Technology, Thoughts, and Trinkets

(Source)

I recently received David Weinberger’s Everything is Miscellaneous: The Power of the New Digital Disorder and was excited. A great deal of my present work surrounds understanding metadata, and the implications that it has for the reconstitution of knowledge and reordering of political association. Imagine my surprise when I quickly found that Weinberger fails to perform a substantive investigation of the role of metadata in the reconstitution of knowledge and society, in book that emphasizes metadata’s role! At most, he skims the surface of what metadata can affect, glossing over specifics most of the time in favor of generalizations and limited references to Greek philosophers. After you’ve read the first 30-40 pages, the only thing you really have to look forward to are (a) a few interesting discussions about blogging, tagging, and the challenges in monetizing past modes of organizing data in comparison to digital metadata-based information-associations; (b) the end, when you can put the book away or give it to someone you aren’t terribly keen about.

While there are a handful of interesting parts in the book (in particular 2-3 pages on tagging data, and the beginning discussion between 1st, 2nd, and 3rd order data might be a useful conceptual device) I was grossly unimpressed with it on the whole. For a better read and more useful investment of reading time, turn to Negroponte, Sunstein, Lessig, or even Erik Davis. Alternately, just go to Wired’s website and spend the couple hours reading the free articles there that you’d otherwise be spending reading this book. I can almost guarantee your time at Wired will be better spent.

How do I rate it? 1/5 stars.

(Source)

Newman’s Protectors of Privacy: Regulating Personal Data in the Global Economy is exemplary in its careful exposition of Europe’s data protection regulations. Using a historical narrative approach, he demonstrates that Europe’s current preeminence in data protection is largely a consequence of the creation of regulatory authorities in member nations that were endowed with binding coercive powers. As a result of using the historical narrative method, he can firmly argue that neither liberal intergovermentalist nor neo-functionalist theories can adequately account for the spread of data protection regulations in the EU. Disavowing the argument that market size alone is responsible for the spread of data protection between member nations, or in explaining Europe’s ability to influence foreign data protection regulations, Newman argues that the considerable development of regulatory capacity in European member states, and the EU itself, is key to Europe’s present leading role in the field of data protection.

Drawing on recent telecommunication retention directives, as well as agreements between the EU and US surrounding the sharing of airline passenger information, Newman reveals the extent to which data protection advocates can influence transnational agreements; influence, in the EU, turns out to be largely dependent on situating data privacy issues within the First Pillar. For Newman, Europe’s intentional development of regulatory expertise at the member state, and subsequently EU level, as demonstrated in the field of data privacy and tentatively substantiated by his brief reflection on the EU’s financial regulatory capacity, may lead the EU to play a more significant role in shaping international action than would be expected, given its smaller market size as compared to the US, China, and India.

Overall, I would highly recommend this book. If you are interested in the role of regulatory capacity in the ongoing issues of personal data (especially as it pertains to the EU), or if you just want to read an inviting, concise, and well-developed historical account of the development of EU data protection regulations, then this book is a great way to spend an evening or three.

(Source)

Earlier this year, I was asked a very good question by my MA advisor. Omid asked, “Why do you study what you study?” At the time, I gave an incredibly disappointing answer - it was vague, disjointed, and really didn’t address the question in a forthright way. I think that there were a few reasons: first, I didn’t have time to prepare; second, I hadn’t reflected on this question in a deep manner that could be succinctly expressed; and third, I’m not very good at answering relatively complicated questions that link into my personal history on the spot. Since then, the question has been in the back of my mind, and I’ve come back to it on a frequent basis.

So, with that in mind I want to put forth a probationary answer to “Why do you study what you study?” It’s going to involve touching on what was a few key computing moments in my life, formative elements of my undergraduate and graduate degrees, and how my background working in IT fits into things. If you want to just skip to the final answer, hit the bottom of the post - the intermediary sections see me start linking together various facets of my life and education to form the structure to answer Omid’s question, and may be of little interest to you.

The Past

I’ve had a computer in my house almost since I can remember. My dad had an old Tandy computer that I played very early video games on. It was a beast to navigate, and the commands were arcane (especially to a 4 or 5 year old!). That said, it was amazing that you could play games on it. It wasn’t until we moved from the Maritimes that there was a ‘household’ computer. It cost a small fortune, and was meant for school work. I, of course, quickly learned how to install games on it. This was in the days of DOS and Windows 3.11. I learned how to navigate via a command line, as well as what not to do when trying to fix computer problems (an early lesson: deleting full directories when you don’t know what is in them is a really, really, really bad idea!).

