Technology, Thoughts, and Trinkets » Thoughts

ISPs, Advocates, and Framing at the 2011 Telecom Summit

Christopher — Wed, 15 Jun 2011 02:02:36 +0000

Image by Steve Rhode

Each year Canada’s leaders in telecommunications gather at the Canadian Telecommunications Summit to talk about ongoing policy issues, articulate their concerns about Canada’s status in the world of telecommunications, and share lessons and experiences with one another. This years Summit was no exception. While some commentators have accused this year’s event of just rehashing previous years’ content – it is true that each Summit does see similar topics on the conference agenda, with common positions taken each year – there are some interesting points that emerged this year.

Specifically, discussions about the valuation of telecom services regularly arose, discussions of supply and demand in the Canadian ISP space, as well as some interesting tidbits about the CRTC. For many people in the industry what I’ll be talking about isn’t exactly new; those not inside the industry’s fold, however, may find elements of this interesting. After outlining some of the discussions that took place I will point to something that was particularly striking throughout the Summit events I attended: Open Media loomed like a spectre throughout, shaping many of the discussions and talking points despite not having a single formal representative in attendance.

Value Propositions

Throughout the Summit speakers regaled the audience with just how much Canadians take advantage of the Internet; we are the most prolific users of YouTube, heavy users of Facebook, and are online for longer periods of time than many other countries’ citizens. Thus, from the telecommunications perspective, current pricing models and bandwidth allowance conditions are set so that consumers still enjoy high value from their services. Interestingly, while Canadians my be online for greater periods of time Europeans are actually consuming twice as much bandwidth as North Americans. To clarify, customer value propositions almost uniformly adhere to the following equation:

Value to customers = Benefits received by customers – cost of service/good

Given that prices for broadband are typically lower in Europe, and that members of the EU are even more prolific users of broadband (presumably also receiving at least equal benefits as Canadians) it would seem that the value to consumers provided by European carriers is actually higher than that provided to Canadians.

During the Summit, ISPs were informed by policy management vendors that the complementary products that compose a significant facet of ISPs’ revenue streams are in danger. Sandvine’s President and CEO, Dave Caputo, pointed to a report from Barclay’s capital equity research that found voice traffic was presently worth about 10,000 Euro/GB of traffic, text messages about 30,000 Euro/GB, and pure data transmissions only about 5 Euro/GB. Further, Mark Henderson (President and CEO of Ericsson Canada Inc.) asserted in his keynote that voice traffic was effectively noise on mobile networks on the basis that voice traffic accounts for almost single digital percentages of overall data transmissions. As a result, voice services are decreasingly seen as effective profit centers. Taken together, it would appear that the value proposition of offering all you can eat broadband services is diminishing from a carrier perspective whilst consumer value propositions from such models continue to increase as Internet experiences become richer and richer.

More generally, with the introduction of more and more services that are designed to use data, and that let people cut SMS and voice plans, core mobile profit centres are threatened. Of course, such centers are perhaps enhanced whenever customers exceed their data plans and receive incredibly high bills that price bandwidth capacity usesignificantly above the ‘bucket’ cost of data. While the ‘overage market’ might be seen as a potential site of revenue growth, carriers and vendors alike suggested that differentiated service offerings are a preferred means of enhancing customer value propositions. Generally, the argument was that customers want the experience of regular and predicable billing, and that the potential of overage charges are a limiting factor in driving data usage. In a differentiated service model customers might choose particular kinds of data-based services; perhaps they receive email and access to social networking sites but lack access to the web generally, or have to pay a certain amount to receive ‘so much’ web access over the course of a month. What remains unclear to me is that:

Users actually want a differentiated offering. Instead, they seem to want to avoid bill shock. Differentiated billing is not the solution to the problem facing consumers, though effective policy controls that stem the ability of users to massively exceed their monthly data caps would (in part) resolve the ‘pain point’ felt by consumers. Further, where overages occur prices should be fair; there is no clear reason why someone that uses an extra few gig of mobile data should have to mortgage their home to pay off a monthly cellular bill.
Service differentiation necessarily reduces the amount of bandwidth that users will consume. While this may be the case sometimes it seems as though the emphasis should be on data usage instead of service usage. In a ‘Facebook package’ can individuals click the links associated with people’s Walls? Watch embedded videos? Upload an infinite number of photos? If not, then are individuals receiving a ‘Facebook’ experience where that experience is dependent on the socialized nature of sharing and access to the greater web? Is someone who uploads hundreds or thousands of photos to Facebook a less prolific user of data as compared to someone who checks a few emails and browses the web a little bit every day?

This isn’t to say that I don’t understand carriers’ fear of the Over-the-Top services that are slamming their complementary products. At peaks times of the day Netflix is currently accounting for around 29-30% of all data traffic in North America, and accounts for 13.5% of Canadian traffic during peak periods. The rise of high-quality on-demand OTT content also changes the language of carriers: legitimate customers who are accessing well integrated and easy to use OTT services are driving growth, not ‘content thieves’. No longer are carriers’ portals competing with infringing content but legitimate content, and while carriers were quick to tout the ‘large’ number of online offerings they have through their portals what struck me was that in at least the case of Videotron I personally have more legitimate content on my home NAS than their company makes available to their consumer base. This is not the case when contrasting my personally stored media content against that of Netflix’s library! I recognize that part of the problem facing carriers today relates to rights clearing, but given just how vertically integrated many of the largest carriers are I cannot see consumers genuinely sympathizing with their ISPs and television providers. Instead, customers are ‘enjoying’ low data caps that punish excessive enjoyment of OTT, non-carrier provided, content: the pain point around costs of bandwidth capacity provision are driven by carrier scarcity of legitimate online content combined with high overage costs, not with ‘data hogs’ that are violating social norms by watching their movies and TV from the Internet.

Supply vs. Demand and Spectrum Framing

Throughout the Summit, attendees (and members of the various government regulatory bodies) heard that ‘supply isn’t the problem, demand is!’ In effect, Canada’s telecommunications companies were stating that they are meeting the expectations of Canadians and that the companies would continue to meet expectations in the future. Consumers themselves were seen as the problem in the supply/demand curve of Canadian telecommunications. Specifically, carriers can move large capacities of traffic but there are many Canadians that cannot access even basic computer services. Without access to computers, combined with high levels of literacy, consumers cannot understand the benefit of broadband.

Mark Goldberg, one of the two primary organizers of the Summit, began his address on the first day with this point and it was reiterated throughout the event. Interestingly, Rob Bruce (President of Rogers Communications) recognized that his company had to do a better job in making access to devices, and their daily use, a simpler experience. He also recognized that Canadians needed to be able to control their ‘digital consumption’. While on the one hand I agree with this sentiment (because of the horrendously high overage fees potentially facing mobile and wireline consumers of Canadian providers) I worry that this is really an indirect way of asserting that managed networks and differentiated access types to the Internet are ‘needed’ by today’s consumers. Further, if such a managed and differentiated product offering is required to avoid high overage fees and afford some sense of monthly financial security, then one has to wonder how effectively the ‘supply’ side of the supply/demand equation is really being handled. Managing resources to maximize return on supply is not the same thing as establishing a healthy supply/demand equilibrium that conforms to basic economic theory and free market expectations.

If supply truly is meeting demand today (a questionable position based on carriers’ stated needs to throttle traffic throughout the day and charge grossly highly overage fees for bandwidth capacity use) then we might wonder about the regularized scare tactics surrounding Long Term Evolution (LTE) deployment in Canada. Access to the 700 MHz spectrum was a regular point of contention throughout the Summit, with carriers insisting that next-generation Internet services were dependent on each carrier receiving a large amount of that spectrum block. Discussions over wireless spectrum saw some ISPs advocate for entirely open auctions that avoid set-asides for new(er) entrants and others demanding spectrum set-asides or offering their own policy models that favor new(er) carriers.

For those not invested in the spectrum debates, the 700 MHz block is presently used for analogue television and is soon to be auctioned off once all television in Canada has migrated to digital systems. This particular block of spectrum is terrific at travelling long distances and passing through structures and other physical objects. Large carriers assert that delivering high-speed broadband to rural and remote locations will prominently require LTE technologies. Further, these same carriers threaten that LTE systems will be experience delayed deployments (or not be deployed at all) if they are not given access to the 700 MHz spectrum block. A critical observer might wonder whether those companies’ shareholders will stand for the executive and board simply refusing to keep updating systems with the times, perhaps using non-beachfront spectrum, if not upgrading will reduce shareholder returns. The same observer might also wonder at just how often the larger providers have actually carried through with such threats of non-investment.

More generally, the efforts to frame the upcoming spectrum auctions were fast and furious, with each large company getting time on stage to talk to an audience composed of other telecommunications providers, regulators, media, and a precious few academics and students. The regulatory staff that I spoke to were all aware of the framing process – some found it moderately amusing – but it’s important to note not just what was said and who said it, but what wasn’t said and who didn’t have a chance to speak. Specifically, the strong positions taken by groups such as CIPPIC and Open Media over the past few years in public and regulatory spaces were not articulated by members of those groups, nor were they given between a half-hour or an hour of stage time. More carefully stated, a framing process entails groups identifying a problem, groups responsible for it, and policy solutions to correct it. For all parties to have an equal handle in trying to shape the agenda, all must be permitted to proceed through the framing process during moments where the elites of the policy subsystem meets. Unsurprising, given the highly corporatized nature of the Summit, members of advocacy groups and coalitions were not invited to speak and have a shake at shaping Canada’s telecommunications regulatory agenda.

This isn’t to say, of course, that advocacy voices were entirely silent: John Lawford from PIAC spoke, as did Commissioner Stoddart. Neither focused on spectrum, but instead of specific harms experienced by Canadians. Their contributions operated within the conservative nature of the telecommunications subpolicy group, insofar as they slightly expand the scope of discourse without significantly throwing off or challenging ISPs’ cohesive framing (and exclusion/denigration) efforts.

Throughout the Summit there was a regular emphasis on disdain towards advocacy groups that had garnered significant attention from the media and Canadians more generally: Open Media’s recent report was referred to as “an homage to state sponsored network neutrality and broadband” by TELUS’ VP Regulatory, the organization was accused of taking advantage of social media and undermining its value as a source of information by Rogers’ President of Communications and the group is apparently obscuring network realities as far as Videotron’s President and CEO is concerned. The regulator also got involved, when the Chairman of the CRTC asserted that the consumer groups generally had to get organized and expand their knowledge.

This kind of broad framing – of extinguishing the legitimacy of a large voice without letting it speak – indicates a pair of things;

Open Media has been incredibly successful in getting under telecommunications providers’ skins. I’ve never been at a Summit (or other large industry event, of any kind) where an advocacy group and its coalition has attracted so much explicit and implicit vitriol;
Some companies are now ‘framing’ the group’s crowd-source effects as illegitimate and thus trying to illegitimate other attempts to crowd-source information.

I don’t expect, nor am I suggesting, that framing entirely obfuscates or undermines the conditions of Open Media’s attempts to work in the telecommunications regulatory space, but it does work to identify ‘qualified’ epistemic elites by whom telecommunications should be handled. The long-term consequences of depriving this advocacy group a voice at the Summit is to simultaneously reaffirm the legitimacy of actors that are present and harden combative language amongst the various members, as well as confirm that Open Media is a recognized adversary in Canada’s telecom space. This isn’t to suggest that providers have some kind of a ‘battle plan’ – there isn’t a central organizer that is using this space to intentionally coordinate language – but rather the result of a closed communications loops that constitute an ‘iron triangle’. Such triangles are composed of closed and mutually supportive groups that see governmental agencies, special interest lobbying groups, and legislative (sub)committees working together to develop policy. Members of such groups are typically specialized in very particular policy areas and present a united front towards interlopers or outsiders who

attempt to invade their turf and alter established policies that have been worked out by years of private negotiations among the “insiders” … These triangles are said to be as “strong as iron” in that these mutually supportive relationships are often so politically powerful that representatives of the more general interests of society are usually effectively prevented from “interfering” with policy-making altogether whenever their concept of the general interest runs counter to the special interests of the entrenched interest groups, bureaucrats and politicians (Source).

The CRTC in Focus

The Chairman of the CRTC was at this year’s Summit, and as usual interesting little tidbits came out in his discussion with Summit co-organizer, Mark Goldberg. von Finckenstein was regularly asked questions that followed Open Media’s general talking points, including questions of structural separation, roles of consumer groups, and effectiveness of existing CRTC regulatory policies. During the questions the Chairman was asked about the CRTC’s research capacity: in effect, is the regulator conducting in-depth research of goings on around the world, or is it predominantly relying on what is provided to it by those coming before the regulator? While I had expected that the CRTC was stacked with some research analysts who conduct research, von Finckenstein instead said that while the CRTC has a good handle on ‘the basics’ it isn’t actually engaged in detailed research of any particular regulatory approach to telecommunications. His rationale was that if the Commission was involved in intense research then it would come to particular proceedings with biases that might limit their position as impartial regulators. While I can appreciate the sentiment here, it seems somewhat off-base: as a scholar I expect that when I submit a piece for peer-review that it will be treated fairly and as neutrally as possible. This said, expect that reviewers will have conducted research in similar topic areas and that they will have private opinions concerning the argument-types presenting. I fail to understand why the CRTC cannot conduct basic research to evaluate the claims made by carriers and consumer groups alike, balancing any claims against existing policy research and analyses that are both conducted in house and by other regulators/academics.

Somewhat distressingly, the Chairman asserted a point that those who have spent time watching the CRTC already knew: the CRTC is of the opinion that consumer groups should be driving complaints before the CRTC instead of consumers themselves. von Finckenstein maintains that the highly technical nature of filing complaints means that the process is ill-suited to average consumers and that, as a result, consumers need to organize and develop a broader knowledge base concerning telecommunications so that they can then file complaints as appropriate. This having been said, he also asserted that consumers don’t generally have problems communicating with the CRTC. While unstated, I suspect that this particular comment was meant to capture the individuals consumers who are filing ITMP complaints with the CRTC, though doubt that he appreciates the level of consumer resentment towards the CRTC’s apparently toothless enforcement of their own regulatory decision around traffic management policies in Canada. I also find it of concern that the Chairman focuses on consumer groups as chiefly responsible for the formal complaints: for the full range of consumer issues to be brought before the CRTC there must be enhanced funding for these very groups. Canada is not the US, it doesn’t have the support of private foundations that enable civil society to work in the favor of citizens and consumers. Ideally, if the Chairman were serious about his suggestion, he would also demand that additional funds be provided to consumer groups prior to filing a claim so that research and testing could be performed ahead of time. As the ITMP proceeding demonstrated, the costs associated with significant hearings are so high that few can afford to do the work and simply hope to get paid at the conclusion of a particular regulatory procedure.

Unsurprisingly, the Commissioner also asserted that ITMP audits were not something that CRTC was interested in conducting because any such practice would operate under the assumption that there might be something wrong in the first place. As a complaints-driven body it would be inappropriate to make such an assumption. This is unfortunate because it can be so challenging for individuals to actually trace the source of network-based problems. Further, it is in companies’ best interests to keep a shroud drawn tightly around themselves and their infrastructure operations to obfuscate their own misdeeds. Indeed, this very point has been made repeatedly by scholars in the telecommunications sphere but without a research wing it would appear that the CRTC is ignorant of the basic facts of corporate strategies that are designed to confuse consumers. Further, without such a research wing the Commission is apparently unaware that those conducting research on the outskirts of the network infrastructure will almost certainly have a very difficult, if not impossible, time trying to identify problems that reside within ISPs’ infrastructure.

The Haunting of Open Media

Open Media hung over most of the Summit as a spectre that could-not-be-named. Various CEOs, Presidents, and Vice-Presidents raised concerns over the role of advocacy groups. Rogers’ President of Communications worried that ‘special interests’ were undermining the value of social media as a source of fact-finding and outreach, Videotron’s President and CEO asserted that customers were happy with Usage Based Billing and that Open Media was just trying to obscure network realities and the Chairman of the CRTC maintained that a series of Open Media’s key issues (audits of ITMP systems, functional separation) were not issues that the regulator was willing to take up. TELUS’s Mike Hennessy stated (without defending the claim) that Open Media’s recent report, “Casting an Open Net: A Leading-Edge Approach to Canada’s Digital Future,” was homage to state-sponsored network neutrality and broadband. Further, it was suggested that Open Media should have been the consumer group that was present at the annual ‘Regulatory Blockbuster’ panel instead of PIAC, based on each consumer groups’ relative prominence in the broadband space this past year. It is admittedly somewhat anecdotal, but a vast number of the conversations that I participated in over the two days I attended the Summit saw Open Media either directly or indirectly come up.

What does this mean for Open Media as an organization? To begin, it indicates that the organization is implicitly recognized as an actor in the Canadian telecommunications policy subsystem, as demonstrated both by their involvement in discussing policy issues and bargaining in pursuit of their interests, as well as by the agenda denial tactics that are being undertaken by incumbent subsystem actors. The group’s effectiveness is arguably tied to their ability to harness epistemic elites that are not typically associated with regulatory proceedings and while simultaneously forging alliances with established actors. Further, Open Media has a demonstrated an ability to capture public attention and focus government awareness on issues in a manner that simultaneously aligns and opens policy windows. As a result of their focusing efforts, the group have effected changes to the regulatory agendas.

The capturing of public attention is key to their status as members of this particular policy sub-community: while they present policy alternatives they have also leveraged the potential votes of their backers and thus seen political parties seek Open Media’s favor. As a result of their capacity to capture and harness public attention, Open Media is challenging existing policy monopolies by becoming a dark horse that frames problems differently than Canada’s dominant carriers and that demands solutions often diverging from carriers’. Despite this divergent framing and solution set, the organization has often attempted to link their own issue set with the government’s economic principles and objectives, defending their position by appealing to key regulatory directives and frameworks. This insulates some of their work from overt assault. In effect, Open Media is working to alter “policy images through a number of tactics related to altering the venue of policy debate” and is consequently undermining “the complacency or stability of an existing policy subsystem” (Howlett and Ramesh 2003: 139).

