Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

Monday, December 3, 2012

ITU Approves DPI Recommendation (T.2770); Google Protests

The ITU approved on November 20, the Y.2770 Recommendation- "Requirements for deep packet inspection in Next Generation Networks".

The ITU does not publish the recommendation to the public, but I was able to locate what seems to be one of the revisions of the document (here).

The recommendation opened a public relations battle (see "ITU packet inspection standard raises serious privacy concerns" - here). Google joined the battle in a colorful way - its home page is now linking to "Take Action", calling for a "A free and open world depends on a free and open web" (here).

Thursday, April 19, 2012

Tim Berners-Lee on DPI and Privacy in the UK

Olivia Solon reports to Wired UK on Tim Berners-Lee (pictured; see also "Tim Berners-Lee Defends Net Neutrality" - here) speech during during W3C on the UK government DPI based mass surveillance plans ("Communications Capabilities Development Programme" - here):
".. Somebody clamps a deep packet inspection (DPI) thing on your cable which reads every packet and reassembles the web pages, cataloguing them against your name, address and telephone number either to be given to the government when they ask for it or to be sold to the highest bidder -- that's a really serious breach of privacy .. DPI used to be impossible because processors weren't fast enough, but now your router can understand which diseases you think you might be suffering from .. People confide things in the internet by the searches they do. Some things they wouldn't tell anyone else, even the people they love the most, until they've -- for example -- checked the lump is really a cancerous lump. If that information was acquired by someone who wants to blackmail you, you are toast".
See "Tim Berners-Lee: deep packet inspection a ‘really serious’ privacy breach" - here.

Thursday, January 26, 2012

O2 Uses Openwave to Insert Users' Mobile Numbers into HTTP Requests

The press reports that Lewis Peckover, system administrator, Probability, found that O2 inserts customers' mobile number into HTTP headers (x-up-calling-line-id field) sent to web sites. Lewis even set a web page (here) for O2 users (or anyone else) to see that. This is a common mobile proxy gateway, generally known as "header insertion".

According to the following article, x-up-calling-line-id field is generated by Openwave gateways, which are also used by O2. Equipment from other vendors does it as well, of course, see an example for that here. One reason to do that is to identify the user to 3rd parties, for chagrining or other purposes.

Few hours after his discovery, Lewis tweeted that "Looks like @O2 may have just resolved the issue. It has stopped showing my number. Anyone still seeing it?"

See report by Anna Leach for The Register - "O2 leaks 3G users' mobile numbers to every website visited" - here.

Friday, October 14, 2011

EU: ISPs' Traffic Inspection "raises serious issues relating to the protection of users’ privacy'

A document by Peter Hustinx (pictured), European Data Protection Supervisor, presents its opinion on "on net neutrality, traffic management and the protection of privacy and personal data".

Some of the conclusions are: 
  • ISPs' increasing reliance on monitoring and inspection techniques impinges upon the neutrality of the Internet and the confidentiality of communications This raises serious issues relating to the protection of users’ privacy and personal data.
  • The EDPS considers that there is a need for national authorities and BEREC (see "Yet Another ISP Transparency Guide" - here) to monitor the market situation. This monitoring should result in a clear picture describing whether the market is evolving towards massive, real-time inspection of communications and issues related to complying with the legal framework
  • Depending on these findings, additional legislative measures may be necessary. In such a case, the Commission should put forward policy measures aiming at strengthening the legal framework and ensuring legal certainty. New measures should clarify the practical consequences of the net neutrality principle, as this has already been done in some Member States, and ensure that users can exercise a real choice, notably by forcing ISPs to offer non-monitored connections
See "Opinion of the European Data Protection Supervisor" - here and press release - here.

Friday, July 1, 2011

Netherlands Mobile Operators Abuse Privacy with DPI?

The story of DPI use in Netherlands by mobile operators is not over. No wonder why operators deploying DPI still want to stay anonymous.

What started as the intention of KPN to surcharge the use of certain data applications (here) using a DPI based system, and quickly turned the Netherlands to be the first European country adopting a Net Neutrality law (here), has taken a new angle.

OPTA, the local communications regulator, says that (I hope I am translating correctly)  "In Mid-2011 it was told that some mobile network providers employ techniques for deep analysis of data packets over their mobile network. These techniques, which are usually referred to as Deep Packet Inspection (DPI), could infringe on the privacy of users of these networks". 

"OPTA has decided to do a "quick scan" among the four largest mobile network operators: KPN, Vodafone, T-Mobile and Tele2  .. OPTA found no evidence that the investigated operators read their subscribers emails, photos or contributions to social networks .. However, OPTA found that the four operators are aware of more information than the information intended for handling of traffic. .. It is possible the confidentiality of communications is at stake"

See "Voorlopige bevindingen OPTA over gebruik Deep Packet Inspection" - here.

Friday, April 15, 2011

ISP Filtering/Blocking Systems Restricts the Right for Privacy

Back in 2007, Sabam (Société belge des auteurs compositeurs et éditeurs/ the Belgian artists' and authors' rights group), won a case against the Belgian ISP Scarlet ordering it to block users downloading copyrighted material.

The ISP appealed to the EU top court, and is now presenting an opinion by Pedro Cruz Villalón (picture), an advocate general of the European Court of Justice, saying that:

"The installation of the filtering and blocking system is a restriction on the right to respect for the privacy of communications and the right to protection of personal data, both of which are rights protected under the Charter of Fundamental Rights .. any system that met the Belgian Court's demands would be extensive and would block files that no court had said definitely infringed any copyright".

See the full opinion - here and The Register report - "Belgian ISP does not have to filter out copyright-infringing traffic" - here.