Canadian Telecom Summit and DPI

telecomtowerFor the past little while I’ve been (back) in Ontario trying to soak up as much information as I could about telecommunications and deep packet inspection. I was generously given the opportunity to attend the Canadian Telecommunications Summit by Mark Goldberg a while ago, and it was an amazing experience. I found that the new media panel, where broadcasters and carriers came together to discuss their (often contrasting) modes of disseminating content offered some real insights into the approaches to media on the ‘net. It demonstrated very clear contrasts in how new media might operate, and be seen by the Dominant Carriers, into focus for me and really began to provide a broader image of the actual strategies of various parties.

A huge element of the conference surrounded the development of wireless as the new space for innovation. Often unspoken, save for in informal discussions, was that wireline was seen as increasingly outmoded. Most statistics that were formally presented saw wireless overtaking wireline broadband by 2014 or so. This has me wondering about how important it is to examine capital expenses by major broadband providers – while we read that there is massive investment (totaling in the hundreds of millions/billions per year across all carriers), how much is in wireless and how much is in wireline infrastructure?

Continue reading

Holistic and Pragmatic Approaches to Privacy Theorization

theoryandpracticeImmanuel Kant’s essay “On the Common Saying: ‘This May be True in Theory, but it does not Apply in Practice'” argues that theory is central to understanding the world around us and that, moreover, attempts to say that ‘theory doesn’t apply to the world as such’ are generally misguided. Part of the reason that Kant can so firmly advocate that theory and reality are co-original emerge from his monological rationalism, but at the same time time we see him argue that the clearest way to bring theory and practice into alignment is with more theory – rather than adopting ‘parsimonious’ explanations of the world we would be better off to develop rigorous and detailed accounts of the world.

Parsimony seems to be a popular term in the social sciences; it lets researchers develop concise theories that can be applied to particular situations, lets them isolate and speak about particular variables, and lends itself to broad(er) public accessibility of the theory in question. At the same time, theorists critique many such parsimonious accounts because they commonly fail to offer full explanations of social phenomena!

The complexity of privacy issues in combination with a desire for parsimony has been a confounding issue for privacy theorists. Nailing down what ‘privacy’ actually refers to has been, and continues to be, a nightmarish task insofar as almost every definition has some limiting factor. This problem is (to my mind) compounded when you enter online, or digital, environments where developing a complete understanding of how data flows across systems, what technical languages’ demands underlie data processing systems, and developing a comprehensive account of confidentiality and trust, are all incredibly challenging and yet essential for theorization. This is especially true when we think of a packet as being like post card (potentially one with its content encrypted) – in theory anyone could be capturing and analyzing packet streams and data that is held on foreign servers.

Continue reading

Deep Packet Inspection and the Confluence of Privacy Regimes

insiderouterI learned today that I was successful in winning a Social Sciences and Human Research Council (SSHRC) award. (Edit September 2009: I’ve been upgraded to a Joseph Armand Bombardier Canada Graduate Scholarship). Given how difficult I found it to find successful research statements (save for through personal contacts) I wanted to post my own statement for others to look at (as well as download if they so choose). Since writing the below statement, some of my thoughts on DPI have become more nuanced, and I’ll be interested in reflecting on how ethics might relate to surveillance/privacy practices. Comments and ideas are, of course, welcomed.

Interrogating Internet Service Provider Surveillance:
Deep Packet Inspection and the Confluence of International Privacy Regimes

Context and Research Question

Internet Service Providers (ISPs) are ideally situated to survey data traffic because all traffic to and from the Internet must pass through their networks. Using sophisticated data traffic monitoring technologies, these companies investigate and capture the content of unencrypted digital communications (e.g. MSN messages and e-mail). Despite their role as the digital era’s gatekeepers, very little work has been done in the social sciences to examine the relationship between the surveillance technologies that ISPs use to survey data flows and the regional privacy regulations that adjudicate permissible degrees of ISP surveillance. With my seven years of employment in the field of Information Technology (the last several in network operations), and my strong background in conceptions of privacy and their empirical realization from my master’s degree in philosophy and current doctoral work in political science, I am unusually well-suited suited to investigate this relationship. I will bring this background to bear when answering the following interlinked questions in my dissertation: What are the modes and conditions of ISP surveillance in the privacy regimes of Canada, the US, and European Union (EU)? Do common policy structures across these privacy regimes engender common realizations of ISP surveillance techniques and practices, or do regional privacy regulations pertaining to DPI technologies preclude any such harmonization?

Continue reading

Twitter and Statutory Notions of Privacy

protectionpersonaldataright[Note: this is an early draft of the second section of a paper I’m working on titled ‘Who Gives a Tweet about Privacy’ and builds from an earlier posted section titled ‘Privacy, Dignity, Copyright and Twitter‘ Other sections will follow as I draft them.]

Towards a Statutory Notion of Privacy

Whereas Warren and Brandeis explicitly built a tort claim to privacy (and can be read as implicitly laying the groundwork for a right to privacy), theorists such as Alan Westin attempt to justify a claim to privacy that would operate as the bedrock for a right to privacy. Spiros Simitis recognizes this claim, but argues that privacy should be read as both an individual and a social issue. The question that arises is whether or not these writers’ respective understandings of privacy capture the normative expectations of speaking in a public space, such as Twitter; do their understandings of intrusion/data capture recognize the complexities of speaking in public spaces and provide a reasonable expectation of privacy that reflects people’s interests to keep private some, but not all, of the discussions they have in public?

Continue reading

Privacy Advocates and Deep Packet Inspection: Vendors, ISPs, and Third-Parties

sandvinetestnetwork[I recently posted a version of this on another website, and thought that it might be useful to re-post here for readers. For a background on Deep Packet Inspection technologies, I’d refer you to this.]

There is a very real need for various parties who advocate against Deep Packet Inspection (DPI) to really work through what Packet Inspection appliances have done, historically, so that their arguments against DPI are as precise as possible. Packet Inspection isn’t new, and it’s not likely to be going away any time soon – perimeter defences for networks are essential for mitigating spam and viruses (and rely on Medium Packet Inspection).

I’m in no way an expert in the various discussions surrounding DPI (though I try to follow the network neutrality, privacy, and communications infrastructure debates), but I have put together a paper that attempts to clarify the lineage of DPI devices and (briefly) suggest that DPI can be understood as a surveillance tool that is different from prior packet inspection technologies. From a privacy perspective (which is where I sit in relation to the deployment of DPI), it’s important for privacy advocates to understand that approaching the issue from a principle-based approach is fraught with problems at legal, theoretical, and practical levels. The complexities of developing a principle-based approach is one of the reasons why many contemporary privacy scholars (myself included) have opted for a ‘problem-based’ approach to identifying privacy infringements. What, exactly, do most advocates mean when they say that their privacy is ‘violated’? I don’t think that a clear position comes out in the advocate position (maybe it does, and I’m just not aware of it) – they appear to allude to a fundamental right to privacy, while pointing to specific instances as ‘violations’ of that right. The worry with principled approaches is that they are challenged to fully capture what we mean when we say something is private, and equally challenged to capture contextualized social norms of privacy (e.g. streetview in the US versus Japan, bodily privacy in differing cultures, etc etc).

Continue reading