In today’s episode of “Let’s mitigate this data leak by violating the privacy of people who happened to view it,” we bring you the government of Nova Scotia and a privacy lawyer who didn’t appreciate them violating his privacy.
Canadian privacy lawyer David Fraser has a story to share with you. It’s a story about how the Nova Scotia government had an “oops” incident and then, in trying to address it, obtained his IP address from CanLII, where he had viewed the exposed files. CanLII did not request any warrant and just turned over their logs. Because Fraser and others had read some case decisions that had been accidentally uploaded in unredacted form, the government wanted assurances that they had not downloaded or saved any copies and would delete any copies they had saved. That concern was understandable, and when a WCAT employee called him after seeing Fraser’s name in a news story about the leak, Fraser immediately informed WCAT that they had not downloaded or retained any copies. And all was well. But it didn’t stay well.
At a later date, Fraser got a phone call from the government. They had managed to get his personal information, including his home phone number. How did they get it?
It turns out that after the government contacted CanLII and obtained the detailed logs for the exposed files, the government went to court to get orders to compel ISPs to produce information on the owners of those IP addresses. CanLII would later claim that they had no idea that the government intended to do that.
To make things worse, the court just granted the government the orders to the ISPs it requested. The court did not appoint any amicus to represent the privacy interests of those whose information was being sought. These were citizens who had not violated any laws by viewing publicly available files and yet their privacy rights were ignored by the court who cooperated with the government.
As a privacy lawyer and blogger, Fraser has laid this all out for us on YouTube and provided relevant filings.