Technology, Thoughts, and Trinkets

(Source)

Candace Mooers asked me a good question today about deep packet inspection (DPI) in Canada. I’m paraphrasing, but it was along the lines of “how might DPI integrate into the discussion of lawful access and catching child pornographers?” I honestly hadn’t thought about this, but I’ll recount here what my response was (that was put together on the fly) in the interests of (hopefully) generating some discussion on the matter.

I’ll preface this by noting what I’ve found exceptional in the new legislation that was recently presented by the Canadian conservative government (full details on bill C-47 available here, and C-46 here) is that police can require ISPs to hold onto particular information, whereas they now typically required a judicial warrant to compel ISPs to hold onto particular data. Further, some information such as subscriber details can immediately be turned over to police, though there is a process of notification that must immediately followed by the officers making the request. With this (incredibly brief!) bits of the bills in mind, it’s important for this post to note that some DPI appliances are marketed as being able to detect content that is under copyright as it is transferred. Allot, Narus, ipoque, and more claim that this capacity is built into many of the devices that they manufacture; a hash code, which can be metaphorically thought of like a digital fingerprint, can be generated for known files under copyright and when that fingerprint is detected rules applied to the packet transfer in question. The challenge (as always!) is finding the processor power to actually scan packets as they scream across the ‘net and properly identify their originating application, application-type, or (in the case of files under copyright) the actual file(s) in question.

Let’s assume for the purposes of detecting particular files that inspections of packets is largely done offline (i.e. you can copy packets to a separate processing unit, and not worry about examining the packet in absolute real-time) or the devices are quick enough to massively do these analyses on the fly in the relatively near (24 months) future. (As a note: I see the former, rather than the latter, as a more effective technique as the technology stands today, at least in terms of mass surveillance of data traffic. This is just based on my understanding of the computational power available to DPI appliances, and is subject to change as I learn more about the technology/there are advances in processor technologies.) Shouldn’t it be a relatively easy process then for authorities, working in conjunction with network administrators, to develop a hash-list of illegal files, where any time that these files are suspected of crossing the network authorities are automatically notified (DPI is predictive, and thus cannot be relied on to have 100% accuracy rates)? I’m not talking about stuff like files guarded by copyright – the RCMP has noted that they don’t see file sharing as one of their priorities – but stuff that Canadian society deems particularly nasty, such as illicit images of naked children.

With a detailed hash-list of known illegal images/text/movies, then shouldn’t it be a relatively simple process to both limit much of the sharing of these images (when a match is detected, stop the flow of packets ‘tagged’ with that ‘fingerprint’) and notify authorities? Law enforcement could set up an automated  system that issues demands to the ISP(s) in question, and then establish procedures to gain access to subscriber information in an effort to quickly find and question those suspected of peddling kiddie porn.  This notion of mass surveillance for law enforcement purposes leads us to ask what we, as a society, want these devices used for, or what drivers should motivate the technology; do we want to limit these appliances to balancing network congestion/network load, or go further and try and identify ‘clearly’ criminal actions? I worry about the long-term effects of using DPI for automated surveillance for detecting criminal behaviour, but my willingness to accept a bit more messiness in this world at the expense of increasingly efficient detection of deviance isn’t necessarily a commonly held position…

I ended the interview with Candace (at her request!) by leaving listeners with the questions; “what degree or level of surveillance do we, as a Canadian people, see as ‘good’ on ISP networks – what discrimination (in reference to packet discrimination) is permissible, and what is not ? How do we actually go about developing a consensus on surveillance, and what processes should we engage in to codify said consensus?”

I actually don’t have responses to these queries. There are people who know both surveillance and discrimination literature far better than I likely ever will – my aim (at the moment) is just to puzzle through how this technology might intersect with privacy, surveillance, and discrimination literature, and gradually develop insights from which others can pursue far more nuanced, far more profound ethical thinking about DPI and similar network appliances.

(Source)

Almost all my home computer equipment is composed of Apple products, save for the Windows media center that I’m using to power the TV/display old TV shows/movies/listen to the radio. I’ve been using Windows Vista to power the ‘center until (very!) recently, and for the past two or three weeks have had my Time Capsule and attached AirPort Disk vanish from the network every couple of hours. Given that a lot of my movies and TV shows are on the AirPort Disk, this has been a real problem. Despite the drops, the router-element of the Time Capsule continued to work – I could browse the ‘net, and even run my automated backups using Time Machine, though I couldn’t actually access the data on the Time Capsule!

