, repent at leisure.
Russell, I disagree with you here. When someone new to Canada comes over, they do not know what is true or not. I recall refusing to provide my SIN when I moved to Canada (because I was aware) to rogers, and I had to put in additional deposit (note, it was a deposit, but not an additional fee). If you were to have suggested teksavvy at that time, i would have laughed you away, because in the beginning I want something that is "bigger and therefore safer". The law is meant to protect the vulnerable, and folks who are new to Canada are probably the most vulnerable to predatory practices (simply because they don't know when they can or can not push back. They may also not have the financial resources to put in that bigger deposit that a service provider wants). You, Alvin, Hugh and I are in a group of people who understand their rights and are willing to psuh back. The newcomers are still learning, and this is a first bad impression they get of our country.
I agree that many newcomers face significant barriers through a lack of understanding of Canada's system of administrative law and the policies which underpin it. However, as much we would like to believe law concerns itself with vulnerable folks, that is not quite correct The principal concern of law is seen to be fairness. It achieves this in its own administration of Justice through a formal administrative process and the Courts of Justice. There are legal codes which directly apply to many vulnurable sectors of our society, as in the human rights code, but private contract law is a matter of trust and established equities.
And, let's be honest. We do not do a good job of talking about why the SIN is important. You cannot have SIN used as identity as well as verification. How do I know when it is and it is not OK to give your SIN? Why do you need SIN as a proof of identity for a credit check? It can be an identifier, but give me some other "verification" means, which I control. Doesn't that take away a lot of issues that a SIN leak causes?
You don't need a SIN for a credit check. I got a complete Transunion report even though I left it off the form I faxed to them. As for finding out when you should and should not provide your SIN. This following web page is one signpost around that canyon of dangerous practices by others in business. https://www.canada.ca/en/employment-social-development/services/sin/reports/...
I would rather not blame the victim here, especially when the victim is a more vulnerable class that represented on this list.
Nobody is blaming any victim here. I am only pointing out that all the available information I have seen to date indicates and backs up what I first learned when I got my original SIN: it is government policy, that it is a persons own responsibility to determine whether or not it is necessary to provide a SIN to any individual or business.
Dhaval
-- Russell
| From: Russell Reiter via talk <talk@gtalug.org> | I agree that many newcomers face significant barriers through a lack of | understanding of Canada's system of administrative law and the policies | which underpin it. However, as much we would like to believe law concerns | itself with vulnerable folks, that is not quite correct Do you mean "administrative law"? That too is a technical term. It refers to "the body of law that governs the activities of administrative agencies of government." <https://en.wikipedia.org/wiki/Administrative_law> I happened to read this today: <https://www.theglobeandmail.com/canada/article-supreme-court-ruling-could-quell-chaos-surrounding-administrative-law/> I think that you were talking about law in general. Administrative law only matters when you want to challenge government administrative decisions.
On Wed, Dec 18, 2019 at 4:51 PM D. Hugh Redelmeier via talk <talk@gtalug.org> wrote:
| From: Russell Reiter via talk <talk@gtalug.org>
| I agree that many newcomers face significant barriers through a lack of | understanding of Canada's system of administrative law and the policies | which underpin it. However, as much we would like to believe law concerns | itself with vulnerable folks, that is not quite correct
Do you mean "administrative law"? That too is a technical term. It refers to "the body of law that governs the activities of administrative agencies of government."
<https://en.wikipedia.org/wiki/Administrative_law>
Technically speaking, every term used in English communications is a technical term. In fact English is dubbed the language of the technocrats by some others. What I was attempting to address was the concept of victim blaming, as the issue was raised in a couple of posts. There are two basic branches of Law, Public and Private. Newcomers first contact with Canada is usually through an administrative agency which vetted their candidate application. Then they become landed and are expected to be able to function within the norms of Canadian law, both public and private, even as while they familiarize themselves with living under the Canadian system of established social norms. In this system, ignorance of the law is not a defence to an outright breach of the law, however can be a mitigating factor in determining cause and effect, when it is necessary for a decider to make a determination of remedy for a breach of the law, as that law may be administrated under a Tribunal cluster regime dealing with social and other public justice issues. Ideally the Tribunal system allows for individual regions to set the tone of remedy for equitable breaches which are not criminal but have significant detrimental social (not necessarily financial) effect if unchecked. Tribunals and boards are touted as informal resolution services. This is supposed to spare the parties and the State the burden of the very high costs of court time in settlement. Not to say that Tribunals don't have significant cost in their own right, but they are much less than formal court proceedings. Private law deals with formal financial remedies for unlawful breaches of mutually agreed upon contract terms under privity of contract. The CRTC is one established administrative authority of government and actually does govern cellular communications licensing as a trust issue. I'd like to be clear on this, although it's only my personal opinion, any monies collected in advance and held by a business owner establishes a formal trust. Certain things have come to pass due to the practices of phone services bundling hardware provision with service provision. In the land-line days, prior to WiFi mobile cellular, the courts forced phone companies to allow consumers to actually be able to purchase their own home phones and even to hook them up inside their homes themselves, as opposed to only renting them from the services provider and having only the providers technicians inspect and repair them. More recently cellular companies were forced to allow carrier unlocking. This is why the CRTC now want's consumer input on moving forward with establishing effective future regulations. Even on this list the right to repair is a topical issue, so administrative law is always a factor, whether it is immediately obvious or not.
From the CRTC webpage ...
"What is the CRTC? The Canadian Radio-television and Telecommunications Commission (CRTC) was created by the Parliament of Canada to regulate and supervise broadcasting and telecommunications in Canada. This includes the radio, television, cell phone, and Internet services that you and other Canadians rely on every day. With headquarters in the National Capital Region, the CRTC reports to Parliament through the Minister of Canadian Heritage." https://crtc.gc.ca/eng/acrtc/acrtc.htm I happened to read this today: <https://www.theglobeandmail.c <https://www.theglobeandmail.com/canada/article-supreme-court-ruling-could-quell-chaos-surrounding-administrative-law/>
I think that you were talking about law in general. Administrative law only matters when you want to challenge government administrative decisions. Interesting. Here is an article on the debate relating to standards of Judicial review of legal decisions made by both administrative Tribunals and the Courts of Justice. https://ablawg.ca/2018/07/23/the-great-divide-on-standard-of-review-in-canad... In Ontario some of the other administrative Tribunal bodies include the Ontario Human Rights Tribunal and the Landlord Tenant Board. Both of these administrative agencies and many others were recently clustered under a new umbrella name as Tribunals Ontario, A great deal of Canadians day to day business is dealt with by administrative Tribunals, but I don't think even the Supreme Court couldn't help you with a remedy, if you were expected to understand it's not wise to share your personal SIN under certain circumstances and you did so anyway. The problems newcomers face such as language and financial barriers are somewhat alleviated by the creation of Non Government Organizations as settlement agencies. But the demand on training and information services is high, the costs of service delivery are rising and there is a significant shortage of funding to be able to engage enough skilled individuals to act in counselling, training and educational roles. I always think back to the writers A & H Toffler and their original work Future Shock when I sense that language use is changing too rapidly for me to fully grasp the subtle and contextual nuances of that changing language as it is used in communications, legal or other. https://en.wikipedia.org/wiki/Future_Shock ---
Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
This whole discussion is getting way into the weeds. The point I was originally trying to make was about the crappy job the corporations we need to depend on are doing in keeping our information secure. On 12/18/19 9:24 PM, Russell Reiter via talk wrote:
On Wed, Dec 18, 2019 at 4:51 PM D. Hugh Redelmeier via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
| From: Russell Reiter via talk <talk@gtalug.org <mailto:talk@gtalug.org>>
| I agree that many newcomers face significant barriers through a lack of | understanding of Canada's system of administrative law and the policies | which underpin it. However, as much we would like to believe law concerns | itself with vulnerable folks, that is not quite correct
Do you mean "administrative law"? That too is a technical term. It refers to "the body of law that governs the activities of administrative agencies of government."