The organization’s actual impact in the formation of policy itself – decision, implementation, and auditing policy stages that follow agenda shaping – is less clear. Along with other sub-system actors, such as Jean-François Mezei, Open Media has successfully rebuffed at least one major policy initiative that was decided by the CRTC around UBB. The development of alternate policy principles and guidelines may assist in promoting their issue-set but the rate of seeing their suggestions introduced into regulatory policy will be delayed based on the complexity of the policy subsystem they are operating in. Further complicating their efforts are the constraints placed upon the regulators who are expected to make, implement, and regulate telecommunications policy. Consequently, incrementalist changes are most likely. Incrementalism does not necessarily mean that Open Media’s own policy initiatives and principles are transformed into policy, but that existing policy actors’ traditional principles, aims, and policy preferences may not be codified as rapidly as in the past. Further, traditional actors may need to modify their narrative and either incorporate some of Open Media’s language to hedge out the advocacy group or reorient their discourse to more effectively isolate and exclude Open Media as a legitimate policy actor. Regardless, for the moment at least Open Media has successfully intruded on a (relatively) monopolized policy subsystem and is affecting change, though it will be an uphill battle to establish themselves as a long-term member in Canada’s telecommunications policy network.

Text Sources:

M. Howlett and M. Ramesh. (2003). Studying Public Policy: Policy Cycles and Policy Subsystems (Second Edition). Toronto: Oxford University Press.

Other posts you might be interested in:

Security, Hierarchy, and Networked Governance

Christopher — Mon, 28 Mar 2011 17:00:23 +0000

Image by Håkan Dahlström

The capacity for the Internet to route around damage and censorship is dependent on there being multiple pathways for data to be routed. What happens when there are incredibly few pathways, and when many of the existing paths contain hidden traps that undermine communications security and privacy? This question is always relevant when talking about communications, but has become particularly topical given recent events that compromised some of the Internet’s key security infrastructure and trust networks.

On March 22 2011, Tor researchers disclosed a vulnerability in the certificate authority (CA) system. Certificates are used to encrypt data traffic between parties and to guarantee that security certificates are actually issued to the parties holding them. The CA system underpins a massive number of the Internet’s trust relationships; when individuals log into their banks, some social networking services, and many online email services, their data traffic is encrypted to prevent a third-party from listening into the content of the communication. Those encrypted sessions are made possible by the certificates issued by certificate authorities. The Tor researchers announced that an attacker had compromised a CA and issued certificates that let the attacker impersonate the security credentials associated with many of the world’s most prominent websites. Few individuals would ever detect this subterfuge. In effect, Tor researchers discovered that a central element of the Internet’s trust network was broken.

In this post I want to do a few things. First, I’ll briefly describe the attack and its accompanying risks. This will, in part, see me briefly discuss modes of surveillance and motivations for different gradients of surveillance. I next address a growing problem for today’s Internet users: the points of trust we depend on, such as CAs and the DNS infrastructure, are increasingly unreliable. As a result, states can overtly or subtly manipulate to disrupt or monitor their citizens’ communications. Finally, I suggest that in spite of these points of control, states are increasingly limited in their capacities to unilaterally enforce their will. As a consequence of networked governance, and its accompanying power structures, citizens can impose accountability on states and limit their ability to (re)distribute power across and between nodes of networks. Thus, networked governance not only transforms state power but redistributes (some) power to non-state actors, empowering those actors to resist illegitimate state actions.

The Attack

Your web browser has been programmed to trust certain figures of authority. When you visit your bank’s website, encrypted Facebook pages, secured email accounts, and so forth your browser engages in a cryptographic exchange to establish an encrypted communication session. This session prevents third-parties from intercepting the content of the communications. Establishing this private communication relies on public key cryptography. Under this cryptographic system, communicating parties assume that a hostile third party is trying to listen into the communication and thus only provide one half of the encryption key – the public key – in the clear. Private keys are subsequently used to decrypt the communications. They are never shared.

Many websites rely on certificate authorities to establish this cryptographic exchange. Certificate authorities issue digital certificates that include a public key that web browsers use to initiate encrypted communications with the website. A CA acts as a trusted third-party in any communications process because the visitor of a website (typically) assumes that the issued certificate actually belongs to the website in question. Further, the visitor assumes that only the website’s operator, and no third party, is privy to the website’s private key. Certificates are (ostensibly) only issued when a CA is certain the the individuals requesting the certificate actually run/control the website the certificate would be used at. Unfortunately, it has recently come to light that a CA, Comodo, issued certificates for the following websites:

mail.google.com (Gmail, google apps)
login.live.com (Hotmail and other live services)
www.google.com
login.yahoo.com (three separate certificates for this website)
login.skype.com
addons.mozilla.org (Firefox extensions)
“Global Trustee”

With these rogue certificates, an attacker could perform a man-in-the-middle attack on each of these websites, meaning that they could act as an intermediary for any communications between the two parties. This attack relies on both parties believing that they are talking directly with one another, when in fact the third party is between them and reading the content of the communications. SSL connections, such as those used by Facebook, Gmail, Yahoo! mail, Microsoft’s Live services, Skype, and Mozilla, are meant to defeat such an attack but this is only possible where authentic certificates are issued. In the case of rogue certificates, this assumption of trust is violated. The EFF is presently suggesting that the ‘Global Trustee’ certificate may permit an attacker to impersonate any domain on the web. By receiving certificates, the attackers are not only able to encrypt communications so that it appears legitimate (using the publicly available public key) but also receive the private key, enabling them to decrypt messages that are encrypted using that public key. In effect, whomever the attacker(s) is, they managed to break the Internet in incredibly significant way by exploiting one of the key nodes of trust in the online world.

Comodo, the CA that fell victim to this attack, is suggesting that individuals in Iran are likely responsible for having compromised a certificate-issuing account. This is based on the significant number of Iranian IP addresses that were used in launching the attack, the need to be a state-level actors to maximally exploit this weakness, the focus on communications websites instead of financial sites, and the Iranian government’s recent efforts to undermine and block encrypted communications. Comodo also believe that the attack was preplanned based on the attackers’ rapid generation of certificates for the above mentioned sites.

It should be noted that while it is a plausible theory that the attacker was Iranian, this is not the only possibility. Robert Graham, at Errata Security, quickly noted that the security industry,

has a flaw in it’s critical thinking process. When something happens, we try to fit it into the story of the day. For example, when Slammer first hit, everyone thought it was a DDoS attack, because DDoS was the major story of the day. Similarly, with the transparent proxying in Tunisia and political unrest throughout the Middle East, that becomes the dominant story. Any crumb of evidence, such as one of the addresses being located in Iran, is suddenly magnified to become the most important piece of evidence. In fact, it’s one of the least important pieces.

Thus, while Iran remains a likely suspect it is challenging to definitively ascribe blame of this attack to any actor without additional information.

What can be done with this information?

A considerable amount of intelligence gathering today depends on signals collection. In a digital world, this sees attackers survey networks of communication to identify the flows and types of communicative traffic between nodes (actors) that are communicating with one another. This approach was adopted during the second world war because communications were sufficiently encrypted that many couldn’t be decrypted in time for the message content to be useful. Since then, signals intelligence has proliferated alongside the the growth of strong encryption. Most recently, national security agencies have either invested in social media tracking tools or are having members of the government advocate on their behalf to acquire those tools. Such efforts are in addition to ECHELON, the NSA’s wireless wiretapping, and GCHQ’s drive to deploy deep packet inspection systems through ISPs’ networks. In short, signals intelligence is important in identifying key nodes in communications network, for understanding relationships between nodes, and for determining which nodes are sufficiently important to subvert them for content analysis.

In the case of the certificate compromise, an attacker can access the network that people communicate with and the content of their communications. Thus, a network analysis could be performed on a wide range of email, Facebook, and Skype accounts that were compromised, correlating address books and frequency of messaging to identify key nodes in a communications network. Having identified those nodes, and other key points in a communications network, the attacker could take the time to analyze the content of those communications and develop intelligence about the particularities of those communicators. In essence, breaking the CA trust system permits the mapping individuals and then investigating key individuals participating in the network.

If the attacker is, indeed, the Iranian government then dissidents who have used electronic communications have a right to be concerned. Google and Skype both provided encrypted means of communication to enable dissident communications, though Iran has a history of disrupting encrypted communications provided by Google, Yahoo!, and others. By actively undermining the trust relationship between Google et al. and their users, the government could theoretically permit dissidents access to ‘encrypted’ communications channels whilst listening into what was being said at the same time.

It must also be noted that, even though the attack has been identified and measures taken to remedy the problem, that this does not solve underlying problems. This is noted by Jacob Appelbaum, who writes that

an attacker who is able to [man-in-the-middle] SSL/TLS will also [man-in-the-middle] the [Online Certificate Status Protocol/Certificate Revocation List] requests. Moxie’s sslstrip demonstrated that an attacker would do this automatically and his software has done this for OCSP in public since 2009. Mozilla did not fix this issue at the time and they have once again punted on the issue. An even lower tech attack is possible and it’s why revocation does not work: By returning a HTTP 500 error, the browser will the continue on as if revocation checks showed the certificate to be perfectly fine.

This means that if web browsers are not updated (updates will include blacklists for fraudulent certificates) an attacker can convince a web browser that a faked certificate remains legitimate because the browser can be prevented from checking the validity of its current certificates against CAs’ lists of revoked certificates. Of note: if the “global trustee” certificate is, indeed, used to sign any domain it means that the attacker could successfully trick web browsers that navigate to any SSL ‘protected’ website. Thus, if a government is responsible for this action, it could follow dissidents to alternate encrypted channels that rely on a CA and continue to eavesdrop on the content of communications.

Hierarchy of Control

The Internet was designed to be a trusting network, and that trust is routinely exploited today. As a trusting network, a hierarchy of authority makes sense: there are simply some parties that you should always trust. When the Internet was still young there were personal relationships between users and those ‘in control’ of aspects of the system. Since the 80s and early 90s, however, hundreds of millions of people have come online: it’s no longer practical to call up a friend or file a quick support request to guarantee that a site, certificate, or other element of a hierarchical trust network is working properly. To demonstrate the problems related to the hierarchy of control/trust, let’s briefly consider the Distributed Name System (DNS) in addition to certificate authorities.

The DNS hierarchy correlates human-readable domain names to the Internet Protocol addresses that actual identify servers and communicating nodes on the network. Compromising the DNS by redirecting human-readable names to false IP addresses is a tactic used by the US government, and even less scrupulous attackers, to censor communications transmissions and inject malicious code onto individuals’ computers. There are some suggestions on how to combat low-level attacks.

One suggestion is to replace the present DNS infrastructure with DNSSEC, a secured version of the DNS protocol that would guarantee that domain names correctly resolved to IP addresses. Per Landau, DNSSEC provides two things:

Source authentication: A DNS resolver can verify that the information it received originally came from a DNS authoritative nameserver (one that the DNS resolver can “trust”).
Integrity verification: A DNS resolver can determine that the information it has received from the DNS nameserver has not been tampered with during transit from the original authoritative nameserver (2011: 60).

Unfortunately, DNSSEC depends on all nameservers in the DNS lookup chain being DNSSEC-enabled; if there is a break in this chain then the chain of authenticity cannot be trusted. We can imagine an authoritarian regime that controls DNS lookups refusing to join the DNSSEC system and thus its citizens would never enjoy the chain of trust. Further, if you cannot trust the root nameservers (as is the case with all .com, .net, and other top-level domains in the face of American abuse of the root nameservers) then the chain of trust envisioned by DNSSEC is impossible to establish or maintain. Thus, even were DNSSEC implemented today state-sanctioned abuse of the DNS hierarchy might not be prevented. There are also discussions of abolishing the DNS hierarchy entirely, replacing it with a horizontal, distributed, DNS system. Horizontal DNS systems are in their infancy, however, and can’t be expected to alleviate concerns about DNS abuse anytime soon.

Certificate Authorities are another point of trust in the trust hierarchy of the web but, as demonstrated by both Comodo’s security breech and the inability of web-browsers to effectively notify end-users of revoked certificates, CAs are also not to be trusted. As Chris Soghoian and Sid Stamm write in their paper “Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL“ governments in the West can compel certificate authorities to produce false SSL certificates that enable government surveillance efforts. This attack can be performed in such a way that few end-users would realize that they were being provided a modified certificate for a secure website. As a result we shouldn’t only fear how repressive governments invade private, encrypted, communications but be even more worried about so-called democratic governments that can secretly compel the largest Certificate Authorities in the world to issue forged certificates for government surveillance and wiretapping purposes.

States Adapt, Not Abandon, Sovereign Power

While optimists in the early 1990s hoped that the Internet would lead to an era where individuals were largely free of state censorship and control this has not been the case. Censorship and the mediation of data flows are prevalent actions that take place around the world by public and private actors. This said, we needn’t adopt Goldsmith and Wu’s (2006) strong thesis that the Internet is being ‘bordered’ by nation-states, with such bordering degrading the Internet’s democratic potentialities. We might instead adopt Cowhey’s and Mueller’s (2009) more moderate thesis, that the Internet is mediating states’ modes of governance; states are being forced to exercise influence to shift flows of power in today’s networked governance environments instead of dictating the direction of flows. While this isn’t a new mode of directing power relationships, it is significant that clear-cut expressions of sovereign power encompass increasingly small spectrums of society; even in the face of revolution states must negotiate with international organizations on topics such as telecommunications, finances, and human rights. States are increasingly unable to just ‘retreat’ into their borders and act without grievous consequences to their economic and political well-being.

Today’s networked state is “characterized by shared sovereignty and responsibility between different states and levels of government; flexibility of governance procedures; and greater diversity of times and spaces in the relationship between governments and citizens compared to the preceding nation-state” (Castells 2009: 40). Where the state strongly influences the necessary nodes for digital communications, such as ISPs, they can dictate conditions that must be followed to behave as a node. In Iran, we see this through ISPs’ requirements to comply with government censorship and complicity in state surveillance efforts. The newly networked state is vulnerable, however, to acts of resistance that block the switches responsible for connecting nodes throughout the network – if command and control cannot be communicated between points then the exercise of networked power is significantly reduced. Thus, surveillance capabilities that are disaggregated across a spectrum of actors are only effective in their roles if they can correlate and act on their findings somehow; should the communications networks required for such sharing be closed or rendered transparent to the public a state’s surveillance capabilities are compromised.

In the case of Iran and its most recent actions, we might question the adequacy of some surveillance scholarship to effectively classify state surveillance programs. While arguably true that surveillance is intended to “precede the event” and “code” bodies across ambiguous spaces and times (Lyon 2003) the intensity of personal surveillance directed at individuals suggests that we must be wary of making strong claims about surveillance technologies. In stating that “[s]urveillance technologies do not monitor people qua individuals, but instead operate through processes of disassembling and reassembling. People are broken down into a series of discrete informational flows which are stabliized and captured according to pre-established classificatory criteria” (Haggerty and Ericson 2007) it is important to acknowledge that the networked state can express power in ways similar to the sovereign state. While the repressive networked state operates through an assemblage of techniques, variety of nodes, and acts according to networked governance principles, it may remain intensively interested about individuals. Rather than monitoring flows for information abstracted from individuals, the very intention of examining flows may be to become better ’acquainted’ with individuals. Indeed, when participating in a network requires authenticating against a subscriber database (the case for many digital connections) a digital surveillance system may begin with the individual and ‘simply’ correlate flows to that individuals and parties the individual is associated with. Where this is the case an individual’s identity operates as the key orienting factor of surveillance instead of being a secondary facet of the monitoring process. In effect, while the network state may change its techniques of surveillance we should avoid stating that altering technique means that models of data aggregation and the intentionality driving surveillance are necessarily also altered.

The operation of extensive Internet-based surveillance facilitated by networked governance underscores Galloway’s argument that control and surveillance have operated at the heart of the Internet since its beginning (Galloway 2004). While true that the manifestations of control are variable, variability alone does not negate the fact that protocological analysis and control are located at the heart of contemporary data networks. Today we see efforts to weaken control by separating and ‘freeing’ the physical, logical and content layers of the Internet (Benkler 2006; Wu 2010) but not all state governance models are receptive to such a distinction, to say nothing of the liberation associated with Benkler’s compassionate liberalism. This is especially the case where the state is hostile to having its power disagregated, and is actively invested in transitioning as many of its sovereign capabilities to its newfound operation as a contemporary networked state. The willingness of states to adopt a separation thesis is perhaps best revealed when considering their attitudes towards the Internet’s hierarchical points of control: where governments resist horizontal network (re)development and instead support ‘better secured’ vertical networks we can intuit a residual desire to retain traces of classic sovereign power. It should be noted, that neither Iran, nor the United States government, nor the European Union, is seriously committed to reshaping the certificate authority system or moving towards a distributed DNS system that is resistant to state-sanctioned influence and interference.

So, what are the solutions to disrupting the networked state? Hardt and Negri (1999) argue that nomadic actions – those which quickly emerge and then recede into the noise of society – provide a means of hindering the globalized, networked, state. Indeed, as the state responds and reforms itself in responding to nomadic disruptions the nomads display their power to reconfigure facets of the state and its accompanying institutions. Civil advocates such as the Electronic Disturbance Theatre suggest that DDoS attacks that digitally mirror sit-ins can weaken the nodes of influence and control that networked governance regimes rely when exercising their power. Further, the networked state is situated within global networks of power and thus regularly struggles with external governing agents to assert its preferences. This affords dissidents with another avenue to affect change on the state: they can act upon repressive states through the international networks that repressive states hold membership in. Finally, authoritarian regimes and democratic states alike, along with their technical talent, must now confront well resourced multinationals, NGOs, and private citizens who may oppose the state’s governing influence. The capacity of these non-state actors to interrupt the state’s governance functions that are reliant on digital networks is a more significant threat today than it was a decade ago, and this new vulnerability affords new opportunities to disrupt the routines of power that constitute the networked state’s capacity to act. In disrupting the very points that afford control – the DNS, CA networks of trust, and the like – and by implementing competing non-hierarchical alternatives to current vertical power networks, states’ powers can be further disaggregated and their sovereignty made increasingly accountable to the world’s networked citizenries.

Text Sources:

Y. Benkler. (2006). The Wealth of Networks: How Social Production Transforms Markets and Freedom. New Haven: Yale University Press.

