Context, Privacy, and (Attempted) Blogger Anonymity

bloggingtimelineWhile it’s fine and good to leave a comment where neither you nor an anonymous blogger know one another, what happens when you do know the anonymous blogger and it’s clear that they want to remain anonymous? This post tries to engage with this question, and focuses on the challenges that I experience when I want to post on an ‘anonymous’ blog where I know who is doing the blogging – it attends to the contextual privacy questions that race through my head before I post. As part  of this, I want to think through how a set of norms might be established to address my own questions/worries, and means of communicating this with visitors.

I’ve been blogging in various forms for a long time now – about a decade (!) – and in every blog I’ve ever had I use my name. This has been done, in part, because when I write under my name I’m far more accountable than when I write under an alias (or, at least I think this is the case). This said, I recognize that my stance to is slightly different than that of many bloggers out there – many avoid closely associating their published content with their names, and often for exceedingly good reasons. Sometimes a blogger wants to just vent, and doesn’t want to deal with related social challenges that arise as people know that Tommy is angry. Others do so for personal safety reasons (angry/dangerous ex-spouses), some for career reasons (not permitted to blog/worried about effects of blogging for future job prospects), some to avoid ‘-ist’ related comments (sexist, racist, ageist, etc.).

Continue reading

Deep Packet Inspection: What Innovation Will ISPs Encourage?

InnovationAll sorts of nasty things as said about ISPs that use Deep Packet Inspection (DPI). ISPs aren’t investing enough in their networks, they just want to punish early adopters of new technologies, they’re looking to deepen their regulatory powers capacities, or they want to track what their customers do online. ISPs, in turn, tend to insist that P2P applications are causing undue network congestion, and DPI is the only measure presently available to them to alleviate such congestion.

At the moment, the constant focus on P2P over the past few years has resulted in various ‘solutions’ including the development of P4P and the shift to UDP. Unfortunately, the cat and mouse game between groups representing record labels, ISPs (to a limited extent), and end-users has led to conflict that has ensured that most of the time and money is being put into ‘offensive’ and ‘defensive’ technologies and tactics online rather than more extensively into bandwidth-limiting technologies. Offensive technologies include those that enable mass analysis of data- and protocol-types to try and stop or delay particular modes of data sharing. While DPI can be factored into this set of technologies, a multitude of network technologies can just as easily fit into this category. ‘Defensive’ technologies include port randomizers, superior encryption and anonymity techniques, and other techniques that are primarily designed to evade particular analyses of network activity.

I should state up front that I don’t want to make myself out to be a technological determinist; neither ‘offensive’ or ‘defensive’ technologies are in a necessary causal relationship with one another. Many of the ‘offensive’ technologies could have been developed in light of increasingly nuanced viral attacks and spam barrages, to say nothing of the heightening complexity of intrusion attacks and pressures from the copyright lobbies. Similarly, encryption and anonymity technologies would have continued to develop, given that in many nations it is impossible to trust local ISPs or governments.

Continue reading

Twitter and Statutory Notions of Privacy

protectionpersonaldataright[Note: this is an early draft of the second section of a paper I’m working on titled ‘Who Gives a Tweet about Privacy’ and builds from an earlier posted section titled ‘Privacy, Dignity, Copyright and Twitter‘ Other sections will follow as I draft them.]

Towards a Statutory Notion of Privacy

Whereas Warren and Brandeis explicitly built a tort claim to privacy (and can be read as implicitly laying the groundwork for a right to privacy), theorists such as Alan Westin attempt to justify a claim to privacy that would operate as the bedrock for a right to privacy. Spiros Simitis recognizes this claim, but argues that privacy should be read as both an individual and a social issue. The question that arises is whether or not these writers’ respective understandings of privacy capture the normative expectations of speaking in a public space, such as Twitter; do their understandings of intrusion/data capture recognize the complexities of speaking in public spaces and provide a reasonable expectation of privacy that reflects people’s interests to keep private some, but not all, of the discussions they have in public?

Continue reading

Facial Blurring = Securing Individual Privacy?

Google map privacy?The above image was taken by a Google Streetcar. As is evident, all of the faces in the picture have been blurred in accordance with Google’s anonymization policy. I think that the image nicely works as a lightning rod to capture some of the criticisms and questions that have been arisen around Streetview:

  1. Does the Streetview image-taking process itself, generally, constitute a privacy violation of some sort?
  2. Are individuals’ privacy secured by just blurring faces?
  3. Is this woman’s privacy being violated/infringed upon in so way as a result of having her photo taken?

