The Office of the Privacy Commissioner of Canada has released its long-awaited finding in the complaint against Facebook on a variety of privacy grounds. The complaint was launched by CIPPIC in May 2008 (note that I am an advisor to CIPPIC but had no involvement in this complaint). The case marks an important step in assessing how Canadian privacy law addresses social media with the Commissioner identifying some significant concerns. Moreover, as the case potentially heads to court, it will be closely watched to see whether the findings can be enforced against a global social media power like Facebook. more
It must be tricky to be an advocate of transparency when your job involves selling serious encryption tools to government departments, large and small companies, hospitals and people who are concerned about having their bank account details hijacked from a home PC. After all, the point about good encryption software and the systems that surround it is that they provide a way to keep your secrets secret, while open government and the effective regulation of financial services would seem to require the widest possible dissemination of all sorts of operational data... more
Over on the Network Neutrality Squad yesterday, I noted, without comment, the following quote from the new Time Warner Cable privacy policy bill insert: "Operator's system, in delivering and routing the ISP Services, and the systems of Operator's Affiliated ISPs, may automatically log information concerning Internet addresses you contact, and the duration of your visits to such addresses." Today I will comment, and explain why such logging by ISPs creates a clear case for regulatory intervention, on both privacy and competition grounds. more
ICANN is currently going through a complicated process in order to introduce more Top-Level Domains (TLDs). While the launch of new TLDs is something that a lot of people will welcome it is not without its issues. One of the areas that has been receiving quite a bit of attention is in relation to intellectual property rights. So what has this got to do with privacy? more
This case involves an alleged domain name theft. Solid Host is a web host and initial owner of the domain name solidhost.com, which it registered through eNom in 2004. Solid Host claims that in 2008, a security breach at eNom allowed an unknown interloper (Doe) to steal the domain name and move the registration to NameCheap. Doe also acquired NameCheap's "WhoisGuard" service, a domain name proxy service that masked Doe's contact information in the Whois database. Solid Host contacted Doe and sought the domain name; Doe asked for $12,000, and Solid Host took a pass... more
The Intellectual Property Constituency's draft report on trademark issues is now available for comment. The draft report was put together behind closed doors, which would appear to go against the normal policy development process at ICANN, which is quite worrying. Its contents, however, are even more disturbing... more
With the Online Trust Alliance Town Hall Meeting and Email Authentication Roundtable next week as well as the RSA Conference, I decided to pause and think about where we are and where we might be headed with regard to email authentication. Over the years, many of us have collectively worked to provide a framework for authenticating email... more
A lot of pixels have been spilled lately over an Internet records retention bill recently introduced in both the House and the Senate. The goal is to fight child pornography. That's a worthwhile goal; however, I think these bills will do little to further it. Worse yet, I think that at least two of the provisions of the bill are likely to have bad side effects... more
As founder and CTO of Ellacoya Networks, a pioneer in Deep Packet Inspection (DPI), and now having spent the last year at Arbor Networks, a pioneer in network-based security, I have witnessed first hand the evolution of DPI. It has evolved from a niche traffic management technology to an integrated service delivery platform. Once relegated to the dark corners of the central office, DPI has become the network element that enables subscriber opt-in for new services, transparency of traffic usage and quotas, fairness during peak busy hours and protection from denial of service attacks, all the while protecting and maintaining the privacy of broadband users. Yet, DPI still gets a bad rap... more
I received an e-mail from Google Adsense about its new interest-based advertising feature. The latest feature of Google AdSense allows Google to track the behavior of users who click on ads on their AdSense network. It also allows Google users to ‘select’ their interests—this way they would view advertisements based on their category of interest…
more