Image courtesy of UnlawfulAccess.Net

I’ll be presenting at a panel discussion on Canada’s forthcoming lawful access legislation this Thursday, January 12. It looks to be a terrific panel, and includes British Columbia’s Information and Privacy Commissioner, Elizabeth Denham, the BBCLA’s policy director, Michael Vonn, the producer of the documentary (Un)Lawful Access, Dr. Kate Milberry, and myself. Andrew Clement, professor at the University of Toronto and co-producer of (Un)Lawful Access will be moderating. In addition to a panel discussion, Drs. Milberry and Clement will be showing their documentary, (Un)Lawful Access, and the BCCLA will be revealing their report on lawful access. I’ve contributed research to the report, with my focus being on how lawful access powers are taken up and used by governments and authorities in the US and UK.

It should be a terrific event. If you’re in the area I highly recommend attending. Information is available at the event’s Facebook page and below:

Event Details

Do you think the Internet is a powerful tool for change?

The Conservative government is trying to push through a set of electronic surveillance laws that will invade your privacy and cost you money. The plan is to force every phone and Internet provider to allow “authorities” to collect the private information of any Canadian, at any time, without a warrant.

Find out more THIS THURSDAY at 6:30 PM.

SCREENING:

The Vancouver premiere of (Un)Lawful Access, a mini-documentary about the Conservative government’s proposed online spying legislation, and what Canadian experts have to say about it.

PANEL DISCUSSION:

• Elizabeth Denham, BC Privacy Commissioner
• Micheal Vonn, Policy Director of the BCCLA
• Christopher Parsons, University of Victoria
• Dr. Kate Milberry, producer of (Un)Lawful Access
• Andrew Clement, producer of (Un)Lawful Access (moderator)

Panelists will discuss the serious implications of Lawful Access and what we can do about it.

REPORT LAUNCH:

This event is also the launch of the BC Civil Liberties Association’s much-anticipated report – Moving Toward a Surveillance Society: Proposals to Expand “Lawful Access” – the most comprehensive to date. Co-authors Micheal Vonn and Christopher Parsons will be present to answer your questions.

Location: W2 Media Cafe, 111 West Hastings St.
DOORS: 6:30 PM
CASH BAR/REFRESHMENTS
ADMISSION: By donation (suggested $5-10)*

Send a message to the government at: http://stopspying.ca/

Hosted by OpenMedia.ca and W2 (http://creativetechnology.org/)

*OpenMedia.ca Allies enter free! See http://openmedia.ca/allies for more info on the Allies program.

Other posts you might be interested in:

1. Publication: (Un)Lawful Access, Its Potentials, and its Lack of Necessity
2. Lawful Access, Its Potentials, and Its Lack of Necessity
3. Letter to Stephen Harper on Lawful Access Legislation

Image by mattwi1s0n

New surveillance powers are typically framed using benevolent and/or patriotic languages. In the United States, we see the PATRIOT Act, the Stored Communications Act, and National Security Letters. Powers associated with this surveillance assemblage have been abused and people have been spied upon in violation of the law, bureaucratic procedure, and regardless of demonstrating real and present dangers. The UK has the Regulation of Investigatory Powers Act (RIPA), which significantly expanded the capabilities of police and intelligence to monitor citizens in previously illegal ways. This legislation is also used improperly, as revealed in the yearly reports from the Interception Commissioner. In Canada, the Canadian government has publicly stated its intention to press ahead and introduce its lawful access legislation despite concerns raised by the public, members of the advocacy and academic community, and the information and privacy commissioners of Canada. Here, we can also expect uses of lawful access powers to overstep stated intents and infringe on Canadians’ rights, intrude upon their privacy, and injure their dignity.

Over the past months I’ve been actively involved in working with, and talking to, other parties about lawful access legislation. This has included speaking with members of the media, publishing an op-ed, and conducting various private discussions with stakeholders around Canada who are concerned about what this legislation may (and may not) mean. Today, in the interests of making public some of the topics of these discussions, I want to address a few things. First, I quickly summarize key elements of the lawful access legislation. Next, I note some of the potentials for how lawful access powers will likely be used. None of the potentials that I identify depend on ‘next generation’ technologies or data management/mining procedures: only technologies that exist and are in operation today are used as mini-cases. None of the cases that I outline offer significant insight into the operational working of stakeholders I’ve spoken with that can’t be reproduced from public research and records. I conclude by questioning the actual need for the expanded powers.

What is Lawful Access?

Lawful access legislation enhances policing and intelligence powers. As recognized by Ontario’s Information and Privacy Commissioner, Ann Cavoukian, “it is highly misleading to call it “lawful.” Let’s call it what it is – a system of expanded surveillance.” In general, there are three classes of access powers associated with such legislation: search and seizure provisions, interception of privacy communications powers, and production of subscriber data. On the basis of past lawful access legislation that has been tabled, but not passed, we can expect forthcoming legislation to ‘modernize’ the existing criminal code to accommodate several of these powers.

To begin, the legislation is expected to require telecommunications service providers (such as Internet service providers, web forums, bloggers, etc) to be able to decrypt any communications they are responsible for encrypting. Such encryption services might be used to ensure customer privacy, such as by offering secured communications between parties. While communications may generally be secure they cannot legally be made secure from the government by a service provider offering a turnkey encryption solution. In effect, communications will thus be pseudoencrypted: protected against adversaries with the same level of power as the services’ users, but unprotected against the more powerful agents such as the state.

In addition, telecommunications service providers (TSPs) will need the ability to retain data on subscribers for up to 90 days. TSPs may be served with preservation orders, which would require them to retain data on specific individuals. Preserved data would be transferred to authorities once they have secured a production order from a judge and issued the order to the TSP. The TSP could then delete/destroy the preserved data.

Whereas preservation orders are used to require storage of the content of communications, police can access subscriber information without first receiving a court order. A wide variety of information may be disclosed, including:

• name
• address
• telephone number
• electronic mail address
• Internet protocol address
• mobile identification number
• electronic serial number
• local service provider identifier
• international mobile equipment identity number
• international mobile subscriber identity number
• subscribe identity module card number associated with the subscribers’ service and equipment

This information lets authorities definitely identify individuals and the records held on them by the TSPs used in the communications process. Accompanying the no-warrant-required elements of the bills is a capacity for authorities to install ‘number recorders’ in TSPs’ communications hubs in exigent circumstances. As noted by the National Post’s Kathryn Blaze Carlson:

A number recorder, which records the telephone numbers associated with outgoing and incoming calls, would be installed remotely by a telecommunications provider at their call centre hub. The installation can last up to 60 days, but it could be extended to one year if a warrant is obtained and if the investigation involves organized crime or terrorism.

The legislation also introduces the ability to activate and/or monitor the signals emitted from location-enabled devices that Canadians carry with them or are in regular contact with. Police can do this today but lawful access legislation would permit them to activate disabled locational systems (e.g. your phone’s GPS) including in covert ways. Such actions could be undertaken with court supervision or, potentially, in instances of emergency or exigent circumstances. It should be noted that access to geolocatational information is more expansive than just your physical location at a particular time: the legislation is also intended to let authorities discover the location of ”transactions such as geo‐tagged comments or photos from private sector service providers.” (.pdf source).

It is unlikely that a targeted Canadian will be made aware of lawful access-enabled surveillance unless charges are brought to bear. As noted in the letter that was sent to the Prime Minister’s Office in August 2011 (.pdf), and re-confirmed in Blaze’s piece, there are elements of the legislation that impose ‘gag’ orders on anyone who is ordered to comply with lawful access powers. Specifically,

Clause 6(2) permits the government to impose, in regulations, sweeping and categorical confidentiality obligations on service providers that will apply across all interception warrants. Second, under Clause 71, any telecommunications service provider obligated to comply with a warrantless seizure request will be subject to the secrecy provisions in proposed section 7.4 of PIPEDA. Proposed section 7.4 of PIPEDA prevents organizations from disclosing the fact of their cooperation with state efforts to spy on their customers. The sweeping nature of the secrecy measures envisioned by these provisions is in stark contrast to existing practice, where gag orders must be requested from a judge and justified on a case by case basis. The problem with such measures is that they will prevent individuals from challenging abuses of the powers granted in this Bill.

Lawful Access, In Summary

As I wrote in an op-ed in the Vancouver Sun in October, this legislation can be summarized as requiring:

• Corporate surveillance. Internet service providers, mobile phone providers, and even the websites that Canadians visit could become agents of the state, forced to preserve records of Canadians’ actions at the request of authorities (Source);
• Minimal oversight. Audit powers will be offloaded to privacy commissioners without corresponding material or legislative resources to effectively conduct audits and limit abuse (Source);
• Warrantless disclosures. Internet users’ subscriber information will be disclosed to authorities, regardless of the information’s usefulness or uselessness to an investigation (Source);
• Secrecy orders. Authorities might collect Canadians’ private information without those Canadians ever knowing about the collection or the reasons for collecting it (.pdf Source).

Lawful Access in Practice

A large number of Canadians who look at these proposals may feel some unease but then quickly assert that the legislation is ultimately innocuous. The standard rhetoric is that “If you have nothing to hide then you shouldn’t fear this legislation.” Such a statement obfuscates the realities of both contemporary policing and what studies demonstrate about how people actually versus rhetorically understand privacy. To begin, contemporary policing is deeply invested in identifying deviant behaviour and acting upon it in an ‘actuarial’ manner. David Lyon, a world-leading scholar on the topic and issue of surveillance, presciently wrote the following back in 2003:

As with database marketing, the policing systems are symptomatic of broader trends. In this case the trend is towards attempted prediction and pre-emption of behaviours, and of a shift to what is called “actuarial justice” in which communications of knowledge about probabilities plays a greatly increased role in assessments of risk (Lyon 2003: 15-16).

Thus, mistakenly being situated in a wrong category can have significant implications on one’s life regardless of whether a person has ‘something to hide’ or not. The degree to which one is public is (arguably) secondary to the ‘types’ of people one knowingly and unknowingly associates with, whom their associates are connected to, and the risk profiles that are assigned to those communicative partners and their colleagues. To make this somewhat clearer, consider the following: In college/university/your private life you likely communicate with individuals who have, or presently do, agitate peacefully against certain state behaviours. You may or may not be aware that those individuals agitate. Perhaps you have/do engage in discussions with those people online, either on websites that those opposed to certain state behaviours, or in the comments section of newspaper articles, or other electronic formats. Should the police be interested in tracking the individuals invested in an issue (e.g. legalization of marijuana, legal issues surrounding sex work in Canada, protest against federal decisions concerning Sri Lanken immigrants, etc) then they may request available subscriber records for all who have participated in the online discussion.

Now, let’s again assume that you were not supportive of opposition to an official government position and thus aren’t necessarily of direct interest to authorities. Regardless, your subscriber data and that of everyone else engaged in these discussions might be requested by the police. No warrant is required to provide this information. Let’s assume that you used a unique pseudonym and throwaway email address. The authorities would gain access to your IP address and email address. They would get the same information for every participant of the discussion. With this information they could turn to whomever provided the email account, as well as contact the ISP who provisioned the IP address at the specific time that you posted your message. With information from the email provider they may be able to definitely identify the ISP that you use and, from there, your name, address, and so forth. Thus, you as ‘hungrybunny19′ are identified as ‘John Smith’ who was involved in discussion with individuals who authorities are interested in monitoring for some reason or another. John Smith, you, are subsequently added into a database as associating with persons the authorities find questionable. Mr. Smith will never know that he was added into such a database because the service provide could not legally disclose that the information had been released and, as a result, Mr. Smith’s life prospects may change for legally associating and speaking with those who were similarly engaged in legal speech and association.

Perhaps you insist that this doesn’t describe you: you would never communicate about anything in any electronic environment with any person that would ever be of interest to authorities (and, if you can make and stand by these claims, you’re vetting the people that you speak with using intelligence-service-level thoroughness!). Perhaps you have a cellular phone and you have passed near major events that the police have an interest in monitoring. For example: you may have been involved in peacefully assembling during the G20 in Toronto, been a passive spectator at the Vancouver riots, visited an Occupy camp, or may simply pass by union members who are protesting working conditions in a public space several times a day as you walk around your city conducting legitimate personal business. In all cases, the authorities may have an interest in monitoring individuals associated with such groups. Using a technology known in the United States as ‘Stingray’ or, more precisely, IMSI catcher surveillance equipment, police can impersonate a cellular tower and capture all the IMSI numbers within several kilometers of the catcher (.pdf source). The IMSIs, or International Mobile Subscriber Identity numbers, can be taken to a mobile phone provider and used to compel the subscriber data associated with the caught IMSI numbers. Thus, should one of these catchers be deployed by authorities ‘just in case’ an individual may find their personal information sent along to police on the basis of their physical presence during a legal public event. The capacity to acquire IMSI numbers en masse, combined with legal powers to compel subscriber information, creates the perfect framework for mass fishing expeditions based on where citizens are physically present.

Canadians may be uncomfortable with these propositions but immediately follow up with the position that such concerns are hyperbolic. Unfortunately, a brief reflection on the history of surveillance in Canada and present actions taken by our allies (depressingly) suggests that these concerns are practically banal. During the Vancouver Olympics authorities spent incredulous amounts of money on security, an element of which was allocated towards monitoring legal associations of citizens. As disclosed in memos there were no specific, credible, terror threats against the Vancouver Olympics. Despite these threat assessments, citizens who had specific political and economic concerns were routinely placed under surveillance. In effect, citizens conducting legal actions that might lead to disruptions of the games became targets of a surveillance apparatus designed to prevent the next Munich massacre. Surveillance and intelligence gathering did not solely focus on citizens involved in protesting government actions or others associated with the Olympics, but also their contacts, friends, students, former partners, and academic and professional acquaintances. Efforts were also made to recruit neighbours, friends, and acquaintances to spy on suspected activists, and the RCMP tried to legally shield itself from fulfilling FOI requests under the guise of operational security. Under lawful access legislation, the lines of inquiry could expand beyond police associations of people online – the aforementioned people communicating in Web forums – to using technologies like IMSI catchers to identify who is often nearby citizens-under-suspicion. Having coffee with a work friend who advocates for social justice on the weekends could lead to unsuspecting, and utterly uninvolved, citizens being stuck in the same net as their law-abiding colleagues who are caught in the web of actuarial justice.

Further, Canadian authorities have a history of monitoring those who are often the least-advantaged in our society. Consider that Military Intelligence places native communities under intense surveillance. As reported in the Globe and Mail, eight reports were generated in just 18 months. Surveillance was conducted to record Natives’ concerns surrounding new tax policies, potential to blockade Highway 401, and possible future protests, lobbying activities, and lawful associations. The group responsible for this surveillance was a counter-intelligence body charged with “identifying, investigating and countering threats to the security of the Canadian Forces and the Department of National Defence from foreign intelligence services, or from individuals/groups engaged of espionage, sabotage, subversion, terrorism, extremism or criminal activities.” At no point in the reports is it evident that native groups fell under the latter set of descriptors. With the introduction of lawful access legislation other authorities could have become involved in the surveillance and compelled telecommunications providers to disclose the contents of communications. Further, using previously mentioned tactics embedded in the legislation, subscriber information and who was communicating with who could have been determined without warrant or court oversight.

