Privacy & Surveillance

Posts under this category name relate to privacy generally, rather than distinguishing between the various ‘kinds’ of discussing or recognizing privacy.

Data Retention, Protection, and Privacy

/ Christopher Parsons / 2 Comments

Data retention is always a sensitive issue; what is retained, for how long, under what conditions, and who can access the data? Recently, Ireland’s Memorandum of Understanding (MoU) between the government and telecommunications providers was leaked, providing members of the public with a non-redacted view of what these MoU’s look like and how they integrate with the European data retention directive. In this post, I want to give a quick primer on the EU data retention directive, identify some key elements of Ireland’s MoU and the Article 29 Data Protection Working Group’s evaluation of the directive more generally. Finally, I’ll offer a few comments concerning data protection versus privacy protection and use the EU data protection directive as an example. The aim of this post is to identify a few deficiencies in both data retention and data protection laws and argue that  privacy advocates and government officials to defend privacy first, approaching data protection as a tool rather than an end-in-itself.

A Quick Primer on EU Data Retention

In Europe, Directive 2006/24/EC (the Data Retention Directive, or DRD) required member-nations to pass legislation mandating retention of particular telecommunications data. Law enforcement sees retained data as useful for public safety reasons. A community-level effort was required to facilitate harmonized data retention; differences in members’ national laws meant that the EU was unlikely to have broadly compatible cross-national retention standards. As we will see, this concern remains well after the Directive’s passage. Continue reading

Call for Cyber-Surveillance Annotated Bibliographies

/ Christopher Parsons

The New Transparency Project, as part of its international cyber-surveillance workshop, is issuing a call for annotated bibliographies around issues pertinent to their workshop. Again, given that issues concerning cyber-surveillance likely resonate with readers of this space, I wanted to alert you to this call. These bibliographies are meant to serve as a resource for those attending the May 12-15 workshop in 2011 at the University of Toronto. The deadline for submissions is September 15, 2010. Such submissions should be a maximum length of 500 words, and acceptance notifications will be issued by September 30, 2010. The authors (at least three) invited to prepare annotated bibliographies will each be paid $2000 (Cnd.) in two equal instalments. The first upon acceptance of the assignment, and the balance upon the bibliography’s satisfactory completion. The full call follows below:

Digitally Mediated Surveillance: From the Internet to Ubiquitous Computing

Digitally mediated surveillance (cyber-surveillance) is a growing and increasingly controversial aspect of every-day life in ‘advanced’ societies. Governments, corporations and even individuals are deploying digital techniques as diverse as social networking, video analytics, data-mining, wireless packet sniffing, RFID skimming, yet relatively little is known about actual practices and their implications. It is now over 15 years since the advent of the World Wide Web, and of widespread use of the Internet for electronic commerce, electronic government and social networking. The impending emergence of the ‘Internet of things’ promises (or threatens) to further insinuate digital surveillance capabilities into the fabric of daily life. Media alarmists have fueled a general popular understanding that one’s life is an open book when one goes online, making one increasingly subject to unwelcome intrusions. The reality is more complex and contingent on a variety of technological, institutional, legal and cultural factors.

Continue reading

Cyber-Surveillance in Everyday Life

/ Christopher Parsons

I wanted to let readers know that the New Transparency Project is hosting an international workshop on the theme of Cyber-surveillance in everyday live May 12-15, 2011 at the University of Toronto. Given that topics to be explored in the workshop include social networking, search engines, behavioural advertising/marketing, internet surveillance somewhat generally, and modes of resistance I thought readers here might be interested. Below is the full call for papers, with abstracts due by Oct 1.:

Digitally mediated surveillance (DMS) is an increasingly prevalent, but still largely invisible, aspect of daily life. As we work, play and negotiate public and private spaces, on-line and off, we produce a growing stream of personal digital data of interest to unseen others. CCTV cameras hosted by private and public actors survey and record our movements in public space, as well as in the workplace. Corporate interests track our behaviour as we navigate both social and transactional cyberspaces, data mining our digital doubles and packaging users as commodities for sale to the highest bidder. Governments continue to collect personal information on-line with unclear guidelines for retention and use, while law enforcement increasingly use internet technology to monitor not only criminals but activists and political dissidents as well, with worrisome implications for democracy.

Continue reading

Update: Feeva, Advertising, and Privacy

/ Christopher Parsons / 5 Comments

MusicBrainzServersWhen you spend a lot of time working in the areas of copyright, traffic sniffing and analysis, and the Internet’s surveillance infrastructure more generally, there is a tendency to expect bad things on a daily basis. This expectation is built up from years of horrors, and I’m rarely disappointed in my day-to-day research. Thus, when Wired reported that a company called Feeva was injecting locational information into packet headers the actions didn’t come across as surprising; privacy infringements as reported in the Wired piece are depressingly common. In response I wrote a brief post decrying the modification of packet-headers for geolocational purposes and was quoted by Jon Newton on P2Pnet on my reactions to what I understood at the time was going on.

