EDL Update: Canada backpedals on sharing personal database with U.S.

/ Christopher Parsons

An update to my last post concerning the location of the EDL databases: Jim Bronskill, with the Canadian Press, is reporting that the CBSA and Canadian authorities are shelving ideas to place the EDL data in the United States. While this certainly alleviates some of the privacy-related concerns with the EDLs, the Office of the Privacy Commissioner of Canada put it well:

“All in all, we are pleased to see that they listened to some of our recommendations, but we remain hopeful that they’ll heed to many of our other concerns,” said Anne-Marie Hayden, a spokeswoman for Stoddart. (Source)

It is nice to know that a massive amount of personal information isn’t being stored in the US for cost management reasons, but this doesn’t alleviate worries that the RFID chip in the EDLs might still be used for mass surveillance purposes. While the privacy commissioners of Canada have recently commented on this to the press, warning businesses that they need to be compliant with law when collecting license information, their need to publish this statement clearly suggests that businesses are not remaining compliant with the law concerning non-RFID licenses. To me, this suggests that there either needs to be some very real coercive ‘convincing’ applied to businesses so that they learn to comply with the law, or that this issue should be used to publicly advocate for modifications to the proposed EDL schemes (e.g. being able to disable the RFID with an on/off switch).

EDL Update: Privacy Impact Assessment Released!

/ Christopher Parsons

Under a Freedom of Information request, the Privacy Impact Assessment (PIA) for the initial tests with Enhanced Drivers Licenses (EDLs) has been released to the public. I would highly recommend taking a look at the documents if you’re interested in this issue. Over the next few days and weeks I’m going to be (briefly) posting notes on the document. For more information, I’d recommend turning to the Canadian hub for advocates campaigning against the EDLs, at the Canadian IDentity forum.

I have a real passion surrounding databases – they are used to guide daily practices, from accessing money at instant tellers, to authenticating you to web sites that you visit, to identifying the cost of products when they are scanned at the grocery store. Databases are big business, and when it comes time to deploy new pieces of identity infrastructure the database chosen is important, as are the security precautions that surround it.

Continue reading

Internet: Drowning in the Bits of UDP

/ Christopher Parsons

Over the past few months I’ve been watching news that is emerging from think tanks, independent researchers, and news analysts about the ‘dramatic’ increases in bandwidth usage in North America. In this post I’d like to pull together a host of sources on the recent use of the UDP protocol for transferring files, and how that relates to bandwidth scarcity. Over the next month or so, I’m hoping to put together some additional pieces on packet inspection, Enhanced Drives Licenses (EDLs), and more topical IT and privacy issues. But first, to UDP data traffic…

Peer-to-Peer and Link Points

This summer Bell Canada argued that they needed to use Deep Packet Inspection (DPI) devices to stem the use of peer-to-peer (P2P) applications during peak usage time, because P2P applications were causing congestion at major link points along Bell’s network. Bell’s practices became an issue when the Canadian Association of Internet Providers (CAIP) filed a complaint with the CRTC; Bell’s traffic shaping was being applied to all traffic that ran along Bell’s ADSL lines, rather than being localized to Bell’s customer. CAIP lost their complaint, with the CRTC noting that Bell was not discriminating against CAIP customers. The CRTC decision did not, however, condone or authorize the legality of Bell’s use of DPI technologies to filter data traffic.

Continue reading

Update: Geolocation and Mobiles

/ Christopher Parsons

A few months ago I published a post on a product called Fire Eagle. As I then noted, Fire Eagle is an application that developers can integrate into their software suites, enabling users to identify and broadcast their geospatial location to others on the application’s network.

With the advent of the iPhone and other easy-to-use smart phones (typically read: not Windows Mobile devices), more and more people are wanting to find where they are using the built in mapping software. Moreover, advertisers are chomping at the bit to provide ads to individuals when they surf the web with their mobiles, personalizing the ads to customers’ interests and proximate geolocation. Unipier’s family of devices opens the door for cellular providers to begin this detailed level of geolocation, and it should be noted that Bell has begun to integrate Unipier devices into their network architecture.

Continue reading

Privacy: Available on Facebook for a cost (kinda)

/ Christopher Parsons

This comment isn’t likely to win me any privacy-friends, but…Facebook’s privacy settings are really pretty good. Yeah, I went there – no other social networking service (that is widely used) has such a granular group of privacy settings. Now, whether you want to say that the setting of these settings is a complicated process, or an onerous, one, or whatever is another issue entirely, and it’s not the issue I want to address right now.

Facebook has what are called ‘applications’, and these delightful little pieces of code let users play mini-games, bother their friends, put up listings of the books, movies, and models that they love at the moment, etc. In essence, they greatly increase “the social” in Facebook’s social networking garden (surely I can refer to “the social” and Facebook given the b0rg’s massive investment in Facebook). What people, such as myself, take issue with concerning these applications is that when my friend adds an application, the developer of the application tends to grab a bunch of my information along with my friend’s. I didn’t agree to have the application installed, and I have no say over whether or not it gets to take some of my information. The cost for my friend to install the application is one that I have to pay.

Continue reading

Comment: Media Attention to Blackberries In Mumbai

/ Christopher Parsons / 1 Comment

I need to begin this post, in an unambiguous fashion: I absolutely do not support the terrorist attacks in Mumbai that claimed the lives of hundreds, and injured many more.

Now that that disclaimer is out of the way….

How stupid is the media to have swallowed the nonsense concerning Blackberries that Indian and American security groups are spewing!?! I’m speaking about the apparent shock of Indian security forces that the individuals who launched the attacks in Mumbai used Blackberries to keep up-to-date about the effects of their actions. The Australian Sunday Mail, as an archetypical example, writes,

Continue reading