Network surveillance is a persistent issue that privacy advocates warn about on a regular basis. In the face of Edward Snowden’s disclosures, the public has often been concerned about how, when, and why corporations disclose information to policing, security, and intelligence services. Codenamed projects like PRISM, NUCLEON, and MAINWAY, combined with the shadowy nature of how data is collected and used, makes Snowden’s very serious revelations a hot topic to talk, write, and think about.
However, it’s important to recognize that the corporations that are entrusted with significant amounts of our personal information often independently analyze and process our information in ways that we don’t expect. In this post I discuss a patent that AT&T received a little over a year ago to analyze the personal communications of its subscribers to catch instances of copyright infringement. I begin by outlining providing information concerning AT&T’s patent. From there, I discuss other companies’ efforts to develop and deploy similar systems in Europe to shed more light on how AT&T’s system might work. This post concludes by considering a range of reasons that might have driven AT&T to file for their patent, and notes why it’s important to place patents within the broader policy ecosystem that telecommunications companies operate within instead of analyzing such patents in isolation. Continue reading →
Last year the British Columbia Civil Liberties Association (BCCLA) approached me to prepare a report around forthcoming lawful access legislation. Specifically, I was to look outside of Canada to understand how lawful access powers had been developed and used in foreign jurisdictions. An early version of that research report was provided to the BCCLA mid-last year and was used to support their recent, formal, report on lawful access legislation. The BCCLA’s formal report, “Moving Towards a Surveillance Society: Proposals to Expand “Lawful Access” in Canada” (.pdf) provides an excellent, in-depth, analysis of lawful access that accounts for some of the technical, social, and legal problems associated with the legislation.
Today I am releasing my report for the BCCLA, titled “Lawful Access and Data Preservation/Retention: Present Practices, Ongoing Harm, and Future Canadian Policies” (.pdf link). I would hasten to note that all research and proposals in my report should be attributed to me, and do not necessarily reflect the BCCLA’s own positions. Nothing in my report has been changed at the suggestion or insistence of the BCCLA; it is presented to you as it was to the BCCLA, though with slight updates to reflect the status of the current majority government.
In the report, I look to the United Kingdom and United States to understand how they have instantiated lawful access-style powers, the regularity of the powers’ usage, and how the powers have been abused. I ultimately conclude by providing a series of proposals to rein in the worst of lawful access legislation, which includes process-based suggestions (e.g. Parliamentary hearings on the legislation) and more gritty auditing requirements (e.g. a specific series of data points that should be collected and made public on a yearly basis). It’s my hope that this document will elucidate some of the harms that are often bandied about when speaking of lawful access-powers. To this end, there are specific examples of harms throughout the document, all of which are referenced, with the conclusion being that citizens are not necessarily safer as a result of expanded security and intelligence powers that come at the cost of basic charter, constitutional, and human rights.
Download .pdf version of “Lawful Access and Data Preservation/Retention: Present Practices, Ongoing Harm, and Future Canadian Policies“
Security, surveillance, and privacy researchers alike have been watching how authorities exploit cellular communications devices – often in secret, or absent sufficient oversight – for years. Research to-date has been performed by security researchers and hackers, social scientists, advocates, activists, and the curious, with contributions spanning hundreds of discreet investigations into technical capabilities and their social implications. Of late, a considerable amount of attention has been devoted to IMSI Catchers, which are devices that establish false mobile phone towers for the purpose of monitoring and tracking mobile phones without their users’ awareness.
Given the use of IMSI catchers by American authorities, a group of researchers and academics submitted an Amici Curiae (in their individual capacities) January 17, 2012 concerning the catchers. Specifically, the brief is in support of a defendant’s motion for disclosure of all relevant and helpful evidence withheld by the government based on a claim of privilege. The government, in this particular case, has admitted that the surveillance technologies used simulated a cell site but have refused to provide specific details of how this surveillance was conducted. We argue that a substantial amount of information surrounding IMSI catchers is already public and that, as a result, the secrets that the government is attempting to protect are already in the public domain. Moreover, the public interest is best served by “greater public discussion regarding these tracking technologies and the security flaws in the mobile phone networks that they exploit, not less.”
Continue reading →
Christena Nippert-Eng’s Islands of Privacy is an interview-intensive book that grapples with how her sample group of Chicago residents attempt to achieve privacy, and the regular issues they face in maintaining privacy on a day-to-day basis. She finds a strong correlation between those who have had their privacy violated and those who want to secure and defend privacy as a concept and important element of their lived experience. 74 interviews were conducted with residents of Chicago and she makes very clear that her findings and conclusions are consequently highly contingent: other populations across America and the world would likely result in very different understandings of what constitutes privacy and a violation.
Privacy is defined quite early as “about nothing less than trying to live both as a member of social units – as part of a number of larger wholes – and as an individual – a unique, individuated self” (6). Further, privacy is identified as something to be managed: it exists by managing public information. Information is seen by participants as inherently public, with effort required to make it private, though interviewed subjects do not necessarily stick to this understanding of privacy throughout their interviews. On the whole, the approach to privacy remains wrapped up in the language on control, seclusion, and selective sharing of information; in this sense, Nippert-Eng’s work can be seen as a fusion of Westin’s Privacy and Freedom and key tenets of Nissembaum’s work in Privacy in Context: Technology, Policy, and the Integrity of Social Life.
Continue reading →
There are ongoing concerns in Canada about the CRTC’s capacity to gauge and evaluate the quality of Internet service that Canadians receive. This was most recently brought to the fore when the CRTC announced that Canada ranked second to Japan in broadband access speeds. Such a stance is PR spin and, as noted by Peter Nowak, “[o]nly in the halcyon world of the CRTC, where the sky is purple and pigs can fly, could that claim possibly be true.” This head-in-the-sands approach to understanding the Canadian broadband environment, unfortunately, is similarly reflective in the lack of a federal digital strategy and absolutely inadequate funding for even the most basic governmental cyber-security.
To return the CRTC from the halcyon world it is presently stuck within, and establish firm empirical data to guide a digital economic strategy, the Government of Canada should establish a framework to audit ISPs’ infrastructure and network practices. Ideally this would result in an independent body that could examine the quality and speed of broadband throughout Canada. Their methodology and results would be publicly published and could assure all parties – businesses, citizens, and consumers – that they could trust or rely upon ISPs’ infrastructure. Importantly, having an independent body research and publish data concerning Canadian broadband would relieve companies and consumers from having to assume this role, freeing them to use the Internet for productive (rather than watchdog-related) purposes.
Continue reading →
The Offensive Internet: Speech, Privacy, and Reputation is an essential addition to academic, legal, and professional literatures on the prospective harms raised by Web 2.0 and social networking sites more specifically. Levmore and Nussbaum (eds.) have drawn together high profile legal scholars, philosophers, and lawyers to trace the dimensions of how the Internet can cause harm, with a focus on the United States’ legal code to understand what enables harm and how to mitigate harm in the future. The editors have divided the book into four sections – ‘The Internet and Its Problems’, ‘Reputation’, ‘Speech’, and ‘Privacy’ – and included a total of thirteen contributions. On the whole, the collection is strong (even if I happen to disagree with many of the policy and legal changes that many authors call for).
In this review I want to cover the particularly notable elements of the book and then move to a meta-critique of the book. Specifically, I critique how some authors perceive the Internet as an ‘extra’ that lacks significant difference from earlier modes of disseminating information, as well as the position that the Internet is a somehow a less real/authentic environment for people to work, play, and communicate within. If you read no further, leave with this: this is an excellent, well crafted, edited volume and I highly recommend it.
Continue reading →