Surveillance

Call for Cyber-Surveillance Annotated Bibliographies

/ Christopher Parsons

The New Transparency Project, as part of its international cyber-surveillance workshop, is issuing a call for annotated bibliographies around issues pertinent to their workshop. Again, given that issues concerning cyber-surveillance likely resonate with readers of this space, I wanted to alert you to this call. These bibliographies are meant to serve as a resource for those attending the May 12-15 workshop in 2011 at the University of Toronto. The deadline for submissions is September 15, 2010. Such submissions should be a maximum length of 500 words, and acceptance notifications will be issued by September 30, 2010. The authors (at least three) invited to prepare annotated bibliographies will each be paid $2000 (Cnd.) in two equal instalments. The first upon acceptance of the assignment, and the balance upon the bibliography’s satisfactory completion. The full call follows below:

Digitally Mediated Surveillance: From the Internet to Ubiquitous Computing

Digitally mediated surveillance (cyber-surveillance) is a growing and increasingly controversial aspect of every-day life in ‘advanced’ societies. Governments, corporations and even individuals are deploying digital techniques as diverse as social networking, video analytics, data-mining, wireless packet sniffing, RFID skimming, yet relatively little is known about actual practices and their implications. It is now over 15 years since the advent of the World Wide Web, and of widespread use of the Internet for electronic commerce, electronic government and social networking. The impending emergence of the ‘Internet of things’ promises (or threatens) to further insinuate digital surveillance capabilities into the fabric of daily life. Media alarmists have fueled a general popular understanding that one’s life is an open book when one goes online, making one increasingly subject to unwelcome intrusions. The reality is more complex and contingent on a variety of technological, institutional, legal and cultural factors.

Continue reading

Cyber-Surveillance in Everyday Life

/ Christopher Parsons

I wanted to let readers know that the New Transparency Project is hosting an international workshop on the theme of Cyber-surveillance in everyday live May 12-15, 2011 at the University of Toronto. Given that topics to be explored in the workshop include social networking, search engines, behavioural advertising/marketing, internet surveillance somewhat generally, and modes of resistance I thought readers here might be interested. Below is the full call for papers, with abstracts due by Oct 1.:

Digitally mediated surveillance (DMS) is an increasingly prevalent, but still largely invisible, aspect of daily life. As we work, play and negotiate public and private spaces, on-line and off, we produce a growing stream of personal digital data of interest to unseen others. CCTV cameras hosted by private and public actors survey and record our movements in public space, as well as in the workplace. Corporate interests track our behaviour as we navigate both social and transactional cyberspaces, data mining our digital doubles and packaging users as commodities for sale to the highest bidder. Governments continue to collect personal information on-line with unclear guidelines for retention and use, while law enforcement increasingly use internet technology to monitor not only criminals but activists and political dissidents as well, with worrisome implications for democracy.

Continue reading

Ole, Intellectual Property, and Taxing Canadian ISPs

/ Christopher Parsons / 9 Comments

Ole, a Canadian independent record label, put forward an often-heard and much disputed proposal to enhance record label revenues: Ole wants ISPs to surveil Canada’s digital networks for copywritten works. In the record label’s filing on July 12 for the Digital Economy Consultations, entitled “Building Delivery Systems at the Expense of Content Creators,” Ole asserts that ISPs are functioning as “short circuits” and let music customers avoid purchasing music on the free market. Rather than go to the market, customers are (behaving as rational economic actors…) instead using ISP networks to download music. That music is being downloaded is an unquestionable reality, but the stance that this indicates ISP liability for customers’ actions seems to be an effort to re-frame record industries’ unwillingness to adopt contemporary business models as a matter for ISPs to now deal with. In this post, I want to briefly touch on Ole’s filing and the realities of network surveillance for network-grade content awareness in today market. I’ll be concluding by suggesting that many of the problems presently facing labels are of their own making and that we should, at best, feel pity and at worst fear what they crush in their terror throes induced by disruptive technologies.

Ole asserts that there are two key infotainment revenue streams that content providers, such as ISPs, maintain: the $150 Cable TV stream and the $50 Internet stream. Given that content providers are required to redistribute some of the $150/month to content creators (often between 0.40-0.50 cents of every dollar collected), Ole argues that ISPs should be similarly required to distribute some of the $50/month to content creators that make the Internet worth using for end-users. Unstated, but presumed, is a very 1995 understanding of both copyright and digital networks. In 1995 the American Information Infrastructure Task Force released its Intellectual Property and the National Information Infrastructure report, wherein they wrote;

…the full potential of the NII will not be realized if the education, information and entertainment products protected by intellectual property laws are not protected effectively when disseminated via the NII…the public will not use the services available on the NII and generate the market necessary for its success unless a wide variety of works are available under equitable and reasonable terms and conditions, and the integrity of those works is assured…What will drive the NII is the content moving through it.

