DPI doesn’t invade privacy

While CIPPIC is deservedly collecting praise for its successful challenge of Facebook’s privacy practices, it recently lost a challenge related to deep packet inspection (DPI).

CIPPIC had argued that: (1) Bell uses DPI to collect and use personal information without customers’ consent; (2) Bell collects more personal information than is necessary to ensure network integrity and service quality; and, (3) Bell does not adequately inform its customers of its practices.

In a letter to CIPPIC and Bell, the Privacy Commission concluded that only the third complaint was “well-founded”:

Accordingly, the complaint is not well-founded with regard to the two matters of consent and limiting collection, but well-founded with regard to the matters of openness.

In respect of increasing transparency, the changes sought appear relatively minor:

  • Agreeing with Bell’s idea to add a FAQ on the Bell Privacy web pages
  • Adding a statement to Bell’s existing FAQ on network management to state that the customer’s IP address is collected
  • Adding a heading (along the lines of “Customer Service Information”) to Bell’s internet service agreements

The Privacy Commission made some important statements in its 18 page Report of Findings.

For example, the Privacy Commission found:

  • Peer-to-Peer (P2P) applications are large users of bandwidth. Applications that are often used for music and movie file sharing between computers can consume a great deal of capacity and “slow down” other internet traffic;
  • The investigation confirmed that the use of P2P does increase network traffic and that the widespread phenomenon of congestion is largely caused by user downloads or file sharing using P2P;
  • DPI and other traffic management tools are among several means by which ISPs can optimize traffic flow.

To what extent will these findings be consistent with the CRTC’s review of network management practices? Is this a foreshadowing?


Update [August 28, 1:10 pm]
Here is a link to the OPC finding [ pdf, 2.19MB]

6 thoughts on “DPI doesn’t invade privacy”

  1. Mark,

    Why have you not linked to the actual letter? How can we verify your summary is accurate?

    Second, as the complaint is about privacy the conclusions on DPI are only relevant insofar as they relate to privacy concerns.

    It seems a bit deceitful to represent these DPI conclusions as if they can stand alone, apart from any relationship to privacy. We know the mandate of the Privacy Commissioner, and of the CRTC. Would you also quote comments on Deep Packet Inspection from the Minister Citizenship, Immigration and Multiculturalism?

    No honest debater likes arguments from authority (http://en.wikipedia.org/wiki/Argument_from_authority).

  2. Careful, Rob – you are close to crossing a line in the tone on your comments. Hint – your freedom of expression on my website will not extend to calling me deceitful or dishonest.

    If you actually read the wikipedia reference you cited, you will note: "arguments from authority are an important part of informal logic. Since we cannot have expert knowledge of many subjects, we often rely on the judgments of those who do." But, you gotta love the irony of catching you on your own 'argument from authority' 🙂

    As to linking to the letter, I'll see what I can do to post it. I think that CIPPIC and OPC should be the groups to publicize the finding.

  3. Mark,

    I hold a honors philosophy degree. I used the phrase with reason and I'm afraid you've missed the point.

    As the link points out, arguments from authority vary from sometimes necessary to purely illogical. That was the precise point I sought to convey in my example of the Minister of Immigration. While authoritative (as holding a role in government), his authority cannot be linked to an expertise about deep packet inspection. On the other hand, if you rested your argument on the comments from a telecom industry expert, on the issue of DPI, you'd be making a reasonable use of that person's authority. And *that* is what the wikipedia link (that you've kindly quoted) was getting at.

    In the best case, no one would ever use arguments from authority. They would rely on the facts alone, instead of the people who utter them. Sometimes it's not possible, but here — with the OPC — we have a case where the link is tenuous between the OPC's expertise, and its findings on DPI.

    And this is also why when you eventually write a post about the CRTC concluding from its investigation that network management is necessary, the appeal to authority will be more legitimate.

    As a final note, I'm a bit taken aback by the threat to not approve my comments. I'm one of the few who leaves comments on your blog. I've promoted your site to others, I've even cited your comments (with authority 😉 ) in a paper written to the CRTC. And in the past I've left some very critical comments, which, you seemed to have taken in stride.

    To be clear, I don't intend my comments to offend. But where I feel the approach you take to summarizing is indeed a bit dishonest I don't see a problem in voicing my opinion. This was one of those cases. To my mind the comments I've made are of a different category than petty attacks made by name calling.

  4. Mark,

    all you have done here is quote very small tidbits of information that was presented in the submissions to the CRTC and during the hearing.

    what was found by the CRTC and what the actual facts are that were presented, are two different parts in this.

    so labeling your article by "DPI doesn't invade privacy" I will simply take as your own suggestion and not actual fact.

    thanks so much.

  5. DJ –

    Sorry, but I don't follow what you are trying to say.

    I provided a link to the whole finding from the Office of the Privacy Commissioner. This was an OPC finding; not CRTC.

  6. In any case, these findings were simply that.

    no proof or facts concluded these findings, which was a major upset in all of the proceedings and submissions.

    So again I would only suggest changing the title to something more suitable or adding something like " OPC think DPI doesn't invade privacy"

    DPI is already known and has been admitted twice now by Bell that even though it is capable of invading privacy they will never use it for such.

    now that sure sounds like it invades privacy.

    Thanks for this.

Comments are closed.

Scroll to Top