I’m in the process of pulling together some privacy-related thoughts surrounding Canadian ISPs’ use of DPI equipment. I’ve posted an early draft of the document, and invite comments and thoughts. If you want to prepare your own comments, you’ve still got until February 23rd.
Privacy & Surveillance
Posts under this category name relate to privacy generally, rather than distinguishing between the various ‘kinds’ of discussing or recognizing privacy.
Update: ‘More Secure’ (non-EDL) Drivers Licenses Coming to BC Soon!
As I’ve written about before, Enhanced Drivers Licenses (EDLs) are coming to British Columbia, as well as many other provinces around the country (I have a wiki page set up to collate information on EDLs). It seems that, at the same time the BC is rolling out EDLs, they are updating their ‘regular’ licenses.
The Canadian Press is reporting that these new licenses will be available in March, and include:
holographic overlays and laser-engraving or raised elements such as the cardholder’s image and signature…The B.C. government said the cards will incorporate technology that analyzes characteristics that do not change, such as the size and location of cheekbones and the distance between the eyes. This “facial recognition technology … will enable ICBC to compare a cardholder’s image with their existing image on file and with the corporation’s entire database of millions of images.” (Source)
Update: Network Management, Packet Inspection, and Stimulus Dollars?
Iain Thomson notes that the stimulus bill that recently cleared the American Congress might work to legitimize ISP packet inspection practices under the guise of ‘network management’. Specifically, the amendment in question reads:
In establishing obligations under paragraph (8), the assistant secretary shall allow for reasonable network management practices such as deterring unlawful activity, including child pornography and copyright infringement.
While Thomson takes this to (potentially) mean that ISPs and major content producers/rights holders might use this language to justify the use of packet inspection technologies, it’s possible that alternate management methods could be envisioned. This said, given that copyright infringement is explicitly noted, there is a very real worry that this might legitimize this clause to push for ISP ‘policing’. Any such effect, I suspect, would further escalate the war between P2P and Media; encryption would become more common and effective, and result in a greater sophistication in avoiding inspection devices. This is a real loss for any and all groups who rely on non-encrypted traffic for intelligence purposes; any drive that will get ‘common folk’ thinking about encrypting more and more of their traffic, accompanied with relatively easy ways of doing so, will substantially hinder the capture of actual content. How you read the implications of this depends on your perspective on privacy and surveillance, but it seems to me that it threatens to further escalate a ‘war’ that criminalizes huge swathes of the population for actions that are relatively harmless.
Comment: Google Latitude
In the past week or so, Google has receive an enormous amount of attention because of their Latitude program. Latitude, once installed and enabled, will alert specified friends to your geographic location very specifically (i.e. street address) or more broadly (i.e. city). Google has developed this system so that users can turn off the system, can alter how precise it locates users, and has (really) just caught up to the technologies that their competitors have already been playing with (I wrote a little about Yahoo!’s Fire Eagle software, which is similar to Latitude, a few months ago).
While many people have already written and spoken about Latitude, I’ve found myself on a fence. On the one hand, I think that some of the criticisms towards the ‘privacy’ features of the program have been innane – at least one privacy advocate’s core ‘contribution’ to has been a worry that individuals might be given a phone with Latitude installed and active, without knowing about its presence or activation. As a result, they would be tracked without having consented to the program, or the geo-surveillance.
Update: Ontario EDL Suppliers Named
Dr. Ann Cavoukian, the Ontario Information and Privacy Commissioner, announced yesterday that GND (located in Munich) would be responsible for producing Ontario EDLs. Further, she is working with the company Peratech to develop an on/off switch that would enable or disable the EDL RFIDs. As of yet, Peratech only has their technology working with contactless smart cards (i.e. cards with a 10 cm range), but they expect to overcome this. Ann is presently in talks with DHS to let them build the Peratech solution into the EDLs – this ‘privacy protective’ feature is not currently in the EDL spec. This is part of her ‘PETs Plus’, or ‘positive sum’ approach to security and privacy.
BC Privacy Commissioner Would Resign Over Longterm Surveillance
Several sessions about the Vancouver 2010 Olympics were held over the course of the 10th Annual Security and Privacy conference. The BC Privacy Commissioner, David Loukidelis, has stated in each session that he is opposed to the continued presence of surveillance infrastructure installed for the games after the games conclude. When asked by a member of the audience if he would consider resigning were this infrastructure not dismantled (and thus mirror the actions taken by Greek privacy officers when police refused to limit their use of surveillance infrastructure developed for the Athens games) he responded that he would consider it.
Micheal Vonn, the policy directory for BCCLA, noted in her presentations that the Vancouver police have established a policy for ‘routine’ consent searches throughout the lower eastside area of Vancouver during the games – by her rough calculations, around 300 people would be searched each patrol. Over two weeks, this would amount to a minimum of 4200 searches, and this assumes that only one patrol would be moving through the area each day. What is most significant is that the proposed target area is where the safe injection site is, as well as other essential social services facilities for the most disadvantaged in society. Vonn’s information is in the Vancouver police’s business plan, which suggests that a premeditated, unwarranted, search regime may be coming to the games along with other ‘exceptional’ security measures.
Technology, Thoughts & Trinkets 