Insights For Success

Strategy, Innovation, Leadership and Security

Fairplay - Canadian media companies want the CRTC to adopt more anti-piracy regulations

Edward KiledjianComment
Screenshot 2018-04-08 at 2.43.43 PM.png

NOTE: I want to say up front that I believe content creators should be compensated for their work but history proves that laws cannot change user behavior. Make content available affordable in a flexible manner and see what happens (e.g. the streaming music model dramatically reduced music piracy because it became affordable and easily available on all of your devices). 

A coalition of 25 Canadian media companies are petitioning the Canadian Ratio and Telecommunication Commision (CRTC) to establish a new piracy review agency called the Independent Piracy Review Agency [FairPlay movement].

Who makes up this coalition? See the list below but it includes : Actra, ADISQ, Bell, CACE, CBCB, Guzzo, Cineplex,Cogeco, Corus, eOne, etc.

Screenshot 2018-04-08 at 2.56.00 PM.png

 

The recommendation is that media companies want this new IPRA to have the authority to act quickly without needing a court order to block an offending website. 

Understandably many organizations (e.g. OpenMedia & SumOfUs) have mobilized their support base to voice their objections. The first round of comments ended on March  29, 2018, and we can see close to 10,000 comments against the FairPlay proposal. 

Screenshot 2018-04-08 at 2.52.14 PM.png

The common thread amongst the comments is that Canadians do not want a small group of publishers to have the power of censorship over the internet. 

Supporters believe the case is clear-cut and the government must act to protect rights owners. Other companies (like ISPs Telus, Shaw) are not card-carrying members but have shown their support for the proposed plan. You can read the Telus Intervention document (support document) here

All supporters of this plan know the public may complain of possible "over restrictions" and most supporting documents go to great lengths to convince the CRTC commission that controls will be in place to avoid "censorship".

I am proud that my Internet Service Provider, TekSavvy is taking the side of Canadians and has come out against the proposal. I believe in voting with my money which is why I chose TekSavvy as my ISP when I moved. I want to encourage more companies to defend the interests of everyday internet using Canadians. 

The [...]proposal for site blocking would fundamentally reshape how Internet services would work in Canada,
— TekSavvy

Open Privacy is a not-for-profit group whose mandate is to empower communities through technology. They have come out against FairPlay on the grounds that it will harm the internet's integrity and openness. Open Privacy believes FairPlay regulations will negatively impact internet affordability and online privacy of Canadians. 

NOTE FROM SITE: We know major telcos have deployed deep packet inspection technologies to determine what users are doing online. It is reasonable to assume that these technologies will become more invasive once this change passes. 

The Creative Commons , A not-for-profit that has created a suite of licensing tools to enable content creators to share their content more freely has come out against this proposal. 

It is not apparent why online copyright infringement should be dealt with as a telecommunications matter — as opposed to a copyright matter
— Creative Commons

Even the Canadian Internet Registration Authority, the group behind the .ca domain name system, has come out against this proposal stating that existing copyright protection tools are adequate, effective and sufficient. 

Conclusion

This is a thorny issue with both sides convinced they are speaking the truth. History has shown that piracy cannot be controlled by regulation. The government stopped Napster (back in the day) but they didn't kill piracy. I believe piracy can only be reduced when content is made available easily (without draconian Digital Rights Management arbitrarily determining where and when you can play content you have paid for) and must be offered at a reasonable price. 

Many Canadians feel like they have been beaten with the proverbial stick by Canadian media companies. They feel trapped by expensive content that isn't watchable everywhere. Many see piracy as a silent revolt against the establishment. 

Best URL shorteners

GeneralEdward KiledjianComment
UTL_short.jpg

URL shorteners are something you either use a lot or never. Google launched it's own URL shortening service in 2009 with unique (at the time) features like third-party API access, QR code generation, ability to use easily on mobile. 

But Google is retiring this public facing service and replacing it with Firebase Dynamic Links (FDL) accessible by developers only. 

This is not surprising since Twitter retired Deck.ly when it acquired TweetDeck.

