[GTALUG] [OT] Phishing is no mirage...

[Russell Reiter]

On Wed, Dec 18, 2019, 2:03 PM D. Hugh Redelmeier via talk, <talk at gtalug.org>
wrote:

> | From: Russell Reiter via talk <talk at gtalug.org>
>
> "fiduciary duty"
>

>From the case law link example I posted of an agent acting for both parties
as a form of trust as an equitable obligation.

>
Fiduciary Obligations (1977), p. 2, he is not subject to fiduciary
obligations because he is a fiduciary; it is because he is subject to them
that he is a fiduciary.

>
> "injunctive relief"


If you need someone to stop a behaviour you see as harming your interests,
you apply to the courts for an injunction. In fact it is possible to get an
injunction without having to actually file a lawsuit, depending on how you
plead it befre the courts.


> "trust"


> I don't think that these legal words mean what you think they mean.


  ".. an equitable obligation binding a person (who is called a trustee) to
deal with property over which he has control (which is called the trust
property), for the benefit of persons (who are called beneficiary or cestui
que trust), of whom he may himself be one, and any one of whom may enforce
the obligation. Any act or neglect on the part of a trustee which is not
authorised or excused by the terms of the trust instrument, or by law, is
called a breach of trust."

http://www.duhaime.org/LegalDictionary/T/Trust.aspx

In essence a telecommunications provider controls property known as radio
frequencies, this is the trust property; they do this for the benefits of
the corporation, the beneficaries; The consumer is the third party who may
enforce the obligations they agreed to whey they joined into the trust and
paid the fees for service every month.

I think they do mean what I think they mean. So we will have our
differences of opinion on this.


> They are fairly technical.  Using them lends an air of expertise.
> Unless you use them carelessly.  That has the opposite effect.
>

They are also commonplace in the lexicon of business documentation. But
lets face it who actually reads the fine print on a contract they have just
signed.


> | You could always leave demanded information out of a screening form and
> see what happens.
> | While it is not unlawful to ask for information and it is not
> unlawful to provide information
> | there is usually a third option If such negotiation is not possible,
>
> What are the options you are thinking of?
>
> - fill it out correctly
>
> - leave it blank
>
> - fill it out with misinformation (phone number 555 555 5555)
>
> The third option might expose one to legal liability.
>
> |       |  However having the SIN it makes it easier for
> |       | them to get access to your funds through the court system if you
> owe them a
> |       | significant debt.
> |
> |       Really?  How would that work?
> |
> | Using metada. Just knowing there is a SIN number on a biling record or
> contract
> | form, should be enough for most court iniated inqueries.
>
> That's hand waving.  Having a SIN number proves nothing about the
> existence of a contract or its terms or any outstanding debt.  That's
> why I asked.
>

Having a written request to provide a SIN in a business screening form can
prove a lot of things, like the reason it was asked for in the first place.
If that reason is inconstiant with the law then it is invalid.

Actually to put it in the context of Alvins issue of asking if a SIN could
be used as a Customer ID; having a copy of a contract form requesting a
SIN, could be grounds to obtain an injunction, that is if the SIN
voluntarilly provided is not used for the purpose stated in the contract.
Like using it as a customer ID without the consent of the customer. An
injunction is usually a first step used to avoid having to actually sue in
these types of private contracts.


> (I think you mean "metadata", "billing", and "initiated".  But when it
> comes to spelling, I live in a glass house.)
>

I swipe type from various devices a lot and that is fraught with its own
difficulties, in that letters are sometimes dropped or the spelling is
changed and I am not necessarily aware of that before I hit send.
Notwithstanding that I am a terrible speller in the first place.

 Sorry about that.


> |       | No, they have a fiduciary duty to you to protect that sensitive
> |       | information. It was collected as a kind of trust article.
> |
> |       Really?  "Fiduciary duty" is a very strong standard.  Can you
> point to
> |       anything that says they have such a duty?
> |
> |
> | Ok I snagged this from Wikipedia and havent checked the authority but
> this
> | is the essence of a trust.
> |
> | A fiduciary is someone who has undertaken to act for and on behalf of
> another
> | in a particular matter in circumstances which give rise to a
> relationship of trust
> | and confidence.
> | — Lord Millett, Bristol and West Building Society v Mothew[4]
> |
> | Generally under private law a signed contract between people or an
> Individual and a
> | Corporation is a trust document. Questions asked on a screening form
> have to have
> | a rational purpose connected to the establishement of a trust arangement.
>
> A fiduciary must act in your interest, not in their own or their
> organization's interest.  Few business relationships are like
> that.


Actually there are many types of fiduciaries depending on the structure of
the trust issue at stake.


> "Trust" is a very technical term in Canadian law (similar to UK and
> US law).
>

If I address the SIN in one context, as raised by Dhaval in another post: A
deposit may be rationally used to
establish a trust account. When Rogers requitred a deposit in the absence
of voluntary provision of a SIN,
they asked for a monitary deposit as a trust surty. This act itself was not
unlawful. Although certain classes
of persons might find the provision of funds to be held without payment of
interest on the witheld monies an
unncessary financial burden. It would be up to the courts to decide if
Rogers profitted unjustly by holding those
funds as a deposit and not paying interest on the monies at regular
intervals.


