jfmezei
Premium
join:2007-01-03
Beaconsfield, QC
 ·TekSavvy Solutions..
| Privacy Complaint Over Deep Packet Inspection
Hopefully the topic emperors won't lock this thread.
Does anyone know if CPPIC went through the normal process of first complaining to Bell ?
I've just begun to read their document at:
»www.cippic.ca/uploads/Bell-DPI-P···ay08.pdf
I am disturbed by use of terms such as "Bell sells wholesale internet access". Exactly what NOT to say. This document tends to blurr Sympatico's internet service with the data transmission service sold to competitors.
On the other hand, they do quote some of the Ellacoya PDF documents that showcase those satanic boxes' abilities to record individual user's usage statistics.
So now, the question becomes:
Has anyone contacted the privacy commisionner's offices to find out if we can comment on that letter to add to it ? They lack an important fact that the GAS/HSA services are not TCPIP services and in the case of GAS, Bell's concept of "envelope" is to be limited to the 8 byte PPPoE header and Bell has no right to delve further than that for established sessions.
And to the organisers who lead this issue (yeah, that is you Mr Rocky), should we keep quiet about this, or is there value in people sending supporting comments to the privacy commissioner ? |
|
SSP
join:2007-04-30
edit:
May 10th, @03:09AM
| Was point 30 and 33 repeated?
Anyway, this is exactly what i wanted, for some org. to dive in to the privacy issue behind this. True they misused the wholesale terminology, but at least they didn't use the word resell or white label service.  (though i don't blame them, with the media itself misusing several words to describe the GAS service).
Lets hope this will cause another letter writing campaign, this time aimed at the privacy commission rather than the CRTC. |
|
pass go
@videotron.ca
| reply to jfmezei
Since you are NOT a customer of Bell, you have no need to follow their formality.
A 3rd party company is hijacking your packets to look inside them and decided based on the contents what to do with it.
Why would you contact Bell first? They already crossed the line.
you should file your own letter of concern with the PCC |
|
TobiasFunke
Premium
join:2007-02-27
Toronto, ON
| reply to jfmezei
said by jfmezei  :Has anyone contacted the privacy commisionner's offices to find out if we can comment on that letter to add to it ? They lack an important fact that the GAS/HSA services are not TCPIP services and in the case of GAS, Bell's concept of "envelope" is to be limited to the 8 byte PPPoE header and Bell has no right to delve further than that for established sessions. Everyone has the right to lodge a complaint with the Privacy Commissioner - it's not like the CRTC or Competition Bureau where you need to be a recognized party. Therefore, feel free to write your own letter to the PC and reference CIPPIC's submission. |
|
nanook
ex redbaron
Premium
join:2007-12-02
·Bell Sympatico
·TekSavvy Solutions..
| reply to jfmezei
The CBC has picked up on this: Bell accused of privacy invasion quote:
The CIPPIC, which is made up mainly of lawyers and law students from the University of Ottawa, says Bell has not only failed to show that its network is congested and that its actions are necessary, but it has also run afoul of the Personal Information Protection and Electronic Documents Act (PIPEDA) in doing so... The group has called on Privacy Commissioner Jennifer Stoddart to investigate Bell as well as other ISPs that have either admitted to or are reportedly engaging in traffic shaping — notably Rogers Communications Inc., Shaw Communications Inc., Cogeco Inc. and Eastlink — and ensure compliance with PIPEDA...
|
|
R0CKY
TSI Rocky
Premium,VIP
join:2005-05-19
Chatham, ON | Interesting article... |
|
SSP
join:2007-04-30
| reply to nanook
Best part of that article:
quote:
The CRTC said it would issue its decision on the interim request some time in May. Tom Copeland, chairman of the internet providers' association, says he expects an answer this week.
w00t!  |
|
nanook
ex redbaron
Premium
join:2007-12-02
·Bell Sympatico
·TekSavvy Solutions..
| said by SSP :w00t! I prefer to withhold my "w00t" until the CRTC rules in favour of CAIP |
|
Stewy
Premium
join:2007-12-12
Kitchener, ON
|  reply to jfmezei
|
|
Guspaz
Guspaz
Premium,MVM
join:2001-11-05
Montreal, QC
·Colbanet
·TekSavvy Solutions..
| Digg (»digg.com/security/Deep_packet_in···concerns) picked up the Ars Technica (»arstechnica.com/news.ars/post/20···ics.html) article about this. |
|
Stewy
Premium
join:2007-12-12
Kitchener, ON
| "Current gear is so sophisticated that it can reconstitute e-mails and IM conversations out of asymmetric traffic flows and it can essentially peek "under the hood" of any non-encrypted packet to take a look at what it contains."
and basically the Carriers are saying that "we won't peek". |
|
derekm
join:2008-02-26
·TekSavvy Solutions..
 ·Rogers Hi-Speed
edit:
May 13th, @09:34AM
| reply to jfmezei
Of all the complaints and actions taken (edit: all of which are valid and good), this one makes me feel all warm and fuzzy.
