Technology

Update: EDLs in Saskatchewan

/ Christopher Parsons

200903121823.jpgSome interesting news coming out of Saskatchewan: the government is looking to put the brakes on Enhanced Drivers License (EDLs). While headlines are saying that this is dominantly because of privacy concerns, I think that cost is probably a deeper reason for turning away these licenses. Crown Corporations Minister Ken Cheveldayoff is on record saying:

The criteria from homeland security has been changing. The costs have been increasing and if they go to a point where it just doesn’t make sense anymore then we’re not going to move forward. (Source)

It seems as though costs have risen from $50 – $80 dollars, without a clear sign of that stopping. Cost (financial and political) really seems to be the force keeping these licenses out of the hands of the public.

This being said, I should be fair and point out that the Privacy Commissioner of Saskatchewan hasn’t received the Privacy Impact Assessment from Sask. Government Insurance (Source). The Commissioner wasn’t outright opposed to the EDLs, and is instead suggesting that the province look to its neighbors for ways of tweaking the Bill 72 legislation.To me, this suggests looking to BC and Ontario. I don’t know exactly what the consequences of this kind of ‘tweaking’ would be, especially given how limited those governments incorporated suggested privacy protections, but it would be nice to see documents that really put the Commissioner’s cards (and desired changes) on the table. Seems like a FOI moment….

Update: EDLs and Real ID

/ Christopher Parsons / 4 Comments

200903121807.jpgThere has been discussion that Enhanced Drivers Licenses are really a ‘gateway document’ towards implementing a continental identity management system. The Department of Homeland Security’s new secretary, Janet Napolitano, is an outspoken critic of the Real ID program. There has been wide speculation about what her position would be concerning Real ID now that she is running the department that was pushing Real ID. We’re now starting to see her position come out:

Enhanced driver’s licenses give confidence that the person holding the card is the person who is supposed to be holding the card, and it’s less elaborate than Real ID. (Source)

As long as states are running the databases, rather than there being a central federal database, she’s willing to get behind EDLs. While it’s good that the DHS is retreating from a full-scale deployment of Real ID, I’m not so sure that shifting to EDLs is a ‘solution’ to the privacy issues that are discussed surrounding the RFIDs in EDLs.

Thoughts: Google and ‘Interest Based’ Advertising

/ Christopher Parsons

200903121245.jpgPrivacy. Privacy, Privacy, Privacy.

Google is persistently in the limelight for it’s ‘invasions’ of personal privacy. I’ve made references to Google and privacy in a variety of blog posts, but whenever I think about Google my mind returns to a comment from Peter Fleischer, the chief privacy officer for Google. In a post in 2007, he wrote (in his personal blog) that:

. . . privacy is about more than legal compliance, it’s fundamentally about user trust. Be transparent with your users about your privacy practices. If your users don’t trust you, you’re out of business (Source)

Perhaps naively, I think that this statement is accurate – look at the nightmares that Facebook, NebuAd, and Phorm (to name a few) all have when they ‘invade’ customers’ privacy without being fully transparent about what, and why, they are engaging in their practices. What’s more, as soon as you establish an ‘it’s our way, or no way’ approach, you immediate establish a hostile environment between you and your users. In business, your users are your lifeblood; alienate them only if you really like polishing your resume.

Continue reading

Announcement: Working Paper on DPI Now Available

/ Christopher Parsons / 2 Comments

200902241130.jpg

Last year I spent some time and put together a working paper entitled, “Deep Packet Inspection in Perspective: Tracing its lineage and surveillance potentials,” for the New Transparency Project (of which I’m a student member). The document has gone live as of today – if you have any comments/thoughts concerning it feel free to send them my way! The abstract is below:

Internet Service Providers (ISPs) are responsible for transmitting and delivering their customers’ data requests, ranging from requests for data from websites, to that from file-sharing applications, to that from participants in Voice over Internet Protocol (VoIP) chat sessions. Using contemporary packet inspection and capture technologies, ISPs can investigate and record the content of unencrypted digital communications data packets. This paper explains the structure of these packets, and then proceeds to describe the packet inspection technologies that monitor their movement and extract information from the packets as they flow across ISP networks. After discussing the potency of contemporary packet inspection devices, in relation to their earlier packet inspection predecessors, and their potential uses in improving network operators’ network management systems, I argue that they should be identified as surveillance technologies that can potentially be incredibly invasive. Drawing on Canadian examples, I argue that Canadian ISPs are using DPI technologies to implicitly ‘teach’ their customers norms about what are ‘inappropriate’ data transfer programs, and the appropriate levels of ISP manipulation of consumer data traffic.

Thoughts: Irish Newest Victims in the Copyright Wars

/ Christopher Parsons

200902231451.jpg

Copyright is becoming an ever-increasingly important part of contemporary lexicon; in Canada, it’s so important that we now have a ‘citizen’s guide‘ to help ‘regular folk’ with their copyright-related concerns. While most eyes are presently focused on the Pirate Bay trial (Ernesto has been blogging about it regularly since the trial started, Jesse Brown’s recent podcast addresses it, etc.), a major ‘success’ in the war on copyright has actually been ‘won’ by Big Media. Ireland’s Eircom has announced that they will be blocking access to peer-to-peer websites in an effort to limit their users’ access to spaces holding copywritten content. This effort to block access is in addition to Eircom’s agreement that they will cut off users who are found infringing on copyright multiple times (a three-strikes rule).

This development substantially ratchets up the question, “What is role(s) do telecommunications companies play in today’s virtualized world, and global digital economy?” Self-imposed private corporations’ policies now threaten to substantially normalize ‘permissible’ modes of both accessing data and determining what accesses are ‘legitimate’ and which are not.

Continue reading

DPI Deployed for Mobile Advertising

/ Christopher Parsons

200902181453.jpgDeep Packet Inspection is being deploying by an increasing number of operators for a host of purposes, including content analysis, flow analysis, network management (broadly stated), network management as integrated with policy management, and behavioural advertising (to name a few). While BT, in the UK, has openly admitted to working with Phorm to bring behavioral advertising to its consumers, it now appears as though network owners are going to be analyzing Internet traffic from mobiles, as well as desktop and notebook computers.

The Guardian is reporting that in a recent GSMA trial to collect information of where mobile users’ are browsing, that “the UK’s five networks – 3, O2, Orange, T-Mobile and Vodafone – used deep packet inspection technology to collect data covering about half the UK’s entire mobile web traffic” (Source). There is no indication that this is presently being associated with customers’ geolocation, but this does suggest that DPI is gaining increasing acceptance in the UK as a means of tracking what people are doing. Apparently the weak regulatory responses in the UK are spurring companies to deploy DPI before they are left behind the rest of the pack.

Continue reading