Big brother technology: What’s all the fuss about?

 There is no amount of hype that can overstate the explosive growth of the Internet and its impact on everyday life over the last 10 to 15 years. E-mail, chat, webcams, e-commerce, online banking, broadband streaming and international phone calls using the Internet are commonplace.
   Facebook, YouTube, MySpace, Twitter and SecondLife are just a few of the online communities which have transformed how humans connect with each other.
   Part of the fascination of the Internet is its Star Trek magic. There is a sense that no matter how much you explore space and the far reaches of the galaxy, there are more worlds to discover for mankind. Like the popular TV show, the Internet journey may be fraught with mishaps and villains, but there is always the promise of more to discover.
   So with most people accustomed to the freewheeling Internet environment, the average user may not have appreciated the ramifications of a notice that their Internet service provider would be upgrading their servers with an emerging technology called deep packet inspection.
   But when the Information and Communication Technology Authority became aware that a certain unnamed Internet service provider was working on putting this technology in place, the government regulator stepped in.
   While there are business reasons for implementing deep packet inspection technology, it has also become the centre of controversy says ICTA regulator David Archbold.
   “This technology has been very contentious in other jurisdictions,” says Archbold. “It has raised legal and privacy issues in Canada, US and throughout Europe. It is a very complex issue.”
   It was so controversial in the UK that British Telecom cancelled its plans to use this technology under pressure from advocate groups protesting that it violated EU privacy regulations, says Archbold.
   That is why the regulator has called for all Internet service providers and the private sector to weigh in on the technology in a public consultation, explains Archbold.
   The Observer on Sunday looked at the issues surrounding this technology to find what all the fuss was about.
   Political controversy
   During the recent political turmoil in Iran over the presidential election results, the government reportedly used this technology to monitor blogs and identify the location of online protestors and arrest them. China also uses this technology to monitor and censor network traffic and block websites, which have content it considers harmful to citizens.
   During the Beijing Olympics, China lifted its block on the BBC Chinese language news site, but continued to block other news sites that may have contained news content on the Tibetan Dalai Lama, Taiwanese independence or the Tiananmen Square massacre in 2009. Even the local Cayman Net News website was blocked during the Beijing Olympics.
   How it works
   Whether it is a web page, photo, email or internet phone, all unencrypted data sent over the Internet is split up into one or more packets of information. These packets are then passed through an inspection point on the service provider and reconstructed.
   Essentially, these information packets contain all the information that the user sends and receives including the content of the data or files being transferred, email, bit torrent or peer-to-peer, video streaming, downloading music, chat, FTP and Internet phone service such as Skype.
   It can also identify the browser and operating system as well as the IP address of both the sending and receiving computer.
   The data packets can then be blocked, re-routed, manipulated, collected or allowed to pass through depending on the Internet service provider’s procedures.
   Surveillance and enforcement
   A big driver behind this emerging technology is US national security gathering intelligence on suspected terrorists and other security threats according to Butterfield Chief Technology Officer Jim Knapp.
   This technology for law enforcement is wide ranging including money laundering and Internet fraud, he added.
   Beyond security, this technology can also be used to identify and block users downloading copyrighted movies, music and software applications, which were not paid for. It may also be used to identify and block illegal content such as child pornography, Internet gambling or other unlawful websites.
   Higher security
   There are numerous arguments for implementing this technology, explains Deloitte enterprise risk partner Jeremy smith.
   It is part of a toolkit that helps protect Internet servers from viruses and unauthorized access by hackers he added.
   “The threat to data security is constantly evolving,” says Smith. “We encourage our clients to maintain their vigilance by assessing their risks on a regular basis and then using that information, update their controls to prevent and detect security related risks accordingly.”
   Managing traffic vs. Net Neutrality
   Like the airline industry, most Internet service providers oversell their network capacity knowing that not all users will be using it at the same time, says Archbold.
   And like the airlines, occasionally the service provider will run out of capacity when there are too many users online.
   For example, when there are too many people using streaming, peer-to-peer or Internet phone, which are used to share files, stream video from YouTube or make an overseas phone call. Both peer-to-peer and Internet phone can use a significant amount of Internet bandwidth. So if there are too many people consuming too much bandwidth for streaming video or Internet phone then the whole network slows down, explains Archbold.   
   This technology enables the service provider to manage the bandwidth flow among users to prevent network congestion. So in the situation of too many customers downloading videos or using Skype for overseas calls, the service provider can put those users on the “slow lane” and keeping others that don’t use much network bandwidth such as email on the fast lane, explains Archbold.
   But if the Internet service provider sells its own brand of Internet phone service, there is the potential that the service provider could use this technology to bump competitors such as Skype to the slow lane while keeping the branded phone service on the fast lane, says Archbold.
   Putting people on slow or fast lanes has raised the debate on Net Neutrality across jurisdictions says Archbold.
