Surveillance

A National ID Card By Stealth? The BC Services Card – Privacy Risks, Opportunities & Alternatives

/ Christopher Parsons

2013-National-ID-Card-by-Stealth-coverThe policies, politics, and technologies associated with Canadian identity documents and their surrounding data architectures are incredibly important issues because of their capacities to reconfigure the state’s relationship with its residents. The most recent such system, the BC Services Card, is designed to expand digital service delivery options that are provided to residents of British Columbia by the provincial government and by corporations. The government, to date, remains uncertain about what services will be associated with the Card. It also remains uncertain about how data linked to the Card’s usage will be subsequently be data mined, though promises that such mining efforts will be exciting and respective of people’s privacy.

Vague statements and broad policy potentials are the very things that make people concerned about identity systems, especially systems that are untested, expensive, and designed with unclear intentions, objectives, or benchmarks.

To try and unpack the policy issues associated with the Services Card, Dr. Kate Milberry and I have written a report wherein we suggest that the Services Card may operate as a kind of ‘proto Pan-Canadian’ identity card. Specifically, the Card is designed to be massively interoperable with other province’s (similar) identity document systems as well as with the federal government’s digital delivery service. Similarly, the Card is meant to interoperate with private businesses’ services. To this end, the lead vendor for the project, SecureKey, has already secured telecommunications and financial organizations as key service delivery partners.

The Services Card isn’t necessary good nor evil. But it is a system that has received little public attention, little external technical scrutiny, and even less external policy critique. The province of British Columbia, and indeed residents of other provinces that are taking up the SecureKey offering, need to be properly consulted on the appropriateness, desirability, and feasibility of the Services Card architecture. To date, this has not been performed in British Columbia nor by the Government of Canada. The document that Dr. Milberry and I have written is meant to contribute to the (limited) public discussion. Hopefully the provincial and federal governments pay attention.

Funding for this report was secured by the British Columbia Civil Liberties Association (BCCLA), and provided for through the Office of the Privacy Commissioner of Canada’s Contributions Program. The text in the report is reflective of the BCCLA’s position towards the Services Card; the report does not, however, necessarily reflect the position of the Privacy Commissioner of Canada. The executive summary, and download link, of  the report follows.

Executive Summary

For the last several years, British Columbia has been developing the technical infrastructure and legal framework for a comprehensive integrated identity system as part of its “technology and transformation” approach to governance. Otherwise known as “Government 2.0” or e-government, this approach will aggregate the personal information of citizens in order to link and share this data across government bodies. The BC Services Card is the latest in a series of major information technology projects that is part of the Government 2.0 mandate. It is a mandatory provincial ID card that enables access to a range of government services, beginning with health care and driver licencing. The BC Services Card is a key element of unprecedented changes in the way the province collects, accesses and shares personal information, including highly sensitive health information, amongst departments, agencies and even private contractors.

The card is just part of BC’s wide-ranging vision for integrated identity and information management—a vision that scales and interoperates on a federal level. Indeed, the system is not only envisioned to extend to other provinces, in essence forming a pan-Canadian identity architecture, but the ID card is expressly intended to provide authentication conducted by the private sector and facilitation of commercial transactions governed by PIPEDA and applicable provincial private sector privacy legislation. The importance of developments with the BC card for national identity management cannot be overstated: the BC Services Card model is interoperable with the federal system, and thus a (proto) Canadian ID card, and is also meant to be used for commercial and e-commerce transactions. Thus, developments in BC have critically important implications for ID systems provincially and federally, and involve both the public and private sector.

This report examines the normative, technical and policy implications of the BC Services Card and the federal and commercial implications of the technical systems underlying the Services Card. Throughout the report, the ID system is examined from the perspectives of security, privacy and civil liberties, and generally echoes the Information and Privacy Commissioner for BC’s call for broad and meaningful public consultation before Phase II of the card program is implemented. Emergent from the analysis of the Services Card is a call for the Office of the Privacy Commissioner of Canada to work with provincial privacy commissioners to issue a joint resolution on the applicable privacy and security standards for the provincial systems on the basis that they will ultimately compose the national federated system. The report concludes with provincial and federal recommendations for designing an identity system that is secure, privacy-protective, trusted and fit for purpose.

Download: A National ID Card By Stealth? The BC Services Card – Privacy Risks, Opportunities & Alternatives

The Politics of Deep Packet Inspection: What Drives Surveillance by Internet Service Providers?

/ Christopher Parsons / 1 Comment

UVic CrestToday, I am happy to make my completed doctoral dissertation available to the public. The dissertation examines what drives, and hinders, wireline network practices that are enabled by Deep Packet Inspection (DPI) routers. Such routers are in wide use by Internet service providers (ISPs) in Canada, the United States, and United Kingdom, and offer the theoretical capacity for service providers to intrusively monitor, mediate, and modify their subscribers’ data packets in real or near-real time. Given the potential uses of the routers, I was specifically interested in how the politics of deep packet inspection intersected with the following issues: network management practices, content control and copyright, advertising, and national security/policing.

