2016 Conference

Chris Sewrattan is a criminal defence lawyer in Toronto and a professor at Sheridan College. Chris obtained his BA in sociology and criminology at the University of Toronto and his JD at Osgoode Hall Law School of York University. Chris is currently competing his LLM at Osgoode Hall. His thesis examines the difference between the historical rationale of the hearsay rule and the current application of the doctrine.

 

Title : Can you hear me now? conceptions of privacy in section 8

Section 8 of the Canadian Charter of Rights and Freedoms constitutionalizes the right to privacy. While the legal right has been thoroughly discussed by the courts and scholars, its philosophical locus has received scant attention. This article analyzes the different philosophical conceptions of privacy present in the Supreme Court’s section 8 case law.

Four philosophical conceptions are discussed. First, legal orthodoxists assert that an individual has a right to be let alone. This conception of privacy is the basis of the presumptive requirement for a warrant whenever there is a reasonable expectation of privacy. Second, there is the assertion that an individual has the right to control what information is disclosed about them, when, and to whom. This conception of privacy has been accepted in the case law with an acknowledgement that it is a difference of kind rather than degree when an individual discloses information to the public and wishes it not to be intercepted by the state. Third, Posner asserts that privacy can be a conduit to nefarious enterprise and should be disregarded for the sake of efficiency. While this view has found favour in the United States, it has been disavowed in Canada. Fourth is the assertion that privacy is needed to create and preserve personhood. It guards against conformity, ridicule, punishment, and unfavorable decisions. This idea has been accepted in the case law but its application has been the subject of debate between judges.

Disagreement about the application of a conception of privacy in part stems from two factors. Each conception assumes a consensus about what privacy is and allows for privacy to be balanced against other state and liberty interests. There is no consensus about what privacy is nor is there consensus about its balancing. The result is an inconsistent conception of privacy and an inconsistent application of the privacy right. This is particularly problematic considering the unrepresentative composition of the Canadian judiciary. A more representative judiciary, while not a panacea, would militate against the problem.

Keywords: privacy, constitutional law, section 8, criminal law, philosophy

Sarit K. Mizrahi is pursuing her Ph.D. at the University of Ottawa with a focus on technology law.  Her thesis explores issues with copyright protection that may arise as a result of creating and storing creative works in the cloud.  She obtained her LL.M. in technology law as well, having been awarded the Prix Henri Capitant 2014 for her Master’s thesis which concentrated on the legal implications of Internet marketing from the perspectives of privacy law, competition law, trademark law and consumer protection law.  She received her LL.M., along with her LL.B. and J.D., from the University of Montreal, where she continues to work as a researcher at the Cyberjustice Laboratory.

Title: A whole new meaning to having our head in the clouds: voice recognition technology, the transmission of our oral communications to the cloud and the ability of Canadian law to protect us from the dangers it presents

Voice recognition technology is now included in modern devices as a matter of course, being used in anything from our cellular telephones, to our televisions, and even the toys of our children. While we may voluntarily interact with some of our devices using this technology, such as conversing with Siri on our iPhones, many of us remain unaware as to the dangerous implications of using voice recognition technology.

Its ability to record some of our most personal conversations allows private companies to eavesdrop on us in an unprecedented manner and amass highly sensitive information about our lives that would have previously been impossible. What is further pressing about this situation is that all of these recordings of our oral communications are stored in the cloud by these entities for future use and consultation, and are sometimes even transmitted to third parties. This risks exposing what may be some of our most intimate moments. Imagine if a commercial were targeted to a person’s television based on a sensitive conversation they had in the privacy of their own home. Or, even more frightening, consider if a child predator were to communicate with a child through their Barbie doll and use this connection to discover their whereabouts.

The levels of security and privacy available through this use of voice recognition technology are therefore questionable, and the ability of Canadian law to adequately protect us in both these arenas is even more so. I seek to examine the inherent dangers that voice recognition technology presents to its users and whether the law properly addresses each of these risks. I will begin my analysis by exploring the security and privacy infrastructures employed by some of the foremost companies offering this technology, in an effort to determine if they are sufficiently robust to protect our private information. I will then turn my analysis to an in-depth examination of Canadian privacy laws so as to ascertain whether or not they are extensive enough to safeguard us from the numerous threats posed by this technology, to both our citizens in general and our children in particular.

Keywords: Voice Recognition, Cloud, Privacy, Data Collection, Child Protection, Technology 

Katherine Kwong is a J.D. student at Harvard Law School. Her research interests address the intersection of law, technology, and biosciences, including how traditional concepts of privacy are affected by developments in science and technology. Prior to law school, she completed a Master of Public Health degree in Public Health Genetics at the University of Washington and a B.S. in Biology at the University of Minnesota. 
 

Title: Third-party services as potential sources for law enforcement procurement of genomic data

Genomic data have become increasingly important. Many people are eager to learn more about themselves, their families, and their health through third-party services that collect and analyze such data. The companies that provide these services have become the keepers of enormous amounts of genomic data, creating a source of private individuals’ genomic data that would never have been available under other circumstances.

The immense growth in this type of data collection has not escaped the notice of law enforcement. Genomic data have the potential to be very useful to law enforcement who seek to identify suspects, reconstruct crimes, or obtain additional evidence. Unable to obtain genomic data through other methods, law enforcement has increasingly turned to third-party businesses seeking their customers’ genomic data. Companies are faced with conflicts between their customers’ privacy and law enforcement’s desire to use these data for other purposes.

These difficult decisions are not merely a matter of speculative concern. Companies such as Ancestry.com and 23andMe have already received requests from law enforcement to provide genomic information these companies have stored on their servers. Many companies include clauses in their terms of service informing customers that they will comply with law enforcement requests when legally appropriate. Some companies have chosen fight law enforcement requests for their customers’ genomic data, while others have chosen to comply and provide the data. It remains unclear under what circumstances law enforcement should be permitted to obtain genomic data from these third-party services.

Existing legal frameworks governing evidence collection may be poorly suited to address these emerging challenges. These cases can be particularly complex when law enforcement may be seeking data about an individual who is not themselves suspected of a crime, or when the requests implicate the rules of multiple jurisdictions. This emerging area of law raises several important questions. When law enforcement wishes to request genomic data across international borders, what laws should apply? How can companies and legal systems navigate the complex criminal and privacy law implications of this new frontier in evidence collection? And how should differing international norms about law enforcement and privacy be reconciled?