<https://en.wikipedia.org/wiki/Administrative_law>
Technically speaking, every term used in English communications is a technical term. In fact English is dubbed the language of the technocrats by some others. What I was attempting to address was the concept of victim blaming, as the issue was raised in a couple of posts.
There are two basic branches of Law, Public and Private. Newcomers first contact with Canada is usually through an administrative agency which vetted their candidate application. Then they become landed and are expected to be able to function within the norms of Canadian law, both public and private, even as while they familiarize themselves with living under the Canadian system of established social norms.
In this system, ignorance of the law is not a defence to an outright breach of the law, however can be a mitigating factor in determining cause and effect, when it is necessary for a decider to make a determination of remedy for a breach of the law, as that law may be administrated under a Tribunal cluster regime dealing with social and other public justice issues.
Ideally the Tribunal system allows for individual regions to set the tone of remedy for equitable breaches which are not criminal but have significant detrimental social (not necessarily financial) effect if unchecked. Tribunals and boards are touted as informal resolution services. This is supposed to spare the parties and the State the burden of the very high costs of court time in settlement. Not to say that Tribunals don't have significant cost in their own right, but they are much less than formal court proceedings.
Private law deals with formal financial remedies for unlawful breaches of mutually agreed upon contract terms under privity of contract.
The CRTC is one established administrative authority of government and actually does govern cellular communications licensing as a trust issue.
I'd like to be clear on this, although it's only my personal opinion, any monies collected in advance and held by a business owner establishes a formal trust. Certain things have come to pass due to the practices of phone services bundling hardware provision with service provision.
In the land-line days, prior to WiFi mobile cellular, the courts forced phone companies to allow consumers to actually be able to purchase their own home phones and even to hook them up inside their homes themselves, as opposed to only renting them from the services provider and having only the providers technicians inspect and repair them.
More recently cellular companies were forced to allow carrier unlocking. This is why the CRTC now want's consumer input on moving forward with establishing effective future regulations. Even on this list the right to repair is a topical issue, so administrative law is always a factor, whether it is immediately obvious or not.
From the CRTC webpage ...
"What is the CRTC?
The Canadian Radio-television and Telecommunications Commission (CRTC) was created by the Parliament of Canada to regulate and supervise broadcasting and telecommunications in Canada. This includes the radio, television, cell phone, and Internet services that you and other Canadians rely on every day. With headquarters in the National Capital Region, the CRTC reports to Parliament through the Minister of Canadian Heritage."
https://crtc.gc.ca/eng/acrtc/acrtc.htm
I happened to read this today: <https://www.theglobeandmail.c <https://www.theglobeandmail.com/canada/article-supreme-court-ruling-could-quell-chaos-surrounding-administrative-law/>>
I think that you were talking about law in general. Administrative law only matters when you want to challenge government administrative decisions.
Interesting. Here is an article on the debate relating to standards of Judicial review of legal decisions made by both administrative Tribunals and the Courts of Justice.
https://ablawg.ca/2018/07/23/the-great-divide-on-standard-of-review-in-canad...
In Ontario some of the other administrative Tribunal bodies include the Ontario Human Rights Tribunal and the Landlord Tenant Board. Both of these administrative agencies and many others were recently clustered under a new umbrella name as Tribunals Ontario,
A great deal of Canadians day to day business is dealt with by administrative Tribunals, but I don't think even the Supreme Court couldn't help you with a remedy, if you were expected to understand it's not wise to share your personal SIN under certain circumstances and you did so anyway.
