The office of the privacy commissioner has released a series of essays on deep packet inspection (“DPI”) that strike me, at first blush, as lacking balance. There are 14 essays – only one from an author in the private sector.
You should read the papers to form your own opinion on the papers.
Accuracy in some of the statements of facts is suspect. Despite the academic credentials of many of the authors, it is clear that the rigour of peer review has not been applied.
Take for example, this paragraph from the essay by Ralf Bendraft, of the Faculty of Technology, Policy and Management at the Delft University of Technology in the Netherlands. He says that
Some use-cases of DPI already seem to be disappearing. They do so for different reasons:
…
Regulatory: ISPs Comcast in the US and Rogers in Canada have undergone scrutiny by regulatory and privacy authorities because they throttled some of their users’ traffic based on what seemed appropriate and what not.
It was Bell that underwent scrutiny in Canada, not Rogers. Further, one might assume based on the context that Canadian regulators halted throttling based on DPI, which was not the case.
As I observed at that time:
The Commission looked at 5 points:
- Was Bell’s traffic shaping in violation of their tariffs?
- Was Bell’s traffic shaping in violation of non-discrimination provisions of the Act?
- Did Bell’s action control the content or influence the meaning or purpose of the telecommunications?
- Was Bell’s traffic shaping in violation of CRTC privacy rules?
- Did Bell act in violation of the “notice of network change” rules?
“No” was the answer on all counts.
I also wrote last November that it is inappropriate to lump the Comcast case in with traffic management.
While some ill-informed observers try to draw a parallel to a different outcome with the FCC and Comcast, they conveniently neglect to say that Comcast was blocking applications, with no evidence of their actions being tied to managing their network.
Although the office of the privacy commissioner referred to the plan to post these essays in her evidence [ pdf, 541KB] [html] submitted to the CRTC under its network management proceeding (PN 2008-19), the DPI website is not part of the public record for that proceeding.
Mark,
At first blush, I was struck with the same impression. The articles are unapologetically critical of DPI.
With that said, however, I feel it would be remiss to criticize the Commissioner’s undertaking without applauding the government’s transparency.
The job of Privacy Commissioner is, in part, to raise awareness about situations where an act by an individual or business would have non-obvious, but serious, privacy implications.
These issues are particularly thorny in the area of DPI specifically because there are prima facie incentives for networks to generate income through selling information for advertising or product development purposes.
Whether or not those incentives will ever materialize is certainly a point for debate. A point which you have correctly suggested that dpi.priv.gc.ca might not be giving a fair shake.
But these misgivings should not belie the favourable effect dpi.priv.gc.ca will have on the level of debate about such an important topic.
Robert Hester
The only lack of balance is found directly in your blog.
Hate to say it.
Take it as a wake up call.