   Advocates for Net Neutrality argue that customers purchase a certain amount of bandwidth “pipe” from service providers. Regardless of the application being used like Skype or video streaming, the flow of the bandwidth pipe should not be tinkered with.
   Targeted advertising
   Because of this technology’s ability to collect so much user data such as the websites, applications and even the browser and computer operating system, it can also be used to build profiles on users for targeted advertising.  Numerous firms in the US track customers this way. This capability has raised more concerns about privacy and the potential for abuse among advocates, says Archbold.
   Disappearing privacy
   Do users want Internet service providers to be able to track how much time they spend in the SecondLife virtual community as Supreme Cleopatra II? Or identify the creator of Cayblogger, a controversial blog site? Or document users who have downloaded all the episodes of the politically incorrect British comedy show Benny Hill or the American show Bewitched?
   Human rights advocate Gordon Barlow says this type of technology opens the door far too much for abuse, namely the right to privacy and freedom of speech.
   “It is nobody’s business what websites I look at or post comments on even if the website is controversial,” says Barlow. “Human rights are worth protecting even if it means that you miss some crooks, child pornography, or libellous slander that goes on some of these websites.”
   The exception would be imminent danger to a violent crime being committed added Barlow.
   But even without implementing this technology, there is no real privacy on the Internet says Knapp. For example, most commercial websites use “cookie” technology to track what web pages the user visits, information search requests and online purchases. The average user can easily tell whether cookies is turned on: Start typing a frequented website and the browser automatically pops up a list of names as it is being typed. Most browsers such as Internet Explorer and Firefox, the user can opt to turn cookies off, but most do not, says Knapp.
   “It doesn’t matter whether your internet service provider puts in deep packet inspection,” says Knapp. “If at any point, you have been mainstream anywhere, much of your information is already out there and known.”
   Even encrypted credit card information can be obtained by a skilled hacker. Miami computer hacker, Albert Gonzalez, along with two Russian accomplices were recently indicted for stealing data on 130 million credit and debit cards from companies noted Knapp. Even though he had been caught before and had worked as a Secret Service informant, Gonzales was able to continue to commit these crimes.  
   Which Internet service provider?
   The Observer on Sunday asked the four primary Internet service providers where they stood on deep packet inspection.
   Both WestTel and TeleCayman stated they were not considering putting in deep packet inspection technology. Digicel declined to comment on where it stood, stating that it would be submitting responses to the regulator before making their position public.
   In a written response, LIME acknowledged that it had been researching its benefits, but was adamant that it had not implemented it.
   “The fact is that in many instances, a very small number of customers use an excessive amount of the network bandwidth at peak times, to the extent that they could impair the quality of service that others receive.
   “LIME is also well aware of the privacy concerns around the potential use of DPI technology, but we would like to take this opportunity to assure all of our valued customers that our interests, and any use we might make of the technology, are limited to the operator and user benefits as we seek to drive technological efficiencies and an overall improvement in customer experience.
   “In the mean time, the consultation paper that the ICTA has put up for public discussion will have the effect of creating and shaping the relevant policy, and when this is published, LIME will conform,” added the statement.
   Emerging legal questions
   It is important to discuss the far-reaching impact and widespread use of the deep packet inspection technology says industry expert and Deloitte COO Alee Fa’amoe.
   “Technology moves quickly and often forces society to examine its impact on social, cultural and legal issues,” says Fa’amoe. “Open, honest dialog is an effective way to explore those issues.”
   Despite legal and privacy concerns, this technology is gaining momentum as a tool for law enforcement as well as securing servers from hackers and viruses. There is a growing trend to identify consumer pirates for copyright violation according to Deloitte analysis.
   Pirate Bay operators in Sweden were hailed as urban legends in the Internet world for creating a file sharing server that allowed users to download videos files in Vanity Fair in 2007. But two years later under US pressure, Sweden prosecuted and sentenced the Pirate Bay operators to a year in prison with a $4.5 million fine for breaking copyright laws.  
   In the Wall Street Journal, industry expert David Vorhaus of Yankee Group said the technology’s public image may have caused so much controversy that it is difficult to market, but there is still enormous demand for this application.
   “Deep packet inspection is going to disappear as a stand-alone thing and get folded into other types of technology,” said Vorhaus in the WSJ.
   With all these factors in mind, the telecommunications regulator is waiting on the consultation responses with all the Internet service providers as well as the private sector. The deadline for Internet service providers is 28 August and 28 September for the private sector.
   That information will be used as a basis to determine whether or not and what circumstances deep packet inspection and similar technologies can be used, says Archbold. Part of the dilemma is that deep packet inspection technology was not on the horizon when the ICTA law came into effect in 2002, says Archbold.
   “One of the questions we are asking is: Does the law still work for this new technology or doesn’t it? And how is it going to be used? Are the laws sufficient to deal with this technology? These are the open questions at the moment,” says Archbold.
   It goes back to the gun analogy, added Archbold.
   “It is not the gun that is the problem; it is how the gun will be used,” says Archbold.