The problems newcomers face such as language and financial barriers are somewhat alleviated by the creation of Non Government Organizations as settlement agencies. But the demand on training and information services is high, the costs of service delivery are rising and there is a significant shortage of funding to be able to engage enough skilled individuals to act in counselling, training and educational roles.
I always think back to the writers A & H Toffler and their original work Future Shock when I sense that language use is changing too rapidly for me to fully grasp the subtle and contextual nuances of that changing language as it is used in communications, legal or other.
https://en.wikipedia.org/wiki/Future_Shock
--- Post to this mailing list talk@gtalug.org <mailto:talk@gtalug.org> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net ||
On Wed, Dec 18, 2019 at 9:40 PM Alvin Starr via talk <talk@gtalug.org> wrote:
This whole discussion is getting way into the weeds.
Well it is off topic in relation to keeping the list Linux centric, except for the fact that Internet and cellular privacy do require technical skills and the OP was commenting on phishing because of hosting on Linode.
The point I was originally trying to make was about the crappy job the corporations we need to depend on are doing in keeping our information secure.
InfoSec is a highly specialized technical area of computing. The subtle nuances of computer language; machine, programming, legal and other spoken and written languages have all been melded into a universally misunderstood global internet corporate-speak. The OP's issue was with phishing and they pointed out the obvious intent of the Uniform Resource Locator sent to their email, as it was easy for a knowledgeable person to recognize this as spear phishing when they experienced it. There is a subtle context in the use of words. A cellular service provider or internet provider manages infrastructure assets which are essentially owned by the people of Canada. These Corporations lease and manage the rights to use Broadcast Frequencies over the air and by cabling, now at lightspeed. Ethereal considerations aside, these providers have fiduciary duties as they manage those common assets which are used by Canadians in order to publish and transfer information over the airwaves, in both public and in private communications. Corporations are legal fictions. They are chartered to have the right to do business as a person but they do not have human rights. They do business with people, either in writings which are fictions or, by employing other people under letters patent to do business, legal fictions. This is why a fiduciary may be of a class of persons who is a member of the corporation. The third party in trust. It's an original form of two factor authentication. The Government expects a natural person to be fiduciary, prudent in the sharing of information about oneself which then could be used to defraud others. It’s an impossible dream but none the less the law does provide for flexible relations. It’s not a crime to be asked for your SIN, it’s not a crime to provide your SIN but you should protect your SIN. There are only a few organizations who have a true need to know your sin when dealing with you. Prudent people are expected to understand this and act accordingly. Older people are caught in the middle. The SIN is formed to fit in a wallet to be durable and to be carried with you, typically so when a cop says, got any id, you can say yeah here's my SIN and I work over there. That was the social norm, with all the personal prejudices and social injustices, class struggles and other baggage of two individuals engaged face to face. One who works for government and one who doesn't. In a perfectly block-chained ethereal world you would not have to hide your SIN.
On 12/18/19 9:24 PM, Russell Reiter via talk wrote:
On Wed, Dec 18, 2019 at 4:51 PM D. Hugh Redelmeier via talk < talk@gtalug.org> wrote:
| From: Russell Reiter via talk <talk@gtalug.org>
| I agree that many newcomers face significant barriers through a lack of | understanding of Canada's system of administrative law and the policies | which underpin it. However, as much we would like to believe law concerns | itself with vulnerable folks, that is not quite correct
Do you mean "administrative law"? That too is a technical term. It refers to "the body of law that governs the activities of administrative agencies of government."
<https://en.wikipedia.org/wiki/Administrative_law>
Technically speaking, every term used in English communications is a technical term. In fact English is dubbed the language of the technocrats by some others. What I was attempting to address was the concept of victim blaming, as the issue was raised in a couple of posts.
There are two basic branches of Law, Public and Private. Newcomers first contact with Canada is usually through an administrative agency which vetted their candidate application. Then they become landed and are expected to be able to function within the norms of Canadian law, both public and private, even as while they familiarize themselves with living under the Canadian system of established social norms.