Fast forward a few years, and I thought that I was reasonably computer savvy. I knew more than my parents, that was for sure. I could install programs, stash files away, and surf the ‘net (on a 2400 baud modem) without them having any idea of what, exactly, I was doing. It was great - there was a feeling of exhilaration in racing around places and doing things that were effectively magic to my parents (and that would have been disallowed, if they knew what I was doing). Then I met someone (my step-father) who knew a lot more than I did. He could track what I did, and did so for my parents - this was my first encounter with surveillance in a digital space. I had the typical responses that any teenager will have: I was infuriated that ‘my privacy’ was being invaded; what I did online and on a computer in my own time was my business, just like when I read a book or wrote something on paper, it was ‘mine’. This was my first real experience of parental invasion of privacy that had a resonating effect. What was most upsetting wasn’t just that my actions were being surveyed, but that automated programs were being used to identify where I went online, what I did, and so forth. There was no way (that I knew of) to evade this kind of electronic surveillance. It was infuriating, and led me to be very paranoid about what I did on the household computers, because I didn’t know what was surveyed, or how the surveillance was performed. What I was certain of was this: digital surveillance sucked.

The Education

Fast forward a few years, after I’ve gotten my own computer, my own broadband connection, and so forth. I’m in University, and studying philosophy. In my BA, I drifted between two core areas: phenomenology (the study of the nature of experience) and social and political philosophy (where I studied the natures of law, justice, citizenship, and political association). In my (limited!) studies of phenomenology I was interested in the intersubjective connections that people developed, why these connections developed, and the play that occurred in them. I was very interested in the role of ‘authenticity’, as it pertained to forming identity and making decisions. It was during this time that groundwork was unknowingly laid to prepare me for my encounter with Habermas some years later - without this background in phenomenology I doubt that I would have appreciated the notion of a ‘post-metaphysical’ political theory or the elemental role of discourse in constructing identity.

In my studies in social and political thought, I read a reasonable amount of feminist literature as it pertained to law, justice, and political inclusivity. I was struck by how groups were excluded on logically inconsistent bases, and the relative absurdity of the metaphysical arguments that were used to maintain this exclusion. Given that many of the thinkers that I was most enamored with were post-modern thinkers who were focused on issues of discourse, I was again being ‘prepped’ for a critical discourse theory perspective (i.e. that of Habermas). What really drew me into school was a course on Kant’s political philosophy that I took at the end of my third year. There, I saw just how beautiful a theoretical system could be…but I was left with questions at the end of the course that I just couldn’t answer. I spent the summer reading in and around modern political theory, as well as some post-modern political theory. I didn’t know, but at the time I was trying to answer this question: “How can a Kantian subject discursively realize themselves, given the monological character of realizing one’s freedom?”

When I ran into Habermas for the first time, I was attracted to him because he picked up some of Kant’s thoughts and managed to directly address the role of discourse in constructing subjectivity - discourse, as the primary ordering structure of one’s intersubjective relations, is central to any conception of what it is to Be. In Habermas’ examination of the subject, however, he was explicitly ‘post-metaphysical’, meaning that Being was immanently realized. This meant that his political system was inclusive, insofar as a political association wasn’t predicated on a particular metaphysic (e.g. Christianity). I remain convinced by the Habermasian account of subjectivity (though slightly modified), and when it comes to how he analytically divides civil society his (effective) distinction between zones where reason is used strategically and areas where it is used to develop consensus is appealing because it reflects the world as I perceive it (thus integrating with some of the demands that phenomenology requires, namely that theory is immanently developed and predicated on experience).

What concerns me in the Habermasian system is this: How can we ensure that individuals will authentically communicate with one another to develop intersubjective relations and democratically legitimized political systems? Given that communications increasingly take place in digitally mediated environments, what are the implications of moving to this environment for the possibilities of authentic/non-coerced discourse?

Step Back: Information Technology

Before continuing with ‘why privacy matters to me’, I want to alert the reader to why I was interested in digital technologies. Throughout my undergraduate and MA degrees I worked on campus doing IT work. This began with routine monitoring of some computers labs and their associated equipment (carefully noting exactly how much paper was used, how much toner, what computers were damaged and why, etc) and gradually led me to survey computer operations using a variety of software programs that were hooked into various networking infrastructures. I was involved in opposing the shift from a centrally-hosted campus email system to a Google-base system, as well as in trying to more effectively monitor hardware and user interactions to develop systems that minimized hardware losses while improving user experiences. I was involved in surveying a large user base, and trying to perform my job as efficiently as possible.