At first I assumed that the problem was a Windows Vista-related issue. I’d had other issues getting everything set up, and third-parties had mucked around with the media center while I was gallivanting around Ontario a few weeks ago. The only time that the router (and AirPort Disk) become unresponsive was when I used Vista to connect to the AirPort Disk. No issues arose when just browsing the AirPort Disk using a Mac (note: all Macs in the house are running 10.5.7).

I installed Windows 7 (RC), in the hopes that this would get around whatever problems ‘Vista’ was causing. Installing Windows 7 was a breeze, and it was a snap to both find and connect to the Time Capsule and associated Airport Disk. Things were great!

Except that I kept experiencing network drops after rebooting the media center for the first time …

Taking a step back, I decided that it was either Vista/Windows 7 that was at the heart of my issues (and I was still entertaining that possibility), or some other element of my home network was driving me insane. I recalled that I recently updated the firmware on the Time Capsule; I had been using version 7.3.2, but just before I left for Ontario I updated the firmware to version 7.4.1, and then 7.4.2. I hadn’t been experiencing these problems when running 7.3.2.

I returned the Time Capsule to version 7.3.2, and lo and behold, it seems to have resolved the network drops. I mapped the AirPort Disks in Windows 7 by entering the IP of the router, followed by the name of the AirPort disk. The drives are set to automatically reconnect with the supplied credentials whenever the computer is turned on. I’m now able to watch TV shows using my tuner and accessing the AirPort Disk, as well as enjoy my movies, music, and listen to the radio without headaches!

Edit: the other change I did in Windows 7 was much about with the Local Security Policy a bit, following instructions over at DotBlag.com.

(Source)

For the past few weeks I’ve been working away on a paper that tries to bring together some of the CRTC filings that I’ve been reading for the past few months. This is a slightly revised and updated version of a paper that I presented to the Infoscape research lab recently. Many thanks to Fenwick Mckelvey for taking the lead to organize that, and also to Mark Goldberg for inviting me to the Canadian Telecom Summit, where I gained an appreciation for some of the issues and discussions that Canadian ISPs are presently engaged in.

Abstract:

Canadian ISPs are developing contemporary netscapes of power. Such developments are evidenced by ISPs categorizing, and discriminating against, particular uses of the Internet. Simultaneously, ISPs are disempowering citizens by refusing to disclose the technical information needed to meaningfully contribute to network-topology and packet discrimination discussions. Such power relationships become stridently manifest when observing Canadian public and regulatory discourse about a relatively new form of network management technology, deep packet inspection. Given the development of these netscapes, and Canadian ISPs’ general unwillingness to transparently disclose the technologies used to manage their networks, privacy advocates concerned about deep packet networking appliances abilities to discriminate between data traffic should lean towards adopting a ‘fundamentalist’, rather than a ‘pragmatic’, attitude concerning these appliances. Such a position will help privacy advocates resist the temptation of falling prey to case-by-case analyses that threaten to obfuscate these device’s full (and secretive) potentialities.

Full paper available for download here. Comments are welcome; either leave them here on the blog, or fire something to the email address listed on the first page of the paper.

(Source)

Universities in the US have been deeply burdened by the Higher Education Opportunity Act that President Bush signed into law last year. In particular, the Act require that “schools ensure they are doing all they can to combat illegal file sharing among students. The new rules, according to the wording contained in the legislation, requires institutions to develop plans to “effectively combat the unauthorized distribution of copyrighted material, including through the use of a variety of technology-based deterrents.” Schools must also “to the extent practicable, offer alternatives to illegal downloading or peer-to-peer distribution of intellectual property.” Any institute found to be non-compliant could lose federal funding” (Source).

To combat unauthorized distributions, technological solutions such as bandwidth shaping and traffic monitoring need to be implemented. Such solutions need to be integrated with advanced DMCA response practices. Of course, some of the companies that are being courted to meet these demands are those that incorporate DPI into their copyright ’solutions’. I’ve discussed, generally, how these technologies work on campuses from iPoque’s position when writing about one of the company’s whitepapers. In that post, I wrote,

In essence, ipoque argues that educational institutions should consider deploying DPI to limit their students from consuming bandwidth for infringement purposes, where that bandwidth is needed for other university business. This is an effort to normalize DPI by ‘teaching’ the educated elite that filtering is permissible even in educational environments. If such activities are permissible in a space of academic freedom, then surely filtering practices are permissible outside of these special environments!