Based on the potential capabilities of deep packet inspection technologies – and the warnings that such technologies could herald the ‘end of the Internet’ as it is know by citizens of the West – I explored what has actually driven the uptake of the technology in Canada, the US, and the UK. I ultimately found that though there were variations in different states’ regulatory processes, regulators tended to arrive at common conclusions. Regulatory convergence stands in opposition to the divergence that arose as elected officials entered into the DPI debates: such officials have been guided by domestic politics, and tended to reach significantly different conclusions. In effect, while high-expertise regulatory networks reached common conclusions, elected political officials have demonstrated varying degrees of technical expertise and instead have focused on the politics of communications surveillance. In addition to regulators and elected officials, court systems have also been involved in adjudicating how, when, and under what conditions DPI can be used to mediate data traffic. Effectively, government institutions have served as the primary arenas in which DPI issues are taken up, though the involved government actors often exhibited their own interests in how issues were to be taken up or resolved. The relative role of these different state bodies in the case studies arguably reflects underlying political cultures: whereas regulators are principally involved in the Canadian situation, elected officials and courts play a significant role in the US, whereas the UK has principally seen DPI debates settled by regulators and elected officials.

Ultimately, while there are important comparative public policy conclusions to the dissertation, such conclusions only paint part of the picture about the politics of deep packet inspection. The final chapter of the dissertation discusses why the concepts of surveillance and privacy are helpful, but ultimately insufficient, to appreciate the democratic significance of deep packet inspection equipment. In response, I suggest that deliberative democratic theory can provide useful normative critiques of DPI-based packet inspection. Moreover, these critiques can result in practical policy proposals that can defray DPI-based practices capable of detrimentally stunting discourse between citizens using the Internet for communications. The chapter concludes with a discussion of how this research can be advanced in the future; while I have sought to clear away some of the murk concerning the technology, my research represents only the first of many steps to reorient Internet policies such that they support, as opposed to threaten, democratic values.

Formal Abstract:

Surveillance on the Internet today extends beyond collecting intelligence at the layer of the Web: major telecommunications companies use technologies to monitor, mediate, and modify data traffic in real time. Such companies functionally represent communicative bottlenecks through which online actions must pass before reaching the global Internet and are thus perfectly positioned to develop rich profiles of their subscribers and modify what they read, do, or say online. And some companies have sought to do just that. A key technology, deep packet inspection (DPI), facilitates such practices.

In the course of evaluating the practices, regulations, and politics that have driven DPI in Canada, the US, and UK it has become evident that the adoption of DPI tends to be dependent on socio-political and economic conditions. Simply put, market or governmental demand is often a prerequisite for the technology’s adoption by ISPs. However, the existence of such demand is no indication of the success of such technologies; regulatory or political advocacy can lead to the restriction or ejection of particular DPI-related practices.

The dissertation proceeds by first outlining how DPI functions and then what has driven its adoption in Canada, the US, and UK. Three conceptual frameworks, path dependency, international governance, and domestic framing, are used to explain whether power structures embedded into technological systems themselves, international standards bodies, or domestic politics are principally responsible for the adoption or resistance to the technology in each nation. After exploring how DPI has arisen as an issue in the respective states I argue that though domestic conditions have principally driven DPI’s adoption, and though the domestic methods of governing DPI and its associated practices have varied across cases, the outcomes of such governance are often quite similar. More broadly, I argue that while the technology and its associated practices constitute surveillance and can infringe upon individuals’ privacy, the debates around DPI must more expansively consider how DPI raises existential risks to deliberative democratic states. I conclude by offering some suggestions on defraying the risks DPI poses to such states.

Download ‘The Politics of Deep Packet Inspection: What Drives Surveillance by Internet Service Providers?’ (.pdf)

AT&T’s Anti-Infringement Patent

/ Christopher Parsons

AT&TNetwork surveillance is a persistent issue that privacy advocates warn about on a regular basis. In the face of Edward Snowden’s disclosures, the public has often been concerned about how, when, and why corporations disclose information to policing, security, and intelligence services. Codenamed projects like PRISM, NUCLEON, and MAINWAY, combined with the shadowy nature of how data is collected and used, makes Snowden’s very serious revelations a hot topic to talk, write, and think about.

However, it’s important to recognize that the corporations that are entrusted with significant amounts of our personal information often independently analyze and process our information in ways that we don’t expect. In this post I discuss a patent that AT&T received a little over a year ago to analyze the personal communications of its subscribers to catch instances of copyright infringement. I begin by outlining providing information concerning AT&T’s patent. From there, I discuss other companies’ efforts to develop and deploy similar systems in Europe to shed more light on how AT&T’s system might work. This post concludes by considering a range of reasons that might have driven AT&T to file for their patent, and notes why it’s important to place patents within the broader policy ecosystem that telecommunications companies operate within instead of analyzing such patents in isolation. Continue reading

(Draft) Deep Packet Inspection and Its Predecessors

/ Christopher Parsons / 2 Comments

Photo by Nenyaki

My formal dissertation research focuses on deep packet inspection technologies, and how they serve as a nexus for competing political interests. Today, I’m making available a draft chapter from my dissertation. In this first chapter I trace the lineage of deep packet inspection (DPI) systems; how do shallow and medium packet inspection systems function, and what were their limitations, and what is novel about DPI itself?

