Surveillance

DPI Deployed for Mobile Advertising

/ Christopher Parsons

200902181453.jpgDeep Packet Inspection is being deploying by an increasing number of operators for a host of purposes, including content analysis, flow analysis, network management (broadly stated), network management as integrated with policy management, and behavioural advertising (to name a few). While BT, in the UK, has openly admitted to working with Phorm to bring behavioral advertising to its consumers, it now appears as though network owners are going to be analyzing Internet traffic from mobiles, as well as desktop and notebook computers.

The Guardian is reporting that in a recent GSMA trial to collect information of where mobile users’ are browsing, that “the UK’s five networks – 3, O2, Orange, T-Mobile and Vodafone – used deep packet inspection technology to collect data covering about half the UK’s entire mobile web traffic” (Source). There is no indication that this is presently being associated with customers’ geolocation, but this does suggest that DPI is gaining increasing acceptance in the UK as a means of tracking what people are doing. Apparently the weak regulatory responses in the UK are spurring companies to deploy DPI before they are left behind the rest of the pack.

Continue reading

Update: Network Management, Packet Inspection, and Stimulus Dollars?

/ Christopher Parsons

200902122010.jpgIain Thomson notes that the stimulus bill that recently cleared the American Congress might work to legitimize ISP packet inspection practices under the guise of ‘network management’. Specifically, the amendment in question reads:

In establishing obligations under paragraph (8), the assistant secretary shall allow for reasonable network management practices such as deterring unlawful activity, including child pornography and copyright infringement.

While Thomson takes this to (potentially) mean that ISPs and major content producers/rights holders might use this language to justify the use of packet inspection technologies, it’s possible that alternate management methods could be envisioned. This said, given that copyright infringement is explicitly noted, there is a very real worry that this might legitimize this clause to push for ISP ‘policing’. Any such effect, I suspect, would further escalate the war between P2P and Media; encryption would become more common and effective, and result in a greater sophistication in avoiding inspection devices. This is a real loss for any and all groups who rely on non-encrypted traffic for intelligence purposes; any drive that will get ‘common folk’ thinking about encrypting more and more of their traffic, accompanied with relatively easy ways of doing so, will substantially hinder the capture of actual content. How you read the implications of this depends on your perspective on privacy and surveillance, but it seems to me that it threatens to further escalate a ‘war’ that criminalizes huge swathes of the population for actions that are relatively harmless.

Reflections: Day Zero of ‘Life in a Digital Fishbowl’

/ Christopher Parsons

200902022154.jpgI’m fortunate enough to be attending the 10th Annual Privacy and Security Conference, Life in a Digital Fishbowl, this year. Monday held ‘preconferences’, and I want to quickly summarize and reflect on the one that dealt with the 2010 Olympic games.

Two sessions were organized, with the first broadly focusing on infrastructure and privacy issues, and the second addressing the need to protect critical infrastructure and consider the ‘legacies’ of mega-events. In the first session, really began with a clear statement that terror threats have reoriented ‘domestic’ threats into the domain of national security and, as a result, a new mode of considering and engaging with security has emerged. As part of this new orientation, the Integrated Security Unit (ISU) has been created to coordinate security agencies across jurisdictional boundaries, but this creates jurisdictional problems. Who can compel what organization to turn over documents, data, and recorded discourse? What should be done when different agencies have very different conceptions of what must remain confidential? Effectively, how do you navigate the varying loyalties and lines of responsibility that members of the ISU hold?

Continue reading

Questions of Digitizing Identity

/ Christopher Parsons

A common element of the (various) streams of thought that I’m usually engaged in surrounds the question of identity. What constitutes identity? How is this constitution being modulated (or is it?) in digital spaces? What can past and contemporary theorists offer us, in response to these questions? What are the strengths of these responses, and what are their weaknesses?

Over the next six months or so, I want to begin taking up these questions more seriously. I plan to begin constructing an account in order to gain a better appreciation for both how granularly we often attempt to separate identities, and how at the same time those are often shared, surveyed, or otherwise modified without our ever being aware. My thoughts are that a core difference between ‘analogue’ and ‘digital’ identities follows from the (relative) ease of surveying and modifying digital identities without the source of that identity ever being made aware. While unobtrusive surveillance is possible in an analogue space, there is an emphasis in the West on the development of homogeneous protocols that are intended to facilitate the diffusion of data across digital pathways, and this carries with it new ways of collating and modulating available dataflows. Continue reading

Update: Mobiles and Your Identity

/ Christopher Parsons

Last year I authored a post entitled “Mobiles and Your Identity“, where I attempted to unpack some of the privacy and surveillance concerns that are associated with smart phones, such as RIM’s Blackberry and Apple’s iPhone. In particular, I focused on the dangers that were associated with the theft of a mobile device – vast swathes of both your own personal data, as well as the personal information of your colleagues and friends, can be put at risk by failing to protect your device with passwords, kill switches, and so forth.

Mark Nestmann, over at “Preserving Your Privacy and More” has a couple posts discussing the risks that smart phones pose if a government authority arrests you (in the US). He notes that, in a recent case in Kansas, police examined a suspect’s mobile phone data to collect call records. When the case was brought to the Supreme Court, the Court found that since the smart phone’s records were held in a ‘container’ (i.e. the phone itself) that the police were within their rights to search the phone records. Mark notes that this ruling does not apply to all US states – several have more sensitive privacy laws – but leaves us with the warning that because laws of analogue search are being applied to digital devices that it is best to limit the data stored on smart phones (and mobile digital devices in general).

Continue reading

P2P and Complicity in Filesharing

/ Christopher Parsons

I think about peer to peer (P2P) filesharing on a reasonably regular basis, for a variety of reasons (digital surveillance, copyright analysis and infringement, legal cases, value in efficiently mobilizing data, etc.). Something that always nags at me is the defense that P2P websites offer when they are sued by groups like the Recording Industry Association of America (RIAA). The defense goes something like this:

“We, the torrent website, are just an search engine. We don’t actually host the infringing files, we are just responsible for directing people to them. We’re no more guilty of copyright infringement than Google, Yahoo!, or Microsoft are.”

Let’s set aside the fact that Google has been sued for infringing on copyright on the basis that it scrapes information from other websites, and instead turn our attention to the difference between what are termed ‘public’ and ‘private’ trackers. ‘Public’ trackers are available to anyone with a web connection and a torrent program. These sites do not require users to upload a certain amount of data to access the website – they are public, insofar as there are few/no requirements placed on users to access the torrent search engine and associated index. Registration is rarely required. Good examples at thepiratebay.org, and mininova.org. ‘Private’ trackers require users to sign up and log into the website before they can access the search engine and associated index of .torrent files. Moreover, private trackers usually require users to maintain a particular sharing ration – they must upload a certain amount of data that equals or exceeds the amount of data that they download. Failure to maintain the correct share ratio results in users being kicked off the site – they can no longer log into it and access the engine and index.

Continue reading