Google’s response is, no doubt, that individuals who feel that an image is inappropriate can contact the company and they will take the image offline. The problem is that this puts the onus on individuals, though we  might be willing to affirm that Google recognizes photographic privacy as a social value, insofar as any member of society who sees this as a privacy infringement/violation can also ask Google to remove the image. Still, even in the latter case this ‘outsources’ privacy to the community and is a reactive, rather than a proactive, way to limit privacy invasions (if, in fact, the image above constitutes an ‘invasion’). Regardless of whether we want to see privacy as an individual or social value (or, better, as valuable both for individuals and society) we can perhaps more simply ponder whether blurring the face alone is enough to secure individuals’ privacy. Is anonymization the same as securing privacy?

Continue reading

Update: Associating Canadian ISPs with Anonymized Data Traffic Submissions

200902142238.jpgI’ve just posted a document that draws together the CRTC’s February 4, 11, and 12 filings for PN 2008-19. The document ties ISPs with categories of anonymous data for easy reference, and is also meant to contextualize each data set by reproducing the questions that led ISPs to develop these data sets in the first place.

Items of note:

  • Responses to question 1 (a) show that, save for a single ISP, ISPs’ annual percentage growth of total traffic volume has decreased. ISPs required to anonymously submit data: Barrett, Bell Canada et al., Cogeco, MTS Allstream, QMI (Videotron), Rogers, Sasktel, Shaw, Telus.
  • Responses to question 1 (b) show that the percentage of HTTP/Streaming traffic has increased, two companies report that the percentage of P2P traffic has increased and two report it has decreased slightly, UDP traffic has increased slightly, and the “Other” category now accounts for a smaller percentage of total traffic than in the first months measured. ISPs required to anonymously submit data: Barrett, Bell Canada et al. (for Bell Wireline), Bragg, Rogers, and Shaw.
  • Responses to 2 (a) reveal the annual percentage growth of monthly average usage per end-user. We find that growth is occurring on company networks, and that this growth has been uneven (e.g. Company A experienced 16% growth one year, 47% the next, and 13% in the final year). This suggests, to me, that developing an accurate forecast of expected bandwidth growth would be challenging. Without knowing what companies are associated with each data set, it is challenging for analysts to determine if Network Management Technologies might be responsible for the changes in growth rates. ISPs required to anonymously submit data: Barrett, Bell Canada et al. (for Bell Wireline), Cogeco, MTS Allstream, QMI (Videotron), Rogers, and Telus.
  • Responses to 2 (b) discuss the percentage growth for ISPs’ top 5% and 10% users. Data for the top 5% shows that two companies experienced negative growth in 2007-2008, one only 2% growth in 2007-2008, and the last a 25% growth. Data for the top 10% shows that two companies experienced negative growth in 2007-2008, one 1% growth, and the last a 25% growth. ISPs required to anonymously submit data: Bell Canada et al. (for Bell Wireline), Cogeco, MTS Allstream, QMI (Videotron), Rogers, and Telus.
  • Responses to 2 (c) identify how much of the total traffic that top 5% and 10% users account for. Top 5% account for 37%-56% of total traffic. The top 10% account for 52%-74%. These are fairly damning numbers, given that they clearly demonstrate that massive proportions of the network are being used by a relatively small minority of users. ISPs required to anonymously submit data: Barrett, Bell Canada et al. (for Bell Wireline), Bragg, Cogeco, MTS Allstream, Primus, QMI (Videotron), Rogers, Shaw, and Telus.
  • Responses to 2 (d) break down the application usage numbers for the top 5% and 10% of ISPs’ users. For the top 5% of users, HTTP/Streaming has remained relatively constant, P2P use decreased for only one company, UDP traffic is up, and “Other” traffic has decreased for two of three companies. For the top 10% of users, HTTP/Streaming traffic makes up a higher percentage of total traffic, in all but one case P2P traffic represents a larger percentage of total traffic, UDP is up, and “Other” is down for two of three companies. ISPs required to anonymously submit data: Bell Canada et al. (for Bell Wireline), Bragg, and Shaw.

Update: CRTC PN 2008-19 ISP Filing Summary Document

200902132334.jpgI’ve updated my initial ISP Filing Summary document with the information that ISPs provided on February 9, 2008 per the CRTC’s February 4, 2009 request. Updates to the document are made in blue. The updates to not include Videotron’s response to 1 (c).

I would maintain that the most interesting parts of was was released have been summarized in a post from two days ago, which was entitled “Update: CRTC PN 2008-19 Filings“. Tomorrow, I should be posting a document that correlates data the CRTC aggregated and anonymized with the ISPs who were required to release anonymized data. My hope is that this will make it a bit clearer who data might be associated with.