During my time as an IT worker I learned of some of the ways that surveillance was routinely performed on the campus by other IT divisions, and I was made aware of the realities of privacy invasions when dealing with students who had their privacy (and personal dignity) invaded. Given that my immediate boss, and many of my friends, were (and continue to be) involved in web development I learned about some of the surveillance systems that they used to discretely identify and track users as they moved across websites. The hands-on experience of digital surveillance systems, and learning the language of IT, led me to read and learn about how various pieces of hardware and software are used to watch, shape, and track what individuals do in digital environments.

In essence, my limited time spent in IT showed me just how much data could be collected on individuals without their ever knowing, got me thinking about how that data could (and should) be used to enhance IT operations, and the consequences of these surveillance technologies for political systems.

Step Forward: Digital Communications

Given that individuals are commonly unaware of the surveillance apparatuses that are deployed around their digital environment, what might we think would happen if individuals were aware of the privacy-invasive technologies that are deployed to monitor their daily actions? What might be the logical consequences of this awareness? What might Habermas have to say about this kind of surveillance, and what would his response(s) be to the use of digital surveillance instruments? These were the questions that motivated my MA thesis.

Habermas’ theoretical framework is appealing because the account privacy that can be derived from it is neither communitarian nor liberal - it takes a middle ground and recognizes that the establishment of public and private rights are co-original, and that privacy rights are similarly co-original and necessary to secure both domains. I won’t bother you with the technicalities, but if you read my MA thesis you’ll see how this is developed (though I think that I could probably articulate it better, now, after reflecting on this for a year since the thesis was written). In my MA thesis, I draw out what kinds of privacy rights we should expect from a Habermasian system. While the principles strongly resonate with Fair Information Processing Standards (FIPS), I think that the difference is that the privacy rights I derive are not based in a purely liberal understanding of the subject, which lets me sidestep accusations that FIPS privilege the individual at the expense of the community.

So, while my MA thesis focused on understanding how privacy rights that would permit authentic communication were possible, it didn’t spend a great deal of time actually looking at the policies that establish and shield privacy rights in nation-states. What’s more, my MA thesis focused on the nation-state, rather than on the international domain, leaving a (self-recognized) blind spot in my thesis. While Habermas’ architectonic does account for how international standards might be established in a democratically-legitimated way, his thoughts commonly rely on the EU as a case example, which continues to strike me as a shaky empirical foundational case. So, while in my MA I attended to what kinds of privacy rights might emerge from a Habermas’ system, now I want to look at how international data privacy regulations have developed, and whether or not these regulations allow for authentic discourse by citizens in multiple jurisdictions. In particular, I want to look at the gatekeepers of the Internet (ISPs) and understand who influences their use of deeply privacy-invasive technologies and why. These accounts will then be drawn into a larger examination of the Habermasian-derived privacy rights, to let me understand the intersection of Habermas’ own thoughts surrounding cross-jurisdictional discourse and the instantiations of data protection law that may, or may not, actually facilitate the process of establishing cross-national privacy protections that secure the privacy of personal communications. This is a long-term project that I expect will extend well beyond my doctoral studies.

So, Why Privacy Issues?

Given my attention to discourse as a grounding facet of people’s existence in the world, accompanied with the shift towards digital technologies that can monitor data traffic/communications in real time and alter/censor them, I focus on digital privacy issues because they tend to threaten people’s abilities to authentically communicate with one another. The Habermasian system (accompanied and fleshed out by other theorists and complementary frameworks) gives me the structure to constructively perceive and address these issues, while simultaneously offering possible avenues to theoretically understand (and test) the formation of privacy policies internationally. My focus on privacy dovetails with issues of surveillance - especially when surveillance is understood as both categorizing and modulating the preferences and perceptions of individuals and groups - but surveillance is understood as a means of invading/upsetting privacy, rather than privacy as functioning under the umbrella of surveillance.

This has been a long post - I’m sorry if it was particularly dull and/or convoluted. It should be read as an early (and relatively brief) articulation of why I focus on digital privacy issues, and perhaps give some insight into the reasons why I pursue issues of privacy.

(Source)

In Lessig’s most recent book, Remix, he avoids directly endorsing any particular method of alleviating the issues with copyright infringement. Rather, he notes that there are models that have been proposed to alter how monies are collected for copyright holders. I want to briefly attend to the notion that file signatures can be used to identify particular copywritten works, and how deep packet inspection (DPI) could be used to facilitate this identification process.

The idea for using file signatures to track the movement of copywritten files goes like this: when you create a work that you want to have copywritten, the work is submitted to a body responsible for maintaining records on copywritten work. We can imagine that this could be national libraries. When the libraries receive the work, they create a unique signature, or hash code, for the copywritten work. This signature is stored in the national library’s database, and is known to the copyright holder as well. We can imagine a situation where we can choose what kind of signature we want copywritten work to have - there could be a full-stop copyright, a share-and-share alike non-commercial style copyright, and so forth. By breaking copyright up in this fashion, it would be possible to more granularly identify how content can and should be used.

