Privacy

Facial Blurring = Securing Individual Privacy?

/ Christopher Parsons

Google map privacy?The above image was taken by a Google Streetcar. As is evident, all of the faces in the picture have been blurred in accordance with Google’s anonymization policy. I think that the image nicely works as a lightning rod to capture some of the criticisms and questions that have been arisen around Streetview:

  1. Does the Streetview image-taking process itself, generally, constitute a privacy violation of some sort?
  2. Are individuals’ privacy secured by just blurring faces?
  3. Is this woman’s privacy being violated/infringed upon in so way as a result of having her photo taken?

Google’s response is, no doubt, that individuals who feel that an image is inappropriate can contact the company and they will take the image offline. The problem is that this puts the onus on individuals, though we  might be willing to affirm that Google recognizes photographic privacy as a social value, insofar as any member of society who sees this as a privacy infringement/violation can also ask Google to remove the image. Still, even in the latter case this ‘outsources’ privacy to the community and is a reactive, rather than a proactive, way to limit privacy invasions (if, in fact, the image above constitutes an ‘invasion’). Regardless of whether we want to see privacy as an individual or social value (or, better, as valuable both for individuals and society) we can perhaps more simply ponder whether blurring the face alone is enough to secure individuals’ privacy. Is anonymization the same as securing privacy?

Continue reading

Update: EDLs Live in BC

/ Christopher Parsons

victoriaparliamentThis is almost a week old (things have been busy *grin*), but in case you missed it British Columbians can now apply for Enhanced Drivers Licenses (EDLs) for land and sea entry into the US. Enhanced Identity Documents (EIDs) will be made available for individuals who cannot, or do not wish to, carry a drivers license.

Something that is interesting: To get an EDL in BC will cost you $110 ($75 for a regular 5-year license plus an addition $35 fee); at that price, a passport ($87/92) is cheaper! It seems to me that getting and EDL at that price is just foolish; you still need a passport to fly into the US, and a passport is cheaper if you will both be driving and flying. EDLs (again) come off as a half-assed idea that don’t really accommodate Canadians, but are meant as a passport substitute for Americans who are far less likely to widely travel abroad than Canadians.

Analysis: ipoque, DPI, and bandwidth management

/ Christopher Parsons

Bandwidth-exceededIn 2008, ipoque released a report titled “Bandwidth Management Solutions for Network Operators“. Using Deep Packet Inspection appliances, it is possible to establish a priority management system that privileges certain applications’ traffic over others; VoIP traffic can be dropped last, whereas P2P packets are given the lowest priority on the network. Two  modes of management are proposed by ipoque:

  1. Advanced Priority Management: where multi-tiered priorities maintain Quality of Experience (rather than Service) by identifying some packet-types as more important than others (e.g. VoIP is more important than BitTorrent packets). Under this system, less important packets are only dropped as needed, rather than being dropped once a bandwidth cap is met.
  2. Tiered Service Model: This uses a volume-service system, where users can purchase so much bandwidth for particular services. This is the ‘cell-phone’ model, where you sign up for packages that give you certain things and if you exceed your package limitations extra charges may apply*. Under this model you might pay for a file-sharing option, as well as a VoIP and/or streaming HTTP bundle.

The danger with filtering by application (from ipoque’s position) is that while local laws can be enforced, it  opens the ISP to dissatisfaction if legitimate websites are blocked. Thus, while an ISP might block Mininova, they can’t block Fedora repositories as well – the first might conform to local laws, whereas blocking the second would infringe on consumers’ freedoms. In light of this challenge, ipoque suggests that could ISPs adopt Saudi Arabia-like white-lists, where consumers can send a message to their ISP when they find sites being illegitimately blocked. Once the ISP checks out the site, they can either remove the site from the black-list, or inform the customer of why the site must remain listed.

Continue reading

Office of the Privacy Commissioner of Canada Reveals their Deep Packet Inspection Website

/ Christopher Parsons

200903300037.jpgThe Office of the Privacy Commissioner of Canada (OPC) has been incredibly interested in Deep Packet Inspection (DPI) technologies, and prominently demonstrated their concerns with the technology in the comment they filed to the CRTC about Internet Service Providers’ traffic management practices. As of today the OPC’s DPI website has gone online – it’s got a great set of mini-essays on various elements of the technology, and lets visitors leave comments and engage with each piece. They’ve done a stellar job – if you’re interesting in DPI and its privacy implications, I highly recommend visiting/bookmarking it.

As a note: if you want to get a grasp on what the Deep Packet Inspection is, and how it works, before jumping into its privacy implications I’ve developed an accessible working paper entitled “Deep Packet Inspection in Perspective: Tracing its lineage and surveillance potentials” for the New Transparency Project.

Analysis: ipoque, DPI, and encryption

/ Christopher Parsons

Package-reportipoque is one of the world’s leading Deep Packet Inspection (DPI) appliance manufacturers. For the past several years they have been producing detailed reports on the constitution of Internet bandwidth usage; their 2006 report was predominantly based on German data (100,000 German households’ data was incorporated into the study, versus 10,000 European households outside of Germany), whereas their 2008/2009 report takes data from Northern Africa, South Africa, South America, the Middle East, Eastern Europe, Southern Europe, Southwestern Europe, and Germany. In short: the study’s range of participants and associated data points have increased substantially.

While the most recent report isn’t ‘comprehensive’ in the sense that it offers a perfect picture of the Internet’s global bandwidth and protocol usage during the data accumulation period, there are interesting things that we can learn from it. Perhaps most interesting, is that ipoque learned that P2P protocol usage grew far less than during the 2007 data collection period. The 2008/2009 report routinely identifies Direct Download Sites and services such as Usenet as reasons for the decline of P2P usage, as well as increasingly rich multi-media HTTP traffic. (While it is well beyond the scope of the ipoque study, it would be delightful to see if there is a corresponding relationship between content owners providing their media through web accessible portals and decreases in the growth of copyright infringement online.)

Continue reading

Update: EDLs in New Brunswick

/ Christopher Parsons

200904021515.jpgA few days ago I posted that Nova Scotia and New Brunswick both might be moving away from EDLs because of their costs and/or privacy issues. While the article discussed the issue was problematic (because of persistent factual errors), it appears as though the author was on target concerning New Brunswick’s concerns with the technology: EDLs will not be coming to my birthplace .

This means that both New Brunswick and Saskatchewan will not be going forward with EDLs, though Alberta. Quebec, Manitoba, Ontario, and B.C. are all going ahead with EDLs. I’ll be curious to see if the rest of the Atlantic provinces follow New Brunswick’s lead, and how this might shape the national discourse on EDLs.