Technology

Thoughts: Why do I focus on digital privacy issues?

/ Christopher Parsons

Earlier this year, I was asked a very good question by my MA advisor. Omid asked, “Why do you study what you study?” At the time, I gave an incredibly disappointing answer – it was vague, disjointed, and really didn’t address the question in a forthright way. I think that there were a few reasons: first, I didn’t have time to prepare; second, I hadn’t reflected on this question in a deep manner that could be succinctly expressed; and third, I’m not very good at answering relatively complicated questions that link into my personal history on the spot. Since then, the question has been in the back of my mind, and I’ve come back to it on a frequent basis.

So, with that in mind I want to put forth a probationary answer to “Why do you study what you study?” It’s going to involve touching on what was a few key computing moments in my life, formative elements of my undergraduate and graduate degrees, and how my background working in IT fits into things. If you want to just skip to the final answer, hit the bottom of the post – the intermediary sections see me start linking together various facets of my life and education to form the structure to answer Omid’s question, and may be of little interest to you.

The Past

I’ve had a computer in my house almost since I can remember. My dad had an old Tandy computer that I played very early video games on. It was a beast to navigate, and the commands were arcane (especially to a 4 or 5 year old!). That said, it was amazing that you could play games on it. It wasn’t until we moved from the Maritimes that there was a ‘household’ computer. It cost a small fortune, and was meant for school work. I, of course, quickly learned how to install games on it. This was in the days of DOS and Windows 3.11. I learned how to navigate via a command line, as well as what not to do when trying to fix computer problems (an early lesson: deleting full directories when you don’t know what is in them is a really, really, really bad idea!).

Continue reading

Thoughts: Deep Packet Inspection and Copyright Protection

/ Christopher Parsons

In Lessig’s most recent book, Remix, he avoids directly endorsing any particular method of alleviating the issues with copyright infringement. Rather, he notes that there are models that have been proposed to alter how monies are collected for copyright holders. I want to briefly attend to the notion that file signatures can be used to identify particular copywritten works, and how deep packet inspection (DPI) could be used to facilitate this identification process.

The idea for using file signatures to track the movement of copywritten files goes like this: when you create a work that you want to have copywritten, the work is submitted to a body responsible for maintaining records on copywritten work. We can imagine that this could be national libraries. When the libraries receive the work, they create a unique signature, or hash code, for the copywritten work. This signature is stored in the national library’s database, and is known to the copyright holder as well. We can imagine a situation where we can choose what kind of signature we want copywritten work to have – there could be a full-stop copyright, a share-and-share alike non-commercial style copyright, and so forth. By breaking copyright up in this fashion, it would be possible to more granularly identify how content can and should be used.

Continue reading

Comment: To RFID or not to RFID, that is the question

/ Christopher Parsons / 1 Comment

The Vancouver Sun has an article that was written by Phil Chicola, U.S. Consul General in Vancouver. Entitled “To RFID or not to RFID, that is the question,” it is yet another part of the ongoing propaganda war surrounding the embedding of RFID chips in regular consumer products. In the recently released Canadian Border Services Agency (CBSA) Privacy Impact Assessment of the Enhanced Drivers License (EDL) program, we find that,

An effective external communications strategy will be developed by the [Provinces and Territories] with the assistance of the CBSA to ensure that the Canadian public is made aware of the significant privacy safeguards that will be put in place and the constraints that will be imposed on any subsequent use of personal information, especially sharing with the U.S. in consideration of the U.S.A. Patriot Act (29).

What this has amounted to in Ontario has been a persistent insistence by government officials that because the Radio Identifier that EDLs emit is not tied to any *other* piece of government information (e.g. the RFID number is not generated from an association with your driver license number, birth certificate, etc.) that the identifier isn’t personal information. Thus, while you will be broadcasting a number from your drivers license to anyone with a reader, that isn’t ‘personal’. Let’s turn to the Vancouver Sun article, and see how it squares up with the Canadian propaganda, shall we?

Continue reading

Comment: Virgin Takes Aim At BitTorrent

/ Christopher Parsons

In the US, Comcast is presently using what is referred to as ‘protocol agnostic’ filtering‘ – effectively, if you use the full amount of bandwidth that you are paying for for more than a few minutes, they decrease your available bandwidth for a while. This was, in part, a reaction to their sending RST packets to BitTorrent users – these packets would ‘kill’ connections that individuals had with other P2P users, but were also catching some other programs in the crossfire. What’s more, they were using a technique referred to as ‘packet forging’, which is involves changing packets in-stream. After a substantial amount of public criticism and backlash, Comcast stopped using their DPI equipment for this purpose and instead shifted to using them for protocol agnostic filtering.

Let’s turn to Virgin, who is currently implementing protocol agnostic filtering, but there are rumblings that the way that they’ve deployed it may not be the best solution to combatting what is perceived as the real problem: BitTorrent traffic. From a DSLreports article:

[A] customer on Virgin’s 10Mbps/512kbps “L” tier loses 75% of his throughput for five hours should he download more than 1200MB between 4 and 9PM. (Source)

There are several issues with this kind of agnostic filtering.

Continue reading

EDL Update: Canada backpedals on sharing personal database with U.S.

/ Christopher Parsons

An update to my last post concerning the location of the EDL databases: Jim Bronskill, with the Canadian Press, is reporting that the CBSA and Canadian authorities are shelving ideas to place the EDL data in the United States. While this certainly alleviates some of the privacy-related concerns with the EDLs, the Office of the Privacy Commissioner of Canada put it well:

“All in all, we are pleased to see that they listened to some of our recommendations, but we remain hopeful that they’ll heed to many of our other concerns,” said Anne-Marie Hayden, a spokeswoman for Stoddart. (Source)

It is nice to know that a massive amount of personal information isn’t being stored in the US for cost management reasons, but this doesn’t alleviate worries that the RFID chip in the EDLs might still be used for mass surveillance purposes. While the privacy commissioners of Canada have recently commented on this to the press, warning businesses that they need to be compliant with law when collecting license information, their need to publish this statement clearly suggests that businesses are not remaining compliant with the law concerning non-RFID licenses. To me, this suggests that there either needs to be some very real coercive ‘convincing’ applied to businesses so that they learn to comply with the law, or that this issue should be used to publicly advocate for modifications to the proposed EDL schemes (e.g. being able to disable the RFID with an on/off switch).

EDL Update: Privacy Impact Assessment Released!

/ Christopher Parsons

Under a Freedom of Information request, the Privacy Impact Assessment (PIA) for the initial tests with Enhanced Drivers Licenses (EDLs) has been released to the public. I would highly recommend taking a look at the documents if you’re interested in this issue. Over the next few days and weeks I’m going to be (briefly) posting notes on the document. For more information, I’d recommend turning to the Canadian hub for advocates campaigning against the EDLs, at the Canadian IDentity forum.

I have a real passion surrounding databases – they are used to guide daily practices, from accessing money at instant tellers, to authenticating you to web sites that you visit, to identifying the cost of products when they are scanned at the grocery store. Databases are big business, and when it comes time to deploy new pieces of identity infrastructure the database chosen is important, as are the security precautions that surround it.

Continue reading