The Greatest Threat to Privacy

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Paul Ohm

March 2009

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

Note: This essay was contributed by the author to the Office of the Privacy Commissioner of Canada's Deep Packet Inspection Project

Nothing in society poses as grave a threat to privacy as the Internet Service Provider (ISP). Simply put, your ISP has the means, motive, and opportunity to scrutinize nearly every communication departing from and arriving to your Internet-connected computer:

Opportunity: Because your ISP serves as the gateway between your computer and the rest of the Internet, every e-mail message, IM, and tweet you send and receive; every web page and p2p-traded file you download; and every VoIP call you place travels first through your ISP’s routers.

Means: A decade ago, your ISP lacked the tools to efficiently analyze every communication crossing its network, because computers were relatively slow and networks were relatively fast. I use the analogy of the policeman on the side of the road, scrutinizing the passing cars. If the policeman is slow and the road is wide and full of speeding cars, the policeman won’t be able to keep up.

Over the past decade, while network bandwidth has increased, computer processing power has increased at a faster rate, and your ISP can now analyze more information, more inexpensively than before. The roads are wider today, but the policemen are smarter and more efficient. An entire industry – the deep-packet inspection industry – has arisen to provide hardware and software tools for massive, widespread, automated surveillance.

Motive: Third parties are placing pressure on ISPs to spy on users in unprecedented ways. Advertisers are willing to pay higher rates for so-called behavioral advertising. For example, Ikea will probably pay more to place an ad in front of people who have been recently surfing furniture websites. To enable behavioral advertising, companies like NebuAd and Phorm have been trying to convince ISPs to collect user web-surfing data they do not collect today. Similarly, the copyrighted content industries seem willing to pay ISPs to detect, report, and possibly block the transfer of copyrighted works.

Because of these three factors, ISPs are scrutinizing more information – and different forms of information – than they ever have before. AT&T has begun to consider monitoring for copyright violations; Charter Communications signed with NebuAd, sparking a firestorm of publicity and legislative interest which pushed Charter to abandon the deal; and a few British ISPs have begun to use Phorm’s services. I predict that these examples presage a coming storm of unprecedented, invasive ISP monitoring.

Still, to call this the greatest threat in society, I need to answer the question, “compared to what?”. In particular, since I began making this claim, many have asked, “Doesn’t Google threaten privacy more?” I worry more about the threat to privacy from ISPs than from Google.

You can hide from Google but it is very hard to hide from your ISP. Even though Google collects a lot of information about what its users do when they use its services, it cannot track what it cannot see. Whenever you leave a Google-owned or affiliated website, Google loses track of you. As you surf the New York Times, Yahoo!, Facebook, Amazon, Craigslist, or eBay, Google has no way of knowing what are you doing. When you communicate via VoIP or download files over BitTorrent, Google has no way of monitoring you.

Your ISP, in contrast, never loses sight of you (unless you encrypt your communications or switch to another provider). As a commenter to a New York Times blog post put it, “Deep Packet Inspection is Adware or Spyware ON YOUR NETWORK.”

More directly to the comparative point, your ISP can see nearly everything you do whenever you use Google. Virtually no Google service uses encryption by default. Your ISP can see and record every Google search query, Google Calendar entry, YouTube video stream, and Google Reader request. For this reason, the threat to privacy from Google is merely a subset of the threat from your ISP, assuming of course that your ISP is watching.

Let me end on a more cheerful note. Despite my predictions of gloom, your ISP may not be watching. On September 25, 2008, at about the time this was written, representatives from Verizon and AT&T pledged to the U.S. Senate Commerce Committee that they would monitor users for marketing purposes only with explicit consent. These providers have taken an encouraging first step, and if other providers follow their lead, my dire predictions made above may never come to pass. Never before have I hoped so sincerely to be proved wrong.

Date modified: