Problem:

After months of blissful Bluetooth connectivity, I’ve awoken to discover that neither my Magic Mouse nor my Apple Bluetooth Keyboard are properly pairing. First my Magic Mouse failed to scroll, which led me to remove the Magic Mouse and attempt to pair it to my computer again. This attempt failed. I then rebooted my computer, and was still unable to pair my computer and Magic Mouse. After another restart, my Apple Bluetooth Keyboard was also unable to be be used as an input device with my computer. It is important to note that, while the Bluetooth Device Manager reported this failure to pair, both devices are reported as ‘connected’ under the Bluetooth icon in the OX X menu bar. Neither device, at this point, is responding to any input.

Solution:

1. Delete com.apple.Bluetooth.plist. This file is found at HD/Library/Preferences.
2. Turn off Bluetooth on your Mac. This is done by clicking the Bluetooth icon in the menu bar and selecting ‘Turn Bluetooth Off’.
3. Unplug input-based USB devices (e.g. any USB mice, keyboards, Wacom tablets, etc).
4. Shut down computer. Do *not* restart, but do a full shut down.
5. Turn off your Bluetooth devices.
6. Boot computer.
7. Turn Bluetooth on.
8. Begin pairing devices. This involves clicking: Bluetooth icon in menu bar >> Set up Bluetooth Device >>  Select Bluetooth device >> Follow on-screen instructions. In the case of your keyboard, I would suggest pressing the ‘Enter/Return’ button several times after entering the passphrase shown on your screen.

This should result in your devices being reconnected.

What May Have Provoked/Complicated My Problem:

Shortly before I had this issue with my Bluetooth devices, I updated my MagicPrefs app. This application is meant to give more complete functionality to your Magic Mouse, and to Apple’s new Magic Trackpad as well. Suspecting this might be driving my problem, I removed both applications by:

1. Quitting MagicPrefs by clicking on its icon in the menu bar and selecting ‘Quit’.
2. Drag MagicPrefs.app (found in your Applications folder) to the trash.
3. Open the Preference pane, right-click on Magic Prefs and select ‘Remove MagicPrefs Preference Pane.’ Do the same for the Magic Menu item in the Preferences pane.

I removed these applications prior to the above written solution. This may, or may not, be required to resolve the Bluetooth pairing problem; I haven’t investigated any correlation between the MagicPrefs application and my problem, but felt it valuable to note this element of my troubleshooting process.

Other posts you might be interested in:

1. Solved: Apple SATA II 1.7 Firmware Problems
2. Review: Apple iPad
3. Solved: Apple Time Capsule Not Found in Airport Utility

Digitally Mediated Surveillance: From the Internet to Ubiquitous Computing

Digitally mediated surveillance (cyber-surveillance) is a growing and increasingly controversial aspect of every-day life in ‘advanced’ societies. Governments, corporations and even individuals are deploying digital techniques as diverse as social networking, video analytics, data-mining, wireless packet sniffing, RFID skimming, yet relatively little is known about actual practices and their implications. It is now over 15 years since the advent of the World Wide Web, and of widespread use of the Internet for electronic commerce, electronic government and social networking. The impending emergence of the ‘Internet of things’ promises (or threatens) to further insinuate digital surveillance capabilities into the fabric of daily life. Media alarmists have fueled a general popular understanding that one’s life is an open book when one goes online, making one increasingly subject to unwelcome intrusions. The reality is more complex and contingent on a variety of technological, institutional, legal and cultural factors.

In an effort to better understand and critique cyber-surveillance practices in the context of the wider theoretical and empirical literature on surveillance, we seek annotated bibliographies exploring a number of key topics, including:

• social networking (practices & platforms)
• search engines
• behavioural advertising/targeted marketing
• monitoring and analysis techniques (facial recognition, RFID, video
• analytics, data mining)
• Internet surveillance (deep packet inspection, backbone intercepts)
  resistance (actors, practices, technologies)

Each annotated bibliography will be 5000 words, and contain about 20 entries of 100-250 words in length. Entries will reflect both canonical and emergent debates and references. Bibliographies will include a clearly stated aim, an introduction with a preliminary discussion of the field. An example may be found here. They will be posted in web-friendly formatting for sharing widely among research and advocacy networks.

Completed bibliographies will serve as a resource for participants in the Cyber-Surveillance in Everyday Life International Workshop, hosted at the University of Toronto, May 12-15, 2011, and be publicly available via The New Transparency: Surveillance and Social Sorting website.

Annotated bibliographies will be guided by a subset of questions that inform the Cyber-Surveillance in Everyday Life Workshop, including:

1. We regularly hear about ‘cyber-surveillance’, ‘cyber-security’, and ‘cyber-threats’. What constitutes cyber-surveillance, and what are the empirical and theoretical difficulties in establishing a practical understanding of cyber-surveillance? Is the enterprise of developing a definition useful, or condemned to analytic confusion?
2. What are the motives and strategies of key DMS actors (e.g. surveillance equipment/systems/ strategy/”solutions” providers; police/law enforcement/security agencies; data aggregation brokers; digital infrastructure providers); oversight/regulatory/data protection agencies; civil society organizations, and user/citizens?
3. What are the relationships among key DMS actors (e.g. between social networking site providers)? Between marketers (e.g. Facebook and DoubleClick)? Between digital infrastructure providers and law enforcement (e.g. lawful access)?
4. What business models are enterprises pursuing that promote DMS in a variety of areas, including social networking, location tracking, ID’d transactions etc. What can we expect of DMS in the coming years? What new risks and opportunities are likely?
5. What do people know about the DMS practices and risks they are exposed to in everyday life? What are people’s attitudes to these practices and risks?
6. What are the politics of DMS; who is active? What are their primary interests, what are the possible lines of contention and prospective alliances? What are the promising intervention points and alliances that can promote a more democratically accountable surveillance?
7. What is the relationship between DMS and privacy? Are privacy policies legitimating DMS? Is a re-evaluation of traditional information privacy principles required in light of new and emergent online practices, such as social networking and others?
8. Do deep packet inspection and other surveillance techniques and practices of internet service providers (ISP) threaten personal privacy?
9. How do new technical configurations promote surveillance and challenge privacy? For example, do cloud computing applications pose a greater threat to personal privacy than the client/server model? How do mobile devices and geo-location promote surveillance of individuals?
10. How do the multiple jurisdictions of internet data storage and exchange affect the application of national/international data protection laws?
11. What is the role of advocacy/activist movements in challenging cyber-surveillance?

Those interested should submit a one page word (500 words max) proposal and initial working bibliography for the chosen area.

Successful proposals will demonstrate a familiarity with the relevant literatures and issues, and clear relation to a specified sub-set of the key topics and guiding questions listed above. The deadline for submissions is September 15 and acceptance notifications will be sent September 30, 2010. The deadline for completed annotated bibliographies is December 31, 2010.

The authors (at least three) invited to prepare annotated bibliographies will each be paid CA$2000, in two equal installments—the first upon acceptance of the assignment, and the balance upon satisfactory completion.

Selected authors will also be invited to participate in the Cyber-Surveillance in Everyday Life Workshop at the University of Toronto May 12-15, 2011, with the possibility of their expenses being covered.

For further information, please contact: cybersurveillanceworkshop@gmail.com.

Other posts you might be interested in:

1. Cyber-Surveillance in Everyday Life
2. The Role of Digital Surveillance in Stopping the Past’s Rebirth
3. Deep Packet Inspection and the Confluence of Privacy Regimes

I wanted to let readers know that the New Transparency Project is hosting an international workshop on the theme of Cyber-surveillance in everyday live May 12-15, 2011 at the University of Toronto. Given that topics to be explored in the workshop include social networking, search engines, behavioural advertising/marketing, internet surveillance somewhat generally, and modes of resistance I thought readers here might be interested. Below is the full call for papers, with abstracts due by Oct 1.:

Digitally mediated surveillance (DMS) is an increasingly prevalent, but still largely invisible, aspect of daily life. As we work, play and negotiate public and private spaces, on-line and off, we produce a growing stream of personal digital data of interest to unseen others. CCTV cameras hosted by private and public actors survey and record our movements in public space, as well as in the workplace. Corporate interests track our behaviour as we navigate both social and transactional cyberspaces, data mining our digital doubles and packaging users as commodities for sale to the highest bidder. Governments continue to collect personal information on-line with unclear guidelines for retention and use, while law enforcement increasingly use internet technology to monitor not only criminals but activists and political dissidents as well, with worrisome implications for democracy.

This international workshop brings together researchers, advocates, activists and artists working on the many aspects of cyber-surveillance, particularly as it pervades and mediates social life. This workshop will appeal to those interested in the surveillance aspects of topics such as the following, especially as they raise broader themes and issues that characterize the cyber-surveillance terrain more widely:

• social networking (practices & platforms)
• search engines
• behavioural advertising/targeted marketing
• monitoring and analysis techniques (facial recognition, RFID, video analytics, data mining)
• Internet surveillance (deep packet inspection, backbone intercepts)
• resistance (actors, practices, technologies)

A central concern is to better understand DMS practices, making them more publicly visible and democratically accountable. To do so, we must comprehend what constitutes DMS, delineating parameters for research and analysis. We must further explore the way citizens and consumers experience, engage with and respond to digitally mediated surveillance. Finally, we must develop alliances, responses and counterstrategies to deal with the ongoing creep of digitally mediated surveillance in everyday life.

The workshop adopts a novel structure, mainly comprising a series of themed panels organized to address compelling questions arising around digitally mediated surveillance that cut across the topics listed above. Some illustrative examples:

1. We regularly hear about ‘cyber-surveillance’, ‘cyber-security’, and ‘cyber-threats’. What constitutes cyber-surveillance, and what are the empirical and theoretical difficulties in establishing a practical understanding of cyber-surveillance? Is the enterprise of developing a definition useful, or condemned to analytic confusion?
2. What are the motives and strategies of key DMS actors (e.g. surveillance equipment/systems/ strategy/”solutions” providers; police/law enforcement/security agencies; data aggregation brokers; digital infrastructure providers); oversight/regulatory/data protection agencies; civil society organizations, and user/citizens?
3. What are the relationships among key DMS actors (e.g. between social networking site providers)? Between marketers (e.g. Facebook and DoubleClick)? Between digital infrastructure providers and law enforcement (e.g. lawful access)?
4. What business models are enterprises pursuing that promote DMS in a variety of areas, including social networking, location tracking, ID’d transactions etc. What can we expect of DMS in the coming years? What new risks and opportunities are likely?
5. What do people know about the DMS practices and risks they are exposed to in everyday life? What are people’s attitudes to these practices and risks?
6. What are the politics of DMS; who is active? What are their primary interests, what are the possible lines of contention and prospective alliances? What are the promising intervention points and alliances that can promote a more democratically accountable surveillance?
7. What is the relationship between DMS and privacy? Are privacy policies legitimating DMS? Is a re-evaluation of traditional information privacy principles required in light of new and emergent online practices, such as social networking and others?
8. Do deep packet inspection and other surveillance techniques and practices of internet service providers (ISP) threaten personal privacy?
9. How do new technical configurations promote surveillance and challenge privacy? For example, do cloud computing applications pose a greater threat to personal privacy than the client/server model? How do mobile devices and geo-location promote surveillance of individuals?
10. How do the multiple jurisdictions of internet data storage and exchange affect the application of national/international data protection laws?
11. What is the role of advocacy/activist movements in challenging cyber-surveillance?