In short, it is entirely plausible that lawful access could be utilized to expand existing surveillance practices conducted by Canadian authorities. There are serious oversight concerns. Specifically, the Office of the Privacy Commissioner of Canada would be hamstrung in auditing the surveillance conducted and its motivations, and the legislation fails to extend the powers of that Office to accommodate the expansion of police powers. Further, where local or provincial police conduct surveillance, audit responsibilities would fall to provincial commissioners and they similarly lack the resources to mount full-scale audits of authorities’ proposed expansive surveillance practices. This position is forcefully stated the Information and Privacy Commissioner of Ontario, Dr. Ann Cavoukian. She poignantly writes that,

Canadians must press the federal government to publicly commit to enacting much-needed oversight legislation in tandem with any expansive surveillance measures. Intrusive proposals require, at the very least, matching legislative safeguards. The courts, affected individuals, future Parliaments and the public must be well informed about the scope, effectiveness and damaging negative effects of such intrusive powers.

The Need for Lawful Access

Over the past months I’ve had the opportunity to speak with counsellors, engineers, privacy officers, and policy staff for telecommunications service providers. This has ranged the gamut from ISPs to an ex-VoIP provider employee to webmasters responsible for large online environments to policy wonks for massive Internet-based corporations. The various parties I’ve spoken with have held varying opinions on the previously proposed lawful access legislation; everything from cost issues, to rights problems, to implementation woes, to issues of being identified as a ‘problem’ in the policing process.

All, however, have told me in almost every case that data is requested on exigent circumstances grounds it is, in fact, disclosed.

What, specifically, is the need driving the legislation then? Authorities have routinely insisted that lawful access powers would only be used when investigating the most serious of crimes (e.g. see this audio interview with the CBC’s ‘Spark’) but in other jurisdictions we regularly have seen expanded surveillance used to investigate less serious offences. For extensive documentation of such ‘expanded uses’, see Priest’s and Arkin’s Top Secret America: The Rise of the New American Surveillance State, allegations that the FBI conducted dragnet surveillance to trace bank robbers, claims that routine conversations lead individuals to be labeled as potential terrorists in government databases, inappropriate monitoring of hundreds of people each year, yearly monitoring of over 500,000 people’s communications records, or the usage of terror-based surveillance provisions to ensure children are registered in correct school districts. I cannot state emphatically enough: this is a very small sampling of how widely used lawful-access style legislation is used by our closest of close economic, political, and military allies. There is no reason that Canadian authorities won’t demonstrate the same types of behaviour.

British Columbia’s Information and Privacy Commissioner, Elizabeth Denham, has asserted that authorities have not demonstrated evidence that investigations have been thwarted under existing access powers. Authorities have failed to provide empirical data that reveal a clear and present need for enhanced powers contained in past, or forthcoming, lawful access legislation. Authorities have noted concerns with warranting processes and if these concerns are legitimate (insofar as they can be documented using empirical datasets) then perhaps Parliament should consider modifying the warranting process or increase resources so that warrants can be processed more rapidly. If, however, authorities are simply looking abroad and finding their power lacking in comparison – and cannot clearly outline why they need their compatriots’ powers to protect us from truly serious crimes – then they should not be granted expanded powers. Police and other authorities should not be permitted to infringe upon Canadians’ rights and further erode expectations of communicative privacy, associative privacy, or basic dignities on the basis of cross-jurisdictional envy.

Other posts you might be interested in:

1. Publication: (Un)Lawful Access, Its Potentials, and its Lack of Necessity
2. The Anatomy of Lawful Access Phone Records
3. (Un)Lawful Access: Vancouver Premiere & Panel Discussion

Photo by Mark Surman

Digital literacy is a topic that is regularly raised at Internet-related events across Canada. As Garth Graham has noted, “some people will remain marginalized even when everyone is online. It’s not enough to give those who are excluded basic access to the technologies. It requires different social skills as much as different technical skills to come in from the cold of digital exclusion” (29). Perhaps in light of Canadians’ relative digital illiteracy, key Canadian policy bodies and organizations have seemingly abandoned their obligations to protect Canadian interests in the face of national and foreign belligerence. Bodies such as Industry Canada, the Canadian Radio-television Telecommunications Commission (CRTC), and the Canadian Internet Registry Authority (CIRA) are all refusing to take strong leadership roles on key digital issues that affect Canadians today.

In this post I want to first perform a quick inventory of a few ‘key issues’ that ought to be weighing upon Canadian policy bodies with authority over the Internet. I then transition to focus on what CIRA could do to take up and address some of them. I focus on this organization in particular because they are in the process of electing new members to their board; putting votes behind the right candidates might force CIRA to assume leadership over key policy issues and alleviate harms experienced by Canadians. I’ll conclude by suggesting one candidate who clearly understands these issues and has plans to resolve them, as well as how you can generally get involved in the CIRA elections.

Cornucopia of Concerns

Internet standards operate as highly visible examples of how technology has been shaped to interoperate in a transparent fashion. Common Internet protocols let networks connect with one another while simultaneously establishing common points of failure. A danger is that if these protocols are exploited then the Internet can be significantly damaged. In effect, where a central trusted node on the Internet is subject to onerous pressures the Internet – and by extension, entire regions that are serviced by these central nodes – is affected. The concerns I raise focus on three types of trust-holders: Internet service providers, DNS root authorities, and certificate authorities.

Internet service providers

Internet service providers, such as Rogers, Videotron, and Bell, receive a considerable amount of criticism from the public, advocacy organizations, industry, government, and the academy. In recent years, criticism has focused on ISPs’ imposition of usage based billing systems, integration and use of deep packet inspection devices, and redirection of traffic to their own web portals. Billing issues arose most recently with large ISPs, such as Bell Canada, demanding changes to how wholesale ISPs were charged for bandwidth volume. Such demands were exacerbated by proposals to charge consumers vastly more for bandwidth usage and what seemed to be anti-competitive efforts to squeeze companies who were competing for complementary products (e.g. cable TV, telephone or voice services) out of the market. The campaign against CRTC-approved changes to how wholesale ISPs were billed for bandwidth initiated a firestorm right at the moment of the last federal election. This arguably opened the policy window for the Canadian government to reject the CRTC’s findings and force the Commission to re-examine the issue.

While public advocates were successful in pushing against changes to the billing regimes, they were less successful in pushing against ISPs’ use of deep packet inspection technologies. ISPs won the right to manage their networks in a non-discriminatory manner and consumers were left on the hook to determine whether discrimination was occurring. This requires citizens, who lack clear insight into the network, to  do their own testing. As I’ve written previously,

The unjustified discrimination of data traffic may not be evident to all consumers, especially when they lack the skills associated with digital literacy to even register the occurrence of bandwidth or application discrimination. Without solid training, many people resort to subjective ‘smell tests’. This approach to identifying whether discrimination is occurring does not contribute to evidence-based, empirically sound, complaints systems or policy responses.

This is a particularly significant issue given that almost all of Canada’s dominant ISPs have violated the rules that the CRTC established concerning the use of deep packet inspection. A small handful of people – academics, advocates, and journalists – bring the public’s attention to the technology’s misuse, often showcasing the excellent work by citizens who are fed up with trying to resolve their own complaints or organized grassroots efforts to hold ISPs accountable.

The final point, that of redirecting traffic to ISPs’ web portals, is a common practice in Canada that is incredibly aggravating. Quite often, when someone in Canada mistypes a URL or a subpage in the domain that does not exist, they are redirected to a portal controlled by their ISP. This practice is formally known as ‘DNS hijacking‘ and involves your ISP intentionally interfering with web queries. These hijacks violate the Internet standards that are supposed to guide how networks interconnect and what constitute ‘legitimate’ modes of directing web traffic. In other areas of the world this is used for censorship purposes. In Canada its used to interfere with Canadians’ web traffic so that ISPs can try to generate some advertising dollars while offering their own degraded search capabilities.

DNS root authorities

Distributed Name Servers (DNS) make the Internet significantly easier for humans to navigate, but in the process of creating ease the DNS system generates choke points where control over communication and speech can be exerted. Paul Mockapetris developed DNS in 1983 to let names be translated to IP addresses and vice versa (for more, see RFCs 1034 and 1035). As a result, when you type a website’s IP address (e.g. 157.150.195.10) or its host name (e.g. UN.org) you are directed to the same location on the Internet – the United Nations’ homepage. The DNS system is, effectively, a massive database that lets individuals type human readable names into their web browsers and be directed to websites and services. A hierarchical network of nameservers facilitates this system.

At the top of the DNS hierarchy are root nameservers, which are authoritative for top-level domains (e.g. .com, .net, .org, .ca, .co.uk, etc). For a top-level domain to exist it must first be registered by one of the root nameservers. Below the root are authoritative DNS nameservers which are responsible for domains associated with distinct top level domains. For example the .com authoritative DNS nameservers translate the IP addresses and host names of all .com addresses, the .ca DNS nameservers translate IP addresses and host names of all .ca addresses, and so forth. Below these two levels are domain resolvers. Resolvers have a cache that can quickly translate human readable host names (e.g. UN.org) to machine-friendly IP addresses (e.g. 157.150.195.10). Because they are physically located near the device making the request they are faster to respond than authoritative nameservers, which are often geographically distant and experience longer queues to return name/IP address translations. Where the resolver closest the end-user (often run by the user’s ISP or business) hasn’t already cached the host name and IP address it immediately contacts other nameservers to get that information and subsequently directs the user to the site/data they are requesting. (For a quick audio-visual walkthrough of how the DNS system works, see this short (2:08 minute) video.)

There are a host of potential problems with the current DNS system:

• It is susceptible to DNS cache poisoning, where an attacker tricks a local resolver into mistranslating. This occurs when an attacker sends a translation request to a local resolver and then floods the resolver with faked resolution responses. If successful, this will cause the resolver to incorrectly direct all web traffic trying to access that host name to a non-legitimate IP address; while you might type ‘UN.org’ into your web browser you could be sent to a site hosting malware, a site that appears like the UN’s but disseminating false information, or so forth rather than arriving at 157.150.195.10. (For a video presentation of how DNS cache poisoning occurs, see the YouTube video “DNS Cache Poisoning Attack“.)
• It operates as a single point of exploitable failure. A case in point: in 2005 a novel poisoning attack was developed by Dan Kaminsky that threatened “to take down vast swaths of the Internet”.
• It didn’t have security designed into it when first developed and deployed because DNS is a trusting system. Domain Name System Security Extensions (DNSSEC) are meant to guarantee that “DNS resolvers receive correct IP addresses for their queries” by providing source authentication (resolvers can guarantee that the IP address information correlated with a host name came from a DNS authoritative nameserver) and integrity verification (resolvers can be assured that the information received from the nameserver hasn’t been tampered with in transit to the local resolver) (Landau 2010: 60). DNSSEC, in effect, alleviates some of the dangers posed by cache poisoning by reasserting the importance of a trusted hierarchy though it still relies on trusting security certificate providers (more on why that’s a problem in a minute).
• It operates as a hierarchy, creating crises between “centralized, hierarchical powers and distributed, horizontal networks” (Galloway 2004: 204). Case in point: assuming DNSSEC were deployed, if the authoritative DNS nameservers were modified so that UN.org didn’t resolve to 157.150.195.10 then all local resolvers would trust the modification. Thus, a government could act on an authoritative nameserver, forcing its owner to modify where packets were routed to, and the change would have global consequences. Importantly, such subterfuge would pass DNSSEC’s source authentication and integrity validation.

Moreover, as a central point of control foreign governments can exert pressure on root nameservers to forcibly redirect the traffic to some websites. The United States’s Immigrations and Customs Enforcement (ICE) has been seizing domain names and redirecting them on the basis of their violating American law since 2010. Such seizures have taken place regardless of whether the sites were legal in their country of operation. Such measures follow from President Bush’s “Enforcement of Intellectual Property Rights Act,” which asserts a need to combat copyright infringement on and off American soil. High-level political guarantees to ‘protect’ intellectual property have been made by the Obama administration as well, with Vice-President Biden asserting that the administration would aggressively use tactics to close websites that offered content illegally per American law.

The effect of ICE’s campaign has been that domains names are being redirected to servers owned by the United States government, even if the servers are located outside of the US. In effect, a foreign government is leveraging its influence and power over Verisign – which controls the authoritative domain rootserver for the .com, .org, and other top-level domains – to forcibly infringe upon website owners’ free speech rights on copyright grounds. Domain names themselves constitute speech acts (see: Chelsea and Westminster Hospital NHS Foundation Trust v. Frank Redmond, The Crown in the Right of the State of Tasmania trading as “Tourism Tasmania” v. Gordon James Craven, and Wal-Mart Stores, Inc. v. wallmartcanadasucks.com and Kenneth J. Harvey) and the seizure of these names without court proceedings has the effect of censoring particular speech (in the domain name) as well as muffling the speech contained at the website which the domain name points towards.

Importantly, because ICE is targeting authoritative name servers no person in the world can resolve the domain names after the seizure takes place. This limits the ability of commercial entities to conduct business both within the US but abroad as well, amounting to ICE-created and –enforced, site-specific, embargos. Further, the U.S. government’s actions threaten innovation by heightening the risks innovators assume by relying on a web presence to monetize/popularize their works. Finally, ICE’s actions supersede the decisions of foreign courts; where a supposedly ‘copyright infringing’ website is found legal outside of the US, ICE imposes American definitions of copyright upon all global Internet users. ICE is globalizing American copyright laws.

Certificate Authorities

Certificate authorities are critical to the Internet’s current security infrastructure. They provide certificates to companies and websites who meet identity and financial requirements. When you visit an https website a series of transactions take place to ensure that the communications channel is encrypted. Encryption prevents third-parties from listening in on the content of the communications. Specifically, when you visit a SSL-secured website the following occurs:

1. The web server transmits its public key with its certificate;
2. The web browser determines whether the certificate was issued by a trusted party – typically a certificate authority – and that the certificate remains valid and is related to the website in question;
3. The browser uses the public key to encrypt a symmetrical encryption key and sends it to the server with the encrypted URL as required, in addition to other encrypted http data;
4. The web server decrypts the key using its private key and uses the key to decrypt the URL and http data;
5. The server sends back the requested html document and data after encrypting it with the symmetric key;
6. The browser decrypts the document and data using its symmetric key.

