Privacy is about use cases, not about technology
This page has been archived on the Web
Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.
Chief Technology Officer, Sandvine Incorporated
Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.
Note: This essay was contributed by the author to the Office of the Privacy Commissioner of Canada’s Deep Packet Inspection Project
Communications technologies have changed people’s views of personal privacy for hundreds of years. The invention of the printing press allowed wide-scale distribution of information about public figures that was previously impossible, funding an industry of paparazzi and tabloid reporters who appealed to the public’s prurient interests as a means of selling advertising. The rise of the consumer Internet has given unprecedented ease of access to information which once may have been considered private and personal, including information from newsgroup postings, personal blogs, social networking sites, and, in some cases, from unintentional information leakage or even intentional information theft. The level of information available about individuals which is available through a simple search engine would be considered astonishing compared to as recently as even 10 years ago. Society has always adapted to changes in technology with a give and take, modifying guidelines and accepted practices on information usage, and realigning expectations with respect to information privacy. Will the Internet continue this trend, or are privacy concerns and progress destined to oppose each other?
Legislation and Technology
Legislation has often struggled to keep up with technology. Where a new technology has created a perceived need for legislation, legislators have often tended to focus on the technology itself, rather than the use cases involved. In essence, they focus on writing the letter of the law when they should focus on the spirit. Take for example the case of American jurist Robert Bork. Other than being famous for acquiescing to Richard Nixon’s will and firing special prosecutor Archibald Cox, he is known for being a candidate to the US Supreme Court. During the debate of his nomination, Bork’s video rental history was leaked to the press, which in turn led to the enactment of the Video Privacy Protection Act. In this case, the law clearly did not stay abreast of technology, and was enacted for the narrow purpose of preventing information about VHS tape rentals from reaching the public, anticipating neither DVD rentals 10 years later, nor video on demand over cable, nor Internet-based video distribution. If society had acted to place guidelines on ‘dissemination of entertainment preference information’, which was the actual intent, we would have been better served, rather than having legislation narrowly targeted to a specific technology.
Privacy is all about the expectations of those involved. As a consumer, I expect the content of my email message to be private between me and my intended recipient, regardless of whether I send it via my residential Internet service provider’s mail server, or via a web-based service such as Google’s Gmail or Microsoft’s Hotmail. If this email were to be used by anyone other than my intended recipient, my expectation of privacy would not be met, regardless of whether this unauthorised use was facilitated by the Internet service provider I am using or by a web-based service I am using. The societal expectation of privacy applies to the use of the information, not the method or point of interception. To allow a model where a web-based provider of email services can read my email, and use the contents to build a profile of me for advertising purposes, but not allow an Internet service provider (also with my consent) to do the same thing is to create an imbalance in my expectations that the majority of email users do not appreciate. Privacy use cases should be viewed through the expectations of the information originator, not through the specific narrow methods which are used to gather the information.
Throughout history, control of terminology has been used as a method of setting agendas and inciting preconceived conclusions on the basis of nomenclature alone. It appears that this is becoming true again in the current privacy debate regarding the term “deep packet inspection” and its acronym “DPI”. Deep packet inspection is, from a network engineering and architectural perspective, the act of any network equipment which is not an endpoint of a communication using any field other than the layer 3 destination IP address for any purpose. DPI has been used for years in providing voice over Internet protocol (VoIP) services (e.g. in a session border controller), for providing safe and secure traversal of consumer and enterprise firewalls, for providing network address translation services, and for managing quality of service in a network.
Unfortunately, in the summer of 2008 a special committee of the US congress invited testimony on the subject of behavioural targeting in Internet-based advertising. The specific technique investigated was, perhaps inadvertently, labelled as DPI. Rather than focus on the use cases (e.g. whether it was acceptable to build a profile of a user for the purpose of targeted advertising), the technology itself became the focus of the examination. It appears that as a result of this inquiry and the press coverage and commentary arising from it, in the public’s mind, all uses of DPI now somehow, by definition, involve privacy invasion, rather than just those that go into specific content and use the information.
DPI is a required technology as part of the Internet’s evolution, being critical to help evolve from IPv4 to IPv6, to providing quality voice services, etc. DPI need not involve inspecting the ‘content’ of a communication, but is required to address fields other than the layer-3 destination IP. For example, service providers of all access types (cable, DSL, FTTx, wireless) have used DPI to understand and manage traffic in their networks. The most common applications – network capacity planning, congestion management and mitigating malicious traffic like denial of service attacks and spam – do not require the inspection of content. To be clear, applications such as these do not read your mail, listen to your voice calls, or watch the video you are streaming. They inspect only those locations of a packet that hold identifying signature characteristics to the extent necessary to see if there is a match with the signature profile in the library. Once identification has occurred further inspection stops and the attributes examined in the process of arriving at that identification are “forgotten”. Machines which make instantaneous automated decisions on network information and do not share that with humans are not a threat to privacy, but are a requirement for reliable communication. Demonising a broad class of technologies, in this case DPI technologies, is not serving any useful purpose in ensuring privacy.
The public would be best served by guidelines for online information usage, rather than for the means of information collection. From an end-user perspective, it does not matter to me whether someone builds a profile of me by looking at packets on the wire, or by placing cookies on the web sites I visit. Both yield the same result, some third-party builds a model of my interests and behaviours.
Humans are adaptable. Society will evolve. Our concept of privacy in the information age will change over time, and our expectations of what uses are private will become clearer. If we focus on the use cases in a user-centric fashion, rather than the techniques or technologies, these guidelines will be easier to convey and enforce. Society is not well served by a narrow focus like protecting the privacy of video cassette tape rentals, nor is it well served by trying to prevent a technology because it has concerns with one of the use cases the technology enables. DPI is needed for our continued innovation of the Internet. Let us focus on making our future spirit of privacy expectations clear rather than limiting our attention to one particular means.
- Date modified: