Commercial Drone Regulations – Canada vs. US

When Canadians attempt to characterize aspects of Canadian culture, it’s not uncommon to draw comparisons with the US. I recently noticed that as I respond to questions about the Canadian regulations surrounding commercial drones, I often begin by stating that our regulatory framework is quite distinct from that of the US – here’s why…

In Canada, commercial operators can apply to obtain Special Flight Operations Certificates (SFOCs) from Transport Canada. It takes Transport Canada about 20 days to assess applications, and last year the agency issued 945 SFOCs to applicants representing a variety of industries including aerial videography, agriculture and oil and gas.

Generally, the Canadian regulations do not establish bright line rules governing drone operations – for instance they do not specify whether you need a pilot’s license to complete a commercial drone flight, or whether it is permitted to fly beyond the visual line of sight. Rather, Transport Canada assesses applications using a case-by-case approach. In order to obtain approval, applicants must show that they can mitigate operational risks to an acceptable level.

In the US, the Federal Aviation Administration (FAA) has been working to develop drone regulations since the enactment of the FAA Modernization Act of 2012. Until the framework is in place, those looking to fly for commercial purposes can only proceed by exemption. Most companies have been denied exemptions, the notable exceptions being a couple of oil companies that received approval to operate drones in remote areas of Alaska.

Last Thursday, the FAA extended regulatory exemptions to six Hollywood companies looking to film using drones. Although the Hollywood exemptions represent a move in a positive direction, the restrictions placed on the companies are quite onerous, for instance the operations must take place in a controlled closed-set environment and may only be completed below 400 feet and within the visual line of sight.

By comparison, commercial drone operations are the norm in Canada and will continue to be an exception in the US until the new rules are in place.


Legal and Ethical Issues Associated with Sensor and Drone Journalism

On March 18th, the Columbia Journalism School hosted a group of academics, lawyers, journalists and makers who gathered for a workshop on the legal and ethical issues associated with sensor journalism. The event was organized by Fergus Pitt, a Fellow at the Tow Center for Digital Journalism working on the Sensor Newsroom Project funded by the Tow Foundation and the Knight Foundation.

Workshop participants covered a wide range of topics including privacy, data accuracy and intellectual property. I participated in two panels: the first featured a discussion on regulatory and intellectual property issues with Mike Hord, Electrical Engineer at SparkFun Electronics and Matthew Schroyer, Founder and President of the Professional Society of Drone Journalists; and the second featured a discussion with Deirdre Sullivan, Senior Counsel at the New York Times on risks and liabilities associated with drones.

Mike Hord led an interesting discussion on the Federal Communications Commission (FCC) rules governing the electromagnetic spectrum. While commercial entities face stringent testing requirements for electronic devices, the good news for hobbyists is that the rules permit individuals to use a single design to build up to five electronic devices without having to complete any testing. However, even though testing may not be required in these cases, individuals must comply with all applicable rules. For instance, if a device causes unacceptable interference, the user may still face legal penalties.         

Matthew Schroyer explored closed and open source models in the context of sensor journalism. Media companies that develop closed technologies can benefit from clear revenue streams from licensing activities. Although newsroom technologies remain predominantly closed, journalists are increasingly adopting open source tools. The open source model presents many advantages to journalists, for instance it promotes transparency and accountability, which are particularly important in the context of sensor journalism investigations in which accuracy and precision are critical.

Deirdre Sullivan and I explored the risks and liabilities that media companies and journalists face when developing and operating drones, an obvious concern being the risk of physical injury or substantial property damage.

Deirdre approached these concerns from a negligence perspective. Tort liability for negligence can be applied where an individual has a duty, the duty is breached and injury results. A journalist operating a drone has a duty to not place others in foreseeable risks. If the journalist breaches this duty – for example, by flying dangerously close to a crowd at an outdoor concert – and someone is injured, then it is likely that a negligence claim would succeed. Deirdre also explored the potential application of negligence per se in the context of commercial use of drones. Generally, when an action violates a statute (i.e. speeding), such action conclusively establishes negligence, hence the term negligence per se. Since commercial drone operations currently fall in a legal grey area, Deirdre suggests that it is unclear whether negligence would be presumed in personal injury claims arising in the context of commercial drone operations.

I explored the application of product liability concepts to open and closed drones, and suggested that liability is more straightforward in the context of closed drones. For example, a closed drone may be built with safety features such as ‘sense and avoid’ technology to reduce the risk of collision. If these features do not function, then the developer may be held liable for personal injury or property damage. However, if a journalist operator modifies a drone in violation of the end-user license, then the developer could avoid liability by claiming alteration as a defense, and the operator is likely to be on the hook for personal injury or property damage that occurs.  