Now, when a work is digitally transmitted, it would be possible to identify the signature that is encoded into the media file. Thus, when a copy of my MA thesis was sent from one person to another it would be possible to identify the file’s signature as it was being transmitted and correlate that with information populated by the national library’s database. The question, however, becomes where does the data holding the signature lie? If we presume that metadata would be held in a file - rather than wholly in each of the file’s packets - then it would be necessary to use deep flow capture technologies to gather file contents, identify the signature, and then notify the appropriate body that the file was being transferred/making a record of its transferral. Ignoring the fact that encrypted traffic evades DPI analysis (especially where the file itself must be identified for a ’successful’ analysis), and that there would quickly be a way to strip this metadata out of files, what should we make of this kind of use of DPI technologies?

By-and-large, such a use appears to be a particularly obtrusive method of securing copyright. This method does, however, have the advantage of perfectly securing copyright over files that haven’t been altered. Moreover, supposing that it would be possible to establish different license types, it would be possible to deeply encode relatively free or open licenses that would be machine readable. Beyond the notion that this is obtrusive, what is significant about this and any other use of ISPs to monitor files that pass through their network en masse is that innovation is occurring in the middle of the ‘net. Whereas the Internet has been predicated on end-to-end intelligence, with the routing devices being ‘dumb’ insofar as they have minimally interfered or affected the movement of content beyond the rules of TCP/IP (and similar protocols), by suggesting that something should be going on at the network level we are making the middle intelligent.

As it pertains to copyright, it seems to me that any attempt to read signatures is going to be privacy invasive, at least if you want 100% enforcement. You will need to check every ’storage container’ (i.e. packet), something that can’t be done in the U.S. despite billions of dollars thrown into the war on terror. What is perhaps of even greater concern, is that a packet-by-packet analysis will focus on the act of copying, rather than the use of the copy. I am unabashedly convinced by Lessig’s argument that we need to reform (not abolish) copyright - copyright needs to address how material is used in an age of remixes, of creative sharing. If we were to use DPI devices to sniff each file, we would merely try to reaffirm a copyright strategy that has criminalized massive populations by demanding that their gatekeepers to the ‘net watch over everything that they do.

While I don’t want to be so extreme as to say that I want the ‘middle’ of the ‘net to be dumb (I think, for example, that there is a real advantage to local caching of regularly accessed data so that ISPs don’t need to pay Tier-1 ISPs to move data along the backbone [yes, I realize this can be read as a blow against network neutrality ]), I do think that any suggestion that ISPs act as copyright police by watching for metadata is almost necessarily privacy invasive.

(As a note: there are presently plans in the U.S. to have ISPs watch for signatures of files that are related to child pornography. I’m as against that sniffing for that sort of traffic as I am of copywritten material, on the basis that it is widely privacy invasive. Measured responses that don’t amount to pulling over each person and conducting a full body cavity search for drugs are needed in digital spaces, and the use of DPI equipment is the equivalent of that cavity search.)

(Source)

I’ll start this by being very forthright: Colin is my supervisor for my doctoral work. This said, the review that I offer is my own, and has not been influenced by Colin in any way. He has not read this review (or even made aware that I was preparing a review!) prior to my posting it.

The Privacy Advocates: Resisting the Spread of Surveillance is an interesting book, because it is the first of its kind where the agents who are on the ground fighting the fight for privacy are examined. Given Bennett’s extensive relationships with various data authorities and advocates, we get a very revealing glimpse into the lives, histories, and motivations of the major players in Canada, the US, and a handful of international advocacy groups. Bennett’s critical thrust in the book, which we get to in its last chapter, is this: “Should we understand privacy advocates as transforming their work into a movement, such as the environmental movement, and is such a transformation necessary for them to successfully engage privacy-infringing bodies in the future?”

To set the frame for his response to this question, Bennett identifies the history that has led privacy advocates to spring from the various areas of civil society that they emerge out of. He talks about how computers led to a perception that there is a greater potential for mass surveillance, but then rapidly turns to look at the groups who are actually engaging with issues of surveillance and privacy. He establishes a tripartite categorization of the groups that are involved in privacy and privacy-related issues:

1. Privacy-centric groups; these groups exclusively attend to issues of privacy, and their mandate is predicated on this issue exclusively.
2. Privacy-explicit groups; for these groups, privacy is an important facet of the issues that they attend to, but is one of many issues.
3. Privacy-marginal groups; these groups do address privacy issues, but often in response to other social injustices (e.g. consumer groups who oppose tracking consumer spending, and so oppose RFID identifiers)

Within each group are sets of actors, which are divided into a six-part type-based categorization schema. Actors can be either:

1. Advocate/Activists
2. Advocate/Researchers
3. Advocate/Consultants
4. Advocate/Technologists
5. Advocate/Journalists
6. Advocate/Artists

It is after these two sets of categories that Bennett talks about the strategies that are used, lessons that have been drawn from past campaigns, and the relative heterogeneity of the actors and their networks. Generally, the question becomes whether or not we can read these networks as developing into some kind of a movement (with the example being that information rights will be the new ‘rights movement’ that the environmental rights movement was in the 20th century) or whether these networks will be best understood as advocacy groups that rise and fade away as issues demand of them. I won’t spoil Bennett’s conclusion for you, but will add some elements that I would have liked to have seen.

To begin, while I can appreciate that Bennett’s purpose was to get advocates to tell their own stories, and to subsequently evaluate what the trajectory of advocates will be in the future, I wonder if his attention to the advocates themselves forces him to present his own argument more hastily than it could had he spent slight less (10-15 pages?) on the advocates. Further, while he does note that advocates are involved in the policy process, it is left to the reader to understand how these processes operate. A greater attention to explicit links between advocacy actions and the stages of the policy process would assist students of political science clearly identify at what points campaigns can be understood as having left a resonating effect on the policy process. While it is possible to derive where these points are by closely reading the cases as presented in the text, alongside some side-research into the privacy campaigns, it would be nice to have had Bennett do some of this ‘heavy lifting.’

Bennett distances himself from the notion that privacy advocates will transform their work into a social movement paralleling the environmental movement, but I wonder if spending more time on this issue wouldn’t have been helpful. While we have very good testimony from advocates, who demonstrate a mixed reaction to the proposal that they develop a more cohesive organization/ideological stance, it would be nice to have seen Bennett himself weigh into the issue on his own terms in a more strident fashion. I keep coming back to the idea of “data spills” as the new way of framing data breeches, just as environmentalists focus on “oil spills” as destructive to the environment; a detailed account of the possibilities of this kind of rhetorical twist while drawing on both advocacy literature and his expert interviews would have been very interesting to read. What’s more, while he notes that some academics (such as Pris Regan) question whether or not privacy issues can be seen as important by legislators as long as they are seen as individual, rather than community, issues I wish that Bennett himself had taken a more pronounced stance on why, and how, privacy is or isn’t a community or individual issue.

These comments shouldn’t be taken to suggest that I disliked the text - I think that it’s invaluable to any neophyte activist who wants to learn how to successfully wage a campaign against a government or corporation that is violating people’s privacy. The interviews are revealing, insofar as they shed light on the individuals and groups who are so often read about in the news. What’s more, by presenting successes, Bennett demonstrates that campaigns are far from hopeless, though ’success’ is mediated by the fact that privacy advocates have (arguably) had very little impact on the widespread raising of privacy standards internationally.

All in all, if you are interested in privacy and want to gain a deeper understanding about who is articulating the resistance against surveillance, then this book is for you. Just be careful that you don’t come to the book hoping that it exceeds the scope that the author outlines in the first section of the book - he is rigorous in his examination, and avoids deviating from his primary goal of explicating the groups, movements, and evaluating whether or not advocates can, or even want to, expand beyond their current status as semi-amorphous bodies that actively resist inappropriate invasions of people’s privacy.

(Source)

Remix: Making Art and Commerce Thrive in the Hybrid Economy continues Professor Lessig’s discussion about the role of copyright in contemporary Western societies. This time he is focusing on how digital tools are used by children and adults alike to ‘remix’ pieces of culture. ‘Remixing’ involves taking images, music, speeches, and video (for example) and manipulating and arranging them to create entirely new cultural artifacts. You see this in homemade music videos, funny YouTube clips that use music to mock or praise politicians, and in blogs where people appropriate content from various locations to create the narrative of each posting. These amateur cultural artifacts are significant, both because they are creative expressions and because they leverage the weight of the symbols that are used in remixing to create the new cultural artifact. There is very real value in the referential elements of remix culture.

