Technology is neither good or bad. It’s also not neutral. Network neutrality, a political rallying cry meant to motivate free-speech, free-culture, and innovation advocates, was reportedly betrayed by Google following the release of a Verizon-Google policy document on network management/neutrality. What the document reveals is that the two corporations, facing a (seemingly) impotent FCC, have gotten the ball rolling by suggesting a set of policies that the FCC could use in developing a network neutrality framework. Unfortunately, there has been little even-handed analysis of this document from the advocates of network neutrality; instead we have witnessed vitriol and over-the-top rhetoric. This is disappointing. While sensational headlines attract readers, they do little to actually inform the public about network neutrality in a detailed, granular, reasonable fashion. Verizon-Google have provided advocates with an opportunity to pointedly articulate their views while the public is watching, and this is not an opportunity that should be squandered with bitter and unproductive criticism.
I’m intending this to be the first of a few posts on network neutrality.[1] In this post, I exclusively work through the principles suggested by Verizon-Google. In this first, and probationary, analysis I will draw on existing American regulatory language and lessons that might be drawn from the Canadian experience surrounding network management. My overall feel of the document published by Verizon-Google is that, in many ways, it’s very conservative insofar as it adheres to dominant North American regulatory approaches. My key suggestion is that instead of rejecting the principles laid out in their entirety we should carefully consider each in turn. During my examination, I hope to identify what principles and/or their elements could be usefully taken up into a government-backed regulatory framework that recognizes the technical, social, and economic potentials of America’s broadband networks. Read more…
One of the largest network vendors in the world is planning to offer their ISP partners an opportunity to modify HTTP headers to get ISPs into the advertising racket. Juniper Networks, which sells routers to ISPs, is partnering with Feeva, an advertising solutions company, to modify data packets’ header information so that the packets will include geographic information. These modified packets will be transmitted to any and all websites that the customer visits, and will see individuals receive targeted advertisements according to their geographical location. Effectively, Juniper’s proposal may see ISPs leverage their existing customer service information to modify customers’ data traffic for the purposes of enhancing the geographic relevance of online advertising. This poses an extreme danger to citizens’ locational and communicative privacy.
Should ISPs adopt Juniper’s add-on, we will be witnessing yet another instance of repugnant ‘innovation’ that ISPs are regularly demonstrating in their efforts to enhance their revenue streams. We have already seen them forcibly redirect customers’ DNS requests to ad-laden pages, provide (ineffective) ‘anti-infringement’ software to shield citizens from threats posed by three-strikes laws, and alter the payload content of data packets for advertising. After touching the payload – and oftentimes being burned by regulators – it seems as though the header is the next point of the packet that is to be modified in the sole interest of the ISPs and to the detriment of customers’ privacy. Read more…
Forrester has come out with a report that, in Susana Schwartz’s summary, “suggests that more should be done to integrate data about [ISPs’] customers’ online behaviours to offline systems.” In effect, to assist ISPs monetize their networks they need to aggregate a lot more data, in very intelligent ways. The killer section of the actual report is summarized by a Forrester researcher as follows:
“By integrating online and offline data, operators and their enterprise customers could add information about customers’ online behaviors to existing customer profiles so that CSRs could more efficiently handle calls and provide more relevant cross sell/upsell opportunities,” Stanhope said. “So much of the customer experience now comes from online activities that there is a huge repository of data that should be pushed deeper into enterprises for insights about interactions; enterprises collect so much data about what people do and see on their Web sites, yet they do little to draw insight.”
The aim of this is to ‘help’ customers find services they unknowingly are interested in, while making ‘more intelligence’ available to customer service representatives when customers call in. We’re talking about a genuinely massive aggregation of data that goes through ISP gateways and a dissolution of Chinese firewalls that presently segregate network logs with (most) subscriber information. Just so you don’t think that I’m reading into this too deeply, Stanhope (a senior analyst of consumer intelligence with Forrester Research) said to Schwartz:
Our clients are starting to plan for and lay the technical foundational by looking at how to bring together disparate environments, like CRM databases and customer databases, and then what they have to do to gather Web data, social media and search data so they can leverage what they already have … Many are now starting to look at how that can be a hub for Web data, which can be leveraged by other systems.
It’s this kind of language that gets privacy advocates both annoyed and worried. Annoyed, because such a massive aggregation and usage of personal data would constitute a gross privacy violation - both in terms of national laws and social norms - and worried because of the relative opaque curtain separating their investigations from the goings-on of ISPs. When we read words such as Stanhope’s, correlate it with the vendor-speak surrounding deep packet inspection, and look at the technology’s usage in developing consumer profiles, there is a feeling that everyone is saying that DPI won’t and can’t be used for massive data aggregation as configured…but it could and (Stanhope hopes) likely will once the time is right.
Canada has a strong regulatory position against the use of DPI or other network forensics for the kind of actions that Stanhope is encouraging. This said, given that ‘research’ groups like Forrester along with other parties that pitch products to ISPs are making similar noises (as demonstrated at last year’s Canadian Telecom Summit) a nagging pit in my stomach reminds me that constant vigilance is required to maintain those regulatory positions and keep ISPs from bitting into a very profitable - but poisonous for Canadians’ privacy - apple.
The web operates the way it does, largely, because there is a lot of money to be made in the digitally-connected ecosystem. Without the revenues brought in by DoubleClick, as an example, Google would likely be reluctant to provide its free services that are intended to bring you into Google’s ad-serving environment. A question that needs to be asked, however, is whether DoubleClick and related ad delivery systems: (a) collect personal information; (b) if the answer to (a) is “yes”, then whether such collections might constitute privacy infringements.
In the course of this post, I begin by outlining what constitutes personal information and then proceed to outline DoubleClick’s method of collecting personal information. After providing these outlines, I argue that online advertising systems do collect personal information and that the definitions that Google offers for what constitutes ‘personal information’ are arguably out of line with Canadian sensibilities of what is ‘personal information’. As a result, I’ll conclude by asserting that violations may in fact be occurring, with the argument largely emerging from Nissembaum’s work on contextual integrity. Before proceeding, however, I’ll note that I’m not a lawyer, nor am I a law student: what follows is born from a critical reading of information about digital services and writings from philosophers, political scientists, technologists and privacy commissioners. Read more…