Pradeepan K. Sarma recently completed the B.C.L./LL.B Programme at McGill University, Faculty of Law. Having an avid interest in technology issues, Deep’s interest in internet law was fostered during the latter half of his law school career, especially through the student-initiated seminar entitled ‘Cyberlaw’ he helped organize and facilitate during the fall of 2013 and as a research assistant for the Centre of Intellectual Property Policy at McGill University. Previously, he interned at the International Criminal Tribunal for the former Yugoslavia, working on the trial of Radovan Karadžić, helped found the McGill Journal of Dispute Resolution, and worked as a case worker for McGill Students’ Legal Startup clinic. Currently, he is an LL.M. student at Tel Aviv University, Faculty of Law, specializing in Law and Technology. 
 

Title: Aereo Dynamics: 'User Rights' and The Future of Internet Retransmission in Canada

​2014's US Supreme Court decision Aereo made waves in the entertainment and technology industry when it ruled in favour of a coterie of cable companies against an upstart start-up retransmitting broadcast television over the internet, with many technology pundits fearing that it could undermine future innovation in the telecommunications sector. Little attention, however, has been paid to its ramifications to the Canadian broadcasting regime, with its vastly different regulatory scheme and its objectives to foster the dissemination of Canadian content. Complicating matters further is the 2012 Canadian Supreme Court decision Cogeco, where the retransmission of broadcast signals had been re-articulated as a 'user right'. This paper uses the Aereo decision to examine the Canadian television retransmission regime with respect to the internet streaming of broadcast television, where I argue that a firm employing 'Aereo'-like technology can help fulfill the CRTC's mandate to advance the objectives of the Broadcasting Act that underpins Canadian communication law, and indeed, can and should be legal under Canada's current copyright and telecommunications regime. Not only was the Broadcasting Act created to advance the dissemination of Canadian content through the most effective means possible, the retransmission of broadcast television is a 'user right' in Canada and consequently does not constitute a copyright violation. The paper ends by examining the contours of the new 'user right' to retransmission and how it relates to the existing 'user rights' discourse introduced by the Supreme Court in CCH Canadian Ltd v Law Society of Upper Canada.

Vanessa Henri is pursuing her Ph.D. at McGill University. Her doctoral work is concerned with the debate pertaining to the legality of cyber-espionage in international law through an interdisciplinary commentary involving computer sciences and international relations. She is also funded by the Quebec Bar Association to conduct researches on a balanced regulation in the Dark Web. She has completed a LL.M. at McGill University which was published under the titled Duty of allegiance: The legimitacy of disloyalty as a rationale for treason law in the social contract paradigm. Vanessa has received the Brian Dickson medal for best advocacy in the Gale Cup 2012 and has worked as a Director of business develop at SJP attorneys. 
 

Title : The Dark Web & Encryption – Thoughts for an Educated Debate

Thanks to Edward Snowden, encryption has evolved from a technique used by high tech mafia groups and hackers to a promotional characteristic proposed by private companies such as Google and Apple, to reassure users about their safety. The popularisation of encryption has led some members of law enforcement and Intelligence agencies to argue that their capabilities to intercept communications is going dark. The Going Dark debate focuses largely on the capacity to intercept communications from smartphones.

Another aspect of this debate, that goes unnoticed, is the use of encryption online through browsers such as TOR. Encrypted websites are part of what is commonly referred to as the dark web – a place known for being able to buy anything, from pharmaceuticals and street drugs to weapons and child pornography. The very existence of this part of the Internet leaves jurists confused. Why can’t we just close it down? At the very same time, activists (and hacktivists) argue that encryption allows for a sense of privacy on Internet. The private sector adds that Internet-based encryption is essential to protect companies against cyber-espionage, in addition to being central to some activities like banking. It then becomes difficult to ban the technology altogether.

The thesis that will be explored will be based on the need to discuss appropriate measures towards dark web systems. The resulting conversations would stem from an interdisciplinary initiative due to the highly technical and political questions it raises. Consequently, the judiciary branch alone is ill-equipped to deal with cyber-criminality in the dark web. This will be addressed through a discussion of legal precedents in different jurisdiction, with reference to human rights and principles of international law.

Maseeh Haseeb is a doctoral candidate in Law at Queen’s University. Haseeb’s research interests are underpinned by the historical practices of national security in Canada. His research interests are discourse theory, ideology, governmentality, institutions, national security law, and surveillance. Haseeb has presented research on various national security topics at conferences across the continent, including at UC Berkeley, UBC Law, Osgoode Law School, McGill, Guelph, and Carleton.

Title: A governmentality perspective on national security discourse and bill C-51

Historically, national security in Canada was the mandate of the Royal Canadian Mounted Police (RCMP). In the 1950’s and 1960’s, the RCMP spied on individuals and groups such as high school students, gays and lesbians, trade unionists, communist factions, indigenous people and Quebec sovereigntists. Post 9/11, the RCMP and the Canadian Security Intelligence Service (CSIS) have been targeting Muslim Canadians, refugees, and even environmentalists in the name of national security. Under such broad sweeping security operations, the question remains: whose national security is being protected and what are the objectives of these operations? As a legislative response to the 2014 shootings at Parliament Hill, the Canadian Parliament passed Bill C-51 – new controversial anti-terrorism legislation which gives unprecedented and broad new policing as well as surveillance powers to the State. Drawing on Michel Foucault’s theory of governmentality, I will explore Bill C-51 within the national security discourse. Governmentality facilitates reflection on how the national security discourse enables the present complex processes of surveillance under Bill C-51 to govern population while unravelling the production of particular knowledges, objects, and subjects of government, tactics and methods, as well as techniques of security. I will evaluate the effectiveness of Bill C-51 against the historical context to consider the degree to which this law can prevent or deter terrorism. Most importantly, the evaluation of Bill C-51’s efficacy will be considered in the context of the loss of civil liberties and governmental power that punishes political dissent and weakens the core characteristics of democracy in Canada. 

Christopher Whitehead is a first-year Doctor of Civil Law (DCL) student at McGill University. He has postgraduate degrees in French business and insurance law, and undergraduate degrees in the common law and French. Before enrolling at McGill, he practised in-house—from 2013 to 2015, with a US insurance group, where he was responsible for France and Benelux legal and compliance, and from 2005 to 2013, with the insurance division of a French banking group. His responsibilities in both groups included advising on privacy and information law matters, among others.

