Year: 2009

EU: Judicial Review Central to Telecom Disconnects

/ Christopher Parsons

elpalaciodejusticiaI’m perhaps a bit idealistic, but I think that there are clear contemporary demonstrations of democracy ‘working’. Today’s example comes to us from Europe, where the European Parliament has voted to restore a graduated response to copyright infringement that pertains to when and how individuals can be disconnected from the Internet. Disconnecting individuals from the ‘net, given its important role in citizens’ daily lives, can only be done with judicial oversight; copyright holders and ISPs alone cannot conspire to remove file sharers. This suggests that any three-strike policy in the EU will require judicial oversight, and threatens to radically reform how the copyright industry can influence ISPs.

What might this mean for North America? If policy learning occurs, will we see imports of an EU-style law on this matter? Do we want our policy actors to adopt an EU-model, which could be used to implement a three-strike rule that just includes judicial review at the third strike? In Canada, with the tariffs that we pay, there are already permissible conditions for file sharing – do we really want to see strong American or WIPO copyright legally enforced on our soil?

Continue reading

Privacy, Dignity, Copyright and Twitter

/ Christopher Parsons

privacyfield[Note: this is an early draft of a section of a paper I’m working on titled ‘Who Gives a Tweet about Privacy’. Other sections will follow as I draft them.]

Unauthorized Capture and Transmission of Data

Almost every cellular phone that is now sold has a camera of some sort embedded into it. The potential for individuals to capture and transmit our image without permission has become a common fact of contemporary Western life, but this has not always been the case. When Polaroid cameras were new and first used to capture images of indiscretions for gossip columns, Warren and Brandeis wrote an article asserting that the unauthorized capture and transmission of photos and gossip constituted a privacy violation. Such transmissions threatened to destroy “at once robustness of thought and delicacy of feeling. No enthusiasm can flourish, no generous impulse can survive under [gossip’s] blighting influence” (Warren and Brandeis 1984: 77). Individuals must be able to expect that certain matters will be kept private, even when acting in public spaces – they have a right to be let alone – or else society will reverse its progress towards civilization.

Continue reading

Privacy Advocates and Deep Packet Inspection: Vendors, ISPs, and Third-Parties

/ Christopher Parsons / 11 Comments

sandvinetestnetwork[I recently posted a version of this on another website, and thought that it might be useful to re-post here for readers. For a background on Deep Packet Inspection technologies, I’d refer you to this.]

There is a very real need for various parties who advocate against Deep Packet Inspection (DPI) to really work through what Packet Inspection appliances have done, historically, so that their arguments against DPI are as precise as possible. Packet Inspection isn’t new, and it’s not likely to be going away any time soon – perimeter defences for networks are essential for mitigating spam and viruses (and rely on Medium Packet Inspection).

I’m in no way an expert in the various discussions surrounding DPI (though I try to follow the network neutrality, privacy, and communications infrastructure debates), but I have put together a paper that attempts to clarify the lineage of DPI devices and (briefly) suggest that DPI can be understood as a surveillance tool that is different from prior packet inspection technologies. From a privacy perspective (which is where I sit in relation to the deployment of DPI), it’s important for privacy advocates to understand that approaching the issue from a principle-based approach is fraught with problems at legal, theoretical, and practical levels. The complexities of developing a principle-based approach is one of the reasons why many contemporary privacy scholars (myself included) have opted for a ‘problem-based’ approach to identifying privacy infringements. What, exactly, do most advocates mean when they say that their privacy is ‘violated’? I don’t think that a clear position comes out in the advocate position (maybe it does, and I’m just not aware of it) – they appear to allude to a fundamental right to privacy, while pointing to specific instances as ‘violations’ of that right. The worry with principled approaches is that they are challenged to fully capture what we mean when we say something is private, and equally challenged to capture contextualized social norms of privacy (e.g. streetview in the US versus Japan, bodily privacy in differing cultures, etc etc).

