Public consultation on potentially invasive technology

| 29/07/2009

(CNS): Public input is being sought on a controversial technology used by internet service providers (ISPs) that critics claim leaves internet users’ private information vulnerable to abuse, while others say it has the ability to protect users from viruses and spam and make internet service more efficient. The Information and Communications Technology Authority (ICTA) has launched a public consultation on the use of Deep Packet Inspection (DPI) and similar technologies, which gives ISPs the ability to access the content of all unencrypted internet traffic, including web surfing data, email, and peer-to-peer downloads.

Deep Packet Inspection is used by ISPs in the US to conform to the Communications Assistance for Law Enforcement Act (CALEA), the US government-ordered internet wire-tapping directive. And according to the Wall Street Journal, the same technology was used by the Iranian government to block communication and also to monitor it to gather information about individuals, as well as alter it for disinformation purposes. Recently, British Telecom dropped an internet tracking ad-delivery system WebWise, developed by Phorm and using DPI technology, which is thought to be a reaction to a public campaign against it.

“The potential for abuse is enormous,” a local IT professional told CNS. “Most people don’t fully understand that virtually everything about them is digitized and shipped around on the net routinely. It’s as if all of our private information is available for checkout at the public library. It’s going to become much bigger soon – particularly as the push to modernize and simplify medical record keeping gains momentum. While I think that is an important thing to do, it should not be done without also defining what privacy protections should be in place and precisely how they will be implemented.”

As well as controversy surrounding privacy, DPI has also sparked a “Net Neutrality” debate, which centres around whether or not network operators should be permitted to vary the bandwidth being provided to customers based upon the protocols or applications that the customer is using.

The IT professional, who asked to remain anonymous, said, “The ability to sift traffic and allocate bandwidth based on type of activity is potentially good but also potentially abusive,
particularly in regions where there is little competition. In the case of Skype we could find ourselves paying more for high quality service or just getting lousy service. ISPs could adopt a more complex fee structure for high speed access. Consumers could be charged extra for a guarantee of high quality VoIP service, for example. Local telecom companies could potentially
gain an unfair advantage for their Netspeak VoIP service by assuring it got a better quality of service as compared to Skype VoIP traffic.”

However, he added, “There are reasons why this may not be likely to happen – it simply may be
more trouble than it’s worth since the technology for squeezing tremendous bandwidth from existing fibre circuits is developing very rapidly. There is a lot of disagreement in the technical community about the ability to expand capacity versus the ability to consume it. Some feel there is huge overcapacity, others predict we’ll run short in the not too distant future. Setting that argument aside, I do worry about such a critical asset in the hands of for profit organizations with questionable regulatory oversight,” he said.

ICTA Managing Director David Archbold said ISPs could argue that while they had the hardware to see private information, they had not installed the software. But once the technology was in place, it would make it possible for ISPs to have access to any data that was not encrypted. He noted, however, that too much encrypted data uses up more resources and slows the system down.

On the other hand, the ICTA points out that there are potential benefits in the use of DPI to both consumers and the telecommunications industry. It enables the industry to guarantee different levels of service by associating particular application-types with particular usage-plans or priority levels, potentially helping to prevent network congestion and thus improve an ISPs service to customers. Further, information gained from DPI can assist ISPs with network design and their plans for network expansion, network security and the delivery of new and enhanced services.

Companies marketing DPI have proposed that ISPs can also enhance their revenue streams by providing targeted advertising and by charging content providers fees to ensure that customers have “priority access” to their services.

The authority is inviting all stakeholders to provide their views on this technology, which will be considered by the ICTA Board. CNS understands that the existing board is still in place, though the UDP has made changes to other boards.

According to the ICTA, copies of the posted consultation document may be obtained by accessing the ICTA web site at www.icta.ky or by calling the ICTA offices at 946-ICTA (4282). Comments on the Public Consultation are to be submitted to the ICTA by 31 August 2009. Submissions may be sent by e-mail to: consultations@icta.ky; or delivered to the ICTA at Alissta Tower, Third Floor; or mailed to PO Box 2502 GT, Grand Cayman; or sent by fax to (345) 945-8284.

Print Friendly, PDF & Email

Category: Science and Nature

About the Author ()

Comments (6)

Trackback URL | Comments RSS Feed

  1. Secret Agent Man says:




    Let’s soften the blow by saying…

    "while others say it has the ability to protect users from viruses and spam and make internet service more efficient.” 

    This is the kind of words used to make the public feel warm and cozy all over. Cuddles.  Give my information to the Government & other bodies?!  I don’t think so.  I pay for Internet access and therefore I should be able to use as much as I like.  Don’t give me rubbish about using too much per month etc.  Stop trying to squeeze me for more $$ because I’ll just go to another provider that have fair pricing  and does not try to govern my access to the World Wide Web.  What’s next?  My IP being blocked from certain news sites? 

    The quoted IT Professional is correct in his/her statements and I’m glad you found someone that knows what they are talking about.  I hope you continue to follow this story and consult those in the know about such privacy invading "protections" & schemes. Remember Governments and Corporations love control; the former milks the people/country for power &money all under the disguise of protecting you and your children.  I love the way they always bring in the "for our children" – the nerve of them.  The latter more even more sinister.  Big, corporate, greedy & a master at the controls.  Like that magicJack you bought at the supermarket?  Be prepared for the quality of service (how good you can hear the other person & vice versa) to take a nose dive if DPI is allowed to be implemented.  No scare tactics from me, issues such as I describe& worse have already been documented.  Corporations will do all it can to trump another company’s service/device when it cannot beat ’em.  The recent C&W/LIME .vs. Digicel in Jamaica rings a bell or Net2Phone .vs. C&W in 2000 right here in Cayman.  So I say no to DPI, the ills that will come from it far out weight the potential benefits, imagined and otherwise.

     

    George Orwell’s book, 1984 has come full circle it seems.  Now where is my tin foil hat?

    “Who controls the past controls the future. Who controls the present controls the past. “- George Orwell.

    Found this current article:

    CCIA Notes Dangers Of Deep Packet Inspection Used By Governments 

    Jun 22, 2009

    Washington — As Iranians demonstrate in the wake of the election, Iranian officials have tried to control access to information by kicking journalists out of the country and limiting what official news outlets can report. Now the Wall Street Journal and other publications are reporting on how Iranian officials are using the Internet to censor information and spy on citizens using deep packet inspection.

    DPI allows network operators or a government to intercept data flowing over the Internet, deconstruct it to examine for particular keywords and then reconstruct it in a matter of seconds. The following statement can be attributed to Computer & Communications Industry Association President & CEO Ed Black. Click the Read More link below for more.

    “Reports that Iran is using this technology to detect political dissenters online are disturbing. The Internet can be a tool to enhance political communication and participation in a democracy – or it can become an even more intrusive way for a government to control access to information, spy on its citizens and detect political adversaries.

    “George Orwell’s vision of a telescreen in every home or office that can make it possible for authorities to see and hear a citizen at any time is no longer fiction. If these news reports in the aftermath of the 2009 election are correct, it is 1984 in Iran. They come just weeks after reports China was using deep packet inspection as part of the so-called ‘Great Firewall.’

    “When network operators – either a government or commercial operator – use deep packet inspection, the privacyof Internet users is compromised. In the wrong hands, this privacy invasion quickly turns into a human rights violation. Iran is yet another example of why the use of certain technologies such as deep packet inspection needs to be restricted.

    “Controlling access to information has been a hallmark of repressive regimes throughout history. The techniques are now more advanced and more insidious. A country’s policy on Internet freedom and openness should be noted as part of our State Department’s regular monitoring of human rights. There needs to be a coordinated effort across all departments and agencies to bring the full power and attention of the U.S. Government in promoting Internet freedom as a human rights issue and as a democracy-building endeavor.

    “While the United States can’t control what happens in Iran, it can be a model for practices that support democracy. Restricting the use of DPI to protect the freedom of the Internet is a step toward preserving freedom that responsible, democratic governments should be taking. If the US government and others who care about liberty don’t push Internet freedom to the top of the priority list now, they’ll be failing the future.”

    As copied from:  http://preview.tinyurl.com/lr76ea

    Educate yourself:  http://preview.tinyurl.com/58yrj6

     

  2. Mike says:

    The difference in the digital age is that once information is in computer readable form there are no technical barriers to making it universally available. With paper records, that was logistically impossible.

    Publishing  the daily records of even one medium sized instutition in printed form is a huge task. Yet, today’s technology makes it not only possible but comparitively simple to massively  ‘publish’ information, available on demand to everyone. Therefore, the burden of safeguarding information is correspondingly higher.

    With technologies like Deep Packet Inspection a technical reality,  even the most minor and unintentional lapse in security can expose enorrmous amounts of sensitive information. The issue of protecting private information is radically different than it has been in the past.

    The question is whether, in an age where information is increasingly digitized,  the technologies and procedures to protect sensitive information are keeping pace with the development of potentially invasive technologies.

  3. Anonymous says:

    There is a legal responsibility for organizations such as Hospitals and Government to protect personal information whether stored in digital or hard copy format. This should be covered by their internal IT policies and the information should NOT be allowed into the public domain. If it needs to be transferred to another organization than it should be done in an encrypted format.

    If those were your medical or financial records — would you want them circulating!?

    As for the Secretary that can get all the information:

    1. Hospital, Police, Courts computer systems have all been hacked and data is leaking out   (unlikely)

    OR

    2. she is calling someone she knows in those respective offices and asking for it (more than likely) 

    If you know its from the "underground", how can you not understand that it is illegal!?

    If you are aware of breaches in confidentaility you have a moral responsibility to provide that information to the police or the organization from which it came. I am not sure about legal ramifications but possibly an accessory to a crime, especially if you know they were received through or for criminal activity.

    That said — I have seen a lazy, arrogant, unintelligent HR representative providing an employees medical background to everyonein the office. Obvioulsy a major breach of confidentiality, significant enough to warrant immediate dismissal but since she is the owners wife …

    So you’ll always have a level of stupidity to deal with regarding confidentiality!

    • Anonymous says:

      I know an IT person that worked on a building in Miami and all Cayman Data runs through this building..interesting enough the CIA/FBI etc operate in the same building on the next floor up…furthermore, I have been made to understand that they have offices worldwide and it is a similar arrangement in each country that this private firm operates CIA in same building…hmmm I learned about this last year so your data is private??

  4. Szocske says:

    And the technical solution is right there in the article: just use encription.

  5. Anonymous says:

    Why not?  What’s left to save?

    The CIA and MI6 are already reading every packet of information going in and out of this island to collect intel by following the money trails etc, adding the data to the mega-computers they run for current and future reference (Hi fellas, how’s the weather at the interpretation centre in Canada?). 

    There is no such thing as privacy anywhere on this island.  My Caymanian secretary is very well connected to the local underground and can find out anything about anybody in less than an hour.  Medical files? Sure. Court files? Yup.  Police records and photos? Yup… and the locals are all sharing files like that.  It offended me greatly at first (still does a little), and I do not ask her to do such things, but they’ve been at it for a very long time and quietly go about it.

    Privacy does not exist here, so don’t get too worked up about it.