Privacy and insurance in CA, EN, & FR: How does the responsible insurer “put guidelines and procedures in place for retaining and destroying PI” In its “Privacy Toolkit”, OPC (Office of the Privacy Commissioner of Canada) notes that it is the responsibility of every business falling within the scope of PIPEDA (Personal Information Protection and Electronic Documents Act) to “[p]ut guidelines and procedures in place for retaining and destroying personal information” (at 19). In Canada, this responsibility under PIPEDA is one that falls on most insurers, and in England and France, similar responsibilities exist for insurers in these two countries. In all three countries, insurers must reconcile their data protection responsibilities with other responsibilities, including their responsibility to their shareholders. Fortunately, it is often relatively simple to reconcile these responsibilities. Unfortunately, sometimes, it is not. In any case, every insurer must take these responsibilities seriously. What does taking these responsibilities seriously mean? It means answering a question: what must the “guidelines and procedures” take into account. Drawing upon my experience in-house, I will propose a process for answering this question, whether the insurer has customers in (common-law or civil-law) Canada, England, or France. This process involves identifying (1) the relevant information processes, (2) the relevant personal information, (3) the relevant minimum and maximum retention periods, and (4) the insurer’s options for deleting it. Finally, the process involves (5) flowcharting the processes corresponding to the option selected. Each of the three countries presents challenges for the insurer. However, we will see that the case of France is a particularly challenging one.

Sophie Stoyan is a LLM student in the Faculty of Law at Western University. Her research is
focused on the interplay between private international law and multinational corporations. She
holds a JD with distinction from Western University and a Bachelor of Arts Honours from
Queen’s University. She has worked as a research assistant for Professor Sara Seck on novel
issues between business, human rights and the professional responsibility of lawyers and
summered for income tax practitioner David G. O’Brien.

Title: Just a click away? Van Breda and virtually carrying on business

As internet commerce flourishes, there is growing need for certainty regarding when Canadian courts have jurisdiction over defendants conducting business via the internet. Yet Canadian law regarding internet jurisdiction is far from settled, raising more questions than providing answers. While the Supreme Court of Canada in Club Resorts Ltd v Van Breda (“Van Breda”) ostensibly heralded a new era of certainty and predictability for jurisdiction, the court’s decision does anything but in an internet context. Van Breda’s “presumptive connecting factor” that a Canadian court may assert jurisdiction over an extraterritorial defendant who is “carrying on business” in the province is particularly problematic in internet cases.

The paper provides the first critical examination of how lower courts post-Van Breda have interpreted what it means to be virtually carrying on business. By analyzing the uncertainties and tensions within these decisions, it sheds new light on what this aspect of jurisdiction means for judges, lawyers and businesses.

The paper both predicts and evaluates the law’s development in Canada. In essence, Canadian courts stand at a crossroads between two competing options. Current jurisprudence suggests courts will either (i) adopt a “targeting” approach whereby a defendant will be virtually carrying on business in a province only if the defendant “targeted” the jurisdiction or (ii) base jurisdiction on an aggregation of connecting factors between the defendant and the forum, resurrecting the approach from Muscutt v Courcelles (“Muscutt”) rejected in Van Breda.

Both approaches pose challenges. While a targeting analysis for carrying on business may better adhere to the Van Breda framework, it does so only at expense of access to justice by precluding an increasingly large number of claims. In contrast, while a Muscutt approach reduces access to justice concerns by maintaining flexibility, it would amount to a return to an approach the court explicitly rejected.

In light of these limitations, this paper concludes that the Supreme Court of Canada’s decision to value order over fairness in Van Breda is ill-suited for an evolving internet. Consequently, this balance may need to be reconsidered in favour of a more flexible test for whether a defendant is virtually carrying on business. 

Laura is a lawyer from Bogota, Colombia. In 2013, she graduated in law from Los Andes University in Bogota. In 2014, she finished a LL.M with concentration in Law and Technology at the University of Ottawa. Currently, she is second year Ph.D. student of the Faculty of law at the same university. She is interested in the privacy issues that arise from the interaction between technology and society, and the role of law in addressing these new challenges.
 

Title : Do they want to regulate online profiling?

Online profiling or behavioral tracking is the process by which private companies track and gather data about users’ activities in online platforms. The data collected by all the companies is aggregated with the purpose of creating a comprehensive profile about users. Since at least 15 years ago, there have been several attempts to regulate online profiling in order to reduce its privacy implications. In general, these regulations have tried to limit the way the information is used, the type of data that is collected, and impose or suggest the security standards that the companies should take to protect it.

This paper will demonstrate that the proposed regulations do not reduce online profiling’s privacy repercussions. In addition, it will argue that in order to reduce privacy repercussions it is necessary to regulate the aggregation and commercialization of the data. However, governments, industries, and users may not have enough incentives to find alternative methods or effective regulations to address the problems raised by online profiling.

Anastasia Konina is a PhD candidate at the University of Montreal Faculty of Law (Centre de recherche en doit public) where she researches the influence of the information technology on the separation of powers under the supervision of professors Nicolas Vermeys et Karim Benyekhlef. She has graduated with an LL.M degree in international and comparative law from the University of Pittsburgh School of Law (United States) where she was supported by the Fulbright scholarship and the Center for International Legal Education scholarship. She holds a bachelor and master of law degrees (both with honors) in international and European law from Moscow State Institute of International Relations (Russia). Upon the receipt of the bachelor degree she practiced law for five years as an in-house legal counsel for the mining company Norilsk Nickel. 

Title : Consumer dispute settlement in the European Union and the United States

Recent years have witnessed the proliferation of ADR mechanisms, the increasing privatization of enforcement institutions, and the extensive specialization and fragmentation of enforcement regimes in several areas of law, including consumer law.1 With the changes to the European Union consumer protection law brought by the Regulation on Consumer Online Dispute Resolution and the Directive on Consumer Alternative Dispute Resolution, both adopted in 2013, “the European Union (EU) pioneers the creation of a comprehensive out-of-court dispute resolution system for B2C [buyer to consumer] conflicts.”