Lessig distinguishes between ‘Read Only’ (RO) and ‘Read Write’ (RW) cultures. RO culture has been the traditional realm of copyright - here intellectual property is carefully fenced off from the public commons, and individuals must ask permission to use it. RW culture, on the other hand, thrives off of sharing and creatively adapting (and re-adapting) media. Neither is necessarily better or worse than the other - they are each useful in particular domains. The problem, however, is that the laws governing RO culture are now preventing RW culture from legally thriving; digital technologies enable culture to be remixed, while the laws of the land outlaw creating remixed digital artifacts without first asking the permission of rights holders. Lessig associates the RO and RW ‘culture models’ with commercial and sharing economies, arguing that the advent of digital technologies and spaces can drive a wedge between commercial and sharing economies to create hybrid cultures and economies. He points to wikipedia, craigslist, YouTube, Slashdot, and last.fm as operating within a hybrid economy between RW and RO culture. This economy thrives off of individuals’ shared participation that can stimulate commercial profits. If a company upsets the balance that makes possible this hybridity - by paying people when payment would be an insult, or mishandling the sharing of people’s contributions - there is a risk that the financial success of a company that operates in the hybrid economy will be (financially) endangered.

The final solutions that are offered in the book (as you will read) follow naturally from the evolution of Lawrence’s thoughts. There really isn’t anything terribly surprising in the ultimate arguments surrounding how copyright laws ought to be altered, but what is different is the process by which we get to these arguments, and the meaning that is invested in the revision of copyright itself. Even if you’ve read his other work, there is value in examining Lessig’s attitude towards copyright reform through a slightly different lens. (If you haven’t read his previous work on copyright, then the conclusions will likely be incredibly powerful.) Ultimate, the question that he is asking in this book is ‘Do you think that we should continue the current copyright regime, which is criminalizing our children, or must we reform copyright so that it attends to how material is used, rather than whether or not it is copied?’

While there are various areas of the text where a reader might be disappointed (all it will take is a sufficient disagreement with core premises in the argument), I was unhappy to see the reliance on market mechanisms to (largely) hammer home the value of copyright reform. It doesn’t feel like Lessig is patronizing individuals who approach copyright from a dollars and cents position because he honestly believes in the market as a way of resolving/justifying solutions to the copyright dilemma. That said, I (continue to) wish that he’d adopt a more principled approach (e.g. on the basis of constitutional rightness or wrongness) and move away from the almighty market.

All in all, I would highly recommend this book if you are interested in issues of copyright, digital culture, new economies of business, or just want to laugh - while Lessig is a law professor, he has a gift for prose that would make most fiction writers and comedians envious.

(Source)

The Vancouver Sun has an article that was written by Phil Chicola, U.S. Consul General in Vancouver. Entitled “To RFID or not to RFID, that is the question,” it is yet another part of the ongoing propaganda war surrounding the embedding of RFID chips in regular consumer products. In the recently released Canadian Border Services Agency (CBSA) Privacy Impact Assessment of the Enhanced Drivers License (EDL) program, we find that,

An effective external communications strategy will be developed by the [Provinces and Territories] with the assistance of the CBSA to ensure that the Canadian public is made aware of the significant privacy safeguards that will be put in place and the constraints that will be imposed on any subsequent use of personal information, especially sharing with the U.S. in consideration of the U.S.A. Patriot Act (29).

What this has amounted to in Ontario has been a persistent insistence by government officials that because the Radio Identifier that EDLs emit is not tied to any *other* piece of government information (e.g. the RFID number is not generated from an association with your driver license number, birth certificate, etc.) that the identifier isn’t personal information. Thus, while you will be broadcasting a number from your drivers license to anyone with a reader, that isn’t ‘personal’. Let’s turn to the Vancouver Sun article, and see how it squares up with the Canadian propaganda, shall we?

[EDLs] were created for frequent travellers, easy access and fast use. As you wait in your car to cross the border, having the kind of document that can only be read when you hand it over to the border official does not speed up the crossing. So this type of chip can be read by the border official’s machine from several feet away — even when you are in the next car waiting to cross. One thing that’s important to note though, this kind of card has NO PERSONAL DATA embedded in the chip.

Instead, it has a number which, when read by the right database, connects the user with his other personal data. And those databases are also protected with security measures against unauthorized use.

Privacy and preventing identity theft are important considerations in choosing the kind of travel document that is right for you, as are the convenience benefits.

We’re concerned about these issues as well since one of the key goals in mandating secure documents is to make sure they are secure and that people are who they claim to be. Cases of mistaken identity when travelling will become rarer as people opt to establish their identity through these kinds of secure measures. (Source)

So, let’s clarify some things. What is the possible read distance on an EDL? How powerful a radio receiver can you create? The more powerful the antenna, the longer the range. Conservative estimates, with standard off-the-shelf-readers RFID readers, place read rangers at up to 10-50 feet.