In the case of open drones, liability is more problematic. Assume a journalist operator modifies a ‘sense and avoid’ radar and adds communication and weather modes. If the revamped drone crashed into a person, causing bodily injury, who would be liable? A court would have to engage in a complicated analysis to determine whether the underlying technology or the modified upgrade is to blame. And, the initial developer of the open ‘sense and avoid’ radar would not be able to avoid liability by simply claiming alteration as a defense.

Although open technologies may be more problematic than closed designs from a liability perspective, industry measures may be adopted to mitigate liability risks. Developers of open technologies can look to licensing as a mechanism to allocate liability and promote non-harmful and ethical use of their technologies. For example, a sufficiently and selectively open license may be used to prohibit end-users from removing safety or privacy features incorporated by upstream developers.

For those interested in further reading, the workshop papers will be published in June by Columbia University.

Privacy Considerations in Setting up Tweed’s Medical Marijuana Distribution Business



Medical marijuana growing at Tweed’s Smiths Falls location


After April 1st, Tweed Inc. will be among the first businesses to sell medical marijuana in Canada. The new legislative framework that will be in effect on that date allows businesses that have received licenses from Health Canada to grow and sell medical marijuana. Tweed has started production activities in its Smiths Falls facility that was previously home to a Hershey chocolate factory. Over the last couple of months, I had the opportunity to work with Tweed to develop its privacy policy and practices to ensure compliance with the Marijuana for Medical Purposes Regulations (MMPR) and applicable privacy legislation. The following is a summary of some of the privacy considerations we looked at in establishing Tweed’s medical marijuana distribution business.

The Application Process

The MMPR require applicants registering to become clients of licensed medical marijuana producers to provide certain personal information, including their name, date of birth and gender. The MMPR also require information about the residences of applicants. For example, if an applicant does not live in a private residence, the applicant must disclose the type of residence that he or she lives in (i.e. a shelter).

Because an individual is only permitted to use medical marijuana if he or she has a “Medical Document”, a producer seeking to sell medical marijuana must be able to contact the applicant’s health care practitioner to verify the applicant’s prescription. Before this can be done, the applicant must complete a consent form granting the distributor permission to contact the applicant’s health care practitioner to inquire about the prescription.

Purchasing Medical Marijuana

Once applicants become registered clients, they can purchase medical marijuana from their distributors. Distributors are required to maintain records pertaining to purchases in order to comply with regulatory requirements. In certain circumstances, the MMPR requires licensed distributors to disclose information about their clients to the police. In the interest of transparency, Tweed’s privacy policy outlines the legal obligations regarding such disclosure and the steps that Tweed will take prior to responding to such law enforcement requests. For example, before Tweed will disclose information about a client, the police officer making the request must provide Tweed with the full name, date of birth and gender of the individual being investigated.

The Delivery Stage

The delivery stage is very important from a privacy perspective. Health Canada itself learned this lesson last November when it sent notices to 40,000 individuals using medical marijuana in envelopes showing the patients’ names and referencing the Medical Marijuana Access Program. As expected the disclosure of such personal information has resulted in the initiation of a class action lawsuit against Health Canada.

In order to maintain the privacy of its clients, Tweed will be using a secure delivery service. The external packaging of the deliveries will not contain Tweed’s name, its famous address (1 Hershey Drive), or information disclosing the medical marijuana contents of the package.

Transparency and Accountability      

As far as personal information goes, health information ranks among the most sensitive in nature as it reveals the most intimate details of individuals personal lives. Accordingly, it is particularly important for businesses handling such information to operate in a transparent and accountable manner. More information about Tweed’s privacy practices and the contact information of Tweed’s Chief Privacy Officer can be found on Tweed’s website.

*This post was written with permission from Tweed.

Canada’s Anti-Spam Legislation: What businesses need to know

Before Canada’s new Anti-Spam Legislation (CASL) comes into force, businesses operating in Canada will need to review and modify their practices to ensure compliance with the new requirements regarding commercial electronic messages and the installation of computer programs. CASL will come into force in three stages over the next few years – the following is a brief summary of the main provisions of each stage.

Stage 1 (July 1, 2014): Commercial Electronic Messages (CEM) Provisions

Subject to meeting any of the prescribed exceptions, CASL creates a prohibition against sending CEM, except in cases where the receiver has consented to receiving CEM, and the CEM meets the prescribed requirements. There are certain situations in which consent may be implied. For instance, consent is implied where there is an “existing business relationship” as defined in CASL and its accompanying regulations. An example of a qualifying “existing business relationship” is one in which there has been a purchase or lease of a product or a service in the two years preceding the sending of the CEM.

If an existing business relationship does not meet any of the conditions for implied consent, the business must seek express consent from intended recipients. A valid express consent must also meet certain prescribed requirements. For example, a business seeking consent must clearly convey that it is seeking consent to send CEM, and intended recipients must take an active step to indicate their consent to receiving such CEM. This means that standard business practices such as using opt-out mechanisms or implementing a pre-checked consent box will no longer be acceptable.