The privatization and fragmentation of consumer rights enforcement is not merely a European, but an international, trend. For some time, it has been clear that the “[EU and US] are reshaping their global policies, redefining the balance between private and public enforcement.”3 The most representative of such “redefinitions” is the UNCITRAL Working Group III project on Draft Procedural Rules for Online Dispute Resolution for Cross-border Electronic Commerce Transactions (Draft Rules). The Draft Procedural Rules, along with three other instruments covering substantive rules to be applied, rules for regulating ODR providers and platforms, and coordination with the Convention on the Recognition and Enforcement of Foreign Arbitral Awards for purposes of enforcement, are a collective attempt to create a comprehensive online dispute resolution mechanism for B2B and B2C disputes arising out of cross-border, low-value transactions conducted by means of electronic communication. However, the proceedings of the Working Group III have been hindered due to the differences that exist between EU and US approaches to the settlement of disputes arising out of B2C transactions. The EU legislation has been interpreted and implemented to prohibit pre-dispute binding arbitration agreements in consumer contracts, while US law provides for no such limitation.

Based on the foregoing, this communication seeks to analyze the underlying differences in the regulation of B2C consumer dispute settlement in the EU and the US and suggests a way to reconcile the two approaches through policing of unconscionable dispute resolution clauses.

Elizabeth Farries is a Canadian lawyer with a practice background in litigation, intellectual property, and human rights. She has helped young marginalised women navigate the justice system and also assisted high profile clients at a national intellectual property firm. Elizabeth completed her BSc and JD at the University of Victoria and her MI at the University of Toronto. She is currently researching copyright solutions to cybermisogyny as a doctoral law student at Trinity College Dublin in Ireland. Elizabeth has published in several intellectual property publications, the Huffington Post, and co-authored an environmental publication introduced by Margaret Atwood.

Copyright v cybermisogyny: IP defenses against nonconsensual distribution of intimate images online

Women are being treated badly on the internet. It is now common that their private and intimate digital photographs are uploaded online without their permission. Such Images can result in unwanted notoriety for women. Their online subordination is not the affinity coalition that Donna Haraway originally and optimistically envisioned in her Manifesto. Rather, it more closely reflects Chela Sandoval’s description of the internet as an amplified opportunity for gender inequality. Through photographic alteration, women are also being subject to what Mary Anne Franks describes as forced avatarization or unwilling embodiment, as pejorative treatment of what Flanagan describes as third space gendered digibodies. These intangible digibodies are accompanied by very tangible psychological, professional, familial, and social harms offline.

Yet harm tends to be overlooked in intellectual property court, where damage may even be trivial by the judiciary. The lack of recourse reflects what scholars describe as male- centric perspectives on copyright law. Indeed, when women’s bodies are the contested intellectual property, infringement of copyrights may be considered more permissible than in other circumstances. However, I assert that copyright remedies can still offer solutions to this social problem. In this paper, I will outline findings from international comparative legal theory and comparative critical discourse regarding how the laws in North America and the European Union frame and regulate the unauthorised distribution of women’s intimate photographs. I will then present the potential remedies available in intellectual property courts. Innovative ideas come particularly from the United States, where scholars contemplate altering the meaning of authorship to give copyright control to the person being photographed, not merely the person taking the photograph.

Lex Gill is a researcher, activist and student based in Montreal. As a summer researcher at the Berkman Center for Internet and Society at Harvard (where she is now an affiliate), she has worked on exploring issues that include Internet governance, the legal implications of blockchain technology, and the problem of "digital constitutionalism." Lex is also a researcher for the Canadian Civil Liberties Association on issues of privacy and surveillance in Canada. She is a B.C.L./L.L.B. candidate at McGill University's Faculty of Law.

Legal Metaphor and the Encrypted Machine

Metaphor serves as a powerful conceptual bridge to transition between old and new technologies in the law [Larrson, 2011]. Yet when new technologies inherit old metaphors, they also inherit old rules, models and limitations [Lakoff, Johnson 1980]. This paper offers a critical examination of the legal metaphors we use to imagine, describe and legislate modern encryption technology.

Others have explored legal metaphors of big data and “the cloud” [Watson 2015 and Hwang, Levy 2015]; built upon lessons from the history of broadcast to confront the problem of “metaphor vacuums” [Sawhney, Suri, Lee 2010]; and examined the limits of technical analogy in the context of specific court cases (e.g., the Swedish Pirate Bay case) [Larsson 2013]. Despite this rich theoretical terrain, there has yet to be any comprehensive study of legal metaphor in the context of encryption.

In order to understand what encryption ‘is’ to the law (and what it might be), this paper will sketch the modern history of the technology. It will examine the historical (and resurgent) model of encryption as “weapon” — alongside both competing and interdependent narratives of encryption as tool, speech, computation, translation and right. Reversing the technical process of encryption is a practical impossibility without the correct decryption key. Encryption thus raises certain ideological problems for courts and the state that make it difficult to ground in a coherent legal framework. Historically, this has led to imperfect and shortsighted policy decisions that risk compromising commercial interests or jeopardizing civil liberties.

Rather than subscribe to a singular model, this paper canvasses five powerful legal metaphors for the encrypted device drawn from international case law and legislation — the locked box, the locked building, the untranslatable book, the combination safe, and the extension of the self. It will examine the legal impacts of each model, with the recognition that the metaphors we ultimately rely upon may have profound implications for the criminal law, issues of procedural fairness, rules of evidence, national security and human rights. 

Heidi Liu is a JD/PhD student in public policy at Harvard University. Her interests are in the application of judgment and decision-making to law and public policy. She seeks to understand what technological and legal tools might help individuals overcome both institutional and cognitive barriers toward their long-term goals, with an eye towards alleviating educational and gender disparities. 

Do Androids Dream of Bad News?

A recent, widely shared blog post contends that “2016 will be the year [where] computer-driven bots….will interact with either human agent or computer bot in roughly the same interaction paradigm.”[1] This paper challenges the interchangeability of these interactions in one particular context: revealing (or “breaking”) bad news. Breaking bad news is one of the toughest things to do in client- or patient-involved domains, given its significant implications: for example, a patient might disregard medical orders if she is skeptical of a positive diagnosis. As technology becomes intertwined with human experience, whether automated agents’ (“AAs”) can perform complex emotional acts through cyberspace is an important question.

Technology optimists claim that an AA revealing bad news would alleviate both messenger and receiver discomfort. If a human messenger overestimates the “shooting the messenger” effect, then she may withhold important information; if she underestimates the effect, she may not only experience backlash, but the recipient may also disregard the messenger and message. In contrast, an AA messenger may not only be programmed to break news, but also to do it sensitively.

Do individuals interact with AAs and humans similarly? If so, should humans know with whom they are interacting? When is bot-human interaction inappropriate? These questions offer legal implications, both in terms of regulating the revelation of bad news and shifting potential liability. I draw from the psychological and computer science literature to understand how individuals might react to AAs: that humans are likely to blame AAs more for bad news offers a pragmatic, though thin, argument for obscuring whether the messenger is a human or an AA. I then look to five legal examples where the automation of bad news might complicate how we deliver news across cyberspace: a lawyer’s role in settlement processes, medical diagnoses and genetic disclosure, employment termination, corporate disclosures and whistleblowing. I argue that determining whether an AA messenger in cyberspace should be used depends on whether the party using it is potentially liable for the bad news being revealed.

[1] Chris Messina, 2016 Will Be the Year of Conversational Commerce, https://medium.com/@chrismessina/2016-will-be-the-year-of-conversational... (Jan. 19, 2016) (last visited Feb.1, 2016).

Julia Deutsch, Alyssa Edwards, Ben Mitchell and Aman Sran are the four members of this year’s team representing McGill at the Philip C. Jessup Moot Court Competition. They are all finishing their third year at the Faculty of Law and will be graduating with joint B.C.L. / LL.B. degrees in December 2016. Having conducted extensive research in public international law, and in cybersecurity in particular, they have had the opportunity to plead these issues several times and look forward to presenting on their experience at the competition.

Title: The case concerning the Frost files: Cybersecurity, intelligence and surveillance in the Philip C. Jessup international law moot competition

The rise of the Internet and the notion of “cyberspace” over the past decades has created new challenges in public international law. Issues such as cyber-surveillance and cyberattacks continue to push the boundaries of what is lawful or unlawful State conduct, and to challenge the definition and scope of preexisting notions such as “sovereignty” and the “use of force”. Furthermore, the increasing variety of international actors — both public and private — has complicated issues of attribution in these areas. This international tension between law and cyberspace thus adds complexity to an already complicated legal framework.

The issues in the 2016 Jessup Moot Competition “Compromis” centre on the attribution and legality of cyber-surveillance and cyberattacks. Having researched and argued both sides of these issues multiple times before a simulated International Court of Justice, the authors propose a presentation of their respective arguments, as well as their reception and acceptance (or lack thereof). Given the lack to date of international cases regarding cyber-surveillance and cyberattacks, this opportunity was one of the first ever of its kind, to formulate such arguments surrounding issues in cyberspace and to test them before a panel of international law “judges”.

A discussion of this nature would include an assessment of international law sources governing cyberattacks and cyber-espionage, and how these sources can be adapted and applied to cyber-surveillance and cyberattacks. Furthermore, a presentation of the arguments made and countered by the presenters, along with the questions and issues raised by judges during the competition, will shed light on the viability of such arguments in the international sphere. We therefore propose that this presentation will provide a unique and novel take on today’s international legal challenges in cyberspace. 

TBA 

Title: Flirter avec l'illicite: espionnage et cyberattaques en droit international

La récente affaire X (Re)(C.F.) portée devant la Cour fédérale du Canada portant sur la collecte par le SCRS de renseignements provenant de l’étranger, la cyberattaque perpétrée contre le Conseil national de recherches du Canada ou encore les révélations faites par des chercheurs de l’Université de Toronto sur le système de cyberespionnage chinois GhostNet, montrent que la pratique étatique a transformé le cyberespace en espace d’espionnage et d’intrigue. Devant ce constat surgissent des questions juridiques importantes, tant pour le droit international que pour le Canada. Qu’est-ce que le cyberespionnage exactement? Le cyberespionnage constitue-t-il une activité licite en droit international? Dans quelle mesure peut-il se confondre avec la cyberattaque? Dans cet article, l’auteur tente de démystifier la légalité du cyberespionnage en droit international. Il expose d’abord comment les règles du jus ad bello et jus in bello sont inapplicables aux opérations de cyberespionnage. L’auteur montre ensuite que les principes traditionnels applicables en temps de paix, soit la souveraineté territoriale d’une part et l’exercice territorial de la compétence d’exécution d’autre part, ne parviennent pas à circonscrire les frontières légales du cyberespionnage. Faute de consensus, le cyberespionnage serait donc une activité licite en vertu du principe de liberté des États, et ce malgré son caractère hautement dommageable pour ces États qui en sont victimes. L’article termine en examinant les stratégies de défenses dont disposent les États, ainsi que les avenues conventionnelles futures qui s’offrent à eux afin de réguler cette activité qui flirte avec l’illicite. 

Wanshu Cong is a student in the Doctoral Civil Law Program at the Law Faculty of McGill University. She is working under the supervision of Professor Frédéric Mégret. Her research examines the spatial presumptions of international human rights law and how they are being challenged by the cyberspace. Wanshu completely her LL.B. in 2013 from Shantou University, China and an LL.M. from Geneva Academy of International Humanitarian Law and Human Rights in 2014. She also interned at the International Commission of Jurists in Geneva and the Extraordinary Chambers in the Courts of Cambodia. 
 

Title: Cyber surveillance and the extraterritorial application of limitation and derogation rules in human rights treaties

Are states bound by human rights standards when spying foreign nationals abroad? Extraterritorial application of human rights treaties is now becoming the rule. This article places the issue of extraterritorial application of human rights treaties in the situation of transnational cyber surveillance. In particular, I look into extraterritorial limitation and derogation which are logically the steps following extraterritorial application of human rights treaties. The article argues that extraterritorial application of human rights has technical as well as philosophical problems, and despite the good intention of favouring extraterritorial application of human rights, extraterritorial application of human rights in the context of transnational cyber surveillance would be counterproductive. To justify the contextualization of this article in cyber surveillance, I first discuss the particularities of cyber surveillance compared with most cases concerning extraterritoriality: the possibility of total absence of physical power or control by a state and the frequent occurrence during peacetime between effective sovereign states. In the following section, I identify the problems coming from the claim that states have extraterritorial human rights obligations in conducting transnational cyber surveillance. There are some immediate technical difficulties in interpreting the substantive requirements of limitation and derogation under international human rights law. Transnational cyber surveillance appears incompatible with the spatial presumptions of those substantive requirement of lawful limitation and derogation. Apart from the technical difficulties, we also confront the lack of a philosophical basis for a state imposing limitations on human rights extraterritorially. These technical, as well as theoretical problems may result in a situation where neither the state conducting cyber surveillance nor the victim state would be in favour of extraterritorial application of human rights. However it is not the intention of this author to claim that transnational cyber surveillance is not subject to human rights standards. The extraterritorial application of human rights law in transnational cyber surveillance cannot be assumed necessarily beneficial. The article concludes by calling for a better theoretical account of extraterritorial application of human rights which could redress the difficulties identified in this article. 