M. Castells. (2009). Communication Power. Toronto: Oxford University Press.

P. Cowhey and M. Mueller. (2009). “Delegation, Networks, and Internet Governance” in

K. Haggerty and P. Ericson. (2007). “The New Politics of Surveillance and Visibility” in K. G. Haggerty and P. Ericson (eds). The New Politics of Surveillance and Visibility. Toronto: University of Toronto Press.

M. Kahler (ed.). Networked Politics: Agency, Power, and Governance. London: Cornell University Press.

J. Goldsmith and T. Wu. (2006). Who Controls the Internet? Illusions of a Borderless World. Toronto: The Oxford University Press.

S. Landau. (2011). Surveillance or Security. Cambridge, Mass.: The MIT Press.

D. Lyon. (2003). “Surveillance as social sorting: computer codes and mobile bodies” in D. Lyon (ed.). Surveillance as Social Sorting: Privacy, Risk and Digital Discrimination. New York: Routledge.

A. Negri and M. Hardt. (2000). Empire. Cambridge, Mass.: Harvard University Press.

T. Wu. (2010). The Master Switch: The Rise and Fall of Information Empires. New York: Knopf.

Other posts you might be interested in:

Agenda Denial and UK Privacy Advocacy

Christopher — Wed, 19 Jan 2011 18:00:07 +0000

Photo by StartTheDay

Funding, technical and political savvy, human resources, and time. These are just a few of the challenges standing before privacy advocates who want to make their case to the public, legislators, and regulators. When looking at the landscape there are regularly cases where advocates are more successful than expected or markedly less than anticipated; that advocates stopped BT from permanently deploying Phorm’s Webwise advertising system was impressive, whereas the failures to limit transfers of European airline passenger data to the US were somewhat surprising.[1] While there are regular analyses of how privacy advocates might get the issue of the day onto governmental agendas there is seemingly less time spent on how opponents resist advocates’ efforts. This post constitutes an early attempt to work through some of the politics of agenda-setting related to deep packet inspection and privacy for my dissertation project. Comments are welcome.

To be more specific, in this post I want to think about how items are kept off the agenda. Why are they kept off, who engages in the opposition(s), and what are some of the tactics employed? In responding to these questions I will significantly rely on theory from R. W. Cobb’s and M. H. Ross’ Cultural Strategies of Agenda Denial, linked with work by other prominent scholars and advocates. My goal is to evaluate whether the strategies that Cobb and Ross write about apply to the issues championed by privacy advocates in the UK who oppose the deployment of the Webwise advertising system. I won’t be working through the technical or political backstory of Phorm in this post and will be assuming that readers have at least a moderate familiarity with the backstory of Phorm – if you’re unfamiliar with it, I’d suggest a quick detour to the wikipedia page devoted to the company.

Before initiators and opponents actually start fighting about the agenda, issues must first be identified. Not all problems are deemed significant enough to warrant attention and others are seen as outside of the agenda-holder’s purview. How then do initiators, such as privacy advocates, successfully present issues and get them on the agenda?

Getting to the Agenda 101

A policy initiator has to successfully define their issue-of-interest to get it onto the agenda. Initiators must “connect a problem to cultural assumptions about threats, risk, and humans’ ability to control their physical and social environments” (Cobb and Ross 1997: 5). This often entails a three-step process:

A name must be given to the problem that resonates with the public. As an example: Deep Packet Inspection (DPI) is an illegitimate surveillance system that breaks the law and intrudes on personal privacy.
Having named the problem, a culprit must be shown as responsible for unfair treatment experienced by victims. In the UK, Phorm and BT are shown as mutually complicit in deploying a DPI-based advertising system, in secret and in contravention of wiretapping laws. Such surveillance offends citizens’ communicative dignities.
After naming the problem and blaming a party for the problem, initiators of a new policy must make arguments to attract support. These arguments should be framed to let members of the public impose their own meaning on the advocates’ message. Further, the arguments should reveal the social significance of the problem, appeal to the temporal relevance of the issue, frame the problem in non-technical language, and reveal the problem as categorically unique.

Per Cohen, Marsh, and Olsen (1972: 2), there are four separate policy ‘streams’ that policy initiators need to link together to get their issue onto the agenda; problems, solutions, participants, and choice opportunities. Kingdon (2002) compresses this set of windows, proposing that there are three ‘families’ of processes in federal agenda-setting processes: problems, policies, and politics. The success of the UK groups, then, has been dependent on framing their issue as a problem with a policy solution while linking with policy participants. Such participants must be able to affect the issue and willing to enact change. When analyzing policy windows it is critical to attend to the situational politics around prospective participants in the policy subsystem. If the situation prevents actors from acting then policy initiators may be unable to align policy windows and advance their issue to the governmental agenda. Effectively, even if privacy advocates frame their issue and identify a solution, the politics of the day may jeopardize attempts to put the issue on the government’s agenda.

Opposing Policy Initiators

How, exactly, are politics framed in a way that precludes actors from acting or policy windows from aligning? In Western democracies there are three typical choice-types available to those opposing advocates:

Low-cost strategies stressing non-recognition of the advocate position;
Medium-cost strategies attacking the advocates’ proposed policy;
Medium-cost strategies symbolically placating advocates [2]

I’ll consider the strategies in turn, in relation to BT-Phorm and UK privacy advocates. I’ll conclude the post by proposing a series of research questions that stem from the EU ultimately stepping in and placing Phorm on its agenda despite UK regulatory bodies’ unwillingness to take up Phorm as an actionable agenda item.

Low Cost Strategies

Opponents of policy initiators often hope that voices outside the halls of power will just go away if they’re ignored. Ignoring problems is meant to deflect advocates, though the tactic is less successful when opponents face highly motivated policy initiators. The case of Phorm serves as a good example. After trying to ignore complaints from the user community, BT eventually admitted that they had tested the Phorm advertising system. This disclosure was motivated both by technical analyses of the BT network, the leaking of internal BT documents discussing a trial of the Webwise system, and pressure exerted by privacy advocates.

The actual problems that users experienced, however, were isolated, and the number of people affected were limited; not all BT customers were unknowingly enrolled in the test and of those who were, not all suffered material degradations of their Internet service. On the basis of both points advocates were pushed aside; they weren’t advocating on the behalf of a large population, and within the trial population only a small number were materially affected by the advertising system. This technique of dismissing claims based on the population affected is formally referred to as “antipatterning”, and it sees opponents put pressure on advocates to demonstrate that their concerns extend beyond a small subset of individuals and that the problem is important enough to rise to the agenda.

Key to opponents’ low-cost strategies is a refusal to communicate with initiators. A traditional tactic is to use the legitimacy associated with communicating directly with another person as a bargaining chip; initiators must set aside certain facets of the problem, or the issue must be framed in an ‘appropriate’ way for the conversation to begin ‘in earnest’. This has the effect of conditioning the issue that advocates raise, coercing them to make the issue more amenable to the agenda that their opponents want the government to work with. The other advantage associated with not or minimally communicating with advocates is that the action forces advocates to expend precious resources to gain publicity and find allies. Both are needed for an advocate group to convince opponents and officials alike that the issue they are championing deserves to be placed on the agenda.

Middle-Cost: Attacking Advocates’ Proposed Policy

Where initiators are already regarded as highly legitimate (e.g. a well-known, financed, politically savvy privacy advocacy group) then opponents will focus their attacks on the groups’ proposed policy. Such attacks commonly revolve around disputing advocates’ facts or the logic of their arguments. When raising issues about the nature of a privately owned digital network this tactic is quickly used: How can advocates make the claims they are, given that they have never operated the massive network? Without logs (secret and proprietary corporate information) how can advocates support their worries?

In addition to challenging policy initiators based on factual and logical grounds, opponents can raise the spectre of costs: If advocates successfully place their issue on the agenda, the end-result could be higher costs for all users of a service. Alternately (and possibly more effectively), if advocates are successful then users might be denied some sort of a reward. In the case of many DPI-based advertising system users are promised additional security resulting from DPI analyses, reduced bills, and so forth. Given the ‘carrots’ associated with DPI, advocates must translate issues that the public often regards as ‘intellectual’ into ‘meat and potatoes’ problems – how does DPI affect the common citizen, in an embodied and direct manner, on a daily basis.[3]

When the advocates themselves lack a pre-existing legitimacy, or lack ‘protective credentials’ or positions (e.g. advanced degrees, employment in a field related to the issue, etc), opponents may work against the group itself and bypass a policy-based critique entirely. Such attacks are intended to reduce advocates’ credibility. Phorm arguably attempted this (too late!) when creating their ‘Stop Phoul Play’ website that sought to discredit privacy advocates. Phorm’s efforts fit nicely into Cobb’s and Ross’ expectations that the opponent would try and link policy initiators to negative stereotypes (as serial agitators and ‘privacy pirates’) but it is less clear to me that they sought to blame advocates for the problem itself.

Privacy advocates tend to frame issues so as to claim the high ground of the issue at hand, pointing to economic, physical, psychic, or other indignities resulting from the issues they are pushing onto the agenda. Per Cobb and Ross, opponents are driven to neutralize these claims and such attempts were evident in the Phorm saga. Opponents pointed to the use of ISP networks for the transport of copyrighted material, transport which opponents maintained raise costs of doing business and thus for providing consumers’ Internet service. On this basis, Phorm’s advertising was valuable in offsetting rising costs resulting from ‘piracy’ actions, actions Phorm associated with the privacy campaigners themselves.

Finally, outright deception is sometimes used in this middle-cost attack strategy. Deception can entail “lying, spreading rumors, or planting false stories in the media. Deception involves the dissemination of materials known to be inaccurate or of questionable veracity” (Cobb and Ross 1997: 33). Advocates in the UK experienced these kinds of actions by Phorm, including accusations that a lead advocate had been fined for tens of thousands of dollars for copyright infringement.

Thus, in aggregate, we can see that BT and Phorm reacted as an opponent using mid-cost strategies meant to undermine the problem’s legitimacy as a potential agenda item, and that the opponents also sought to undermine the legitimacy of the advocates advancing the issue. These mid-cost attacks were supplemented with attempts to placate advocates, and arguably were successful in removing an influential policy initiator (Privacy International) from the (public) policy landscape.

Middle-Cost: Symbolically Placating Avocates

Symbolic placation typically involves opponents adopting “a language emphasizing mutual interests, and the zero-sum vocabulary associated with adversarial conflict is set aside” (Cobb and Ross 1997: 34). While placating advocates has the effect of legitimizing their issues, it does so in a manner that lets opponents retain control of how, why, and when the issue is actually raised to the agenda. Placation often entails establishing committees of some sort to study the problem and is more generally meant to defuse conflicts and weaken the momentum initiators have developed.

A particularly common tactic is to reach out and co-opt advocates’ actual or potential allies, offering jobs, positions, and other benefits to ‘work with’ the opponents. Privacy International arguably suffered this tactic. Phorm hired Simon Davies (director of Privacy International) to evaluate the Phorm Webwise system, and subsequently leveraged the fact that Davies was associated with the company to strategically limit Privacy Internationals’ influence. Specifically, the report produced by Davies maintained that the advertising system had to be opt-in and resolve questions around the legality of communications intrusion before it went live, but Phorm focused on the fact that Privacy International was working with the company and had positively evaluated the system. Somewhat surprisingly, and pleasantly, the absence of Privacy International didn’t let BT’s and Phorm’s activities continue unrestrained; other UK privacy campaigners jumped in to fill the void.

We have yet to see the tactic of postponement – where opponents agree with the validity of the grievance but identify reasons for why it will take time to resolve the issue – or a focus on past accomplishments and trustworthiness to justify the continuing existence (as opposed to resolution) of the issue. We may see both of these sooner rather than later, when the EU concludes their own investigations into Phorm and BT, and the UK government runs out of avenues to appeal the impending EU decision.

Complicating Politics

Much of the agenda-setting literature focuses on the federal level of analysis, investigating how issues become important on a national scale. Most of the BT-Phorm issue has revolved around agendas at the national level in the UK, but (somewhat) recently the EU has put Phorm on its own supranational agenda. This adds a level of complexity to the efforts of the privacy advocates seeking to shape deep packet inspection as an agenda item. Advocates sought to motivate the UK national agenda that opponents were deeply involved with, and were only moderately successful in putting their issue on the agenda. More specifically, while advocates successfully initiated political discourse about the technology the companies associated with the advertising system have successfully delayed or stifled regulatory action. Whether the regulator is subject to capture or not remains an open question, but in the face of external supranational oversight a national(ist) regulatory body may attempt to justify its behaviour to retain its own political legitimacy. The body may reframe the issue, away from advocates, focusing on a need to protect sovereign decision-making capability instead of actually regulating the DPI-based practices themselves. Thus, while advocates may find an ally in a supranational body, this body’s potency may shift the terms of political avoidance to the maintenance of political and decisional sovereignty.

To better understand and evaluate the impacts of shifting the issue to a supranational agenda in contravention of the attention paid to the issue on the national agenda, it is important to gain perspective on why, exactly, UK regulatory bodies have been so tardy in responding to the issue. These bodies have not been actively engaged in either of the medium-cost attack strategies, instead adopting a low-cost strategy of simply avoiding the issue. Does the transition to a supranational level of analysis shift how the UK body perceives DPI as an agenda item? Does it change the kinds of tactics that it considers (e.g. moving from avoidance to either symbolic placation or launching an attack on the legitimacy of the issue as a problem, or the legitimacy of either advocates or the EU commissioner)? Does the body seek to reframe the issue from one of privacy and law to one of political sovereignty? What, specifically, motivates the subsequent tactics, or does a system of continued avoidance persist despite the elevation of the issue?

These are the kinds of questions that I will be pursuing in the coming months as I conduct research for my dissertation; as/if I develop responses, I’ll be writing about them here.

Books Cited:

R. W. Cobb and M. H. Ross (eds.). (1997). Cultural Strategies of Agenda Denial. Lawrence, Kansas: University Press of Kansas.

M. D. Cohen, J. G. Marsh and P. P. Olsen. (1972). ‘A Garbage Can Model of Organizational Choice’, Administrative Science Quarterly. 17(1). 1:25.

J. W. Kingdon. (2002). Agendas, Alternatives, and Public Policies (Second Edition). New York: Longman.

Footnotes:

[1] For an excellent discussion and evaluation on how the transfer game was lost, read Abraham’s Protectors of Privacy.

[2] There is a forth potential approach to opposing advocates, high-cost strategies that often rely on “electoral, economic, and legal threats, as well as economic sanctions or legal actions, arrest, imprisonment, and organized violence.” While such approaches are sometimes evidenced, they are exceptional and rare.

[3] Translating issues for the public may not always be successful, or a good use of resources for some privacy advocates. Where advocacy groups are resourced or experienced, or simply integrated into an existing policy community that is more receptive to their claims than the public, the groups may work within their policy group instead of trying to convince the public of the poignance of the issue. The choice made – to get mass support or work within an existing policy network and its subsystems – may relate to the characteristics of the advocacy group in question.

Other posts you might be interested in:

Controversial Changes to Public Domain Works

Christopher — Fri, 07 Jan 2011 19:53:10 +0000

by Muskingum University Library

A considerable number of today’s copyfight discussions revolve around the usage of DRM to prevent transformative uses of works, to prevent the sharing of works, and to generally limit how individuals engage with the cultural artefacts around them. This post takes a step back from that, thinking through the significance of transforming ‘classic’ works of the English literary canon instead of looking at how new technologies butt heads against free speech. Specifically, I want to argue that NewSouth, Inc.’s decision to publish Huckleberry Finn without the word “nigger” – replacing it with “slave” – demonstrates the importance of works entering the public domain. I restrain from providing a normative framework to evaluate NewSouth’s actual decision – whether changing the particular word is good – and instead use their decision to articulate the conditions constituting ‘bad’ transformations versus ‘good’ transformations of public domain works. I will argue that uniform, uncontested, and totalizing modifications of public domains works is ‘bad’, whereas localized, particular, and discrete transformations should be encouraged given their existence as free expressions capable of (re)generating discussions around topics of social import.

Copyright is intended to operate as an engine to generating expressive content. In theory, by providing a limited monopoly over expressions (not the ideas that are expressed) authors can receive some kind of restitution for the fixed costs that they invest in creating works. While true (especially in the digital era) that marginal costs trend towards zero, pricing based on marginal cost alone fails to adequately account for the sunk costs of actual writing. Admittedly, some do write for free (blogs and academic articles in journals might stand as examples) but many people still write with the hope earning their riches through publications. There isn’t anything wrong with profit motivating an author’s desire to create.

Problems do arise, however, when copyright strays from its original purpose of generating speech. When copyright functions as a kind of ‘property’ right that unduly distorts or undermines subsequent expression because of its duration there is a problem. If individuals cannot transform poignant cultural artefacts in making their own statements, with the effect that their expressions lose credibility and communicative force, then the law of copyright threatens to weaken expression. In short, copyright that significantly limits creative possibilities for extended periods of time has the capacity to weaken, or muffle, the impact of speech (Netanel, p. 30).

In the case of Huck Finn, we see a publisher transforming a public domain work and then releasing it to the market. To be clear: NewSouth isn’t forcing all old copies of the text to be burned, they’re not requiring that everyone buy the new version, nor are they forcing all publishers to adopt the same kinds of changes. They are not the sole publishers of the text. In changing the words “nigger” to “slave”, however, they are (potentially, at least) transforming the character of the book’s text. This may lead to new narratives, new questions, new insights….or it might just lead to narrative confusion and worsen the strength of the text. These are open questions, ones that should be examined prior to the book being used as a pedagogical tool. Much as changes in the musical and film genre of mash up provoke new ways of engaging with music and video, NewSouth’s transformations promise new kinds of engagements with the text, as well as with the publishing and authorial responsibilities involved in producing a text. While the quality of the transformation can (and should) be subject to cultural and aesthetic evaluation, the fact that transformation is itself permissible should be subject to divergent standards: is the transformation illegal? is the transformation an expression? Assuming the former response is negative and the latter positive, then the transformation itself should be permitted and encouraged.