To initiate the secure transmission process you need a trustworthy certificate authority. This effectively means that the authority must be ethical enough not to violate the trust put in it, be financially resolute enough to refuse bribes, and be willing to publicly fight against attempts by government to compel violations of trust. As written about by Soghoian and Stamm, governments can theoretically compel certificate authorities to issue fraudulent certificates, thus enabling state-actors to conduct ‘man-in-the-middle’ attacks, or those where a third-party injects themselves between the web server and web browser. As noted by Stevens et al.,

Any website secured using TLS can be impersonated using a rogue certificate issued by a rogue CA. This is irrespective of which CA issued the website’s true certificate and of any property of that certificate….Combined with redirection attacks where http requests are redirected to rogue web servers, this leads to virtually undetectable phishing attacks (pp. 36; .pdf source).

In essence this means that if a government forces a major trusted certificate authority to issue a valid (i.e. working) fraudulent (i.e. not issued to the website owner) certificate it can potentially intercept, decrypt, and analyze communications without either the web browser or web server knowing. This fear was made real a few months back and again last month, when certificates were issued for major communications companies such as Microsoft, Google, Mozilla, and Skype.

What can CIRA do?

To be clear from the outset: CIRA cannot resolve all of these issues, but they can assume a leadership role in addressing many of them. CIRA possesses a robust policy development framework (.pdf source) and in their recent survey found that Canadians were incredibly interested in – and concerned about – the safety, security, resilience of the Internet, as well as privacy issues. CIRA has publicly argued the DNSSEC, a security extension to DNS that prevents domain poisoning and domain hijacking, should be adopted by the federal government. At present, however, DNSSEC cannot be implemented where Canadian carriers are involved in domain hijacking. CIRA notes that such interferences strongly interfere with “the norms upon which the Internet was built” and that the “consensus from the international Internet community is that DNS redirection should be prohibited, with the exception of rare instances for purposes of law enforcement.” CIRA feels strongly enough about this issue to suggest that imposing legal liabilities on Canadian ISPs that persist in this practice may be appropriate.  (pp. 14-5; .pdf source).

CIRA’s record on copyright is somewhat more nebulous and could interfere with their strong demands to prevent DNS redirections. In their 2010 Digital Economy filing, the organization notes that updated copyright laws are important to “protect Canadians from illegal activity on-line just as they are protected from illegal activity off-line” (pp. 12; .pdf source). This is a worrying statement, insofar as it is unclear what direct harm Canadians have experienced as a result of the present copyright legislation. Indeed, when compounded with CIRA’s grudging acceptance of DNS redirections for law enforcement purposes it may be that the organization is supportive of American efforts to impose US copyright law throughout the world to ‘protect’ American (and, presumably, some Canadian) rights holders at the expense of judicial decisions in nations where websites are operated.

CIRA could, and should, clarify its position and clarify when a redirect is appropriate for law enforcement purposes. As they are likely aware, redirects are not a significant impediment on serious online crimes such as child pornography (.pdf source), and so it is important for the organization’s directors to explain to CIRA members and Canadians more generally how a redirect – as opposed to taking down servers hosting truly illegal, as opposed to infringing, content – resolves serious legal issues instead of making them more convenient to ignore. Filtering access to particular websites also often runs the risk of being used increasingly expansively. As noted by Villeneuve, filtering is seen as an inexpensive technical solution to the challenges posed by the ease of access to information on the Internet. Regardless of the initial reason for implementing Internet filtering there is increasing pressure to expand its use once filtering is in place. Any avocation for filtering or DNS redirections thus must be made with an awareness of its (in)effectiveness in stopping crimes and likely misuses over time.

It is especially important to work against the unilateral imposition of foreign copyright law on the workings of the Internet, and to ensure that dot-ca and Canadian-held dot-com, dot-org, and other top-level domains are not subjected to inappropriate censorship. CIRA is in the unique position to strongly and loudly argue against unilateral censorship at the root level; should nation-states compel their ISPs to block particular records that is one matter, but to forcibly modify the root is another. While CIRA has been notified of these issues and concerns they have yet to publicly address these issues (.pdf source). Their inaction is something that must change.

Finally, CIRA can and should establish itself as a certificate authority. In various public documents the organization has noted the need to establish a safe and secure Internet. Acting as a trust-agent for Canadians is certainly one way to accomplish this goal. CIRA already has a reasonably robust verification system for its members to ensure that only Canadians who hold a dot-ca domain can claim membership. It could leverage existing policies to become a trusted certificate authority and, ideally, welcome the chance to trial next-generation trust systems (such as www.convergence.io) as part of its mission.

A Technically Savvy, Politically Engaged, Candidate

Only one of the candidates who are seeking election to the CIRA board of directors this year has both the background and interest to push these particular issues to the forefront of CIRA’s agenda. Kevin McArthur is a developer, security researcher, and technical author who has been deeply invested in the network neutrality debate in Canada and at the forefront of examining recent violations of the certificate authority system. His aim is to get CIRA more involved in the issues and debates concerning the Canadian Internet while expanding the scope and role of the organization’s existing Internet Forums. As someone who has actually spent time working with technologies such as Voice over IP that are so vulnerable to network neutrality abuses and is responsible for websites that would suffer badly were they censored using a DNS hijack/redirect. His full portfolio is available at his CIRA election website and his publicly disclosed research efforts at his personal website.

CIRA and You

If you are a dot-ca domain name owner then you can take part in the upcoming CIRA elections. The final members slate has been established and has a series of variously interesting candidates. To take part in the election you must formally become a member; this involves more than just registering your domain. Specifically you must do the following:

1. Membership is free for all dot-ca owners. Sign up for membership. It can take up to a week or so for a membership to be awarded so register as soon as possible.
2. If you are already a member, verify that you can access your member account prior to the election itself. Your login can be tested at http://www.member.cira.ca.
3. Vote between September 21, 2011 – September 28, 2011. Visit https://elections.cira.ca during this time period to vote for your candidate.

The next handful of years promise to be incredibly important for the progression – or regression – of the Internet in Canada. Electing people to CIRA who are committed to advancing its mandate and ensuring the most secure, efficient, and trustworthy Internet ecosystem whilst understanding the full ramifications of their actions is essential. Take the time, sign up to become a member, and vote for the candidate you think will live up to these key principles.

Book Sources

A. R. Galloway. (2004). Protocol: How Control Exists After Decentralization. Cambridge, Mass.: The MIT Press.

G. Graham. (2011). “Towards a National Strategy for Digital Inclusion: Addressing Social and Economic Disadvantage in an Internet Economy” in M. Moll and L. R. Shade (eds.). The Internet Tree: The State of Telecom Policy in Canada 3.0. Ottawa: The Canadian Center for Policy Alternatives.

S. Landau. (2010). Surveillance or Security: The Risks Posed by New Wiretapping Technologies. Cambridge, Mass.: The MIT Press.

Other posts you might be interested in:

1. Draft: What’s Driving Deep Packet Inspection in Canada?
2. Review: Internet Architecture and Innovation
3. Background to North American Politics of Deep Packet Inspection

Photo by Steve Rhodes

Elections Canada recently stated that sometime after 2013 it intends to trial online voting, a system that lets citizens vote over the Internet. Fortunately, they are just committing to a trial but if the trial is conducted improperly then Elections Canada, politicians, and the Canadian public may mistakenly come to think that online voting is secure. Worse, they might see it as a valid ‘complement’ to traditional voting processes. If Canadians en masse vote using the Internet, with all of its existing and persistent infrastructural and security deficiencies, then the election is simply begging to be stolen.

While quick comparisons between the United States’ electronic voting system and the to-be-trialed Canadian online voting system would be easy to make, I want to focus exclusively on the Canadian proposition. As a result, I discuss just a small handful of the challenges in deploying critical systems into known hostile deployment environments and, more specifically, the difficulties in securing the vote in such an environment. I won’t be writing about any particular code that could be used to disrupt an election but instead about some attacks that could be used, and attackers motivated to use them, to modify or simply disrupt the Canadian electoral process. I’ll conclude by arguing that Elections Canada should set notions of online voting aside; paper voting requires a small time investment that is well worth its cost in electoral security.

Why Online Voting?

In the 2011 federal election, Elections Canada issued a social media ban that prohibited Canadians from using public social media tools to report on election results before the last polling station had closed. This was meant to sustain Section 329 of the Elections Act by applying a law meant for analogue communications to popular public digital communications channels. This section, titled ‘Premature Transmission‘, states that

 No person shall transmit the result or purported result of the vote in an electoral district to the public in another electoral district before the close of all of the polling stations in that other electoral district.

In the aftermath of the election, Elections Canada prepared a report about the election and presented it to the Speaker. Such reports are produced after every election. Section 329 is specifically raised as a ‘key issue’ in the recently submitted report. While “Elections Canada has no information to suggest that there was widespread disregard for the rule” prohibiting premature transmissions of electoral results, it does acknowledge that “the growing use of social media puts in question not only the practical enforceability of the rule, but also its very intelligibility and usefulness in a world where the distinction between private communication and public transmission is quickly eroding. The time has come for Parliament to consider revoking the current rule” (49). Digital communications are demanding re-articulations and/or repeals of laws governing electoral policy.

The report also spells out a need to accommodate Canadians’ changing expectations of convenience as related to voting. Specifically, Canadians are increasingly online – demonstrated in part through their adoption of social media communications platforms – and consequently Elections Canada is interested in whether Internet voting could be “a complementary and convenient way to cast a ballot. The Chief Electoral Officer is committed to seeking approval for a test of Internet voting in a by-election held after 2013″ (10). Proposals to shift towards online voting raises considerable concerns, but to realize them we need to briefly talk about ‘hostile deployment environments.’

Hostile Deployment Environments

Smart engineers and developers are quite often poor security engineers and security developers, on the basis that the two categories of developers and engineers have radically different intentions, expectations, and aims. For the former, technical systems are meant to function even when experiencing a non-normal condition; people should still be able to read a file despite an error and systems should not fail and aggravate users. In essence, engineers and developers aim to provide systems that work and that continue to work in the face of (effectively) random errors or problems. These errors are unintentional, random, non-malicious, and ‘mere’ artifacts of working in the world.

Security engineers and developers tend to be different beasts. As noted by Bruce Schneier, they do “not care about how a system works” but “about how it doesn’t work.” They are interested in “how it reacts when it fails” and “how it can be made to fail” (2006: 51). In effect, a security engineer is worried about fail-states that are intentionally created, where what would be random environmental events are intentionally recreated, potentially over and over, to exploit the system’s reactions in a failure situation.

We can abstract away from computers to think about this analogously: When building a bridge, engineers are concerned with maximum fault tolerances related to load, shifts in the foundation, and environmental damage related to wind, weather, earthquakes, and other disasters. They plan accordingly, overbuilding elements of the structure to withstand statistically likely (and often unlikely) fault conditions. A security engineer, however, will wonder: what happens when I intentionally meet or exceed a designed fault condition? What happens when I damage a support that the engineers know (by the statistics and threat model they’ve adopted) “can’t” be weakened significantly? Does the bridge collapse, or become more vulnerable to other statistically expected environmental conditions? The model that the security engineer carries, in essence, is a critical interrogation of design intended to exploit non-perceived or minimized risk scenarios that a well-trained engineer or developer would never consider as prospective threats.

While most bridge builders assume they are building for a non-hostile environment – an environment where neither its occupants or ambient behaviours indicate ‘attacks’ in excess of regular statistical profiles – bridge builders in war zones have considerably different design condition. These latter builders know that bridges must be able to carry weight, fail ‘gracefully’ if damaged by artillery, bombs, or tank treads, and that bridges often adopt very different strategic values than in peace-time. Further, the builder may consider differing ‘fail’ conditions: perhaps a bridge should ‘fail’ such that while vehicles could no longer traverse it, it would break apart in a way allowing for foot passage. Perhaps the aim is that when a friendly military blows up a support column, the bridge breaks in a manner that is hard to clear away and thus limits invaders from crossing narrow parts of rivers or channels. In essence, the movement to a hostile (or non-hostile) working environment radically changes the characteristics of development and engineering. Designing online voting is like designing for a war situation: engineers must assume they are developing for a hostile space, within which it is very hard to get things to ‘fail’ properly when millions of devices have to be coordinated across non-secured systems situated around the country and that are maintained by a plethora of differentially skilled actors.

The Internet is Hostile

The Internet is not, and has not, been a safe place for a very long time. Its progenitor, ARPANET, was largely ‘secure’ because there were few individuals using computers and most were at least moderately trained. There are more and more products, books, and ‘gurus’ who sell, advise, and guide members of society about the value of the Internet, a value proposition that does not require any actual knowledge of the Internet itself. As as a result (and not necessarily a bad one!), today’s Internet is filled with a massive user base who use a plethora of devices and who often lack even basic computer awareness or training.

As a result, ‘securing’ the Internet is a Herculean task. It absolutely cannot be regarded as a ‘secure’ development environment, especially when dealing with matters that are highly sensitive to political, technical, and social fault conditions. Such conditions may be worse that a fail condition, on the basis that faults generate fear and concern without a clear indication that something has gone wrong. In the case of an election, a perceived exploitable fault condition threatens to undermine political legitimacy and politically-generated solidarity on grounds that electoral results might be questionable. Thinking back our bridge example, a ‘fail’ might be a bridge collapsing. A ‘fault’ might include cracks spanning the support columns that cause motorists to avoid using the bridge out of fear, even though the cracks do not endanger the bridge’s stability. If ‘faults’ cannot be corrected, then there may be general fear about the validity of an election even if the election is not manipulated. If a ‘fail’ condition occurs but is not detected, then there may be a perception of electoral legitimacy without the election actually being legitimate.

Abstractly, at least four things are required to establish the Internet a secure development environment for online voting:

1. Policy: a clear statement of what is meant to be achieved;
2. Mechanism: the ciphers, access controls, hardware tamper-resistance and other machinery that you assemble in order to implement the policy;
3. Assurance: the amount of reliance you can place on each particular mechanism;
4. Incentive: the motive that the people guarding and maintaining the system have to do their job properly, and also the motive that the attackers have to try to defeat the policy. (Anderson 2007: 4-6).

From a policy perspective, we can state that the aim of online voting is to increase voter turnout and, by extension, the legitimacy of the vote and inclusion of Canadians into the political process. As a result, mechanisms must be developed to guarantee this aim. Further, audit systems must be established to verify mechanisms and their correspondence with policy aims. Finally, incentive systems must be developed that guarantee the legitimacy of the mechanisms and audit features. To put some of this in perspective, consider the vastness of the system that must be brought into the secure development environment for online voting:

• every user’s computer and every computer attached to the common local routers. Not only the computer that you’re voting on in your home needs to be secure, but so do all the devices connected to you router (e.g. all other computers, all iDevices and wifi-connected mobile phones, appliances connected to the wifi router in your home, etc.). This means the hardware must be secure, that the operating system must be secure, and that all programs on the devices must be free of exploits.
• all levels of the telco/cableco system. This means both physical and electronic security must be guaranteed.
• citizens themselves must be entrusted to follow all the electoral roles; they cannot influence, threaten, or otherwise modify the course of their own or others’ electoral process.
• audit mechanisms must be built into the system, such that peripherals (e.g. printers, email systems) used to deliver audit documents cannot be compromised.
• bad actors cannot be introduced that could take advantage of privileged access to modify/disrupt data streams.