Of course, the assertion that if commercial content creators don’t make their works available on the Internet then the Internet will collapse is patently false.

Continue reading

Privacy Issues Strike Street View (Again)

/ Christopher Parsons / 5 Comments

Google Street View has come under fire again, this time for collecting wireless router information and some packets of data whilst wandering the globe and collecting pictures of our streets. It looks like the German authorities, in particular, may come down hard of Google though I’m at odds about the ‘calibre’ of the privacy violation – router information is fair game as far as I’m concerned, though data packets are a little dicier. But before I dig into that, let me outline what’s actually gone on.

Last Friday, Google announced that they had been inadvertently collecting some data packets sent via unencrypted wireless access points for the past three years. This admission came after the Street View program (again) came under criticism from German data protection authorities following Google’s (original, and earlier) admission that they had only been collecting information about wireless routers as they drove their cars around towns. Specifically, the original admission saw Google reveal they had collected the SSID and MAC addresses of routers. In layman’s terms, the SSID is the name of the wireless network that is usually given to the device during configuration processes following the installation of the device (e.g. Apartment 312, Pablo14, or any of the other names that are shown when you scan for wireless networks from your computer). The MAC address a unique number that is associated with each piece of Internet networking equipment; your wireless card in your computer, your LAN card, your router, and your iPhone all have unique numbers. After collecting both the SSID and MAC address of a wireless router the company identified the physical location of the device using a GPS system.

Google collects information about wireless networks and (almost more importantly) their physical location to provide a wifi-based geolocation system. Once they know where wireless routers are, and plot them on a map, you don’t need GPS to plan and trace a route through a city because a wireless card and low-powered computer will suffice. There are claims that this constitutes a privacy infringement, insofar as the correlation of SSID, MAC address, and physical location of the router constitute personal information. I’m not sure that I agree with this, as the Google service stands now.

Continue reading

Twitter, Mobile Browsers, and Metadata Privacy

/ Christopher Parsons

If you spend much time working with computers then you’re likely familiar with metadata, or data about data. In the digital era metadata is relied upon for many of the tagging and categorization systems that are seen in popular web environments, such as Twitter, Digg, Delicious, Facebook, and so forth, and is more generally used to define, structure, and administrate data across all digital environments. I should state, upfront, that metadata is incredibly valuable: nothing that I’m going to write about should leave you with the suggestion that metadata should be removed from the digital landscape or could be removed. Instead I’m advocating for a responsible use of metadata.

In this post I will be drawing on a pair of examples to underscore just how much data is contained in popular metadata structures: the information divulged every time a person tweets on Twitter, and what your mobile phone operator may be giving up to third-parties when you browse the web on your phone. In the latter case, especially, we see that metadata is not just important for routing data traffic but also responsible for disclosing a considerable amount of personal information. I’ll conclude by noting, once again, that our privacy regulators, commissioners, advocates, and researchers need to additional funding if citizens are to have those parties regularly identify ‘bad’ metadata practices and seek rapid remedies before the data ends up being datamined for illicit or unjustifiable reasons.

Continue reading

Deep Packet Inspection Canada

/ Christopher Parsons

Last week my advisor, Dr. Colin Bennett, and I launched a new website that is meant to provide Canadians with information about how their Internet Service Provider (ISP) monitors data traffic and manages their network. This website, Deep Packet Inspection Canada, aggregates information that has been disclosed on the public record about how the technology is used, why, and what uses of it are seen as ‘off limits’ by ISPs. The research has been funded through the Office of the Privacy Commissioner of Canada’s contributions program.

Deep packet inspection is a technology that facilitates a heightened awareness of what is flowing across ISP networks. It has the ability to determine the protocols responsible for shuttling information to and from the Internet, the applications that are used in transmitting the data, and (in test conditions) can even extract elements of data from the application layer of the data traffic in real time and compare it against other packet signatures to block particular data flows based on the content being accessed. Additionally, the technology can be used to modify packet flows using the technology – something done by Rogers – but it should be noted that DPI is not presently used to prevent Canadians from accessing particular content on the web, nor is it stopping them from using P2P services to download copywritten works.

Continue reading