Chapter one serves as an introduction to the theoretical capabilities of the systems; I am not making a claim that all DPI appliances are capable of achieving all, or even half, of the various use cases that I outline. As such, this writing builds on a much earlier working paper that I produced several years ago; core differences between the past work and current chapter surround the detail given to various uses of DPI and a more limited argumentative position. This limit was imposed because this is the first chapter of the dissertation; my analysis and broader theoretical conclusions about the technology and its applications will come in the last two chapters (six and seven).

Comments and feedback are welcomed. Should you choose to cite this draft, please reference it thusly:
Parsons, Christopher. (2013). “(Draft) Chapter One: Deep Packet Inspection and Its Predecessors, v. 3.5,” Technology, Thoughts, and Trinkets (blog). Published February 6, 2013. URL: http://www.christopher-parsons.com/Main/wp-content/uploads/2013/02/DPI-and-Its-Predecessors-3.5.pdf.

Summary/Abstract:

This chapter traces the lineage of contemporary packet inspection systems that monitor data traffic flowing across the Internet in real time. After discussing how shallow, medium, and deep packet inspection systems function, I outline the significance of this technology’s most recent iteration, deep packet inspection, and how it could be used to fulfill technical, economic, and political goals. Achieving these goals, however, requires that deep packet inspection be regarded as a surveillance practice. Indeed, deep packet inspection is, at its core, a surveillance-based technology that is used by private actors, such as Internet service providers, to monitor and mediate citizens’ communications. Given the importance of Internet-based communications to every facet of Western society, from personal communications, to economic, cultural and political exchanges, deep packet inspection must be evaluated not just in the abstract but with attention towards how society shapes its deployment and how it may shape society.

Download .pdf (alternate link)

Smart Chip, Simple Illusions: NFC and the BC Services Card

/ Christopher Parsons / 2 Comments
This is a guest post from my colleague, Adam Molnar, who has been conducting research on the BC Services Card. Adam is a PhD Candidate in the Department of Political Science at the University of Victoria and a member of the New Transparency Project. His dissertation research focuses on security and policing legacies associated with mega-events. You can find him on Twitter at @admmo

Image by Pierre Metivier

In just two weeks, the province of British Columbia will be launching the new BC Services Card. If you haven’t already heard about the new province-wide identity management initiative, it’s not your fault; the government only began its public relations campaign for the Services Card initiative six weeks before the card was set to hit wallets and hospitals across the province. In fact, the government’s been so unforthcoming about the new Cards that, just six weeks before it’s release, the British Columbia Office of the Information and Privacy Commissioner is racing to adequately review the program. To be clear: this isn’t a new initiative, but one going back several years. The unwillingness to disclose the documents necessary for the Commissioner’s review is particularly troubling since the Services Card is just one component in a much larger transformation of the province’s movement to its integrated identity management program. Will similar tardiness to assist the province’s privacy czar pervade this entire transition? Will the public be as excluded from future debates as they have from the Services Card development and deployment regime?

The Services Cards feature a host of security enhancements, including layered polycarbonate plastics, embedded holography, laser etchings for images and text appearing on the card, and the integration of a Near Field Communications (NFC) chip. For this post, I focus exclusively on the NFC chip, that is meant to ‘secure’ your identity when presenting the card to government agencies, either in person or online.

The BC government has been touting NFC as an enhanced security feature in the Services Card initiative. While this technical feature might enhance the perception of privacy (especially when buttressed by official provincial political rhetoric), they actually entail serious flaws. These flaws could leave the personal information of BC residents and government databases vulnerable to attack; the security ‘features’ could be the beachhead that leads to serious privacy breaches.

Continue reading

Biometrics and the BC Services Card

/ Christopher Parsons / 3 Comments

Image by kentkb

Anti-fraud capabilities are touted as a major component of the proposed BC Services Card. While the government is almost certainly overstating the issue of fraud, the political rhetoric around fraud doesn’t inherently mean that proposed anti-fraud mechanisms will be similarly overstated. Indeed, many of the Services Card’s suggested changes could be helpful in limiting the issuance of fraudulent identity documents; adding a card holder’s photo, an expiry date, and anti-counterfeiting technologies to new medical CareCards could be quite helpful in ascertaining, and addressing, fraud levels. Unfortunately, the biometric systems that will also be linked to the Services Cards are unlikely to significantly defray fraud.

In this post I continue my analysis of the BC Services Card, this time with a focus on the cards’ integration with biometric analysis technologies. I begin by giving a primer on the origins of biometric analysis for identity documents in BC, and then move to outline how the government asserts that the biometric analyses should work. I then explain why adopting biometric identifiers matters: why don’t they tend to work? what is at stake in their inclusion? I conclude by (re)suggesting some entirely reasonable security processes that might defray fraud without needing the cards’ proposed biometric properties.

Continue reading