In this system, ignorance of the law is not a defence to an outright breach of the law, however can be a mitigating factor in determining cause and effect, when it is necessary for a decider to make a determination of remedy for a breach of the law, as that law may be administrated under a Tribunal cluster regime dealing with social and other public justice issues.
Ideally the Tribunal system allows for individual regions to set the tone of remedy for equitable breaches which are not criminal but have significant detrimental social (not necessarily financial) effect if unchecked. Tribunals and boards are touted as informal resolution services. This is supposed to spare the parties and the State the burden of the very high costs of court time in settlement. Not to say that Tribunals don't have significant cost in their own right, but they are much less than formal court proceedings.
Private law deals with formal financial remedies for unlawful breaches of mutually agreed upon contract terms under privity of contract.
The CRTC is one established administrative authority of government and actually does govern cellular communications licensing as a trust issue.
I'd like to be clear on this, although it's only my personal opinion, any monies collected in advance and held by a business owner establishes a formal trust. Certain things have come to pass due to the practices of phone services bundling hardware provision with service provision.
In the land-line days, prior to WiFi mobile cellular, the courts forced phone companies to allow consumers to actually be able to purchase their own home phones and even to hook them up inside their homes themselves, as opposed to only renting them from the services provider and having only the providers technicians inspect and repair them.
More recently cellular companies were forced to allow carrier unlocking. This is why the CRTC now want's consumer input on moving forward with establishing effective future regulations. Even on this list the right to repair is a topical issue, so administrative law is always a factor, whether it is immediately obvious or not.
From the CRTC webpage ...
"What is the CRTC?
The Canadian Radio-television and Telecommunications Commission (CRTC) was created by the Parliament of Canada to regulate and supervise broadcasting and telecommunications in Canada. This includes the radio, television, cell phone, and Internet services that you and other Canadians rely on every day. With headquarters in the National Capital Region, the CRTC reports to Parliament through the Minister of Canadian Heritage."
https://crtc.gc.ca/eng/acrtc/acrtc.htm
I happened to read this today: <https://www.theglobeandmail.c <https://www.theglobeandmail.com/canada/article-supreme-court-ruling-could-quell-chaos-surrounding-administrative-law/>
I think that you were talking about law in general. Administrative law only matters when you want to challenge government administrative decisions.
Interesting. Here is an article on the debate relating to standards of Judicial review of legal decisions made by both administrative Tribunals and the Courts of Justice.
https://ablawg.ca/2018/07/23/the-great-divide-on-standard-of-review-in-canad...
In Ontario some of the other administrative Tribunal bodies include the Ontario Human Rights Tribunal and the Landlord Tenant Board. Both of these administrative agencies and many others were recently clustered under a new umbrella name as Tribunals Ontario,
A great deal of Canadians day to day business is dealt with by administrative Tribunals, but I don't think even the Supreme Court couldn't help you with a remedy, if you were expected to understand it's not wise to share your personal SIN under certain circumstances and you did so anyway.
The problems newcomers face such as language and financial barriers are somewhat alleviated by the creation of Non Government Organizations as settlement agencies. But the demand on training and information services is high, the costs of service delivery are rising and there is a significant shortage of funding to be able to engage enough skilled individuals to act in counselling, training and educational roles.
I always think back to the writers A & H Toffler and their original work Future Shock when I sense that language use is changing too rapidly for me to fully grasp the subtle and contextual nuances of that changing language as it is used in communications, legal or other.
https://en.wikipedia.org/wiki/Future_Shock
---
Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133alvin@netvel.net ||
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
May I copy your 6 Infosec paragraphs to FaceBook - named? as from the list? On 2019-12-19 10:58 a.m., Russell Reiter via talk wrote:
On Wed, Dec 18, 2019 at 9:40 PM Alvin Starr via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
This whole discussion is getting way into the weeds.
