I am not a lawyer, but I would be surprised if this holds water, legally speaking. Imagine going to an amusement park and signing a waiver that the park takes no responsibility for your injuries. If you climb aboard a rollercoaster that hasn't seen any maintenance in 20 years and you get decapitated, I'm pretty sure the park is still legally responsible. Getting someone to sign something that says "we did our due diligence" doesn't make it true.
> "any script, robot, spider, Web crawler, screen scraper, automated query program or other automated device or any manual process to monitor or copy the content contained in any online services"
But the CRA already anticipated this and explicitly disallowed headless clients
So, not allowed to use Ctrl+C on their website?
Why does a government want to protect itself from hacking liability via ToS in the first place. Couldn't they, you know, just pass a law saying they're not liable?
[1] https://en.m.wikipedia.org/wiki/Mike_the_Headless_Chicken
The ICBC has a literal state sponsored monopoly over car insurance, titling a vehicle and driver licensing, whereas in the US no state handles car insurance, while titling a vehicle and driver licensing are not necessarily the same state organizations.
This state sponsored vertical integration enables abuse of authority in cases like https://www.reddit.com/r/nottheonion/comments/xa9j3x/church_...
Whereas here in the US I know many people that mix and match between different states DOLs and DORs for a variety of reasons, and your not going to get stuck with the same stubborn employee who can control every facet of your ability to identify yourself and also legally drive a vehicle on the road.
The DUI checkpoints up in BC are wild too, I'm glad they are banned in Washington and Oregon. Suspicionless stopping of cars en masse followed by interrogation by police seems like an overreach.
I’m pretty sure Canadian DUI checkpoints are limited to interrogations about alcohol/drug intoxication (edit: and a few matters regarding the vehicle itself) unless something else is offered/observed.
Supreme Court basically agreed that they are warrantless and detainments without reasonable suspicion, but considered them acceptable for the purposes of preventing drunk driving so that’s all the carve out it for. See R vs Mellenthin here: https://torontodui.com/knowledge-centre/everything-you-need-...
(Worth noting that Canada’s constitution is basically toilet paper for a lot of things because a judge (or politician!) can override a lot of it)
Which in effect means that they are unlimited. They make wide use of drug detecting dogs. If a drug dog indicates you might have contraband, that allows further intervention. It is widely known that drug dogs can , worst case, be trained to hit when a hit is not present. Best case they have a bond with their handlers that tells them that the handler wants there to be a hit, whether the handler consciously conveys that or not. This increases the odds that there will be a hit.
Drug dogs are basically a override-the-law get you into jail free card, and any system that allows them as evidence of probable cause basically does not require probable cause.
I was just wondering about these (in the US) the other day. When I was growing up, I seem to remember them being a thing and going through them as a passenger but in 20+ years of driving, including on NYE/July 4 and late at night, I've never come across one.
Are there still states doing these?
No, this is only true for the most basic plans (called Autoplan). For anything beyond this, eg third-party liability, collision, comprehensive, etc., you can buy private insurance or go with ICBC for those plans too if you want.
There has been a lot of pushback to DUIs. I did a poli-sci BA thesis on it. Essentially its one of the few times they make exception to constitutional rights, and assume guilt without due process.
A fairly deep explanation of what I'm talking about, and why states like WA gave up on it:
Many drivers are worse alcohol-free than a legally drunk good driver.
Focussing on one cause of bad driving (lots of alcohol) is a weak approach to road safety.
> https://www.reddit.com/r/nottheonion/comments/xa9j3x/church_
to get
> Sorry, this post has been removed by the moderators of r/nottheonion.
> Church of the Flying Spaghetti Monster's ICBC pirate hat fight deepens
It's impressive to see how omnipresent the government is everyday life in Canada, often via these state sponsored entities with bizarre ties to the government.
Alcohol sales are handled by government-owned stores (because it takes the government's unique expertise to run a liquor store?). Dairy products are subject to production quotas administered by the government, and excess production has to be destroyed (it is illegal to compete and lower your prices!). Car insurance is done through the state run monopoly so you can't shop around for rates. Health is handled by a single player, so you have no say in which providers you are assigned to (if you get one at all, they can deny coverage with year long wait times but you are still on the hook for the tax bill!). The country's largest broadcaster is state owned and operated, with journalists on government payroll reporting on... the government! Say the right thing and you might even land yourself a cushy government job [0]
Government run car insurance only exists in two or three provinces. It’s the exception, not the rule.
The CBC is not “on government payroll”. It’s run independently but government funded. If you’ve got significant evidence of political parties interfering in the CBC’s reporting I’d love to hear it.
I’m not sure why you singled out Canadas first black, female, Governor General as being a problem. The GG’s role is a ceremonial, public facing, non-political role that perfectly suits someone well known who’s adept at public speaking. She’s not even the first former journalist to get the posting. Others were famous astronauts, military heroes or business leaders.
While there’s some truth in what you say (health care is in a real pickle, the dairy board is just bizarre) the rest is textbook right-wing propaganda.
It is now:
Hey u/misanthrope2327, thanks for contributing to r/nottheonion. Unfortunately, your post was removed as it violates our rules:
Rule 2 - Sorry, but this story isn't oniony.
As an observer of the process, they definitely have an impact. You can see people spot the checkpoint and then peel off to the nearest onramp / off-street where they then get picked up by the special checkpoint designed to ask some questions of people willing to cross medians to avoid a standard checkpoint.
Not just BC. ON, too.
I don't know Canadian law, just for fun this is my understanding of it under US laws which are likely similar although Canada usually has more consumer protections.
You generally can't waive negligence. Those waivers can be useful for things like a trampoline park - someone lands on their ankle wrong and injurs it, the waiver deals with assumption of the risk - landing incorrectly is a reasonable risk due to the nature of the event. However if a net was missing and you hit the concrete floor - that would be under negligence of the premises owner.
My guess (not a lawyer just guessing) is that if they followed all best practices and someone bruteforced an RSA 2048 key which is currently understood to not be (reasonably) possible - that might be covered? However if they left a S3 bucket open without a password, that would be under negligence?
Not a lawyer either, but to me, since users have no means to protect themselves against a backend breach, it seems like it would inherently be the fault of the business.
My chosen parallel would be owning a dog. Owning a dog has some inherent risk, because even if you take all precautions, there's always a chance it gets off it's leash or breaks out of the yard and bites someone. "I had a fence" shouldn't free you from liability; the fence was insufficient because someone still got bit. The only way to be free of that small risk is to not own a dog.
I view data the same way. Storing sensitive data comes with an inherent risk that it will be compromised. By asking for and keeping that data, companies assume the risk of that data being breached, and any resulting damage. If that risk is unacceptable, don't ask for or keep the data. Or find some way to make it so the data can't cause damage even if it's stolen (e.g. by using some kind of public tax ID).
I suspect the same would be considered for computer security. Hacker News and a Bank have very different bars for what’s reasonable.
That being said, My Account is a useful, albeit very flawed online tool.
Src: https://www.canada.ca/en/revenue-agency/services/e-services/...
You will have to prove a lot of "facts" to win that lawsuit. Especially since your social number(s), email, phone, whatsapp, etc are all public info already.
Recall a few years ago an uneducated hacker ("script kiddie") got part way into a CRA website and they took the whole website down for a week. (The attacker was caught, and prosecuted iirc.)
When I encounter clearly dodgy terms like this I often contact the organization and tell them I do not accept the given clause. Sometimes they say 'stop using our service' (rarely enforced) but most often they simply don't respond.
Someone at CRA with authority to fix this might perk up if thousands of Canadians start emailing them about it, report it to MP's, the Privacy Commissioner and other ombudsmen, etc.
For example let’s look at Ireland.
[0] Ireland tries to exclude itself from GDPR https://www.thejournal.ie/data-protection-bill-2018-3853647-...
[1] Entire health system compromised and possibly majority of PHI data exfiltrated https://www.hse.ie/eng/services/publications/conti-cyber-att...
[2] Irish health service only begins notifications to confirmed affected individuals a year later https://www.hse.ie/eng/services/news/media/pressrel/hse-begi...
[3] selective punishment of companies whose data is breached eg google https://techcrunch.com/2022/03/14/dpc-sued-google-rtb-compla... vs meta https://www.dataprotection.ie/en/news-media/data-protection-...
Laws unevenly applied make a mockery of justice.
My understanding is that member states (and perhaps all sovereigns) are not required to comply with GDPR unless they explicitly choose to.
> However, the Internet is a public network and there is the remote possibility of data security violations.
They conveniently ignore the fact that HTTPS is pervasive and that you can reasonably carry private conversations on a public network. And why don't they have a disclaimer for the fact that the telephone network is public and the mail network is public?
By comparison with the province of BC's web services, anything provided by the federal government looks straight out of science fiction. For example: https://www.corporateonline.gov.bc.ca/ ... have fun!
I think now (and the next year or two) might be a suitable time to pull a similar move.
The maintenance hours thing is unconsiable though. Sometimes i want to know how much tfsa room i have on sunday evening.
Which you wouldn't want to check with the CRA either, because the information is often incomplete and updated annually at best.
The CRA even advises that whatever numbers they give you are essentially fugazi, and you should keep your own records because if you make a mistake they will obliterate you with fines.
One of the mottos of the Canadian government is: if you make a mistake because we gave you the wrong information, it is still your fault and you will give us money.
Excerpts : 1458 Every person has a duty to honour his contractual undertakings. Where he fails in this duty, he is liable for any bodily, moral or material injury he causes to the other contracting party and is bound to make reparation for the injury; neither he nor the other party may in such a case avoid the rules governing contractual liability by opting for rules that would be more favourable to them.
https://www.legisquebec.gouv.qc.ca/en/document/cs/CCQ-1991?l...
1474 A person may not exclude or limit his liability for material injury caused to another through an intentional or gross fault; a gross fault is a fault which shows gross recklessness, gross carelessness or gross negligence. He may not in any way exclude or limit his liability for bodily or moral injury caused to another.
1475 A notice, whether posted or not, stipulating the exclusion or limitation of the obligation to make reparation for injury resulting from the nonperformance of a contractual obligation has effect, with respect to the creditor, only if the party who invokes the notice proves that the other party was aware of its existence at the time the contract was formed.
1476 A person may not by way of a notice exclude or limit his obligation to make reparation with respect to third persons; such a notice may, however, constitute disclosure of a danger
1477 The assumption of risk by the victim, although it may be considered imprudent having regard to the circumstances, does not entail renunciation of his remedy against the author of the injury.
https://www.legisquebec.gouv.qc.ca/en/document/cs/CCQ-1991?l...
I don't think that the CRA is subject to Quebec law, and believe that the CRA may exercise sovereign immunity, though I'm not sure that it has done so in the past.
3149. Québec authorities also have jurisdiction to hear an action based on a consumer contract or a contract of employment if the consumer or worker has his domicile or residence in Québec; the waiver of such jurisdiction by the consumer or worker may not be set up against him.
3150. Québec authorities also have jurisdiction to hear an action based on a contract of insurance where the holder, the insured or the beneficiary of the contract is domiciled or resident in Québec, the contract covers an insurable interest situated in Québec or the loss took place in Québec.
https://www.legisquebec.gouv.qc.ca/en/document/cs/CCQ-1991?l...
https://en.m.wikipedia.org/wiki/Paramountcy_(Canada)
As GP noted, sovereign immunity might be relevant here.
But forget the CRA, ask me about how mine and many other peoples drivers licenses were suspended for weeks because the SAAQ totally fucked a software migration.
- Provincial: Revenu Quebec
- Federal: CRA
Other boondoggled IT projects brought to you by the Canadian government include the Phoenix federal government paysystem - which coming up on a decade now, some federal employees _still_ aren't getting paid correctly, and the ArriveCan app - which is their hastily created, bug-filled app for pre-entry customs processing checklists that had accessibility problems for the disabled which have likely still been ignored, among other issues.
Between this and the very dodgy reactions from government officials (or lack thereof) to the recent news of foreign influence in our politics and elections processes from China, I would say this country has had its core emptied out and replaced with a nougat center of tasty corporate corruption and money laundering goodness.
The attitude seems to be "Not enough money to create and maintain a system that respects the privacy of our citizens, but we'll just legalese our responsibility away because we can and we're the government so _there_! We're like a silicon valley company, just try to sue us!"