In conjunction with the workshop there will be a combination of public events on the theme of cyber-surveillance in everyday life:

• poster session, for presenting and discussing provocative ideas and works in progress
• public lecture or debate
• art exhibition/installation(s)

We invite 500 word abstracts of research papers, position statements, short presentations, works in progress, posters, demonstrations, installations. Each abstract should:

• address explicitly one or more “burning questions” related to digitally-mediated surveillance in everyday life, such as those mentioned above.

• indicate the form of intended contribution (i.e. research paper, position statement, short presentation, work in progress, poster, demonstration, installation)

The workshop will consist of about 40 participants, at least half of whom will be presenters listed on the published program. Funds will be available to support the participation of representatives of civil society organizations.

Accepted research paper authors will be invited to submit a full paper (~6000 words) for presentation and discussion in a multi-party panel session. All accepted submissions will be posted publicly. A selection of papers will be invited for revision and academic publication in a special issue of an open-access, refereed journal such as Surveillance and Society.

In order to facilitate a more holistic conversation, one that reaches beyond academia, we also invite critical position statements, short presentations, works-in-progress, interactive demonstrations, and artistic interpretations of the meaning and import of cyber-surveillance in everyday life. These will be included in the panel sessions or grouped by theme in concurrent ‘birds-of-a-feather’ sessions designed to tease out, more interactively and informally, emergent questions, problems, ideas and future directions. This BoF track is meant to be flexible and contemporary, welcoming a variety of genres.

Timeline:

2010:

Oct. 1: Abstracts (500 words) for research papers, position statements, and other ‘birds-of-a-feather’ submissions

Nov. 15: Notification to authors of accepted research papers, position statements, etc. Abstracts posted to web.

2011:

Feb. 1: Abstracts (500 words) for posters

Mar. 1: Notification to authors of accepted posters.

Apr. 1: Full research papers (5-6000 words) due, and posted to web.

May 12-15 Workshop

Sponsored by: The New Transparency – Surveillance and Social Sorting.

International Program Committee: Jeffrey Chester (Center for Digital Democracy), Roger Clarke (Australian Privacy Foundation), Gus Hosein (Privacy International, London School of Economics), Helen Nissenbaum (New York University), Charles Raab (University of Edinburgh) and Priscilla Regan (George Mason University)

Organizing Committee: Colin Bennett, Andrew Clement, Kate Milberry & Chris Parsons.

University of Toronto & University of Victoria.

Other posts you might be interested in:

1. Call for Cyber-Surveillance Annotated Bibliographies
2. Reflections: Day Zero of ‘Life in a Digital Fishbowl’
3. Deep Packet Inspection and the Confluence of Privacy Regimes

I’m intending this to be the first of a few posts on network neutrality.[1] In this post, I exclusively work through the principles suggested by Verizon-Google. In this first, and probationary, analysis I will draw on existing American regulatory language and lessons that might be drawn from the Canadian experience surrounding network management. My overall feel of the document published by Verizon-Google is that, in many ways, it’s very conservative insofar as it adheres to dominant North American regulatory approaches. My key suggestion is that instead of rejecting the principles laid out in their entirety we should carefully consider each in turn. During my examination, I hope to identify what principles and/or their elements could be usefully taken up into a government-backed regulatory framework that recognizes the technical, social, and economic potentials of America’s broadband networks.

Background

Before jumping into my discussion of the proposed Verizon-Google principles, I want to provide some background to the network neutrality discussion underway in the US. This background will, ideally, introduce newcomers to the discussion of net neutrality with a basic understanding of political lay of the land that preceded the Verizon-Google policy framework. I want to make clear that I’m not providing a fully comprehensive contextualization, but a basic outline to assist you in placing the policy framework in relation to ongoing processes.

Since a federal appeals court ruled against the FCC in their case against Comcast’s usage of deep packet inspection equipment, the American telecommunications regulator has been struggling. After its defeat in court, the FCC quickly announced its ‘third way’. This is an effort to realign how broadband carriers are regulated in the US. The carriers are presently classified as ‘information services’ instead of ‘telecommunications services’, which limits the FCC’s ability to adjudicate how ISPs actually manage their services. To draw ‘information services’ more significantly into the FCC’s regulatory fold, Chairman Julius Genachowski has proposed that the transmission of broadband Internet access is a telecommunications service, though the actual content that is transmitted is outside of the FCC’s purview. The third way has been incredibly poorly received by major telecommunications carriers and had, in part, been responsible for closed-door meetings between the FCC and net neutrality stakeholders. These meetings were meant to establish a regulatory framework that met network neutrality principles while moderating FCC regulation.

Many of the folks involved in network neutrality are the same people deeply invested in the copyfights of the past decade; Lessig, the EFF, CDT, and similar groups have witnessed the negative consequences of industry-driven back room dealings for copyright extension. [2] While some public interest groups attended the closed-door network neutrality meetings, their involvement was, reputedly, fairly minor.[3] Hopefully as time goes on, more light will be shed on the actual suggestions and compromises proposed in these meetings between public advocates, their corporate counterparts, and the FCC staff in attendance.

While the FCC-driven meetings were ongoing, Verizon and Google had their own private negotiations on what a national broadband policy might look like. This policy was published August 9, 2010 after a weekend of rumors; Edward Wyatt at the New York Times broke a story (“Google and Verizon Near Deal on Web Pay Tiers“) suggesting that Google would pay for ’special carriage’ on Verizon’s network, and in return Google’s services would faster than those of their competitor. This fee-for-carriage suggestion was denounced by Google, but may have led to a premature release of the Verizon-Google policy document we have today.

As a policy position paper, the document by Verizon-Google has been incredibly effective in energizing discussion around network practices and reinvigorating the discussion in the public eye. The actual framework that was released is helpful, insofar as there are some decent elements, but clearly it needs revision.

For the rest of this post, I will be performing brief and tentative analyses of each principle of the Verizon-Google document. This will often see me refer to prior FCC policies, Canadian regulatory decisions, and academic works around network management and power relations. It’s not intended to be fully comprehensive, but an early effort to collect my thoughts. If you don’t have the time, or desire, to read through these analyses in detail feel free to jump to the end where I’ve tried to briefly summarize my positions. You’ll lose some of the context of the argument, but should leave with a working understanding of my present positions on each principle. I’ll state up front that I’m neither entirely opposed, nor entirely in favour of what Verizon-Google have provided; I’m most interested in picking up their ‘homework assignment’ (as described by Vint Cerf) and playing with the results rather than trying to independently assert a set of principles around network neutrality.

Principle One: Consumer Protections

A broadband Internet access service provider would be prohibited from preventing users of its broadband Internet access service from: sending and receiving lawful content of their choice; running lawful applications and using lawful services of their choice; and connecting their choice of legal devices that do not harm the network or service, facilitate theft of service, or harm other users of the service. There have been serious concerns about the focus on ‘lawful’ in this principle, as there should be. Does this mean that service providers would be justified in throttling, blocking, or otherwise degrading delivery of ‘unlawful content’? How would the differentiation between lawful and non-lawful content types be identified? What constitutes a lawful application and service; is this a reference to some kind of sanctioned and non-sanctioned set of application protocols?

There are considerable concerns around the integration of ‘unlawful’ throughout this principle. Specifically, there are worries that this could lead to systematic blocking of ‘bad’ content and applications. Rather than (exclusively) directing vehement anger towards the corporate giants that have included this in their framework, however, perhaps we should consider the source of this principle. In FCC 05-151, approved in 2005, the FCC outlined the four ‘Internet freedoms’. In principle one, the Commission adopts the principle;

To encourage broadband deployment and preserve and promote the open and interconnected nature of the public Internet, consumers are entitled to access the lawful Internet content of their choice.

This first principle, as written by the FCC, recognizes that consumers are only entitled to access lawful content. The addition in the Verizon-Google proposal is to extend ‘content’ to applications and services as well. Per Carterfone, consumers can attach devices, and make use of the network, so long as the attachments and uses do not damage the network itself. The language “any lawful device” in the Carterfone decision permits the attachment of answering machines, fax machines, and modems to the network at the ends. Applying the principle of charity, I presume that including the language ’services and applications’ in the Verizon-Google document is intended to clarify the rules laid down in Carterfone. A serious concern, however, is that neither the FCC nor the Verizon-Google policy framework extend the lessons of Carterfone to wireless networks; principle six of the Verizon-Google framework is an attempt to forebear regulation of wireless networks and the FCC has historically been unwilling to extend Carterfone to wireless Voice over Internet Protocol (VoIP) services. Thus, the policy framework issued August 9, 2010 can be seen as integrating the FCC’s already existing position into the corporate-created document.

What can we take away from this principle then? I would suggest that the principle is conservative, insofar as it closely adheres to earlier regulations set forth by the FCC. While we can continue to be worried about ‘lawful content’ in an era where network surveillance practices might be deployed to discriminate between lawful and unlawful content, and ‘harmless’ versus ‘harmful’ application types, the principle established by Verizon-Google isn’t itself pushing the bar very far. Concerns around this principle speak to already existing worries and concerns around network management, concerns derived from existing FCC policies. While there is good reason to be involved in a discussion about ‘lawful content’ and ‘lawful applications’, we need to remind ourselves that this isn’t a novel form of language being assumed by Verizon-Google.

Principle Two: Non-Discrimination Requirement

In providing broadband Internet access service, a provider would be prohibited from engaging in undue discrimination against any lawful Internet content, application, or service in a manner that causes meaningful harm to competition or to users. Prioritization of Internet traffic would be presumed inconsistent with the non-discrimination standard, but the presumption could be rebutted.

Attention must be paid to the phrase ‘meaningful harm to competition or to users’. Adding small amounts of delay to content delivery times can seriously impact the likelihood that users will use a service and/or continue to receive content from the ’slow’ source. Not only can this potentially cause visitors to never return to your product/site – perhaps instead going to fast products and services provided by the ISP that are guaranteed to be fast – but in the case of websites can impact your visibility via lower Google Pagerank ratings. Slow speeds can have real economic impacts.

The Canadian network neutrality/traffic management hearings included language bordering what is included in the Verizon-Google principle. Specifically, when writing about delaying or slowing down Internet traffic, the CRTC notes (n.126-127) that;

… use of an ITMP [Internet Traffic Management Practice] resulting in the noticeable degradation of time-sensitive Internet traffic will require prior Commission approval under section 36 of the Act.

With respect to non-time-sensitive traffic, the Commission considers that the use of ITMPs that delay such traffic does not require approval under section 36 of the Act. However, the Commission is of the view that non-time-sensitive traffic may be slowed down to such an extent that it amounts to blocking the content and therefore controlling the content and influencing the meaning and purpose. In such a case, section 36 of the Act would be engaged and prior Commission approval would be required.

If we assume that even rudimentary policy learning or interpretation might occur, then the Verizon-Google principle could be read as articulating something resembling what the CRTC has already established. Small-content creators don’t exactly love the CRTC decision, nor even large content creators like the CBC, but adopting something like the Canadian approach would, again, be relatively conservative in the context of North American telecommunications regulation.

Critical commentators are, however, rightfully concerned over the last sentence of the principle. Under what possible conditions could it by non-discriminatory for certain Internet traffic to be prioritized! Wouldn’t such an action add too much ‘intelligence’ to the network, undermining end-to-end arguments?

Perhaps, but not necessarily. At the past two Canadian Telecommunication Summits, pro- and anti-DPI advocates have suggested that a compromise position might be that traffic prioritization is permissible in a network architecture where the user has control over how their own traffic is prioritized. This is a relatively benign approach to traffic management, one that is (arguably) empowering where accompanied by clear user education and accessible user-interfaces. Prioritization is less desired when the telecommunications carrier makes a unilateral decision, without accepting input from the user-base that is substantively drawn into the service providers’ decision-making framework. It is this unilateral decision capacity that has commentators (rightfully) worried; carriers aren’t terribly well known for their active engagement with their customer bases.

While an ideal might be to strip out this last sentence, I almost wonder if having it there is helpful. Carriers have spoken of their prioritization/deprioritization of particular traffic-types; ‘bulk’ traffic is given a lower priority than traffic that is jitter-sensitive. As I understand it, the concern is that particular applications (i.e. Verizon’s own VoIP solution) will be prioritized, rather than a concern that particular application-types (i.e. VoIP in general, which would include both Verizon’s solution, Skype, and other VoIP providers). Perhaps we could ’simply’ rewrite the sentence in a way to differentiate between application prioritization (bad and not allowed) and application-type prioritization (not necessarily bad, and potentially permissible). Such a distinction would permit prioritization, and were the service provider required to appear before the FCC before implementing the prioritization some ex ante oversight could be performed. Further, such prioritization schemes could be required to come up for independent review periodically. Such reviews would be aimed at preventing new application-types entering the market from being set at a competitive disadvantage on the basis that other application-types receive benefits from packet prioritization.

Principle Three: Transparency

Providers of broadband Internet access service would be required to disclose accurate and relevant information in plain language about the characteristics and capabilities of their offerings, their broadband network management, and other practices necessary for consumers and other users to make informed choices.

The transparency principle, again, is relatively conservative. It parallels the requirements of the Office of the Privacy Commissioner of Canada (OPC) concerning the use of deep packet inspection, where ISPs are required to note how the technology is used in their respective networks, the FCC’s own principle of transparency, and the position on transparency assumed by the CRTC.

In a response to a complaint brought by CIPPIC, the OPC required Bell Canada to include information on how the ISP uses DPI on their webpage. Bell now has a link on their privacy policy page to their network management practices, fulfilling the OPC’s transparency-related requirements.

In the case of the FCC, their proposed ’sixth principle’ reads as follows;

…providers of broadband Internet access must be transparent about their network management practices.

Finally, the CRTC has a more detailed account of transparency as it relates to traffic management practices, stating that ISPs must disclose five elements of technical management systems to consumers. Specifically, ISPs must disclose:

1. why ITMPs are being introduced;
2. who is affected by the ITMP;
3. when the Internet management will occur;
4. what type of Internet management (e.g. application, class of application, protocol) is subject to management; and
5. how the ITMP will affect a user’s Internet experience, including the specific impact on speeds.

Ideally, were the Verizon-Google principle fleshed out by the FCC, the regulator would adopt a set of guidelines similar to those set down by the CRTC. Further, the regulator would adopt the requirements of the OPC, though ideally the FCC would be slightly clearer on what is meant for information to be ‘clear’ to an end-user; I remain unconvinced the burying information in a privacy policy, which then links to additional technical details in the depths of Bell’s website, constitutes ‘clear’ disclosure to most of Bell’s consumers.

This said, while the principle as outlined by Verizon-Google leaves room for improvement, it also extends on the sixth principle established by the FCC. As such, I (again) suggest that this element of the corporate framework is conservative because it hews closely to existing or proposed transparency principles amongst North American regulators.

Principle Four: Network Management

Broadband Internet access service providers are permitted to engage in reasonable network management. Reasonable network management includes any technically sound practice: to reduce or mitigate the effects of congestion on its network; to ensure network security or integrity; to address traffic that is unwanted by or harmful to users, the provider’s network, or the Internet; to ensure service quality to a subscriber; to provide services or capabilities consistent with a consumer’s choices; that is consistent with the technical requirements, standards, or best practices adopted by an independent, widely recognized Internet community governance initiative or standard-setting organization; to prioritize general classes or types of Internet traffic, based on latency; or otherwise to manage the daily operation of its network.

Network management is an interesting issue, and while the principle is ‘conservative’ we should question how it is structured on two grounds. First, with respect to the use of an independent (non-FCC) body to determine best practices and standards, and second in the sense that ‘reasonable network management’ procedures are policy-driven, and less technically oriented. Both of these suggestions are contentious and so I spend a bit of time here in speaking to both points.

Under the Canadian decision, ISPs can manage traffic (i.e engage in network management practices) to ensure network security or protect network integrity. Economic management techniques – those where consumers are billed for excessive usage – are preferred, but technical measures can be deployed in limited fashions as required. The policy principle provided by Verizon-Google captures the issues of security and congestion addressed by the CRTC. Charitably, we can read ‘unwanted traffic’ as referring to email spam, virus laden packets, and other harmful data transmissions coming to, and trying to exit, the ISP network. Such actions are already commonplace amongst many (most? all?) Western ISPs and  are helpful because they protect ‘the ends’ from harm while preserving the network’s overall capacities.

The reliance on a standards-setting organization can be read as good – bodies such as the IETF are reputable – or bad – if these bodies are taken to mean American-only ISP/content provider ’standards’ groups. Concerns have been trumpeted that the latter groups are the referent in this policy principle, but I still haven’t seen actual evidence of that this is, indeed, the referent. A related concern is that, per this principle, were an ISP in compliance with a standards body they would be free from direct FCC regulation. This is true, to a point: at the moment, the FCC’s control over the direct technical capacities of most networks is limited, insofar given that Internet governance bodies are already international groups that (often) escape any particular nation’s all-encompassing sovereign power. Mueller (along with his various colleagues) has written a considerable amount on Internet governance;[4] he has argued that, contra Goldsmith and Wu, nation-states cannot entirely assert their sovereign power in the control of national networks in light of the expanded number of partners in governing global digital networks. Nation-states, and their various institutional organs, can exert considerable influence but not absolute sovereignty over the technical infrastructure of the Internet and expect full integration with the rest of the ‘net.

The concerns about prioritizing particular kinds of content could be problematic, but is equally likely to be helpful. If an ISP actively works to reduce jitter resulting from economically unmanageable congestion then, so long as such prioritization schemas are made public and conform with international best-practices, they can be understood as appropriate, or at least acceptable. Note that this shouldn’t mean that technical measures should permanently be used to manage congestion; shifts to DOCSIS 3.0 and fiber are preferable long-term solutions to managing congestion towards the last mile (where congestion is often most prominent and problematic) but limited technical resolutions may be required as capital expenditures are mobilized to improve the physical network.

From this, I suggest that what Verizon-Google is proposing in this principle is somewhat conservative, and would be entirely conservative if the principle recognized the FCC’s involvement in regulating network management practices. I’ll address a possible division of FCC/international bodies’ responsibilities in a minute, but will ‘tease’ you by stating that granting international bodies ultimate responsibility over the technical elements of network management practices doesn’t necessarily herald the end of the Internet. This statement is made in light of the fact that non-governmental technical bodies already govern various facets of the Internet’s existing infrastructure through the standards setting process.

Before discussing a possible FCC/international bodies division of labor, however, I need to distinguish between the terminology of ‘reasonable network management’ and ‘network management’. I agree with an element of Paul Ohm’s paper that interrogates ISP practices in the US. Ohm identifies reasonable network management as having gained prominence in America following a 2004 speech by Chairman Powell, and the FCC has since adopted reasonable network management as a policy position. While ‘network management’ is a technical issue – Ohm recognizes it as referring “to the activities, methods, procedures, and tools that pertain to the operation, administration, maintenance, and provisioning of networked systems” (1462) – ‘reasonable’ network management is a broader, policy-informed, management apparatus. Specifically, Ohm argues that “it describes not an engineering principle, but a policy conclusion made by weighing the legitimate technological and business goals of network management with what society deems reasonable in light of many principles, including privacy” (1461).

If we accept the division of ‘network management’ and ‘reasonable network management’ as outlined by Ohm, then there is a concern that standards bodies would, in fact, be incapable of establishing ‘reasonable’ network management standards. They could establish network management standards, but without an insight into the realities of particular ISPs and content providers’ relationships, and the economic models underlying these parties, the international groups would be unable to pointedly provide granular international standards.

In light of this potential difficulty I suggest that the policy and economic factors of ‘reasonable network management’ could be kept entirely within the purview of the FCC, while the technical facets of ‘network management’ could be put under FCC purview on a probationary basis. On this basis, where novel management approaches are used those techniques would be regulated by the FCC until an appropriate international technical body came to a conclusion on whether the novel approach adhered to international best practices. The FCC could engage in a consultation, or related, process to integrate those standards into national policy, which would (effectively) see the FCC engage in policy learning/harmonization in technical issues with the global Internet governance community.

This suggestion creates a ‘two-track’ approach to regulation; one that lets America assert its norms and values in management practices, and another that limits over-exuberant novel management techniques while still enabling a flexible technical networking culture. In sum, the two-track approach would see the US retain national/regional sovereignty over non-technical issues – privacy, economics, free speech and so forth – and permit existing international governance bodies to develop the best practices for a functioning Internet community.

Principle Five: Additional Online Services

A provider that offers a broadband Internet access service complying with the above principles could offer any other additional or differentiated services. Such other services would have to be distinguishable in scope and purpose from broadband Internet access service, but could make use of or access Internet content, applications or services and could include traffic prioritization. The FCC would publish an annual report on the effect of these additional services, and immediately report if it finds at any time that these services threaten the meaningful availability of broadband Internet access services or have been devised or promoted in a manner designed to evade these consumer protections.

The additional services proviso has resulted in considerable worries; would this create a two-track Internet, a ‘public’ and a ‘private’ Internet? Would there be price differentials between the services made available over these two Internets?

I’ve already identified a problem with the prior network management principle; let’s assume that the dual track approach is acceptable and so ISPs are prevented from gaming the system to prioritize and deprioritize traffic in a relatively ad hoc manner. I approach the principle of additional online services in two parts: first, from the point of offering ‘other services’, and second, concerning the FCC’s (lack of) regulatory power enshrined in this principle.

Novel bandwidth provision for specialized services happens right now; if you have IPTV coming into your home then your service provider either has, or soon will, segregate a portion of the bandwidth coming into your home to prioritize your IPTV traffic. Rogers and Shaw, Canadian ISPs, have publicly noted that they differentiate bandwidth in their networks so that certain portions are available to different traffic-types. Bandwidth is already provisioned to guarantee certain services at the expense of others.

The wording, ‘clearly differentiated services’, noted in this principle may see some of that aggregate bandwidth provisioned to provide instant-on services, such as a dedicated secure line to your bank[5] or links to an ISP-hosted home monitoring/security system. Such ‘discrete’ uses of the network are not necessarily bad and, in fact, you can imagine that various consumers would welcome the ability to set priorities on various services or receive ‘specialty’ services that are not available over the top. This said, a very real concern surrounding bandwidth segregation and provisioning can be read through Winseck’s work on “netscapes of power”,[6] where a service provider uses their institutional power to impact content/service availability for economic gains. Such differentiation subtly pushes consumers to the service providers’ own offerings in lieu of ’slower’ third-party, often over the top, offerings.

The FCC should step in whenever there is a netscape of power manifests. This said, a netscape is not necessarily established through the provision of ISP-specific services; such services can be complementary with non-ISP, over the top, services. In the language of Jonathan Zittrain,[7] the ISP-exclusive feature might be the equivalent of an ‘appliance-use’ of the network that competes with ‘generatively-derived’ web systems. Zittrain worries that appliance-like systems (e.g limited-use hardware/software interactions) threaten the ‘generativity’ of the Internet itself. Generativity is defined as a “system’s capacity to produce unanticipated change through unfiltered contributions from broad and varied audiences” (70) but, so long as the ‘public Internet’ is made unconditionally available, I suggest that the generative Internet can peacefully cohabitate with the appliance-Internet.

Let me introduce an example of an instance where appliance-Internet and generative-Internet are arguably not cohabitating. This lack of successful cohabitation results in what appears as a netscape or power, and indicates the value of establishing clear rules for rebalancing the appliance- and generative-Internet. Many Canadians are excited that Netflix, a streaming video service, is finally coming to Canada. Unfortunately, almost immediately after the service was announced one of Canada’s largest ISPs significantly reduced the monthly data caps available to its users. This will reduce the amount of content that Canadians using that ISP can receive from Netflix, ‘encouraging’ those consumers to use the ISP’s own content systems that do not count towards a monthly data cap. This is an example of a netscape of power because an ISP is creating a soft wall around its provisions and encouraging the use of in-house content provision at the expense of Netflix. Arguably, this is a case where an appliance – cable TV offerings – is at odds with the generative Internet. The appliance/generative balance is potentially skewed in this case.

Given the worrying appearance of the imbalance between appliance/generative bandwidth provisions, a regulator should investigate this scenario, possibly on anti-competition grounds. Recognizing that these (anti)competitive activities happen in a converged marketplace, the FCC could avoid the present Canadian situation by developing a heuristic for determining whether the ‘appliance-Internet’ was being used to limit the possibilities of ‘generative-Internet’. Such a heuristic would permit carriers to provide their ‘clearly differentiated services’ while setting clear conditions on how those services operate in relation to generative Internet offerings. Wherever and whenever a netscape was identified the ISP might be forced to adjust their appliance/generative balance. My attention, here, is that a balance is possible. That ISPs want to offer unique services is not necessarily bad in themselves, but such services must be carefully watched and regulated.

Of course, this assumes that the FCC would have a role in adjudicating the appliance-Internet, and the principle outlined by Verizon-Google attempts to forebear that kind of interference. A report is not the same as regulation; the FCC needs to retain regulatory power to prevent a creation of semi-walled gardens, where consumers can venture out from beyond an ISP’s walls but at significant economic or temporal cost. Thus, while appliance and generative networks can potentially function alongside one another without significant difficulties, regulatory oversight must be retained to ensure that the relationship is acceptable.

Principle Six: Wireless Broadband

Because of the unique technical and operational characteristics of wireless networks, and the competitive and still-developing nature of wireless broadband services, only the transparency principle would apply to wireless broadband at this time. The U.S. Government Accountability Office would report to Congress annually on the continued development and robustness of wireless broadband Internet access services.

Anyone who is surprised to see this principle is either new to network policy discussions or has remained willfully ignorant of the ever-present discussions around regulating wireless. ISPs want to keep regulatory authorities at bay from their markets as long as possible, and this principle is just another articulation of this desire. With this in mind, it’s important to note that regulators have generally been hesitant to get involved in regulating wireless broadband in North America. It was roughly nine months after Canada’s traffic management hearings that wireless was drawn into the wireline management framework. The initial forbearance of regulation on wireless caused considerable concern in Canada – Canadians, like their American counterparts, recognize that wireless is the future of broadband markets – but such forbearance was (relatively) quickly reversed. Any principles established by the FCC that include forbearance on wireless could see the same rapid reversal.

Thus, I would suggest that the Verizon-Google principle is conservative. This isn’t to say that such conservatism is necessarily a good thing – nor it is necessarily indicative that I agree with ISP concerns about spectrum scarcity[8] – but that the conservatism is understandable. Ideally, should a principle resembling the Verizon-Google proposal for the wireless market make its way into a regulatory framework it would include a proviso that the issue of wireless regulation would be taken up again within clearly stated period of time. This might let the FCC conduct its own investigations into how it wants to approach the wireless environment, effectively buying it some breathing room without permanently committing (or being committed to) to wireless forbearance.

Principle Seven: Case-by-Case Enforcement

The FCC would enforce the consumer protection and nondiscrimination requirements through case-by-case adjudication, but would have no rulemaking authority with respect to those provisions. Parties would be encouraged to use non- governmental dispute resolution processes established by independent, widely-recognized Internet community governance initiatives, and the FCC would be directed to give appropriate deference to decisions or advisory opinions of such groups. The FCC could grant injunctive relief for violations of the consumer protection and non-discrimination provisions. The FCC could impose a forfeiture of up to $2,000,000 for knowing violations of the consumer-protection or non-discrimination provisions. The proposed framework would not affect rights or obligations under existing Federal or State laws that generally apply to businesses, and would not create any new private right of action.

Principle seven has been heavily criticized, and rightly so. This said, for all of the problems inherent in maintaining that the FCC must limit their regulation of ISPs, some of the suggestions in this principle could adhere to my earlier division between what the FCC might be responsible for and what international standards bodies might be involved in.

The FCC requires rulemaking authority, a capacity to determine what ‘meaningful harm’ is defined as, and the regulator should have its full set regulatory tools to respond to violations of consumer protection laws. I would note that this is also an area where the FTC’s Bureau of Consumer Protection might get involved, as implicitly recognized in the principle’s last sentence. That the FCC should effectively abandon its roles, and rulemaking in particular, makes much of this principle a non-starter.

Having made this claim, however, the position that the FCC would be directed to “give appropriate deference to decisions or advisory opinions of such [independent, widely-recognized Internet community governance] groups” isn’t necessarily bad. If we adopt the division of responsibilities between the FCC and international bodies that I previously articulated in Principle Four (Network Management), a suitable division of labor might be met. To remind you, this division saw the FCC regulating norms and values governing ISPs’ ‘reasonable’ network management, accompanied by limited regulation in non-standardized technical management processes. Technical deference was given to international groups like the IETF after they established technical standards; such ‘formalized’ standards would then be harmonized with FCC policies concerning appropriate technical management of networks within the US. Under this schema an appropriate balance between international groups and the FCC could be struck.

It is important that any independent governance group is international, given that this prevents America’s service providers from assuming the technical policy reins themselves. Further, by separating the ‘reasonable’ from standardized network management practices we might avoid situations where ‘reasonable network practices’ (i.e. policy and business considerations merged with technical realities of the day) are ingrained into the independent policy standards that emerge. Thus, the position that the FCC gives deference to an “independent, widely-recognized Internet community governance” group could be massaged. Whether such massaging is desired, however, is a question and issue extending beyond my efforts here.

Principle Eight: Regulatory Authority

The FCC would have exclusive authority to oversee broadband Internet access service, but would not have any authority over Internet software applications, content or services. Regulatory authorities would not be permitted to regulate broadband Internet access service.

The FCC’s own third way is an effort to extend the definition of ‘access’ to include the transmission of broadband Internet access as a telecommunications service. Under the third way, this means that where an ISP did the equivalent of slowing down a telephone call (let’s not get started on how ugly metaphors will probably get under a third way approach…) then the FCC could step in whenever such delays meaningfully impact the delivery of the telecommunications service. This, in effect, would apply common carrier provisions to ISP services and enable the FCC to stop ISPs from engaging in either unjust or unreasonable practices towards services and applications. Under the third way, however, the FCC would still be prevented from regulating subscription rates or applying various other Title II regulatory tools.

With this in mind, we can see how Principle Eight is designed to stop the third way in its tracks. As I read it, by stemming what ‘access’ refers to the Verizon-Google framework attempts to circumvent the FCC’s reclassification of broadband providers from ‘pure’ information services to information services with limited common carrier requirements. The principle is incredibly important to Verizon (probably less so for Google) if it is to terminate the third way. Given the FCC’s defeat to Comcast, the third way is essential if the regulator is to gain power over how providers manage their networks. I can see nothing in this principle that should be maintained, save that the FCC should continue to have exclusive authority to oversee broadband Internet access services.

Principle Nine: Broadband Access for Americans

Broadband Internet access would be eligible for Federal universal service fund support to spur deployment in unserved areas and to support programs to encourage broadband adoption by low-income populations. In addition, the FCC would be required to complete intercarrier compensation reform within 12 months. Broadband Internet access service and traffic or services using Internet protocol would be considered exclusively interstate in nature. In general, broadband Internet access service providers would ensure that the service is accessible to and usable by individuals with disabilities.

Adopting a principled approach to using the USF for broadband deployment strikes me as entirely reasonable, and is something that the FCC has been mulling for some time. This said, while carriers often argue that ‘intercarrier compensation reform’ will lead to overall lower broadband and phone rates for end-customers, this isn’t always the case. A concern is that reform will serve to (further) advantage large broadband carriers and (further) disadvantage smaller carriers that often struggle with intercarriage rates. While it might be argued that smaller carriers just have to swallow those rates as the cost of doing business, this translates into disadvantaging (often rural) consumers that may not have access to larger carriers’ networks. Further, the combination of opening up the USF, combined with potentially higher carriage raters, could be leveraged by larger carriers to compete with some rural carriers by rolling out their own networks using USF funds and cutting prices, while simultaneously requiring those same carriers pay out more money for carriage. Should this happen (and I stress that this is a hypothetical) I worry that rural customers would be put in an even worse situation than they often are now.

Conclusions

So, at the end of all of this, what do I think? As stated earlier, many of the principles seem relatively non-problematic and/or conservative in the context of North American telecommunications regulation. Others are deeply concerning. Below are brief summaries of the earlier arguments; they lose some of the nuance, but I think effectively capture my overall position on each principle.

Principle one, addressing consumer protections, doesn’t strike me as ‘dangerous’ as suggested by some when it’s juxtaposed against existing FCC policies around lawful content and applications.

Principle two, speaking to non-discrimination, doesn’t strike me a terribly problematic either. So long as regulatory authority is exercised over the decision to prioritize certain traffic, and that traffic is prioritized based on application- or traffic-type as opposed to particular applications (i.e. prioritize VoIP, not Verizon’s VoIP service) then even the potential to prioritize particular classes of traffic isn’t necessarily harmful.

Principle three, addressing the need for transparency, is entirely acceptable. Ideally the principle would hew to decisions in Canada, where there are rules for what information ISPs must provided and how it is provided, or further improve upon the Canadian requirements. Preferably, information on traffic management would be more prominent than on some Canadian ISPs’ websites, but simply requiring that the information is available is a good step in the right direction.

Principle Four, on the topic of network management, is potentially problematic insofar as it limits FCC oversight. I have suggested that there be a division in what is and isn’t overseen by the FCC, a division reflective of some realities of Internet governance. In short, a two-track system would be established. The FCC would retain regulatory authority over non-technical issues such as privacy, economics, free speech, and so forth, and regulate novel instantiations of network management. It would ultimately harmonize technical management practices with standards established by international governance bodies such as the IETF.

Principle Five, concerning additional online services, has justifiably elicited a considerable degree of concern. I suggest that appliance-Internet services do not inherently endanger the generative-Internet, but that regulatory authority is required to ensure that carriers do not create contemporary netscapes of power. The FCC, as such, requires more than report-writing powers and thus Verizon-Google’s proposed ‘check’ to balance carrier power is insufficient as written by the corporate giants.

Principle Six maintains that the FCC should forebear regulation of the wireless environment. I note that similar language emerged in the Canadian network management proceedings, and that the CRTC shortly thereafter included wireless services in the management framework. As a result, the principle here doesn’t strike me as ’scary’, insofar as principles can be mediated in the future, but I admit that I hold the following opinion: wireless regulation is critical given that the future of broadband is wireless, and the FCC will have to get involved at some point. Canada has decided that the time for regulation is now, and including a proviso to revisit any forbearance on wireless regulation in the US is necessary should a decision be made to not immediately regulate wireless.

Principle Seven, case-by-case enforcement, needs to be significantly reworked. The FCC needs to retain rulemaking authority. This said, a ‘compromise’ might involve the measure noted under principle four, where there is a distinction between the ‘reasonable’ elements of network management and the technical elements of network management. The former would be exclusively under the jurisdiction of the FCC, and the latter would be largely drawn from international bodies’ proposed best practices and standards.

Principle Eight is designed to stop the third-way; as I read it the principle is an attempt to gut common carriage provisions for information services. Such a provision would be a massive setback for the FCC; this principle needs to be rejected out of hand.

Principle Nine is interesting; using the USF for broadband deployment in under serviced areas is relatively uncontroversial, but when combined with a renegotiation of intercarriage rates (which will likely increase rates for smaller ISPs) there is a risk that larger ISPs will draw on the USF to compete in regions exclusively serviced by smaller ISPs while raising carriage rates. When competition is combined with higher carriage rates the smaller ISPs may be endangered, which could hurt rural consumers. The principle doesn’t necessarily have to be rejected out of hand, but serious thought should go into the combined effects of USF for broadband and (likely) higher intercarriage rates.

As a final note, I want to iterate that while this is an area that I study, I learn more about it every day. What I’ve written are early, probationary thoughts. While I certainly hold the positions articulated in this post, those positions are subject to change with new information. If you disagree with me and/or think that I’ve misunderstood or misread things, please feel free to let me know; I’m actively interested in expanding my knowledge in this sphere of telecommunications policy. Given that this is an area of research I’ll be developing on for the next several months, all input is appreciated.

Footnotes

[1] I should note that I’m incredibly uncomfortable with the term ‘network neutrality’ for various theoretical reasons. I hope to spell out these theory-based dislike to the term in the future. For the purposes of limiting the expansiveness of this post, I’ve avoided delving into these dislikes here, but such avoidance should not be taken as either agreeing with the premises of the term itself nor with an acceptance of any particular theory or framework of network neutrality.

[2] For a spectacular reveal of how copyright law is traditionally drafted in the US, see “The Art of Making Copyright Laws” and “Copyright and Compromise” in Litman’s Digital Copyright.

[3] For a full list of those consulted, the the ‘Stakeholder Meetings‘ post over at the Official Blog of the National Broadband Plan.

[4] For more, see Cowhey and Mueller. (2009). “Delegation, Networks, and Internet Governance” in Networked Politics: Agency, Power, and Governance (ed. Kahler). See also, Mueller. (2002). Ruling the Root and Bendrath and Mueller. (2010). “The End of the Net as We Know It? Deep Packet Inspection and Internet Governance” via SSRN.

[5] The notion of direct, secure, banking services was stated during an interview between Peter Nowak and Vint Cert.

[6] Winseck. (2003). “Netscapes of power: convergence, network design, walled gardens, and other strategies of control in the information age” in Surveillance as Social Sorting: Privacy, Risk and Digital Discrimination (ed Lyon).

[7] For the full argument, see Zittrain. (2008). The End of the Internet – And How to Stop It.

[8] I admit to being taken by Cooper’s (2010) position paper entitled “The Myth of Spectrum Scarcity: Why Shuffling Existing Spectrum Among Users Will Not Solve America’s Wireless Broadband Challenge“.

Other posts you might be interested in:

1. Background to North American Politics of Deep Packet Inspection
2. Analysis: ipoque, DPI, and Network Neutrality
3. Choosing Winners with Deep Packet Inspection

After the post, and quotations turned up on P2Pnet, folks at Feeva quickly got ahold of me. I’ve since had a few conversations with them. It turns out that (a) there were factual inaccuracies in the Wired article; (b) Feeva isn’t the privacy-devastating monster that they came off as in the Wired article. Given my increased familiarity with the technology I wanted to better outline what their technology does and alter my earlier post’s conclusion: Feeva is employing a surprising privacy-protective advertising system. As it stands, their system is a whole lot better at limiting infringements on individuals’ privacy for advertising-related purposes than any other scalable model that I’m presently aware of.

Before I get into the post proper, however, I do want to note that I am somewhat limited in the totality of what I can speak about. I’ve spoken with both Feeva’s Chief Technology Officer, Miten Sampat, and Chief Privacy Officer, Dr. Don Lloyd Cook, and they’ve been incredibly generous in sharing both their time and corporate information. The two have been incredibly forthcoming with the technical details of the system employed and (unsurprisingly) some of this information is protected. As such, I can’t get into super-specifics (i.e. X technology uses Y protocol and Z hardware) but, while some abstractions are required, I think that I’ve managed to get across key elements of the system they’ve put in place.

The Feeva system is designed to avoid the privacy concerns associated with behavioural online advertising (such as those that emerged with NebuAd, Phorm, and DoubleClick) whilst also ensuring that individuals are not susceptible to opt-out problems associated with cookie opt-outs. (The problem with any cookie-based opt-out scheme is that opting-out requires your computing hosting a unique cookie. After deleting cookies that opted you out of the behavioural advertising, you find yourself opted back into the ad network again!) Feeva’s approach sees ISPs scrub out clearly identifiable personal information (name, account number, etc.) and passes to Feeva a unique number (representing the customer) and geolocation information (ZIP/ZIP+4) about the number. This scrubbing means that Feeva is unaware of what numbers would correlate to what people; members of the company repeatedly stated to me that they don’t want to know who individuals are, and keeping their hands clean of personal information is seen as a selling feature of their approach. Where the geolocation information could likely identify specific individuals the company flips from ZIP+4 to ZIP geographical or neighborhood demographics and characteristics. Barnes and Jennings summarize this technical process in their paper, “Why the end-to-end principle matters for privacy,” thusly: Feeva’s ISP partners will install a HTTP proxy that will receive, “location information from the ISP’s network management infrastructure in the form of mappings between an IP address and an “anonymized token”, effectively a random value that Feeva can map back to a location value using information provided off-line.”

Feeva’s system of attaching tags, or adding information into HTTP headers, does not include actual geographic information. It is not using a one-way hash (as I had previously suggested might be the case) but a method through which an attacker that successfully captures header information would be no wiser as to the individual’s location. Reverse engineering the tag would not reveal geographical information. Further, not all headers have data injected; Feeva uses a whitelist of partners to whom information can be provided. Given that the company is aiming to generate revenue through partnerships it lacks a business interest in making this information freely available. Once partners receive packets with Feeva’s tags they contact Feeva to have appropriate derived data for the visitor, such as household income in the neighbourhood, and display an ad. The tag system is such that it would be incredibly challenging to extract any useful, identifying, information from the tags should protections around them be breached. Moreover, partners will be contractually prevented from trying to hack the system; partners are not to try to identify individuals with information provided through Feeva. Feeva can update their whitelist, enabling them to ‘turn off’ any particular ad-partner found performing malpractices.

Individuals can opt-out of the advertising system, and Feeva has insisted that ISPs provide meaningful opt-out solutions. In speaking with members of the company, I would say that they are being entirely earnest in their drive to implement Ann Cavoukian’s privacy by design, where privacy is baked into companies’ technologies and business plans. The benefit to this opt-out approach is that once you’ve opted-out, you’re out forever. Clearing your cookies won’t result in being re-drawn into the advertising system. This is clearly a good thing.

A well framed privacy out-out is important and something that the company genuinely believes in. They believe it is critically important that ISP customers are provided with meaningful opt-out opportunities, and it’s key to their business approach that individuals are given opportunities to step away from Feeva’s practices if customers are uncomfortable with the advertising practices. It does have to be noted, of course, that opt-in systems are better for individuals. As recently noted in the New York Times’ recent post, “The Economics of Privacy Pricing,” in cases where individuals already believe they possess privacy they are more likely to pay to retain it than they are willing to give up some benefits to regain privacy. In the Times’ piece, customers that already had received a benefit ($2) for having lost their privacy were less likely to ‘pay’ $2 to regain it; with Feeva it’s less clear that customers would have already received an equivalent benefit and thus the economic calculus against their working to ‘regain’ privacy might work out differently. Regardless, we know from other studies that opt-ins are better for consumers, and opt-out for companies.

Barnes and Jennings also caution that, due to the configuration of Feeva’s infrastructure, individuals are unlikely to know whether they are in a Feeva-enabled network. I agree with Barnes and Jennings, but only to a point. Few consumers know when they are on a site that uses DoubleClick, Flash-based Cookies, Omniture, or more silent/smaller advertising and analytics organs. In many cases there are plugins for web browsers (such as Ghostery for Firefox) and tricks that various programmers have developed to identify when a site utilizes an analytics or advertising system, and it’s not outside the realm of possibility that a plugin will detect Feeva-partnered sites. Moreover, the shift away from behavioural advertising towards demographic advertising obviously comes with its own worries and challenges, but from my own perspective it’s behavioural advertising that most worries me in the online marketplace. Not all individuals may agree with this position, but I’m personally far less comfortable with my behaviour’s being tracked and used for advertising purposes than being targeted with ads based on information my ISP has, presuming that the information is used responsibly. This position is unlikely to be shared by all. A certain amount of this attitude might derived from a callousness on my own part: I’m bombarded with ads every weekday when I open my mailbox and so I’m just more used to this kind of demographic advertising. It’s important to note that I’m distinguishing between the use of demographic information for advertising and for broader ‘life’ issues (e.g. where urban infrastructure is deployed, where police deploy patrol cars more regularly, etc); Feeva is invested in the former, not the latter, uses of demographic information.

From the perspective of ‘does Feeva ever have personally identifiable information’ I’m admittedly somewhat torn. On the one hand they lack name, date of birth, absolute specific point of residence, and so forth, and as I understand American law the company should be in the clear. I’m not certain, however, whether the lack of these specific elements of a person’s identity necessarily means that they are without personal information under a Canadian definition of the term. Specifically, they have a number that is associated with locational information and I don’t know whether this would be a sufficient link to constitute personal information in the Canadian context. With RFID devices the association of a number with fairly specific locational information constitutes personal information, regardless of being aware of who the holder of the RFID chips is, but I don’t know what kind of absolute proximity would be required for an approach like Feeva’s to be considered holding ‘personal information’. Obviously this is something that Canadian privacy lawyers will think through and when/if the company comes to Canada I’m sure that we’ll see this issue dealt with in detail.

Of course, one cannot avoid this: Feeva is looking to deploy an advertising platform. For those absolutely opposed to advertising, then it doesn’t matter what the company does – it’s corporate products will always been seen in a poor light. I’m admittedly not a fan of advertising but, of the scalable advertising systems that I’m aware of, Feeva is employing practices and demonstrating a sensitivity to the collection and retention of personal information (or, better put, the lack of collection and retention of personal information) that sets them aside from competitors in the advertising sphere. This is especially true when juxtaposing Feeva against NebuAd, Phorm, or Doubleclick. Further, advertising is a part of the online ecosystem and is unlikely to go away as long as we want to enjoy ‘free’ content. The company is genuinely leveraging privacy as a competitive advantage and tying it with more traditional marketing at the same time. The latter means that there are more resources to understanding how the system will impact individuals and groups – we can leverage existing information and research – and the former is to be commended.

Privacy advocates and academics alike push for privacy to be seen as a driver of business practices, and here we have an instantiation of privacy driving a business model. This is rare, and indicates just how pervasive privacy has become as an issue in Silicon Valley, even in highly-competitive business environments that have historically thrived on exploiting every piece of information that can be collected. Feeva’s adoption of privacy as a cornerstone  of their business indicates a (rare) success for privacy advocates who have advocated for stronger privacy protections online; whether you agree with the success resting on the technology (where I think a success can be read), at the very least least it should be agreed that baking privacy into Feeva’s advertising-based business model is a success. We would be better off if more companies similarly engrained privacy into their technological infrastructure and business models alike.

Other posts you might be interested in:

1. Packet Headers and Privacy
2. Thoughts: Google and ‘Interest Based’ Advertising
3. UK Government Responds to Phorm Petition

Ole asserts that there are two key infotainment revenue streams that content providers, such as ISPs, maintain: the $150 Cable TV stream and the $50 Internet stream. Given that content providers are required to redistribute some of the $150/month to content creators (often between 0.40-0.50 cents of every dollar collected), Ole argues that ISPs should be similarly required to distribute some of the $50/month to content creators that make the Internet worth using for end-users. Unstated, but presumed, is a very 1995 understanding of both copyright and digital networks. In 1995 the American Information Infrastructure Task Force released its Intellectual Property and the National Information Infrastructure report, wherein they wrote;

…the full potential of the NII will not be realized if the education, information and entertainment products protected by intellectual property laws are not protected effectively when disseminated via the NII…the public will not use the services available on the NII and generate the market necessary for its success unless a wide variety of works are available under equitable and reasonable terms and conditions, and the integrity of those works is assured…What will drive the NII is the content moving through it.

Of course, the assertion that if commercial content creators don’t make their works available on the Internet then the Internet will collapse is patently false. As written about by Middleton in “What if there is no killer application?“, an early study in Littleton about how individuals use high-speed networks in the mid-90s found that customers were most engaged with amateur content production (i.e. that of their neighbours) and entranced by the communicative possibilities made available through broadband (i.e. e-mail and mailing lists). In essence, from this we can suggest that the empirical study demonstrated that the ideological and financial values placed on commercial cultural artifacts by bureaucrats and commercial content producers is less obvious than they (loudly) state. Further, the value of commercial content is arguably diminished even more in an environment where people spend increasing amounts of time engaging with the generative elements of the Internet, often referred to as amateur-dominated social media environments. In essence, the undertone that ISPs can only sell their data transmission services because of commercial content is at the very least shaky, and more likely to be empirically unsupportable if posed as a strong correlation between the value of transmission capabilities and commercial content availability.

Depressingly, Ole believes that a broadcast-based (historical) business model should be imposed on ISP transmission-based companies in an effort to regenerate the value of their (now somewhat devalued) intellectual properties. Specifically,

The ISP business model for the Internet could and should mimic that of Cable/ TV. Modern technology allows the ISP to identify what content is being used and then they can allocate the appropriate share to the creator or supplier of that content.

This would put ISPs in the situation of somehow being liable to the collection societies, and also require substantial telecommunications investment in labour and sunk capital to establish an (ineffective) network surveillance policy designed to monitor the amount of copywritten content flowing across Canada’s networks. Most likely, such a proposal would turn ISPs into content police and require the use of some kind of packet inspection equipment to survey Canadians’ data traffic, pick out that which is believed to be infringing, and pay some kind of monthly tax for the transport of customers’ content. This amounts to a suggestion that ISPs become content police on the basis that only by doing so would they evade being identified as encouraging copyright infringement. Ole is intimating that ISPs must implement surveillance one the networks if they are to avoid third-party liability.

There are systems on the market that claim they can analyze data traffic to develop ‘piracy’ indexes. CView is used by Virgin in the UK (though we’ve no idea how effective it is) and Audible Magic has been successful in forcing some ISPs and campuses to adopt their technology. In most cases, such content analysis technologies require the offloading of data traffic suspected of being infringing in high-traffic networks, doing a one-way hash of the data, checking the hash against known copywritten files’ signatures, and then aggregating the overall amount of infringement and particular cases of infringement on a per-file basis. This is substantial overhead for any party, especially one that is just trying to move data from one place to another. Moreover, any such massive dragnet analysis of content raises real questions of whether ISPs could then be considered ‘transport’ facilities; while presently there is substantial monitoring for particular protocol types, Canadian ISPs are not searching for particular content-types. This is an important distinction, insofar as ISPs can understand what application-types are generating traffic on their networks but not what those application-types are actually being used to transmit and receive. For all Canadian ISPs know, Canadians might have some strange obsession with massive downloading and sharing of Linux .ISO files and the entire Canadian population actually avoids downloading copywritten music.

There continue to be doubts concerning whether any kind of massive copyright-analysis engine could work – prominently by companies that actually sell the solutions and those that would be responsible for deploying these fears – and further whether such engines could ever competently detect fair use/fair dealing of some material. YouTube’s algorithms are relatively notorious for censoring uses of copywritten material falling under fair use and fair dealing provisions; what guarantee do citizens have that any algorithmic surveillance and monitoring system deployed on communicative networks would avoid the YouTube problem? Should the content creator-owner get restitution for fair dealing of works? How would this be adjudicated – by determining where the data was to and from (i.e. if to an educational institution, we must assume that it’s for fair dealing research purposes) or on a case-by-case challenge basis? Moreover, doesn’t the provision of funds for fair dealing uses modify the provisions of fair dealing, insofar as content creator-owners would receive a fiscal benefit even for fair dealing whereas presently fair dealing falls outside of their revenue traps?

Of course, even the suggestion that Canadian ISPs should be required to cough up money to content creator-owners is absurd in the face of a recent Federal Court of Appeals ruling that asserted that ISPs are not broadcasters. The question of ISPs’ status was punted to the Court by the CRTC, who wanted judicial guidance before it proceeds to determine whether ISPs can be legally required to establish copyright levies. Since ISPs fall under the Telecommunications, and not Broadcasting Act, they are seen as solved involved in providing,

the mode of transmission, they have no control or input over the content made available to Internet users by content producers and as a result, they are unable to take any steps to promote the policy described in the Broadcasting Act or its supporting provisions. Only those who “transmit” the “program” can contribute to the policy objectives.

Under this decision, so long as ISPs are not involved in discriminating against any particular content and thus making an input into the content made available on the Internet to and by users (i.e. so long as Canadian ISPs adhere to a form of network neutrality), any levy-based system is dead. The very system that Ole is advocating for has already fallen before the Court of Appeals.

Now, out of all of this, we might be expected to feel poorly for the content creator-owners that depend on selling and licensing content for their commercial success. I think that if we look at the history of these companies’ digital involvement, however, we quickly disenchant ourselves of this position. Major labels refused to license recordings to Napster and subsequently engaged in what Jessica Litman refers to as a process of “suing upstart new businesses into bankruptcy” to try and stem the Internet as a disruptive factor in their businesses. This saw content creator-owners financially assassinate Napster, Scour.com, iCraveTV, RecordTV, mp3.com, Aimster, Grokster, Streamcast, KaZaA, and others. Authors have gone after Google for the mere action of scanning books for search index purposes, a purpose that would enable authors to sell additional texts when the texts appeared through a Google book search. That the copying a text, even for fair-use purposes, is grounds for massive legal obstruction speaks volumes of content creator-owners general willingness to genuinely deal with the digital reality they are immersed in. Broadly, instead of working to establish a marketplace for digital manifestations of content creator-owner works there have been, and continue to be, mass efforts to shut down marketplaces that don’t grant total control to content owner-creators and their associated companies. As such, customers have become used to going to illicit sites that offer superior selection with fewer restrictions than label offerings. This indicates a failure in big content’s rent-seeking business model and the truth that modern customers are rational economic actors. It does not indicate that ISPs are somehow required to prop-up a rent-seeking model, nor a moral deficit on the part of customers.

Labels were, and remain, in a state of ontological insecurity that accompanies their plunging into a decade-long existential crisis: how can they maintain their rent-seeking behaviour in the face of disruptive technologies. Answers to this existential question are out of reach of most companies on the basis that their perception of the world markets preclude taking risks that could see a (necessary) cannibalization of short-term revenue streams for long-term survival. Unfortunately, while adherence to historical models was effective last decade in colonizing their futural existences – in assuring them of how to approach the world and guarantee particular revenue streams – that old model leaves them grasping at new rent-seeking behaviour instead of adopting novel business strategies. While we can all appreciate just how devastating existential crises can be on a personal level, when we consider the multi-billion dollar record industry we tend to have far less sympathy. Just as you or I are unable to let a crisis linger for a decade – we go to a therapist, get straightened out, and get back on our way – neither can these companies. At best we might feel pity as we watch them wallow in their crisis. At worst, we fear what they might crush as they roll around on the ground like starving dinosaurs and demolish other elements of civil society in their throes of panic and fear aimed at extinguishing the generativity seen as endangering their ontological security. They’ve already made a mess of copyright and cultural transmission possibilities; let’s hope they don’t damage the conditions of democratic communication itself while they’re working out their problems.

Other posts you might be interested in:

1. Comment: Canadian ISPs and Internet Traffic Management
2. Update: Associating Canadian ISPs with Anonymized Data Traffic Submissions
3. Deep Packet Inspection: What Innovation Will ISPs Encourage?

In this post I’m going to spell out what the changes actually mean – what duties and responsibilities, in specific, the CRTC is responsible for – and what traffic management on mobile networks would entail. This will see me significantly reference portions of the Canadian Telecommunications Act; if you do work in telecommunications in Canada you’ll be familiar with a lot of what’s below (and might find my earlier post on deep packet inspection and mobile discrimination more interesting), but for the rest this will expose you to some of the actual text of the Act.