Readers might be asking what right NewSouth has to go and modify the works of Twain; doesn’t he have moral rights that should preclude transformations of the work that are in contravention of his initial intentions? Perhaps, but his work has been in the public domain for a considerable period of time – he no longer has a copyright interest in the work as he did whilst the work was under copyright. Netanel nicely articulates most of my position on this matter of authorial rights, stating that

Authors do have a speech interest in presenting their work to the public in the precise formulation, context, and media that they believe will best convey their message and aesthetic sensitivities…However, an author’s speech interest in presenting his work in unadulterated form and context does not extend per se to an exclusive right to control each and every instantiation of his work. (Netanel, p. 49)

Ethically, perhaps, a publisher might feel obligated or be expected to identify their transformations but such a position is a comparatively new development in the ethics of publishing. The ‘great texts’ that we teach our students – Plato, Aristotle, and the like – have underwent considerable transformations that were rarely credited. Such modifications were not ‘illegal’, nor were they ethically bankrupt. Instead, they were reflections of a literary culture’s engagement from their cultural artefacts. I’m not advocating for a return to pre-Gutenburg ethics of publication, but simply reminding readers that ‘ethics’ are contingent to the cultural/social/political framework(s) of the day: ethics are not morals, and we shouldn’t hold them up as such.

Arguably, the contest around the ‘appropriateness’ of the transformation by NewSouth underscores the ongoing tension around notions of copyright itself. As Lessig has noted, we are at a point in history where we are so concerned about protecting copyright that we have lost sight of it’s actual purpose (Lessig, p.19). Patry nicely builds on this point, writing

Copyright owners also ignore that what they regard as a right is instead a government grant specifically for the benefit of society, not authors … The benefits to the public are, therefore, of greater importance than the benefits to authors. (Patry p. 123)

In this case, copyright served its purposes (in theory, it was part of the reason why Twain wrote) and the monopoly right has since lapsed. The work is now being transformed, enabling subsequent speech acts and expressions that are made more resonant because of the cultural import of Twain’s work. Copyright served its purposes, and now we enter discussions of the present public value of new expressions based on public domain sources. The public domain is working.

So, what does public domain work ‘do’? In a significant way, it lets creators appropriate, modify, and reframe what has gone before. Ideally, the appropriation of the past is done in such a way to improve the subsequent cultural artefact that is created. Failures to approximate the ideal, however, need not be ‘abolished’ or pre-censored – a standard of excellence for playing with one’s culture need not be developed and adhered to as a precursor to appropriating work in the public domain. Many audio and video mash ups are horrific, and the same is the case with written mash ups and transformative instantiations of texts. Does this mean that any and all transformations are permissible, that anything goes? Only to a certain extent.

First: We have hate speech laws, and various other laws that constrain the range of expression that can be articulated. Such laws will continue to frame the kinds of speech that can be made with public domain works. State-backed speech laws thus act as one boundary that limit how public domain works can and should be appropriated for transformative purposes. In some cases such laws may be inherently censorial, in which case they need to be challenged. Regardless, the law will shape some speech and thus uses of the public domain.

Second: We need to make a distinction between what NewSouth is doing and a uniform, forced, and totalizing censoring of a text. The latter instance of censorship is best exemplified by publishers forcing authors to modify texts pre-publication for purely political reasons, or e-versions of texts being modified and the modifications forced upon all e-readers. Uniform and forced censorship would also be evidenced if a state exerted its power and attempted to ban or modify public domain works without any semblance of legitimate debate. As engaged modern citizens we arguably need to resist instances where the uniform and incontestable modification of a public domain work that both transforms the work and makes the ‘original’ iteration of the text effectively unavailable.

In the case of NewSouth, however, we’re dealing with a localized, particular, non-uniform transformation. There is a change to the words of the text but this doesn’t have the same qualitative impact as an all-out uniform and unquestionable modification. NewSouth should be encouraged for doing something daring with a public domain work. This said, encouraging transformative uses doesn’t mean that we accept changes without question; we need to seriously and critically interrogate the modifications. What is important, however, is that we not prevent those changes: part of authorship and being an engaged citizenry is critically engaging with the way cultural artefacts are produced and disseminated. The ire raised by NewSouth indicates that we’re dealing with a transformation that is inciting members of society to talk about issues of truth, culture, history, racism, and so forth. These are incredibly important issues, and it’s a good thing to have discussions about them as members of a (hyper)literate society. Transformation of works is to be encouraged, and it’s something that’s often discouraged by contemporary instantiations of copyright – this is one of the key ways that copyright works to stiffle and muffle free speech.

Importantly, because Twain’s work is public domain NewSouth can transform the text and provoke questions around authorship, race, and cultural origins. We can ask whether the change is ‘appropriate’ or not. We can evaluate what normative frameworks should be used to adjudicate the ‘correctness’ of transformations of cultural artefacts. We can debate, publicly, the values built into notions of modern copyright and publication monopolies. NewSouth’s expression is an expression of free speech, as are the strident (and often disapproving) discourses being struck up around the company’s speech act. The cost of free speech, as it were, is that sometimes things are said or expressed that we don’t like. When we dislike speech (as may be in the case of NewSouth’s particular transformation) we can publicly engage with one another – their own speech act stands within a broader matrix of public discourse; NewSouth’s act does not stand as a uniform, fixed, and separate expression that stands outside the public sphere.

Further, we need to consider what kind of discussion we would be having if Twain’s works were still copywritten. If it were, then our present discussion would be more abstract and use hypotheticals; to use Netanel’s language it would be ‘stiffled’ or ‘muffled’ because NewSouth would have been unable to transform such a poignant text in making their expression. Much of the potency and vigour of the present discourse arises because Twain’s works are themselves significant to the English canon. As a consequence, the discussions online, in homes, and in schools resonate that much more loudly. The public domain enables key modes of discussion that draw on cultural prizes, and the debate around Huck Finn serves to show us just how important it is for texts to be subject to transformation: once in the public domain entirely new, unexpected, unpredictable, and exciting discussions can arise within the public sphere. The public domain fuels many of our expressive possibilities; more works need to enter it so that the public can be enriched by creative works in manners impossible (or, at least illegal) when authors/publishers retain and exercise their fully copyright monopoly over works.

Print Sources

L. Lessig. (2004). Free Culture: The Nature and Future of Creativity. New York: Penguin Books.

N. W. Netanel. (2008). Copyright’s Paradox. New York: Oxford University Press.

W. Patry. (2009). Moral Panics and the Copyright Wars. New York: Oxford University Press.

Other posts you might be interested in:

Publication – Digital Inflections: Post-Literacy and the Age of Imagination

Christopher — Fri, 17 Dec 2010 22:04:34 +0000

Earlier this year I was contacted by CTheory to find and interview interesting people that are doing work at the intersection of theory, digitality, and information. Michael Ridley, the Chief Information Officer and Chief Librarian at the University of Guelph, was the first person that came to mind. I met with Michael earlier this year for a face-to-face discussion, and our conversation has since been transcribed and published at CTheory. Below is the full introduction to the interview.

“… [O]ne of the things about librarians is that they’re subversive in the nicest possible ways. They’ve been doing the Wikileak thing for centuries, but just didn’t get the credit for it. This is what we try to do all the time; we try to reduce the barriers and open up that information.”
– Michael Ridley

Self-identifying as the University’s Head Geek and Chief Dork, Michael Ridley leads a life of the future by reconfiguring access to the past. As Chief Librarian and Chief Information Office of the University of Guelph, Ridley spends his days integrating digital potentialities and the power of imagination with the cultural and historical resources of the library. Seeing the digital as a liminal space between the age of the alphabet and an era of post-literacy, he is transforming the mission of libraries: gone are the days where libraries primarily focus on developing collections. Today, collections are the raw materials fueling the library as a dissonance engine, an engine enabling collaborative, cross-disciplinary imaginations.

With a critical attitude towards the hegemony of literacy, combined with a prognostication of digitality’s impending demise, Ridley’s position at the University of Guelph facilitates radical reconsiderations of the library’s present and forthcoming roles. He received his M.L.S. from the University of Toronto, his M.A from the University of New Brunswick, and has been a professional librarian since 1979. So far, Michael has served as President of the Canadian Association for Information Science, President of the Ontario Library Association, Board member of the Canadian Association of Research Libraries, and Chair of the Ontario Council of Universities. He is presently a board member of the Canadian Research Knowledge Network and of the Canadian University Council of CIOs. He has received an array of awards, and was most recently awarded the Miles Blackwell Award for Outstanding Academic Librarians by the Canadian Association of College and University Libraries. Ridley has published extensively about the intersection of networks, digital systems, and libraries, including “The Online Catalogue and the User,” “Providing Electronic Library Reference Service: Experiences from the Indonesia-Canada Tele-Education Project,” “Computer-Mediated Communications Systems,” and “Community Development in the Digital World.” He has also co-edited volumes one and two of The Public-Access Computer Systems Review. Lately, his work has examined the potentials of post-literacy, which has seen him teach an ongoing undergraduate class on literacy and post-literacy as well as giving presentations and publishing on the topic.

Read the full conversation at CTheory

Other posts you might be interested in:

Decrypting Blackberry Security, Decentralizing the Future

Christopher — Mon, 29 Nov 2010 18:00:09 +0000

Photo credit: Honou

Countries around the globe have been threatening Research in Motion (RIM) for months now, publicly stating that they would ban BlackBerry services if RIM refuses to provide decryption keys to various governments. The tech press has generally focused on ‘governments just don’t get how encryption works’ rather than ‘this is how BlackBerry security works, and how government demands affect consumers and businesses alike.’ This post is an effort to more completely respond to the second focus in something approximating comprehensive detail.

I begin by writing openly and (hopefully!) clearly about the nature and deficiencies of BlackBerry security and RIM’s rhetoric around consumer security in particular. After sketching how the BlackBerry ecosystem secures communications data, I pivot to identify many of the countries demanding greater access to BlackBerry-linked data communications. Finally, I suggest RIM might overcome these kinds of governmental demands by transitioning from a 20th to 21st century information company. The BlackBerry server infrastructure, combined with the vertical integration of the rest of their product lines, limits RIM to being a ‘places’ company. I suggest that shifting to a 21st century ‘spaces’ company might limit RIM’s exposure to presently ‘enjoyed’ governmental excesses by forcing governments to rearticulate notions of sovereignty in the face of networked governance.

Before I get any further, I need to add a pair of caveats. First: I don’t professionally manage BlackBerry devices or presently administrate an Enterprise Server. I do, however, have a decent high-level understanding of how the BlackBerry ecosystem is set up and how it functions as a cohesive system. Second, and perhaps more importantly, while I have family and friends who work at RIM absolutely nothing written here has been taken from conversations with them nor ‘cleared’ or edited by them. Everything written here has been taken exclusively from the following sources: conference presentations given by RIM Security, my own personal familiarity with the BlackBerry product lines, discussions with information technology staff who deploy BlackBerry products, academics who attend to mobile security issues, and personally performed online research. I have not communicated with anyone inside RIM – that I know personally or otherwise – about the specifics of what I have written here.

The Origins of the Blackberry

The first Blackberry was a glorified Pager that was released in 1999. RIM’s innovation was to combine corporate and wireless mailboxes by setting up a service that relied on their own Network Operations Center and Blackberry Enterprise Software. Together, this infrastructure collected pager messages into a single mailbox and then pushed them to Blackberry devices. Messages were encrypted using triple DES encryption, with encryption keys supplied by the enterprise instead of RIM. This separation of data transit responsibilities and key provision meant that RIM could not decrypt messages while they rested on RIM’s servers. This basic infrastructure, now ingrained in the BlackBerry Enterprise Server (BES), is a lasting legacy that provides the real security that enterprise customers have come to expect from RIM products. In the absence of this infrastructure (as in the case of consumer BlackBerry use) the security of BlackBerry communications remains largely rhetorical; if governments strongly pressure RIM and wireless companies for consumer data they can usually (eventually) force RIM to turn over demanded information.

BlackBerry Internet Service

RIM’s BlackBerry Internet Service (BIS) is central to the provision of consumer BlackBerry offerings. Assuming that a customer purchases their device from a wireless phone carrier and use that carrier’s services exclusively (i.e. assuming that their phone isn’t hooked up to a BlackBerry Enterprise Server) then the BIS lets customers enjoy many of the corporate features of the BlackBerry without any of the security that is often associated with the BlackBerry. The following image displays the general structure of the BIS ecosystem:

Photo credit: Blackberryrocks.com

There are several benefits to using a BIS, including access to email, data compression and BlackBerry Messenger. In the case of email, it is as secured as the wireless provider makes it. This means that customers would enjoy levels of security equivalent to or exceeding that of enterprise customers if the provider deployed an asynchronous key infrastructure designed to prevent the provider from accessing their customers’ email in transit and at rest. Unfortunately, I’ve yet to find a single wireless network that provides this level of encryption for the transit of email. Instead, while the communication between the mobile device and the wireless networks’ server is likely encrypted – if using a GSM-based device, the A5 algorithm protects the customer’s data over the air – the rest of the data’s transit is likely unencrypted.[1] Since carriers are often obligated by national law to design networks to facilitate lawful access (e.g. CALEA in the US) government can gain access to carrier-mediated data communications. RIM is (somewhat) explicit about this in their BIS “Security Feature Overview” .pdf document, where they write that “Email messages and instant messages that are sent between the BlackBerry Internet Service and your BlackBerry device use the security features of the wireless network.” Effectively, consumers are prisoners to their wireless providers’ (often quite low) security standards.

Internet access is similarly passed through both the wireless provider’s networks and the BIS. Data is secured for the air using A5 in the case of GSM devices and then passed through the carrier’s servers and RIM’s own network. Where data is encrypted using SSL or some other form of encryption the data experiences two layers of encryption: it is encrypted over the air, and further encrypted using the web-based encryption standards. When the data passes through RIM’s servers it experiences data compression to reduce delays in accessing content. Compression is oftentimes significant; according to Rogers (.pdf) the same email message would be roughly 23KB if read on an iPhone 3G as compared to around 2KB when read on a BlackBerry Bold. Assuming both devices use similar 500MB data buckets this would mean that the iPhone could receive around 22,000 messages before exceeding the bandwidth allotment versus over 250,000 received on the BlackBerry. Significant compression is also noticed when browsing websites and sending/receiving pictures on a BlackBerry versus other mobile devices.

The third ‘key component’ of the consumer BlackBerry experience is the BlackBerry messaging service. Incredibly popular, this service is encrypted using a global key. This means that messages sent from a BlackBerry device are encrypted on the device, transmitted to the other device(s) the message is intended for, and decrypted upon arrival at recipient devices. Specifically, RIM has written that:

The BlackBerry device scrambles PIN messages using the PIN encryption key. By default, each BlackBerry device uses a global PIN encryption key, which allows the BlackBerry device to decrypt every PIN message that the BlackBerry device receives.

It is possible for RIM to decrypt messages that are encrypted with the global key, making them available to third parties if those parties come looking for them. As we will read shortly, RIM has capitulated to various governments by giving up keys enabling decryption of consumer BlackBerry messenger traffic. Importantly, the wireless provider cannot make this information available because they never have access to the global keys – your PIN to PIN messages are secure from your carrier’s surveillance mechanisms but vulnerable to RIM’s own actions.

What is the BlackBerry Enterprise Server

The BlackBerry Enterprise Server (BES) is typically deployed by corporations to secure their communications from public and private scrutiny. Below is a graphic demonstrating the BlackBerry communications architecture that includes a BES.

Photo credit: RIM UK

In this framework, communications are encrypted on the device according to the key management system used by the BES-owning organization. By encrypting communications before to exiting the device, intercepting the data at the wireless network is useless unless engaging in traffic analysis. When the data is passed into the Internet more generally it remains encrypted. The data is only decrypted when it gets behind the corporate firewall. Separate policies will manage encryption at-rest in the internal mail and messaging infrastructure that the organization maintains.

The result of this encryption policy is that email is not subject to access by government at the carrier level; government has to go to the group running the BES and demand the group hand over the data in question. This significantly changes the dynamics of the data request because carriers generally don’t care about the actual privacy of individuals on their network; so long as law enforcement is willing to pay for the effort of collecting and providing customer data the carrier is (generally) happy to help. This attitude changes when authorities come to a particular business or small group of users that are securing their communications using a BES; these groups are motivated to secure their communications (as demonstrated by setting up and running a BES in the first place) and have personal stakes in maintaining communicative security. As a result they are likely less happy than a carrier to cooperate with government agents.

What is key here, is that when running a BES neither RIM nor the wireless carrier can assist law enforcement in accessing email, Internet browsing (which can be encrypted by default) or BlackBerry messenger contents (assuming that the organization isn’t using the same global encryption key consumer messenger traffic relies on). If the BES and surrounding corporate IT infrastructure is outside a country’s legal reach then secured communications can be provided without worrying about government actually going after the mail or messaging servers themselves. Further, if a corporation’s legal assets and identity are also outside the nation, the government may be unable to legally compel the company to turn over the contents of BlackBerry communications. Needless to say, the full encryption of communications prevents the nation’s wireless carriers from effectively tapping BlackBerry device communications. Of course, this degree of security does depend on the device itself being protected from side-attacks, and protecting against these may limit the device’s full functionality.

Retrofitting Communicative Privacy and Security?

Over the past 24 months or so, various governments have decided that accessing secured BlackBerry communications is a national security priority. The actions taken by the Mumbai terrorists, who used BlackBerry devices to securely communicate with one another, have fuelled governmental demands to access privately secured data communications. What exactly has being demanded of RIM, why is it problematic to comply with these demands, and what is the next step from this point forward?

First, let’s showcase some of the countries demanding access to BlackBerry communications. The UAE has argued that BlackBerry devices pose ‘security risks’ on the basis that:

BlackBerry operates beyond the jurisdiction of national legislation, since it is the only device operating in the UAE that immediately exports its data offshore and is managed by a foreign, commercial organisation … As a result of how BlackBerry data is managed and stored, in their current form, certain BlackBerry applications allow people to misuse the service, causing serious social, judicial and national security repercussions.

Similarly, India remains ‘concern’ about their inability to decrypt secured BlackBerry communications. On the basis that encryption prevents rapid content penetration by government code-breakers, the Indian government sees BlackBerry communications as a national security issue. As noted by ZDnet, the general argument is that “India’s intelligence services need to be able to access encrypted data to prevent attacks in a ‘constant setting’: where attacks are likely and have occurred regularly.”

Other countries that have, or are presently, evaluating whether or not to let their businesses and citizens enjoy high levels of communicative security and privacy include:

Kuwait. RIM has reportedly agreed to block thousands of pornographic websites after the government raise concerns about the cultural impact of these websites.
Bahrain’s government successfully forced RIM to disable the messaging services for BlackBerry messaging chat groups on the basis that such groups could generate “chaos and confusion” as news was distributed via them. In effect, the BlackBerry limited the government’s ability to censor news that it didn’t want spread amongst its citizenry.
Indonesia is concerned about BlackBerry encryption on the basis that the government is uncertain whether “data being sent through BlackBerrys can be intercepted or read by third parties outside the country.”
Algeria, paralleling concerns raised by India, worries that the devices might be a “danger for our economy and our security.
Lebanon is studying the security concerns around the BlackBerry.
Tunisia has previously suspended email on the basis of security concerns.

Needless to say, this abbreviated list has a lot of nations citing ‘security concerns’ as driving the impairment of BlackBerry services. Also needless, but important, to note is that many of these same nations are well known for their efforts at censoring communications, oppressing their citizens, and regularly violating human rights.

What has RIM’s response been? In addition to blocking thousands of websites for the Kuwaiti government, RIM has provided decryption keys for the BlackBerry messenger service to India and believed to have provided them to Saudi Arabia as well. In the case of India, this apparently means that RIM is providing some kind of live access to BIS infrastructure that carries Indian messaging data. It’s important to carefully read and parse RIM’s official position regarding Saudi Arabia. Specifically, “RIM cannot accommodate any request for a copy of a customer’s encryption key, since at no time does RIM, or any wireless network operator or any third party, ever possess a copy of the key.” This seems deliberately nebulous, designed to confuse customers of the consumer line of BlackBerry services. While the company cannot crack Enterprise customers’ security on the basis that the BES architecture lacks back doors, the same cannot be said about wireless providers’ customers. Wireless providers’ customers use RIM’s BIS but are (arguably) not RIM customers themselves; RIM lacks a significant business relationship with them, save to potentially assist with hardware problems (and these are often dealt with at the provider level). Wireless customers using BlackBerry devices can almost certainly have their security and private infringed upon – RIM has effectively admitted as much by stating that they use a common global mode of encrypting messenger traffic (that they will disclose if forced) and that email data is subject to wireless companies’ own security policies (meaning it is subject to lawful access requests).

RIM has not yet capitulated to governments by redesigning their BES systems to provide governments access to BES-secured data. RIM repeatedly maintains in public that they cannot provide access to communications that are privately secured using the BES infrastructure, and that the company cannot monitor the content of BES-secured communications despite their flowing through RIM-based infrastructure. This stance may change, with evidence coming from the ongoing negotiations between RIM and the Indian government. The two parties are reportedly working towards some kind of an agreement that will give the Indian government live access to data flows along BES environments. Presumably, this kind of ‘sneak peek’ would involve letting government officials look at data flows before they were encrypted going out of the enterprise, or after they had entered the corporate network. Alternately, all encryption keys might ‘just’ have to be registered with the national government. Save for in the last case, these ‘solutions’ would likely take the form of some kind of required plugin or module for Indian BES customers. Regardless, any agreement on any three of these lines will present BES customers and IT administrators with a myriad of security and confidentiality issues. It will only be a matter of time until some government official is bought out by a competing organization to perform corporate espionage or the government otherwise inappropriately uses their surveillance powers.

RIM and Single Points of Privacy Failure

Countries advocating for access to encrypted communications are demonstrating the danger of dependence on third-parties to route your communications: if the third-party is compromised then your communication may also be compromised. Many of the countries pressing RIM have already compromised their wireless carriers/ISPs, but RIM poses a somewhat unique danger insofar as it is a trusted and often extra-territorial third-party. RIM’s status alleviates some challenges of implementing and maintaining secure communications for some (typically business) individuals within the nation, but heightens problems for governments seeking access to all facets of their citizens’ communications. Countries are taking advantage of the fact that they can effectively shut down BlackBerry communications within their nations by placing pressure on regional wireless providers; such pressures threaten to deny RIM access to revenues and effectively force the company to the negotiating table. RIM is behaving as any ‘good’ profit-maximizing corporation would in light of threats its profits: it is negotiating deals that maximally enhance its balance sheet, principles and the privacy of wireless carriers’ customers be damned.

The Internet has demonstrated that it is an incredibly robust communications network, but one that does have weak links. Wherever there is a single, necessary, node that traffic must pass through there is a point of attack for government, a point where sovereign powers can be exercised to capture and interrogate citizens’ data traffic. The application of sovereign power demonstrates Goldsmith’s and Wu’s general thesis in Who Controls the Internet?, that the ‘net is becoming bordered as various powers mediate what kinds of data and data repositories are available to citizens. Of course, the general thesis must be nuanced: in each case where the BlackBerry network has come under fire from government we see governments at odds with other governments, governments trying to come to terms with private international data networks, and private corporations struggling to maintain product uniformity while accommodating regional law. In essence, we see governments struggling to adjust to a novel mode of network distributions, see them struggle to realize new approaches to govern communications traffic. Given the transformative nature of Internet governance generally, we would be well advised to take seriously Cowhey’s and Mueller’s (2009) conclusion that network governance has changed how the state system and communications networks interface. Specifically, they write that

…the Internet has not escaped governments, but the governance systems have changed. Changes in the rules of decision making and the forms of stakeholder participation will drive outcomes in novel directions even if the parameters of choice still remain under the control of governments (193).

Should facets of the BlackBerry system become more significantly decentralized we could see additional complications around the governance regime of mobile data communications. Such complications will contribute to additional anxieties around the range of actions available to the state in its self-expression of sovereignty. Whereas states have historically worked on places – a locale whose form, function, and meaning are self-contained within the boundaries of a physical contiguity – they are increasing being forced to work on spaces – instances of crystallized time that operate as a site of flows, and thus lack an international bounding of form, function and meaning associated with places (Castells 2001). The decentralization of BlackBerry services, a shift to a P2P-like infrastructure for their BIS and BES services, would limit states’ abilities to attend to places, undermining law’s ability to address BlackBerry security in a manner paralleling law’s limited capacity to end widespread P2P-enabled copyright infringement. Place has become a space of weakness, a point where time remains closely associated with matter and thus receptive to the “hard geophysical reality of places.” To achieve the advantages of decentralized virtualization places must give way to temporal structures associated with light-time and the manifestation of spaces that challenge geophysical locatedness (Virilio 2005: 117).

Even with the shift from places to spaces, the decentralization of BlackBerry security, and the modulation of state governance models, the switches of information transfers will remain privileged instruments of power. Thus, so long as RIM maintains vertical integration of their product lines the company will acts as a central point of power that is receptive to organized state power. Vertical integration is a problem; the company must shift from a single to pluralistic set of interrelated corporate nodes to transition from a places to spaces company. Disaggregating the vertical integration of the company would see it adopt a layered approach to its business, and manifest by the company spinning itself into a series of unique corporate bodies that maintain integration with other RIM-based corporate bodies without any particular body directly informing or integrating with one another in a centrally planned manner. Open protocols and APIs, instead of centralized corporate design, would be responsible for maintaining BlackBerry device and service integration. Under this framework a hardware, operating system, and network security corporation could emerge from the present whole that is Research in Motion.

Under this model the various corporations would contribute to a cohesive BlackBerry device, though no one party would own the entire stack. Google has demonstrated the viability of this approach, showing what a 21st century information company looks like and how it behaves (for much more on this, see Wu 2010). Exploring how RIM might implement a Google-like approach to corporate design and product architecture could simultaneously help confound sovereign authority and promote modular adjustments to facets of the BlackBerry infrastructure in ways that promote module innovation by giving developers free(r) rein over various ‘hidden components’ (those components that aren’t depended upon by other layers of the BlackBerry device stack). Such innovation and decentralization could continue to fulfill market demands of chasing after profits if open protocols and APIs are appropriately developed and propagated. Adopting this disaggregated approach, where RIM shifts from a places to a spaces company, would have the ultimate effect of challenging and undermining current structures of state sovereignty and accelerate the modulation of state power. By forcing states to engage with a better-entrenched networked governance structure that facilitates secured mobile communications the state might learn new modes of enacting governance requiring cooperation and compliance instead of blunt force. Without the tools of sovereignty the state typically wields, and the requirements to achieve cooperation and consensus, BlackBerry devices would enjoy enhanced security and their users superior communicative privacy. Importantly (for the RIM-spinoffs), the transition from a places to spaces corporation might be implemented whilst improving the conditions for modular innovation and enhancements to existing corporate profit logics.

Notes:

[1] A5 encryption has serious deficiencies, which have been helpfully summarized by Harald Welte. In effect, A5 has long depended on security by obscurity to an extend and is quickly compromised in the face of a sufficiently motivated attacker.

Book Sources:

Cowhey, Peter and Mueller, Milton. (2009). “Delegation, Networks, and Internet Governance,” in M. Kahler (ed). Networked Politics: Agency, Power, and Governance. Ithaca: Cornell University Press.

Castells, Manuel. (2000). The Rise of the Network Society (Second Edition). Malden, MA: Blackwell Publishing.

Goldsmith, Jack and Wu, Tim. (2006). Who Controls the Internet? Illusions of a Borderless World. Toronto: Oxford University Press.

Virilio, Paul. (2005). The Information Bomb. New York: Verso.

Wu, Tim. (2010). The Master Switch: The Rise and Fall of Information Empires. New York: Alfred A. Knopf.

Other posts you might be interested in:

Do You Know Who Your iPhone’s Been Calling?

Christopher — Tue, 05 Oct 2010 23:10:55 +0000

By Ninja M.

An increasing percentage of Western society is carrying a computer with them, everyday, that is enabled with geo-locative technology. We call them smartphones, and they’re cherished pieces of technology. While people are (sub)consciously aware of this love-towards-technology, they’re less aware of how these devices are compromising their privacy, and that’s the topic of this post.

Recent reports on the state of the iPhone operating system show us that the device’s APIs permit incredibly intrusive surveillance of personal behaviour and actions. I’ll be walking through those reports and then writing somewhat more broadly about the importance of understanding how APIs function if scrutiny of phones, social networks, and so forth is to be meaningful. Further, I’ll argue that privacy policies – while potentially useful for covering companies’ legal backends – are less helpful in actually educating end-users about a corporate privacy ethos. These policies, as a result, need to be written in a more accessible format, which may include a statement of privacy ethics that is baked into a three-stage privacy statement.

iOS devices, such as the iPhone, iPad, Apple TV 2.0, and iPod touch, have Unique Device Identifiers (UDIDs) that can be used to discretely track how customers use applications associated with the device. A recent technical report, written by Eric Smith of PSKL, has shed light into how developers can access a device UDID and correlate it with personally identifiable information. UDIDs are, in effect, serial numbers that are accessible by software. Many of the issues surrounding the UDID are arguably similar to those around the Pentium III’s serial codes (codes which raised the wrath of the privacy community and were quickly discontinued. Report on PIII privacy concerns is available here.).

Application developers can combine the device identifier with the following attributes: authenticated login information (e.g. a banking application can link the UDID with a full banking consumer profile), (nick)name of iOS device owner, type of connection (e.g. wifi versus 3G), model type (version of iPhone, iPad, iPod Touch), home address, phone number, and geolocation information (both GPS and Skyhook/Apple collected information). Significantly, there are no popups or warnings alerting users that this data is being collected – the actual API facilitates a level of data collection far exceeding what most consumers would expect, and stands in direct contrast with Steve Jobs’ statement at the most recent All Things D conference, which I’ve previously transcribed as follows:

We’ve always had a very different view of privacy than some of our colleagues in the Valley. We take privacy extremely seriously. That’s one of the reasons we have the curated apps store. We have rejected a lot of apps that want to take a lot of your personal data and suck it up into the cloud. Privacy means people know what they’re signing up for. In plain English, and repeatedly, that’s what it means. Ask them. Ask them every time. Make them tell you to stop asking if they get tired of your asking them. Let them know precisely what you’re going to do with their data.

Unless I’ve missed an entire regime of collection notices, I had no idea such information was being harvested by application developers until I’d read Smith’s report. Arguably of equal significance, where SSL encryption is used to transmit data Smith can determine the receiving host, but not what is actually transmitted to that host. Where traffic terminates at qwapi.com, the receiver is responsible for iAds, but it is less obvious who other receivers are, their need/desire for data, or their long-term data retention and processing policies. In essence, there’s no clear way of knowing what information is being hoovered up or what’s being done with it. ‘Free’ applications, in particular, are guilty of collecting UDID information, proving once again that if you’re not paying for a product – if you’re not a paying customer – you (and your personal information) are likely the actual product.

Also of interest in Smith’s report is that cookies are being placed in applications’ folders, and not Safari’s Cookies folder. This prevents end-users from easily removing the cookies using the iDevice’s options to do so (Settings>>Safari>>Clear History/Cookies/Cache). Combined with the incredible duration of these cookies – sometimes expiring only after 20 years – application developers can determine when an individual switches devices; when you switch (upgrade, use multiple iDevices, etc) the company puts a cookie with the same ID on the device as soon as you login, and adds the new device information to their customer databases. Given that the cookies have such excessive durations, it’s unlikely that new cookies will ever be issued to a user unless they create a separate, brand new, account. The ‘cookie problem’ is made even worse in light of Mobile Safari permitting the creation of client-side storage databases. These are often used by advertisers – Ars Technica has a walk through of Ringleader Digital’s system – to track users as they move around the Internet. Such databases are, for almost all intents and purposes, impossible to remove. The only way to ‘opt-out’ of them is to (a) realize what’s going on; (b) go to Ringleader’s website and have them place a unique identifier in the database they create on your device that indicates you’ve chosen to opt out of the tracking. After demonstrating technical ingenuity and a willingness to (in effect) exploit HTML 5 and Safari Mobile, you just have to trust them to do the right thing after you opt-out. Few users will likely ever know that these databases exist, let alone where and how to opt-out, and likely even fewer trust Ringleader to follow through with their privacy promises.

Requiring a unique identifier to avoid surveillance is less than promising, and lacks transparency from the end-user’s perspective. Moreover, Apple almost implies that this kind of behaviour is permissible, given that has developed its own opt-out system relying on similar mechanisms for their iAd advertising ecosystem. Further, Apple’s willingness to bury locational tracking information in the newest iteration of iOS – accessed through Settings >> General >> Location Services >> (Settings for applications) – shows that while Steve might talk about privacy, Apple certainly isn’t integrating an ethos of privacy by design in their products themselves, nor are they shaping the application ecosystem to respect privacy. In this way, Apple and Facebook appear to be closely aligned in how they ‘address’ privacy in their respective third-party application ecosystems.

Of course, the developers using UDIDs, setting near-permanent cookies, and deploying ‘zombie’ databases are all taking advantage of existing APIs. Such APIs are required to develop applications, and the application marketplaces are (arguably) what drive so much of iDevices’ desirability. The potentialities of APIs themselves, however, are reflections of a set of value decisions made by Apple (and by developers of APIs more generally). The UDID is not provided for nefarious reasons; arguably it is there so that developers have some kind of unique identifier that they can take advantage of instead of spending hundreds of hours creating a secured login and authentication system for each applications they produce. By making the UDID available Apple is reducing the ‘friction’ individuals experience when they actually use an application, which enhances the likelihood that individuals will actually try out the application in question. There are substantial costs entailed by field registration forms; each field significantly reduces the likelihood that a customer will actually go through with an identity-related transaction. Friction promotes consciousness about privacy and/or an awareness of the customer’s limited temporal resources.

In the process of developing a wider ecosystem – one that is dominantly intended to fuel the sales of hardware and secondarily to enhance revenue streams in the various iStores – Apple has a responsibility associated with their APIs. The ‘privacy’ policy that Apple makes available to users of iDevices is absurd; the last one was 57 pages long, on the iPhone screen, and has various buried clauses. Admittedly, I think that Apple is trying to do what their lawyers are telling them is right – if you read the privacy policy it broadly permits many of the surveillance processes discussed above (e.g. collection of locational information and other information) – but without a knowledge of the actual APIs an end-user is entirely unable to contextualize the policy. It is patently unreasonable to expect your end-users to be developers (or lawyers), with access to developer tools and time to competently play with them, just to understand your corporation’s privacy policy.

So, what is the solution then? In an ideal world Apple would genuinely adhere to what Steve Jobs stated in his All Things D interview: when an application on an iDevice wants any kind of personal information – and a unique signifier should constitute such information as soon as combined with information that can identify an individual – it will ask you. When the UDID, your mobile phone number, address, type of wireless connection used, and so forth is harvested, developers should be required to ask permission before grabbing it, and this requirement should be hardcoded into the developer API. Perhaps the Europeans will be able to force Apple (and other API developers whose APIs enable privacy invasive practices) to add this ‘friction’ to their ecosystem. Maybe there are grounds for a formal complaint to the Privacy Commissioner of Canada, on grounds that individuals cannot give meaningful consent to these collections of personal information, nor can they necessarily revoke this consent after having once given it. Both situations seems to demand the attention of Canadian regulators.

If you’re an application developer – today – what is the solution? Ideally, you implement an opt-in system but, failing that, developers should be required to adopt a three-layer privacy agreement with their end users, one that is prominently displayed at the first launch of the program and with each reinstallation/update. The first ‘layer’ should have understandable, actionable, privacy statements. We do X, we do not do Y and we believe in Z would all make good ‘privacy principle’ statements. These statements should be guided by an actual formal ethics of privacy – one that is embedded into the API, the code of the application, and the ecosystem more broadly – that when instantiated would curtail privacy invasive possibilities during the development stage.

The second layer may be more detailed, better integrating the principles and ethics with clear legal accountability. Whereas layer one might be a single page, layer two might be two or three pages, in a readable font and written at an accessible level of language; get a readability expert to go through it: if a child of thirteen years of age can’t understand it, you need to re-write the first layer, and if a seventeen year old can’t understand layer two, it needs a rewrite/edit.

The final layer will be the typical legalese, but contextualized by layers one and two. This should mean that individuals can actually frame some of the more obscure clauses should they read layer three…and if those individuals can’t, it should at least give opposing counsel and regulators grounds to argue that developers are(n’t) misleading their users.

Privacy policies are largely garbage from an end-user perspective: they’re almost entirely unreadable, unclear, and demand careful amounts of time and high degrees of education to parse. API developers need to adopt ethics of privacy, instil it throughout their code, and cut off those abusing the API in manners that clearly violate both the terms and spirit of the privacy ethic and policy. APIs should be run past privacy-minded technologists prior to being rolled out, and be modified where it is clear that the API permits and encourages invasive surveillance without the end-user’s consent. Ideally we’d see mass opt-in requirements for this kind of surveillance but I fear that this is unlikely, at least in the short term. Developing an ethic of privacy, combined with accessible three-layer privacy policies, might at least keep application and API developers honest at best, and give grounds for suit in front of the FTC, OPC, and EU Commission at worst.

Other posts you might be interested in:

Data Retention, Protection, and Privacy

Christopher — Tue, 21 Sep 2010 23:14:26 +0000

Data retention is always a sensitive issue; what is retained, for how long, under what conditions, and who can access the data? Recently, Ireland’s Memorandum of Understanding (MoU) between the government and telecommunications providers was leaked, providing members of the public with a non-redacted view of what these MoU’s look like and how they integrate with the European data retention directive. In this post, I want to give a quick primer on the EU data retention directive, identify some key elements of Ireland’s MoU and the Article 29 Data Protection Working Group’s evaluation of the directive more generally. Finally, I’ll offer a few comments concerning data protection versus privacy protection and use the EU data protection directive as an example. The aim of this post is to identify a few deficiencies in both data retention and data protection laws and argue that privacy advocates and government officials to defend privacy first, approaching data protection as a tool rather than an end-in-itself.

A Quick Primer on EU Data Retention

In Europe, Directive 2006/24/EC (the Data Retention Directive, or DRD) required member-nations to pass legislation mandating retention of particular telecommunications data. Law enforcement sees retained data as useful for public safety reasons. A community-level effort was required to facilitate harmonized data retention; differences in members’ national laws meant that the EU was unlikely to have broadly compatible cross-national retention standards. As we will see, this concern remains well after the Directive’s passage.

The DRD only applies to data and locational data, excluding “the content of electronic communications, including information consulted using an electronic communications” (Art 2 2). It is important to note that the DRD extends the definition of traffic data from what initially appeared in the EU e-Privacy Directive, which defines traffic data as “any data processed for the purpose of the conveyance of a communication on an electronic communications network or for the billing thereof” (Art. 2 b). The DRD refers to both traffic data and related data needed to identify users/subscribers. The disclosure of this information is to be provided in accordance with national legislation enacting the DRD. Data is retained for 6-24 months, and includes the following:

data necessary to trace and identify the source of a communication;
data necessary to identify the destination of a communication;
data necessary to identify the date, time and duration of a communication;
data necessary to identify the type of communication;
data necessary to identify users’ communication equipment or what purports to be their equipment;
data necessary to identify the location of mobile communications equipment.

Importantly, yearly statistics of how the DRD legislation is used must be submitted. Per article 10, this information must include:

the cases in which information was provided to the competent authorities in accordance with applicable national law;
the time elapsed between the date on which the data were retained and the date on which the competent authority requested the transmission of the data;
the cases where requests for data could not be met.

These statistics play an important role in actually evaluating the (in)effectiveness of the DRD and national laws. The date for evaluating the DRD has actually passed – it was September 15, 2010 – and the Parliament and Council are expected to evaluate the applications of the DRD and its impacts on consumers, citizens, and government. The review will be based on the statistics provided, and results will be made public.

The Irish Leak!

The Irish instantiation of the DRD isn’t really all that controversial in most ways. The Memorandum of Understanding (MoU) between the government and industry ‘partners’ takes note of costs, specifically stating that “[t]his MoU seeks to minimize the costs, time delay and audit requirements of complying with data access requests under the Act and to promote efficient administration of its requirements within the Communications Industry working with agencies of the state” (7). The MoU, and related Act, applies to mobile network operators, fixed line network operators, and ISPs. Any and all data that the public ISPs/telecom operators collect should not to be independently verified by operators. Further, while the retained data (e.g. IP addresses, endpoint information, subscriber information) could be used to roughly guess who might be using a device, the MoU recognizes that that this information cannot certify which individual is actually using a device at any particular time.

Data concerning fixed and mobile telephony must be retained for 24 months and ISP information (e.g. Internet Access, Internet email and Internet Telephony) retained for 12 months. Procedures must be established for making and servicing data requests by authorities. Perhaps reflecting both discussions with Irish industry, and an acknowledgement of the wider concerns raised by ISPs facing lawful access and retention laws around the world, the parties of the MoU recognize that the development, testing, and deployment of systems needed to comply with the Irish law may impose significant time delays before full compliance is met. Data that is retained as a result of the Irish Act must be disposed of after the above mentioned times, unless there are independent business motivations to retain data for longer periods of time.

Of interest, the MoU recognizes that a standard electronic mail and paper form should be developed to identify data requested by authorities and provided by telecommunications groups, but it doesn’t go so far as to require parties to use this form. As we will soon read, this stands in contravention of proposals by the Article 29 Data Protection Working Party.

Working Group Recommendations

This year the Article 29 Data Protection Working Group released a report on the Data Retention Directive, and it was damning. Whereas the DRD was meant to harmonize retention processes and disclosure procedures, this has yet to be evidenced. At the time of the report’s writing very few of the Commission members had provided the DRD-required statistics . The Working Group acknowledged the concerns raised about the DRD, writing:

…the availability of traffic data allows disclosing preferences, opinions, and attitudes and may interfere accordingly with the users’ private lives and impact significantly on the confidentiality of communications and fundamental rights such as freedom of expression. These scenarios are unfortunately likely to occur both because of intentional activities and on account of negligent mechanisms.

The Working Group recognizes that many cases the companies retaining data lack an automated system to delete logs, and thus are out of line with the DRD. Automation is required. Moreover, nations implementing the DRD have generally required ISPs to adopt self-regulatory regimes to be/remain DRD compliant. Such regimes are insufficient because there are considerable imbalances of power between ISPs and law enforcement. In terms of disclosure information, the Working Group has proposed a single data handover format that requires a single contact to provide the following:

User data, containing a known, finite number of fields related to service subscription and the terminals made available to users;
traffic data, containing known finite fields;
provider code containing a unique EU-wide ID to identify the communications provider and/or ISP;
LEA code to identify what LEA made the request;
Judiciary code to identify the judicial authority requiring the disclosure;
timestamp and request number;
request type, to specify the data request category (e.g. by serious crime or by amount of requested traffic data)

The Value in Transmission Data

So, no content data is monitored, but what does this mean, really? What can European states and authorities do with the data being retained?

Critically, with traffic data you can map out social networks, fixing their position within a larger group of associates. While this bit of information is obvious, what is less so follows:

…the position of an agent in the social network is in many ways more characteristic of them than any of their individual attributes. This position determines their status, but also their capacity to mobilize social resources and act (social capital). (Danezis and Clayton 2008: 99).

Traffic analysis can even be effective in identifying individuals engaged in encrypted (SSH) communications; when working in interactive mode “SSH transmits every key stroke as a packet and, hence, the password length is trivially available.” Further, there is enough variability in typing patterns themselves to plausibly identify particular users with enough traffic data. Remember: no content is ‘touched’ or captured in this kind of an analysis. Such approaches work well enough on civilian communications because they’re not permanently encrypted, nor are there a persistent levels of traffic. As a result, it is possible to capture information from packet payloads if required and an attacker can identify when encrypted communications are taking place (itself a significant piece of information). (As a sidenote: Sensitive military communications address this eavesdropping problem by having ongoing streams of encrypted data traffic between nodes of networks; when someone transmits actual (i.e. non-noise) data between nodes it is effectively invisible amongst the stream of ongoing encrypted data.)

That ‘only’ traffic data is captured assumes that we can make a clear distinction between the ‘administration’ versus ‘content’ of digital communications; information in packet headers is administrative whereas information in payloads constitute content. Unfortunately, this ‘clear’ distinction is misleading given the capacities of data mining as it pertains to traffic information. Using pattern-based mining techniques (in comparison to subject-based datamining) it is possible to leverage theories of data linkages’ predictive power to identify suspicious individuals. When behavioural marketers use this kind of information they lack any kind of necessary marker – they don’t necessarily know that they have a certified piece of authentic information about a person’s identity – whereas the breadth of the DRD and its national instantiations include requirements for subscriber information. As a result, it is possible to map where individuals reside in broader social networks, where they traverse online, who they communicate with, and so forth. Lacking access to the content of communications isn’t necessarily the same thing as being ‘privacy protective’, and given the sheer amount of data transiting around the world each day it’s likely impossible to capture it all anyways. Thus, the ‘limitations’ on what is captured should be recognized as reflective of technical realities rather than the limitations somehow being ‘privacy protective’. The end result is that surveillance, rather than privacy, becomes the necessary default for all online communications barring exceptional circumstances.

Data Protection versus Privacy

Clearly then, while the Irish case is within the boundaries of the DRD and (perhaps) data protection requirements, it is a gross infringement of individuals’ privacy and out of alignment with the Working Group’s recommendations. We should consider the effectiveness of the DRD against the backdrop of legal data protection, as well as the broader issue of privacy.

Legal protections of privacy have proliferated over the past several decades but there is academic uncertainty about their effectiveness. Writing back in 1997, Gellman writes that “it is difficult to see whether the law is really an effective device for protecting privacy” (Gellman 1997: 212). This is certainly the case given that the DRD came into being in a comprehensive privacy protection regime. Lyon has suggested that data protection laws promote a “culture of care regarding personal information” (Lyon 2007: 173) as a critique of these laws’ abilities to actually prevent collection of data in the first place. Perhaps depressingly, we might critique his position as being optimistic: it is unclear just how much ‘care’ is provided to personal information gathered during routine data retention given the failures in reporting and standardization around the DRD. While the Working Party didn’t suggest that the DRD was illegal on the basis of the European Convention on Human Rights, Breyer does. Specifically, the DRD’s harms to civil rights are arguably disproportionate to the aims of the legislation in question, it may reduce the sharing of information critical of the government and thus affect freedom of expression, and it puts an undue burden on ISPs (Breyer 2005).

In effect, formal data protection doesn’t seem to be securing privacy as a fundamental right. In fact, the present landscape lends credence to Farrell’s argument that “if an epistemic community of privacy experts helped drive the international convergence on data protection principles at an earlier juncture, officials in justice, home affairs, and security ministries are now playing a similar – but much less privacy friendly – role in driving many pertinent areas of policy” (Farrell 2008: 382). The present epistemic community driving ‘anti-privacy’ initiatives regularly uses the language of ‘balancing interests’ to push through their projects, but the very language used needs to be challenged. Balances often see privacy traded away “in concessions to managing surveillance, rather than restricting it.” As a result, governmental protectors of privacy need to abandon the language of balance and adopt a revised paradigm emphasizing “steering as the essential part of a decision-making process in which balancing is an instrument to be manipulated in the interests of privacy, rather than a desirable outcome at any level” (Raab 1999: 83).

The adoption of balancing as a tool amongst others repositions privacy advocates and commissioners as champions of privacy as opposed to advocates of broader social responsibility; it reorients them as staunch defenders. This isn’t to suggest that protecting privacy is contra to social responsibilities, but merely that advocates’ and commissioners’ tasks are to defend privacy; others will be responsible for making the broader arguments. At the same time, this doesn’t mean that in defending their particular visions of privacy these parties cannot use the tool of balance to better achieve protections. In effect, this would see data protection laws themselves as tools for defending privacy rather than ends in themselves.

In the vein of data protection as a tool, I have to question the accuracy of David Flaherty’s assertion that there is no privacy issue that cannot be satisfactorily addressed “by the application of fair information practices, broadly defined, to include such critically important notions as transparency of data collection and processing to the affected public, the need-to-know principle for personal data sharing, and the crucial importance of audit trails to monitor compliance during and after data transfers, as required” (Flaherty 1999: 35). While Flaherty’s position has the benefit of legal clarity I worry that FIPs aren’t necessarily complete enough to independently address the breadth of privacy issues facing individuals (and society) today. Privacy issues are becoming broad enough that seemingly innocuous data can be used for substantial profiling and discrimination purposes. Transparency is certainly important for determining whether a practice is legitimate or not, but the DRD and its national instantiations are relatively transparent. The addition of better access controls and audits wouldn’t alleviate the fact that individuals lack the agency necessarily to effect changes in the DRD-mandated surveillance process. Neither does transparency resolve the broader social and constitutional harms that arise as individuals cease seeing themselves as authors and addressees of mass-surveillance law. The capacity to assert agency is as important as access to knowledge, and it is unclear to me how transparency of mass surveillance processes alone facilitates the agency to resist directives like the DRD.

Resources:

Art. 29 Data Protection Working Party. (2010). “Report 01/2010 (WP172),” available at: http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2010/wp172_en.pdf

Breyer, Patrick. (2005). “Telecommunications Data Retention and Human Rights: The Compatability of Blanket Traffic Data Retention with the ECHR,” in European Law Journal 11. 365-375.

Danezis, George and Clayton, Richard. (2008). “Introducing Traffic Analysis,” in Digital Privacy: Theory, Technologies, and Practices. A. Acquisti, S. Gritzalis, C. Lambrinoudakis, and S. Vimercati (eds). 95-116.

Directive 2002/58/EC [The e-Privacy Directive] – link: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2002:201:0037:0047:EN:PDF

Directive 2006/24/EC [The Data Retention Directive] – link: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2006:105:0054:0063:EN:PDF

Flaherty, David. (1999). “Visions of Privacy: Past, Present, and Future,” in Visions of Privacy: Policy Choices for the Digital Age. C. J. Bennett and R. Grant (eds). Toronto: University of Toronto Press. 19-38.

Gellman, Robert. (1997). “Conflict and Overlap in Privacy Regulation: National, International, and Private,” in Borders in Cyberspace. B. Kahin and C. Nesson (eds). Cambridge MA: The MIT Press. 255-282.

Lyon, David. (2007). Surveillance Studies: An Overview. Cambridge, UK: Polity Press.

Raab, Charles. (1999). “From Balancing to Steering: New Directions for Data Protection,” in Visions of Privacy: Policy Choices for the Digital Age. C. J. Bennett and R. Grant (eds). Toronto: University of Toronto Press. 68-93.

Solove, Daniel J. (2008). “The New Vulnerability: Data Security and Personal Information,” in Securing Privacy in the Internet Age. A. Chander, L. Gelman, and M. J. Radin (eds). Stanford: Stanford University Press. 111-136.

Other posts you might be interested in:

Analyzing the Verizon-Google Net Neutrality Framework

Christopher — Mon, 16 Aug 2010 18:45:44 +0000

Technology is neither good or bad. It’s also not neutral. Network neutrality, a political rallying cry meant to motivate free-speech, free-culture, and innovation advocates, was reportedly betrayed by Google following the release of a Verizon-Google policy document on network management/neutrality. What the document reveals is that the two corporations, facing a (seemingly) impotent FCC, have gotten the ball rolling by suggesting a set of policies that the FCC could use in developing a network neutrality framework. Unfortunately, there has been little even-handed analysis of this document from the advocates of network neutrality; instead we have witnessed vitriol and over-the-top rhetoric. This is disappointing. While sensational headlines attract readers, they do little to actually inform the public about network neutrality in a detailed, granular, reasonable fashion. Verizon-Google have provided advocates with an opportunity to pointedly articulate their views while the public is watching, and this is not an opportunity that should be squandered with bitter and unproductive criticism.

I’m intending this to be the first of a few posts on network neutrality.[1] In this post, I exclusively work through the principles suggested by Verizon-Google. In this first, and probationary, analysis I will draw on existing American regulatory language and lessons that might be drawn from the Canadian experience surrounding network management. My overall feel of the document published by Verizon-Google is that, in many ways, it’s very conservative insofar as it adheres to dominant North American regulatory approaches. My key suggestion is that instead of rejecting the principles laid out in their entirety we should carefully consider each in turn. During my examination, I hope to identify what principles and/or their elements could be usefully taken up into a government-backed regulatory framework that recognizes the technical, social, and economic potentials of America’s broadband networks.

Background

Before jumping into my discussion of the proposed Verizon-Google principles, I want to provide some background to the network neutrality discussion underway in the US. This background will, ideally, introduce newcomers to the discussion of net neutrality with a basic understanding of political lay of the land that preceded the Verizon-Google policy framework. I want to make clear that I’m not providing a fully comprehensive contextualization, but a basic outline to assist you in placing the policy framework in relation to ongoing processes.

Since a federal appeals court ruled against the FCC in their case against Comcast’s usage of deep packet inspection equipment, the American telecommunications regulator has been struggling. After its defeat in court, the FCC quickly announced its ‘third way’. This is an effort to realign how broadband carriers are regulated in the US. The carriers are presently classified as ‘information services’ instead of ‘telecommunications services’, which limits the FCC’s ability to adjudicate how ISPs actually manage their services. To draw ‘information services’ more significantly into the FCC’s regulatory fold, Chairman Julius Genachowski has proposed that the transmission of broadband Internet access is a telecommunications service, though the actual content that is transmitted is outside of the FCC’s purview. The third way has been incredibly poorly received by major telecommunications carriers and had, in part, been responsible for closed-door meetings between the FCC and net neutrality stakeholders. These meetings were meant to establish a regulatory framework that met network neutrality principles while moderating FCC regulation.

Many of the folks involved in network neutrality are the same people deeply invested in the copyfights of the past decade; Lessig, the EFF, CDT, and similar groups have witnessed the negative consequences of industry-driven back room dealings for copyright extension. [2] While some public interest groups attended the closed-door network neutrality meetings, their involvement was, reputedly, fairly minor.[3] Hopefully as time goes on, more light will be shed on the actual suggestions and compromises proposed in these meetings between public advocates, their corporate counterparts, and the FCC staff in attendance.

While the FCC-driven meetings were ongoing, Verizon and Google had their own private negotiations on what a national broadband policy might look like. This policy was published August 9, 2010 after a weekend of rumors; Edward Wyatt at the New York Times broke a story (“Google and Verizon Near Deal on Web Pay Tiers“) suggesting that Google would pay for ‘special carriage’ on Verizon’s network, and in return Google’s services would faster than those of their competitor. This fee-for-carriage suggestion was denounced by Google, but may have led to a premature release of the Verizon-Google policy document we have today.

As a policy position paper, the document by Verizon-Google has been incredibly effective in energizing discussion around network practices and reinvigorating the discussion in the public eye. The actual framework that was released is helpful, insofar as there are some decent elements, but clearly it needs revision.

For the rest of this post, I will be performing brief and tentative analyses of each principle of the Verizon-Google document. This will often see me refer to prior FCC policies, Canadian regulatory decisions, and academic works around network management and power relations. It’s not intended to be fully comprehensive, but an early effort to collect my thoughts. If you don’t have the time, or desire, to read through these analyses in detail feel free to jump to the end where I’ve tried to briefly summarize my positions. You’ll lose some of the context of the argument, but should leave with a working understanding of my present positions on each principle. I’ll state up front that I’m neither entirely opposed, nor entirely in favour of what Verizon-Google have provided; I’m most interested in picking up their ‘homework assignment’ (as described by Vint Cerf) and playing with the results rather than trying to independently assert a set of principles around network neutrality.

Principle One: Consumer Protections

A broadband Internet access service provider would be prohibited from preventing users of its broadband Internet access service from: sending and receiving lawful content of their choice; running lawful applications and using lawful services of their choice; and connecting their choice of legal devices that do not harm the network or service, facilitate theft of service, or harm other users of the service. There have been serious concerns about the focus on ‘lawful’ in this principle, as there should be. Does this mean that service providers would be justified in throttling, blocking, or otherwise degrading delivery of ‘unlawful content’? How would the differentiation between lawful and non-lawful content types be identified? What constitutes a lawful application and service; is this a reference to some kind of sanctioned and non-sanctioned set of application protocols?

There are considerable concerns around the integration of ‘unlawful’ throughout this principle. Specifically, there are worries that this could lead to systematic blocking of ‘bad’ content and applications. Rather than (exclusively) directing vehement anger towards the corporate giants that have included this in their framework, however, perhaps we should consider the source of this principle. In FCC 05-151, approved in 2005, the FCC outlined the four ‘Internet freedoms’. In principle one, the Commission adopts the principle;

To encourage broadband deployment and preserve and promote the open and interconnected nature of the public Internet, consumers are entitled to access the lawful Internet content of their choice.

This first principle, as written by the FCC, recognizes that consumers are only entitled to access lawful content. The addition in the Verizon-Google proposal is to extend ‘content’ to applications and services as well. Per Carterfone, consumers can attach devices, and make use of the network, so long as the attachments and uses do not damage the network itself. The language “any lawful device” in the Carterfone decision permits the attachment of answering machines, fax machines, and modems to the network at the ends. Applying the principle of charity, I presume that including the language ‘services and applications’ in the Verizon-Google document is intended to clarify the rules laid down in Carterfone. A serious concern, however, is that neither the FCC nor the Verizon-Google policy framework extend the lessons of Carterfone to wireless networks; principle six of the Verizon-Google framework is an attempt to forebear regulation of wireless networks and the FCC has historically been unwilling to extend Carterfone to wireless Voice over Internet Protocol (VoIP) services. Thus, the policy framework issued August 9, 2010 can be seen as integrating the FCC’s already existing position into the corporate-created document.

What can we take away from this principle then? I would suggest that the principle is conservative, insofar as it closely adheres to earlier regulations set forth by the FCC. While we can continue to be worried about ‘lawful content’ in an era where network surveillance practices might be deployed to discriminate between lawful and unlawful content, and ‘harmless’ versus ‘harmful’ application types, the principle established by Verizon-Google isn’t itself pushing the bar very far. Concerns around this principle speak to already existing worries and concerns around network management, concerns derived from existing FCC policies. While there is good reason to be involved in a discussion about ‘lawful content’ and ‘lawful applications’, we need to remind ourselves that this isn’t a novel form of language being assumed by Verizon-Google.

Principle Two: Non-Discrimination Requirement

In providing broadband Internet access service, a provider would be prohibited from engaging in undue discrimination against any lawful Internet content, application, or service in a manner that causes meaningful harm to competition or to users. Prioritization of Internet traffic would be presumed inconsistent with the non-discrimination standard, but the presumption could be rebutted.

Attention must be paid to the phrase ‘meaningful harm to competition or to users’. Adding small amounts of delay to content delivery times can seriously impact the likelihood that users will use a service and/or continue to receive content from the ‘slow’ source. Not only can this potentially cause visitors to never return to your product/site – perhaps instead going to fast products and services provided by the ISP that are guaranteed to be fast – but in the case of websites can impact your visibility via lower Google Pagerank ratings. Slow speeds can have real economic impacts.

The Canadian network neutrality/traffic management hearings included language bordering what is included in the Verizon-Google principle. Specifically, when writing about delaying or slowing down Internet traffic, the CRTC notes (n.126-127) that;

… use of an ITMP [Internet Traffic Management Practice] resulting in the noticeable degradation of time-sensitive Internet traffic will require prior Commission approval under section 36 of the Act.

With respect to non-time-sensitive traffic, the Commission considers that the use of ITMPs that delay such traffic does not require approval under section 36 of the Act. However, the Commission is of the view that non-time-sensitive traffic may be slowed down to such an extent that it amounts to blocking the content and therefore controlling the content and influencing the meaning and purpose. In such a case, section 36 of the Act would be engaged and prior Commission approval would be required.

If we assume that even rudimentary policy learning or interpretation might occur, then the Verizon-Google principle could be read as articulating something resembling what the CRTC has already established. Small-content creators don’t exactly love the CRTC decision, nor even large content creators like the CBC, but adopting something like the Canadian approach would, again, be relatively conservative in the context of North American telecommunications regulation.

Critical commentators are, however, rightfully concerned over the last sentence of the principle. Under what possible conditions could it by non-discriminatory for certain Internet traffic to be prioritized! Wouldn’t such an action add too much ‘intelligence’ to the network, undermining end-to-end arguments?

Perhaps, but not necessarily. At the past two Canadian Telecommunication Summits, pro- and anti-DPI advocates have suggested that a compromise position might be that traffic prioritization is permissible in a network architecture where the user has control over how their own traffic is prioritized. This is a relatively benign approach to traffic management, one that is (arguably) empowering where accompanied by clear user education and accessible user-interfaces. Prioritization is less desired when the telecommunications carrier makes a unilateral decision, without accepting input from the user-base that is substantively drawn into the service providers’ decision-making framework. It is this unilateral decision capacity that has commentators (rightfully) worried; carriers aren’t terribly well known for their active engagement with their customer bases.

While an ideal might be to strip out this last sentence, I almost wonder if having it there is helpful. Carriers have spoken of their prioritization/deprioritization of particular traffic-types; ‘bulk’ traffic is given a lower priority than traffic that is jitter-sensitive. As I understand it, the concern is that particular applications (i.e. Verizon’s own VoIP solution) will be prioritized, rather than a concern that particular application-types (i.e. VoIP in general, which would include both Verizon’s solution, Skype, and other VoIP providers). Perhaps we could ‘simply’ rewrite the sentence in a way to differentiate between application prioritization (bad and not allowed) and application-type prioritization (not necessarily bad, and potentially permissible). Such a distinction would permit prioritization, and were the service provider required to appear before the FCC before implementing the prioritization some ex ante oversight could be performed. Further, such prioritization schemes could be required to come up for independent review periodically. Such reviews would be aimed at preventing new application-types entering the market from being set at a competitive disadvantage on the basis that other application-types receive benefits from packet prioritization.

Principle Three: Transparency

Providers of broadband Internet access service would be required to disclose accurate and relevant information in plain language about the characteristics and capabilities of their offerings, their broadband network management, and other practices necessary for consumers and other users to make informed choices.

The transparency principle, again, is relatively conservative. It parallels the requirements of the Office of the Privacy Commissioner of Canada (OPC) concerning the use of deep packet inspection, where ISPs are required to note how the technology is used in their respective networks, the FCC’s own principle of transparency, and the position on transparency assumed by the CRTC.

In a response to a complaint brought by CIPPIC, the OPC required Bell Canada to include information on how the ISP uses DPI on their webpage. Bell now has a link on their privacy policy page to their network management practices, fulfilling the OPC’s transparency-related requirements.

In the case of the FCC, their proposed ‘sixth principle’ reads as follows;

…providers of broadband Internet access must be transparent about their network management practices.

Finally, the CRTC has a more detailed account of transparency as it relates to traffic management practices, stating that ISPs must disclose five elements of technical management systems to consumers. Specifically, ISPs must disclose:

why ITMPs are being introduced;
who is affected by the ITMP;
when the Internet management will occur;
what type of Internet management (e.g. application, class of application, protocol) is subject to management; and
how the ITMP will affect a user’s Internet experience, including the specific impact on speeds.

Ideally, were the Verizon-Google principle fleshed out by the FCC, the regulator would adopt a set of guidelines similar to those set down by the CRTC. Further, the regulator would adopt the requirements of the OPC, though ideally the FCC would be slightly clearer on what is meant for information to be ‘clear’ to an end-user; I remain unconvinced the burying information in a privacy policy, which then links to additional technical details in the depths of Bell’s website, constitutes ‘clear’ disclosure to most of Bell’s consumers.

This said, while the principle as outlined by Verizon-Google leaves room for improvement, it also extends on the sixth principle established by the FCC. As such, I (again) suggest that this element of the corporate framework is conservative because it hews closely to existing or proposed transparency principles amongst North American regulators.

Principle Four: Network Management

Broadband Internet access service providers are permitted to engage in reasonable network management. Reasonable network management includes any technically sound practice: to reduce or mitigate the effects of congestion on its network; to ensure network security or integrity; to address traffic that is unwanted by or harmful to users, the provider’s network, or the Internet; to ensure service quality to a subscriber; to provide services or capabilities consistent with a consumer’s choices; that is consistent with the technical requirements, standards, or best practices adopted by an independent, widely recognized Internet community governance initiative or standard-setting organization; to prioritize general classes or types of Internet traffic, based on latency; or otherwise to manage the daily operation of its network.

Network management is an interesting issue, and while the principle is ‘conservative’ we should question how it is structured on two grounds. First, with respect to the use of an independent (non-FCC) body to determine best practices and standards, and second in the sense that ‘reasonable network management’ procedures are policy-driven, and less technically oriented. Both of these suggestions are contentious and so I spend a bit of time here in speaking to both points.

Under the Canadian decision, ISPs can manage traffic (i.e engage in network management practices) to ensure network security or protect network integrity. Economic management techniques – those where consumers are billed for excessive usage – are preferred, but technical measures can be deployed in limited fashions as required. The policy principle provided by Verizon-Google captures the issues of security and congestion addressed by the CRTC. Charitably, we can read ‘unwanted traffic’ as referring to email spam, virus laden packets, and other harmful data transmissions coming to, and trying to exit, the ISP network. Such actions are already commonplace amongst many (most? all?) Western ISPs and are helpful because they protect ‘the ends’ from harm while preserving the network’s overall capacities.

The reliance on a standards-setting organization can be read as good – bodies such as the IETF are reputable – or bad – if these bodies are taken to mean American-only ISP/content provider ‘standards’ groups. Concerns have been trumpeted that the latter groups are the referent in this policy principle, but I still haven’t seen actual evidence of that this is, indeed, the referent. A related concern is that, per this principle, were an ISP in compliance with a standards body they would be free from direct FCC regulation. This is true, to a point: at the moment, the FCC’s control over the direct technical capacities of most networks is limited, insofar given that Internet governance bodies are already international groups that (often) escape any particular nation’s all-encompassing sovereign power. Mueller (along with his various colleagues) has written a considerable amount on Internet governance;[4] he has argued that, contra Goldsmith and Wu, nation-states cannot entirely assert their sovereign power in the control of national networks in light of the expanded number of partners in governing global digital networks. Nation-states, and their various institutional organs, can exert considerable influence but not absolute sovereignty over the technical infrastructure of the Internet and expect full integration with the rest of the ‘net.

The concerns about prioritizing particular kinds of content could be problematic, but is equally likely to be helpful. If an ISP actively works to reduce jitter resulting from economically unmanageable congestion then, so long as such prioritization schemas are made public and conform with international best-practices, they can be understood as appropriate, or at least acceptable. Note that this shouldn’t mean that technical measures should permanently be used to manage congestion; shifts to DOCSIS 3.0 and fiber are preferable long-term solutions to managing congestion towards the last mile (where congestion is often most prominent and problematic) but limited technical resolutions may be required as capital expenditures are mobilized to improve the physical network.

From this, I suggest that what Verizon-Google is proposing in this principle is somewhat conservative, and would be entirely conservative if the principle recognized the FCC’s involvement in regulating network management practices. I’ll address a possible division of FCC/international bodies’ responsibilities in a minute, but will ‘tease’ you by stating that granting international bodies ultimate responsibility over the technical elements of network management practices doesn’t necessarily herald the end of the Internet. This statement is made in light of the fact that non-governmental technical bodies already govern various facets of the Internet’s existing infrastructure through the standards setting process.

Before discussing a possible FCC/international bodies division of labor, however, I need to distinguish between the terminology of ‘reasonable network management’ and ‘network management’. I agree with an element of Paul Ohm’s paper that interrogates ISP practices in the US. Ohm identifies reasonable network management as having gained prominence in America following a 2004 speech by Chairman Powell, and the FCC has since adopted reasonable network management as a policy position. While ‘network management’ is a technical issue – Ohm recognizes it as referring “to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems” (1462) – ‘reasonable’ network management is a broader, policy-informed, management apparatus. Specifically, Ohm argues that “it describes not an engineering principle, but a policy conclusion made by weighing the legitimate technological and business goals of network management with what society deems reasonable in light of many principles, including privacy” (1461).

If we accept the division of ‘network management’ and ‘reasonable network management’ as outlined by Ohm, then there is a concern that standards bodies would, in fact, be incapable of establishing ‘reasonable’ network management standards. They could establish network management standards, but without an insight into the realities of particular ISPs and content providers’ relationships, and the economic models underlying these parties, the international groups would be unable to pointedly provide granular international standards.

In light of this potential difficulty I suggest that the policy and economic factors of ‘reasonable network management’ could be kept entirely within the purview of the FCC, while the technical facets of ‘network management’ could be put under FCC purview on a probationary basis. On this basis, where novel management approaches are used those techniques would be regulated by the FCC until an appropriate international technical body came to a conclusion on whether the novel approach adhered to international best practices. The FCC could engage in a consultation, or related, process to integrate those standards into national policy, which would (effectively) see the FCC engage in policy learning/harmonization in technical issues with the global Internet governance community.

This suggestion creates a ‘two-track’ approach to regulation; one that lets America assert its norms and values in management practices, and another that limits over-exuberant novel management techniques while still enabling a flexible technical networking culture. In sum, the two-track approach would see the US retain national/regional sovereignty over non-technical issues – privacy, economics, free speech and so forth – and permit existing international governance bodies to develop the best practices for a functioning Internet community.

Principle Five: Additional Online Services

A provider that offers a broadband Internet access service complying with the above principles could offer any other additional or differentiated services. Such other services would have to be distinguishable in scope and purpose from broadband Internet access service, but could make use of or access Internet content, applications or services and could include traffic prioritization. The FCC would publish an annual report on the effect of these additional services, and immediately report if it finds at any time that these services threaten the meaningful availability of broadband Internet access services or have been devised or promoted in a manner designed to evade these consumer protections.

The additional services proviso has resulted in considerable worries; would this create a two-track Internet, a ‘public’ and a ‘private’ Internet? Would there be price differentials between the services made available over these two Internets?

I’ve already identified a problem with the prior network management principle; let’s assume that the dual track approach is acceptable and so ISPs are prevented from gaming the system to prioritize and deprioritize traffic in a relatively ad hoc manner. I approach the principle of additional online services in two parts: first, from the point of offering ‘other services’, and second, concerning the FCC’s (lack of) regulatory power enshrined in this principle.

Novel bandwidth provision for specialized services happens right now; if you have IPTV coming into your home then your service provider either has, or soon will, segregate a portion of the bandwidth coming into your home to prioritize your IPTV traffic. Rogers and Shaw, Canadian ISPs, have publicly noted that they differentiate bandwidth in their networks so that certain portions are available to different traffic-types. Bandwidth is already provisioned to guarantee certain services at the expense of others.

The wording, ‘clearly differentiated services’, noted in this principle may see some of that aggregate bandwidth provisioned to provide instant-on services, such as a dedicated secure line to your bank [5] or links to an ISP-hosted home monitoring/security system. Such ‘discrete’ uses of the network are not necessarily bad and, in fact, you can imagine that various consumers would welcome the ability to set priorities on various services or receive ‘specialty’ services that are not available over the top. This said, a very real concern surrounding bandwidth segregation and provisioning can be read through Winseck’s work on “netscapes of power”,[6] where a service provider uses their institutional power to impact content/service availability for economic gains. Such differentiation subtly pushes consumers to the service providers’ own offerings in lieu of ‘slower’ third-party, often over the top, offerings.

The FCC should step in whenever there is a netscape of power manifests. This said, a netscape is not necessarily established through the provision of ISP-specific services; such services can be complementary with non-ISP, over the top, services. In the language of Jonathan Zittrain,[7] the ISP-exclusive feature might be the equivalent of an ‘appliance-use’ of the network that competes with ‘generatively-derived’ web systems. Zittrain worries that appliance-like systems (e.g limited-use hardware/software interactions) threaten the ‘generativity’ of the Internet itself. Generativity is defined as a “system’s capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences” (70) but, so long as the ‘public Internet’ is made unconditionally available, I suggest that the generative Internet can peacefully cohabitate with the appliance-Internet.