I am so happy to see this finally publicly being called for *what it is*.
Now it's time to see if our privacy commissioner has any teeth.
Say it with me now, nice and slow: p-u-n-a-t-i-v-e |
|
nanook
ex redbaron
Premium
join:2007-12-02
·Bell Sympatico
·TekSavvy Solutions..
| reply to Stewy
said by Stewy :"Current gear is so sophisticated that it can reconstitute e-mails and IM conversations out of asymmetric traffic flows and it can essentially peek "under the hood" of any non-encrypted packet to take a look at what it contains." and basically the Carriers are saying that "we won't peek". Ever since the first telephone call was placed it has been possible to intercept ("tap") telephone conversations. This capability continues even today with digital cellphone calls, even though those calls are supposed to be encrypted. While it is possible to do this, it is not legal without an explicit court order.
Perhaps, in addition to attacking DPI on privacy grounds under PIPEDA, we also need to lobby for similar treatment of Internet traffic as for telephone traffic in the Telecommunications Act. In other words, if an ISP wants to do DPI then they need to convince a judge to issue a court order. Of course, it is as unlikely that any court would give an ISP a blanket order as it is that they would issue a blanket wiretap order for all telephone traffic.
This analogy with wiretapping the telephone system is also a lot easier for the general public to understand compared to discussions that use terms like deep packet inspection, packet headers, etc.
Perhaps Rocky and the other ISP reps on DSLReports can suggest this approach to CAIP and their legal teams. |
|
schnauz
join:2007-12-10
Nepean, ON
| reply to jfmezei
With the wiretapping point being made, can Ellacoya's DPI boxes be used to actually decipher VOIP data? Narus Software produces DPI products that can do that, apparently it's what the NSA uses to track VOIP calls.
»www.narus.com/products/index.html
»en.wikipedia.org/wiki/Deep_packe···d_States
Does anyone know if Ellacoya's DPI boxes are sophisticated enough to do that? I find that truly scary if that would give Bell the ability to decipher VOIP calls, rather than just prioritizing VOIP traffic. |
|
Radar73
join:2008-01-20
Ajax, ON
| reply to nanook
said by nanook :Perhaps, in addition to attacking DPI on privacy grounds under PIPEDA, we also need to lobby for similar treatment of Internet traffic as for telephone traffic in the Telecommunications Act. This may already be covered in the Telecommunicaitons Act, as CAIP has argued various point of the Act in it's complaint and response. The Act doesn't specify it's for telephone services only. Definitions of telecommunications include any transmission over distance using wire, radio, optical or other electromagnetic channels to transmit and receive signals for communications. We'll have to see how the CRTC interprets the Act when it rules on the CAIP complaint. |
|
CanerisErik
Premium
join:2007-10-03
Toronto, ON
| reply to schnauz
said by schnauz :can Ellacoya's DPI boxes be used to actually decipher VOIP data? There is nothing to "decipher" nor is any special hardware or software or DPI required. Any packet sniffer will do. It's quite trivial to reconstruct audio from a captured RTP stream and such common VoIP signaling protocols as SIP are plain text. |
|
derekm
join:2008-02-26 | reply to jfmezei
DPI == Deep Packet Inspection == Despicable Privacy Invasion |
|
tertech
join:2008-04-12
Ottawa, ON
| reply to Stewy
said by Stewy :"Current gear is so sophisticated that it can reconstitute e-mails and IM conversations out of asymmetric traffic flows and it can essentially peek "under the hood" of any non-encrypted packet to take a look at what it contains." and basically the Carriers are saying that "we won't peek". That's like your landlord installing HD cameras in your apartment and saying they're just being used as motion sensors.  |
|
Stewy
Premium
join:2007-12-12
Kitchener, ON
edit:
May 13th, @01:18PM
| said by tertech :said by Stewy :"Current gear is so sophisticated that it can reconstitute e-mails and IM conversations out of asymmetric traffic flows and it can essentially peek "under the hood" of any non-encrypted packet to take a look at what it contains." and basically the Carriers are saying that "we won't peek". That's like your landlord installing HD cameras in your apartment and saying they're just being used as motion sensors. to be more specific...
That's like your landlord illegally and by unethical means installing HD cameras in your apartment without telling your or without your consent and only once you find out telling you it's used as *cough* motion sensors and that I promise that I won't peek *cough*. |
|
jfmezei
Premium
join:2007-01-03
Beaconsfield, QC
·TekSavvy Solutions..
edit:
May 13th, @04:30PM
| reply to jfmezei
Privacy commisionner's office are aware of the CIPPIC letter.
I don't believe in palm readers, so I went to my regular foot reader. She believes that this issue might be treated differently from a normal privacy letter complaint since it represents more of a "big picture" instead of an individual complaint.
The ridges of the base of my feet were not detailed enough to give the reader any idea of how long a process it might take. But one small intersecting ridge gave her the impression that this dossier would not be put at the end of some backlog of dossier. |
|