​Sanduni is an LLM candidate from Leiden University following the Advanced Masters program in Law and Digital Technologies where she is engaged in study related to cyber security, human rights and internet governance from a European and international perspective. She is an alumni of University of Colombo where she obtained her LLB (Honours). She is enrolled as an Attorney-at-Law of the Supreme Court of Sri Lanka since 2013 and had served in the Attorney General’s Department, Sri Lanka as an apprentice and subsequently as a legal officer attached to its Corporations Division. She graduated with a first class in B.Sc. in Information Technology from Middlesex University in 2014. Her research interests include cyber security, cyberspace regulation and its interaction with fundamental rights and international law. 

Cyber-attacks across the cyberspace are no longer results of a mischievous hack-trick cooked up by a teenager in his parents’ basement. The sophistication of cyber-attacks today is beyond anything the Farooq Alvi Brothers perceived when they executed the Brain virus. Cyber-crime poses one of the greatest challenges the law enforcement is faced with today, particularly in the EU and U.S. In the process of cyber-crime investigations law enforcement agencies employ similar techniques which they would employ in a non-digital crime, such as tracing money trails, wiretapping, targeted surveillance and collection of evidence. However, given the jurisdictional infinities of the cyberspace, not only affects the governance side of internet but bears a heavy weight in the prescription and enforcement of cyber-criminal justice system. In the recent years law enforcement agencies has resorted to rather unconventional investigative techniques that includes surveillance through deep packet investigations, hacking and installation of Remote Access Trojans and other malware, (compelling) installation of backdoors to end-to-end encrypted data flows and infiltrating TOR networks as a means of combatting cyber-crimes. In this process not only the privacy of users, be it their own citizens or otherwise, and their right to anonymity is blatantly disregarded but also lead to potential violation of international norms on state sovereignty and non-interference.  Whilst it is argued that in the process of investigations it is difficult to ascertain whether such norms are being violated, particularly in the infiltration of a TOR network or a remote proxy log, the question remains as to what extent the local authorities are allowed to conduct such investigative procedures under the current international legal regime. Furthermore, it remains unresolved whether a distinction should be made in cyber-crimes that are so atrocious that derogations to international law should be allowed or whether international legal norms could be revised to accommodate the virtual infinities of the cyberspace.

Dan Schoeni is a Major in the U.S. Air Force JAG Corps, and serves as program counsel at Hanscom AFB, Massachusetts, where he advises on the acquisition of $5.6 billion annually for command and control, intelligence, surveillance, and reconnaissance systems.  His previous assignments have included California, Germany, Qatar, Maryland, and Colombia.  He is a graduate of Brigham Young University, the University of Iowa, George Washington University, and the University of Nottingham.  He is also a Ph.D. candidate in public procurement law at the latter institution.

Title: Too slow for the age of cyber wardare: why congress should extend the special emergency procurement authority to cyber defense acquisitions

The U.S. Department of Defense is under attack. Fully 90 percent of our weapons systems’ functionality depends on software, making cyberattacks an inexpensive form of asymmetrical warfare. Adversaries scan the DoD networks millions of times a day looking for weaknesses. Their success has been alarming.

Last year I published an article entitled “Long on Rhetoric Short on Results: Agile Methods and Cyber Acquisitions in the DoD,” and argued that the DoD isn’t buying cyber weapons fast enough to keep up with the emerging threat. It buys cyber weapons at the same pace that it buys major weapons systems, an acquisition cycle of 7-10 years. That isn’t nearly fast enough to keep up with the pace of technological growth. In that article, I argued that the DoD should use agile software development methods to speed things up. Here, I would take a different tack.

The procurement system is slow by design. But Congress has carved out a “special emergency procurement authority” to expedite purchases that “facilitate the defense against . . . nuclear, biological, chemical, or radiological attack against the United States.” 41 U.S.C. § 1903(a)(2). My paper will argue that this same exception ought to be fully extended to cyber acquisitions.3 This will enable the warfighter to keep pace with the emerging cyber threat.

Oluwafifehan Ogunde is a doctoral candidate at the University of Notiingham with special focus on child rights protection in Nigeria as the area of research. He obtained his Bachelor of Laws (LLB) certificate at the University of Sheffield in 2010. He also has a masters degree in Human Rights Law obtained from the University of Nottingham in 2014. He is in addition a qualified barrister and solicitor of the Supreme Court of Nigeria, having been called to the Nigerian Bar in January 2012.
 

‘In all actions concerning children, whether undertaken by public or private social welfare institutions, courts of law, administrative authorities or legislative bodies, the best interests of the child shall be a primary consideration.’

                                                   -Article 3 Convention on the Rights of the Child[1]

​‘States Parties shall assure to the child who is capable of forming his or her own views the right to express those views freely in all matters affecting the child, the views of the child being given due weight in accordance with the age and maturity of the child.

                                                 -Article 12(1) Convention on the Rights of the Child[2]

The concept of the best interests of the child, while hardly a novel concept in international law, remains a highly controversial subject. In some contexts, the interpretation given under international law has been described as being ‘adult-centred’. The Committee on the Rights of the Child has however in defining the scope of the notion, referred to the participatory rights of the child as giving the child an opportunity to make value judgments on his or her best interests.[3]  The aim of this paper is to consider the best interests of the child vis-à-vis participatory rights, particularly with respect to child pornography and internet activity in general. It will be argued that the current framework of child rights protection under international law does not effectively address the complexities of cyber-activity relating to the child, particularly in the context of determining the ‘best interests’ of the child. In doing so, the relationship between liberationist and protectionist philosophies relating to the child would be examined in the context of cyber-activity with particular reference to child pornography. It may well be the case that striking a reasonable balance between both philosophies remains the ideal method of adapting international child rights law to contemporary societal problems and addressing issues developing in the cyber age.

