Technology, Thoughts, and Trinkets

(Source)

It looks like Ontario has managed to do what politicians in the UK have been struggling to accomplish for years. This morning the Liberal government of Ontario passed Bill 85, the Photo Card Act, which will see updates to the identity documents that Ontarians typically carry on their persons. While the UK government has been stymied at every turn by no2id when they’ve attempted to roll out a sophisticated identify card, the coalition and advocacy groups in Ontario that have opposed the inception of drivers licenses that contain biometric data and radio frequency identifiers (RFIDs) have been less successful. While the Conservatives had been expected to speak against the bill, this did not, in fact, happen. My money is that the politics didn’t cash out to oppose it.

I’ll post updates as they arrive, and be putting together a post-mordum report in a few days.

Update 1: CTV has an article discussing the EDLs

(Source)

I’ll be on Gorilla Radio tomorrow around 5:30pm (Pacific) talking to Chris Cook about Bill 85, Photo Card Act, and the New Transparency Project. You can listen at 102FM, 104.3 cable, or online.

(Source)

A colleague of mine asked that I write a short post that summarizes the issue and my concerns with the Enhanced Drivers Licenses that Ontario is proposing to implement in the near future. Per his request, I’ll writing this.

Beginning July 1, 2009, the American government will require Canadians and Americans who enter the United States through its land borders to carry either a passport or an ‘enhanced’ identity document. The Ontario government, in response, is preparing to pass Bill 85 – Photo Card Act, which will see the government offer these identity documents to the Ontario public. These identity documents are required to contain a radio frequency identification chip that emits a unique number whenever it is within range of a reader, raising deep concerns surrounding mass surveillance of North American populations. Researchers have consistently proven that the anemic protections suggested by the government, such as placing the identity document in a radio-blocking sleeve, to be relatively ineffective in blocking the interception of the radio’s unique identifier. Further, advocacy groups have noted that it is relatively inexpensive to purchase a reader, raising concerns that non-government bodies and individuals can capture this unique identifier.

In addition to radio tags, enhanced identity documents must contain biometric information that is intended to authenticate a person’s identity. Researchers working in the field of biometrics cannot, as of today, guarantee that biometric evaluation techniques will be wholly successful 100% of the time, thus raising the worry that enhanced identity documents may compound, rather than alleviate, problems at the American borders. Civil liberties associations have raised concerns over the possibilities of misidentification, pointing to the number of false positives on the American ‘no fly’ lists as principle examples of unsuccessful attempts to identify dangerous travelers.

In the cases of both radio tags and biometric data, there exists a serious danger of function creep. As more and more members of the Canadian and American public carry these devices, increased pressures will extend how these documents are used, exceeding their initial purpose of securing American borders.

The Ontario government, to date, has been dismissive of the concerns raised by members of the public, the office of the Ontario Information and Privacy Commissioner, Canadian civil rights associations, and independent privacy advocates regarding the impacts of Bill 85. The government has refused to amend its proposed legislation in any substantial manner in light of the privacy issues raised by the opposition governments. It has avoided seriously engaging the public, despite the far-reaching effects of altering one of the core identity pieces that Ontarians carry on their person daily. To date, the government has withheld a comprehensive explanation of how much data will be shared with American authorities and has yet to clarify where any shared data will be housed.

In light of these failures, I implore you to sign a statement against Bill 85. Alternately, you can leave a comment here, email me, send me a private message through Facebook letting me know that you support the statement, or directly post your name to the idforum website. Your name will be added to the statement, and noted in a press conference early next week at Queen’s park.

(Source)

In a recent piece, “Tracking Your Every Move: ‘Enhancing’ Driver’s Licenses at the Cost of Privacy,” I noted that the proposed Ontario enhanced drivers license changes threaten to seriously diminish people’s privacy. These proposed licenses will include a small RFID chip that emits a unique identifier when brought into proximity of a reader - this number is not associated with any personally identifiable information that the provincial government holds, but does (per the Office of the Privacy Commissioner of Canada) constitute personally identifiable information in its own right. The Commissioner’s office, in their whitepaper entitled “Radio Frequency Identification (RFID) in the Workplace: Recommendations for Good Practices”:

An RFID tag containing a unique identifier has the potential to become a “proxy” for an individual when it becomes associated with that individual. In such circumstances, it will become personal information. This would be the case with an RFID-enabled identification badge or uniform. Location data gathered by scanning tags associated with individuals is also personal information (Source).

