Skype is a polarizing product for telecom operators and customers. It is an application that lets customers abandon their historical phone services in favour of an encrypted Voice over Internet Protocol (VoIP) communications service that provides ‘free’ calls to computers and cheap rates when making a Skype-to-analogue/cellular phone service. For customers, it extends the choices presented to them and potentially reduces their monthly phone expenses.
The iPhone application for Skype has made headlines as telecom and smartphone manufacturers alike have actively and passively resisted, and ultimately relented, to permitting customers make Skype calls from their iPhones and other mobile devices. Apple has stated that they will not ‘jump through hoops’ to ensure that VoIP applications work through successive operating system updates, and AT&T’s poor data transmission systems likely made them somewhat hesitant to allow another bandwidth-heavy service onto their networks. What really got me interested in the Skype iPhone application, as a Canadian, was the following:
- Canadian customers can now install Skype on their iPhones;
- There was no place on the web that informed Skype users of how much data was consumed by the iPhone application when in use.
It was #2 that was particularly interesting. Canadian consumers tend to have fairly low default bandwidth caps with Rogers, the primary carrier of the iPhone in Canada, at 1GB in the basic iPhone plan. My thought was this: if the iPhone application actually consumed massive amounts of data Rogers would:
- Make a killing on the likely data overages as early adopters shifted over to Skype VoIP in favour of Rogers’ own voice services;
- If the application actually consumed a large amount of bandwidth, carriers might see it as ‘technically’ needing to be mediated using some system (perhaps deep packet inspection).
I started putting out feelers, and no one knew how much data the application consumed. Rogers claimed they didn’t know, nor did Apple. A contact on Twitter who worked as customer relations for Skype also doesn’t know the amount of data used, and the information was nowhere (that I could find) on the English-written web. Similarly, my international contacts were uncertain about data requirements. Fortunately, after an extended wait, I’ve finally received word from Skype’s customer service desks (my last ditch effort was to submit a support ticket). Here is how the relevant part of the email reads:
[Note – I preface this with the following: I am not a lawyer, and what follows is a non-lawyer’s ruminations of how the Supreme Court’s thoughts on reasonable expectations to privacy intersect with what deep packet inspection (DPI) can potentially do. This is not meant to be a detailed examination of particular network appliances with particular characteristics, but much, much more general in nature.]
Whereas Kyllo v. United States saw the US Supreme Court assert that thermal-imaging devices, when directed towards citizens’ homes, did constitute an invasion of citizens’ privacy, the corresponding Canadian case (R. v. Tessling) saw the Supreme Court assert that RCMP thermal imaging devices did not violate Canadians’ Section 8 Chart rights (“Everyone has the right to be secure against unreasonable search or seizure”). The Court’s conclusions emphasized information privacy interests at the expense of normative expectations – thermal information, on its own, was practically ‘meaningless’ – which has led Ian Kerr and Jena McGill to worry that informational understandings of privacy invoke:
Immanuel Kant’s essay “On the Common Saying: ‘This May be True in Theory, but it does not Apply in Practice'” argues that theory is central to understanding the world around us and that, moreover, attempts to say that ‘theory doesn’t apply to the world as such’ are generally misguided. Part of the reason that Kant can so firmly advocate that theory and reality are co-original emerge from his monological rationalism, but at the same time time we see him argue that the clearest way to bring theory and practice into alignment is with more theory – rather than adopting ‘parsimonious’ explanations of the world we would be better off to develop rigorous and detailed accounts of the world.
Parsimony seems to be a popular term in the social sciences; it lets researchers develop concise theories that can be applied to particular situations, lets them isolate and speak about particular variables, and lends itself to broad(er) public accessibility of the theory in question. At the same time, theorists critique many such parsimonious accounts because they commonly fail to offer full explanations of social phenomena!
