Packet Headers and Privacy

One of the largest network vendors in the world is planning to offer their ISP partners an opportunity to modify HTTP headers to get ISPs into the advertising racket. Juniper Networks, which sells routers to ISPs, is partnering with Feeva, an advertising solutions company, to modify data packets’ header information so that the packets will include geographic information. These modified packets will be transmitted to any and all websites that the customer visits, and will see individuals receive targeted advertisements according to their geographical location. Effectively, Juniper’s proposal may see ISPs leverage their existing customer service information to modify customers’ data traffic for the purposes of enhancing the geographic relevance of online advertising. This poses an extreme danger to citizens’ locational and communicative privacy.

Should ISPs adopt Juniper’s add-on, we will be witnessing yet another instance of repugnant ‘innovation’ that ISPs are regularly demonstrating in their efforts to enhance their revenue streams. We have already seen them forcibly redirect customers’ DNS requests to ad-laden pages, provide (ineffective) ‘anti-infringement’ software to shield citizens from threats posed by three-strikes laws, and alter the payload content of data packets for advertising. After touching the payload – and oftentimes being burned by regulators – it seems as though the header is the next point of the packet that is to be modified in the sole interest of the ISPs and to the detriment of customers’ privacy.

Continue reading

Honda GPS Warns Drivers of High Crime Zones

Honda has released a new GPS system for their vehicles where it will warn drivers when they’re about to leave their car in areas where there is a high chance of theft, vandalizm, or other criminal activity. I have two, relatively short, things to note about this:

A Comical Note

I can just imagine programming this thing for Rio – all the device would say was ‘If you’re stupid enough to think that this will help you here, you’re almost certainly a tourist’.

A Less Comical Note

This continues the pervasive surveillance of what you’re doing AND associates it with databases that you can’t be certain are terribly secure. I imagine that if a particularly enterprising individual surreptitiously made a few changes, and the the GPS was followed to the letter, that badness would ensure. Beyond fear-mongering, however, this technology associates perpetual vehicular monitoring with safety, and mistakenly presents the notion that police equally monitor and respond to reports in all areas of GPS coverage. This is a legitimate badness – it further complicates the problems surrounding self-awareness and unquestioned reliance on external data sources, sources that can become significant factors in one’s daily life.

Of course, it won’t be sold that way: Live in safety! Let us watch you! Surveillance stops all crime! Just look at CCTV in Britain.

Gizmodo link

Identification, Identity Systems, and the REAL ID Act

In a recent presentation to the Summer 2007 Privacy Symposium, Jim Harper lays out a series of concerns about a national identification system. I’m just going to run through them quickly – watch the video that I link to at the end of the post to view his presentation yourself.

Authentication versus Identification

  • Authentication is where you are challenged to provide a set of items/data in order to gain access to something. An example would be the requirement to have both a banking card and a PIN to access your bank account – this authenticates your access to the resource, but it isn’t a wholesale validation that it is actually Christopher Parsons who is accessing my bank account. Instead, what this does it is gives enough information to the bank that it is comfortable providing access to my bank account, without actually knowing for sure that it is me accessing the account.
  • Identification draws on unique characteristics that make up who you are, and validates that person attempting to gain access to X or do Y against the recorded characteristics that identify that person. This involves validating a person against facets of their constitutive being, with a popular identifier coming from biometric information. This passes beyond authentication systems because the person is certifiably identified. Whereas I can give you my bank card and PIN, I would have a far harder (and more painful) time giving you my right eye and left thumb.

Continue reading