Let's make this really simple: You have a phone, and I want to tap it without your knowledge to find out what your buying habits are and sell the information to advertisers. That's not legal, period.
Suppose you say, "OK, you can tap my phone." You "opt in." Does that make it legal?
That’s the question we're really asking when we talk about ISPs using deep packet inspection (DPI). We know the answer for telephones, and I think we know the answer for the Internet.
The obvious problem with opt-in is that there are two parties on the phone call. You may not have a problem with my gathering intelligence about you, but your partner on the call might feel very differently.
I've asked a few regulatory specialists about this, and they all say the same thing, which is that tapping a phone line with just the permission of the owner of the line is not going to keep you out of court -- and probably not out of jail (or at least out of paying a fat fine).
Multi-party communications can't be tapped without consent in telephony, and logically that's true for Internet communications, too. In the U.S., the FCC has taken a general position that the technology of a service doesn't make it subject to or immune from regulation. So person-to-person communications are protected, whether they take place on the phone or via email.
Perhaps regulators and ISPs could say that person-to-person communication is immune from DPI, but not person-to-Web. That's like saying that I can tap your phone if I promise to listen only to conversations you have with merchants. Would you believe it? More to the point, could we really say that somebody opting into such a scheme was exercising "informed consent?"
The person-to-Web application that's the ostensible goal of the DPI fans has another major pitfall. Online retailers have every reason to expect that the intelligence they gather from their relationships with their users or customers is for their benefit. Why should somebody else be able to tap into the browser connection and gain insight about their customers, or even about the portal or merchant providers they use?
I tap your phone and listen to all your calls to malls and stores, and then I sell statistics on what I hear so others can sell to you more effectively. Even if you're OK with this, your retailers might feel they’re being robbed, and perhaps they are.
The argument for opting in to DPI is the most slippery of all the regulatory or ethical slopes we've encountered in the whole debate on the Internet, regulations, and privacy rights. Proponents would like us to believe that somehow packet inspection is harmless, that DPI brings real benefits -- better targeted advertising so you don't waste your time with irrelevant ads is an example. Well, one good application doesn't mean the concept is good.
Once someone looks into your traffic beyond the addresses and service indicators, they're looking into your personal world -- and the world of every partner you have on the Internet. Once you let ISPs snoop, you will never be sure just how far it goes. Wiretap is wiretap, and in a truly free society that empowers personal choice, you cannot opt in to being a victim.
— Tom Nolle, software engineer and founder of CIMI Corp.
There's an enforcement issue here, too. There may be an opt-in law but it may not apply to the jurisdiction where the data is being stored, and so it won't be of any value in protecting the consumer. It may be that issues like privacy rights will have to be addressed in an international treaty so that spammers and scammers can't simply set up in some exotic location with no extradition or enforcement and then do what they like.
Will they honor that? Can they be held responsible if they dont?
Most users dont do any Opting out. Ive asked users and friends and family. What do most of them say? It takes too much time, its too hard to even find the Opt Out form on their sites.
I tell them, thats what they want! They want you to give up.
Do they screen the buyers of our data to make sure they have no evil intent? They could be selling the info to scammers who will then email us a nastie that will then harvest out Hard Drive and steal our ID, or set up a nice BotNet.
I think you've captured the issue here, Paul. The opt-in is a one-way license applied to a two-way conversation. In the real world it will not be possible to insure that only players who have opted in are snooped because the other party's opt-in status can't be reliably determined.
Another question is what happens when you are using multiple systems or multiple IP addresses or mobile versus fixed devices. How does your permission follow you? Would you give your permission to snoop to every access provider you use, or only to your "home" provider?
I think even the opt-in mode is also a bit risky because you may have also endangered the personal information of other persons who is not in that mode. Since communication is a 'two-way stree' as you've rightly mentioned, it will be even difficult to implement this opt-in mode without getting the consensus of all those using that 'pipeline'.
I know there are others who don't mind being tapped and they can readily accept this opt-in policy but what about those you come in contact with daily who are opposed to such stuff. Should they make it mandatory for a person opting-in to be tapped to disclose is/her status to the other parties at the other end??
I think we're in general agreememt on the approach, which is to hold information in some place for others to get according to permissions/policies, and we're really only debating the question of where the place is and how it would be controlled.
My credit bureau analogy is intended to show that we already store our most sensitive information with third parties, so we should be able to figure out a way to store demographics (to the extent we want to). Everyone, including some who have posted here, will have a different notion of how to trade info for goodies. I think it's clear that we need to control the information explicitly and to set policies on when and how it is revealed.
I've personally been fiddling with an open-source demographic coding system that attempts to categorize users without explicitly coding things like age, sex, etc. It's gotten some attention from startups, vendors, and operators so far. It's not a perfect solution but it would make the use of demographics less a collision with privacy rights by decoupling the coding from personal details.
the parallel you make to phone-tapping is very revealing, but takes you only part of the way of realizing the full scope of the problem.
Establishing a data bank with secure and journaled access and with specific opt-in and user verification, as you suggest in answer to one of the comments, also stems from a basic assumption that it's a necessary evil to " need to have demographic and behavioral data in detail" .
Should prevailing paradigms just be improved? why not challenge them with an "outside the box" thinking on how to change the game so everybody wins but no one is abused?
so we wrote a piece titled "cat on hot isp roof" you can find in our I TINE blog at http://i4c-corp.com/
in it you can find (short excerpts)
as we see it, isps will start with very strong privacy words, but as we get used to this back-door intrusion, and as it spreads, the terms will start eroding, allowing isps to harvest deeper and sell new "products" to their ever hungry information guzzlers friends...
on the jurisdiction front, an extreme example, just to make the point very clear, a via-satellite isp falls under the jurisdiction of which country?
the entire problem arises from the top-down, site-centric approach we analyze things through. by changing the point of view into an icentered one, we can nullify the problem...
the prevailing paradigm of an industry controlled by providers, geared for their own profit making, with their lip service to the benefits for their consumers, sells us short.
the industry will not fight our war. why would they?