Andrii Paziuk graduated from Zaporizhya State University with LLM and MS in Business Administration degree in 1996. For 10 years he worked for the Parliament of Ukraine as legal adviser and MPs' assistant. In 1999 he founded NGO Privacy Ukraine and collaborated with the Council of Europe and Privacy International advocating privacy and access to information legislative reforms in Ukraine.

He completed his PhD thesis devoted to the protection of privacy and transborder flow of personal data in 2004. His experience includes work for Ministry of Transportation as head of the analytical department in 2006-2008 and National Accreditation Agency first deputy in 2010-2011. As from 2012 Mr. Paziuk is a lecturer for IIR International Law Department of Taras Shevchenko National University of Kyiv. His current research interests as post-doctoral fellow in include legal normative concept of digital freedoms from international law perspectives. As Council of Europe expert he performed studies: 1) the implementation of CoE standards related to human rights and Internet in Ukraine context; 2) remedies and redress mechanisms for protecting human rights online.

Recent books: International Information Law, 2013; Integration of Ukraine in the European Information Space, 2014; International Information Law: theory and practice (Doctoral thesis), 2015. List of publications: https://iir-kiev.academia.edu/AndriiPaziuk

Information Security in Soviet and Post-Soviet Doctrines: Cases of Russia and Ukraine

At least two main approaches to international security regarding ICTs usage are dominant in global fora. While Western countries prefer to consider critical infrastructures as the main object of possible threats, thus developing cyber-defense counter-measures to combat cybercrimes, some Asian and Southern countries of the Shanghai Cooperation Organization and BRICS paid special attention in their information security policies to control of information flows as a tool for sovereignty protection in information sphere.

One may point to solely terminological difference between the notions of cybersecurity and information security, but the deeper analysis reveals contradictions in doctrinal approaches. Russia plays one of leading roles in developing information security strategies for both organizations. Both Russia’s Military Doctrine and recent draft of Information Security Doctrine refer to principles of general international law as stated in their texts. With regard thereto better understanding of the Russian doctrines’ roots, which lead to formation of Soviet understanding of ‘world information order’, may be useful from theoretical and practical perspectives.

Ukraine’s information security approach had common roots with Russian doctrine in communistic ideology of the common historical period of the USSR. At the same time, Ukraine’s political choice to integrate into the family of European nations with adherence to democratic values changed security priorities drastically. The Information Security Doctrine of 1999 was cancelled in 2014 reflecting changes in the defense doctrine of post-Soviet Ukraine. Unfortunately, the European choice resulted in the loss of the part of territory in the South of Ukraine, and ongoing hybrid warfare in the East of the country. Day after day resistance to the powerful Russia’s information aggression and cyber-attacks on critical infrastructure of Ukraine (recent attacks against energy sector in December 2015 and January 2016) have proven the applicability of the ‘responsibility to protect’ (R2P) doctrine as functional approach to State sovereignty in information sphere. The paper examines the history of the doctrinal development of information security concept and current policy trends in Russia and Ukraine.

Matthew P. Ponsford is an LL.M. Candidate at McGill University, specializing in research relating to medico-legal issues. He previously graduated from the Faculty of Common Law at the University of Ottawa (J.D.), completed an exchange at the Faculty of Law at The University of Hong Kong, and holds a B.Sc. (Distinction) from Queen's University. He has worked for a global law firm, several Canadian federal and provincial government departments and public officials, and has served on the Board of Directors of several NGOs, including Amnesty International Canada. He has published legal scholarship in the Harvard Journal of Law & Technology Digest, the Hong Kong Journal of Legal Studies and the Journal of Civil & Legal Sciences, with pieces in the Dalhousie Journal of Legal Studies and the Journal of Parliamentary and Political Law forthcoming.

SSRN Publications : http://ssrn.com/author=1958214

A comparative analysis of bitcoin and other decentralized virtual currencies: legal regulations in the People's Republic of China, Canada and the United States

Bitcoin, also known as a decentralized virtual currency (DVC), is regulated differently in the People’s Republic of China (PRC), Canada, and the United States, and represents a vastly underdeveloped area of the law. No country has currently backed Bitcoin. Launched in 2009, and founded by Satoshi Nakamoto, Bitcoin is a ‘decentralized peer-to-peer virtual currency.’ Other virtual currencies include Litecoin, Namecoin, Auroracoin, Peercoin, and Dogecoin – about 500 varieties in total – but this research study primarily focuses on Bitcoin.

This paper serves as a comparative analysis to help discern how these respective countries classify Bitcoin (e.g., a virtual object, currency, or potential security), and how three unique jurisdictions regulate, or intend to regulate, DVCs. Bitcoin is identified as a ‘currency,’ throughout the paper, but the classification is heavily contested. Questions for analyses include: are there appropriate existing legal frameworks to regulate Bitcoin? What securities regulation challenges does Bitcoin pose? What are the consumer and investor protection concerns associated with Bitcoin compared to traditional financial exchanges? What are the cross-jurisdictional challenges of virtual currency transactions that operate over the Internet (e.g., money laundering, or fraudulent activities)? Research incorporates securities commission reports, social and political commentary from secondary sources, relevant jurisprudence and legislation. Findings help situate the current climate of Bitcoin globally, and assess how its regulation differs relative to technological, economic, social, financial, and political forces.

Maria Manoli comes from Greece and she is a graduate of McGill University, Institute of Air and Space Law, where she pursued her LL.M. in Air and Space Law (2015-2016), during which she was also the Erin J.C. Arsenault fellow in Space Governance and the recipient of the Nicolas M. Matte award.  Before coming to McGill University she completed a LL.M. in Public International Law (2012) and a LL.M. in Civil Law (2013), both at the National and Kapodistrian University of Athens, Greece, where she also obtained her undergraduate degree in Law in 2012. She earned all her degrees with upper-second class honors. Maria Manoli is a lawyer of the Athens Bar Association and she has worked for several governmental and non-governmental organizations. Specifically, she has worked as a legal trainee for the Court of Appeals in Athens (2012-2013), for the Legal Counsel of Greece (2013 – assigned to the Greek Ministry of Environment Energy and Climate Change) and for the Hellenic Competition Commission (2014). She also interned at Secure World Foundation (Colorado, U.S.) during the summer of 2015 as a junior project manager and conducted research on the legal aspects of space natural resources exploitation. She has researched and published on space law-related topics and she has participated to several conferences. She is currently working as a research assistant for the Institute of Air and Space Law at McGill University, where she is conducting research on space law. Her research interests mainly focus on the commercial uses of outer space.