Well it is off topic in relation to keeping the list Linux centric, except for the fact that Internet and cellular privacy do require technical skills and the OP was commenting on phishing because of hosting on Linode.
The point I was originally trying to make was about the crappy job the corporations we need to depend on are doing in keeping our information secure.
InfoSec is a highly specialized technical area of computing. The subtle nuances of computer language; machine, programming, legal and other spoken and written languages have all been melded into a universally misunderstood global internet corporate-speak. The OP's issue was with phishing and they pointed out the obvious intent of the Uniform Resource Locator sent to their email, as it was easy for a knowledgeable person to recognize this as spear phishing when they experienced it.
There is a subtle context in the use of words. A cellular service provider or internet provider manages infrastructure assets which are essentially owned by the people of Canada. These Corporations lease and manage the rights to use Broadcast Frequencies over the air and by cabling, now at lightspeed. Ethereal considerations aside, these providers have fiduciary duties as they manage those common assets which are used by Canadians in order to publish and transfer information over the airwaves, in both public and in private communications.
Corporations are legal fictions. They are chartered to have the right to do business as a person but they do not have human rights. They do business with people, either in writings which are fictions or, by employing other people under letters patent to do business, legal fictions. This is why a fiduciary may be of a class of persons who is a member of the corporation. The third party in trust. It's an original form of two factor authentication.
The Government expects a natural person to be fiduciary, prudent in the sharing of information about oneself which then could be used to defraud others. It’s an impossible dream but none the less the law does provide for flexible relations. It’s not a crime to be asked for your SIN, it’s not a crime to provide your SIN but you should protect your SIN. There are only a few organizations who have a true need to know your sin when dealing with you. Prudent people are expected to understand this and act accordingly.
Older people are caught in the middle. The SIN is formed to fit in a wallet to be durable and to be carried with you, typically so when a cop says, got any id, you can say yeah here's my SIN and I work over there. That was the social norm, with all the personal prejudices and social injustices, class struggles and other baggage of two individuals engaged face to face. One who works for government and one who doesn't.
In a perfectly block-chained ethereal world you would not have to hide your SIN.
On 12/18/19 9:24 PM, Russell Reiter via talk wrote:
On Wed, Dec 18, 2019 at 4:51 PM D. Hugh Redelmeier via talk <talk@gtalug.org <mailto:talk@gtalug.org>> wrote:
| From: Russell Reiter via talk <talk@gtalug.org <mailto:talk@gtalug.org>>
| I agree that many newcomers face significant barriers through a lack of | understanding of Canada's system of administrative law and the policies | which underpin it. However, as much we would like to believe law concerns | itself with vulnerable folks, that is not quite correct
Do you mean "administrative law"? That too is a technical term. It refers to "the body of law that governs the activities of administrative agencies of government."
<https://en.wikipedia.org/wiki/Administrative_law>
Technically speaking, every term used in English communications is a technical term. In fact English is dubbed the language of the technocrats by some others. What I was attempting to address was the concept of victim blaming, as the issue was raised in a couple of posts.
There are two basic branches of Law, Public and Private. Newcomers first contact with Canada is usually through an administrative agency which vetted their candidate application. Then they become landed and are expected to be able to function within the norms of Canadian law, both public and private, even as while they familiarize themselves with living under the Canadian system of established social norms.
In this system, ignorance of the law is not a defence to an outright breach of the law, however can be a mitigating factor in determining cause and effect, when it is necessary for a decider to make a determination of remedy for a breach of the law, as that law may be administrated under a Tribunal cluster regime dealing with social and other public justice issues.
Ideally the Tribunal system allows for individual regions to set the tone of remedy for equitable breaches which are not criminal but have significant detrimental social (not necessarily financial) effect if unchecked. Tribunals and boards are touted as informal resolution services. This is supposed to spare the parties and the State the burden of the very high costs of court time in settlement. Not to say that Tribunals don't have significant cost in their own right, but they are much less than formal court proceedings.