The attempts to lean on schools to ‘regulate’ their students is a mode of governance meant to instill a particular, very American, conception of intellectual property and copyright into the hearts and minds of university students. Given the broad implications of American attitudes on these subjects, as well as on the topics of cultural growth and free speech, IT departmentsshould not be the business of deciding whether DPI should come to campus; students and faculty members who are indebted to academic freedom and best able to understand the implications of wide-spread filtering of Internet content should have the first, and final, say about whether these network appliances are permitted onto campus grounds.

I stand by my worry that pervasive analysis of students’ data transfers threatens to normalize persistent analyses of all data traffic, though in this case there is a federal directive that universities are (effectively) obliged to ‘teach’ students that copyright infringement is a ’serious’ offense. Long-term normative effects may be felt, though this assumes that students won’t quickly find ways to evade any DPI-based solution. Some methods of evasion might include using P2P systems that have proxy-capabilities baked into the systems to obfuscate destination and origin IPs while simultaneously encrypting traffic. Given that students are often at the forefront of counter-surveillance movements (when they impede activities they want to engage in) and the growing ease of using highly sophisticated P2P programs, I have real doubts that it is even possible for network admins to actually limit P2P should intrusive monitoring systems be adopted.

I really see a few things emerging from this act, widely, across American universities:

1. Money will be spent on anti-infringement technologies. Most technologies will be unsuccessful in stopping infringements, but will let schools continue to receive federal funding.
2. Students will quickly find ways around the technologies that have been deployed, effectively nullifying the effectiveness of these technologies.
3. As a result of how students get around these technologies, these same students might ‘get used’ to the idea that all of their data is analyzed and learn just how easy it can be to encrypt and proxy their traffic.

While some might see #3 as a positive (Christopher Soghoian has written about this some in the context of DPI), I worry that this just extends to ‘encryption wars’ that have been ongoing for the past two decades or so without actually addressing the social issues at hand. Do we really want to live in a world of such persistent surveillance? While some people might claim that they have nothing to hide, this doesn’t mean that you trust everyone or that you are willing to disclose how you operate to devices that are not, and will likely never be, perfectly accurate. 70-90% accuracy is great…until you need to spend thousands or millions of dollars to clear your name from an incorrect copyright infringement charge.

It really seems that America (and Canada too, for that matter) must think about surveillance from an ethical, rather than just a legal, framework. Fair Information Principles (FIPs) will ensure that companies meet certain criteria for engaging in surveillance, but do not necessarily ask whether or not they should be engaging in particular kinds of surveillance in the first place. The legal discussion is helpful, but not sufficient, if we’re to genuinely engage with and challenge some of the uses of data analysis/surveillance systems.

(Source)

Let me start with this: I am woefully ignorant and Iranian politics, and have no expertise to comment on it. I’ll save my personal thoughts on the matter for private conversations rather than embarrass myself by making bold and ignorant statements here. Instead, I want to briefly note and comment on how the Wall Street Journal (WSJ) is talking about Deep Packet Inspection (DPI) and the data traffic that is flowing in and out of Iran.

The WSJ has recently disclosed that Iranian network engineers are using DPI to examine, assess, and regulate content that is entering and exiting Iran. They note that the monitoring capacity was, at least in part, facilitated by infrastructure that was sold by Nokia-Simens. The article proceeds, stating that traffic analysis processes have been experimented with before, though this is the first major deployment of these processes that has captured the attention of the world/Western public. This is where things start getting interesting.

The article notes that;

The Iranian government had experimented with the equipment for brief periods in recent months, but it had not been used extensively, and therefore its capabilities weren’t fully displayed – until during the recent unrest, the Internet experts interviewed said.

“We didn’t know they could do this much,” said a network engineer in Tehran. “Now we know they have powerful things that allow them to do very complex tracking on the network.”

From a statement of ‘complex tracking’, we get to a talk about DPI. It’s at this point that we can say that Iran is either using DPI in incredibly complex and sophisticated ways that push the technology to its limits, or the WSJ is blowing smoke. The authors of the article state that, “[e]very digitized packet of online data is deconstructed, examined for keywords and reconstructed within milliseconds. In Iran’s case, this is done for the entire country at a single choke point, according to networking engineers familiar with the country’s system.” Moreover,  ”Iran is “now drilling into what the population is trying to say,” said Bradley Anstis, director of technical strategy with Marshal8e6 Inc., an Internet security company in Orange, Calif. He and other experts interviewed have examined Internet traffic flows in and out of Iran that show characteristics of content inspection, among other measures.”

