U.S. National Science Foundation funds research on social impact of network surveillance technologies

Syracuse University Professor Milton Mueller was awarded $304,000 by the U.S. NSF for his research on “Deep Packet Inspection and the Governance of the Internet.” The research grant was made by the Science, Technology and Society program of the Social, Economic and Behavioral Science Directorate of NSF. The research will take place over two academic years, 2010-11 and 2011-2012.

Deep packet inspection (DPI) is a new network surveillance and traffic analysis capability that enables network operators to scan the payload of TCP/IP packets in real time and make automated decisions about whether to intercept, block, slow down, speed up or otherwise manipulate traffic streams based on that information. Mueller’s research will investigate whether the use of DPI by Internet service providers is producing major changes in the way users and suppliers of Internet services are governed.

China: Real-name registration required in online bulletins

Last month, in a speech to China's top legislature, Wang Chen, director of State Council Information Office of China, introduced that “we are also exploring an identity authentication system for users of online bulletin board systems”. Identity authentication, or real-name registration in China’s online environment has been discussed intensively in the past few years, however, Wang Chen’s speech is regarded as the first official announcement of the government enforcement to disable anonymity in popular news portals and business websites.

Light shed on the Google-Italy case

Two Italian law scholars, G. Sartor and M. Viola, have written up a nice description and analysis, in English, of the Judge's decision convicting Google executives of “processing health data without authorization,” apparently a criminal offense. Based on their description, the decision seems like a technically incompetent one as well as having bad policy implications.

There’s more to the Google-Italy case than meets the eye

Intermediary liability has become one of the critical flashpoints of Internet governance. A few weeks ago, we celebrated an Australian court decision that denied a bid by copyright holders to make ISPs liable for copyright infringement by people who happened to be using their networks. Yesterday, we learned of an Italian court decision that seems to have pointed in the opposite direction. Google executives were convicted of a privacy violation because of a video that one of their millions of users posted. The decision raises major concerns as it seems to require Internet intermediaries to monitor user generated content, which would be a disaster for the freedom and openness of the Internet.

But there is more to this case than meets the eye. US news coverage, which concentrates solely on Google’s outraged claims, fails to take into account three broader issues: 1) the fact that Google itself has undercut its exemption from liability by implementing monitoring of copyright; 2) the weakness, vagueness and obsolescence of the EU E-Commerce Directive’s liability protection provisions; 3) the politics in Europe and the way privacy law can be used – for both legitimate and illegitimate reasons – to attack this large global corporation that threatens the business models of entrenched interests.

No to ISP Intermediary Liability Down Under

An Australian judge has given the world's supporters of Internet freedom reason to heave a big sigh of relief. Judge J. Cowdroy of Sydney yesterday rejected an attempt by 34 film studios to make iiNet, Australia's third largest Internet Service provider, responsible for the copyright violations of a few of their users. The critical issue was whether iiNet was responsible for infringement because it failed to take any steps to stop infringing conduct. The judge said it wasn't.

Second thoughts about that Wall St. Journal article on Iran and DPI

The censorship of Internet communications by the Iranian theocracy has been known for years. Months ago, a Freedom House study singled out Iran as one of the four worst enemies of Internet freedom. Yet a 22 June Wall Street Journal article got about 100 times more publicity than the Freedom House report, by making what turns out to be a spurious claim. Nokia-Siemens Networks is alleged to have sold the theocrats deep packet inspection (DPI) equipment that made it possible for them to, in the reporter’s words, “not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes.”

The story was eaten up because it pushes hot buttons on both sides of the American political spectrum. For liberals and the left, the article fingered DPI technology, which many fear will be used to undermine if not destroy net neutrality. And to many in that camp, nothing could be more ideologically simpatico than to place some of the blame for the Iranian debacle on greedy capitalists. For conservative nationalists, on the other hand, the story hit an equally strong nerve. They tend to favor a hard-line foreign policy toward Iran, a charter member of the “axis of evil.” Their agenda is to isolate and demonize the Iranian government and, in a replay of the Cold War, push to cut off all trade and dialogue – if not to invade it outright. DPI becomes a proxy for nuclear weapons and a new kind of nonproliferation is advocated.

But even as the story was rippling through numerous email lists and blogs, I smelled something fishy about it.

Inaugural Address: “The Future of Freedom on the internet: Security, Privacy and Global Governance”

Milton Mueller, appointed as professor to the Chair of Security and Privacy of Internet Users within the Faculty of Technology, Policy and Management at the Delft University of Technology will present an Inaugural Address, "The Future of Freedom on the internet: Security, Privacy and Global Governance" on Friday, 17 October...

Conference: Privacy in Social Network Sites

Milton Mueller will be a keynote speaker at the upcoming Privacy in Social Network Sites Conference to be held October 23-24, 2008 at Delft University of Technology (TU Delft). The program is available here. Recently, Social Network Sites (SNS) have been used to support the American presidential campaigns and to...

Privacy by design?

I just returned from the “Internet of Things, Internet of the Future” conference sponsored by the French Presidency of the EU. At a panel on the privacy implications of RFID, I was struck by the way so many panelists, perhaps 4 or 5 out of 7, invoked “privacy by design” as a way of responding to RFID privacy threats. They all seemed to agree that it was somehow possible to pre-configure the technology in a way that privacy is structurally protected. Appropriately enough, the next day one of the chief intellectual promoters of this myth, law professor Lawrence Lessig, keynoted the conference.

I think people who put such stock in the ability of “design” or constructed “architectures” to solve or forestall social problems are wrong. Our ability to solve privacy problems depends on how strongly people value privacy, how well they mobilize politically and economically and whether they have the legal and regulatory tools to intervene in strategic areas of the value chain. There is no magic shortcut that allows a social objective to be inserted into the “genes” of a technology at the outset to save us from all that laborious work.