Private law deals with formal financial remedies for unlawful breaches of mutually agreed upon contract terms under privity of contract.
The CRTC is one established administrative authority of government and actually does govern cellular communications licensing as a trust issue.
I'd like to be clear on this, although it's only my personal opinion, any monies collected in advance and held by a business owner establishes a formal trust. Certain things have come to pass due to the practices of phone services bundling hardware provision with service provision.
In the land-line days, prior to WiFi mobile cellular, the courts forced phone companies to allow consumers to actually be able to purchase their own home phones and even to hook them up inside their homes themselves, as opposed to only renting them from the services provider and having only the providers technicians inspect and repair them.
More recently cellular companies were forced to allow carrier unlocking. This is why the CRTC now want's consumer input on moving forward with establishing effective future regulations. Even on this list the right to repair is a topical issue, so administrative law is always a factor, whether it is immediately obvious or not.
From the CRTC webpage ...
"What is the CRTC?
The Canadian Radio-television and Telecommunications Commission (CRTC) was created by the Parliament of Canada to regulate and supervise broadcasting and telecommunications in Canada. This includes the radio, television, cell phone, and Internet services that you and other Canadians rely on every day. With headquarters in the National Capital Region, the CRTC reports to Parliament through the Minister of Canadian Heritage."
https://crtc.gc.ca/eng/acrtc/acrtc.htm
I happened to read this today: <https://www.theglobeandmail.c <https://www.theglobeandmail.com/canada/article-supreme-court-ruling-could-quell-chaos-surrounding-administrative-law/>>
I think that you were talking about law in general. Administrative law only matters when you want to challenge government administrative decisions.
Interesting. Here is an article on the debate relating to standards of Judicial review of legal decisions made by both administrative Tribunals and the Courts of Justice.
https://ablawg.ca/2018/07/23/the-great-divide-on-standard-of-review-in-canad...
In Ontario some of the other administrative Tribunal bodies include the Ontario Human Rights Tribunal and the Landlord Tenant Board. Both of these administrative agencies and many others were recently clustered under a new umbrella name as Tribunals Ontario,
A great deal of Canadians day to day business is dealt with by administrative Tribunals, but I don't think even the Supreme Court couldn't help you with a remedy, if you were expected to understand it's not wise to share your personal SIN under certain circumstances and you did so anyway.
The problems newcomers face such as language and financial barriers are somewhat alleviated by the creation of Non Government Organizations as settlement agencies. But the demand on training and information services is high, the costs of service delivery are rising and there is a significant shortage of funding to be able to engage enough skilled individuals to act in counselling, training and educational roles.
I always think back to the writers A & H Toffler and their original work Future Shock when I sense that language use is changing too rapidly for me to fully grasp the subtle and contextual nuances of that changing language as it is used in communications, legal or other.
https://en.wikipedia.org/wiki/Future_Shock
--- Post to this mailing list talk@gtalug.org <mailto:talk@gtalug.org> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
--- Post to this mailing listtalk@gtalug.org <mailto:talk@gtalug.org> Unsubscribe from this mailing listhttps://gtalug.org/mailman/listinfo/talk
-- Alvin Starr || land: (647)478-6285 Netvel Inc. || Cell: (416)806-0133 alvin@netvel.net <mailto:alvin@netvel.net> ||
--- Post to this mailing list talk@gtalug.org <mailto:talk@gtalug.org> Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- Russell
--- Post to this mailing list talk@gtalug.org Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
-- elliottchapin.com/me
participants (12)
-
Alvin Starr -
Christopher Browne -
D. Hugh Redelmeier -
Dhaval Giani -
Elliott Chapin -
Howard Gibson -
James Knott -
Karen Lewellen -
Nicholas Krause -
o1bigtenor -
Russell Reiter -
Slackrat