CASL also specifies certain requirements regarding the form and content of CEM. Each CEM must: identify the sender; disclose the sender’s contact information (as prescribed); and provide a mechanism to allow the recipient to unsubscribe. The unsubscribe mechanism must allow the recipient of the CEM (at no cost to them) to indicate the withdrawal of their consent, and must include the contact information of the sender which must be valid for at least 60 days after the CEM is sent. A request to unsubscribe must be given effect in no more than 10 business days.

Stage 2 (January 15, 2015): Provisions Related to Installation of Computer Programs

CASL prohibits a business from installing certain categories of computer programs on computers belonging to other people, unless the business has obtained express consent from the persons on whose computers the programs are being installed. Additionally, businesses seeking to install computer programs must comply with certain requirements regarding the unsubscribe mechanism. For instance, businesses must provide the recipients of computer programs with an email address to which the recipients may send a request to remove or disable the programs. The email address must be valid for one year after the programs are installed. In cases where consent was obtained based on an inaccurate description of the applicable computer program, the business which installed it must assist in removing or disabling the program.

Stage 3 (July 1, 2017): Private Right of Action

CASL creates a private right of action that enables individuals to seek compensation from individuals and businesses that contravene the provisions. Individuals will be able to seek compensation for actual losses, damages and expenses incurred due to contraventions. It is expected that once these provisions are in force, class actions will soon follow.

Next Steps

As CASL’s three stages come into effect, businesses operating in Canada that are sending commercial electronic messages or installing computer programs should seek legal advice to ensure compliance. This summary is intended to highlight CASL’s key provisions, and in light of the nuances of CASL and its accompanying regulations, it is recommended that businesses obtain legal advice regarding compliance.

Amazon Drones: The gap between vision and regulation

On Sunday’s 60 Minutes interview, Amazon CEO Jeff Bezos unveiled the company’s plans to offer drone deliveries within 30 minutes, igniting discussion filled with excitement and questions. On the forefront, is the issue of when we can expect to see Amazon’s drones on the horizon.

In the US, the Federal Aviation Administration (FAA) is currently devising rules for integration of drones into the domestic airspace, with a view to enabling commercial use by 2015. Although the FAA rules will certainly open up the airspace to commercial drones, it has yet to be determined whether the framework will enable applications like Amazon’s.

In Canada, commercial drones are already in use, however each operation must be approved by Transport Canada through the issuing of a Special Flight Operations Certificate (SFOC). In order to be approved, the applicant must complete a risk assessment and outline steps that will be taken to mitigate the risks to an acceptable level. Normally, it takes at least 20 days to obtain a SFOC, and in many cases (especially for first-time applicants) the process is longer. The Canadian regulations are also under review, as the UAS Program Design Working Group is set to make recommendations for amending aviation regulations by 2017.

Regulators on both sides of the border will have a difficult task ahead – balancing innovation and safety. Hopefully, the new regulations that are set to come out in Canada and the US will not stifle commercial applications like Amazon’s.

Glass, feature creep and the ‘end of privacy’

It’s been a year since Google co-founder Sergey Brin introduced the world to Project Glass, igniting debates about what’s cool and creepy about the specs.

On the one hand, the technology has the potential to disrupt numerous industries – education, medical, and law enforcement to name a few.  But, at the same time, Glass raises obvious privacy concerns, as the web-enabled specs allow users to capture photos, take videos and share live footage.

Google has implemented various measures aimed at alleviating concerns about the privacy implications of Glass.  For instance, Google incorporated a red light intended to put the public on notice when the camera is in use.  The Glass developer policy also provides the following notice:

 “Don’t use the camera or microphone to cross-reference and immediately present personal information identifying anyone other than the user, including use cases such as facial recognition and voice print. Applications that do this will not be approved at this time.”

And, Google states that it intends to remotely block apps and disallow automatic software updates in an effort to prevent unintended uses of Glass.

However, for all of Google’s efforts, preventing feature creep will be a futile exercise.  For example, hacker Stephen Balaban of Lambda Labs is working on developing an alternative operating system that allows users to incorporate facial recognition into the specs.  A quick review of the #ihackglass twitter stream suggests that he’s not the only one…    This reality has prompted some privacy advocates to suggest that Glass may be the end of privacy as we know it.

Is Glass the end of privacy?  Probably not – and certainly not any more so than other emerging technologies that have widespread privacy implications, such as drones (which at least for now are much cheaper to obtain than Glass).  But even if we accept that Glass is the most privacy-invasive technology on the immediate horizon, the net effect of Glass is not necessarily going to be bad for privacy.

Technologies like Glass provide immense opportunity for innovation in privacy.  You know all of those people who are worried about Glass?  They represent a mass consumer market for developers of responsive privacy enhancing technologies.

Admittedly, the trajectory of technological innovation has favored privacy-diminishing products – but this need not be the case.  For instance, NYU researcher Adam Harvey is reverse engineering facial recognition technology with the goal of developing makeup that blocks the technology from being able to read human faces.  As this example suggests, at least from the perspective of innovation in privacy, Glass feature creep may not be such a bad thing.

Coders and Lawyers

I recently started learning JavaScript.  As an aspiring tech lawyer, I thought coding would be a great way to learn a bit more about what my future clients do.  The geek in me was also in need of a hobby – coding was the efficient choice.  Working through the various tasks on Codeacademy, I am beginning to think that coders and lawyers are not *entirely* different breeds.  A similar skill-set is required in both professions – logic, attention to detail, analysis, and problem solving to name a few.  From a process perspective, similarities can also be drawn between developing a program and completing a legal transaction such as an acquisition.  The lifecycles generally proceed as follows:

Planning – This initial stage entails an assessment of the requirements.  The programmer or lawyer determines the desired end-result (i.e. to build a NLP interface, or to facilitate the purchase of a startup).

Design – This stage requires an assessment of the best mode of achieving the desired endgame.  Here, the architecture of the program or transaction is determined.  While a developer deals with questions like which programming language to employ, a lawyer may engage in a determination of the optimal deal structure by weighing the pros and cons of a share vs. asset transaction.

Implementing, Testing, Documenting – Putting the plan into action, and determining whether the prescribed requirements have been met.  In the case of developers, this stage involves coding, preparing documentation and testing for defects.  For lawyers, think negotiating the letter of intent, performing due diligence, and drafting the definitive agreement.

Maintenance – Addressing problems that crop up after the fact.  At this stage, programmers address vulnerabilities and “bugs” that are discovered in the program.  And in the case of lawyers, deal maintenance may involve indemnification claims, post-closing adjustments and earn-out disputes.

Reflecting on these similarities, I am tempted to think that coding presents an innovative and fun way for lawyers to develop and improve their lawyering skills.  At the very least, it’s a stepping-stone towards achieving sexy data-scientist status ;-).

Video of my presentation at Stanford Law, “A Licensing Approach to Regulation of Open Robotics”

Video of my paper presentation at the We Robot 2013 conference at Stanford Law School, commented on by cyberlaw expert, Professor Michael Froomkin.

“A Licensing Approach to Regulation of Open Robotics”

On April 8th, I had the opportunity to present my paper, A Licensing Approach to Regulation of Open Robotics at the We Robot Conference at Stanford Law School.  The paper was commented on by cyberlaw expert, Professor Michael Froomkin.  The following is a brief introduction to my proposal.

My paper argues that openness is normally associated with increased innovation.  However, in the case of robotics, open architecture can have an inverse effect by creating a disincentive for manufacturers to develop open systems. The singular preoccupation of open source – as we currently understand it – with software freedom, presents a barrier for manufacturers seeking to restrict or foresee harmful or unethical applications by downstream channels.

What I propose is the development of a new licensing model that promotes “sufficient and selective openness” as a means to regulate open robotics.  The Ethical Robot License (a work in progress that I designed as part of the paper) seeks to temper the inconsistent goals of attaining total software freedom, and promotion of ethical and non-harmful use of robots, by imposing selective obligations and restrictions on downstream applications.  Violation of license terms renders downstream parties liable to upstream channels for breach of contract and intellectual property infringement.

Canada Post claims monopoly over postal codes & sues geocoding service provider for IP infringement

Over a year ago, Canada Post (a Crown corp.) launched a lawsuit against, a company that collects postal codes on a voluntary basis in order to provide geocoding services.  Canada Post’s statement of claim, which was amended on March 9th, alleges that Geocoder is infringing on its intellectual property.

The Crown corporation claims to own copyright in its postal code database, and that any party seeking to use such data without its permission is infringing its rights.  For copyright to subsist in the database, it would have to meet certain requirements including the exercise of skill and judgment.  Needless to say, it will be interesting to see Canada Post try to argue that the creation of its database met this requirement given that there is really only one way to organize postal codes…

And even if copyright in the database is made out, copyright law – unlike patent law – does not provide protection from independent creation.  In practice, what this means is that if Geocoder developed its database through compiling voluntary user queries, there would be no infringement.

The case has been filed with the Federal Court.  If Canada Post succeeds in stretching the copyright framework, it will be granted a monopoly in selling postal code information (which it does for a minimum of $5,000).

If you would like to see what others have written about Canada Post’s actions and to contribute your comments, Geocoder provides a space to do so here.