Bell accused of privacy invasion
University of Ottawa legal clinic urges investigation of internet traffic shaping
The Canadian Internet Policy and Public Interest Clinic, a University of Ottawa legal clinic specializing in internet- and other technology-related law, has joined the assault on Bell Canada Inc. and its traffic-shaping practices, urging an investigation by the country's privacy commissioner.
The group says Bell has failed to obtain the consent of its retail and wholesale internet customers in applying its deep-packet inspection technology, which tells the company what subscribers are using their connections for. Bell is using DPI to find and limit the use of peer-to-peer applications such as BitTorrent, which it says are congesting its network.
The CIPPIC, which is made up mainly of lawyers and law students from the University of Ottawa, says Bell has not only failed to show that its network is congested and that its actions are necessary, but it has also run afoul of the Personal Information Protection and Electronic Documents Act (PIPEDA) in doing so.
"Practices [such as] those involving the collection and use of personal information are not necessary to ensure network integrity and quality of service," wrote CIPPIC director Philippa Lawson in a letter to the commissioner dated May 9.
"Moreover, subscribers whose traffic is being inspected have not consented to the inspection and use of their data for this purpose."
Bell says it is using DPI only to read the "header" on the type of traffic, which determines what kind of usage it is. But CIPPIC contends that DPI must be used to "open the envelope" on the traffic for it to be of any use to an internet service provider, thus violating the user's privacy.
"The evidence is clear that DPI technologies permit the collection and use of personal data about internet subscribers. The extent to which Bell is actually taking advantage of this capability is less clear," wrote Lawson, who was previously a counsel with the consumer group Public Interest Advocacy Centre.
"However, the literature on DPI suggests that DPI necessarily involves some collection and/or use of personal data in order for it to be a useful tool for ISPs."
Pierre Leclerc, a spokesman for Bell, said the company does not look at the content its customers access.
"Bell respects the privacy of our customers," he said. "We are in compliance with our privacy obligations."
CIPPIC said Bell has not disclosed its packet-inspection methods in its terms of service, privacy statement, code of fair information practices or frequently asked questions.
"Consent is only meaningful when affected individuals understand what they are consenting to," Lawson wrote. "If Bell is relying on its published policies as set out above to inform its customers and obtain their implied consent to its use of DPI for traffic management purposes, we submit that it has not met the standard of informed consent required by [PIPEDA]."
Investigation of other ISPs urged
The group has called on Privacy Commissioner Jennifer Stoddart to investigate Bell as well as other ISPs that have either admitted to or are reportedly engaging in traffic shaping — notably Rogers Communications Inc., Shaw Communications Inc., Cogeco Inc. and Eastlink — and ensure compliance with PIPEDA.
CIPPIC is the second group to accuse Bell of privacy invasion in the past month. In April, the Canadian Association of Internet Providers, which represents 55 smaller ISPs that rent portions of Bell's network, also said the company was invading users' privacy in a complaint to the Canadian Radio-television and Telecommunications Commission.
Additionally, the association said Bell's traffic shaping was causing its members to lose customers and incur unneeded costs. It requested an urgent interim cease-and-desist order until the practice could be fully investigated. Its complaint was supported by Primus Telecommunications Canada Inc. and Wireless Nomad, a co-operative ISP in Toronto.
The CRTC said it would issue its decision on the interim request some time in May. Tom Copeland, chairman of the internet providers' association, says he expects an answer this week.
Internet experts have said the traffic-shaping showdown is the tip of the iceberg in the battle over net neutrality. A growing list of organizations — including the NDP, the National Union of Public and General Employees and the government's Standing Committee on Canadian Heritage — are calling on the CRTC and the government to institute legislation that will prevent ISPs from controlling what goes over the internet.