DPI

Dispelling FUD: Iran and ISP Surveillance

/ Christopher Parsons / 8 Comments

Since the election of incumbent president Mahmoud Ahmadinejad, the world has witnessed considerable political tension in Iran. Protests over the questionable electoral results, beatings and deaths of political protestors, recurring protests by Iranians associated with the Green Revolution, and transmissions of information amongst civil- and global-actors have been broadcast using contemporary communications systems. Twitter, blogs, Facebook, and mobile phone video has enabled Iranians to coordinate, broadcast, and receive information. The existence of Web 2.0 infrastructure has set the conditions under which the Green Revolution operates.

The Iranian government quickly recognized the power of cheap social coordination technologies and, in response, drastically reduced the capacity of national Internet links – the government, in effect, closed the nation’s Internet faucet, which greatly reduced how quickly data could be transmitted to, and received from, the ‘net as a whole. This claim is substantiated by Arbor Networks’ (Internet) border reports, which demonstrate how, immediately after the presidential election, there was a plummet in the data traffic entering and exiting the nation. (It should be noted that Arbor is a prominent supplier of Deep Packet Inspection equipment.)

Prior to trying to dispel the Fear, Uncertainty, and Doubt (FUD) surrounding the contemporary Iranian ISP-surveillance system that is regularly propagated by the media, I need to give a bit of context on the telecommunications structure in Iran.

Continue reading

Will Copyright Kill eHealth?

/ Christopher Parsons

bodyworldsThere is a metric ton of cash that’s being poured into eHealth initiatives, and to date it doesn’t appear that governments are recognizing the relationship between copyright law and eHealth. That makes a lot of sense in some ways – when most of us think ‘medicine’ and ‘doctor’ we think about privacy as one of, if not the, key issues (while, other than hopefully curing whatever is making us ill!). In this light, we wonder about the security of databases, the willingness of healthcare providers to limit access to records, and so forth. People in Canada are worried enough about privacy that, on the Ontario Government’s eHealth Ontario site, ‘Privacy and Security‘ are front and center as a main link on their homepage. When we turn to British Columbia’s October 23, 2009 Heath Sector Information Management/Information Technology Strategy and search for ‘privacy’ we see that the term appears on 18 of the report’s 55 pages. Moving over to the Ontario Information and Privacy Commissioner’s May 2, 2006 presentation on health information and electronic health records we, again, see emphases on the privacy and security concerns that must be posed alongside any movement to massively digitize the healthcare infrastructure.

What we see less of in the eHealth debate are the prevalent dangers accompanying threats to cut citizens off of the ‘net as a consequence of copyright infringement. It’s this issue that I want to briefly dwell on today, in part to start ramping up some thoughts on the wide-ranging effects of three-strikes laws that are starting to be adopted and/or seriously discussed in various jurisdictions around the world.

Continue reading

Aggregating Information About CView

/ Christopher Parsons

cryingcopyrightOver the past little while there has been considerable attention focused on Virgin Media’s decision to trial Detica’s CView copyright monitoring system. This system uses Deep Packet Inspection (DPI) technology to identify data protocols and likely files that are being transferred in order to generate a Copyright Infringement Index (i.e. a ‘Piracy Index’). As outlined by Detica, CView will let ISPs work with content creators to determine whether ISPs providing content through their portals lead to reductions in ‘infringing’ transfers of content through P2P file sharing.

The story about Detica’s involvement really broke with Chris Williams’ piece over at the Register entitled, “Virgin Media to trial filesharing monitoring system.” In the piece, he recognized that the trial will encompass roughly 40% of Virgin’s customers, that the aim is to measure overall levels of filesharing rather than identify individual customers, and (at least initially) will focus on music. After I read the piece, I send some questions off to Detica and posted them (“Virgin to Use DPI to ID Copyright Infringement“) based on my reading of Williams’ piece and Detica’s consultation paper, and shortly thereafter followed up with Detica’s responses and thoughts on CView and privacy infringements (“Update to Virgin Media and Copyright DPI“). Between the posting of my questions, and the response from Detica, Richard Clayton had a meeting with representatives from Detica and posted the information they released to him over at Light Blue Touchpaper in a posting “What does Detica Detect?” The Register was also able to get face time with people working at Detica, leading Williams to produce his second piece “Spook firm readies Virgin Media filesharing probes.”