Continue reading

Deep Packet Inspection: The Good, the Bad, and the Ugly

/ Christopher Parsons

goodbaduglyIn this post, I want to try to lay out where I see some of the Deep Packet Inspection (DPI) discussions. This is to clarify things in my head that I’ve been thinking through for the past couple of days and to lay out for readers some of the ‘bigger picture’ elements of the DPI discussion (as I read them). If you’ve been fervently following developments surrounding this technology, then a lot of what is below is just rehashing what you know – hopefully the summary is useful – but if you’re relatively unfamiliar with what’s been going on this might help to orient what’s been, and is being, said.

Participants and Themes

The uses of DPI appliances are regularly under fire by network neutrality advocates, privacy advocates, and people who are generally concerned about communication infrastructure. DPI lets network operators ‘penetrate’ data packets that are routed through their networks and this practice is ‘new’, insofar as prior networking appliances were generally prevented from inspecting the actual payload, or content, of the data packets that are shuttled across the ‘net. To make this a bit clearer, when you send email it is broken into a host of little packets that are reassembled at the destination; earlier networking appliances could determine the destination, the kind of file being transmitted (e.g. a .mov or .jpeg), and so forth but they couldn’t accurately identify what content was in the packet (e.g. the characters of an email message held within a packet). Using DPI, network operators can now (in theory) configure their DPI appliances to capture the actions that users perform online and ‘see’ what they are doing in real time.

Continue reading

EDL ‘Oopsies’ Around Canada

/ Christopher Parsons

stuckinsnowBoth Ontario and Manitoba have  declared their interest in EDLs. Both are running into problems.

In Ontario’s case, it appears as though there is some confusion about whether or not the province can actually deploy the licenses in time to meet the June 1, 2009 Western Hemisphere Travel Initiative (WHTI) deadline – after this date, Canadians will need to use either an EDL or passport to cross a land border into the US. While the Sun is reporting that the deadline won’t be met by the Ontario provincial government, and the Star is saying that Minister Bradley thinks that only “some” applicants will get the licenses in time, CTV is noting that Bradley insists that the licenses will be available in time to meet the WHTI deadline. No one totally agrees on what is going on in Ontario concerning the EDL roll-out. They can all agree, however, that EDLs are terribly expensive: whereas a passport will cost $87, and Ontario EDL will run you $115. An affordable ‘solution’ to border travel indeed…

In Manitoba, it was expected that around 100,000 Manitobans would want to get their hands on EDLs. Unfortunately, it seems like the government slightly overestimated the demand: since February 2, 2009 less than 1,500 people have applied. 24,000 have applied for passports in Manitoba. Oops.

Continue reading

Thoughts: P2P, PET+, and Privacy Literature

/ Christopher Parsons

p2pwindowPeer-to-peer (P2P) technologies are not new and are unlikely to disappear anytime soon. While I’m tempted to talk about the Pirate’s Bay, or ‘the Pirate Google‘ in the context of P2P and privacy, other people have discussed these topics exceptionally well, and at length. No, I want to talk (in a limited sense) about the code of P2P and how these technologies are (accidentally) used to reflect on what privacy literature might offer to the debate concerning the regulation of P2P programs.

I’ll begin with code and P2P. In the US there have been sporadic discussions in Congress that P2P companies need to alter their UIs and make it more evident what individuals are, and are not, sharing on the ‘net when they run these programs. Mathew Lasar at Ars Technica has noted that Congress is interested in cutting down on what is termed ‘inadvertent sharing’ – effectively, members of Congress recognize that individuals have accidentally shared sensitive information using P2P applications, and want P2P vendors to design their programs in a way that will limit accidental sharing of personal/private information. Somewhat damningly, the United States Patent and Trademark Office declared in 2006 that P2P applications were “uniquely dangerous,” and capable of causing users “to share inadvertently not only infringing files, but also sensitive personal files like tax returns, financial records, and documents containing private or even classified data” (Source).

Continue reading