If you have links, Google is giving you until March 30, 2019, to figure out what you are going to do (even though you will lose the ability to create new short links on April 13). 

google_short1.PNG

What are the best Goo.gl alternatives?

bitly.PNG

1 - Bit.ly

The first alternative has to be Bit.ly which is one of the most popular URL shortening services on the internet and one of the oldest. You create an account and then generate short links as required (you can also choose a tag to group your URL). 

Bitly allows you to create custom branded short URLs, which is excellent for marketing. 

Owly.PNG

2 - Ow.ly

Hootsuite runs a service called Ow.ly. Ow.ly offers all of the features of Bit.ly but integrates with HootSuite. So if you use Hootsuite to manage your social media presence, this could be the best option for you.

The big difference is that Bit.ly allows you to quickly shorten a link from their main webpage without having to sign-up whereas Ow.ly does not.

rebrandly.PNG

3 - rebrandly.com

Many lists include Firebase from Google but I am omitting it since it is only designed for use by developers in apps (not useful for the average Joe). My last recommendation is Rebrandly.com which offers custom URL shorteners. Many large cloud companies are Rebrandly customers (such as Microsoft, Dropbox, etc).

rebrandly1.PNG

Before you get scared and look away, they offer a free tier that will meet the needs of most users.

Conclusion

A URL shortener is a service that you will rely on for years, and I have presented the companies (services) that look to be the most stable. Remeber that when the service disappears's your links break which could wreak havoc on your social strategy.

Quebec to change tax collection rules for foreign tech companies

GeneralEdward KiledjianComment
calculator-428294_1920.jpg

Montreal's La Presse newspaper is reporting that "two high-level government sources" have confirmed that the upcoming Quebec budget (March 27, 2018) will include new sales taxes levied on foreign tech companies like Netflix, Amazon, Google, and Apple, that do not have a Quebec presence. 

As it currently stands, these non-resident foreign companies are not expected to collect sales taxes from consumers. Under current regulations, the government expects consumers to auto-report these purchases and submit the necessary taxes. 

Based on a November report, the Quebec government believes it lost 270M$ during the previous fiscal year because of this collection model. 

Additionally, the government believes local merchants selling online are disadvantaged by the extra tax burden

The intent will be to:

  • collect sales tax on products and services (intangible) coming from outside of Canada
  • collect sales tax on physical goods physical goods coming from outside of  Canada
  • collect sales tax on goods (tangible or intangible) coming from the rest of Canada

La Presse reports that these new tax rules will be implemented regardless of Ottawa's position or opinion. 

What makes a good Chief Information Security Officer (CISO)

GeneralEdward KiledjianComment
boss-2179948_1920.jpg

Only five years ago, the title of Chief Information Security Officer was likely awarded to an employee that had worked hard and was dedicated to the company. It was an honorific title often given as a reward. Times have changed and companies need a new breed of CISO.

The number, severity, and impacts of cyber threats are continually increasing. Companies now rely on complex highly integrated IT systems whose confidentiality, availability and integrity are paramount. 

The WannaCry ransomware was a good example of how poorly managed security can cripple an organization. The National Health Service in the United Kingdom had up to 70,000 infected devices and was forced to turn away non-emergency patients. (1)

The CISO is now a senior-level business executive who can directly impact the profitability and viability of an entire organization. Instead of being a technical specialist, the CISO must now be a seasoned business leader that can become a trusted advisor to other executives within the organization. 

CISOs can help maintain your brand value, help build relationships with various stakeholders, and are charged with protecting an organization's most important assets (the digital ones).

The job of a true modern CISO is getting harder by the day, and organizations need to ensure they have the best CISO they can find & afford, to guiding them. 

If we agree that the nature of the CISO's role has changed and that the modern CISO is a very different creature than his predecessor, what makes a good CISO?

1 - Problem solvers

A modern-day CISO can solve complex rapidly changing problems under stress and high pressure. A CISO must enjoy solving complex puzzles while being able to juggle day-to-day tasks and driving the organization's long-term vision. The CISO must understand that every decision made today can have dramatic repercussions tomorrow. 

2- The CISO must be a people person

The modern CISO is often a front-line representative of the organization to shareholders, customers, partners, and regulators. They must have the ability to build strong relationships based on trust and respect. The CISO must have the ability to communicate complex security issues to stakeholders that may not understand even basic IT. The modern CISO must be a people person. The modern CISO must lead his team with fervor and engender commitment from the security team. 

3 - The CISO is a citizen of the world

Information flows without respective national boundaries, but companies are being asked to navigate complex global regulations that sometimes contradict each other. The only way a CISO can manage this increasingly complex regulatory environment is with non-traditional skills (for an IT person) that include law, business, compliance and governmental relations. 

4 - The CISO must be business minded

The CISO must make security decisions based on how it impacts the organization or enables the organization to perform its primary business functions. The CISO must weight security decisions against profitability, efficiency and must build a competitive advantage for the organization. A CISO must be obsessed with efficiency and must be resource conscious (people, time and money). Gone are the days when a CISO makes purely technical decisions based on technical need. 

5- CISOs tend to be workaholics

Even if work-life balance is all the rage, a CISO is always on call. Unfortunately, the bad guys never take a break and often neither does the CISO. It is common for a CISO to work long hours and weekends while guiding the organization to where it needs to go. The modern CISO is humble and respects the capabilities of his/her adversaries. A CISO must always be vigilant. A CISO is continually thinking about how he/she will keep the organization one step ahead of threat actors.

6 - Strong team building skills

CISOs work long and hard but so do their teams. A CISO must be self-confident enough to hire the highly skilled professionals the organization needs to succeed. I have met many CISOs who refused to hire employees that were more technically competent than them for fear of being replaced. This is the reflex of a "bad" CISO that doesn't understand his/her new role. A good CISO will hire the best resources he/she can find and them coach them to grow and become exceptional. The stronger the team, the better the CISO.

7 - Your CISO doesn't need to be certified 

Full disclosure, I do not currently hold any security certifications but I believe I can challenge anyone that does. The CISO is a business professional with security experience, not a security professional with business experience. 

You should rely on the proven track record.

Conclusion

The role of CISO is constantly changing, and the ideal candidate must also be constantly evolving.  I have been a security executive since 2001 and have seen the role of CISO morph from a backroom function performed by geeks, to a font of the house leader that can communicate with clients and regulators. The right CISO can drive business growth while the wrong one can sink your entire organization. 

Invest the time, energy and resources required to hire the right CISO for your company. If you have a CISO already, make sure he/she is the right one your organization needs right now. 

---------------------------------------------

(1) Ungoed-Thomas, Jon; Henry, Robin; Gadher, Dipesh (14 May 2017). "Cyber-attack guides promoted on YouTube"The Sunday Times. Retrieved 14 May2017.

Canadians can find out what data a company stores about them

GeneralEdward KiledjianComment
Data.png

The average consumer is starting to realize how much personal data companies collect about them. 

RELATEDHow Target knows you are pregnant through data analytics

Consumers should be concerned about what data is collected, how is is used and who it is shared with. 

Canadian privacy laws ( like Personal Information Protection and Electronic Documents Act) allow consumers to access their information (aka companies must respond to a request for personal information held by the company).

Principle 4.9: Upon request, an individual shall be informed of the existence, use, and disclosure of his or her personal information and be given access to that information. An individual shall be able to challenge the accuracy and completeness of the information and have it amended as appropriate.
— PIPEDA

PIPEDA section 4.9 mandates that companies respond to Data Access Requests within 30 days of receipt. The information must be made available for free or at a reasonable cost.

Principle 4.9.4: An organization shall respond to an individual’s request within a reasonable time and at minimal or no cost to the individual.
— PIPEDA

Some companies use legally complex wording and vague statements in their privacy policies to hide the level of detail collected and to obfuscate how it is used. The Data Access Request allows any individual to understand (and see) what has been collected and what is being done with their information. 

What is a Data Access Request?

Toronto based Citizen Lab has created and operated a site called Access My Info. The site was created to simplify how Canadian's create and submit Data Access Requests using templates. 

AMI.PNG

Testing it

I will submit a couple of test requests and see how companies respond. If you are a Canadian, I encourage you to try this as well.