dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1317

chronoss20081
Premium Member
join:2008-03-29

chronoss20081

Premium Member

Privacy concerns of deep packet Inspection

As i read the article the ability to abuse my data without public scrutiny should also get the ear of the Privacy Commisioner , this article while in the USA , BCE ( aka Sympatico admits to doing the same type of traffic shaping )
The article from slashdot:
ISPs Using "Deep Packet Inspection" on 100,000 Users
»yro.slashdot.org/article ··· /1232206

It also means that ALL URLS , all your email all you do can and could be spied on by bell without permission as they are NOT MY ISP, TSI is.
I have to written agreement with BCE/BELL/Sympatico to allow them to inspect my data, this concern should also be brought forward in the complaint of the 3rd party ISP's , if my games code was stolen or misappropriated and put in NON open source code i would be harmed, others can think of worse problems.

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

1 edit

BACONATOR26

Premium Member

Ok, well now I'm tired of hearing "OMG!!! Bell is scanning my traffic!!! Whoops, I just opened that email that said cheap viagra!!"

First of all the DPI boxes are only inspecting specific information inside the packets to determine whether or not to throttle. They may see some of the actual data but it's not doing anything with that data. There's no logging, no one sniffing the packets.

Second, if it's important, ENCRYPT your data. You can also use SSL/TLS for receiving and sending email as many email providers support that.

Third, even assuming the worst case scenario where Bell is analyzing the traffic through the DPI boxes, do you really think they have time to scan through millions of customer data?
yabos
join:2003-02-16
London, ON

yabos

Member

I guess you support the warrant-less wire tapping in the USA as well then? Because if you're not doing anything wrong then what's the problem right? It's invasion of privacy plain and simple and yes the internet is not secure but it's none of Bell's business what's in the packets. What if they start throttling high bandwidth video sites like youtube and others?

BACONATOR26
Premium Member
join:2000-11-25
Nepean, ON

BACONATOR26

Premium Member

said by yabos:

I guess you support the warrant-less wire tapping in the USA as well then? Because if you're not doing anything wrong then what's the problem right? It's invasion of privacy plain and simple and yes the internet is not secure but it's none of Bell's business what's in the packets. What if they start throttling high bandwidth video sites like youtube and others?
It's only a PRIVACY issue if they are actually LOOKING at the packets! Wire tapping is completely different here.
yabos
join:2003-02-16
London, ON

yabos

Member

You don't know what data they are looking at because they're not transparent. They're logging traffic patterns based on a user or at least have the ability to with their hardware. Wire tapping invasion of privacy is the same because they should not have the ability to do so without a court order. The US has automated systems that listen to many phone calls not just suspected criminals.

sbrook
Mod
join:2001-12-14
Ottawa

sbrook to BACONATOR26

Mod

to BACONATOR26
Where is that boundary? Granted at the moment for throttling they're looking for signatures in the packets and not the physical contents. BUT the *AA's are trying to force both in the US and Canada to look in the packets for copyright material. That's more than just signatures of protocol types.
Radar73
join:2008-01-20
Ajax, ON

Radar73 to BACONATOR26

Member

to BACONATOR26
said by BACONATOR26:

First of all the DPI boxes are only inspecting specific information inside the packets to determine whether or not to throttle. They may see some of the actual data but it's not doing anything with that data. There's no logging, no one sniffing the packets.
I guess we'll leave it to Bell's demonstrated strong moral and ethical examples from the past to trust them not to *look* at my private communications past the packet header. The fact they can compile data as a result of DPI to possibly gain competitive advantages is enough for me to know they shouldn't be looking in the first place. Not all packets can be encrypted.

nanook
MVM
join:2007-12-02

nanook to sbrook

MVM

to sbrook
said by sbrook:

BUT the *AA's are trying to force both in the US and Canada to look in the packets for copyright material.
How are they going to determine that something is copyrighted if it is encrypted?

IMO the privacy issues that allegedly arise from DPI are overstated. (Just as they were when Google began to include ads in Gmail pages based on the contents of e-mails.)
TobiasFunke
Premium Member
join:2007-02-27
Toronto, ON

1 edit

TobiasFunke to chronoss20081

Premium Member

to chronoss20081
Keeping the contents of your communication a secret is not the same thing as privacy. Privacy is a far larger concept. It means being able to control not only the communications you engage in, but also to control uses of information about you.

So DPI should be troubling to privacy advocates. Just because I can encrypt my packets doesn't mean Bell can't determine how I use the Internet or, more importantly, who I communicate with. These are also elements of privacy and they're being trampled by DPI. Most importantly, I have no recourse. I did not agree to let Bell invade my privacy.

sbrook
Mod
join:2001-12-14
Ottawa

sbrook

Mod

Then watch the residential ISPs bar all encrypted traffic as the next step. If your packet looks like it's encrypted, into the bit bucket it goes. Then they have clean data.

nanook
MVM
join:2007-12-02

1 edit

nanook

MVM

said by TobiasFunke:

Just because I can encrypt my packets doesn't mean Bell can't determine how I use the Internet or, more importantly, who I communicate with. These are also elements of privacy and they're being trampled by DPI. Most importantly, I have no recourse. I did not agree to let Bell invade my privacy.
How then is your ISP supposed to deliver the e-mails you send if it is not allowed to know with whom you communicate? And no DPI is involved.
said by sbrook:

Then watch the residential ISPs bar all encrypted traffic as the next step. If your packet looks like it's encrypted, into the bit bucket it goes. Then they have clean data.
Well then, there goes online banking and online commerce (among many other legitimate online activities that depend vitally on encryption.)

P.S. I can see how an ISP can distinguish between, say, HTTP and HTTPS, but how can they tell using DPI if some large chunk of random bytes is an encrypted, bootleg movie or an unencrypted executable (or storage dump or MRI or...?)
Radar73
join:2008-01-20
Ajax, ON

1 edit

Radar73

Member

said by nanook:

How then is your ISP supposed to deliver the e-mails you send if it is not allowed to know with whom you communicate?
I presume you allow your ISP to look at the recipient. That's not quite the same as allowing a third party, who is not your ISP, the same priviledge.
TobiasFunke
Premium Member
join:2007-02-27
Toronto, ON

TobiasFunke to nanook

Premium Member

to nanook
said by nanook:

said by TobiasFunke:

Just because I can encrypt my packets doesn't mean Bell can't determine how I use the Internet or, more importantly, who I communicate with. These are also elements of privacy and they're being trampled by DPI. Most importantly, I have no recourse. I did not agree to let Bell invade my privacy.
How then is your ISP supposed to deliver the e-mails you send if it is not allowed to know with whom you communicate?
There's a very important difference. It's impossible for the ISP to deliver my email without using that information -- without that information the service cannot be provided. It's necessary information for the ISP.

So I have an expectation that the ISP will use that information for its intended purpose (i.e., delivering the email and nothing else).

What Bell is doing is a) unnecessary to provide the service and b) unauthorized. Moreover, it's unexpected. If my Internet provider is TekSavvy, I don't expect Bell to inspect my traffic except as necessary to deliver it over portions of the network that are leased to TekSavvy.

nanook
MVM
join:2007-12-02

nanook to Radar73

MVM

to Radar73
said by Radar73:

said by nanook:

How then is your ISP supposed to deliver the e-mails you send if it is not allowed to know with whom you communicate?
I presume you allow your ISP to look at the recipeint. That's not quite the same as allowing a third party, who is not your ISP, the same privieldge.
Well the ISP of my recipient, who is likely not also my ISP, needs to look into the e-mail headers as well.

And most websites leave cookies in my browser that can be aggregated to track my activities.

