Internet

Update: CRTC PN 2008-19 Filings

/ Christopher Parsons

200902122343.jpgI’ve only just now had a chance to start to summarize my thoughts on documents related to CRTC Public Notice (PN) 2008-19; Review of the Internet traffic management practices of Internet service providers that have been filed since January 26th, 2009. Below are points of interest that come up – my hope is in the next few days to integrate and update the initial summary document that I prepared for ISP filings, so that a more complete picture of what has been filed exists.

January 26, 2009 ISP Filings

These filings, by major Canadian ISPs, were in response to the earlier inquiries made by non-ISP interrogatories for the public notice. I put together a summary document concerning those inquiries, and wrote a post that pulled together interesting comments that emerged from them.

Cogeco noted hat it was well known that there was a growth in Internet data traffic, though was not willing to disclose their actual growth numbers. Bell and MTS Allstream both supported the suggestion that the CRTC aggregate raw data traffic information that was provided by ISPs, so long as the information was anonymized and thus kept trade secrets relatively secret. Bell suggested that such aggregations could be divided according to ‘HTTP/streaming’, ‘P2P’, ‘UDP’, and ‘Other’ categories. MTS Allstream suggested that aggregated numbers be divided by ‘Telcos’ and ‘Cable providers’, or by ‘ISPs that throttle’ and ‘ISPs that don’t throttle traffic’.

Continue reading

Update: Network Management, Packet Inspection, and Stimulus Dollars?

/ Christopher Parsons

200902122010.jpgIain Thomson notes that the stimulus bill that recently cleared the American Congress might work to legitimize ISP packet inspection practices under the guise of ‘network management’. Specifically, the amendment in question reads:

In establishing obligations under paragraph (8), the assistant secretary shall allow for reasonable network management practices such as deterring unlawful activity, including child pornography and copyright infringement.

While Thomson takes this to (potentially) mean that ISPs and major content producers/rights holders might use this language to justify the use of packet inspection technologies, it’s possible that alternate management methods could be envisioned. This said, given that copyright infringement is explicitly noted, there is a very real worry that this might legitimize this clause to push for ISP ‘policing’. Any such effect, I suspect, would further escalate the war between P2P and Media; encryption would become more common and effective, and result in a greater sophistication in avoiding inspection devices. This is a real loss for any and all groups who rely on non-encrypted traffic for intelligence purposes; any drive that will get ‘common folk’ thinking about encrypting more and more of their traffic, accompanied with relatively easy ways of doing so, will substantially hinder the capture of actual content. How you read the implications of this depends on your perspective on privacy and surveillance, but it seems to me that it threatens to further escalate a ‘war’ that criminalizes huge swathes of the population for actions that are relatively harmless.

Comment: Google Latitude

/ Christopher Parsons

200902121734.jpgIn the past week or so, Google has receive an enormous amount of attention because of their Latitude program. Latitude, once installed and enabled, will alert specified friends to your geographic location very specifically (i.e. street address) or more broadly (i.e. city). Google has developed this system so that users can turn off the system, can alter how precise it locates users, and has (really) just caught up to the technologies that their competitors have already been playing with (I wrote a little about Yahoo!’s Fire Eagle software, which is similar to Latitude, a few months ago).

While many people have already written and spoken about Latitude, I’ve found myself on a fence. On the one hand, I think that some of the criticisms towards the ‘privacy’ features of the program have been innane – at least one privacy advocate’s core ‘contribution’ to has been a worry that individuals might be given a phone with Latitude installed and active, without knowing about its presence or activation. As a result, they would be tracked without having consented to the program, or the geo-surveillance.

Continue reading

Update: Bell Users’ Average Bandwidth Use

/ Christopher Parsons

200902032359.jpgJust a quick note about an interesting tidbit that was passed out by the Bell rep who gave a presentation on DPI today: A few years ago (no precise dates given) users were consuming, on average, 1GB of traffic; this has risen tenfold since that date. As Bell has repeatedly stated in CRTC submissions, they are not caching personally identifiable information as packets course through their DPI equipment, but still maintain that they are looking into the application layer of packets, but not the ‘content’ of the packet. It’s my hope that, over the next few months, more information about ISP uses of DPI emerges so that a more nuanced and productive discussion can take place.

In the next day or so, I’ll be putting up more thoughts and facts that emerged through the 10th annual security and privacy conference, “Life in a Digital Fishbowl“.

Summary: CRTC PN 2008-19; Requests for Public Disclosure Filings

/ Christopher Parsons / 4 Comments

I’ve just completed a summary document that pulls together the requests for disclosure from the various advocacy groups currently involved in the CRTC’s PN 2008-19 (ISP Internet Management Techniques). A few things that I found of interest:

  1. TELUS is being used as a lever against the other ISPs; the common metric is “TELUS released all this information in public, so what justification can the rest of the ISPs have for filing in confidence?”
  2. Public Interest Advocacy Center (PAIC) really focused on Bell and Rogers, and noted repeatedly that Bell has filed items in confidence in this public notice that it had been forced to file in public previously. Also, where Bell could claim confidentiality last time (Canadian Association of Internet Providers [CAIP] v Bell), this isn’t the case now because all the major ISPs will be forced to show their hands at the same time.
  3. Without historical and projected growth, it is impossible for public groups to argue whether or not current managing practices are appropriate. This data needs to be released so that they can fully response to the CRTC’s public notice.
  4. The Campaign for Democratic Media (CDM) is willing to have all of the ISPs’ traffic aggregated, so long as it is disclosed publicly what the trends are.
  5. CDM notes that without information on the top 5% and 10% of users, that it is impossible to ascertain what their actual impact on total bandwidth has been.
  6. CAIP, PAIC, and the Canadian Film and Television Production Association (CFTPA) all argue that it is important for clear, technical, explanations of congestion be provided – without this, it is challenging to effectively interrogate what is, or isn’t, happening on ISPs’ networks.
  7. PIAC stands that, if Bell didn’t have a congestion metric in place prior to January 2007 then they should be obligated to disclose information in public on the basis that their definitions of congestion need to be examined more closely than others (unstated, but this is in part because they are such a major player in Canada).
  8. CFTPA holds that Bell’s networking diagram is good, because it offers specifics into their network. In light of Bell’s submission, other parties should submit similarly detailed diagrams, with devices clearly labeled, so that members of the public can meaningfully comment on whether the network components use by ISPs are adequate or not.
  9. CAIP, CDM, PAIC, and CFTPA all maintain that knowing what products are being used to manage Internet traffic is critical – without this information it is challenging to actually comment on how throttling is occurring. CDM raises the privacy issue with DPI.

Deep Packet Inspection Analogies

/ Christopher Parsons / 5 Comments

In reading through the recent CRTC filings, something that has been striking me is that the ‘regular’ metaphor for how Deep Packet Inspection (DPI) technologies work seems a bit awkward. When you send packets of data along the ‘net, they are broadly composed of a header and a payload. The metaphor goes as follows: the header is like the addressing information on an envelop, and the payload is the actual letter in the envelop. DPI opens the envelop, sees the content of the letter, examines it, reseals it, and then passes the letter along to its destination (assuming that the contents aren’t of a type that shouldn’t be sent onwards).

I like the metaphor because of its power, but at the same time I have to wonder about its accuracy, at least in the Canadian situation. When reading the ISP’s CRTC filings, I keep reading that they use DPI devices for flow analysis – they’re not looking for the content of your email, they just want to identify whether you’re sending email or an instant message. Rather than assume that the ISPs are being duplicitous, why not reconsider the metaphor to see if it can’t be developed to distinguish between different usages of DPI equipment.

Continue reading