I have to stress that these are only a handful of the systems that must be drawn within the development environment. Elections Canada, to enable secure and reliable online voting, would have to guarantee that all technical systems associated with the process were secure from:

• zero-day attacks;
• malicious code intrusions (e.g. malware) that could take control of and modify electoral choices in real-time;
• distributed denial of service attacks that cut off certain areas of the network, potentially to prevent some of the electorate from voting online while enabling others to vote online (perhaps based on what computers were already under the control of attackers);
• audit mechanisms would need to ensure: the reliability of the person voting (are they who they say they are? were they coerced to vote in a particular way at their screen?), the reliability of input devices, the reliability of the transit mechanisms, the reliability of the encryption systems, the reliability of each device that took part in the online voting transaction, the accuracy of the audit system itself, the security of each DNS hub, and the appropriateness of ‘fail’ conditions built into each stage of the online voting system;
• impropriety by those who actually ran the electoral process itself.

If the government of Canada can figure out a way to actually harden communications in this manner, then our debt and cyber-security problems will be solved as well: we can sell our expertise abroad and the entire Internet would be safe from most of the ‘evil’ that makes the Internet an unsafe place. I have severe doubts that the Canadian government’s commitment to cyber-security, in the amount of $90 million over five years in addition to an ongoing commitment to $18 million dollars per year, is likely to even consider all these problems, let alone resolve them. Security is a multi-billion dollar business and the Canadian government is acting like a high-paying venture capitalist instead of a serious, committed, long-term player.

Risk and Online Elections

For many transactions we expect and accept certain levels of fraud. That the credit system itself is highly vulnerable is of considerable worry, but uncertainly around the legitimacy of credit-backed transactions is a market problem with implications for the capacity of state action. In the case of elections, however, increasing vulnerability can impact markets, environmental and foreign policy, trade negotiations, and ongoing political processes. In essence, while the market is essential to the business of the state, and significantly regulates the state, it lacks the sovereign powers of the state itself. Regardless of whether the state has seen itself ‘hollowed out’ over past decades, neither IBM nor Google have fleets of strategic bombers, the capacity to issue formal declarations of war, seize corporate property, or the other ‘strong’ expressions of sovereignty that states retain even today.

Humans assessments of risk are challenged in the contemporary world, insofar as some risks are highly elevated and given undue degrees of attention when they rapidly and prominently appear and other risks are pervasive, non-exceptional, and highly deadly. Examples of the former include the twin-tower attacks, the rare murder in Canadian cities, lightning strikes, or specialized harms towards particular individuals. Humans are biologically ill-equipped to deal with pervasive and/or non-obvious risks; when the red berries kill you over a ten-year period instead of within a day or two, we just don’t recognize the ‘badness’ of the ten-year-old poison berry. In a world with more and more ‘invisible’ harms – online fraud, environmental woes, pervasive harms from automotive vehicles, and so on – humans simply aren’t well-suited to gauge risk in an effective manner.

If regular citizens are bad at risk assessment, politicians and bureaucrats are worse. Remember that a primary aim of a politician is to be (re)elected. As a result, they are predominantly interested in what garners favour with a large number of constituents, with issues that can be translated into electoral votes often being selected for emphasis and personal attention. Consequently, being ‘strong against crime’ is seen by many as a positive stance to assume, with novel crimes such as digital intrusions, hacking, and virus writing increasingly common political targets. We are warned that cyber-wars, cyber-terrorism, and cyber-everything-else-bad-in-the-world are coming, and that to assuage them more money, more authority, and more power must be allocated to the government. Such efforts are often supported by bureaucratic staff, both on the basis of political pressure and because it can expand the importance, value, and budgets of their respective departments. Despite such allocations of power and wealth, digitally-mediated intrusions still occur at the highest levels of government: for all it’s ‘tough on crime’ talk there seems to be limited impact on reducing intrusions. Despite the regularity of attacks and the political rhetoric surrounding the ‘danger’ of online transactions for commercial enterprises, online voting – a key element of the Canadian democratic process – is being considered.

So, while the risks associated with carrying out online transactions are real and government sponsored prevention capabilities limited, some areas of the country have already chosen to adopt online voting. It will be tested in upcoming civil elections in Vancouver, with the chief election officer noting that “the model is “not without risk”. Potential risks include the possibility of personal identification numbers being stolen or mailed to the wrong person, and hacks or viruses impacting election results.” While the BC government has not approved online voting for the 2011 civic elections, the ministry of community, sport and cultural development is committed to making online voting a reality for the 2014 elections. Similar comments abound, with over-trusting/ignorant journalists beating the drum that online election systems should be as commonplace as online banking. Perhaps most concerning are statements like those of Prof. Dave Reynolds in his article at the Independent:

Even when I consider the threat of real, experienced, black hat hackers attempting to interfere with elections, I cannot help but think that if Canada can’t provide the security to protect an online voting system, then we have got some serious problems here. The government already offers online submission that is secure enough when you file your taxes, claim your EI, or apply for student loans, so it’s more than a bit ludicrous that haven’t already provided an online form that list less than half a dozen candidates and asks you to CHOOSE ONE.

Canada cannot secure its most important financial information from what may be its most significant state-level competitors. As noted before, financial information is absolutely essential to the continuance of a nation and has serious impacts on subsequent policy and political decisions, but lacks the equivalent significance of voting. Voting is not only used to put particular candidates in parliament but to encourage a sense of the government’s legitimacy. Even if the party you voted for doesn’t become a majority, (the idea is) by taking part in the electoral process and having your vote counted you exercise a key legitimizing element of your Charter rights. This links Canadians together, perhaps with their government, but certainly with one another as they mutually share a common patriotic principle: voting matters and it is an action that unites us regardless of political parties through shared Charter rights.[1] Banking lacks this functionality, as does tax filing, student loan applications, and so forth: voting is significantly more important for democratic legitimacy, even as it is potentially less important for how Canadians go about their daily lives.

It’s important to note that the inability to secure the Internet as a site for the government to conduct its most sensitive business is not a fault of the Canadian government any more than a fault of the individuals using the networks or the network providers offering network functionality. The Internet is, quite simply, a treacherous place to work and has been for a long, long time. We do not live in the world of superheroes – while we might impose or work through our uncertainties and fears through the worlds those heroes exist within, we should not fool ourselves into thinking that a Mr. Fantastic, Tony Stark or Hank Pym will ‘fix’ the Internet anytime soon. Quite simply, the underlying infrastructural qualities of the Internet that make it the wondrous playground that it is today also makes the Internet an incredibly unsafe environment to try to coordinate and secure millions of people’s unsecured systems, unsecured networks, and ill-educated citizens to carry out any action, including online voting. None of these characteristics are likely to change anytime soon.

Some Potential Attackers

What Elections Canada, politicians, and the electorate should all realize is this: state actors like the United States, Britain, China, France, Brazil, Israel, and every other nation with an Internet connection will have some interest in manipulating a Canadian election if chances of being caught are slim or delayed enough to not matter. State-level actors can throw millions or billions into a dedicated attack and have demonstrated a willingness to intentionally subvert sovereign policies where such actions are in their interests. Canada’s intelligence services have already indicated there are sympathies between Canadian politicians and foreign governments; there isn’t a need for a state actor to vote a nobody onto the ballot where they could merely get existing, sympathetic, politicians elected. Political change needn’t change overnight when a state measures its lifetime and processes in decades and centuries.

Corporations would also have strong motivations to interfere with an election. The ability to promote candidates who were appropriately ‘sensitive’ to corporate machinations could provide incredible competitive boosts and strategic advantages. Canada remains one of the wealthiest nations in the world and many of our industries are still relatively protected by foreign investment laws. Both local companies and international conglomerates would have strong interests in seeing politicians who were either protectionist or foreign-friendly as elected representatives.

Individuals may also be interested in interfering with electoral processes. Everything from petty grievances, to being paid to hack the election, to curiosity about their ability to interfere with national governance (think taking the hack of Time Magazine’s top 100 people to the international scale) could drive their actions. In an era of cheap botnets, poor general computer and network security, and the ability to effectively launch attacks from anywhere in the world, there are billions of potential bad-guys whose motives cannot be easily drawn into a threat analysis.

Importantly, we’re not constrained to just one actor being involved in hacking an election; there isn’t any good reason why all the above listed interests (plus potentially a few more added to the mix) couldn’t simultaneously be trying to influence the election, further muddying both the legitimacy and outcome. In effect, Elections Canada cannot secure an online electoral process, and that process is too important to risk to the Internet. Paper voting is annoying. It’s not necessarily as convenient or as fast as using a smartphone to move your money around using a banking app.  Voting is also one of the very few political expectations/hopes that are put on Canadians every few years. It is not too much to mail in a vote, go to a polling station, or (quite reasonably) abstain from voting for political, personal, or other reasons. It is too much to expect that we would endanger the entire electoral process just to attract those who are already unwilling to take a half-hour of their time every few years to cast a ballot.

[1] For a far elongated discussion of this notion of constitutional patriotism, I would direct you to either Habermas’ work, that of Jan-Werner Muller, or sections of my MA thesis.

Book Sources

R. Anderson. (2007). Security Engineering: A Guide to Building Dependable Distributed Systems (Second Edition).

B. Schneier. (2006). Beyond Fear: Thinking Sensibly About Security in an Uncertain World.

Other posts you might be interested in:

1. Online Data Storage and Privacy
2. Towards Progressive Internet Policy in Canada
3. The Book Industry Needs to Change! Why (most) authors and publishers need not fear online piracy

Image by Steve Rhode

Each year Canada’s leaders in telecommunications gather at the Canadian Telecommunications Summit to talk about ongoing policy issues, articulate their concerns about Canada’s status in the world of telecommunications, and share lessons and experiences with one another. This years Summit was no exception. While some commentators have accused this year’s event of just rehashing previous years’ content – it is true that each Summit does see similar topics on the conference agenda, with common positions taken each year – there are some interesting points that emerged this year.

Specifically, discussions about the valuation of telecom services regularly arose, discussions of supply and demand in the Canadian ISP space, as well as some interesting tidbits about the CRTC. For many people in the industry what I’ll be talking about isn’t exactly new; those not inside the industry’s fold, however, may find elements of this interesting. After outlining some of the discussions that took place I will point to something that was particularly striking throughout the Summit events I attended: Open Media loomed like a spectre throughout, shaping many of the discussions and talking points despite not having a single formal representative in attendance.

Value Propositions

Throughout the Summit speakers regaled the audience with just how much Canadians take advantage of the Internet; we are the most prolific users of YouTube, heavy users of Facebook, and are online for longer periods of time than many other countries’ citizens. Thus, from the telecommunications perspective, current pricing models and bandwidth allowance conditions are set so that consumers still enjoy high value from their services. Interestingly, while Canadians my be online for greater periods of time Europeans are actually consuming twice as much bandwidth as North Americans. To clarify, customer value propositions almost uniformly adhere to the following equation:

Value to customers = Benefits received by customers – cost of service/good

Given that prices for broadband are typically lower in Europe, and that members of the EU are even more prolific users of broadband (presumably also receiving at least equal benefits as Canadians) it would seem that the value to consumers provided by European carriers is actually higher than that provided to Canadians.

During the Summit, ISPs were informed by policy management vendors that the complementary products that compose a significant facet of ISPs’ revenue streams are in danger. Sandvine’s President and CEO, Dave Caputo, pointed to a report from Barclay’s capital equity research that found voice traffic was presently worth about 10,000 Euro/GB of traffic, text messages about 30,000 Euro/GB, and pure data transmissions only about 5 Euro/GB. Further, Mark Henderson (President and CEO of Ericsson Canada Inc.) asserted in his keynote that voice traffic was effectively noise on mobile networks on the basis that voice traffic accounts for almost single digital percentages of overall data transmissions. As a result, voice services are decreasingly seen as effective profit centers. Taken together, it would appear that the value proposition of offering all you can eat broadband services is diminishing from a carrier perspective whilst consumer value propositions from such models continue to increase as Internet experiences become richer and richer.

More generally, with the introduction of more and more services that are designed to use data, and that let people cut SMS and voice plans, core mobile profit centres are threatened. Of course, such centers are perhaps enhanced whenever customers exceed their data plans and receive incredibly high bills that price bandwidth capacity usesignificantly above the ‘bucket’ cost of data. While the ‘overage market’ might be seen as a potential site of revenue growth, carriers and vendors alike suggested that differentiated service offerings are a preferred means of enhancing customer value propositions. Generally, the argument was that customers want the experience of regular and predicable billing, and that the potential of overage charges are a limiting factor in driving data usage. In a differentiated service model customers might choose particular kinds of data-based services; perhaps they receive email and access to social networking sites but lack access to the web generally, or have to pay a certain amount to receive ‘so much’ web access over the course of a month. What remains unclear to me is that:

1. Users actually want a differentiated offering. Instead, they seem to want to avoid bill shock. Differentiated billing is not the solution to the problem facing consumers, though effective policy controls that stem the ability of users to massively exceed their monthly data caps would (in part) resolve the ‘pain point’ felt by consumers. Further, where overages occur prices should be fair; there is no clear reason why someone that uses an extra few gig of mobile data should have to mortgage their home to pay off a monthly cellular bill.
2. Service differentiation necessarily reduces the amount of bandwidth that users will consume. While this may be the case sometimes it seems as though the emphasis should be on data usage instead of service usage. In a ‘Facebook package’ can individuals click the links associated with people’s Walls? Watch embedded videos? Upload an infinite number of photos? If not, then are individuals receiving a ‘Facebook’ experience where that experience is dependent on the socialized nature of sharing and access to the greater web? Is someone who uploads hundreds or thousands of photos to Facebook a less prolific user of data as compared to someone who checks a few emails and browses the web a little bit every day?

