German Deep Packet Inspection (DPI) manufacturer, ipoque, has produced a white paper titled “Deep Packet Inspection: Technology, Applications & Network Neutrality.” In it, the company distinguishes between DPI as a technology and possible applications of the technology in a social environment. After this discussion they provide a differentiated ‘tiering’ of various bandwidth management impacts on network neutrality. In this post I offer a summary and comment of the white paper, and ultimately wonder whether or not there is an effective theoretical model, grounded in empirical study, to frame or characterize network neutrality advocates.
The first thing that ipoque does is try and deflate the typically heard ‘DPI analysis = opening a sealed envelop’ analogy, and argue that it is better to see packets as postcards, where DPI analysis involves looking for particular keywords or characters. In this analysis, because the technology cannot know of the meaning of what is being searched for, the DPI appliances cannot be said to violate one’s privacy given the technology’s lack of contextual awareness. I’ve made a similar kind of argument, that contextual meaning escapes DPI appliances (though along different lines) in a paper that I presented earlier this year titled “Moving Across the Internet: Code-Bodies, Code-Corpses, and Network Architecture,” though I think that its important to recognize a difference between a machine understandingsomething itself versus flagging particular words and symbols for a human operator to review. Ubiquitous, “non-aware,” machine surveillance can have very real effects where a human is alerted to communications – its something of a misnomer to say that privacy isn’t infringed simply because the machine doesn’t know what it’s doing. We ban and regulate all kinds of technologies because of what they can be used for rather than because the technology itself is inherently bad (e.g. wiretaps).
For the past few weeks I’ve been working away on a paper that tries to bring together some of the CRTC filings that I’ve been reading for the past few months. This is a slightly revised and updated version of a paper that I presented to the Infoscape research lab recently. Many thanks to Fenwick Mckelvey for taking the lead to organize that, and also to Mark Goldberg for inviting me to the Canadian Telecom Summit, where I gained an appreciation for some of the issues and discussions that Canadian ISPs are presently engaged in.
Canadian ISPs are developing contemporary netscapes of power. Such developments are evidenced by ISPs categorizing, and discriminating against, particular uses of the Internet. Simultaneously, ISPs are disempowering citizens by refusing to disclose the technical information needed to meaningfully contribute to network-topology and packet discrimination discussions. Such power relationships become stridently manifest when observing Canadian public and regulatory discourse about a relatively new form of network management technology, deep packet inspection. Given the development of these netscapes, and Canadian ISPs’ general unwillingness to transparently disclose the technologies used to manage their networks, privacy advocates concerned about deep packet networking appliances abilities to discriminate between data traffic should lean towards adopting a ‘fundamentalist’, rather than a ‘pragmatic’, attitude concerning these appliances. Such a position will help privacy advocates resist the temptation of falling prey to case-by-case analyses that threaten to obfuscate these device’s full (and secretive) potentialities.
Full paper available for download here. Comments are welcome; either leave them here on the blog, or fire something to the email address listed on the first page of the paper.
We’re paying for a high-tech Broadway show that’s themed around ‘security’, but we’re actually watching the equivalent of a catastrophic performance in a low budget community theatre. The price of admission? Only millions dollars and your privacy.
As of June 1, 2009, Canadians and Americans alike require an Enhanced Drivers License (EDL), a NEXUS card, a FAST card, a passport, or a Secure Certificate of Indian Status to cross a Canadian-American land border. In Canada, only Ontario, Quebec, B.C. and Manitoba have moved ahead to develop provincial EDLs; the Saskatchewan, New Brunswick and Prince Edward Island governments have all decided not to provide these high tech, low privacy, cards to the constitutencies (Source). To apply for an EDL in a participating province, all you need to do is undergo an intensive and extensive 30 minute face-to-face interview at your provincial equivalent of the Department of Motor Vehicles. Your reward for being verbally probed? A license that includes a Radio Frequency Identification (RFID) tag and a biometric photograph. The RFID tag includes a unique number, like your Social Insurance Number (SIN), that is transmitted to anyone with an RFID reader. These readers can be purchased off the shelf by regular consumers, and number your EDL emits is not encrypted and does not require an authentication code to be displayed on a reader. Effectively, RFID tag numbers are easier to capture than your webmail password.
Colin Bennett, in his recent text The Privacy Advocates: Resisting the Spread of Surveillance, does a nice job creating a developing a typography for privacy advocates. Of a minor controversy, his text doesn’t include data protection commissioners as ‘privacy advocates’, even if they self-identify as such, on the basis that he wants to reflect on the roles that actors from civil society now play. Privacy, when understood in terms of regulatory capacity and relevant actors, cannot be sensibly talked about just in terms of ‘official’ advocates (e.g. data commissioners) because civil society is often deeply involved in the actions, reactions, and positions that the commissioners are forced to assume. In essence, privacy advocates are sometimes friends of, foes of, or ambivalent towards the privacy commissioners (I’d use another typography for this relationship, but I’ll wait for it to be publicly presented before talking about it here. It’s really snazzy though.).
Privacy advocates, in Bennett’s terms, are classified as such: