Government

Holistic and Pragmatic Approaches to Privacy Theorization

/ Christopher Parsons

theoryandpracticeImmanuel Kant’s essay “On the Common Saying: ‘This May be True in Theory, but it does not Apply in Practice'” argues that theory is central to understanding the world around us and that, moreover, attempts to say that ‘theory doesn’t apply to the world as such’ are generally misguided. Part of the reason that Kant can so firmly advocate that theory and reality are co-original emerge from his monological rationalism, but at the same time time we see him argue that the clearest way to bring theory and practice into alignment is with more theory – rather than adopting ‘parsimonious’ explanations of the world we would be better off to develop rigorous and detailed accounts of the world.

Parsimony seems to be a popular term in the social sciences; it lets researchers develop concise theories that can be applied to particular situations, lets them isolate and speak about particular variables, and lends itself to broad(er) public accessibility of the theory in question. At the same time, theorists critique many such parsimonious accounts because they commonly fail to offer full explanations of social phenomena!

The complexity of privacy issues in combination with a desire for parsimony has been a confounding issue for privacy theorists. Nailing down what ‘privacy’ actually refers to has been, and continues to be, a nightmarish task insofar as almost every definition has some limiting factor. This problem is (to my mind) compounded when you enter online, or digital, environments where developing a complete understanding of how data flows across systems, what technical languages’ demands underlie data processing systems, and developing a comprehensive account of confidentiality and trust, are all incredibly challenging and yet essential for theorization. This is especially true when we think of a packet as being like post card (potentially one with its content encrypted) – in theory anyone could be capturing and analyzing packet streams and data that is held on foreign servers.

Continue reading

UK Government Responds to Phorm Petition

/ Christopher Parsons

ignoretextThe UK is in a bit of a bad row. According the BBC news site, today the Speaker of the Commons has stepped down, there is an Irish child abuse report coming due, and violence is rife in a failing prison. What hasn’t made BBC headlines, is that the Prime Minister’s office has made it clear that it will not look into British ISPs’ business arrangements with Phorm. After noting that the government is interested in shielding citizens’ privacy, the Prime Minister’s office notes,

ICO is an independent body, and it would not be appropriate for the Government to second guess its decisions.  However, ICO has been clear that it will be monitoring closely all progress on this issue, and in particular any future use of Phorm’s technology.  They will ensure that any such future use is done in a lawful, appropriate and transparent manner, and that consumers’ rights are fully protected (Source).

The Prime Minister’s office is unwilling to ‘second guess’ the ICO, and instead refers petitioners (there were about 21,000) to the ICO’s public statement about Phorm. In that publication (dated April 8, 2009), the ICO stated that that:

Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users. They clearly recognise the need to address the concerns raised by a number of individuals and organisations including the Open Rights Group (Source).

Continue reading

Canadian Privacy Advocates and Their Privacy Commissioners

/ Christopher Parsons / 2 Comments

advocatesclose1Colin Bennett, in his recent text The Privacy Advocates: Resisting the Spread of Surveillance, does a nice job creating a developing a typography for privacy advocates. Of a minor controversy, his text doesn’t include data protection commissioners as ‘privacy advocates’, even if they self-identify as such, on the basis that he wants to reflect on the roles that actors from civil society now play. Privacy, when understood in terms of regulatory capacity and relevant actors, cannot be sensibly talked about just in terms of ‘official’ advocates (e.g. data commissioners) because civil society is often deeply involved in the actions, reactions, and positions that the commissioners are forced to assume. In essence, privacy advocates are sometimes friends of, foes of, or ambivalent towards the privacy commissioners (I’d use another typography for this relationship, but I’ll wait for it to be publicly presented before talking about it here. It’s really snazzy though.).

