Caveat: security & privacy

This post is intended for the information of all users of this site. Its contents have been divided into three sections:

1. internet browsers (ex. Chrome, Firefox, Internet Explorer, Opera, Safari)
2. internet service providers (ex., here in Canada: Bell, Rogers, Shaw, Telus; and UBC’s “visitor” and “secure” services)

Last revised/updated: 2015-08-30.

1. INTERNET BROWSERS

Visitors who do not wish to have cookies placed on their computers should set their browsers to refuse cookies before using this site. All the browsers with which I’m familiar or use regularly allow you, the user, to do this. Some suggestions for further reference:

• Chrome:
  • privacy notice 
  • Google Chrome privacy features (nice step-by-step guide)
  • “Incognito” mode

• Firefox:
  • privacy policy
  • how to change cookie preferences
  • how to disable online certificate verification so that online certificate verification (etc.) will be sent to any third party certificate provider

• Internet Explorer:
  • security and privacy
  • how to turn on the “Do Not Track” preference
  • using “Tracking Protection”
  • changing security and privacy settings
  • deleting old cookies and blocking new ones

• Opera:
  • privacy (some further details follow below)
  • private browsing
  • how to opt-out of online behavioral tracking (a.k.a. “do not track”)
  • how to delete private data (ex. cookies, cache)
  • how to control how Opera handles cookies

• Safari
  • Safari privacy and security: including blocking cookies by default, accepting them only from sites you visit; a “do not track” feature; and a “remove all website data” feature (all in the “Privacy” panel, once you’re using Safari)

2. SERVICE PROVIDERS

2A. GENERAL LEGAL CONSIDERATIONS

All the service providers with which I am familiar and/or have dealings collect IP addresses. Some collect more information. This is usually part of your Terms Of Service: that is, the contract that you have entered into with your service provider; by which they provide you with a service, and in return you pay them money and do not engage in illegal behaviour. The collection of IP addresses is a legal measure,  and (in theory etc.) a measure against criminal activities; be that preventative or for use in evidence if and when a crime has been committed, warrants issued, etc. “Legal” = applicable Canadian federal, provincial, and local laws and statutes, including:

• Criminal Code of Canada
• B.C. Civil Rights Protection Act
• B.C. Freedom of Information and Protection of Privacy Act
• B.C. Human Rights Act

There are legal limits to the collection, storage, use, and sharing of data: both personally-identifying data (your name, address, date of birth, photo, etc.) and IP addresses. Here in British Columbia, such activities are governed by the B.C. Freedom of Information and Protection of Privacy Act (FIPPA) and the Personal Information Protection Act (PIPA):

• Freedom of Information and Protection of Privacy Act [RSBC 1996] Chapter 165; this Act is current to March 13, 2013
• Personal Information Protection Act [SBC 2003] Chapter 63; this Act is current to March 13, 2013
• Office of the Information & Privacy Commissioner for British Columbia
• B.C. Ministry of Citizen’s Services and Open Government: Guide to the B.C. Freedom of Information and Protection of Privacy Act

In other jurisdictions, other laws apply.

2B. UBC IT

If you are at UBC and using either the UBC Visitor wireless network or the UBC Secure one (faculty, staff, students): UBC IT acts as an intermediary here, on behalf of an external service provider. At the time of writing, this was Telus. Use of the UBC internet service is subject to terms and conditions, in addition to the usual internet provider ones. This includes the recording of IP addresses and the tracking of internet use / websites visited. How this information is used, for how long it is kept, and its archiving are unknowns at the time of writing; for further information, please contact UBC IT directly. In the act of using UBC’s internet service(s), you have agreed to conditions of its use. (Tangential side-note: for linguists, philologists, and philosophers: this is conceptually/academically interesting.) In the words of UBC IT’s page on Appropriate Use—excerpts, as most of the rest of that page is intended for system administrators and others who run and maintain websites (such as O’Brien here, for her teaching sites on UBC Blogs and Connect)—:

Your acceptance is implicit in your use of Virtual Server Services. […]

The user bears the primary responsibility for the material that he or she chooses to access, send or display. The computer facilities may not be used in any manner which contravenes the above policies, laws or statutes.

Those who do not adhere to these guidelines may be subject to suspension of computing privileges.

Use of Virtual Server Services denotes that the user takes responsibility for reading and understanding the guidelines as outlined here, and also denotes acceptance of the terms of use.

As for those “guidelines” and “terms of use”: if you are associated with UBC and using the internet on campus as part of work (faculty, staff, students): your use is also subject to further following rules, rights, and responsibilities.

From UBC IT’s page on Appropriate Use:

The computing and communications facilities and services provided by UBC are primarily intended for teaching, research, and administrative purposes. Their use is governed by all applicable University policies, including:

• [UBC Policy #104:] Responsible Use of Information Technology Facilities and Services

From UBC IT’s Information Security Office: Security Policies page and their Privacy page—University Policies #104 & #106 are the key items here—:

UBC Policy #104 Responsible Use of Information Technology Facilities and Services

This policy applies to faculty, staff and students and is intended for the general support of and to provide a foundation for responsible use of UBC’s information technology facilities.

• Policy #104: Responsible Use of Information Technology Facilities and Services (PDF)

UBC Policy #106 Access to and Security of Administrative Information Systems

This policy applies to the use [of] and access [to] Administrative Systems and Administrative Data by faculty, staff, and students.

• Policy #106: Access to and Security of Administrative Information Systems (PDF)

Email and Privacy Legislation

View responses (PDF) to the questions that have been asked with respect to the Freedom of Information and Protection of Privacy Act (“FIPPA”) and email.

Learn more about Information and Privacy by visiting the Privacy section of the Office of the University Counsel

Some more on the terms of service/use for the UBC internet services:

• PDF of screenshots of the UBCVISITOR terms of use
• PDF of what scant and not particularly useful extra information is provided (further to policies #104 & 106) for UBCSECURE
• the UBC ResNet Service agreement