In amending the forbearance framework the CRTC is entering the regulatory domain on several topics pertaining to wireless data communications. Specifically, wireless providers are now subject to section 24 and subsections 27(2), 27(3), and 27(4) of the Act. Section 24 states that the “offering and provision of telecommunications service by a Canadian carrier are subject to any conditions imposed by the Commission or included in tariff approved by the Commission.” In effect, the CRTC can now intervene in the conditions of service that carriers make available to other carriers and the public. Under 27(2) carriers can no longer unjustly discriminate against or give unreasonable preference towards any person. This limitation includes the telecommunications carrier itself and thus means that neither fees nor management of the network can be excessively leveraged to the benefit of the carrier and detriment of other parties.

Under 27(3) the CRTC can determine as a question of fact whether carriers have complied with sections 25 (broadly dealing with tariffs), 27 (which concerns the monitoring and enforcement of elements of the Act) or 29 (where the CRTC must approve working agreements between carriers). Further, a question of fact may be used to determine whether a carrier is in compliance with a decision concerning sections 24 (on the conditions of service), 25, 29, 34 (addressing issues of forbearance) or 40 (concerning the connection of facilities between carriers or other facilities).

Broadly, what all of this means is that the CRTC has stepped aside from their position that potential regulation could negatively injure the state of competition in Canada’s wireless market. This isn’t to say that they are regulating, but that they have stepped away from their traditional stance of forbearance around wireless. The shift isn’t terribly surprising given the rise of new entrants to the mobile space in Canada such as Mobilicity and Wind Mobile, as well as the multitude of high speed data networks in the country.

Also important is that the CRTC has decided to apply the Internet Traffic Management Proceedings (ITMP) framework, emergent from the ITMP Decision, to the wireless environment. In short form, this means that the rules Canadian carriers have to follow when they throttle or modify data packets on wireline connections (i.e. the cables running into your home/business) now apply to the wireless space. The shift isn’t surprising, save that it happened relatively shortly after last year’s decision to forbear a decision on the wireless space but had been previously announced as an element of the broader Proceedings to review access to basic telecommunications services and other matters. For practical purposes few will realize any difference in the provision of their wireless data services this week than they did last. It does, however, lay the conditions under which throttling and packet modification appliances can be used. These appliances include those with deep packet inspection functionality.

The ITMP framework identifies what a carrier must do whenever there is a complaint levied to the CRTC concerning the use of a traffic management technique or technology. Specifically the carrier must:

• Describe the ITMP being employed, as well as the need for it and its purpose and effect, and identify whether or not the ITMP results in discrimination or preference.
• In the case of an ITMP that results in any degree of discrimination or preference:
  • demonstrate that the ITMP is designed to address the need and achieve the purpose and effect in question, and nothing else;
  • establish that the ITMP results in discrimination or preference as little as reasonably possible;
  • demonstrate that any harm to a secondary ISP, end-user, or any other person is as little as reasonably possible; and
  • explain why, in the case of a technical ITMP, network investment or economic approaches alone would not reasonably address the need and effectively achieve the same purpose as the ITMP.

Of course, this requires the a complaint be levied: such an action is challenging given that where a customer is dealing with properly installed traffic management gear the equipment is effectively invisible. Determining a problem thus requires a very technically savvy customer or group and/or bad configuration by the carrier(s). As such, the Framework remains useful but mired in some potential implementation problems. More likely any complaint will result from a modification to terms of service between an Incumbent Local Exchange Carrier (ILEC) and Competitive Local Exchange Carrier (CLEC).

What will be fascinating to watch, as a researcher, is whether with Decision Canadian carriers begin deploying traffic management equipment capable of scanning the payloads of mobile data packets. Moreover, if/when the technologies are deployed will we see a trojan-horse like approach in mobile that we did in wireline – will is first be used for subscriber management, then for throttling, then for sending messages over through the browser? If/when they do deploy the technology, will they immediately and publicly update their traffic management policies to reflect the analysis of wireless traffic or will it take another complaint to the Office of the Privacy Commissioner of Canada to ‘encourage’ such modifications? Hopefully after a round in front of the CRTC and OPC carriers will willingly put packet inspection information where the public can easily find it (i.e. not buried in terms of service and changed without notification in the dead of night) but only time will tell. Overall, the decision to implement the traffic management framework is certainly a positive step forward and confirms my earlier hopes that a policy of non-discrimination in the Canadian wireless market would be adopted. The next step will be to watch and see whether deep packet inspection-based equipment is deployed in wireless environments in a transparent fashion or not.

Other posts you might be interested in:

1. Comment: Canadian ISPs and Internet Traffic Management
2. Deep Packet Inspection and Mobile Discrimination
3. Some Data on the Skype iPhone Application

First, let me speak to the motivation behind the Bill. Social networking environments are increasingly becoming the places where individuals store key information – contact information, photos, thoughts and reflections, video – and genuinely becoming integrated into the political. This integration was particularly poignantly demonstrated last year when the American State Department asked Twitter to delay upgrades that would disrupt service and stem the information flowing out of Iran following the illegitimate election of President Ahmadinejad. Social networks have already been tied into the economic and social landscapes in profound ways: we see infrastructure costs for maintaining core business functionality approaching zero and the labor that was historically required for initiating conversations and meetings, to say nothing of shared authorship, have been integrated into social networking platforms themselves. Social networking, under this rubric, extends beyond sites such as Facebook and MySpace, and encapsulate companies like Google and Yahoo!, WordPress, and Digg, and their associated product offerings. Social networking extends well beyond social media; we can turn to Mashable’s collection of twenty characteristics included in the term ’social networking’ for guidance as to what the term captures:

Collaboration: Ask not what the Internet can do for you, but what you can do with other Internet users. – Jonny Rose

Network: Social media is a phenomenon which creates a personalized network for sharing digital content among all people in the cyberspace. - Rohan Aurora

Conversation: Tools or platforms that allow anyone/everyone to share information or engage in conversation. – Veena Mathew

Sharing: Social media = Sharing information through conversation. – Scot Chisholm

Relationships: Relationshipping on steroids. – Pat Graham-Block

Multi-dimensional: Social media is a multi-dimensional communication information system connecting people to people. -Peter Feuersenger

Inclusive: It’s a conversation in an instant with anyone, anywhere, anytime that gives control back to the individual & consumer in unpredented ways.” – Charles Ubaghs

Information: Information funneled to users from all angles. – Sarah Thomson

Community: Set of updated communication tools that allow us to build new communities at a time when our local community had almost been lost. – Jerry Daykin

Personalization: It is the ability to connect and see the world in your own way. The personalization of one of the greatest human achievements: communication! – Benjamin Fischbein

Empowering: Social media is an online renaissance empowering people with influence to facilitate conversations around shared ideas. – Mark Blackman

A Radical Shift in Communication: The radical shift from one-way broadcast type communications to dialog and conversation using web based tools. - Joe Buhler

Real-time: “Social Media is on-demand, real time interaction, that uses technology to enable genuine engagement with others around media vs simply sharing data with them.” – Corina Newby

People: Social Media is the instantaneous aggregation and creation of content by the people, of the people, for the people, on the social web. – Eric Pena

Content Distribution: Social media consists of online technologies that facilitate the creation and distribution of content. – David J. Perdue

Self-expression: Social Media’s my friend. I can finally broadcast my belief in God, my likes in music, my emotional state & my dinner all from my fingertips – E. A. Freire

Unity: The never ending drive for humans desire to unite. – Sean Farrell

Dynamic: Social media is dynamic user-generated content coming from the bottom up, which bypasses static media forms through adding a social layer. – Anees Younis

Discovery: Social media is communication, friending, family, media, learning and discovery at one click. – Glenn K. Bolton

Power of the Crowd: Social media is the ability to put out a message and having worldwide responses via email, text, tweet, or whatever form in a matter of seconds. – Lilian Ongelungel

While never specifically stated or enunciated, it was in light of these kinds of characteristics that the Computers, Freedom, and Privacy participants developed the Social Networking Bill of Rights:

1. Honesty: Honor your privacy policy and terms of service
2. Clarity: Make sure that policies, terms of service, and settings are easy to find and understand
3. Freedom of speech: Do not delete or modify my data without a clear policy and justification
4. Empowerment : Support assistive technologies and universal accessibility
5. Self-protection: Support privacy-enhancing technologies
6. Data minimization: Minimize the information I am required to provide and share with others
7. Control: Let me control my data, and don’t facilitate sharing it unless I agree first
8. Predictability: Obtain my prior consent before significantly changing who can see my data.
9. Data portability: Make it easy for me to obtain a copy of my data
10. Protection: Treat my data as securely as your own confidential data unless I choose to share it, and notify me if it is compromised
11. Right to know: Show me how you are using my data and allow me to see who and what has access to it.
12. Right to self-define: Let me create more than one identity and use pseudonyms. Do not link them without my permission.
13. Right to appeal: Allow me to appeal punitive actions
14. Right to withdraw: Allow me to delete my account, and remove my data

Those familiar with data protection policies and laws will recognize that many elements of FIPS, OECD guidelines, and national regulations are latent and/or guiding many of these rights. The point is that these rights are the minimum expectations that companies should guarantee social networking users; dropping any particular right leads to a strong deficiency in what individuals can expect from companies and do to their own data. In light of the use of these systems for democratic organization, to announce illegal or oppressive social conditions, and increasingly use of the networks to replace traditional telephony it is key that the social facet of the bitscape is provided protections from onerous corporate control, manipulation, or aggressive anti-privacy monetization schemes. Now, it may seem somewhat absurd that corporations should be required to mediate how they use data they’ve aggregated, but corporations can either choose to adopt some modicum of reasonableness when it comes to how they aggregate data and clearly inform users of aggregation, utilization, and dissemination policies or else be regulated by government forces. If Facebook had a set of principles that strongly reflected the Bill of Rights, a set of principles they adhered to, then the Office of the Privacy Commissioner of Canada might not have issued a decision concerning Facebook and its (failed) privacy practices. In effect, adopting the Rights denoted above could limit regulatory intrusions while also letting companies compete on the metric of privacy and freedom.

While the user communities could experience positive benefits were social networking companies to adopt the Bill, the process by which the Bill has been created and ratified is itself somewhat problematic. While the conference attracted a diverse set of individuals, those individuals were far from reflective of the world user-community of social networking services. This leads to concerns surrounding the diversity of points of view that were (or, more importantly, were not) included in the drafting and finalization process. Further, no element of the Bill includes a reflexive characteristic that enables modification of stated Rights, nor does the Bill state that Rights can be added or subtracted depending on contributions from others. Instead, there is an up or down ‘vote’ of the Bill: in a conference that regularly noted the challenges surrounding binary access controls we are left with a binary acceptance/refusal metric. We are faced with a ‘dead’ or static Bill: it’s failure to incorporate reflexivity and closedness to the diversity of discursive possibilities emerging as others enter into discussions about the Bill leads to it failing Habermasian and Kantian demands for being a legitimate constitutional document. As such, we are left not so much with a Bill of Rights as a closed Statement of Rights. The former would have been truly exciting, whereas the latter is strategic and useful, but is disingenuously appropriating the term ‘Bill of Rights’ for rhetorical purposes.