Privacy advocates, in Bennett’s terms, are classified as such:

Continue reading

Deep Packet Inspection and the Confluence of Privacy Regimes

/ Christopher Parsons / 12 Comments

insiderouterI learned today that I was successful in winning a Social Sciences and Human Research Council (SSHRC) award. (Edit September 2009: I’ve been upgraded to a Joseph Armand Bombardier Canada Graduate Scholarship). Given how difficult I found it to find successful research statements (save for through personal contacts) I wanted to post my own statement for others to look at (as well as download if they so choose). Since writing the below statement, some of my thoughts on DPI have become more nuanced, and I’ll be interested in reflecting on how ethics might relate to surveillance/privacy practices. Comments and ideas are, of course, welcomed.

Interrogating Internet Service Provider Surveillance:
Deep Packet Inspection and the Confluence of International Privacy Regimes

Context and Research Question

Internet Service Providers (ISPs) are ideally situated to survey data traffic because all traffic to and from the Internet must pass through their networks. Using sophisticated data traffic monitoring technologies, these companies investigate and capture the content of unencrypted digital communications (e.g. MSN messages and e-mail). Despite their role as the digital era’s gatekeepers, very little work has been done in the social sciences to examine the relationship between the surveillance technologies that ISPs use to survey data flows and the regional privacy regulations that adjudicate permissible degrees of ISP surveillance. With my seven years of employment in the field of Information Technology (the last several in network operations), and my strong background in conceptions of privacy and their empirical realization from my master’s degree in philosophy and current doctoral work in political science, I am unusually well-suited suited to investigate this relationship. I will bring this background to bear when answering the following interlinked questions in my dissertation: What are the modes and conditions of ISP surveillance in the privacy regimes of Canada, the US, and European Union (EU)? Do common policy structures across these privacy regimes engender common realizations of ISP surveillance techniques and practices, or do regional privacy regulations pertaining to DPI technologies preclude any such harmonization?

Continue reading

Note: EDLs in New Brunswick and Nova Scotia?

/ Christopher Parsons

200903230015.jpgThere is a fairly confusing article on EDLs that was published by the Times & Transcript’s Alan Cochrane. It’s absolutely rife with inaccuracies about the technologies about EDLs, which contributes to the rampant misinformation about these identification pieces. Before I get to that, I want to note pieces of information that look interesting, though their accuracy has to be taken as questionable given the sloppy work done throughout the article.

Of interest:

  1. Apparently the New Brunswick government’s support of EDLs has ‘waned’ after receiving some report or another. While the reporter doesn’t mention the report by name, I have a suspicion that it’s the report commissioned by the Atlantic registrars of motor vehicles that was referenced in the May 9, 2008 press release of the Council of Atlantic Premiers. That report has not been disclosed to the public. (I lack anything that would substantiate or disprove the claim that New Brunswick’s interest has waned; I also don’t know what the report stated and so can’t know if it would influence the government’s position.)
  2. Service Nova Scotia has stated that the province is looking into EDLs, but as of yet does not have a deployment timeline. (I lack information that would substantiate or disprove this claim.)
  3. Manitoba is taking applications for EDLs right now, and will begin shipping them in 2 weeks. (This definitely seems on the money, and we can presume that it is accurate.)
  4. Continue reading

Update: Mobiles and Your Identity

/ Christopher Parsons

Last year I authored a post entitled “Mobiles and Your Identity“, where I attempted to unpack some of the privacy and surveillance concerns that are associated with smart phones, such as RIM’s Blackberry and Apple’s iPhone. In particular, I focused on the dangers that were associated with the theft of a mobile device – vast swathes of both your own personal data, as well as the personal information of your colleagues and friends, can be put at risk by failing to protect your device with passwords, kill switches, and so forth.

Mark Nestmann, over at “Preserving Your Privacy and More” has a couple posts discussing the risks that smart phones pose if a government authority arrests you (in the US). He notes that, in a recent case in Kansas, police examined a suspect’s mobile phone data to collect call records. When the case was brought to the Supreme Court, the Court found that since the smart phone’s records were held in a ‘container’ (i.e. the phone itself) that the police were within their rights to search the phone records. Mark notes that this ruling does not apply to all US states – several have more sensitive privacy laws – but leaves us with the warning that because laws of analogue search are being applied to digital devices that it is best to limit the data stored on smart phones (and mobile digital devices in general).

Continue reading