Granted that DPI gives ISPs, marketing companies, governments, etc. more tools to track me. But I do not have much privacy on the Internet as it is. I prefer to heed McNealy's dictum that "You have no privacy. Get over it."
Radar73
join:2008-01-20
Ajax, ON

Radar73

Member

said by nanook:

Well the ISP of my recipient, who is likely not also my ISP, needs to look into the e-mail headers as well.
Suppose it's snail mail, you would expect the postman who picks up the mail to read the name and address of the recipient and addressee, and the postal workers and postman who delivers it to do the same. There wouldn't be any privacy concers there at all, but if that postman drove over to Bell so the VP of marketing could read the names and addresses before he delivers it, I think you'd agree there would be some privacy concerns.

I think the potential privacy concerns of DPI are an important matter to bring before the CRTC.

Comment
@teksavvy.com

Comment to BACONATOR26

Anon

to BACONATOR26
said by BACONATOR26:

It's only a PRIVACY issue if they are actually LOOKING at the packets! Wire tapping is completely different here.
Pure Bell Bullshit!!!!

The instant they delve into a packet further than is required to determine where it is to be sent, IT IS WIRE-TAPPING!

nanook
MVM
join:2007-12-02

nanook to Radar73

MVM

to Radar73
said by Radar73:

Suppose it's snail mail...
Look, I fully understand your point. I even have some sympathy with your position. It is just that I do not have a practical solution to your (and my) need for total privacy. So instead, I have gotten over that. Now, instead of worrying about something I cannot control, I either transmit private data encrypted or else I do not use the Internet to transmit it.

To use your snail mail analogy, one problem is that no one needs to open your snail mail to see who you correspond with or make (sometimes false) assumptions about the two of you. Imagine if the authorities suspect that person who sent you a letter is a terrorist or traffics in child porn. You will also be under suspicion even though your only "crime" is to receive mail from that person. And if you should receive something that was unsolicited you do not even need to know them.
if that postman drove over to Bell so the VP of marketing could read the names and addresses before he delivers it, I think you'd agree there would be some privacy concerns.
I would. But that is not what is happening here. Without a court order, no person at Bell inspects packets or reads what is in them.
I think the potential privacy concerns of DPI are an important matter to bring before the CRTC.
"Potential", absolutely! But that is not how some people here are spinning it. They want the CRTC to believe that just because some hardware box at Bell can peek inside a packet then Bell will soon assign people to read the contents of their private communications. The same arguments were used when Google started looking for keywords inside Gmail in order to better target ads but there is no evidence that they are using that capability for more nefarious purposes.
TobiasFunke
Premium Member
join:2007-02-27
Toronto, ON

TobiasFunke

Premium Member

You're still missing a lot of the point, nanook.

Suppose Canada Post contracts with FedEx to fly containers of mail to the UK, where they are delivered by the Royal Mail. Do you not think the senders and recipients would be upset to find that FedEx routinely opens the mail containers en route, sorts the contents and makes a note of the source and destination of all the enclosed mail?

It doesn't matter whether they keep records or not, they have no business going through the mail in the first place -- no contractual right, no statutory right and certainly no moral right.
Radar73
join:2008-01-20
Ajax, ON

Radar73 to nanook

Member

to nanook
Not to beat a dead horse here but ...
said by nanook:

Imagine if the authorities suspect that person who sent you a letter is a terrorist or traffics in child porn. You will also be under suspicion even though your only "crime" is to receive mail from that person. And if you should receive something that was unsolicited you do not even need to know them.
In your analogy, you cannot elevate Bell to the level of the authorities. They have no durisdiction over Teksavvy's packets, at least I'm arguing they shouldn't.
Potential", absolutely! But that is not how some people here are spinning it. They want the CRTC to believe that just because some hardware box at Bell can peek inside a packet then Bell will soon assign people to read the contents of their private communications.
I used the word potential on purpose because we can't really trust what Bell will do with any information they may or may not collect, private or not. I don't think we can trust Bell with the access.
The same arguments were used when Google started looking for keywords inside Gmail in order to better target ads but there is no evidence that they are using that capability for more nefarious purposes.
With Google, of course you agreed to certain conditions when you chose to sign up for their service. Bell is a third party with whom I have no agreement with. Why would you let Yahoo intercept your Google mail and send you ads based on it? -- you wouldn't!
nebular
join:2007-07-12
Peterborough, ON

