[Infowarrior] - DRM a grave threat to privacy (report from cippic)
Richard Forno
rforno at infowarrior.org
Sat Sep 22 18:06:43 UTC 2007
(c/o JH)
http://www.cippic.ca/uploads/CIPPIC_Report_DRM_and_Privacy.pdf
Our assessment of the compliance of these DRM applications with
PIPEDA led to a number of general findings:
€ Fundamental privacy-based criticisms of DRM are well-founded: we
observed tracking of usage habits, surfing habits, and technical data.
€ Privacy invasive behaviour emerged in surprising places. For
example, we observed e-book software profiling individuals. We
unexpectedly encountered DoubleClick - an online marketing firm - in
a library digital audio book.
€ Many organizations take the position that IP addresses do not
constitute "personal information" under PIPEDA and therefore can be
collected, used and disclosed at will. This interpretation is
contrary to Privacy Commissioner findings. IP addresses are collected
by a variety of DRM tools, including tracking technologies such as
cookies and pixel tags (also known as web bugs, clear gifs, and web
beacons).
€ Companies using DRM to deliver content often do not adequately
document in their privacy policies the DRM-related collection, use
and disclosure of personal information. This is particularly so where
the DRM originates with a third party supplier.
€ Companies using DRM often fail to comply with basic requirements of
PIPEDA.
More information about the Infowarrior
mailing list