Internet

Choosing Winners with Deep Packet Inspection

/ Christopher Parsons

I see a lot of the network neutrality discussion as one surrounding the conditions under which applications can, and cannot, be prevented from running. On one hand there are advocates who maintain that telecommunications providers – ISPs such as Bell, Comcast, and Virgin – shouldn’t be responsible for ‘picking winners and losers’ on the basis that consumers should make these choices. On the other hand, advocates for managed (read: functioning) networks insist that network operators have a duty and responsibility to fairly provision their networks in a way that doesn’t see one small group negatively impact the experiences of the larger consumer population. Deep Packet Inspection (DPI) has become a hot-button technology in light of the neutrality debates, given its potential to let ISPs determine what applications function ‘properly’ and which see their data rates delayed for purposes of network management. What is often missing in the network neutrality discussions is a comparison between the uses of DPI across jurisdictions and how these uses might impact ISPs’ abilities to prioritize or deprioritize particular forms of data traffic.

As part of an early bit of thinking on this, I want to direct our attention to Canada, the United States, and the United Kingdom to start framing how these jurisdictions are approaching the use of DPI. In the process, I will make the claim that Canada’s recent CRTC ruling on the use of the technology appears to be more and more progressive in light of recent decisions in the US and the likelihood of the UK’s Digital Economy Bill (DEB) becoming law. Up front I should note that while I think that Canada can be read as ‘progressive’ on the network neutrality front, this shouldn’t suggest that either the CRTC or parliament have done enough: further clarity into the practices of ISPs, additional insight into the technologies they use, and an ongoing discussion of traffic management systems are needed in Canada. Canadian communications increasingly pass through IP networks and as a result our communications infrastructure should be seen as important as defence, education, and health care, each of which are tied to their own critical infrastructures but connected to one another and enabled through digital communications systems. Digital infrastructures draw together the fibres connecting the Canadian people, Canadian business, and Canadian security, and we need to elevate the discussions about this infrastructure to make it a prominent part of the national agenda.

Continue reading

Thoughts on COUNTER: Counterfeiting and Piracy Research Conference

/ Christopher Parsons

Last week I was a participant at the COUNTER: Counterfeit and Piracy Research Conference in Manchester, UK. I was invited to be part of a panel on deep packet inspection by Joseph Savirimuthu, as well as enjoy the conference more generally. It was, without a doubt, one of the best conferences that I have attended – it was thought-provoking and (at points) anger-inducing, good food and accommodations were provided, and excellent discussions were had. What I want to talk about are some of the resonating themes that coursed through the conference and try to situate a few of the positions and participants to give an insight into what was talked about.

The COUNTER project is a European research project exploring the consumption of counterfeit and pirated leisure goods. It has a series of primary research domains, including: (1) frequency and distribution of counterfeits; (2) consumer attitudes to counterfeit and pirated goods; (3) legal and ethical frameworks for intellectual property; (4) policy options for engaging with consumers of counterfeit; (5) the use of copyrighted goods for the creation of new cultural artifacts; (6) impacts of counterfeiting and control of intellectual property.

Continue reading

Draft – Deep Packet Inspection: Privacy, Mash-ups, and Dignities

/ Christopher Parsons

This is a draft of the paper that I’ll be presenting at the Counter: Piracy and Counterfeit conference in Manchester in a few days. It’s still rough around some edges, but feels like a substantial piece. Comments, as always, are welcome.

Abstract:

Privacy operates as an umbrella-like concept that shelters liberal citizens’ capacity to enjoy the autonomy, secrecy, and liberty, values that are key to citizens enjoying their psychic and civil dignity. As digitisation sweeps through the post-industrial information economy, these same citizens are increasingly sharing and disseminating copywritten files using peer-to-peer file sharing networks. In the face of economic challenges posed by these networks, some members of the recording industries have sought agreements with Internet Service Providers (ISPs) to govern the sharing of copywritten data. In Britain, file-sharing governance has recently manifested in the form of Virgin Media inserting deep packet inspection (DPI) appliances into their network to monitor for levels of infringing files. In this presentation, I argue that ISPs and vendors must demonstrate technical and social transparency over their use of DPI to assuage worries that communications providers are endangering citizens’ psychic and civil dignities. Drawing on recent Canadian regulatory processes concerning Canadian applications of DPI, I suggest that transparency between civil advocacy groups and ISPs and vendors can garner trust required to limit harms to citizens’ psychic dignity. Further, I maintain that using DPI appliances to detect copyright infringement and apply three-strikes proposals unduly threatens citizens’ civil dignities; alternate governance strategies must be adopted to preserve citizens’ civil dignity.