In the rest of this post, I want to pull together the information that has come to light so that we can get a better picture of what is known about CView. As such, this is very much a summary rather than an analytic post; hopefully I’ll have time to delve the information more critically in the near future.

Continue reading

Update to Virgin Media and Copyright DPI

/ Christopher Parsons / 3 Comments

virginmedialogoRecently, I’ve heard back from Detica about CView and wanted to share the information that Detica has been provided. CView is the copyright detection Deep Packet Inspection (DPI) appliance that Virgin Media will be trialling, and is intended to measure the amount of copyright infringing files that cross Virgin’s network. This index will let Virgin determine whether the content deals they sign with content producers have a noticeable impact on the amount of infringing P2P traffic on their network. Where such deals reduce infringements, then we might expect Virgin to invest resources in agreements with content producers, and if such agreements have no impact then Virgin’s monies will likely be spent on alternate capital investments. I’ll note up front that I’ve sent some followup questions to seek additional clarity where the answers I received were somewhat hazy; such haziness appears to have been from a miscommunication, and is likely attributable to a particular question that was poorly phrased. Up front, I will state that I’m not willing to release the name of who I’m speaking with at Detica, as I don’t think that their name is needed for public consumption and would be an inappropriate disclosure of personal information.

The key question that is lurking in my own mind – if not that of others interested in the CView product – is whether or not the appliance can associate inspected data flows with individuals. In essence, I’m curious about whether or not CView has the ability to collect ‘personally identifiable information’ as outlined by the Privacy Commissioner of Canada in her recent findings on Bell’s use of DPI. In her findings, the Commissioner argues that because Bell customers’ subscriber ID and IP address are temporarily collated that personal information is being collected that Bell does collect personal information.

Continue reading

Virgin Media to Monitor Copyright Infringement

/ Christopher Parsons / 6 Comments

truthliesandbroadbandLate last week The Register reported that Virgin Media is going to be trialling Detica’s Deep Packet Inspection (DPI) appliances to measure the levels of copyright-infringing file sharing that is occurring along Virgin Media’s networks. It’s important to note a few things right up front:

  1. I have a request in to the company manufacturing these appliances, Detica, and have been promised responses to my questions. In light of this, I’m not accusing Detica or Virgin Media of engaging in any ‘privacy invasive’ uses of DPI, at least not at the moment.
  2. The information that I’ll drawing on is, largely, from a consultation paper that Detica presented in late September of 2009.
  3. This post is largely meant as a ‘let’s calm down, and wait to hear about the technology’s details’ before suggesting that a massive campaign be mounted against what might be a relatively innocuous surveillance technology.

With that stated…

Detica describes themselves as a “business and technology consultancy specialising in helping clients collect, manage and exploit information to reveal actionable intelligence. As the digital revolution causes massive amounts of data to converge with a new generation of threats, many of our clients see this as one of their greatest challenges.” Their CView DPI system is meant to let ISPs better identify the amount of copyright infringing work that is coursing across their networks, in an effort to give ISPs better metrics as well as to determine whether arrangements between ISPs and content providers has a significant, measurable effect on the transfer of copyright infringing files.

Continue reading

Copyright and the Blank Media Levy

/ Christopher Parsons

mediaplayer2I’ve been watching with some interest the new Artist 2 Fan 2 Artist project, recently started up by Jon Newton and Billy Bragg. The intent of the site is to bring artists and fans together and encourage these parties to speak directly with one another, without needing to pass through intermediaries such as producers, labels, public relations groups, managers, and so on. It will be interesting to see how the dialogue develops.

One of the key elements of the site that interest me the discussion of paying artists (and other content creators); how can we avoid demonizing P2P users while at the same time allocating funds to artists/copyright owners in a responsible manner. On October 5th, this topic was broached under the posting ‘In Favour of a Music Tax‘, and I wanted to bring some of my own comments surrounding the idea of a music tax to the forefront of my own writing space, and the audience here.

I think that an ISP-focused levy system is inappropriate for several reasons: it puts too much authority and control over content analysis than carriers need, puts carriers at risk when they misidentify content, and would make carriers (for-profit content delivery corporations) in charge of monitoring content without demanding consumers that pay ‘full value’ for content moving through their networks. This last point indicates that an ISP-based levy puts ISPs in a conflict of interest (at least in the case of the dominant ISPs in Canada). Another solution is required.

Continue reading