Does this mean that the Bill/Statement is necessarily doomed? Of course not, though even participants at the conference recognized that the Bill will likely operate more as a point for subsequent regulatory filings and rhetorical turns than a binding agreement that social networks will consent to. Further, another Bill of Rights for Users of the Social Web was produced three years ago and, despite the attention that document received in the blogosphere, I don’t think that it ever really entered either the public mind or that of major social networking companies. I have doubts that the most recent Bill/Statement will be any more successful. To move it forward will require buy-in from major social networks and, to date, Facebook is the largest and only company to respond to the Bill/Statement proper (and in a lukewarm manner, at best). Nothing (that I know of) has been heard from other social networking companies in anything more than a ‘we support privacy, and have privacy policies available on our websites.’ As a result the prospects for moving the Bill/Statement forward seem dim, though perhaps another person or group will successfully convince companies to adopt the document and thus extend its range of possible uses beyond filings and rhetorical spins.

Other posts you might be interested in:

1. Social Networking: The Consumption?
2. Social Networking – Why We Need to Educate Youth
3. Continuums of Social Media?

The screen, ergonomics, and weight are all fine. It’s using an IPS-LCD, which means that viewing angles are good and colour reproduction is pretty faithful. While some have criticized the back for being slightly rounded, it hasn’t bothered me in any way, nor has the weight of 1.5lbs struck me as ‘heavy’ though the device is heavier than appearances might lead one to believe. There is a bezel surrounding the screen itself and it makes sense: I can rest my hands on the non-interactive bezel without affecting whatever I’m displaying on the screen. This is a good thing. the iPad has the same touch interface as the iPhone and iPod Touch. This makes the iPad simple to use, if lacking any deviant features from those earlier devices (and, with the release of iOS 4, the iPad actually has slightly fewer features than the iPhone or Touch). In light of its use of the older 3.2 release of the OS, the iPad is horrible if you rely on multiple windows being open to get work done and is a poor choice for any content producer looking to do a lot of work on it that will see you flipping between a document/content production editor and the web. In effect, anyone who’s tried doing intensive content production on the iPhone or Touch will largely encounter the same old problems here. I’m not saying that you can’t do such production, but it’s far less convenient than on a full desktop/notebook or even netbook. On the upside: the device is light and battery life is good (I tend to go for 36-72 hours without needing to plug in, with moderate to heavy use each day).

Now that the hardware and OS is out of the way, let’s turn to where the iPad truly shines: content consumption.

I do a lot of reading and, having exhausted a significant number of the actual books that immediately pertain to my research, I need to meaningfully dig through .PDFs of reports from various think tanks, DPI vendors, and electronic academic articles. While in the first year of my PhD I printed in excess of 5000 sheets of paper, largely articles. I’m both unable (for storage reasons), and unwilling (for storage and environmental reasons), to continue printing vast quantities of paper when I’ll likely read any printed document once or twice, and similarly dislike reading off the various screens adorning my home. I *can* read off the screens, but that’s not to say that I enjoy sitting at a computer desk and scrolling through documents for 6-10 hours a day. This said, it’s critical that I’m able to easily annotate any .PDF documents that I read. Further, having documents and their annotations in a searchable format can and will make my life much easier. The iPad fits this reading niche for me.

I’ve been taking the device out and about after loading up the days electronic documents to read (I’ll get into the ‘loading’ element of that is a second…) and use iAnnotate to make comments, highlights, underlines, and bookmarks in my electronic documents. The program itself is simple to use and, critically, when you export the document all the annotations are kept with the file and can be read by any .PDF viewer supporting annotation display. I’ve read documents ranging from 5-500 pages and in my experience to date the ‘comfort zone’ of iPad reading ends at around 100 pages. After this point it’s more convenient to have a hard copy of a document when you want to quickly flip through and find your notes. That said, I did successfully read a book that was slightly over 500 pages on the iPad: I would have never done that if I was tied to a computer monitor and unable to lounge with the text, walk around my office with it, and generally enjoy the rhythm of reading that I get into when reading a longer bit of text.

With its IPS screen type, the iPad is also great for viewing photos. While few consumers (a) know about; (b) care about screen type, trust me that the IPS is far better than the TN screen panels that likely adorn your home. The difference between the iPad showing a photo and my BenQ V2400W or Macbook Pro screen is literally like the difference between night and day. I have a handy program, PhotoGene, for basic photo editing. While it’s no GIMP it is more than enough for basic colour adjustments, rotations, cropping, minor effects, framing, and so forth. The problem with the program is that is can’t delete old photos or create photos in already existing albums. These problems follow from Apple not permitting developers to access this functionality. I’ll get back to this restriction in a second or two.

The other major reason that I wanted this device was for conferences.The iPad has come with me to this year’s Canadian Telecom Summit and Computers, Freedom, and Privacy (CFP) Conference, and has been a great experience in both situations. I take a lot of notes (using Evernote) at most of these events, but I find it annoying to have to type things out on a full laptop because it feels like I’m cutting myself off from the other people at the table(s) with me. The very act of having a screen between you and others creates a situation that I, personally, don’t like. Having the iPad flat on the table, like a notebook, removes this barrier for me. I also tend to fall victim to honest-to-God multifunction capability and thus will open up applications that don’t pertain purely to note taking. While it’s normal, I know myself well enough that I fall victim to this and the iPad, with its monofunctional ‘capabilities’, means I stay on task. That the battery lasts an entire day without needing to plug in is a huge benefit, and the on screen keyboard is good enough for note taking purposes that I don’t regret bringing the iPad over a full laptop.

So far, the content production I’ve referred to is what I identify as ’short form’, or content that is generally less than 2,000 words in length, can range over various topics, and generally doesn’t have to remain too focused for too long. Key is that short form content is minimally reliant on external links and references, meaning that you can work in a single window and only have to pop out of it once or twice to produce the content. For this content, the on-screen keyboard is generally good enough, though if you want to do something a bit longer you can easily link a bluetooth keyboard with the device. I did so at CFP for writing longer emails (in excess of 1000 words) and for some side projects I was working on at the time. The bluetooth keyboard meant that text entry was a quick on a laptop, though rapid entry doesn’t alleviate the pain-in-the-ass of having to switch between multiple windows when you want links, photos, and so forth to be embedded in a document.

Truly the key problem with the iPad is that Apple has an absolutely piss-poor system for transferring content to and from the device and its installed applications. My first experience with the iPad was having it in my hands, out of its box, and immediately needing to connect it to my Macbook to initialize the device and do initial content transfers over to the iPad. The ‘tethering’ problem continues, though it’s somewhat mitigated by my premium subscription to Evernote (which lets me store documents in the cloud as well as at rest on all of my devices, ensuring I have access to documents even when without a wifi connection), Dropbox membership (which supports easy transferring of content in the Dropbox service to other applications on my iPad), and Goodreader (which integrates with damn near everything cloud-based and sucks it into the application). In effect, what I’m saying is that there are many good kludges around to resolve some of the deficiency in file transfers that are imposed by Apple, but that’s what they are: kludges. Apple’s control over the file system means that you can’t delete photos or make and save modifications to photos themselves: editing on photo in a non-Apple application leaves you with another copy of the photo in a post-edited form. This is highly annoying. Hopefully Apple releases their grip on the file system, or at least does something interesting to make the saving and transferring of files more pleasant in a future OS update.

On the whole, I really do think that the iPad is ideally suited to any niche of consumers that want to do content consumption of text and who need to be able to do small modifications/additions to the text. It’s good for anyone wanting a highly portable computer-lite experience, and stellar for going through airport security with (no need to open your bag!). For anyone looking to do substantial amounts of long-form content production that will require them to have multiple windows/applications running simultaneously, it’s a horrible, horrible device, but for small amounts of content generation and note taking its a good substitute for paper. I’d recommend the device as is – I don’t think that needing small adaptors to extend functionality is the end of days – but only if what you want to do with the device fits its particular consumer profile. Don’t get the iPad as a notebook replacements, don’t get it for long-form creation, and don’t do it if you are unwilling to play with Apple’s often aggravating rules for playing in their sandbox.

Other posts you might be interested in:

1. Solved: Apple SATA II 1.7 Firmware Problems
2. Solved: Bluetooth Devices Not Connecting to OSX
3. Apple and Locational Data Sharing

As reported by Ars Technica, the IEEE is developing a novel kind of DRM that would see ‘content’ folders encrypted and only accessible after individuals used decryption keys to access that content. For rights holders and some content producers, this is seen as having the merit of securing their ‘goods’ by attempting the replicate the scarcity of atoms in the bitscape. Consumers would ‘benefit’ because they would not longer have to deal with onerous licensing terms: they would own the keys and the keys would have value because of their capacity to ‘open’ content streams. Of course, this would also introduce the pain in the ass of key management, something that few consumers are likely to want to suffer through any more than the already existing consumer ‘protection’ measures they regularly encounter.

The IEEE’s motivations behind this DRM system are to remedy problems caused by non-rivalrous digital content. Paul Sweazey has stated that;

…a truly non-rivalrous system makes commerce too difficult, even impossible, and that we need to create ways for the digital world to mirror the constraints of the physical one.

The creation of this rivalrous system is seen as a ‘middle road’ between advocates of abundance and total DRM lockdown. I would suggest that what we’re really seeing is just another attempt to undermine (arguably) the most significant quality of the bitscape, which is the capacity to replicate information across networks spanning the globe without diminishing the ‘holdings’ of whomever held the original copy. Moreover, it demonstrates a continued unwillingness and/or inability to experiment with novel business models that, while perhaps reducing overall revenue compared to past years/decades, will enable companies to continue delivering profits in the long-term. Value continues to be perceived as existing in the sales of digital things, and instead of seeking out novel ways to extract derivative value from their ubiquitous existence resulting from widespread copying there is an attempt to totally monetize all copies. This is in defiance of demonstrably successful freemium strategies, as well as other related schemes that work to gain widespread brand awareness and capitalize off the sale of rivalrous goods to a small percentage of users. 

I have incredible doubts that any key system will remain secure over the long-haul (and, by long-haul, I mean just 10-20 days of the system being deployed). There are just too many parties that will do everything in their power to break the encryption and key management system, and history has proven that the attackers tend to far outstrip the defenders in the field of content protection algorithms. Central is that technological security systems tend to be incredibly brittle, fail poorly, and enable modes of attack that relatively ineffective against human-based security. Schneier, in his 2006 book Beyond Fear, notes that;

Technology gives attackers leverage because they can do more in an attack. Class breaks give attackers leverage because they can exploit one vulnerability to attack every system within a class. Automation gives attackers leverage because they can exploit vulnerabilities a million times.. Technique propagation gives attackers leverage because now they can try more attacks, including ones they can’t even understand. Action at a distance and aggregation also give attackers leverage because now there are many more potential targets (p. 99).

A DRM scheme that aims to use encryption keys to establish digital bits as rivalrous will fall prey to each of the items noted in that quotation.

Making customers screw around with encryption keys, have adequate key management systems, always requiring connections to the ‘net to access keys, or any other ways that engineers imagine customers dealing with key management is almost destined to fail. Engineers are, in this case, trying to stuff the genie back in a bottle instead of working with progressive MBAs and innovators who are trying to create (and often, though certainly not always, succeeding) novel business models that leverage add-on services, scarce extras, and other things that are genuinely exclusive to monetize digital distribution systems. Focusing on protection, in this case, is the dead wrong way to to and highly unlikely to do much other than waste a lot of people’s time that could otherwise be productively exercised.