After the post, and quotations turned up on P2Pnet, folks at Feeva quickly got ahold of me. I’ve since had a few conversations with them. It turns out that (a) there were factual inaccuracies in the Wired article; (b) Feeva isn’t the privacy-devastating monster that they came off as in the Wired article. Given my increased familiarity with the technology I wanted to better outline what their technology does and alter my earlier post’s conclusion: Feeva is employing a surprising privacy-protective advertising system. As it stands, their system is a whole lot better at limiting infringements on individuals’ privacy for advertising-related purposes than any other scalable model that I’m presently aware of.

Before I get into the post proper, however, I do want to note that I am somewhat limited in the totality of what I can speak about. I’ve spoken with both Feeva’s Chief Technology Officer, Miten Sampat, and Chief Privacy Officer, Dr. Don Lloyd Cook, and they’ve been incredibly generous in sharing both their time and corporate information. The two have been incredibly forthcoming with the technical details of the system employed and (unsurprisingly) some of this information is protected. As such, I can’t get into super-specifics (i.e. X technology uses Y protocol and Z hardware) but, while some abstractions are required, I think that I’ve managed to get across key elements of the system they’ve put in place.

Continue reading

Ole, Intellectual Property, and Taxing Canadian ISPs

/ Christopher Parsons / 9 Comments

Ole, a Canadian independent record label, put forward an often-heard and much disputed proposal to enhance record label revenues: Ole wants ISPs to surveil Canada’s digital networks for copywritten works. In the record label’s filing on July 12 for the Digital Economy Consultations, entitled “Building Delivery Systems at the Expense of Content Creators,” Ole asserts that ISPs are functioning as “short circuits” and let music customers avoid purchasing music on the free market. Rather than go to the market, customers are (behaving as rational economic actors…) instead using ISP networks to download music. That music is being downloaded is an unquestionable reality, but the stance that this indicates ISP liability for customers’ actions seems to be an effort to re-frame record industries’ unwillingness to adopt contemporary business models as a matter for ISPs to now deal with. In this post, I want to briefly touch on Ole’s filing and the realities of network surveillance for network-grade content awareness in today market. I’ll be concluding by suggesting that many of the problems presently facing labels are of their own making and that we should, at best, feel pity and at worst fear what they crush in their terror throes induced by disruptive technologies.

Ole asserts that there are two key infotainment revenue streams that content providers, such as ISPs, maintain: the $150 Cable TV stream and the $50 Internet stream. Given that content providers are required to redistribute some of the $150/month to content creators (often between 0.40-0.50 cents of every dollar collected), Ole argues that ISPs should be similarly required to distribute some of the $50/month to content creators that make the Internet worth using for end-users. Unstated, but presumed, is a very 1995 understanding of both copyright and digital networks. In 1995 the American Information Infrastructure Task Force released its Intellectual Property and the National Information Infrastructure report, wherein they wrote;

…the full potential of the NII will not be realized if the education, information and entertainment products protected by intellectual property laws are not protected effectively when disseminated via the NII…the public will not use the services available on the NII and generate the market necessary for its success unless a wide variety of works are available under equitable and reasonable terms and conditions, and the integrity of those works is assured…What will drive the NII is the content moving through it.

Of course, the assertion that if commercial content creators don’t make their works available on the Internet then the Internet will collapse is patently false.

Continue reading

On a Social Networking Bill of Rights

/ Christopher Parsons

I attended this year’s Computers, Freedom, and Privacy conference and spent time in sessions on privacy in large data sets, deep packet inspection and network neutrality, the role of privacy in venture capital pitches, and what businesses are doing to secure privacy. In addition, a collection of us worked for some time to produce a rough draft of the Social Network Users’ Bill of Rights that was subsequently discussed and ratified by the conference participants. In this post, I want to speak to the motivations of the Bill of Rights, characteristics of social networking and Bill proper, a few hopeful outcomes resulting from the Bill’s instantiation and conclude by denoting a concerns around the Bill’s creation and consequent challenges for moving it forward.

First, let me speak to the motivation behind the Bill. Social networking environments are increasingly becoming the places where individuals store key information – contact information, photos, thoughts and reflections, video – and genuinely becoming integrated into the political. This integration was particularly poignantly demonstrated last year when the American State Department asked Twitter to delay upgrades that would disrupt service and stem the information flowing out of Iran following the illegitimate election of President Ahmadinejad. Social networks have already been tied into the economic and social landscapes in profound ways: we see infrastructure costs for maintaining core business functionality approaching zero and the labor that was historically required for initiating conversations and meetings, to say nothing of shared authorship, have been integrated into social networking platforms themselves. Social networking, under this rubric, extends beyond sites such as Facebook and MySpace, and encapsulate companies like Google and Yahoo!, WordPress, and Digg, and their associated product offerings. Social networking extends well beyond social media; we can turn to Mashable’s collection of twenty characteristics included in the term ‘social networking’ for guidance as to what the term captures:

Continue reading