I truly wonder just how accurate the story from the WSJ is on the technical capabilities of the DPI devices that are deployed, and am also incredibly interested to know what the tests are to see if DPI is being used. I’m not saying that such tests don’t exist, but I’m not certain what, exactly, you’d be looking for. A network engineer would have a better grasp, but I haven’t found any product that Marshal8e6 offers that would give them particular insight into this. Now, if we were talking about spam or phishing I wouldn’t doubt their competencies. I also have to note that the data Marshal8e6 fed to the WSJ isn’t available on their website anywhere that I could find it.

Further, I don’t know that DPI is necessarily required to perform the level of surveillance discussed in the Iranian network environment. There is a lot of digital networking equipment that can easily be used for interception; you don’t need DPI appliances to intercept and analyze traffic, given that a large amount of network equipment can be configured to ‘dump’ data flows to secondary storage for subsequent analysis (and this is perhaps more sensible – capture tons of data now, and then scan it, and then derive rules from it that can be applied to subscriber connections). Now, to totally pull together packet flows, examine them for content, and then send them on their merry way to the destination in real time seems a bit of a stretch. Sure, it is theoretically possible for this to be done, but it would be a truly massive undertaking in practice – one that might exceed capacities of equipment on the market. Such practical limitations and impossibilities are what we keep hearing from North American ISPs as a way of allaying privacy worries, and such limitations have been reaffirmed by independent network engineers. This leaves me doubting that total content analysis is possible, let alone occurring. It is more likely that something like this is happening:

The DPI device looks at the first 5-100 packets in a packet stream. These packets are then evaluated against a rule list – are the packets going somewhere that is impermissible? is a disallowed application or application-type trying to send packets? – and then allowed to continue to their destination (or not) depending on what the rule set dictates. In the case of images/movies/songs, it is possible for some DPI devices to quickly look at the first packets of a .mov, .jpeg, etc file’s packet flow and correlate that particular file and flow with a particular digital ‘fingerprint’. That fingerprint can then be examined against all disallowed files/flows and, if a match is found, the packet stream terminated. This method of analyzing content is not perfect, though it does have high degrees of accuracy in many cases. This is what copyright-oriented devices presently do, and can be used to prevent the dissemination of ‘fingerprinted’ pictures, movies, sounds, documents, and so forth.

In essence, I worry that the WSJ is claiming that DPI is more effective in screening communications than it is in reality, much like we hear claims that CCTV is more effective than studies show. This isn’t discounting that DPI could, potentially, in an ideal world do what the WSJ is suggesting, but networking environments where admins are trying to regulate gigabytes of traffic each second are hardly these ideal environments for mass surveillance and content regulation using DPI appliances. Hopefully the pressure gets Nokia-Siemens or other network manufacturer to fess up about what they sold, but I’m not holding my breath.

(Source)

For the past little while I’ve been (back) in Ontario trying to soak up as much information as I could about telecommunications and deep packet inspection. I was generously given the opportunity to attend the Canadian Telecommunications Summit by Mark Goldberg a while ago, and it was an amazing experience. I found that the new media panel, where broadcasters and carriers came together to discuss their (often contrasting) modes of disseminating content offered some real insights into the approaches to media on the ‘net. It demonstrated very clear contrasts in how new media might operate, and be seen by the Dominant Carriers, into focus for me and really began to provide a broader image of the actual strategies of various parties.

A huge element of the conference surrounded the development of wireless as the new space for innovation. Often unspoken, save for in informal discussions, was that wireline was seen as increasingly outmoded. Most statistics that were formally presented saw wireless overtaking wireline broadband by 2014 or so. This has me wondering about how important it is to examine capital expenses by major broadband providers – while we read that there is massive investment (totaling in the hundreds of millions/billions per year across all carriers), how much is in wireless and how much is in wireline infrastructure?

A *lot* was talked about – a *lot* – to the point where I’m still digesting everything. On the point of digesting, however, you’re welcome to digest with me. I took copious notes (~100 pages or so) while I was at the summit, which you’re welcome to avail yourself to. They’re formated in .doc, and were typed in Office 2008 (Mac). They can also be provided in .pdf if needed.

My other reason for being in Toronto was to give a presentation on the Deep Packet Inspection Roundtable. Fenwick McKelvey (Communication and Culture, York/Ryerson; scroll down for his bio) organized the event, which saw myself, Fenwick, Andrew Clement (UoT, Faculty of Information), and Robert Hudyma (Ryserson, Information Technology and Management) give various perspectives on DPI. My own presentation focused on the drivers of the technology in Canada (drawing on Ralf Bendrath’s analysis of DPI’s drivers), how these are developing netscapes of power, and what this means for privacy advocates. Fenwick’s presentation beautifully discussed how speed and control are implicated in DPI appliances, Robert spoke on the nuts and bolts of DPI (which was largely sourced from Allot Communications white paper, “Digging Deeper Into Deep Packet Inspection“), and Andrew’s on an upcoming project to map packet flows. Many, many thanks to the Infoscape Research Lab and other affiliates for funding the event, and to all the people who came out.

The roundtable (seemed?) to be a huge success, and was incredibly enjoyable. I was a very different experience than the presentation at the critical digital studies workshop I was at a few weeks ago (which I *also* deeply enjoyed) – this time, I wasn’t terribly nervous that I would get a question from the floor that I lacked answers to! What a difference the target audience and topic chosen make in establishing comfort levels!

There was a lengthy discussion on DPI at the Computer, Freedom, and Privacy conference. If you’re interested in the technology, and how various parties are engaging with technology and surrounding issues, then you should definitely take a look at it.

(Source)

We’re paying for a high-tech Broadway show that’s themed around ’security’, but we’re actually watching the equivalent of a catastrophic performance in a low budget community theatre. The price of admission? Only millions dollars and your privacy.

As of June 1, 2009, Canadians and Americans alike require an Enhanced Drivers License (EDL), a NEXUS card, a FAST card, a passport, or a Secure Certificate of Indian Status to cross a Canadian-American land border. In Canada, only Ontario, Quebec, B.C. and Manitoba have moved ahead to develop provincial EDLs; the Saskatchewan, New Brunswick and Prince Edward Island governments have all decided not to provide these high tech, low privacy, cards to the constitutencies (Source). To apply for an EDL in a participating province, all you need to do is undergo an intensive and extensive 30 minute face-to-face interview at your provincial equivalent of the Department of Motor Vehicles. Your reward for being verbally probed? A license that includes a Radio Frequency Identification (RFID) tag and a biometric photograph. The RFID tag includes a unique number, like your Social Insurance Number (SIN), that is transmitted to anyone with an RFID reader. These readers can be purchased off the shelf by regular consumers, and number your EDL emits is not encrypted and does not require an authentication code to be displayed on a reader. Effectively, RFID tag numbers are easier to capture than your webmail password.

EDLs are an incredibly expensive ’solution’ for individual Canadians to purchase, given that in Ontario alone an EDL will cost almost $30 more than a passport. Further, Manitobans have turned a cold shoulder to these cards; only a few thousand residents have adopted them out of an expected hundred thousand or so. In Ontario, my contacts have told me that the responsible ministry has yet to provide policy documents or manuals to the front line staff who are tasked with issuing these licences. Without their scripts, how will these staff members play their parts in issuing each Canadian a little piece of the great North American security theatre?

EDL programs are big ticket items that Canadian provinces are being pressured to pay for in order to satisfy the Western Hemisphere Travel Initiative (WHTI), a unilateral American policy directive. While fiscal conservatives might argue that in this period of reduced government incomes and ballooning debts, such big ticket items should be carefully evaluated, we might ask them why government should be any more careful of spending money on EDLs than it is in otherwise ’securing’ the border? As recently reported by Dean Beeby, $8.7 million dollars have been spent since 2006 on gates, barriers, fences, sirens and signs to catch people who are trying to illegally cross the border. The catch? Gates have fallen on cars. Cameras can’t actually catch the license plates of illegal night-time border crossers. Automated video analysis systems don’t work. It would seem as though the various props of our Broadway security show should be returned to the manufacturer as defective or even dead on arrival!

If broadcasting an equivalent of a radio-accessible SIN and high financial costs to individual Canadians weren’t enough, there are additional privacy-related issues with EDLs. While the Office of the Information and Privacy Commissioner/Ontario is promising that future generations of EDLs will integrate ‘privacy by design’ principles, insofar as future cards won’t broadcast their unique identification numbers without first being activated, the current licenses that are being deployed in that province are absolutely devoid of any real protections (the much touted ’security sleeve’ is demonstrably faulty). While integrating privacy by design is a positive step forward, Ontario is the only province that has publicly discussed this at length. Moreover, even in Ontario there has been little comment about the worries of government creating massive databanks of facial images that are designed to be rapidly searched. As it stands, facial recognition technologies are sub-par at meeting the expectations that the public has developed from watching 24, Heroes, and other works of science fiction. In fact, massive amounts of research needs to be done to improve accuracy rates of facial recognition technologies, and a large database to conduct tests on to develop the technology is just what the scientist ordered. Thus, while the facial images that are taken of individuals will be of minimal use to government agencies at the moment, we cannot assume that ‘privacy by technological incompetence’ will be something Canadians can rely on over the long term.

