Security

Lesson Drawing from the Telegraph

/ Christopher Parsons

By David DuganIn the domain of telecom policy, it seems like a series of bad ideas (re)arise alongside major innovations in communications systems and technologies. In this post, I want to turn to the telegraph to shed light on issues of communication bandwidth, security and privacy that are being (re)addressed by regulators around the world as they grapple with the Internet. I’ll speak to the legacy of data retention in analogue and digital communicative infrastructures, congestion management, protocol development, and encryption policies to demonstrate how these issues have arisen in the past, and conclude by suggesting a few precautionary notes about the future of the Internet. I do want to acknowledge, before getting into the meat of this post, that while the telegraph can be usefully identified as a precursor to the digital Internet because of the strong analogies between the two technological systems it did use different technological scaffolding. Thus, lessons that are drawn are based on the analogical similarities, rather than technical homogeneity between the systems.

The Telegraph

The telegraph took years to develop. Standardization was a particular issues, perhaps best epitomized by the French having an early telegraph system of (effectively) high-tech signal towers, whereas other nations struggled to develop interoperable cross-continental electrically-based systems. Following the French communication innovation (which was largely used to coordinate military endeavours), inventors in other nations such as Britain and the United States spent considerable amounts of time learning how to send electrical pulses along various kinds of cables to communicate information at high speed across vast distances.

Continue reading

Data Retention, Protection, and Privacy

/ Christopher Parsons / 2 Comments

Data retention is always a sensitive issue; what is retained, for how long, under what conditions, and who can access the data? Recently, Ireland’s Memorandum of Understanding (MoU) between the government and telecommunications providers was leaked, providing members of the public with a non-redacted view of what these MoU’s look like and how they integrate with the European data retention directive. In this post, I want to give a quick primer on the EU data retention directive, identify some key elements of Ireland’s MoU and the Article 29 Data Protection Working Group’s evaluation of the directive more generally. Finally, I’ll offer a few comments concerning data protection versus privacy protection and use the EU data protection directive as an example. The aim of this post is to identify a few deficiencies in both data retention and data protection laws and argue that  privacy advocates and government officials to defend privacy first, approaching data protection as a tool rather than an end-in-itself.

A Quick Primer on EU Data Retention

In Europe, Directive 2006/24/EC (the Data Retention Directive, or DRD) required member-nations to pass legislation mandating retention of particular telecommunications data. Law enforcement sees retained data as useful for public safety reasons. A community-level effort was required to facilitate harmonized data retention; differences in members’ national laws meant that the EU was unlikely to have broadly compatible cross-national retention standards. As we will see, this concern remains well after the Directive’s passage. Continue reading

IPv6 and the Future of Privacy

/ Christopher Parsons / 5 Comments

There is an increasing urgency to transition to a new infrastructure for addressing space on the Internet, and in this space all individuals and their devices could be uniquely identifiable by their Internet Protocol (IP) address(es). It is in light of this surveillant future that France’s recent ruling that IP addresses are not personally identifiable information is so serious. Further, it is with this longer temporal viewpoint (i.e. not just the here and now) that has more generally worried technologists about governmental rulings concerning binary ‘yes/no IP addresses are private information’.

Before I go any further, let me break down what an IP address is, the distinctions between versions 4 (IPv4) and 6 (IPv6), and then get to the heart of the privacy-related issues concerning the transition to IPv6. The technical infrastructure of the ‘net tends to be seen as dreadfully boring but, as is evidenced by the (possible) computer failures of Toyota vehicles, what goes on ‘under the hood’ of the ‘net is of critical importance to understand and think about. It’s my hope that you’ll browse away with concerns and thoughts about the future of privacy in an increasingly connected biodigital world.

Continue reading

Beyond Fear and Deep Packet Inspection

/ Christopher Parsons

securitybooksOver the past few days I’ve been able to attend to non-essential reading, which has given me the opportunity to start chewing through Bruce Schneier’s Beyond Fear. The book, in general, is an effort on Bruce’s part to get people thinking critically about security measures. It’s incredibly accessible and easy to read – I’d highly recommend it.

Early on in the text, Schneier provides a set of questions that ought to be asked before deploying a security system. I want to very briefly think through those questions as they relate to Deep Packet Inspection (DPI) in Canada to begin narrowing a security-derived understanding of the technology in Canada. My hope is that through critically engaging with this technology that a model to capture concerns and worries can start to emerge.

Question 1: What assets are you trying to protect?

  • Network infrastructure from being overwhelmed by data traffic.

Question 2: What are the risks to these assets?

  • Synchronous bandwidth-heavy applications running 24/7 that generate congestion and thus broadly degrade consumer experiences.

Question 3: How well does security mitigate those risks?

Continue reading

Review: Privacy On The Line

/ Christopher Parsons

This updated edition of Diffie and Landau’s text is a must-have for anyone who is interested in how encryption and communicative privacy politics have developed in the US over the past century or so. Privacy On The Line moves beyond a ‘who did what’ in politics, instead seeing the authors bring their considerable expertise in cryptography to bear in order to give the reader a strong understanding of the actual methods of securing digital transactions. After reading this text, the reader will have a good grasp on what types of encryption methods have been used though history, and strong understandings of the value and distinction between digital security and digital privacy, as well as an understanding of why and how data communications are tracked.

The only disappointment is the relative lack of examination of how the US has operated internationally – there is very little mention of the OECD, nor of European data protection, to say nothing of APEC. While the authors do talk about the role of encryption in the context of export control, I was a bit disappointed at just how little they talked about the perceptions of American efforts abroad – while this might have extended slightly beyond the American-centric lens of the book, it would have added depth of analysis (though perhaps at the expense of making the book too long for traditional publication). One of the great elements of this book is an absolutely stunning bibliography, references, and glossary – 106 pages of useful reference material ‘fleshes out’ the already excellent analysis of encryption in the US.

Ultimately, if you are interested in American spy politics, or in encryption in contemporary times, or in how these two intersect in the American political arena, then this text is for you.

The Coming of Ubiquitous Bandwidth?

/ Christopher Parsons

At work, I’m often referred to as the ‘neo-luddite‘ because I don’t advocate the rapid adoption of new technologies for their own sake, nor do I adhere to the position that technologies are inherently value neutral. In fact, I think that technologies are typically inscribed with a particular value-orientation; this orientation is not necessarily the one that is expressed at the technology’s creation. I think that there should be genuine thought and caution advanced when developing technologies that could be destructive to various facets of social life. With the introduction of new technologies comes the possibilities of reshaping cultural traditions, and sure a reshaping shouldn’t be done without at least some forethought. This shouldn’t be taken to mean that I see technology as adding to, or detracting from, a culture, but rather that accompanying a new technology’s adoption is a new cultural system with its own unique environmental characteristics. The world with cellphones isn’t the world as it was, plus cell phones, but instead is an entirely different techno-cultural world. We need to be mindful of the potency of new technologies to reshape facets of our lives through the transmutation or abolition of our traditions – doing otherwise is irresponsible to ourselves and the other members of our society.

Continue reading