At least we know that tax companies in the states are lobbying to make it harder to file taxes with the US government - the Canadian government just makes it more difficult by themselves!
I for one would like our government to be as responsible as possible when it comes to handling our data - ideally having as little of it as possible, only the required amounts to interact with me as minimally as possible - instead of having it all available in a portal that can be easily compromised and hacked judging from previous leaks/breaches in the linked article.
The specific example was a paid garage that claimed no liability for any break-ins, any issue with the cars, etc etc. but he explained that if you are paying for a private parking, there are some expectations to the law and you cannot notice-board out of those. They are mainly a deterrent for people who are unaware of the law or these things, or made by a hapless manager.
In the US, there are a lot of gravel trucks that say something like
"Stay back 200 feet. Not responsible for broken windshields"
But the truth is: every vehicle on the road is responsible for not dropping stuff on the road. Especially dangerous stuff. Is it difficult in the case of gravel trucks - sure. But that doesn't matter.
The effectivly FORCE you to use this site as they try to cut costs and reduce "call in" support.
Then, they create a ToS which absolves them of all responsibility if they are hacked?
I would be willing to bet that if any Canadian business tried this the government would crack down and state it not permitted.
The government has a tendency of "do as i say not as i do".
Any Canadian can tell you that for the most part government IT is utter garbage.
<cough>arrive-can</cough><cough>Phoenix</cough>
....
Well that’s the value proposition of government, right? A monopoly on violence in exchange for a set of rules leading to a stable society.
They are not at the behest of the Treasury Board because the Treasury Board is a committee, not an administration or agency. The board has no executive authority whatsoever and exists to give advice to Cabinet rather than to perform or execute a duty. However, the individual members of the Treasury Board do have the ability to order the CRA, principally the Minister of National Revenue, who sits on the Treasury Board, is the executive of the CRA.
Perhaps you're thinking of the Bank of Canada, which is an actual corporation and operates in a semi-independent manner from Parliament, although technically Parliament has full oversight and authority over it.
(In some countries/companies this function is called the comptroller or the controller.)
Even the Canadian Coast Guard collective agreement is signed with the TBS.
I think these minor variations in corporate structure (or whatever you want to call it) embolden certain departments to go their own way, and forget their place in the whole of society.
See also the Canadian Mint copyrighting the penny.
(1) http://www.ipbrief.net/2012/09/20/a-cents-of-pride-royal-can...
https://www.canada.ca/fr/agence-revenu/services/formulaires-...
I say this because the My Account service allows a Canadian to check their balance, payments, credits, filing status, etc. It's there for anyone, ready to go, with whatever information the CRA has stocked it with. Your information, even if it started out on paper. It's pretty inconceivable that the CRA could function if the paper filings didn't soon end up in the same database as the e-filings.
Anyways, then at that point, your paper personal data is sitting right there behind the login of that same CRA site we're talking about. For your future convenience. Or leaking. Or hacking. And then we're back to ... "in the event of such occurrences, the Canada Revenue Agency is not responsible for any damages you may experience as a result."
not exactly the same thing, but this is a $500,000 class action lawsuit for losing a USB Key containing patient data:
https://www.thestar.com/news/gta/2012/05/28/durham_region_he...
The expectation is that the government protect your privacy or pay if they fail to do so.. as with any private data.
If you can show that they didn't have audits, protections against their DB, etc. then I can imagine they'd be as liable as a private entity.
But as is mentioned, this is all but demanded of Canadians to use this service, and yet the government is absolving itself of liability.
Not sure what would be the best way of getting rid of "legal fluff" though. I imagine it costs quite a lot to society to have to sift through pages of meaningless legal text in order to find important (actually valid) legal statements.
Nobody expects to be hacked until it happens.
[1]: https://www.canada.ca/en/employment-social-development/progr...
Basically an excuse to have the worst security and not be liable.
I don't know if it would hold if actual negligence was shown.
Feels like a "could the government do that" standard would be a good one to apply to any ToS when figuring out whether it's enforceable. Or maybe this is just more evidence that ToS should be generally and universally ruled unenforceable.