The complexity of privacy issues in combination with a desire for parsimony has been a confounding issue for privacy theorists. Nailing down what ‘privacy’ actually refers to has been, and continues to be, a nightmarish task insofar as almost every definition has some limiting factor. This problem is (to my mind) compounded when you enter online, or digital, environments where developing a complete understanding of how data flows across systems, what technical languages’ demands underlie data processing systems, and developing a comprehensive account of confidentiality and trust, are all incredibly challenging and yet essential for theorization. This is especially true when we think of a packet as being like post card (potentially one with its content encrypted) – in theory anyone could be capturing and analyzing packet streams and data that is held on foreign servers.
ipoque is one of the world’s leading Deep Packet Inspection (DPI) appliance manufacturers. For the past several years they have been producing detailed reports on the constitution of Internet bandwidth usage; their 2006 report was predominantly based on German data (100,000 German households’ data was incorporated into the study, versus 10,000 European households outside of Germany), whereas their 2008/2009 report takes data from Northern Africa, South Africa, South America, the Middle East, Eastern Europe, Southern Europe, Southwestern Europe, and Germany. In short: the study’s range of participants and associated data points have increased substantially.
While the most recent report isn’t ‘comprehensive’ in the sense that it offers a perfect picture of the Internet’s global bandwidth and protocol usage during the data accumulation period, there are interesting things that we can learn from it. Perhaps most interesting, is that ipoque learned that P2P protocol usage grew far less than during the 2007 data collection period. The 2008/2009 report routinely identifies Direct Download Sites and services such as Usenet as reasons for the decline of P2P usage, as well as increasingly rich multi-media HTTP traffic. (While it is well beyond the scope of the ipoque study, it would be delightful to see if there is a corresponding relationship between content owners providing their media through web accessible portals and decreases in the growth of copyright infringement online.)
This updated edition of Diffie and Landau’s text is a must-have for anyone who is interested in how encryption and communicative privacy politics have developed in the US over the past century or so. Privacy On The Line moves beyond a ‘who did what’ in politics, instead seeing the authors bring their considerable expertise in cryptography to bear in order to give the reader a strong understanding of the actual methods of securing digital transactions. After reading this text, the reader will have a good grasp on what types of encryption methods have been used though history, and strong understandings of the value and distinction between digital security and digital privacy, as well as an understanding of why and how data communications are tracked.
The only disappointment is the relative lack of examination of how the US has operated internationally – there is very little mention of the OECD, nor of European data protection, to say nothing of APEC. While the authors do talk about the role of encryption in the context of export control, I was a bit disappointed at just how little they talked about the perceptions of American efforts abroad – while this might have extended slightly beyond the American-centric lens of the book, it would have added depth of analysis (though perhaps at the expense of making the book too long for traditional publication). One of the great elements of this book is an absolutely stunning bibliography, references, and glossary – 106 pages of useful reference material ‘fleshes out’ the already excellent analysis of encryption in the US.
Ultimately, if you are interested in American spy politics, or in encryption in contemporary times, or in how these two intersect in the American political arena, then this text is for you.
A little while ago I was talking about network neutrality and Deep Packet Inspection (DPI) technologies with a person interested in the issue (shocking, I know), and one of the comments that I made went something like this: given the inability of DPI technologies to effectively crack encrypted payloads, it’s only a matter of time until websites start to move towards secure transactions – in other words, it’s only a matter of time until accessing websites will involve sending encrypted data between client computers and servers.
The Pirate Bay and Beyond
Recently, Sweden passed a bill that allows for the wiretapping of electronic communications without a court order. This caused the Pirates Bay, a well-known BitTorrent index site, to announce that it was adding SSL encryption to their website as well as VPN solutions for native Swedes who wanted to avoid the possibility of having their network traffic surveyed. Recently, isohunt.com has done the same, and other major torrent sites are expected to follow the lead. The groups who are running these websites are technically savvy, allowing them to implement encrypted access rapidly and with little technical difficulty, but as more and more sites move to SSL there will be an increasing demand amongst tech-savvy users that their favorite sites similarly protect them from various corporate and government oversight methods.