In addition to radio waves, which have the potential to be used to surreptitiously track individuals without their consent (which I talked about in my submission concerning Bill 85 to the Standing Committee on General Government of the Ontario Legislative Assembly of Ontario), these identity documents will have biometric data imprinted on them. While true that many nations have included biometric identification in their national identity cards, what is so significant in this case is that the Ontario government is absolutely ignoring the comments that are being put forth by the Canadian privacy commissioners, concerned members of the public, opposition parties, and advocacy groups. The absolute lack of attention, given to the potential hazards of the identity documents (especially the risks of data theft and subsequent identity theft) that are being proposed is of deep concern: Ontarians will, ultimately, need these travel documents (or a passport) to cross the border into the US. In light of the significance of these documents for travel purposes, as well as the risks entailed in producing an identity card that emits personally identifiable information without any security safeguards to prevent people from identifying the unique number, it behooves the government to more widely consult with members of the public.

If you want to learn more about the issue, feel free to visit the Ontarians Concerned With ‘Enhanced’ Drivers Licenses Facebook group, or the Canadian Identity Forum website. If you would like to address concerns to the Ontario minister of transportation, you can contact the Hon. James J. Bradley with the information below. Bill 85, the bill that will see these technologies embedded in drivers licenses, will be entering its third reading on Monday, so it’s critical that you contact either your MPP or (preferably) the minister of transportation directly.

jbradley.mpp@liberal.ola.org
Minister of Transportation
77 Wellesley St W, 3rd Flr, Ferguson Block
Toronto ON M7A 1Z8
Tel 416-327-9200
Fax 416-327-9188
Toll Free 1-800-268-4686
TTY 1-866-471-8929

Technorati Tags: biometrics, EDL, Identity, RFID, Surveillance

(Source)
This is going to be relatively brief, just given a lack of time on my part (who knew that take 4 grad courses in a term, plus doing personal research, would be so time intensive *grin*). After reading a post by Mark Goldberg over at Telecom Trends I found out that Bell is planning to provide parents with a feature that would let them limit web content that their kids could view online. Given Bell’s history of using Deep Packet Inspection (DPI) devices to shape bandwidth use, I wanted to see what the technology they were using to prevent children from accessing particular websites.

The Technology
Bell is investing in Unipier Ltd.’s Intelligent Policy Manager (IPM). From the whitepaper (links to .pdf) on this particular piece of technology, we find that:

The Intelligent Policy Manager communicates with traffic and content interception and enforcement systems such as: IP level deep packet inspection systems, HTTP and SIP proxies, messaging gateways and 3rd party access gateways. Using these systems to
forward events to the IPM, allows it to apply policies on these events. In addition, the IPM integrates with various networks, BSS and content enablers in order to carry out specific actions such as: charging, sending messages or reformatting a piece of content.
Unipier’s IPM also integrates with back-end subscriber, partner and device repositories in order to fetch relevant context information.

Given that DPI equipment is already being used in Bell facilities, this means that Bell can leverage their existing infrastructure to integrate with the Unipier equipment to maximally limit their children’s access to particular Internet sites. Assuming that the Bell does not have divergent central networking hubs for their mobile and land-based data traffic (and this is an assumption; I can’t be 100% certain whether this is the case or not), it appears as though the Unipier device will allow a uniform rule set to be used to limit Web access to mobile phone users, regardless of the standard they are using to connect to the ‘net (e.g. EDGE, 3G).

While Bell is presently planning on using this technology in their mobile networks, the Unipier whitepaper suggests that their device can be applied beyond just mobile phones - personal computers can also be subject to the rule-sets the equipment esablishes. Given this possibility, it suggests that Bell could provide this service to their land-based subscribers at a later date as well.

Integration with the Unipier Family
It should be noted that the IPM is the foundation that Unipier’s Intelligent Policy Suite (IPS) sits on. the IPS allows for contextually-based advertising. Recognizing the individuals are unlikely to want to get ads delivered straight to their phones unless they are clearly relevant, the IPS aims to let operators:

…leverage their current network and service assets to achieve a prime role within the mobile advertising value chain. The operator´s unique position allows it to control the advertising real-estate and manage the rich context and usage information of any of its subscribers. By cooperating with advertisers and managing a subscriber-aware, cross-channel advertising campaign, operators ensure efficient and successful mobile advertising services. (Source)

While I don’t want to go so far as to suggest that this is coming to the Bell network (or any other cellular network), the recent attempts by Rogers, especially, to use their DPI equipment to intercept and modify content if they believe that their customers will ‘appreciate’ it, highlights Rogers’ willingness to modify customers’ experiences without their consent. Similar experiences are being found by other ISPs around the world. By integrating technology that allows for the delivery of contextual advertising, Bell is creating a hospitable infrastructure for extending their present revenue streams, all for the ‘benefit’ of the consumer. I remain hopeful that any such implementation would be ‘opt-in’, but have my doubts.

Technorati Tags: Bell, IT, DPI, Unipier