ISP Deep Packet Inspection Remains a Probable Option, Despite Controversies

A US firm was among ISPs operating in Argentina that recently received orders from the country's Department of Justice to put a stop to all local traffic visiting a particular gambling website operating without a license. An anonymous source, according to Ian Lamont of The Industry Standard, has said that Deep Packet Inspection (DPI) was floated as a possible option to accomplish this task although later not implemented due to high costs. Lamont reports: "The DPI approach would be troubling on a number of levels. First, any ISP using DPI is going beyond a government mandate to simply block traffic to a particular site. The ISPs would actually be peering inside their customers' Web traffic without their knowledge." Although DPI wasn't used in this particular case, "it will probably be considered in the future as a way to take offensive or illegal sites offline." more»

UK Government Wants to Log Every Call, Text and Email

Britain's local councils, health authorities and hundreds of other public bodies may soon have the ability to access details of all personal text, emails and internet usage under UK's Home Office proposals published yesterday. According to a report from the Guardian, "ministers want to make it mandatory for telephone and internet companies to keep details of all personal internet traffic for at least 12 months so it can be accessed for investigations into crime or other threats to public safety." The Home Office says keeping communications data is critical in order to fight against terrorism. more»

Hunting Unicorns: Myths and Realities of the Net Neutrality Debate

In many ways, the emotionally charged debate on Network Neutrality (NN) has been a lot like hunting Unicorns. While hunting the mythical horse could be filled with adrenalin, emotion, and likely be quite entertaining, the prize would ultimately prove to be elusive. As a myth, entertaining; but when myths become reality, then all bets are off. The Network Neutrality public and private debate has been filled with more emotion than rational discussion, and in its wake a number of myths have become accepted as reality. Unfortunately, public policy, consumer broadband services, and service provider business survival hang in the balance. more»

U.S. Lawmakers Demand Telcos and Internet Companies to Disclose Web Tracking Practices

U.S. lawmakers have broadened their investigation of Internet advertising, asking nation's largest telecommunications and Internet companies whether they target ads based on consumers' Web surfing habits. Companies receiving the letter include Google, Yahoo, Microsoft, AT&T, Verizon, Qwest and AOL among others. According to Joelle Tessler of the Associated Press, the "letters seek details on how many consumers have been tracked, whether those people have been notified and whether they were given the option to 'opt out' of it. The committee also wants to know how the collected information is used and how it is gathered -- for example, whether the companies aggregate data from different online applications." more»

Deep Packet Inspection: When the Man-In-The-Middle Wants Money

Say you're walking down the sidewalk having a talk with your best friend about all kinds of things. What if you found out later that the sidewalk you were using wasn't really a sidewalk -- but instead a kind of false-front giant copying machine, unobstrusively vacuuming up what you were saying and adding to its database of information about you? Or, say you send a letter to a client of yours (to the extent you still do this), and it turns out later that your letter was intercepted, steamed open, and the contents were read... more»

U.S. Senate Passes Telecom Immunity Bill to Shield Phone Companies

More than two and a half years after the disclosure of President’s Bush’s domestic eavesdropping program set off a furious national debate, the Senate has given final approval today to broadening the government’s spy powers and providing legal immunity for the phone companies that took part in the wiretapping program. Senator Barack Obama, the presumed Democratic nominee for president, voted for the plan amid supporters expressed concerns that he would backtrack on his opposition to telecom immunity. more»

Are Botnets Run by Spy Agencies?

A recent story today about discussions for an official defense Botnet in the USA prompted me to post a question I've been asking for the last year. Are some of the world's botnets secretly run by intelligence agencies, and if not, why not? Some estimates suggest that up to 1/3 of PCs are secretly part of a botnet. The main use of botnets is sending spam, but they are also used for DDOS extortion attacks and presumably other nasty things like identity theft. But consider this... more»

CIRA Creates Backdoor WHOIS Exceptions for Police and IP Owners

Earlier this year, I wrote glowingly about the new CIRA whois policy, which took effect today and which I described as striking the right balance between access and privacy. The policy was to have provided new privacy protection to individual registrants -- hundreds of thousands of Canadians -- by removing the public disclosure of their personal contact information... Apparently I spoke too soon. more»

Help! My Domain Name Has Been Hijacked!

They are out there. In Internet Cafes and dark rooms from New York to Hong Kong to Iran, the domain name hijackers are plotting to steal your domain names. Fortunately, there are some steps that you can take to protect yourself against losing your domain names. ...Registrars are often skeptical of claims of domain hijacking, and the hijackers often "launder" the domain names to look as if they have sold them to third parties... By the time you discover that your domain name has been stolen, it may be at its third or fourth different registrar in the name of a completely different party... more»

New CIRA Whois Policy Strikes Balance Between Privacy and Access

My weekly technology law column focuses this week on the new CIRA whois policy that is scheduled to take effect on June 10, 2008. The whois issue has attracted little public attention, yet it has been the subject of heated debate within the domain name community for many years. It revolves around the whois database, a publicly accessible, searchable list of domain name registrant information (as in "who is" the registrant of a particular domain name). more»

Canada's New Policy Will Privatize Whois Data for .ca Domains

Canadian Internet Registration Authority (CIRA) has posted its Change of Privacy Status... "As of June 10, 2008 the dot-ca (.ca) WHOIS will no longer release information about individual Registrants and their Adminstrative and Technical contacts, providing more thorough privacy protection for many of our Registrants." more»

Important New Jersey Supreme Court Decision in Internet Privacy

The New Jersey Supreme Court has issued an important decision on Internet users' right to privacy. The case involves a dispute about whether an ISP violated a user's privacy rights by turning over subscriber information (name, address, billing details) associated with a particular IP address. It ends up that the subpoena served on the ISP was invalid for a variety of reasons. As the user had a 'reasonable expectation of privacy' in her Internet activities and identifying information, and because the subpoena served on the ISP was invalid, the New Jersey court determined that the ISP should not have turned over the personal data... more»

The Anti-Phishing Consumer Protection Act of 2008

Last week Sen. Snowe filed bill S.2661, the Anti-Phishing Consumer Protection Act of 2008, or APCPA. While its goals are laudable, I have my doubts about some of the details. The first substantive section of the bill, Section 3, makes various phishy activities more illegal than they are now in its first two subsections. It makes it specifically illegal to solicit identifying information from a computer under false pretenses, and to use a domain name that is deceptively similar to someone else's brand or name on the web in e-mail or IM to mislead people... more»

ICA Posts Position Paper and Analysis of Snowe "Anti-Phishing" Legislation

The Internet Commerce Association (ICA) has posted a position paper and analysis of S. 2661, introduced on 2/25/08 in the US Senate. While we are firmly opposed to phishing and other criminal activities that may utilize domain names we are very concerned about the provisions of the proposal that appear to provide trademark owners with a means to avoid both UDRP and ACPA actions and alternatively bring private claims against domain names with a lower burden of proof and the potential for far higher monetary damages, without even requiring an allegation that the DN was in any way being utilized in a phishing scheme... more»

IP is Personal Says Head of the European Union

Germany's data protection commissioner, Peter Scharr, leads the EU group preparing a report on how well the privacy policies of Internet search engines operated by Google Inc., Yahoo Inc., Microsoft Corp. and others comply with EU privacy law. He told a European Parliament hearing on online data protection that when someone is identified by an IP address "then it has to be regarded as personal data." more»