This isn’t to say that I don’t understand carriers’ fear of the Over-the-Top services that are slamming their complementary products. At peaks times of the day Netflix is currently accounting for around 29-30% of all data traffic in North America, and accounts for 13.5% of Canadian traffic during peak periods. The rise of high-quality on-demand OTT content also changes the language of carriers: legitimate customers who are accessing well integrated and easy to use OTT services are driving growth, not ‘content thieves’. No longer are carriers’ portals competing with infringing content but legitimate content, and while carriers were quick to tout the ‘large’ number of online offerings they have through their portals what struck me was that in at least the case of Videotron I personally have more legitimate content on my home NAS than their company makes available to their consumer base. This is not the case when contrasting my personally stored media content against that of Netflix’s library! I recognize that part of the problem facing carriers today relates to rights clearing, but given just how vertically integrated many of the largest carriers are I cannot see consumers genuinely sympathizing with their ISPs and television providers. Instead, customers are ‘enjoying’ low data caps that punish excessive enjoyment of OTT, non-carrier provided, content: the pain point around costs of bandwidth capacity provision are driven by carrier scarcity of legitimate online content combined with high overage costs, not with ‘data hogs’ that are violating social norms by watching their movies and TV from the Internet.

Supply vs. Demand and Spectrum Framing

Throughout the Summit, attendees (and members of the various government regulatory bodies) heard that ‘supply isn’t the problem, demand is!’ In effect, Canada’s telecommunications companies were stating that they are meeting the expectations of Canadians and that the companies would continue to meet expectations in the future. Consumers themselves were seen as the problem in the supply/demand curve of Canadian telecommunications. Specifically, carriers can move large capacities of traffic but there are many Canadians that cannot access even basic computer services. Without access to computers, combined with high levels of literacy, consumers cannot understand the benefit of broadband.

Mark Goldberg, one of the two primary organizers of the Summit, began his address on the first day with this point and it was reiterated throughout the event. Interestingly, Rob Bruce (President of Rogers Communications) recognized that his company had to do a better job in making access to devices, and their daily use, a simpler experience. He also recognized that Canadians needed to be able to control their ‘digital consumption’. While on the one hand I agree with this sentiment (because of the horrendously high overage fees potentially facing mobile and wireline consumers of Canadian providers) I worry that this is really an indirect way of asserting that managed networks and differentiated access types to the Internet are ‘needed’ by today’s consumers. Further, if such a managed and differentiated product offering is required to avoid high overage fees and afford some sense of monthly financial security, then one has to wonder how effectively the ‘supply’ side of the supply/demand equation is really being handled. Managing resources to maximize return on supply is not the same thing as establishing a healthy supply/demand equilibrium that conforms to basic economic theory and free market expectations.

If supply truly is meeting demand today (a questionable position based on carriers’ stated needs to throttle traffic throughout the day and charge grossly highly overage fees for bandwidth capacity use) then we might wonder about the regularized scare tactics surrounding Long Term Evolution (LTE) deployment in Canada. Access to the 700 MHz spectrum was a regular point of contention throughout the Summit, with carriers insisting that next-generation Internet services were dependent on each carrier receiving a large amount of that spectrum block. Discussions over wireless spectrum saw some ISPs advocate for entirely open auctions that avoid set-asides for new(er) entrants and others demanding spectrum set-asides or offering their own policy models that favor new(er) carriers.

For those not invested in the spectrum debates, the 700 MHz block is presently used for analogue television and is soon to be auctioned off once all television in Canada has migrated to digital systems. This particular block of spectrum is terrific at travelling long distances and passing through structures and other physical objects. Large carriers assert that delivering high-speed broadband to rural and remote locations will prominently require LTE technologies. Further, these same carriers threaten that LTE systems will be experience delayed deployments (or not be deployed at all) if they are not given access to the 700 MHz spectrum block. A critical observer might wonder whether those companies’ shareholders will stand for the executive and board  simply refusing to keep updating systems with the times, perhaps using non-beachfront spectrum, if not upgrading will reduce shareholder returns. The same observer might also wonder at just how often the larger providers have actually carried through with such threats of non-investment.

More generally, the efforts to frame the upcoming spectrum auctions were fast and furious, with each large company getting time on stage to talk to an audience composed of other telecommunications providers, regulators, media, and a precious few academics and students. The regulatory staff that I spoke to were all aware of the framing process – some found it moderately amusing – but it’s important to note not just what was said and who said it, but what wasn’t said and who didn’t have a chance to speak. Specifically, the strong positions taken by groups such as CIPPIC and Open Media over the past few years  in public and regulatory spaces were not articulated by members of those groups, nor were they given between a half-hour or an hour of stage time. More carefully stated, a framing process entails groups identifying a problem, groups responsible for it, and policy solutions to correct it. For all parties to have an equal handle in trying to shape the agenda, all must be permitted to proceed through the framing process during moments where the elites of the policy subsystem meets. Unsurprising, given the highly corporatized nature of the Summit, members of advocacy groups and coalitions were not invited to speak and have a shake at shaping Canada’s telecommunications regulatory agenda.

This isn’t to say, of course, that advocacy voices were entirely silent: John Lawford from PIAC spoke, as did Commissioner Stoddart. Neither focused on spectrum, but instead of specific harms experienced by Canadians. Their contributions operated within the conservative nature of the telecommunications subpolicy group, insofar as they slightly expand the scope of discourse without significantly throwing off or challenging ISPs’ cohesive framing (and exclusion/denigration) efforts.

Throughout the Summit there was a regular emphasis on disdain towards advocacy groups that had garnered significant attention from the media and Canadians more generally: Open Media’s recent report was referred to as “an homage to state sponsored network neutrality and broadband” by TELUS’ VP Regulatory, the organization was accused of taking advantage of social media and undermining its value as a source of information by Rogers’ President of Communications and the group is apparently obscuring network realities as far as Videotron’s President and CEO is concerned. The regulator also got involved, when the Chairman of the CRTC asserted that the consumer groups generally had to get organized and expand their knowledge.

This kind of broad framing – of extinguishing the legitimacy of a large voice without letting it speak – indicates a pair of things;

1. Open Media has been incredibly successful in getting under telecommunications providers’ skins. I’ve never been at a Summit (or other large industry event, of any kind) where an advocacy group and its coalition has attracted so much explicit and implicit vitriol;
2. Some companies are now ‘framing’ the group’s crowd-source effects as illegitimate and thus trying to illegitimate other attempts to crowd-source information.

I don’t expect, nor am I suggesting, that framing entirely obfuscates or undermines the conditions of Open Media’s attempts to work in the telecommunications regulatory space, but it does work to identify ‘qualified’ epistemic elites by whom telecommunications should be handled. The long-term consequences of depriving this advocacy group a voice at the Summit is to simultaneously reaffirm the legitimacy of actors that are present and harden combative language amongst the various members, as well as confirm that Open Media is a recognized adversary in Canada’s telecom space. This isn’t to suggest that providers have some kind of a ‘battle plan’ – there isn’t a central organizer that is using this space to intentionally coordinate language – but rather the result of a closed communications loops that constitute an ‘iron triangle’. Such triangles are composed of closed and mutually supportive groups that see governmental agencies, special interest lobbying groups, and legislative (sub)committees working together to develop policy. Members of such groups are typically specialized in very particular policy areas and present a united front towards interlopers or outsiders who

attempt to invade their turf and alter established policies that have been worked out by years of private negotiations among the “insiders” … These triangles are said to be as “strong as iron” in that these mutually supportive relationships are often so politically powerful that representatives of the more general interests of society are usually effectively prevented from “interfering” with policy-making altogether whenever their concept of the general interest runs counter to the special interests of the entrenched interest groups, bureaucrats and politicians (Source).

The CRTC in Focus

The Chairman of the CRTC was at this year’s Summit, and as usual interesting little tidbits came out in his discussion with Summit co-organizer, Mark Goldberg. von Finckenstein was regularly asked questions that followed Open Media’s general talking points, including questions of structural separation, roles of consumer groups, and effectiveness of existing CRTC regulatory policies. During the questions the Chairman was asked about the CRTC’s research capacity: in effect, is the regulator conducting in-depth research of goings on around the world, or is it predominantly relying on what is provided to it by those coming before the regulator? While I had expected that the CRTC was stacked with some research analysts who conduct research, von Finckenstein instead said that while the CRTC has a good handle on ‘the basics’ it isn’t actually engaged in detailed research of any particular regulatory approach to telecommunications. His rationale was that if the Commission was involved in intense research then it would come to particular proceedings with biases that might limit their position as impartial regulators. While I can appreciate the sentiment here, it seems somewhat off-base: as a scholar I expect that when I submit a piece for peer-review that it will be treated fairly and as neutrally as possible. This said, expect that reviewers will have conducted research in similar topic areas and that they will have private opinions concerning the argument-types presenting. I fail to understand why the CRTC cannot conduct basic research to evaluate the claims made by carriers and consumer groups alike, balancing any claims against existing policy research and analyses that are both conducted in house and by other regulators/academics.

Somewhat distressingly, the Chairman asserted a point that those who have spent time watching the CRTC already knew: the CRTC is of the opinion that consumer groups should be driving complaints before the CRTC instead of consumers themselves. von Finckenstein maintains that the highly technical nature of filing complaints means that the process is ill-suited to average consumers and that, as a result, consumers need to organize and develop a broader knowledge base concerning telecommunications so that they can then file complaints as appropriate. This having been said, he also asserted that consumers don’t generally have problems communicating with the CRTC. While unstated, I suspect that this particular comment was meant to capture the individuals consumers who are filing ITMP complaints with the CRTC, though doubt that he appreciates the level of consumer resentment towards the CRTC’s apparently toothless enforcement of their own regulatory decision around traffic management policies in Canada. I also find it of concern that the Chairman focuses on consumer groups as chiefly responsible for the formal complaints: for the full range of consumer issues to be brought before the CRTC there must be enhanced funding for these very groups. Canada is not the US, it doesn’t have the support of private foundations that enable civil society to work in the favor of citizens and consumers. Ideally, if the Chairman were serious about his suggestion, he would also demand that additional funds be provided to consumer groups prior to filing a claim so that research and testing could be performed ahead of time. As the ITMP proceeding demonstrated, the costs associated with significant hearings are so high that few can afford to do the work and simply hope to get paid at the conclusion of a particular regulatory procedure.

Unsurprisingly, the Commissioner also asserted that ITMP audits were not something that CRTC was interested in conducting because any such practice would operate under the assumption that there might be something wrong in the first place. As a complaints-driven body it would be inappropriate to make such an assumption. This is unfortunate because it can be so challenging for individuals to actually trace the source of network-based problems. Further, it is in companies’ best interests to keep a shroud drawn tightly around themselves and their infrastructure operations to obfuscate their own misdeeds. Indeed, this very point has been made repeatedly by scholars in the telecommunications sphere but without a research wing it would appear that the CRTC is ignorant of the basic facts of corporate strategies that are designed to confuse consumers. Further, without such a research wing the Commission is apparently unaware that those conducting research on the outskirts of the network infrastructure will almost certainly have a very difficult, if not impossible, time trying to identify problems that reside within ISPs’ infrastructure.

The Haunting of Open Media

Open Media hung over most of the Summit as a spectre that could-not-be-named. Various CEOs, Presidents, and Vice-Presidents raised concerns over the role of advocacy groups. Rogers’ President of Communications worried that ‘special interests’ were undermining the value of social media as a source of fact-finding and outreach, Videotron’s President and CEO asserted that customers were happy with Usage Based Billing and that Open Media was just trying to obscure network realities and the Chairman of the CRTC maintained that a series of Open Media’s key issues (audits of ITMP systems, functional separation) were not issues that the regulator was willing to take up. TELUS’s Mike Hennessy stated (without defending the claim) that Open Media’s recent report, “Casting an Open Net: A Leading-Edge Approach to Canada’s Digital Future,” was homage to state-sponsored network neutrality and broadband. Further, it was suggested that Open Media should have been the consumer group that was present at the annual ‘Regulatory Blockbuster’ panel instead of PIAC, based on each consumer groups’ relative prominence in the broadband space this past year. It is admittedly somewhat anecdotal, but a vast number of the conversations that I participated in over the two days I attended the Summit saw Open Media either directly or indirectly come up.

What does this mean for Open Media as an organization? To begin, it indicates that the organization is implicitly recognized as an actor in the Canadian telecommunications policy subsystem, as demonstrated both by their involvement in discussing policy issues and bargaining in pursuit of their interests, as well as by the agenda denial tactics that are being undertaken by incumbent subsystem actors. The group’s effectiveness is arguably tied to their ability to harness epistemic elites that are not typically associated with regulatory proceedings and while simultaneously forging alliances with established actors. Further, Open Media has a demonstrated an ability to capture public attention and focus government awareness on issues in a manner that simultaneously aligns and opens policy windows. As a result of their focusing efforts, the group have effected changes to the regulatory agendas.

The capturing of public attention is key to their status as members of this particular policy sub-community: while they present policy alternatives they have also leveraged the potential votes of their backers and thus seen political parties seek Open Media’s favor. As a result of their capacity to capture and harness public attention, Open Media is challenging existing policy monopolies by becoming a dark horse that frames problems differently than Canada’s dominant carriers and that demands solutions often diverging from carriers’. Despite this divergent framing and solution set, the organization has often attempted to link their own issue set with the government’s economic principles and objectives, defending their position by appealing to key regulatory directives and frameworks. This insulates some of their work from overt assault. In effect, Open Media is working to alter “policy images through a number of tactics related to altering the venue of policy debate” and is consequently undermining “the complacency or stability of an existing policy subsystem” (Howlett and Ramesh 2003: 139).

The organization’s actual impact in the formation of policy itself – decision, implementation, and auditing policy stages that follow agenda shaping – is less clear. Along with other sub-system actors, such as Jean-François Mezei, Open Media has successfully rebuffed at least one major policy initiative that was decided by the CRTC around UBB. The development of alternate policy principles and guidelines may assist in promoting their issue-set but the rate of seeing their suggestions introduced into regulatory policy will be delayed based on the complexity of the policy subsystem they are operating in. Further complicating their efforts are the constraints placed upon the regulators who are expected to make, implement, and regulate telecommunications policy. Consequently, incrementalist changes are most likely. Incrementalism does not necessarily mean that Open Media’s own policy initiatives and principles are transformed into policy, but that existing policy actors’ traditional principles, aims, and policy preferences may not be codified as rapidly as in the past. Further, traditional actors may need to modify their narrative and either incorporate some of Open Media’s language to hedge out the advocacy group or reorient their discourse to more effectively isolate and exclude Open Media as a legitimate policy actor. Regardless, for the moment at least Open Media has successfully intruded on a (relatively) monopolized policy subsystem and is affecting change, though it will be an uphill battle to establish themselves as a long-term member in Canada’s telecommunications policy network.

Text Sources:

M. Howlett and M. Ramesh. (2003). Studying Public Policy: Policy Cycles and Policy Subsystems (Second Edition). Toronto: Oxford University Press.

Other posts you might be interested in:

1. Canadian Telecom Summit and DPI
2. Privacy Advocates and Deep Packet Inspection: Vendors, ISPs, and Third-Parties
3. EU: Judicial Review Central to Telecom Disconnects

Image courtesy of Harvard University Press

I spend an exorbitant amount of time reading about the legacies of today’s telecommunications networks. This serves to historically ground my analyses of today’s telecommunications ecosystem; why have certain laws, policies, and politics developed as they have, how do contemporary actions break from (or conform with) past events, and what cycles are detectable in telecommunications discussions. After reading hosts of accounts detailing the telegraph and telephone, I’m certain that John’s Network Nation: Inventing American Telecommunications is the most accessible and thorough discussion of these communications systems that I’ve come across to date.