Perhaps most importantly, privacy advocates’ underlying worries about these cards have not been addressed. As I have previously noted,

In the cases of both radio tags and biometric data, there exists a serious danger of function creep. As more and more members of the Canadian and American public carry these devices, increased pressures will extend how these documents are used, exceeding their initial purpose of securing American borders (Source).

While various RFID proponents have insisted that RFID tags cannot, in practice, be used to track user data, the web cookies that we download after visiting websites were never intended to let companies track us. Just last year however, the Wall Street Journal published an article revealing that, lo and behold, the company that will do no evil (i.e. Google) is using web cookies as an “Internet tracking technology that enables it to more precisely follow Web-surfing behavior across affiliated sites” (Source). RFID tags are meant to track cattle as they move around the world; surveillance is the reason for their very existence. Why would we ever assume that this technology would ultimately be used for some other purpose as soon as it were applied to human targets, when other evidence demonstrates that non-surveillance technologies are readily requisitioned to monitor our daily activities?

This worry about pervasive surveillance is something that Dr. Andrew Clement has discussed in various presentations through the Canadian IDentity Forum. He has noted that, despite government assurances, there is no evidence that real speed enhancements will be realized at the border.  At most, Canadians can expect to pass through borders 5-10 seconds faster than they do right now. Moreover, while there are claims that EDLs are somehow ‘more secure’ than present licenses, this is just another part of the script in the Canadian/American security theatre. You see, to qualify for an EDL, individuals must show foundational documents (e.g. birth certificates) to prove that they are who they claim to be; where a foundational document is successfully forged the ’security’ offered by the EDL is defeated. Moreover, the RFID tag can be copied, letting another person clone the tag’s unique number. When Ms. Daghum comes to the border with her cloned tag, she can have Ms. Ouziel’s profile brought up on the border guard’s screen. If Ms. Daghum physically appears like Ms. Ouziel, then a border guard could be fooled about the authenticity of the RFID tag based on the information called from government databases. The RFID is insecure and the biometric image currently unreliable – how, again, do these cards actually make us safer (as opposed to making us feel safer) from terror threats?

If high costs, minimal border-crossing efficiencies, unreliable biometric images, and easily duplicated RFID tag numbers aren’t enough to make you wonder about the capacity of EDLs to secure the border, I’ll leave you with two concluding points. RFID tags, and the data that they emit, contribute to what  scholars such as David Lyon and Kevin Haggerty have termed ‘the surveillance society’, or a society where  “[w]e are inadvertently handing over to centralized authorities an infrastructure of visibility the likes of which no society has ever seen before” (Source). Canadians regularly moan that they can’t protect their own privacy but, by refusing to adopt an EDL and using a passport instead, they will find that protecting their privacy is actually cheaper than buying into the surveillance society. Get a passport, and congratulate yourself on being a privacy advocate by taking yourself out to dinner on your EDL-related savings!

Second, as has been noted by Canadian civil liberties groups;

…a passport is an internationally recognized travel document that gives the holder certain rights, while a driver’s licence is not . . . If the U.S. decides to deport a Canadian while she is carrying her passport, she must be deported back to Canada.

A Canadian carrying a driver’s licence could be deported to anywhere in the world (Source)

We are all unfortunately aware of the horrors that can occur when suspected ‘terrorists’ are sent to places such as Syria. While Maher Arar’s case does demonstrate that a passport will not necessarily persuade American authorities to act in within the confines of law, an EDL will not legally persuade foreign authorities that you should be sent to Canada instead of a torture cell in Syria. Even in a world where a passport has diminished legal standing in the eyes of American authorities that diminished standing is better than the absolute lack of legal standing that EDL-holders are left with.

In summation, you’d be well advised not to take part in this most recent act of the Canadian-American security theatre. You’ll pleasantly find that there’s a reduced entry fee to the security show with a passport (with money left over to buy a drink and snack!). Far more importantly, the passport might actually prevent the ushers/border guards from deporting you to a truly horrible place to ‘enjoy’ unspeakable acts of barbarity. Be your own privacy advocate, boybott the EDL, and buy yourself a passport if you want to cross a Canadian-American land border.