Cyber-Attacks to Satellites and the Right to Self-Defense: Applying the Principle of Proportionality

Cyber-attacks are defined as any kind of intentional and unauthorized offensive act that aims to access and interfere with computer networks and other information technology (IT) systems. While such attacks usually take place within terrestrial networks, their existence to extraterrestrial IT equipment is not impossible. Satellites, for example, are programmed and controlled through such networks that can form (and have already formed) cyber-attack targets.

Indeed, in 2010, EUTELSAT, the main European provider of satellite-based telecommunication services, experienced a series of attacks of intentional interference (jamming) that took place via means of cyberspace. Although the source of interference was identified in the territory of Iran, responsibility was never borne by the latter.

Besides the social and economic damage that such attacks can cause to States (e.g. loss of telecommunications), they can also interfere with sensitive State information, such as defense data. This can take place, for instance, in the case of Earth observation satellites of dual nature (i.e., both civili an and military), as well as in the case of purely military satellites. In both cases, legal issues as important as the matter of interference with State sovereignty pose various questions, the main one being whether cyber- attacks to satellites qualify the notion of 'act of war'.

In the light of the above considerations, this paper seeks to answer the following questions: "In case that offensive cyber-attacks are considered as 'acts of war', what is the nature and extent of the right to self- defense as per article 51 ofthe Charter of the United Nations?" and consequently, "In what manner will the principle of proportionality be applied given the peculiar nature of these attacks?".

In order to give a balanced answer, the paper addresses both questions from a comparative perspective by taking into consideration the teachings ofpublic international law and the very nature of corpus juris spatialis, i.e., the principles encompassed in the provisions of space law (e.g. the use of outer space in a solely peaceful and non-aggressive manner [articles I and IV of the Outer Space Treaty]). 

Nico was first introduced to the political implications of cyberspace during his undergraduate degree at the University of Toronto, while working as a Research Assistant at the Citizen Lab. His strong interest in criminal justice and organized crime, however, is what brought him to study law at Osgoode Hall Law School. After receiving his JD, Nico articled at the Ontario Ministry of the Attorney General’s Crown Law Office – Criminal, during which time he worked on several files involving digital evidence, international cooperation, and transnational cybercrime.

Governing the ungovernable: international relations, transnational cybercrime law, and the post-Westphalian regulatory state

In order to better understand the challenges facing transnational criminal law, the paper considers six regional anti-cybercrime regimes and traces their development and content. Insights from international relations theory and practical issues inherent in their implementation are then expounded and broader trends are discerned. These observations are linked to illustrate the ways in which modern nation states have shifted their traditional functions of ‘security provider’ or ‘sovereignty generator’ onto the transnational realm. Thereafter, the paper makes some tentative predictions regarding future attempts at transnational regulation. A number of conclusions are drawn. While a global tapestry of ‘transnational cybercrime law’ has been created, the differences and similarities between regimes can be attributed to the various legal and political arrangements amongst their signatories. Moreover, the regulatory challenges faced by these regimes demonstrate how Westphalian-based sovereign states are redeploying traditional legal and political paradigms to address novel transnational threats to a global man-made ecosystem. Finally, these trends suggest a continuation of current patterns of transnational regulation, despite the author’s call for a change in approach to transnational cybercrime law. 

Born in Italy, I graduated summa cum laude at the University of Castellanza, defending a thesis on the legality of humanitarian intervention in international law. I studied law at the University of Nottingham, where I completed an LLM degree in International Criminal Justice and Armed Conflict. Since then, I moved to Sheffield where I am currently writing a PhD thesis on the relationship between cyberwarfare and international humanitarian law. My research interests, while concerned with the international law on peace and security, are specifically focused on the transformations faced by the jus in bello and the jus ad bellum by the emergence of new actors and newly developed technologies.

Cyber-attacks, the law of targeting and the ‘humanization’ of International Humanitarian Law: problems and prospects.

The aim of International Humanitarian Law (‘IHL’) is to regulate the conduct of hostilities while, at the same time, balancing the two overarching concepts of military necessity and humanity. While the principle of military necessity allows a party to a conflict to exercise any amount of armed violence which is necessary for the accomplishment of a military purpose, the principle of humanity aims at minimizing the amount of physical violence caused to combatants and the civilian population. From the late 19th century onwards the principle of humanity has progressively eroded the domain of military necessity, influencing the creation and interpretation of IHL, in a process which is referred to as the ‘humanization’ of IHL[1]. A key area of IHL in which such process has taken place is the law of targeting, whose aim is to limit ‘attacks’[2], by prohibiting belligerents to direct them against civilians. In this context, the rise of cyberwarfare capabilities establishes a tension between the violence-centered rationale of the law of targeting and the nature of cyber-attacks, as their effects may have devastating consequences even without causing any form of physical violence.[3]  What kind of cyber-operations should qualify as ‘attacks’ under the law of targeting? The answer to this question can reconfigure the delicate balance between military necessity and humanity, raising implications for the protection of the civilian population and the humanitarian aims of IHL.

My contribution offers a critical evaluation of the relationship between the principle of humanity within the law of targeting and cyberwarfare, and proposes a ‘human security’ paradigm for the regulation of cyber-attacks in armed conflict.

[1] Meron, T., ‘The humanization of Humanitarian Law’94 American Journal of International Law (2000) 239-278.

[2]An attack is ‘an act of violence against the adversary, whether in offer or defense’. Protocol Additional to the Geneva Conventions of 12 August 1949, and relating to the Protections of Victims of International Armed Conflicts (Protocol I), 8 June 1977, Art. 49 (1).

​[3] Consider, for instance, a cyber operation that targets the stock market of a state, or one that shuts down an electrical power grid of a city.