Eschewing an anachronistic view of the telegraph and telephone – seeing neither through the lens that they are simply precursors to contemporary digital communications systems – John offers a granular account of how both technologies developed in the US. His analysis is decidedly neutral towards the technologies and technical developments themselves, instead attending to the role(s) of political economy in shaping how the telegraph and telephone grew as services, political objects, and zones of popular contention. He has carefully poured through original source documents and so can offer insights into the actual machinations of politicians, investors, municipal aldermen, and communications companies’ CEOs and engineers to weave a comprehensive account of the telegraph and telephone industries. Importantly, John focuses on the importance of civic ideals and governmental institutions in shaping technical innovations; contrary to most popular understandings that see government as ‘catching up’ to technicians post-WW I, the technicians have long locked their horns with those of government. 

In addition to gems about the characters and intentions of various players in the telegraph and telephone industries, the book offers scholars of communications technologies a well sourced and detailed accounting of past regulatory fights. These are instructive, showcasing a rhythm in interests between private corporate ownership and public ownership of communications infrastructure, whilst simultaneously outlining techniques that communications CEOs have used to advance their causes even when their infrastructure is (temporarily) deputized for governmental uses. Further, we see how ‘usage based billing’ systems have been suggested with varying effect since electric communications were possible and can identify common resonances in the discussions of the 19th century, early 20th century, and today. For those whose interests in telecommunications stray into the domain of privacy (as in my case) we find that privacy issues have been rife with earlier telecommunications systems; who, today, would identify a “total stranger” calling you as a particularly egregious privacy violation solely on the basis that they were reaching past your home’s outer walls? This was a serious concern in 1895 with the deployment of ringing telephones.

While the book often tracks well-known grounds – issues between the Independents and the Bell Systems – it unearths novel insights on almost every page. We come to understand some of the rancour between major independents and Bell companies through the public notes that John regularly turns to to underscore or emphasize his point that civic ideals and government departments played key roles in shaping the structure of ‘regulated’ competition. His insights emphasize the weaknesses, today, of relying on infrastructure-based competition instead of common access to key communications infrastructure. Further, we see that wireless was upheld as a successor to telephone and telegraph communications in the early 20th century; wireless promised to “free competition” between wire and wireless communications and render existing telephone properties “worthless” in weeks. Given today’s debates around the promises and potential of wireless communications to compete with ‘traditional’ wireline communications, we would be well served to reflect on how effective such competition has been in the past.

So, where are the weaknesses of the book? In part, we might say that its limitation to just the telegraph and telephone weaken the concluding chapter wherein the author offers a whirlwind account of eighty years of regulatory (in)action in the US. Given how detailed an account we get for the first four hundred pages it seems disappointing to not have the same level of empirical clarity at the very end. Further, this is a book emphasizing American telecommunications and offers little attention to the actions elsewhere in the world; there is no real attempt to engage with International Relations scholarship that investigates the British-American relationship(s) around the telegraph and telephone. It’s also a book with a limited (though well defended) thesis that almost feels reactionary. For example, rather than bombastically claiming that the telegraph operated as a ‘Victorian Internet’ (clearly targeting the thesis of Standage’s book of the same name) it is more suitable to argue that some members of the press saw the value in the telegraph for business purposes and that the system was never particularly accessible to the public. If by ‘The Victorian Internet‘ you mean ‘a communications service largely limited to the upper (business) classes and particular members of the press’ and that this ‘Internet’ was intrinsically shaped by the political economy of the day (rather than being an almost self-generating technical marvel that outstripped regulators’ ability to engage with it) then Standage is correct: the telegraph was a precursor to the Internet. This is not, of course, Standage’s thesis. As an academic, I quite like the limited and well-argued framework that John operates from, though recognize that many people would prefer a wider-ranging conclusion (for such an effort, see Wu’s ‘The Master Switch: The Rise and Fall of Information Empires‘).

To whom would I recommend this book? Obviously, scholars in the field will find this book incredibly profitable. Given today’s tumultuous politics of telecommunications in North America the book offers advocates, members of the public, and policy makers a concise history of what went on in the preceding two centuries of telecommunications regulation. For those interested in usage based billing, issues of Internet congestion, the origins of contemporary communications laws and politics, and relationship between civic attitudes and government regulation of communications services, this is a terrific book. For those wanting to go a step further, wanting to know a little more about the politics and technologies of telecommunications in America post-WW II, I’d recommend taking up Nuechterlein’s and Weiser’s ‘Digital Crossroads: American Telecommunications Policy in the Internet Age‘ as an almost natural continuation of John’s own Network Nation.

Other posts you might be interested in:

1. Review of Telecommunications Policy in Transition
2. Background to North American Politics of Deep Packet Inspection
3. Review: Internet Architecture and Innovation

Image by David Clow

Rogers Communications modified their packet inspection systems last year, and ever since customers have experienced degraded download speeds. It’s not that random users happen to be complaining about an (effectively) non-problem: Rogers’ own outreach staff has confirmed that the modifications took place and that these changes have negatively impacted peer to peer (P2P) and non-P2P applications alike. Since then, a Rogers Communications senior-vice president, Ken Englehart, has suggested that any problems customers have run into are resultant of P2P applications themselves; no mention is made of whether or how Rogers’ throttling systems have affected non-P2P traffic.

In this brief post, I want to quickly refresh readers on the changes that Rogers Communications made to their systems last year, and also note some of the problems that have subsequently arisen. Following this, I take up what Mr. Englehart recently stated in the media about Rogers’ throttling mechanisms. I conclude by noting that Rogers is likely in compliance with the CRTC’s transparency requirements (or at least soon will be), but that such requirements are ill suited to inform the typical consumer. 

Rogers’ Renewed Throttling Scheme

Last December I wrote about how Rogers’ throttling systems were causing significant problems for customers. Specifically, it seemed as though a badly tested update to the Rogers network mediation infrastructure had caused P2P download speeds to sharply fall, and non-P2P applications were also impacted. These problems were confirmed by Keith McArthur, Rogers’ senior director of social media and digital communications, when he wrote that:

As some of you are aware, Rogers recently made some upgrades to our network management systems that had the unintended effect of impacting non-p2p file sharing traffic under a specific combination of conditions. Our network engineering team is working on the best way to address this issue as quickly as possible. However, I’m not able to provide any updates at this time about when this will be fixed. Our network management policy remains unchanged. You can find details of our policy here (»www.rogers.com/web/content/netwo···nagement). We are working hard to ensure that there are no gaps between our policy and the technology that enables that policy.

While it was disturbing that it took months for an official Rogers representative to confirm the problem – and that even upon confirming the issue, no timeframe for resolving it was provided – at least the company publicly recognized the problem and stated that it would be fixed. Further, it seemed that the fix (whatever it entailed) would return the mediation of customers’ data traffic to a pre-September 2010 status. Unfortunately, rather than working to resolve the problem (and maintain the network management policy) Rogers has changed their policy. This change was needed to comply with a CRTC directive – ISPs must be transparent to their customers about Internet Traffic Management Practices (ITMPs) – but since the change has taken place I’ve not seen any suggestion that things will ‘return to the old normal.’

Public Statements and Policy Updates

The most recent CRTC investigation into ISP traffic management policies began after Justin McKillican filed a complaint alleging that Rogers had “introduced changes to its Internet traffic management practices (ITMP) which impacted downstream peer to peer (P2P) traffic without providing the 30 day notice required by Telecom Regulatory Policy 2009-657.” The CRTC’s response (.pdf) to Mr. McKillican and Rogers’ Ken Thompson (Director and Counsel Copyright and Broadband Law, Rogers Communications Incorporated) directed the company to revise its ITMP disclosures on Rogers web pages on the basis that, at the time of investigating Mr. McKillican’s complaint, the disclosure on Rogers’ website was non-compliant with the transparency requirements set down in 2009-657.

In an interview with Carrt.ca about Rogers’ throttling policies (Subscription required), Mr. Englehart stated that Rogers does not traffic shape downstream traffic. Further, he asserted that Rogers had already provided an explicit disclosure of their practices on their web site. The disclosure that had been available to the public for over a year was previously in conformance “with what the CRTC wanted so it’s strange that they’re now saying it needs more work given we did it in consultation with them.” In the interview, he asserted that only P2P was affected by the throttling mechanisms, though his statement stands at odds with Rogers’ actual traffic management policies that have recently been amended. Perhaps Mr. Englehart was unaware that the policy had been amended on the basis that newly deployed technical measures, but this seems unlikely given that the CRTC letter explicitly noted that there were changes to Rogers’ throttling systems.

The changes to Rogers’ traffic management policy are significant. An entirely new section – “Are there other applications that could be impacted by Rogers traffic management measures?” – has been introduced, following almost word-for-word what Bell Canada has published in the same section of their own traffic management policy. Bell (and, now, Rogers) recognizes that sometimes their DPI systems negatively impact non-P2P applications, and puts the onus on the consumer to get things working again. Specifically, users are instructed to setup applications so that they only use IANA-specified ports[1] (with Rogers providing a non-hyperlined URL to the official IANA list on their traffic management page). Specifically, Bell and Rogers customers are told to:

1. Close the affected application along with all P2P applications;
2. Ensure that non-P2P applications have their ports properly assigned;
3. Wait to ten minutes, and then restart the non-P2P application.

Knowing many Bell and Rogers customers, and just how tech-savvy they are, I cannot imagine that many end-users can actually modify port numbers for various programs. As such, the solutions these companies are providing assume that the people who either care enough to find a solution, or can solve it in the first place, tend to be reasonably technically inclined. At the same time, I fully recognize that the provided solutions will most likely comply with CRTC requirements. This suggests that ISPs are invested in making ITMP policies transparent as far as regulators are concerned, but are not so interested in making the entirety of those policies transparent to typical consumers as well.

Consumer vs Technical/Regulatory Transparency

For a system to be considered transparent to consumers it must be described so that non-experts can decode what is being described. Rogers is almost certainly not being transparent to consumers given the brevity of their ITMP policy and because customers must consult a massive text-based document (with little context), modify some applications’ port numbers, and only then have applications properly access the Internet. While such a list lets me set up port numbers on applications to avoid throttling, this is not the case with far less technically savvy individuals. What does the ‘regular consumer’ do when their particular application isn’t listed in the ports (as will happen, often) and they’re experiencing slowdown on non-P2P application traffic?

In essence, while ISPs have publicized how their traffic management policies impact traffic, in the cases of Bell and Rogers only technically savvy individuals can follow the suggested troubleshooting steps. So, while both companies are (arguably) within the confines of regulatory transparency that is required by the CRTC,[2] the transparency that these bodies require doesn’t necessarily mean that end-users without technical savvy will understand how to resolve problems. Similar to how long or complicated privacy policies are only understood by those trained to read and/or write them, I suspect that only those who already have a degree of technical awareness will understand what ISPs are doing to customer data traffic.

For a policy to be ‘consumer transparent’ it has to be non-technical, while specific enough to inform end-users what is going on. Much of Bell’s own ITMP policy is good, insofar as it is understandable and accessible to those who happen across the policy, but the troubleshooting approach that is provided is poor at best. The brevity of Rogers’ own policy, combined with the poor design decisions that reduce readability, means that Rogers has provided a policy that is less transparent to the consumer, while simultaneously meeting much of the CRTC’s own regulatory transparency requirements. Deep packet inspection and Quality of Service infrastructure regularly mediates Canadians’ digital communications. Given the importance of our digital systems I think that ISPs should remain compliant with technical and regulatory transparency requirements, but also ensure that their policies are also transparent and understandable to end-users.

Footnotes

[1] The Internet Assigned Numbers Authority (IANA) is responsible for allocating and maintaining a variety of numerical codes related to technical standards and protocols that undergird the Internet. To learn more about them, read their About page.

[2] Admittedly, in the case of Rogers the CRTC has taken issue with how ‘transparent’ their approach is. Given that Rogers’ policies are written similarly to Bell, I suspect this has more to do with the ease of finding and reading Rogers’ policies instead of what is written. See the below of how to navigate to a few Canadian ISPs’ traffic management pages:

Rogers

1. Go to the Rogers homepage
2. Select ‘Internet’ >> ‘Packages and Pricing’
3. Scroll to the bottom of the page and click on their Internet Traffic Management Practices and Legal Disclosure link
4. In the popup box, click the grey link in the third paragraph labeled ‘click here’.

Bell

1. Go to Bell’s homepage
2. Select ‘Internet’
3. Scroll down to the bottom of the page and click their Network Management link

Shaw

1. Go to their homepage
2. Select ‘Internet’
3. Select the link to their traffic management policies

Cogeco

1. Go to their homepage
2. Select ‘Internet’
3. Select ‘Internet Usage’
4. Select ‘Learn more about Internet traffic management
5. Select one of the six options to learn about, read it, and then either use your browser’s back button or the back button on the page and scroll back down to where you were on the page.

In the case of both Bell and Shaw, there is an easily found, easily accessed, and easily read traffic management policy. In the cases of Rogers and Cogeco it is more challenging to believe that a casual consumer would happen upon the traffic management policies. The text of Rogers’ ITMP policy is incredibly small – I need to move very close to the screen to read the grey 11 font text – and Cogeco’s is buried – multiple links have to be clicked to read the whole policy even after finding it. Neither of these two policies would pass a sniff test for being ‘consumer transparent’, even if they are seen as compliant with legal and regulatory transparency requirements.

Other posts you might be interested in:

1. Background to North American Politics of Deep Packet Inspection
2. Beyond Fear and Deep Packet Inspection
3. Choosing Winners with Deep Packet Inspection

Photo by StartTheDay

Funding, technical and political savvy, human resources, and time. These are just a few of the challenges standing before privacy advocates who want to make their case to the public, legislators, and regulators. When looking at the landscape there are regularly cases where advocates are more successful than expected or markedly less than anticipated; that advocates stopped BT from permanently deploying Phorm’s Webwise advertising system was impressive, whereas the failures to limit transfers of European airline passenger data to the US were somewhat surprising.[1] While there are regular analyses of how privacy advocates might get the issue of the day onto governmental agendas there is seemingly less time spent on how opponents resist advocates’ efforts. This post constitutes an early attempt to work through some of the politics of agenda-setting related to deep packet inspection and privacy for my dissertation project. Comments are welcome.

To be more specific, in this post I want to think about how items are kept off the agenda. Why are they kept off, who engages in the opposition(s), and what are some of the tactics employed? In responding to these questions I will significantly rely on theory from R. W. Cobb’s and M. H. Ross’ Cultural Strategies of Agenda Denial, linked with work by other prominent scholars and advocates. My goal is to evaluate whether the strategies that Cobb and Ross write about apply to the issues championed by privacy advocates in the UK who oppose the deployment of the Webwise advertising system. I won’t be working through the technical or political backstory of Phorm in this post and will be assuming that readers have at least a moderate familiarity with the backstory of Phorm – if you’re unfamiliar with it, I’d suggest a quick detour to the wikipedia page devoted to the company.

Before initiators and opponents actually start fighting about the agenda, issues must first be identified. Not all problems are deemed significant enough to warrant attention and others are seen as outside of the agenda-holder’s purview. How then do initiators, such as privacy advocates, successfully present issues and get them on the agenda?

Getting to the Agenda 101

A policy initiator has to successfully define their issue-of-interest to get it onto the agenda. Initiators must “connect a problem to cultural assumptions about threats, risk, and humans’ ability to control their physical and social environments” (Cobb and Ross 1997: 5). This often entails a three-step process:

1. A name must be given to the problem that resonates with the public. As an example: Deep Packet Inspection (DPI) is an illegitimate surveillance system that breaks the law and intrudes on personal privacy.
2. Having named the problem, a culprit must be shown as responsible for unfair treatment experienced by victims. In the UK, Phorm and BT are shown as mutually complicit in deploying a DPI-based advertising system, in secret and in contravention of wiretapping laws. Such surveillance offends citizens’ communicative dignities.
3. After naming the problem and blaming a party for the problem, initiators of a new policy must make arguments to attract support. These arguments should be framed to let members of the public impose their own meaning on the advocates’ message. Further, the arguments should reveal the social significance of the problem, appeal to the temporal relevance of the issue, frame the problem in non-technical language, and reveal the problem as categorically unique.

Per Cohen, Marsh, and Olsen (1972: 2), there are four separate policy ‘streams’ that policy initiators need to link together to get their issue onto the agenda; problems, solutions, participants, and choice opportunities. Kingdon (2002) compresses this set of windows, proposing that there are three ‘families’ of processes in federal agenda-setting processes: problems, policies, and politics. The success of the UK groups, then, has been dependent on framing their issue as a problem with a policy solution while linking with policy participants. Such participants must be able to affect the issue and willing to enact change. When analyzing policy windows it is critical to attend to the situational politics around prospective participants in the policy subsystem. If the situation prevents actors from acting then policy initiators may be unable to align policy windows and advance their issue to the governmental agenda. Effectively, even if privacy advocates frame their issue and identify a solution, the politics of the day may jeopardize attempts to put the issue on the government’s agenda.

Opposing Policy Initiators

How, exactly, are politics framed in a way that precludes actors from acting or policy windows from aligning? In Western democracies there are three typical choice-types available to those opposing advocates:

1. Low-cost strategies stressing non-recognition of the advocate position;
2. Medium-cost strategies attacking the advocates’ proposed policy;
3. Medium-cost strategies symbolically placating advocates [2]

I’ll consider the strategies in turn, in relation to BT-Phorm and UK privacy advocates. I’ll conclude the post by proposing a series of research questions that stem from the EU ultimately stepping in and placing Phorm on its agenda despite UK regulatory bodies’ unwillingness to take up Phorm as an actionable agenda item.

Low Cost Strategies

Opponents of policy initiators often hope that voices outside the halls of power will just go away if they’re ignored. Ignoring problems is meant to deflect advocates, though the tactic is less successful when opponents face highly motivated policy initiators. The case of Phorm serves as a good example. After trying to ignore complaints from the user community, BT eventually admitted that they had tested the Phorm advertising system. This disclosure was motivated both by technical analyses of the BT network, the leaking of internal BT documents discussing a trial of the Webwise system, and pressure exerted by privacy advocates.

The actual problems that users experienced, however, were isolated, and the number of people affected were limited; not all BT customers were unknowingly enrolled in the test and of those who were, not all suffered material degradations of their Internet service. On the basis of both points advocates were pushed aside; they weren’t advocating on the behalf of a large population, and within the trial population only a small number were materially affected by the advertising system. This technique of dismissing claims based on the population affected is formally referred to as “antipatterning”, and it sees opponents put pressure on advocates to demonstrate that their concerns extend beyond a small subset of individuals and that the problem is important enough to rise to the agenda.

Key to opponents’ low-cost strategies is a refusal to communicate with initiators. A traditional tactic is to use the legitimacy associated with communicating directly with another person as a bargaining chip; initiators must set aside certain facets of the problem, or the issue must be framed in an ‘appropriate’ way for the conversation to begin ‘in earnest’. This has the effect of conditioning the issue that advocates raise, coercing them to make the issue more amenable to the agenda that their opponents want the government to work with. The other advantage associated with not or minimally communicating with advocates is that the action forces advocates to expend precious resources to gain publicity and find allies. Both are needed for an advocate group to convince opponents and officials alike that the issue they are championing deserves to be placed on the agenda.

Middle-Cost: Attacking Advocates’ Proposed Policy

Where initiators are already regarded as highly legitimate (e.g. a well-known, financed, politically savvy privacy advocacy group) then opponents will focus their attacks on the groups’ proposed policy. Such attacks commonly revolve around disputing advocates’ facts or the logic of their arguments. When raising issues about the nature of a privately owned digital network this tactic is quickly used: How can advocates make the claims they are, given that they have never operated the massive network? Without logs (secret and proprietary corporate information) how can advocates support their worries?

In addition to challenging policy initiators based on factual and logical grounds, opponents can raise the spectre of costs: If advocates successfully place their issue on the agenda, the end-result could be higher costs for all users of a service. Alternately (and possibly more effectively), if advocates are successful then users might be denied some sort of a reward. In the case of many DPI-based advertising system users are promised additional security resulting from DPI analyses, reduced bills, and so forth. Given the ‘carrots’ associated with DPI, advocates must translate issues that the public often regards as ‘intellectual’ into ‘meat and potatoes’ problems – how does DPI affect the common citizen, in an embodied and direct manner, on a daily basis.[3]

When the advocates themselves lack a pre-existing legitimacy, or lack ‘protective credentials’ or positions (e.g. advanced degrees, employment in a field related to the issue, etc), opponents may work against the group itself and bypass a policy-based critique entirely. Such attacks are intended to reduce advocates’ credibility. Phorm arguably attempted this (too late!) when creating their ‘Stop Phoul Play’ website that sought to discredit privacy advocates. Phorm’s efforts fit nicely into Cobb’s and Ross’ expectations that the opponent would try and link policy initiators to negative stereotypes (as serial agitators and ‘privacy pirates’) but it is less clear to me that they sought to blame advocates for the problem itself.

Privacy advocates tend to frame issues so as to claim the high ground of the issue at hand, pointing to economic, physical, psychic, or other indignities resulting from the issues they are pushing onto the agenda. Per Cobb and Ross, opponents are driven to neutralize these claims and such attempts were evident in the Phorm saga. Opponents pointed to the use of ISP networks for the transport of copyrighted material, transport which opponents maintained raise costs of doing business and thus for providing consumers’ Internet service. On this basis, Phorm’s advertising was valuable in offsetting rising costs resulting from ‘piracy’ actions, actions Phorm associated with the privacy campaigners themselves.

Finally, outright deception is sometimes used in this middle-cost attack strategy. Deception can entail “lying, spreading rumors, or planting false stories in the media. Deception involves the dissemination of materials known to be inaccurate or of questionable veracity” (Cobb and Ross 1997: 33). Advocates in the UK experienced these kinds of actions by Phorm, including accusations that a lead advocate had been fined for tens of thousands of dollars for copyright infringement.

Thus, in aggregate, we can see that BT and Phorm reacted as an opponent using mid-cost strategies meant to undermine the problem’s legitimacy as a potential agenda item, and that the opponents also sought to undermine the legitimacy of the advocates advancing the issue. These mid-cost attacks were supplemented with attempts to placate advocates, and arguably were successful in removing an influential policy initiator (Privacy International) from the (public) policy landscape.

Middle-Cost: Symbolically Placating Avocates

Symbolic placation typically involves opponents adopting “a language emphasizing mutual interests, and the zero-sum vocabulary associated with adversarial conflict is set aside” (Cobb and Ross 1997: 34). While placating advocates has the effect of legitimizing their issues, it does so in a manner that lets opponents retain control of how, why, and when the issue is actually raised to the agenda. Placation often entails establishing committees of some sort to study the problem and is more generally meant to defuse conflicts and weaken the momentum initiators have developed.

A particularly common tactic is to reach out and co-opt advocates’ actual or potential allies, offering jobs, positions, and other benefits to ‘work with’ the opponents. Privacy International arguably suffered this tactic. Phorm hired Simon Davies (director of Privacy International) to evaluate the Phorm Webwise system, and subsequently leveraged the fact that Davies was associated with the company to strategically limit Privacy Internationals’ influence. Specifically, the report produced by Davies maintained that the advertising system had to be opt-in and resolve questions around the legality of communications intrusion before it went live, but Phorm focused on the fact that Privacy International was working with the company and had positively evaluated the system. Somewhat surprisingly, and pleasantly, the absence of Privacy International didn’t let BT’s and Phorm’s activities continue unrestrained; other UK privacy campaigners jumped in to fill the void.

We have yet to see the tactic of postponement – where opponents agree with the validity of the grievance but identify reasons for why it will take time to resolve the issue – or a focus on past accomplishments and trustworthiness to justify the continuing existence (as opposed to resolution) of the issue. We may see both of these sooner rather than later, when the EU concludes their own investigations into Phorm and BT, and the UK government runs out of avenues to appeal the impending EU decision.

Complicating Politics

Much of the agenda-setting literature focuses on the federal level of analysis, investigating how issues become important on a national scale. Most of the BT-Phorm issue has revolved around agendas at the national level in the UK, but (somewhat) recently the EU has put Phorm on its own supranational agenda. This adds a level of complexity to the efforts of the privacy advocates seeking to shape deep packet inspection as an agenda item. Advocates sought to motivate the UK national agenda that opponents were deeply involved with, and were only moderately successful in putting their issue on the agenda. More specifically, while advocates successfully initiated political discourse about the technology the companies associated with the advertising system have successfully delayed or stifled regulatory action. Whether the regulator is subject to capture or not remains an open question, but in the face of external supranational oversight a national(ist) regulatory body may attempt to justify its behaviour to retain its own political legitimacy. The body may reframe the issue, away from advocates, focusing on a need to protect sovereign decision-making capability instead of actually regulating the DPI-based practices themselves. Thus, while advocates may find an ally in a supranational body, this body’s potency may shift the terms of political avoidance to the maintenance of political and decisional sovereignty.

To better understand and evaluate the impacts of shifting the issue to a supranational agenda in contravention of the attention paid to the issue on the national agenda, it is important to gain perspective on why, exactly, UK regulatory bodies have been so tardy in responding to the issue. These bodies have not been actively engaged in either of the medium-cost attack strategies, instead adopting a low-cost strategy of simply avoiding the issue. Does the transition to a supranational level of analysis shift how the UK body perceives DPI as an agenda item? Does it change the kinds of tactics that it considers (e.g. moving from avoidance to either symbolic placation or launching an attack on the legitimacy of the issue as a problem, or the legitimacy of either advocates or the EU commissioner)? Does the body seek to reframe the issue from one of privacy and law to one of political sovereignty? What, specifically, motivates the subsequent tactics, or does a system of continued avoidance persist despite the elevation of the issue?

These are the kinds of questions that I will be pursuing in the coming months as I conduct research for my dissertation; as/if I develop responses, I’ll be writing about them here.

Books Cited:

R. W. Cobb and M. H. Ross (eds.). (1997). Cultural Strategies of Agenda Denial. Lawrence, Kansas: University Press of Kansas.

M. D. Cohen, J. G. Marsh and P. P. Olsen. (1972). ‘A Garbage Can Model of Organizational Choice’, Administrative Science Quarterly. 17(1). 1:25.

J. W. Kingdon. (2002). Agendas, Alternatives, and Public Policies (Second Edition). New York: Longman.

Footnotes:

[1] For an excellent discussion and evaluation on how the transfer game was lost, read Abraham’s Protectors of Privacy.

[2] There is a forth potential approach to opposing advocates, high-cost strategies that often rely on “electoral, economic, and legal threats, as well as economic sanctions or legal actions, arrest, imprisonment, and organized violence.” While such approaches are sometimes evidenced, they are exceptional and rare.

[3] Translating issues for the public may not always be successful, or a good use of resources for some privacy advocates. Where advocacy groups are resourced or experienced, or simply integrated into an existing policy community that is more receptive to their claims than the public, the groups may work within their policy group instead of trying to convince the public of the poignance of the issue. The choice made – to get mass support or work within an existing policy network and its subsystems – may relate to the characteristics of the advocacy group in question.

Other posts you might be interested in:

1. Deep Packet Inspection and the Confluence of Privacy Regimes
2. Privacy Advocates and Deep Packet Inspection: Vendors, ISPs, and Third-Parties
3. Draft: What’s Driving Deep Packet Inspection in Canada?

“… [O]ne of the things about librarians is that they’re subversive in the nicest possible ways. They’ve been doing the Wikileak thing for centuries, but just didn’t get the credit for it. This is what we try to do all the time; we try to reduce the barriers and open up that information.”
– Michael Ridley

Self-identifying as the University’s Head Geek and Chief Dork, Michael Ridley leads a life of the future by reconfiguring access to the past. As Chief Librarian and Chief Information Office of the University of Guelph, Ridley spends his days integrating digital potentialities and the power of imagination with the cultural and historical resources of the library. Seeing the digital as a liminal space between the age of the alphabet and an era of post-literacy, he is transforming the mission of libraries: gone are the days where libraries primarily focus on developing collections. Today, collections are the raw materials fueling the library as a dissonance engine, an engine enabling collaborative, cross-disciplinary imaginations.

With a critical attitude towards the hegemony of literacy, combined with a prognostication of digitality’s impending demise, Ridley’s position at the University of Guelph facilitates radical reconsiderations of the library’s present and forthcoming roles. He received his M.L.S. from the University of Toronto, his M.A from the University of New Brunswick, and has been a professional librarian since 1979. So far, Michael has served as President of the Canadian Association for Information Science, President of the Ontario Library Association, Board member of the Canadian Association of Research Libraries, and Chair of the Ontario Council of Universities. He is presently a board member of the Canadian Research Knowledge Network and of the Canadian University Council of CIOs. He has received an array of awards, and was most recently awarded the Miles Blackwell Award for Outstanding Academic Librarians by the Canadian Association of College and University Libraries. Ridley has published extensively about the intersection of networks, digital systems, and libraries, including “The Online Catalogue and the User,” “Providing Electronic Library Reference Service: Experiences from the Indonesia-Canada Tele-Education Project,” “Computer-Mediated Communications Systems,” and “Community Development in the Digital World.” He has also co-edited volumes one and two of The Public-Access Computer Systems Review. Lately, his work has examined the potentials of post-literacy, which has seen him teach an ongoing undergraduate class on literacy and post-literacy as well as giving presentations and publishing on the topic.

Read the full conversation at CTheory

Other posts you might be interested in:

1. Review: Delete – The Virtue of Forgetting in the Digital Age
2. Publication: Is Your ISP Snooping On You?
3. Public and Private Digital Space

Photo credit: Faramarz Hashemi

Deep packet inspection (DPI) is a form of network surveillance and control that will remain in Canadian networks for the foreseeable future. It operates by examining data packets, determining their likely application-of-origin, and then delaying, prioritizing, or otherwise mediating the content and delivery of the packets. Ostensibly, ISPs have inserted it into their network architectures to manage congestion, mitigate unprofitable capital investment, and enhance billing regimes. These same companies routinely run tests of DPI systems to better nuance the algorithmic identification and mediation of data packets. These tests are used to evaluate algorithmic enhancements of system productivity and efficiency at microlevels prior to rolling new policies out to the entire network.

Such tests are not publicly broadcast, nor are customers notified when ISPs update their DPI devices’ long-term policies. While notification must be provided to various bodies when material changes are made to the network, non-material changes can typically be deployed quietly. Few notice when a deployment of significant scale happens…unless it goes wrong. Based on user-reports in the DSLreports forums it appears that one of Rogers’ recent policy updates was poorly tested and then massively deployed. The ill effects of this deployment are still unresolved, over sixty days later.

In this post, I first detail issues facing Rogers customers, drawing heavily from forum threads at DSLreports. I then suggest that this incident demonstrates multiple failings around DPI governance: a failure to properly evaluate analysis and throttling policies; a failure to significantly acknowledge problems arising from DPI misconfiguration; a failure to proactively alleviate inconveniences of accidental throttling. Large ISPs’ abilities to modify data transit and discrimination conditions is problematic because it increases the risks faced by innovators and developers who cannot predict future data discrimination policies. Such increased risks threaten the overall generative nature of the ends of the Internet. To alleviate some of these risks a trusted third-party should be established. This party would monitor how ISPs themselves govern data traffic and alert citizens and regulators if ISPs discriminate against ‘non-problematic’ traffic types or violate their own terms of service. I ultimately suggest that an independent, though associated, branch of the CRTC that is responsible for watching over ISPs could improve trust between Canadians and the CRTC and between customers and their ISPs.

What’s Going On?

Rogers has publicly stated that they are predominantly concerned with managing upstream traffic, claiming that without throttling it they risk “becoming the world’s buffet.” As a result, the company uses DPI appliances to delay uploading data to the Internet; downloads are unaffected. Their technology, “looks at the header information embedded in the payload and session establishment procedures” to identify peer-to-peer based upload traffic. If such traffic is identified it is put into a portion or allocation of the network dedicated to upstream peer-to-peer traffic. Further, Rogers’ network management policy states that “For Rogers Hi Speed Internet (delivered over cable) and Portable Internet from Rogers customers, the maximum upload speed for P2P file sharing traffic is 80 kbps at all times. There are no limits on download speed for any application or protocol.”

Unfortunately, it appears as though a badly tested update to Rogers’ DPI equipment has had unintended consequences. Customers that previously enjoyed very fast downloads using P2P clients – often several Mb/s – have seen their download speeds sharply curtailed to the point where some users are reporting maximum speeds of under 100kb/s. Moreover, it isn’t just just P2P applications that are being affected; Keith McArthur, Rogers’ senior director of social media and digital communications, has publicly confirmed that non-P2P applications are being affected by this misconfiguration. Specifically;

As some of you are aware, Rogers recently made some upgrades to our network management systems that had the unintended effect of impacting non-p2p file sharing traffic under a specific combination of conditions. Our network engineering team is working on the best way to address this issue as quickly as possible. However, I’m not able to provide any updates at this time about when this will be fixed. Our network management policy remains unchanged. You can find details of our policy here (»www.rogers.com/web/content/netwo···nagement). We are working hard to ensure that there are no gaps between our policy and the technology that enables that policy.

Keith’s public statement came about a month after people began reporting this problem (September 20, 2010) and after his comment the problem remains unresolved over a month later (now December 3, 2010). There has been a massive delay in recognizing a problem, and an even more massive delay in resolving it.

Problems in Governance

Since September, one forum user has reportedly submitted a complaint to the CRTC. The result is that Rogers has to either reverse its present policies and stop throttling downloads or change their terms of service to reflect their current practice of throttling downstream traffic. While Rogers is to be commended for leaving a comment in a public forum and acknowledging the problem, they have not been particularly proactive in notifying their end-users about the problems with the company’s DPI appliances. As noted in the threads on DSLreports, low level technical staff ascribe degraded service of P2P and non-P2P applications alike to customers’ use of P2P applications. While there may be a correlate relationship, the root cause (improperly configured network infrastructure) is not being identified over the phone.

Such ascriptions indicate that customer service has not been properly notified of DPI-related network degradation problems. Though the senior director of social media and digital communications is aware of these problems, no notice is posted on their social-media inspired RedBoard website or to be found on their traditional corporate website.

To begin, this failure of network configuration suggests that Rogers’ testing system needs to be refined. I expect that Rogers’ professional networking staff tested the network updates – either in an isolated test network that replicates real-world conditions or in a small portion of their production network. Doing anything else would constitute an incredibly arrogant and inappropriate deployment regime, and I cannot believe that Rogers’ networking staff would behave in such an unprofessional manner. What is more likely is that the micro-level tests were either too narrow or the derived findings were misunderstood/ambiguous. Such a failure in the testing regime demands a reevaluation of how engineers make upgrades to the Rogers networks and is especially important given that the error has resulted in a material degradation of service – a change that requires Rogers to notify various actors prior to the modification.

The lack of widespread attention to the problem – at customer service, at their informal website or at their formal corporate website – indicates an additional issue concerning staff and (by extension) customer education. Customers are unlikely to know the source of their network-related problem because Rogers has only acknowledged the misconfiguration in limited channels. A customer shouldn’t have to (and is unlikely to) dig into the depths of a specialized web forum to learn about material changes that have affected their network service for a prolonged period of time, regardless of whether the changes are intentional or not.

Finally, the misconfiguration of Rogers’ equipment shows a failure to proactively notify customers of problems. I’ve contacted a host of Rogers customers over the past day, asking similar questions: Are you experiencing particular degradations of service? (All responses: yes.) Have you been contacted about the problem by Rogers? (All responses: no.) While I appreciate that it would be challenging to call every single customer, a mass email to all Rogers customers would not be a financially expensive operation, nor would a posting on their corporate website. That the company has remained relatively quiet about known issues on its network for over 60 days, knowing that network changes have had material impacts on the quality of service and that are in violation of their network management policy, speaks poorly of the company’s willingness to openly address the problem.

The Impacts of Control

There are consequences associated with running a partially controllable network, a network that is “generally open to new applications, but can be used to block them selectively” (van Schewick 2010: 288). Shifting network architectures away from the end-to-end model and towards applianced models of network connectivity “increases the relative costs of innovation and decreases the relative benefits for independent innovations” (van Schewick 2010: 289). Such changes threaten the development of novel applications that could improve the utility derived from Internet access, as well as potentially imposing constraints on technology and (metaphorically) killing the goose that lays the golden egg (Greenstein 2001: 390).

DPI has been deployed to provide ISPs with insight into, and control over, their customers’ data transmissions. Such insight is needed because applications at the ends of the network are less and less trustworthy; port obfuscation, payload encryption, randomized initial packet exchanges and more are designed to hide what applications customers are using. ISPs assert that they need to better understand the packets in their entirety to properly identify applications and transit their associated packets. In essence, ISP routers cannot trust applications to ‘honestly’ disclose their packets and so ISPs aim to ‘restore’ this trust by inspecting most/all packets that go through their routers. Thus, restoring trust has led ISPs to increase middle-network intelligence and required customers to trust network providers more than when providers operated as ‘simple’ transit networks.

The problem with adding intelligence into the middle of the network is that middle-network failures have broader impacts than failures at the ends. Per Blumenthal and Clark (2001):

Network designers make a strong distinction between two sorts of elements – those that are “in” the network and those that are “attached to,” or “on,” the network. A failure of a device that is “in” the network can crash the network, not just certain applications; its impact is more universal. The end-to-end argument at this level thus states that services “in” the network are undesirable because they constrain application behaviour and add complexity and risk to the core (201).

Blumethal and Clark’s approach to the end-to-end principle restricts the ‘narrow’ version of the end-to-end argument that van Schewick has identified. The narrow version of end-to-end asserts that “A function should only be implemented in a lower layer, if it can be completely and correctly implemented at that layer. Sometimes an incomplete implementation of the function at the lower layer may be useful as a performance enhancement” (2010: 58). Such narrow approaches to the end-to-end principle were meant to try and help implement applications, whereas many present understandings of this principle are used to justify hostile intentions, seeing ISP engineers prevent things from happening on the network and blocking certain applications (Blumethal and Clark 2001: 106-7). The effect overall is to reduce the generativity of network itself, reducing its “capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences” (Zittrain 2008: 70).

Finally, the appropriateness of network control varies depending on the reader’s understanding of the term ‘network management’. The issue with ‘reasonable network management’ language is that it tends not to describe an engineering principle but a policy decision. Such policy decisions are made by weighing legitimate technical and business goals with what society will bear in regards to principles such as user privacy. Thus, reasonable network management is unlikely to correlate with Paul Ohm’s definition, where the term exclusively refers to:

…the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems (51).

In aggregate, the introduction of control has a series of impacts. Realigning where intelligence is located in the network changes the risks and cost/benefit structure for innovators at the ends of the network. That ISPs such as Rogers can have misconfigurations lasting over 60 days that detrimentally affect P2P and non-P2P applications alike is problematic. Individuals are unlikely to know who is to blame and such misconfigurations may increase unpredictability of application discrimination to the point where innovators and developers abandon or limit Internet-interfaced application creation. If application-like services from the ISP continue to work (e.g. Rogers On Demand Online) people may be led away from non-proprietary streaming and content delivery services in favour of the ISP’s monetized systems. Moreover, when the ISP’s own services are not impacted by network misconfigurations there is less of an incentive for their engineers to quickly resolve the problem.

Finally, the quiet (if accidental) increase in network control also has the effect of potentially undermining the trustworthiness of the network itself. If DPI was (in part) installed because of untrustworthiness at the ends, now consumers and developers alike have less reason than before to trust the middle and core of the networks. Trust and transparency, it seems, are lacking throughout the network.

Third-Party Oversight

The capacity for large ISPs to modify data transit conditions in a seemingly randomized manner is made possible by the packet monitoring and control systems now grafted into ISPs’ networks. Given the impacts that control can have on the future of telecommunications a trusted third-party is needed. This party should monitor how ISPs govern data traffic, alerting citizens and regulators alike if ISPs are found discriminating against ‘non-problematic’ traffic types or violating their own terms of service. Such a party does not necessarily need to dogmatically require all ISP actions fit within the end-to-end principle. Let me illustrate what this might mean.

While Jonathan Zittrain worries about the installation of intelligence into the network he also argues that we must abandon strict adherence to end-to-end neutrality. Zittrain asserts that we would be well served to replace the end-to-end principle with a generativity principle, “a rule that asks that any modifications to the Internet’s design or to the behaviour of ISPs be made when they will do least harm to generative possibilities” (2008: 165). For such a system to be adopted, however, there must be some third-party that is technically competent and that can audit what ISPs are doing to their networks.

The hope is that by introducing a third-party between customers and ISPs some of the mutual antagonism between these two parties might be alleviated, whilst also reducing some of the privacy concerns associated with DPI more generally. Specifically, the third-party would lack a profit-based motivation to access personal information and could, as part of its mandate, oversee the limitation of ISPs’ access to personal information where the information isn’t relevant for business purposes.

While key-signing authorities could theoretically operate as one of the neutral third-parties, there remains a question of trusting the third-party itself. VeriSign, as an example, presently works alongside American copyright groups and changes DNS entries for some .com addresses and could do the same for .net addresses. As a result, VeriSign couldn’t be considered a trusted third-party because of this partisan behaviour. Thus, any party exercising oversight of ISPs ought to be composed of a set of neutral third-parties so that if/when a member reveals itself as no longer trustworthy the entire oversight committee/board/organization doesn’t collapse.

Such an oversight body (in Canada) could be associated with, but independent of, the CRTC. The body ought to be resourced regardless of whether its investigations embarrass ISPs or its regulatory parent. Its acting commissioner should be appointed for a significant period of time. Further, the commissioner should retain independent authority over who to hire, within requirements set by the CRTC. Anticompetitive actions or those in breech of acceptable use policies, network policy agreements, service level agreements or privacy policies should be fully disclosed to the public by this independent body. ISPs could not claim confidentiality to hide their actions or network configurations when their actions or network configurations violate their public statements, agreements, or CRTC decisions. The threat of this transparency into ISP network operations could and should cause ISPs to be more cautious and measured in their actions, reducing the likelihood of network misconfigurations or at least limiting the duration of misconfigurations. Additionally, this body might generate trust with the public by separating its policies from the more formal regulatory hearings at the CRTC.

Is such an oversight body a pipe dream? Perhaps, but not an entirely unreasonable one. The CRTC is increasingly under pressure by members of the public to be more transparent or dissolve, and telecommunications companies in general are distrusted by Canadians. Adopting an independent oversight board – one solely responsible for audits and oversight of ISP networks, and ensuring compliance with existing CRTC policies – could realign the trust Canadians put in carriers and practically demonstrate the value and legitimacy of the CRTC to the Canadian people.

Book Sources:

Blumenthal, Marjory S. and Clark, David D. (2001). “Rethinking the Design of the Internet: The End-to-End Arguments vs. the Brave New World” in B. M. Compaine and S. Greenstein (eds.). Communications Policy in Transition: The Internet and Beyond. Cambridge, Mass.: The MIT Press.

Greenstein, Shane. (2001). “Copyright in the Age of Distributed Applications” in B. M. Compaine and S. Greenstein (eds.). Communications Policy in Transition: The Internet and Beyond. Cambridge, Mass.: The MIT Press.

van Schewick, Barbara. (2010). Internet Architecture and Innovation. Cambridge, Mass.: The MIT Press.

Zittrain, Jonathan. (2008). The Future of the Internet and How to Stop It. New Haven: Yale University Press.

Other posts you might be interested in:

1. Deep Packet Inspection and Consumer Transparency
2. Background to North American Politics of Deep Packet Inspection
3. Draft: What’s Driving Deep Packet Inspection in Canada?