An update to my last post concerning the location of the EDL databases: Jim Bronskill, with the Canadian Press, is reporting that the CBSA and Canadian authorities are shelving ideas to place the EDL data in the United States. While this certainly alleviates some of the privacy-related concerns with the EDLs, the Office of the Privacy Commissioner of Canada put it well:
“All in all, we are pleased to see that they listened to some of our recommendations, but we remain hopeful that they’ll heed to many of our other concerns,” said Anne-Marie Hayden, a spokeswoman for Stoddart. (Source)
It is nice to know that a massive amount of personal information isn’t being stored in the US for cost management reasons, but this doesn’t alleviate worries that the RFID chip in the EDLs might still be used for mass surveillance purposes. While the privacy commissioners of Canada have recently commented on this to the press, warning businesses that they need to be compliant with law when collecting license information, their need to publish this statement clearly suggests that businesses are not remaining compliant with the law concerning non-RFID licenses. To me, this suggests that there either needs to be some very real coercive ‘convincing’ applied to businesses so that they learn to comply with the law, or that this issue should be used to publicly advocate for modifications to the proposed EDL schemes (e.g. being able to disable the RFID with an on/off switch).
Under a Freedom of Information request, the Privacy Impact Assessment (PIA) for the initial tests with Enhanced Drivers Licenses (EDLs) has been released to the public. I would highly recommend taking a look at the documents if you’re interested in this issue. Over the next few days and weeks I’m going to be (briefly) posting notes on the document. For more information, I’d recommend turning to the Canadian hub for advocates campaigning against the EDLs, at the Canadian IDentity forum.
I have a real passion surrounding databases – they are used to guide daily practices, from accessing money at instant tellers, to authenticating you to web sites that you visit, to identifying the cost of products when they are scanned at the grocery store. Databases are big business, and when it comes time to deploy new pieces of identity infrastructure the database chosen is important, as are the security precautions that surround it.
Over the past few months I’ve been watching news that is emerging from think tanks, independent researchers, and news analysts about the ‘dramatic’ increases in bandwidth usage in North America. In this post I’d like to pull together a host of sources on the recent use of the UDP protocol for transferring files, and how that relates to bandwidth scarcity. Over the next month or so, I’m hoping to put together some additional pieces on packet inspection, Enhanced Drives Licenses (EDLs), and more topical IT and privacy issues. But first, to UDP data traffic…
Peer-to-Peer and Link Points
This summer Bell Canada argued that they needed to use Deep Packet Inspection (DPI) devices to stem the use of peer-to-peer (P2P) applications during peak usage time, because P2P applications were causing congestion at major link points along Bell’s network. Bell’s practices became an issue when the Canadian Association of Internet Providers (CAIP) filed a complaint with the CRTC; Bell’s traffic shaping was being applied to all traffic that ran along Bell’s ADSL lines, rather than being localized to Bell’s customer. CAIP lost their complaint, with the CRTC noting that Bell was not discriminating against CAIP customers. The CRTC decision did not, however, condone or authorize the legality of Bell’s use of DPI technologies to filter data traffic.
A few months ago I published a post on a product called Fire Eagle. As I then noted, Fire Eagle is an application that developers can integrate into their software suites, enabling users to identify and broadcast their geospatial location to others on the application’s network.
With the advent of the iPhone and other easy-to-use smart phones (typically read: not Windows Mobile devices), more and more people are wanting to find where they are using the built in mapping software. Moreover, advertisers are chomping at the bit to provide ads to individuals when they surf the web with their mobiles, personalizing the ads to customers’ interests and proximate geolocation. Unipier’s family of devices opens the door for cellular providers to begin this detailed level of geolocation, and it should be noted that Bell has begun to integrate Unipier devices into their network architecture.