nebular to nanook

Member

to nanook
I look at it this way, I may not have true privacy anymore, but I know that no one is supposed to read what's in my mail until it reaches the destination. The address written on the outside is visible to everyone, its dimensions are clear, so they know where to send it and how they'll get it there, but the post office isn't going to open the envelope and read what's inside.
What the DPI is more like is if the post office put some of it's mail bags on a purolator truck (which it does sometimes) and purolator decided that because it was mothers day, they would open up the mail and give priority to the birthday cards that weren't flooding the system like the mothers day cards were.

The idea that someone other than the ISP I've contracted with, or the ISP of the recipient inspects whats in my packets beyond what I've allowed without a warrent is sickening.

I believe the white house is currently getting flack doing just that as well.

nanook
MVM
join:2007-12-02

nanook to Radar73

MVM

to Radar73
said by Radar73:

Not to beat a dead horse here but ...
One final comment then. My greater concern here is that Bell is messing about with traffic that is not theirs, rather than whether they use DPI or astrology as their basis for that discrimination. They have no right to do that. Even if they want to assert that right on the pretext that 3rd-party ISP's customers degrade the service Bell can offer Sympatico's customers then they should (a) cite the mandate that CRTC gave them to do that and (b) be obligated to provide evidence that this is actually happening. ISTM that since this is affecting all of us directly and palpably, and they have not been able to meet either test, that is where we should concentrate our objections.

Messing with other peoples' traffic is happening as we speak. Messing with privacy at this point is only a "potential" abuse. By all means use privacy (and the federal privacy commissioner) as a secondary argument against what Bell is doing, but let us not forget what the immediate problem is.

sbrook
Mod
join:2001-12-14
Ottawa

1 edit

sbrook

Mod

The problem is that Bell is in essence claiming that it's not TSI's traffic until it's passed to TSI after GAS. This removes the argument that they're interfering with traffic that's not theirs.

DPI's a far more solid ground for complaint!
Radar73
join:2008-01-20
Ajax, ON

Radar73 to nanook

Member

to nanook
said by nanook:

said by Radar73:

Not to beat a dead horse here but ...
One final comment then. My greater concern here is that Bell is messing about with traffic that is not theirs, rather than whether they use DPI or astrology as their basis for that discrimination. They have no right to do that. Even if they want to assert that right on the pretext that 3rd-party ISP's customers degrade the service Bell can offer Sympatico's customers then they should (a) cite the mandate that CRTC gave them to do that and (b) be obligated to provide evidence that this is actually happening. ISTM that since this is affecting all of us directly and palpably, and they have not been able to meet either test, that is where we should concentrate our objections.

Messing with other peoples' traffic is happening as we speak. Messing with privacy at this point is only a "potential" abuse. By all means use privacy (and the federal privacy commissioner) as a secondary argument against what Bell is doing, but let us not forget what the immediate problem is.
I totally agree with you there. The end goal is to get rid of the throttle. I do however think the privacy concerns are valid and give the ISPs another angle to attack the technology that Bell uses to throttle. The more arguments againt throttling the better, even if that includes attacking DPI itself.
LittleStone
join:2003-10-31
K4A0S2

LittleStone to nanook

Member

to nanook
said by nanook:

Messing with other peoples' traffic is happening as we speak. Messing with privacy at this point is only a "potential" abuse. By all means use privacy (and the federal privacy commissioner) as a secondary argument against what Bell is doing, but let us not forget what the immediate problem is.
It depends. Giving the public concerns about privacy it might be a more effective way to raise the awareness and force the government to deal with it.
yabos
join:2003-02-16
London, ON

yabos to chronoss20081

Member

to chronoss20081
Look what's going on in the USA with DPI
»www.washingtonpost.com/w ··· 052.html

Bell's using the same technology, DPI. I'm not saying they're doing this same thing (yet) but the possibility is there.

PIPEDA *should* protect us against that sort of thing but Bell seems to be pushing the limits of what's legal right now.
jfmezei
Premium Member
join:2007-01-03
Pointe-Claire, QC

jfmezei to chronoss20081

Premium Member

to chronoss20081
While Bell may not be recording your "conversations" on the internet, those throttling boxes have the capacity to record usage information brokebn down by major internet applications. So Bell would be able to know who much you downloaded in a month, how much of it was HTTP, P2P etc.

This data is proprietary to the ISP and Bell, as a common carrier, has no business knowing what the customers of one of its customers are doing. Their business is to carry data between the service provider and its customers. It is paid to do that.

Now, consider the implications since Bell is also Sympatico. Sympatico could use this information in a marketing campaign and target individual Teksavvy customers with packages that are tailored to their typical usage and price them $1 below what Teksavvy charges you.

I call this industrial espionage. And Bell must not be allowed to keep those boxes plugged into a portion of its network that is not related to the internet. It is clearly spying on what their competitors are doing.

sbrook
Mod
join:2001-12-14
Ottawa

sbrook

Mod

A lot of these boxes today can tell how often you go and visit CNN instead of CBC or if you frequent pron sites.

This is done by Neilson on TV, but it's done by you agreeing to have their boxes in your home ... they can even install ones that watch where peoples eyes move ... but these are, consensual. DPI techniques are anything but.

Comment
@teksavvy.com

Comment to jfmezei

Anon

to jfmezei
said by jfmezei:

This data is proprietary to the ISP
NOT IN MY BOOK!!!

ISPs (including TEKSAVVY) have no more "right" to "inspect" (i.e. WIRE-TAP) my packets than Bell.

Which is ZERO!

concerned2
@mc.videotron.ca

concerned2

Anon

Follow the directions given here and make a privacy complaint against Bell.

»Re: New development
(www.privcom.gc.ca/)

This may even streangthen the CAIP filing.
jfmezei
Premium Member
join:2007-01-03
Pointe-Claire, QC

jfmezei to Comment

Premium Member

to Comment
>This data is proprietary to the ISP

>NOT IN MY BOOK!!!

From Bell's point of view, the data belongs to Bell's customer which is the ISP. It is the ISP that pays Bell for the data transmission service.

Bell doesn't now whether you are an employees of the ISP or a customer of the ISP, nor should it have any idea of what sort of data is being exchanged. But from Bell's point of view, the line belongs to the ISP.

Now, you have a relationship with your ISP which defines your expectation of what the ISP can and cannot do with your data. But that is irrelevant from Bell's point of view.

This is similar to an ATM transaction. You deal with your bank and assume your bank keeps your data private. But from Bell's point of view, it doesn't know whether a packet transiting on bank circuits contains data specific to a bank customer, or just bank administrative data. From Bell's point of vioew, it all belongs to the bank. It is up to the bank to then ensure personal data is kept private.

Another aspect of "proprietary" is that of the ISP business itself. Bell knows how much capacity the ISP buys on the AHHSPI link. And now Bell can know exactly how much data and what type of data, and the average load per customer, what percentage of customers exceed a certain amount of usage etc etc. Such statistics are proprietary to the ISP who has decided on how much capacity to buy for a certain number of customers and what the load factor is.

Consider a case where Sympatico could target advertising to ISP-X customers stating that ISP-X has too many customers on its lines and hasn't purchased enough capacity to serve all those customers well and then make offers to those customers , offering better network with Sympatico.

AKA: Sympatico must not have any access to data statistics belonging to other ISPs.