Let me introduce an example of an instance where appliance-Internet and generative-Internet are arguably not cohabitating. This lack of successful cohabitation results in what appears as a netscape or power, and indicates the value of establishing clear rules for rebalancing the appliance- and generative-Internet. Many Canadians are excited that Netflix, a streaming video service, is finally coming to Canada. Unfortunately, almost immediately after the service was announced one of Canada’s largest ISPs significantly reduced the monthly data caps available to its users. This will reduce the amount of content that Canadians using that ISP can receive from Netflix, ‘encouraging’ those consumers to use the ISP’s own content systems that do not count towards a monthly data cap. This is an example of a netscape of power because an ISP is creating a soft wall around its provisions and encouraging the use of in-house content provision at the expense of Netflix. Arguably, this is a case where an appliance – cable TV offerings – is at odds with the generative Internet. The appliance/generative balance is potentially skewed in this case.

Given the worrying appearance of the imbalance between appliance/generative bandwidth provisions, a regulator should investigate this scenario, possibly on anti-competition grounds. Recognizing that these (anti)competitive activities happen in a converged marketplace, the FCC could avoid the present Canadian situation by developing a heuristic for determining whether the ‘appliance-Internet’ was being used to limit the possibilities of ‘generative-Internet’. Such a heuristic would permit carriers to provide their ‘clearly differentiated services’ while setting clear conditions on how those services operate in relation to generative Internet offerings. Wherever and whenever a netscape was identified the ISP might be forced to adjust their appliance/generative balance. My attention, here, is that a balance is possible. That ISPs want to offer unique services is not necessarily bad in themselves, but such services must be carefully watched and regulated.

Of course, this assumes that the FCC would have a role in adjudicating the appliance-Internet, and the principle outlined by Verizon-Google attempts to forebear that kind of interference. A report is not the same as regulation; the FCC needs to retain regulatory power to prevent a creation of semi-walled gardens, where consumers can venture out from beyond an ISP’s walls but at significant economic or temporal cost. Thus, while appliance and generative networks can potentially function alongside one another without significant difficulties, regulatory oversight must be retained to ensure that the relationship is acceptable.

Principle Six: Wireless Broadband

Because of the unique technical and operational characteristics of wireless networks, and the competitive and still-developing nature of wireless broadband services, only the transparency principle would apply to wireless broadband at this time. The U.S. Government Accountability Office would report to Congress annually on the continued development and robustness of wireless broadband Internet access services.

Anyone who is surprised to see this principle is either new to network policy discussions or has remained willfully ignorant of the ever-present discussions around regulating wireless. ISPs want to keep regulatory authorities at bay from their markets as long as possible, and this principle is just another articulation of this desire. With this in mind, it’s important to note that regulators have generally been hesitant to get involved in regulating wireless broadband in North America. It was roughly nine months after Canada’s traffic management hearings that wireless was drawn into the wireline management framework. The initial forbearance of regulation on wireless caused considerable concern in Canada – Canadians, like their American counterparts, recognize that wireless is the future of broadband markets – but such forbearance was (relatively) quickly reversed. Any principles established by the FCC that include forbearance on wireless could see the same rapid reversal.

Thus, I would suggest that the Verizon-Google principle is conservative. This isn’t to say that such conservatism is necessarily a good thing – nor it is necessarily indicative that I agree with ISP concerns about spectrum scarcity [8] – but that the conservatism is understandable. Ideally, should a principle resembling the Verizon-Google proposal for the wireless market make its way into a regulatory framework it would include a proviso that the issue of wireless regulation would be taken up again within clearly stated period of time. This might let the FCC conduct its own investigations into how it wants to approach the wireless environment, effectively buying it some breathing room without permanently committing (or being committed to) to wireless forbearance.

Principle Seven: Case-by-Case Enforcement

The FCC would enforce the consumer protection and nondiscrimination requirements through case-by-case adjudication, but would have no rulemaking authority with respect to those provisions. Parties would be encouraged to use non- governmental dispute resolution processes established by independent, widely-recognized Internet community governance initiatives, and the FCC would be directed to give appropriate deference to decisions or advisory opinions of such groups. The FCC could grant injunctive relief for violations of the consumer protection and non-discrimination provisions. The FCC could impose a forfeiture of up to $2,000,000 for knowing violations of the consumer-protection or non-discrimination provisions. The proposed framework would not affect rights or obligations under existing Federal or State laws that generally apply to businesses, and would not create any new private right of action.

Principle seven has been heavily criticized, and rightly so. This said, for all of the problems inherent in maintaining that the FCC must limit their regulation of ISPs, some of the suggestions in this principle could adhere to my earlier division between what the FCC might be responsible for and what international standards bodies might be involved in.

The FCC requires rulemaking authority, a capacity to determine what ‘meaningful harm’ is defined as, and the regulator should have its full set regulatory tools to respond to violations of consumer protection laws. I would note that this is also an area where the FTC’s Bureau of Consumer Protection might get involved, as implicitly recognized in the principle’s last sentence. That the FCC should effectively abandon its roles, and rulemaking in particular, makes much of this principle a non-starter.

Having made this claim, however, the position that the FCC would be directed to “give appropriate deference to decisions or advisory opinions of such [independent, widely-recognized Internet community governance] groups” isn’t necessarily bad. If we adopt the division of responsibilities between the FCC and international bodies that I previously articulated in Principle Four (Network Management), a suitable division of labor might be met. To remind you, this division saw the FCC regulating norms and values governing ISPs’ ‘reasonable’ network management, accompanied by limited regulation in non-standardized technical management processes. Technical deference was given to international groups like the IETF after they established technical standards; such ‘formalized’ standards would then be harmonized with FCC policies concerning appropriate technical management of networks within the US. Under this schema an appropriate balance between international groups and the FCC could be struck.

It is important that any independent governance group is international, given that this prevents America’s service providers from assuming the technical policy reins themselves. Further, by separating the ‘reasonable’ from standardized network management practices we might avoid situations where ‘reasonable network practices’ (i.e. policy and business considerations merged with technical realities of the day) are ingrained into the independent policy standards that emerge. Thus, the position that the FCC gives deference to an “independent, widely-recognized Internet community governance” group could be massaged. Whether such massaging is desired, however, is a question and issue extending beyond my efforts here.

Principle Eight: Regulatory Authority

The FCC would have exclusive authority to oversee broadband Internet access service, but would not have any authority over Internet software applications, content or services. Regulatory authorities would not be permitted to regulate broadband Internet access service.

The FCC’s own third way is an effort to extend the definition of ‘access’ to include the transmission of broadband Internet access as a telecommunications service. Under the third way, this means that where an ISP did the equivalent of slowing down a telephone call (let’s not get started on how ugly metaphors will probably get under a third way approach…) then the FCC could step in whenever such delays meaningfully impact the delivery of the telecommunications service. This, in effect, would apply common carrier provisions to ISP services and enable the FCC to stop ISPs from engaging in either unjust or unreasonable practices towards services and applications. Under the third way, however, the FCC would still be prevented from regulating subscription rates or applying various other Title II regulatory tools.

With this in mind, we can see how Principle Eight is designed to stop the third way in its tracks. As I read it, by stemming what ‘access’ refers to the Verizon-Google framework attempts to circumvent the FCC’s reclassification of broadband providers from ‘pure’ information services to information services with limited common carrier requirements. The principle is incredibly important to Verizon (probably less so for Google) if it is to terminate the third way. Given the FCC’s defeat to Comcast, the third way is essential if the regulator is to gain power over how providers manage their networks. I can see nothing in this principle that should be maintained, save that the FCC should continue to have exclusive authority to oversee broadband Internet access services.

Principle Nine: Broadband Access for Americans

Broadband Internet access would be eligible for Federal universal service fund support to spur deployment in unserved areas and to support programs to encourage broadband adoption by low-income populations. In addition, the FCC would be required to complete intercarrier compensation reform within 12 months. Broadband Internet access service and traffic or services using Internet protocol would be considered exclusively interstate in nature. In general, broadband Internet access service providers would ensure that the service is accessible to and usable by individuals with disabilities.

Adopting a principled approach to using the USF for broadband deployment strikes me as entirely reasonable, and is something that the FCC has been mulling for some time. This said, while carriers often argue that ‘intercarrier compensation reform’ will lead to overall lower broadband and phone rates for end-customers, this isn’t always the case. A concern is that reform will serve to (further) advantage large broadband carriers and (further) disadvantage smaller carriers that often struggle with intercarriage rates. While it might be argued that smaller carriers just have to swallow those rates as the cost of doing business, this translates into disadvantaging (often rural) consumers that may not have access to larger carriers’ networks. Further, the combination of opening up the USF, combined with potentially higher carriage raters, could be leveraged by larger carriers to compete with some rural carriers by rolling out their own networks using USF funds and cutting prices, while simultaneously requiring those same carriers pay out more money for carriage. Should this happen (and I stress that this is a hypothetical) I worry that rural customers would be put in an even worse situation than they often are now.

Conclusions

So, at the end of all of this, what do I think? As stated earlier, many of the principles seem relatively non-problematic and/or conservative in the context of North American telecommunications regulation. Others are deeply concerning. Below are brief summaries of the earlier arguments; they lose some of the nuance, but I think effectively capture my overall position on each principle.

Principle one, addressing consumer protections, doesn’t strike me as ‘dangerous’ as suggested by some when it’s juxtaposed against existing FCC policies around lawful content and applications.

Principle two, speaking to non-discrimination, doesn’t strike me a terribly problematic either. So long as regulatory authority is exercised over the decision to prioritize certain traffic, and that traffic is prioritized based on application- or traffic-type as opposed to particular applications (i.e. prioritize VoIP, not Verizon’s VoIP service) then even the potential to prioritize particular classes of traffic isn’t necessarily harmful.

Principle three, addressing the need for transparency, is entirely acceptable. Ideally the principle would hew to decisions in Canada, where there are rules for what information ISPs must provided and how it is provided, or further improve upon the Canadian requirements. Preferably, information on traffic management would be more prominent than on some Canadian ISPs’ websites, but simply requiring that the information is available is a good step in the right direction.

Principle Four, on the topic of network management, is potentially problematic insofar as it limits FCC oversight. I have suggested that there be a division in what is and isn’t overseen by the FCC, a division reflective of some realities of Internet governance. In short, a two-track system would be established. The FCC would retain regulatory authority over non-technical issues such as privacy, economics, free speech, and so forth, and regulate novel instantiations of network management. It would ultimately harmonize technical management practices with standards established by international governance bodies such as the IETF.

Principle Five, concerning additional online services, has justifiably elicited a considerable degree of concern. I suggest that appliance-Internet services do not inherently endanger the generative-Internet, but that regulatory authority is required to ensure that carriers do not create contemporary netscapes of power. The FCC, as such, requires more than report-writing powers and thus Verizon-Google’s proposed ‘check’ to balance carrier power is insufficient as written by the corporate giants.

Principle Six maintains that the FCC should forebear regulation of the wireless environment. I note that similar language emerged in the Canadian network management proceedings, and that the CRTC shortly thereafter included wireless services in the management framework. As a result, the principle here doesn’t strike me as ‘scary’, insofar as principles can be mediated in the future, but I admit that I hold the following opinion: wireless regulation is critical given that the future of broadband is wireless, and the FCC will have to get involved at some point. Canada has decided that the time for regulation is now, and including a proviso to revisit any forbearance on wireless regulation in the US is necessary should a decision be made to not immediately regulate wireless.

Principle Seven, case-by-case enforcement, needs to be significantly reworked. The FCC needs to retain rulemaking authority. This said, a ‘compromise’ might involve the measure noted under principle four, where there is a distinction between the ‘reasonable’ elements of network management and the technical elements of network management. The former would be exclusively under the jurisdiction of the FCC, and the latter would be largely drawn from international bodies’ proposed best practices and standards.

Principle Eight is designed to stop the third-way; as I read it the principle is an attempt to gut common carriage provisions for information services. Such a provision would be a massive setback for the FCC; this principle needs to be rejected out of hand.

Principle Nine is interesting; using the USF for broadband deployment in under serviced areas is relatively uncontroversial, but when combined with a renegotiation of intercarriage rates (which will likely increase rates for smaller ISPs) there is a risk that larger ISPs will draw on the USF to compete in regions exclusively serviced by smaller ISPs while raising carriage rates. When competition is combined with higher carriage rates the smaller ISPs may be endangered, which could hurt rural consumers. The principle doesn’t necessarily have to be rejected out of hand, but serious thought should go into the combined effects of USF for broadband and (likely) higher intercarriage rates.

As a final note, I want to iterate that while this is an area that I study, I learn more about it every day. What I’ve written are early, probationary thoughts. While I certainly hold the positions articulated in this post, those positions are subject to change with new information. If you disagree with me and/or think that I’ve misunderstood or misread things, please feel free to let me know; I’m actively interested in expanding my knowledge in this sphere of telecommunications policy. Given that this is an area of research I’ll be developing on for the next several months, all input is appreciated.

Footnotes

[1] I should note that I’m incredibly uncomfortable with the term ‘network neutrality’ for various theoretical reasons. I hope to spell out these theory-based dislike to the term in the future. For the purposes of limiting the expansiveness of this post, I’ve avoided delving into these dislikes here, but such avoidance should not be taken as either agreeing with the premises of the term itself nor with an acceptance of any particular theory or framework of network neutrality.

[2] For a spectacular reveal of how copyright law is traditionally drafted in the US, see “The Art of Making Copyright Laws” and “Copyright and Compromise” in Litman’s Digital Copyright.

[3] For a full list of those consulted, the the ‘Stakeholder Meetings‘ post over at the Official Blog of the National Broadband Plan.

[4] For more, see Cowhey and Mueller. (2009). “Delegation, Networks, and Internet Governance” in Networked Politics: Agency, Power, and Governance (ed. Kahler). See also, Mueller. (2002). Ruling the Root and Bendrath and Mueller. (2010). “The End of the Net as We Know It? Deep Packet Inspection and Internet Governance” via SSRN.

[5] The notion of direct, secure, banking services was stated during an interview between Peter Nowak and Vint Cert.

[6] Winseck. (2003). “Netscapes of power: convergence, network design, walled gardens, and other strategies of control in the information age” in Surveillance as Social Sorting: Privacy, Risk and Digital Discrimination (ed Lyon).

[7] For the full argument, see Zittrain. (2008). The End of the Internet – And How to Stop It.

[8] I admit to being taken by Cooper’s (2010) position paper entitled “The Myth of Spectrum Scarcity: Why Shuffling Existing Spectrum Among Users Will Not Solve America’s Wireless Broadband Challenge“.

Other posts you might be interested in:

Kinder DRM Still Undermines Digital Abundance

Christopher — Sat, 03 Jul 2010 22:48:00 +0000

We live in an era of digital abundance, an era where we can genuinely rethink the underlying economics of information creation and dissemination as the cost of creation, storage, and dissemination infrastructures approach zero. Against fears that this threatens to ‘undermine’ content production we see the rise in the quantity of content that is produced and, correspondingly, a rise in novel approaches to profit from the generation of that content in an abundant bitscape. We should resist efforts to undermine abundance through Digital Rights Management protocols.

As reported by Ars Technica, the IEEE is developing a novel kind of DRM that would see ‘content’ folders encrypted and only accessible after individuals used decryption keys to access that content. For rights holders and some content producers, this is seen as having the merit of securing their ‘goods’ by attempting the replicate the scarcity of atoms in the bitscape. Consumers would ‘benefit’ because they would not longer have to deal with onerous licensing terms: they would own the keys and the keys would have value because of their capacity to ‘open’ content streams. Of course, this would also introduce the pain in the ass of key management, something that few consumers are likely to want to suffer through any more than the already existing consumer ‘protection’ measures they regularly encounter.

The IEEE’s motivations behind this DRM system are to remedy problems caused by non-rivalrous digital content. Paul Sweazey has stated that;

…a truly non-rivalrous system makes commerce too difficult, even impossible, and that we need to create ways for the digital world to mirror the constraints of the physical one.

The creation of this rivalrous system is seen as a ‘middle road’ between advocates of abundance and total DRM lockdown. I would suggest that what we’re really seeing is just another attempt to undermine (arguably) the most significant quality of the bitscape, which is the capacity to replicate information across networks spanning the globe without diminishing the ‘holdings’ of whomever held the original copy. Moreover, it demonstrates a continued unwillingness and/or inability to experiment with novel business models that, while perhaps reducing overall revenue compared to past years/decades, will enable companies to continue delivering profits in the long-term. Value continues to be perceived as existing in the sales of digital things, and instead of seeking out novel ways to extract derivative value from their ubiquitous existence resulting from widespread copying there is an attempt to totally monetize all copies. This is in defiance of demonstrably successful freemium strategies, as well as other related schemes that work to gain widespread brand awareness and capitalize off the sale of rivalrous goods to a small percentage of users.

I have incredible doubts that any key system will remain secure over the long-haul (and, by long-haul, I mean just 10-20 days of the system being deployed). There are just too many parties that will do everything in their power to break the encryption and key management system, and history has proven that the attackers tend to far outstrip the defenders in the field of content protection algorithms. Central is that technological security systems tend to be incredibly brittle, fail poorly, and enable modes of attack that relatively ineffective against human-based security. Schneier, in his 2006 book Beyond Fear, notes that;

Technology gives attackers leverage because they can do more in an attack. Class breaks give attackers leverage because they can exploit one vulnerability to attack every system within a class. Automation gives attackers leverage because they can exploit vulnerabilities a million times.. Technique propagation gives attackers leverage because now they can try more attacks, including ones they can’t even understand. Action at a distance and aggregation also give attackers leverage because now there are many more potential targets (p. 99).

A DRM scheme that aims to use encryption keys to establish digital bits as rivalrous will fall prey to each of the items noted in that quotation.

Making customers screw around with encryption keys, have adequate key management systems, always requiring connections to the ‘net to access keys, or any other ways that engineers imagine customers dealing with key management is almost destined to fail. Engineers are, in this case, trying to stuff the genie back in a bottle instead of working with progressive MBAs and innovators who are trying to create (and often, though certainly not always, succeeding) novel business models that leverage add-on services, scarce extras, and other things that are genuinely exclusive to monetize digital distribution systems. Focusing on protection, in this case, is the dead wrong way to to and highly unlikely to do much other than waste a lot of people’s time that could otherwise be productively exercised.

Other posts you might be interested in: