Internet

Draft: What’s Driving Deep Packet Inspection in Canada?

/ Christopher Parsons

routingpacketsFor the past few weeks I’ve been working away on a paper that tries to bring together some of the CRTC filings that I’ve been reading for the past few months. This is a slightly revised and updated version of a paper that I presented to the Infoscape research lab recently. Many thanks to Fenwick Mckelvey for taking the lead to organize that, and also to Mark Goldberg for inviting me to the Canadian Telecom Summit, where I gained an appreciation for some of the issues and discussions that Canadian ISPs are presently engaged in.

Abstract:

Canadian ISPs are developing contemporary netscapes of power. Such developments are evidenced by ISPs categorizing, and discriminating against, particular uses of the Internet. Simultaneously, ISPs are disempowering citizens by refusing to disclose the technical information needed to meaningfully contribute to network-topology and packet discrimination discussions. Such power relationships become stridently manifest when observing Canadian public and regulatory discourse about a relatively new form of network management technology, deep packet inspection. Given the development of these netscapes, and Canadian ISPs’ general unwillingness to transparently disclose the technologies used to manage their networks, privacy advocates concerned about deep packet networking appliances abilities to discriminate between data traffic should lean towards adopting a ‘fundamentalist’, rather than a ‘pragmatic’, attitude concerning these appliances. Such a position will help privacy advocates resist the temptation of falling prey to case-by-case analyses that threaten to obfuscate these device’s full (and secretive) potentialities.

Full paper available for download here. Comments are welcome; either leave them here on the blog, or fire something to the email address listed on the first page of the paper.

Iran, Traffic Analysis, and Deep Packet Inspection

/ Christopher Parsons / 9 Comments

iranelectionLet me start with this: I am woefully ignorant and Iranian politics, and have no expertise to comment on it. I’ll save my personal thoughts on the matter for private conversations rather than embarrass myself by making bold and ignorant statements here. Instead, I want to briefly note and comment on how the Wall Street Journal (WSJ) is talking about Deep Packet Inspection (DPI) and the data traffic that is flowing in and out of Iran.

The WSJ has recently disclosed that Iranian network engineers are using DPI to examine, assess, and regulate content that is entering and exiting Iran. They note that the monitoring capacity was, at least in part, facilitated by infrastructure that was sold by Nokia-Simens. The article proceeds, stating that traffic analysis processes have been experimented with before, though this is the first major deployment of these processes that has captured the attention of the world/Western public. This is where things start getting interesting.

The article notes that;

The Iranian government had experimented with the equipment for brief periods in recent months, but it had not been used extensively, and therefore its capabilities weren’t fully displayed – until during the recent unrest, the Internet experts interviewed said.

Continue reading

DPI and Canadians’ Reasonable Expectations of Privacy

/ Christopher Parsons / 2 Comments

canadasupremecourt[Note – I preface this with the following: I am not a lawyer, and what follows is a non-lawyer’s ruminations of how the Supreme Court’s thoughts on reasonable expectations to privacy intersect with what deep packet inspection (DPI) can potentially do. This is not meant to be a detailed examination of particular network appliances with particular characteristics, but much, much more general in nature.]

Whereas Kyllo v. United States saw the US Supreme Court assert  that thermal-imaging devices, when directed towards citizens’ homes, did constitute an invasion of citizens’ privacy, the corresponding Canadian case (R. v. Tessling) saw the Supreme Court assert that RCMP thermal imaging devices did not violate Canadians’ Section 8 Chart rights (“Everyone has the right to be secure against unreasonable search or seizure”). The Court’s conclusions emphasized information privacy interests at the expense of normative expectations – thermal information, on its own, was practically ‘meaningless’ – which has led Ian Kerr and Jena McGill to worry that informational understandings of privacy invoke:

Continue reading

Byte-Based Billing and Smart Pipes

/ Christopher Parsons

cyberspacemapThere are worries that Internet Service Providers (ISPs) may inject intelligence into their networks to try and unfairly differentiate their services from competitors’. Time Warner’s recently reformed End User Licensing Agreement (EULA) may be the most recent demonstration of this kind of differentiation. The EULA recognizes a difference between third-party video streaming, and streaming content from Time Warner’s own network spaces, and authorizes Time Warner to:

