Privacy commissioner puts spotlight on internet monitoring technology
Excerpts from some of the essays:
"Imagine the postal service steaming open your letters so that they could scan the content, work out your interests, and then deliver a better class of junk mail. Most people would be horrified, yet some of the U.K.'s largest ISPs are planning to do something even more intrusive." -Richard Clayton, Foundation for Information Policy Research
"It is essential for technologists to have the flexibility to develop, test, and deploy new ways to protect the internet. These mechanisms will, by and large, be based upon deep packet inspection, simply because that’s where the necessary information is — block DPI and we won't be able to keep the internet running." -Anil Somayaji, Carleton University
"Nothing in society poses as grave a threat to privacy as the internet service provider." -Paul Ohm, University of Colorado
"The providers of internet access should be treated like the basic, general purpose actors they are. In particular, they should not be permitted to use subscriber data for their own business purposes." -Susan Crawford
"My hope is that once privacy invasion becomes the norm, consumers will start to demand encryption.... If it first requires the widespread use of deep packet inspection technology in order to get us there, so be it." - Christopher Soghoian, student fellow at Harvard University's Berkman Center for Internet and Society
"DPI could be accepted as a new tool for law enforcement, if it turns out a necessary addition to the current investigation toolkit. But... society needs substantial new checks and balances to counter-balance the increase in government power over its citizens." -Bert-Jaap Koops, Tilburg University, the Netherlands
Is it a violation of privacy that should be banned or a tool necessary to keep the internet running?
Canada's privacy commissioner has opened an online discussion on deep packet inspection, a technology that allows internet service providers and other organizations to intercept and examine packets of information as they are being sent over the internet.
"We realized about a year ago that technologies involving network management were increasingly affecting how personal information of Canadians was being handled," said Colin McKay, director of research, education and outreach for the commissioner's office.
The office decided to research those technologies, especially after receiving several complaints, and realized it was an opportunity to inform Canadians about the privacy implications.
Over the weekend, the privacy commissioner launched a website where the public can discuss a series of essays on the technology written by 14 experts. The experts range from the privacy officer of a deep-packet inspection service vendor to technology law and internet security researchers.
The website also offers an overview of the technology, which it describes as having the potential to provide "widespread access to vast amounts of personal information sent over the internet" for uses such as:
- Targeted advertising based on users' behaviour.
- Scanning for unlawful content such as copyright or obscene materials.
- Intercepting data as part of surveillance for national security and crime investigations.
- Monitoring traffic to measure network performance.
The latter can be used by ISPs to give priority to some applications over others — a practice that has upset those who strongly believe in "net neutrality," in which all internet uses and applications are treated equally. Internet traffic management is the subject of ongoing consultations by the Canadian Radio-television and Telecommunications Commission.
Broad range of views
McKay said some of the privacy commissioner's research on deep packet inspection was incorporated into its submission to the CRTC, but a far broader range of views and opinions is provided on the site by those who submitted essays.
The authors include:
- Brooks Dobbs, the privacy officer for Phorm, a British firm that uses the technology to offer more tailored advertising.
- Richard Clayton, treasurer of the Foundation for Information Policy research, who alleges that internet service providers will commit criminal offences by using Phorm.
- Stéphane Leman-Langlois, a criminology professor at the University of Montreal who believes that all the potential uses of deep packet inspection will be put to use sooner or later and net neutrality is "almost certainly a thing of the past."
- Harry Abelson, a professor of computer science and engineering at the Massachusetts Institute of Technology, who believes deep packet inspection should be banned, as it violates privacy and affects the reliability of information delivery.
- Anil Somayaji, a Carleton University computer science professor who believes deep packet inspection is an essential tool needed to protect the internet and keep it running.
- Danielle Citron, a law professor at the University of Maryland, who cites a number of ways to boost the transparency and oversight of deep packet inspection practices, such as instituting a "do not track" list.
McKay said he would have liked to have had more experts with a network technology perspective, but some potential contributors were too busy to submit an essay. However, since the site went live, McKay was contacted by a supplier of deep packet inspection technology that asked if it could add a piece, he said.
The discussion on the website isn't a public consultation. Nor is it expected to result in policy, as the privacy commissioner's office doesn't have jurisdiction over internet management, McKay said.
"It's really an attempt to take some of our research and make it more public and see whether that research can develop any more insights into the issue," he said.
He added that Canadians should be examining how technology affects their daily decisions and the choices made available to them.
"Technology can often be beneficial, but sometimes you do have to be, if not critical, at least questioning to make sure… the technology really is positively affecting your life."