Download paper

Why Mash-up Matters

/ Christopher Parsons

livemashupdj[Note: this is an early draft of the first section of a paper I’m working on, presently loosely titled “Mash-up Meets Deep Packet Inspection: Culture, solutions, and the demand for transparency”. Other sections will follow as I draft them. I’ve adopted this format based on positive reactions to my similar drafting process last year on ‘Who Gives a Tweet About Privacy?‘ Comments welcome. I’ve excluded full bibliographic information, but retained enough that you can find my sources. Text has been copied and pasted from a word processing document; this may result in some links being broken *cough* footnotes links *cough*]

I’m composing the beginning of this article to the sounds of Girl Talk’s ‘Like This’ from his Feed the Animals album. His artistic technique is to take very short samples from a variety of artists – twenty-nine samples are taken in the three minutes and twenty-one seconds of ‘Like This’ – and remix the work to create entirely new songs.[i] He isn’t a DJ but a self-described musician of the digital era, and when his work was presented to Marybeth Peters of the US Registrar of Copyrights she recognized that his music was amazing. She also recognized it was likely illegal, and the fact that his own creativity clearly imbued his creations offered no defense against copyright infringement: “You can’t argue your creativity when it’s based on other people’s stuff.”[ii] This position is mirrored by Barry Slotnick, head of the intellectual property litigation group at Loeb & Loeb, who has stated that “[w]hat you can’t do is substitute someone else’s creativity for your own.”[iii] Girl Talk’s work is recognized as amazing and creative, even by defenders and advocates of the present copyright regime, but is still questionably legal (at best). Feed the Animals is a popular album that pulls together anthems of pop culture, and its artist has been used as a defender of copyright reform movements,[iv] but it is only one item in a rapidly developing and emerging ‘mash-up’ culture that draws together existing cultural artifacts to in the creation of a recombinant digital culture.

Continue reading

IPv6 and the Future of Privacy

/ Christopher Parsons / 5 Comments

There is an increasing urgency to transition to a new infrastructure for addressing space on the Internet, and in this space all individuals and their devices could be uniquely identifiable by their Internet Protocol (IP) address(es). It is in light of this surveillant future that France’s recent ruling that IP addresses are not personally identifiable information is so serious. Further, it is with this longer temporal viewpoint (i.e. not just the here and now) that has more generally worried technologists about governmental rulings concerning binary ‘yes/no IP addresses are private information’.

Before I go any further, let me break down what an IP address is, the distinctions between versions 4 (IPv4) and 6 (IPv6), and then get to the heart of the privacy-related issues concerning the transition to IPv6. The technical infrastructure of the ‘net tends to be seen as dreadfully boring but, as is evidenced by the (possible) computer failures of Toyota vehicles, what goes on ‘under the hood’ of the ‘net is of critical importance to understand and think about. It’s my hope that you’ll browse away with concerns and thoughts about the future of privacy in an increasingly connected biodigital world.

Continue reading

Digital Crises and Internet Identity Cards

/ Christopher Parsons / 2 Comments

Something that you learn if you (a) read agenda-setting and policy laundering books; (b) have ever worked in a bureacratic environment, is that it’s practically criminal to waste a good crisis. When a crisis comes along various policy windows tend to open up unexpectedly, and if you have the right policies waiting in the wings you can ram through proposals that would otherwise be rejected out of hand. An example: the Patriot Act wasn’t written in just a few days; it was presumably resting in someone’s desk, just waiting to be dusted off and implemented. 9/11 was the crisis that opened the policy windows required to ram that particular policy through the American legislative system. Moreover, the ‘iPatriot’ Act, it’s digital equivalent, is already written and just waiting in a drawer for a similar crisis. With the rhetoric ramping up about Google’s recent proclamations that they were hacked by the Chinese government (or agents of that government), we’re seeing bad old ideas surfacing once again: advocates of ‘Internet Identity Cards’ (IICs) are checking if these cards’ requisite policy window is opening.

The concept of IICs is not new: in 2001 (!) the Institute of Public Policy Research suggested that children should take ‘proficiency tests’ at age 11 to let them ‘ride freer’ on the ‘net. Prior to passing this ‘test’ children would have restrictions on their browsing abilities, based (presumably) on some sort of identification system. The IIC, obviously, didn’t take off – children aren’t required to ‘license up’ – but the recession of the IIC into the background of the Western cyberenvironment hasn’t meant that either research and design or infrastructure deployment for these cards has gone away. Who might we identify as a national leader of the IIC movement, and why are such surveillance mechanisms likely incapable of meeting stated national policy objectives but nevertheless inevitable?

Continue reading