…monitor my bandwidth usage patterns to facilitate the provision of the HSD Service and to ensure my compliance with the Terms of Use and to efficiently manage their networks and their provision of services. TWC or ISP may take such steps as each may determine appropriate in the event my usage of the HSD Service does not comply with the Terms of Use. I acknowledge that HSD Service does not include other services managed by TWC and delivered over TWC’s shared infrastructure, including Video Service and Digital Phone Service. (Source)

Continue reading

Deep Packet Inspection and the Confluence of Privacy Regimes

/ Christopher Parsons / 12 Comments

insiderouterI learned today that I was successful in winning a Social Sciences and Human Research Council (SSHRC) award. (Edit September 2009: I’ve been upgraded to a Joseph Armand Bombardier Canada Graduate Scholarship). Given how difficult I found it to find successful research statements (save for through personal contacts) I wanted to post my own statement for others to look at (as well as download if they so choose). Since writing the below statement, some of my thoughts on DPI have become more nuanced, and I’ll be interested in reflecting on how ethics might relate to surveillance/privacy practices. Comments and ideas are, of course, welcomed.

Interrogating Internet Service Provider Surveillance:
Deep Packet Inspection and the Confluence of International Privacy Regimes

Context and Research Question

Internet Service Providers (ISPs) are ideally situated to survey data traffic because all traffic to and from the Internet must pass through their networks. Using sophisticated data traffic monitoring technologies, these companies investigate and capture the content of unencrypted digital communications (e.g. MSN messages and e-mail). Despite their role as the digital era’s gatekeepers, very little work has been done in the social sciences to examine the relationship between the surveillance technologies that ISPs use to survey data flows and the regional privacy regulations that adjudicate permissible degrees of ISP surveillance. With my seven years of employment in the field of Information Technology (the last several in network operations), and my strong background in conceptions of privacy and their empirical realization from my master’s degree in philosophy and current doctoral work in political science, I am unusually well-suited suited to investigate this relationship. I will bring this background to bear when answering the following interlinked questions in my dissertation: What are the modes and conditions of ISP surveillance in the privacy regimes of Canada, the US, and European Union (EU)? Do common policy structures across these privacy regimes engender common realizations of ISP surveillance techniques and practices, or do regional privacy regulations pertaining to DPI technologies preclude any such harmonization?

Continue reading

Draft – Who Gives a ‘Tweet’ About Privacy?

/ Christopher Parsons / 4 Comments

twittercapacityThis is a full draft of the paper on Twitter and privacy that I’ve been developing over the past few weeks, entitled ‘Who Gives a ‘Tweet’ About Privacy?’ It uses academic privacy literature to examine Twitter and the notion of reasonable expectations of privacy in public, and is written to help nuance privacy discussions surrounding the discourse occuring on Twitter (and, implicitly, similar social networking and blogging sites). The paper focuses on concepts of privacy and, as such, avoids deep empirical analyses of how the term ‘privacy’ is used by particular members of the social networking environment. Further, the paper avoids delving into the web of legal cases that could be drawn on to inform this discussion. Instead, it is theoretically oriented around the following questions:

  1. Do Twitter’s users have reasonable expectations to privacy when tweeting, even though these tweets are the rough equivalent of making statements in public?
  2. If Twitter’s user base should hold expectations to privacy, what might condition these expectations?

The paper ultimately suggests that Daniel Solove’s taxonomy of privacy, most  recently articulated in Understanding Privacy, offers the best framework to respond to these question. Users of Twitter do have reasonable expectations to privacy, but such expectations are conditioned by juridical understandings of what is and is not reasonable. In light of this, I conclude by noting that Solove’s use of law to recognize norms is contestable. Thus, while privacy theorists may adopt his method (a focus on privacy problems to categorize types of privacy infractions), they might profitably condition how and why privacy norms are established – court rulings and dissenting opinions may not be the best foundation upon which to rest our privacy claims – by turning to non-legal understandings of norm development, degeneration, and mutation.

Paper can be downloaded here.