Activists and investigative journalists are highlighting the linkage between modern surveillance technologies and repressive governments. The emerging narrative around surveillance technology provides the perfect frame for public activism. You have a clear bad guy – a Gadhafi, an Assad, the Iranian theocrats, the Chinese Communist Party. You have a symbolic token, a technology, which links the bad guys and their bad actions to reachable actors – the corporate vendors – who are part of our own society and jurisdiction. You can then campaign on a simple moral impulse – the reachable actors must not be allowed to aid, abet or profit from the violence and political injustice of the bad guys. This in turn leads to what seems like a simple and effective policy response – to sever the link between reachable actors and the bad guys by somehow banning or regulating the transfer of this technology on a global basis. This blog post offers a critique of this budding movement, turning a critical eye upon a righteous cause.
Last week Dutch Telecom giant KPN held its shareholder meeting at the Mayfair Hotel in London. All four hours of the presentation are viewable online here along with the slides used. Those who watch can see a startling revelation about the use of deep packet inspection (DPI) by a mobile operator.
A few days ago ICANN quietly posted this letter from David Holtzman of Depository Inc. to ICANN CEO Rod Beckstrom. The letter, dated January 27, has gone almost totally unnoticed, but it is important. It means the first warning shots have been fired in a prospective litigation duel between ARIN, which is the IP address registry for North America, and a company positioning itself to compete with ARIN in the provision of certain IP address-related services. What is at stake here is the control of IP address Whois data – or more precisely, whether ARIN owns this data and can withhold it from other organizations in order to maintain exclusive control over certain services.
IGP has spent a lot of time trying to get people to appreciate the massive global governance issues caused by adding security to the Internet's core infrastructure. We just didn't expect them to become this obvious so quickly. Case in point: various technical lists are abuzz with news that Cisco, the world's largest router manufacturer, is discussing the possibility of making every one of its products do DNSSEC validation by default.
Syracuse University Professor Milton Mueller was awarded $304,000 by the U.S. NSF for his research on “Deep Packet Inspection and the Governance of the Internet.” The research grant was made by the Science, Technology and Society program of the Social, Economic and Behavioral Science Directorate of NSF. The research will take place over two academic years, 2010-11 and 2011-2012.
Deep packet inspection (DPI) is a new network surveillance and traffic analysis capability that enables network operators to scan the payload of TCP/IP packets in real time and make automated decisions about whether to intercept, block, slow down, speed up or otherwise manipulate traffic streams based on that information. Mueller’s research will investigate whether the use of DPI by Internet service providers is producing major changes in the way users and suppliers of Internet services are governed.
Last month, in a speech to China's top legislature, Wang Chen, director of State Council Information Office of China, introduced that “we are also exploring an identity authentication system for users of online bulletin board systems”. Identity authentication, or real-name registration in China’s online environment has been discussed intensively in the past few years, however, Wang Chen’s speech is regarded as the first official announcement of the government enforcement to disable anonymity in popular news portals and business websites.
Two Italian law scholars, G. Sartor and M. Viola, have written up a nice description and analysis, in English, of the Judge's decision convicting Google executives of “processing health data without authorization,” apparently a criminal offense. Based on their description, the decision seems like a technically incompetent one as well as having bad policy implications.
Intermediary liability has become one of the critical flashpoints of Internet governance. A few weeks ago, we celebrated an Australian court decision that denied a bid by copyright holders to make ISPs liable for copyright infringement by people who happened to be using their networks. Yesterday, we learned of an Italian court decision that seems to have pointed in the opposite direction. Google executives were convicted of a privacy violation because of a video that one of their millions of users posted. The decision raises major concerns as it seems to require Internet intermediaries to monitor user generated content, which would be a disaster for the freedom and openness of the Internet.
But there is more to this case than meets the eye. US news coverage, which concentrates solely on Google’s outraged claims, fails to take into account three broader issues: 1) the fact that Google itself has undercut its exemption from liability by implementing monitoring of copyright; 2) the weakness, vagueness and obsolescence of the EU E-Commerce Directive’s liability protection provisions; 3) the politics in Europe and the way privacy law can be used – for both legitimate and illegitimate reasons – to attack this large global corporation that threatens the business models of entrenched interests.
An Australian judge has given the world's supporters of Internet freedom reason to heave a big sigh of relief. Judge J. Cowdroy of Sydney yesterday rejected an attempt by 34 film studios to make iiNet, Australia's third largest Internet Service provider, responsible for the copyright violations of a few of their users. The critical issue was whether iiNet was responsible for infringement because it failed to take any steps to stop infringing conduct. The judge said it wasn't.