Comment: To RFID or not to RFID, that is the question

The Vancouver Sun has an article that was written by Phil Chicola, U.S. Consul General in Vancouver. Entitled “To RFID or not to RFID, that is the question,” it is yet another part of the ongoing propaganda war surrounding the embedding of RFID chips in regular consumer products. In the recently released Canadian Border Services Agency (CBSA) Privacy Impact Assessment of the Enhanced Drivers License (EDL) program, we find that,

An effective external communications strategy will be developed by the [Provinces and Territories] with the assistance of the CBSA to ensure that the Canadian public is made aware of the significant privacy safeguards that will be put in place and the constraints that will be imposed on any subsequent use of personal information, especially sharing with the U.S. in consideration of the U.S.A. Patriot Act (29).

What this has amounted to in Ontario has been a persistent insistence by government officials that because the Radio Identifier that EDLs emit is not tied to any *other* piece of government information (e.g. the RFID number is not generated from an association with your driver license number, birth certificate, etc.) that the identifier isn’t personal information. Thus, while you will be broadcasting a number from your drivers license to anyone with a reader, that isn’t ‘personal’. Let’s turn to the Vancouver Sun article, and see how it squares up with the Canadian propaganda, shall we?

Continue reading

Comment: Virgin Takes Aim At BitTorrent

In the US, Comcast is presently using what is referred to as ‘protocol agnostic’ filtering‘ – effectively, if you use the full amount of bandwidth that you are paying for for more than a few minutes, they decrease your available bandwidth for a while. This was, in part, a reaction to their sending RST packets to BitTorrent users – these packets would ‘kill’ connections that individuals had with other P2P users, but were also catching some other programs in the crossfire. What’s more, they were using a technique referred to as ‘packet forging’, which is involves changing packets in-stream. After a substantial amount of public criticism and backlash, Comcast stopped using their DPI equipment for this purpose and instead shifted to using them for protocol agnostic filtering.

Let’s turn to Virgin, who is currently implementing protocol agnostic filtering, but there are rumblings that the way that they’ve deployed it may not be the best solution to combatting what is perceived as the real problem: BitTorrent traffic. From a DSLreports article:

[A] customer on Virgin’s 10Mbps/512kbps “L” tier loses 75% of his throughput for five hours should he download more than 1200MB between 4 and 9PM. (Source)

There are several issues with this kind of agnostic filtering.

Continue reading

EDL Update: Canada backpedals on sharing personal database with U.S.

An update to my last post concerning the location of the EDL databases: Jim Bronskill, with the Canadian Press, is reporting that the CBSA and Canadian authorities are shelving ideas to place the EDL data in the United States. While this certainly alleviates some of the privacy-related concerns with the EDLs, the Office of the Privacy Commissioner of Canada put it well:

“All in all, we are pleased to see that they listened to some of our recommendations, but we remain hopeful that they’ll heed to many of our other concerns,” said Anne-Marie Hayden, a spokeswoman for Stoddart. (Source)

It is nice to know that a massive amount of personal information isn’t being stored in the US for cost management reasons, but this doesn’t alleviate worries that the RFID chip in the EDLs might still be used for mass surveillance purposes. While the privacy commissioners of Canada have recently commented on this to the press, warning businesses that they need to be compliant with law when collecting license information, their need to publish this statement clearly suggests that businesses are not remaining compliant with the law concerning non-RFID licenses. To me, this suggests that there either needs to be some very real coercive ‘convincing’ applied to businesses so that they learn to comply with the law, or that this issue should be used to publicly advocate for modifications to the proposed EDL schemes (e.g. being able to disable the RFID with an on/off switch).

EDL Update: Privacy Impact Assessment Released!

Under a Freedom of Information request, the Privacy Impact Assessment (PIA) for the initial tests with Enhanced Drivers Licenses (EDLs) has been released to the public. I would highly recommend taking a look at the documents if you’re interested in this issue. Over the next few days and weeks I’m going to be (briefly) posting notes on the document. For more information, I’d recommend turning to the Canadian hub for advocates campaigning against the EDLs, at the Canadian IDentity forum.

I have a real passion surrounding databases – they are used to guide daily practices, from accessing money at instant tellers, to authenticating you to web sites that you visit, to identifying the cost of products when they are scanned at the grocery store. Databases are big business, and when it comes time to deploy new pieces of identity infrastructure the database chosen is important, as are the security precautions that surround it.

Continue reading

Internet: Drowning in the Bits of UDP

Over the past few months I’ve been watching news that is emerging from think tanks, independent researchers, and news analysts about the ‘dramatic’ increases in bandwidth usage in North America. In this post I’d like to pull together a host of sources on the recent use of the UDP protocol for transferring files, and how that relates to bandwidth scarcity. Over the next month or so, I’m hoping to put together some additional pieces on packet inspection, Enhanced Drives Licenses (EDLs), and more topical IT and privacy issues. But first, to UDP data traffic…

Peer-to-Peer and Link Points

This summer Bell Canada argued that they needed to use Deep Packet Inspection (DPI) devices to stem the use of peer-to-peer (P2P) applications during peak usage time, because P2P applications were causing congestion at major link points along Bell’s network. Bell’s practices became an issue when the Canadian Association of Internet Providers (CAIP) filed a complaint with the CRTC; Bell’s traffic shaping was being applied to all traffic that ran along Bell’s ADSL lines, rather than being localized to Bell’s customer. CAIP lost their complaint, with the CRTC noting that Bell was not discriminating against CAIP customers. The CRTC decision did not, however, condone or authorize the legality of Bell’s use of DPI technologies to filter data traffic.

Continue reading

Update: Geolocation and Mobiles

A few months ago I published a post on a product called Fire Eagle. As I then noted, Fire Eagle is an application that developers can integrate into their software suites, enabling users to identify and broadcast their geospatial location to others on the application’s network.

With the advent of the iPhone and other easy-to-use smart phones (typically read: not Windows Mobile devices), more and more people are wanting to find where they are using the built in mapping software. Moreover, advertisers are chomping at the bit to provide ads to individuals when they surf the web with their mobiles, personalizing the ads to customers’ interests and proximate geolocation. Unipier’s family of devices opens the door for cellular providers to begin this detailed level of geolocation, and it should be noted that Bell has begun to integrate Unipier devices into their network architecture.

Continue reading