It is up to us, users, to claim our rightful place by changing the prevailing paradigm to an icentered world. the way to do it is to reverse the paradigm to an icentered world ( http://www.icentered.org/) where we users are the center - in our rightful place, with the reins in our hands, and create a new pact of engagement terms between interacting entities.
In the icentered paradigm I assume active responsibility for my privacy management. my proactive privacy and sharing management replaces corporate' vague privacy assurance policies, and I become free from reliance on the good intentions and capabilities of providers, to properly treat my personal information. I define to what extent it suits me to unlock any info i choose.
Furthermore, I the user, am an integral part of the food chain. My data are value creating currency, but first and foremost for me, and therefore I should transparently become part of any food chain built around my data and purchasing habits.
Icentered is an alternative to the top-down patronizing formalism of providing organizations, it is our time to collaboratively pave the way and draw the blueprint to enable it. more in http://www.icentered.org/
Privacy is becoming a thing of the past, unfortunately, but there is still a difference between a situation where you MIGHT be a victim of snooping and one where it's almost certain that you will be. It's also true that many people are very willing to trade facts about themselves in return for some kind of premium, and as long as they're able to form legal consent, that's fine too. Legal consent, though, means that you understand what you're giving up, and the basic problem with tapping for commercial gain is that you can never know.
If we really need to have demographic and behavioral data in detail, we should establish a bank of it with secure and journaled access and with specific opt-in and user verification. If you want to be a part of this in return for some benefits, then you elect membership, check your data regularly, and it becomes something like a credit report. We have financial institutions collecting stuff on all of us and reporting it to a central point, but while they can get records of our purchases, they can't open our mail. I'd sure like to keep it that way!
I think the bottom line is that we don't live in Mayberry an longer. We need to begin to assume that someone is always monitoring our communications and we must do whatever is necessary to protect/encrypt it.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
If you’re a slightly gray, mid-level manager who travels a lot, you may be on the way up and worthy of professional respect, but one thing you most definitely are not is “cool.” Still, while today’s youth may think you just crawled out of a paleolithic cave, there may be hope. The iPad from Apple Inc. (Nasdaq: AAPL) (supreme arbiter of coolness) just might make you older guys (or actually old guys like me) cool.
An increasing number of wireless and personal gadgets are replacing browsers for Internet access, and the repercussions could affect the Internet itself.
"American giants on the Internet" are threats to French culture, and such Internet content portals should be taxed to subsidize older media, including newspapers, print, music, and film, according to a recent study from France. It's a bad idea, for two reasons.
Voice calling has been the engine of profit for the telcos for a century, and most of it has been old-fashioned switched voice -- what’s called “plain old telephone service,” or POTS. When VoIP was first introduced, everybody predicted that voice on the Internet would destroy the old POTS model. Now, with even service providers buying VoIP companies, it looks like that’s about to happen.
Hey, I love puppy dogs. I love apple pie. They don’t go together well, though. So while I also love the Obama administration, jobs, and a rational policy for U.S. broadband, I don’t think much of how they’re being mixed together -- at least not as it’s been presented this week.
Smarter Collaboration: How to Thrive in a Challenging Business Environment Market conditions are changing faster than ever, and organizations need to improve their agility and adaptability in order to provide better service and improve processes. The ability to work with customers, business partners, and employees as effectively as possible - while at the same time holding down costs - is a key to success. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
In the final episode of this series about the death of Internet anonymity, Saunders describes how the Internet of the future will start to attain a level of intelligence that requires no human intervention. Scary.
What can users today do to protect their online privacy? The simplest and most obvious option is to not use the Internet – at all. However, once all digital information is consolidated over the Internet, trying to protect digital identity by simply unplugging from the Internet becomes impossible – a fact that has manifest implications for civil liberties, Saunders says.
By 2011 the number of Internet-connected sensors will exceed 1 trillion, making your chances of doing anything or going anywhere unnoticed pretty much zero. Saunders talks about how the 'sensortization' of the Internet is eliminating the traditional divide between online and offline populations.
The 20th Century Internet was characterized by the ability to interact with other people and information on the Internet largely without anyone knowing who you were. The Internet of this century, conversely, will be defined by identity. Saunders explains how Internet users are unwittingly contributing to the demise of the anonymous Internet.
It is 20 years since the invention of the World Wide Web, and the Internet has changed beyond recognition since then. Steve Saunders peers into the future to predict what the Web will look like in another 20 years time – and he doesn’t like what he sees.
Data mining of social networks means people might face unforeseen consequences as a result of their seemingly innocuous personal choices and associations.
New gateways are allowing service providers to sell a set of services (an experience) over any broadband connection – even those outside their physical broadband networks.
Microsoft reportedly has plans to integrate Windows Live and even Xbox with Windows Mobile. That may provide them a strategic advantage, but what will the cost be to your privacy? Tom explains all.
With the number of mobile broadband users more than doubling in 2009, and soon to exceed fixed broadband, the Internet saw a historic transition this year – and the long-term effects are incalculable.
Comparing Internet services is tough because service providers price and market their services based on a best-case scenario connection that most consumers will never enjoy.
Research shows that the youth of today like Facebook – but not blogging or Twitter. Does that mean Facebook has won, or just that it's not yet out of favor? Will all the services we see today fade into Ovaltine-or-Wheaties status in just a few years?
What kinds of companies are doing the most innovation in the data center? Turns out it's midtier enterprises that are taking the "Just Right" approach.
Digg
Del.icio.us
Reddit
Email This
TWEET THIS