Next, while American citizens may not legally have personal data situated on the chip - I don’t know American privacy laws and regulations well enough to definitively say either way - the Canadian privacy commissioner has come out and said that where a number can serve as a proxy for an individual that that number is classified as personal information. Hence, your Social Insurance Number is classified as personal information because, even though it is ‘just a number’ it can (and is) used to identify and service Canadians. A difference, of course, is that there is a more prevalent need to get a SIN, as they are needed to work in Canada.

When they are referring to ’secure measures’ are they referring to ‘broadcasting the number associated with the RFID in the clear, with no encryption?’ The article seems to allude that there will be protections with the EDL numbers, just as there is with American passports, but to clarify that: there is no such encryption in, or planned for, EDL identifier numbers. None. The technical specification for the RFID chips themselves does not allow for encrypting the number. The most ’secure’ thing about the EDLs is that the database will be house in Canada, following outcry by the privacy commissioners of Canada - being safe from the Patriot Act is a good first step, but it’s a first step along a bad road.

(Source)

In the US, Comcast is presently using what is referred to as ‘protocol agnostic’ filtering‘ - effectively, if you use the full amount of bandwidth that you are paying for for more than a few minutes, they decrease your available bandwidth for a while. This was, in part, a reaction to their sending RST packets to BitTorrent users - these packets would ‘kill’ connections that individuals had with other P2P users, but were also catching some other programs in the crossfire. What’s more, they were using a technique referred to as ‘packet forging’, which is involves changing packets in-stream. After a substantial amount of public criticism and backlash, Comcast stopped using their DPI equipment for this purpose and instead shifted to using them for protocol agnostic filtering.

Let’s turn to Virgin, who is currently implementing protocol agnostic filtering, but there are rumblings that the way that they’ve deployed it may not be the best solution to combatting what is perceived as the real problem: BitTorrent traffic. From a DSLreports article:

[A] customer on Virgin’s 10Mbps/512kbps “L” tier loses 75% of his throughput for five hours should he download more than 1200MB between 4 and 9PM. (Source)

There are several issues with this kind of agnostic filtering.

1. There are questions of whether or not customers actually have any idea what a gigabyte of data is in real terms (i.e. not ‘how many emails can be sent’ but ‘how many minutes of Hulu does this amount to?’).
2. Given that people are increasingly turning to digital distribution networks, such as iTunes, to download movies and TV shows, there is a real worry that such ‘agnostic’ filtering will affect people who are engaging in 100% legal, non-infringing actions. Filtering the traffic of these individuals means that you are simply punishing them from taking advantage of: (a) the services they believe they are paying for; (b) for using digital distribution streams - the same streams that telecommunications companies have been trumpeting as the future for several years.
3. It suggests that there is something permissible with punishing customers for using the ‘net during prime times - imagine if during the hours of 4-9 cars slowed down to ‘mitigate traffic congestion’. I think that there would be some very serious problems with doing this in the analogue domain, so why do we let ISPs do it in the digital domain?

Now, how will BitTorrent traffic be identified? I would wager that packets and traffic flows will be monitored, likely using middleware devices like Procera’s PacketLogic PL10000. Before we use these devices to identify and punish P2P users, however, maybe there is a way of using them to address issue one from the above list. I’ll note up front: this is arguably a violation of network neutrality principles.

Rogers presently uses DPI equipment to inform their customers when they are reaching their monthly data caps. The problems, as typically outlined, with this strategy are twofold:

1. It’s creepy that your ISP is modifying webpages, inserting a banner ad (effectively) at the top of a webpage that you are visiting.
2. It upsets ‘owners’ of the webpages that you are visiting, because it can upset how they have configured webpages to display ads. Rogers, in effect, threatens their revenue streams.

At the same time, however, it does indicate to users roughly where their caps are sitting at. Maybe what would be ideal would be this: open a new window that identifies how much data individuals have downloaded in the past hour, as well as the total content that they have downloaded. I don’t like the idea of ISPs modifying webpages, so what this would do is actually create a separate packet stream. The issue is that they would, as I presently understand the technology, still effectively be forcing content on the user. Maybe there could be an option to cease/modify how information was provided, including automated reports to an email account that was specified by the user…

In the case of Virgin, I think that an agnostic system just won’t work - when you have a family of 4, with people streaming on Hulu, YouTube, downloading tracks, podcasts, and movies from iTunes, etc. you are dealing with a ‘connected’ household. If you punish a household for adopting next-gen distribution techniques, you quickly transform what could be something that should be a very positive change in supply/demand chains into an economically unfeasible one. At the same time, but trying to focus on BitTorrent traffic, you’re effectively ignoring the fact that streaming video is quickly becoming responsible for the majority of transmitted packets, not to mention unfairly focusing on an application-type. While people may be using BitTorrent to infringe on content, there isn’t any reason to discriminate against people using this kind of application, any more than there should be discrimination against individuals who are more likely to use a particular brand of car to speed.

(Source)

An update to my last post concerning the location of the EDL databases: Jim Bronskill, with the Canadian Press, is reporting that the CBSA and Canadian authorities are shelving ideas to place the EDL data in the United States. While this certainly alleviates some of the privacy-related concerns with the EDLs, the Office of the Privacy Commissioner of Canada put it well:

“All in all, we are pleased to see that they listened to some of our recommendations, but we remain hopeful that they’ll heed to many of our other concerns,” said Anne-Marie Hayden, a spokeswoman for Stoddart. (Source)

It is nice to know that a massive amount of personal information isn’t being stored in the US for cost management reasons, but this doesn’t alleviate worries that the RFID chip in the EDLs might still be used for mass surveillance purposes. While the privacy commissioners of Canada have recently commented on this to the press, warning businesses that they need to be compliant with law when collecting license information, their need to publish this statement clearly suggests that businesses are not remaining compliant with the law concerning non-RFID licenses. To me, this suggests that there either needs to be some very real coercive ‘convincing’ applied to businesses so that they learn to comply with the law, or that this issue should be used to publicly advocate for modifications to the proposed EDL schemes (e.g. being able to disable the RFID with an on/off switch).

(Source)

Under a Freedom of Information request, the Privacy Impact Assessment (PIA) for the initial tests with Enhanced Drivers Licenses (EDLs) has been released to the public. I would highly recommend taking a look at the documents if you’re interested in this issue. Over the next few days and weeks I’m going to be (briefly) posting notes on the document. For more information, I’d recommend turning to the Canadian hub for advocates campaigning against the EDLs, at the Canadian IDentity forum.

I have a real passion surrounding databases - they are used to guide daily practices, from accessing money at instant tellers, to authenticating you to web sites that you visit, to identifying the cost of products when they are scanned at the grocery store. Databases are big business, and when it comes time to deploy new pieces of identity infrastructure the database chosen is important, as are the security precautions that surround it.

In British Columbia (BC) the personal information for the 500 individuals who were a part of the EDL trial was encrypted by the Insurance Company of British Columbia (ICBC), and then copied to a CD. The CD was handed over to the Canadian Border Services Agency (CBSA) (who could not access the encrypted data) and then shipped south of the border to the American administrators of the Treasury Enforcement Communications System (TECS). The data was retained by TECS and released to the Customs and Border Patrol (CBP) when a traveller with an EDL came the BC/Washington border. At that time, an entry record was recorded - this record was kept in a separate database from the TECS database, though it isn’t wholly clear what information was moved from the EDL to the entry record database. The document that was released had almost all mention to the RFID in the EDL, and use of biometric technologies, redacted.

What is perhaps the most alarming from the document is its focus on using a ‘push’ method to transmit EDL information to the Americans when the EDLs are more widely deployed throughout Canada. The CBP is demanding that all data be accessible to their agents within 500 milliseconds, and the CBSA doubts that they can both provide adequate security and meet the CBP’s access time requirement. As a result, they highly suggest that Canadian EDL information should be periodically ‘pushed’ to American databases - this will ensure that CBSA will not be responsible for the securing and storage of highly personal information, nor will the have to shoulder the costs of this potentially expensive program. Effectively, this will involve transmitting all Canadian EDL records to US authorities on a periodic basis; it is unclear whether this transmission would be to TECS, or to a database that was operated by CBP themselves. Of course, by simply acting as ‘push’ agents the CBSA will largely keep their hands clean of the whole EDL mess, which I’m sure that they aren’t losing any sleep over.

I should note that the document that has been released does note that if demands are high enough, that CBSA may establish a ‘pull’ or ‘ping’ database that the American’s can query when they need access to EDL information. Under this system, the EDL information would be stored on Canadian soil (subject to Canadian, rather than American, law), and when an EDL was brought within proximity of the American border the American border system would call for the record from the Canadian master-EDL database. This would authenticate the EDL, draw up the individual’s data, and allow the CBP agent to create an entry record. The advantage of this is that without the master database of EDL information, a sweeping American surveillance law (i.e. the Patriot Act) could not be used to access the EDL database information.

Something that might be interesting to think about: depending on what is transmitted from the EDL database to the entry record database (e.g. RFID identifier, biometric template) it is possible that by cloning an RFID identifier that ‘ghost’ entries, or attempted entries, into the US might be recorded. It would be very interesting to learn how these sorts of acts of civil disobedience might be prevented by the system as it is presently designed, in part to determine whether this would be effective, and also to gain insight into the actual creation of a record of entry.