>
> |       | > Could they use it as my client ID and paste it on the front
> the bills they
> |       | > send out to me?
> |       |
> |       | I think if they did that you could sue for injunctive relief,
> assuming that
> |       | they didn't reveal that was their contractual policy at the
> outset. It
> |       | would be on your copy of the contract if they did.
> |
> |       I don't know the limits of "injunctive relief", but my guess is
> that it
> |       just means a court order to "stop doing that".  No penalty.  No
> undoing of
> |       damage.  If so, that's not very satisfactory.
> |
> |
> | That would be a preliminary relief, you might be entitled to more if you
> plead
> | for it.
>
> You said "injunctive relief".  My impression (IANAL) is that monetary
> awards are not part of injunctive relief.
>
> If you just said "sue them", that would have been covered.
>

Actually a temporary injunction can be otbtained on an application without
notice. It may lead to a lawsuit, or it may not, depending on the relief
the applicant asserts as being necessary. The last thing the courts want to
do is settle issues where both parties had a duty to inform themselves and
did not. There is a term used by the deciders called rough justice. This is
often used when the courts must impose a solution, after the parties are
unable to reach consensus on their own. Ultimately they are long drawn out
messy affairs. One trope states that the courts are not truely satisfied
unless both parties go away unhappy. This would be an objective warning to
parties to structure their contracts with crystal clear intent.


>
> |       Or: transfer your data to a datacenter in the US where the laws are
> |       different and nasty.  That's completely normal in Canada.
> |
> |       Strangers have access to poorly stored corporate data.  Just look
> at
> |       the LifeLabs case revealed yesterday.
> |
> |
> | This is a function of all the Corporate deregulation since the 60's and
> the dilution of
> | CSR in operations.
>
> What's "CSR"?
>

In older Corporate SAP documentation it was Customer Service Response.
Depending on the organizational
mandate these days it is now used in the context of Corporate Social
Responsibilites.

>
> I don't see how this relates to deregulation.  We've actually gotten
> more privacy regulation since the 1960's.


Well dergulation in the 60's eliminated the necessity that all business
operations in Canada be incorporated. This
radical change provided for the opertation of Sole Propritorships.
Initially this was done so that the professions of
Doctor, Lawyer and Engineer could be practiced more easily and without
having to join into large corporate groups.
As time went by and more and more specialized educational programs
developed, so too did the kinds of sole
propritorships on offer to the general public increase. Now its at the
point where anyone can go into any business
and any oversight is purely reactive. This cut the cost of government's
proactive enforcement of business regulations.

So I actually assert that due to deregulation we have less privacy now than
the 60's. What we do have is more and more
people telling us they are trustworthy and fewer actual examples of
trustworthyness.


> | Privatization of our health testing and the data that comes with it, was
> a very slippery
> | slope. Lifelabs indicates the scope of that slope as we begin the slide
> down it.
>
> Actually, health care in Ontario was largely private until OHIP
> (introduced in the 1960s).
>

In those days there were few testing labratories outside of hospitals, or
xray machines for that matter. By the
end of the 70's, health complex's came into being, They served to house
independant doctors and testing labs would
then pay rent along with them in order to share facilities. These grew into
what are now known as LHIN's, Local Health
Improvement Networks, here in Ontario anyway.

>
> | In Alvins Telecommunications case, It's kind of funny in a way. Since a
> computer is an RF
> | device, by using it you are a broadcaster under license. You are
> responsible for any
> | RF interference it creates.That is the broadcasters responsibility,
> carriers are a different
> | part of the story and their duties are limited under contract and the
> specific requirements
> | of their carrier agency permit.
>
> I neither understand that nor see how it relates to privacy.
>

Well wireless communications go over the public airwaves. Interference
takes many forms, like cyberstalking
and harassment. Your sent and received call record is your own record
stored on the company server and your
provider has to protect that call record from disclosure. It is not easy to
breach this trust arrangement, but this is
why a warrant can be obtained for an individuals private phone and banking
records in certain circumstances.


> | I thought I was highlighting some of the alternative choices that people
> | would usually have when shopping for Telecommunications services and the
> | inherent assumption of risk involved when providing personal information
> under
> | contract law.
>
> It's good for people to know their options.  But some options are more
> theoretical than practical.
>

All Canada's laws are a part of broad legal theory. They are tested from
time to time in the courts of justice and
the results are published for all interested parties to read and come to
their own understandings. It is a fundamental
principal of the law that all persons of the age of majority, are legally
able to understand and follow the law. This is not
always true. For instance a contract may be struck down if it is signed by
a party who is under the influence of alcohol,
as the person may be deemed to be non compose mentis (not of sound mind) at
the time. Or, there are cooling off perions
proscribed under law for when someone comes to your door and solicts your
business and you sign a contract. You have
as certain amount of time to void the contract before it takes legal effect.


> John Gilmore is not allowed on planes or trains or buses (he wore a
> button that read "suspected terrorist" and refused to remove it (I
> have one of those buttons too)).  He has no driver's license because
> the California authorities require some information of him that they
> are not allowed to require (SSN?  I don't remember).  This is a steep
> price to pay for standing up for your rights.


> Random google hit:
> <https://boingboing.net/2003/08/03/why-john-gilmore-is.html>
>
>
Free speech is rarely free, there will always be a price to pay in one way
or another..


> |       A friend of mine probably died due to standing on such principles.
> |       (In the US, he could not afford health care.  He had wealth that he
> |       could not access due to these principles.)
> |
> |
> | Not sure I understand this bit about your friend standing on principles.
> But I do
> | admire principled people.
>
> Sorry, for privacy reasons I don't wish to lay it all out.  In this
> case, death was an indirect consequence.
> ---
> Post to this mailing list talk at gtalug.org
> Unsubscribe from this mailing list
> https://gtalug.org/mailman/listinfo/talk


--
Russell
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/talk/attachments/20191218/bd70d387/attachment.html>