Jennifer Lawrence Leak Interesting Case Study On Online Privacy

September 2, 2014 Leave a comment

Over the long weekend, stories have started to appear online that a hacker gained access to nude photos of actress Jennifer Lawrence taken from her iPhone and stored on Apple’s iCloud. The hacker was able to hack her account to gain access to get iCloud account.  This case is interesting on several levels.

In an age where private industry security has been intentionally weakened through public policy in the name of national security, unfortunately we are likely to see a lot more of these “leaks” as a result.  Canadian Privacy Lawyer David Fraser has an excellent post on the matter, along with steps internet users can take to do their part in ensuring that their data remains secure. In particular Fraser makes some very good recommends:

  • Try to learn the basics of how your device works, particularly about what is synchronised and backed up to online services; check your default settings;
  • Secure your device with a PIN or password (How to: Android and iOs);
  • Add encryption to your device, if possible (How to: Android);
  • Add remote management to kill your device if it is lost (How to: Android (I also like Cerberus Anti Theft) and iOs);
  • Use a strong password for all your accounts. The longer the better. (Read this XKCD comic. Read it, learn it, live it.)
  • Consider a password manager like LastPass to generate complicated passwords for your accounts and to keep them safe. But protect your password vault with the most complicated and longest password you can reliably remember.
  • Use two-factor authentication for your cloud accounts. While not particularly intuitive, two-factor authentication protects your account even if your password is compromised. This is critical. (How to: Google Accounts, DropBox, and most other places.) Any account to which you sync your personal images and video should be protected by two factor authentication.

I would call this defensive passwording. It’s important for users to also do their part in ensuring they have done all they can to protect their personal information, by using strong passwords to their accounts, and make their accounts less vulnerable to would be attackers.  Another valuable piece of advice; if you don’t want your personally information being potentially leaked, it’s best to minimize the exposure of your personal data online.  In other words, if you take nude photos of yourself with your iPhone, or mobile device there’s always a chance that those photo’s could be compromised due the lack of security as a result of public policy.  In other words, keep your nude selfies offline, and off your mobile devices.

Another situation that is arising from this leak, is the speed in which law enforcement got involved, and how social media companies are voluntarily removing these photos at lightening speed, and how this will affect public policy going forward on matters of privacy, cyber bullying, net neutrality, copyright, and free speech.  Something I will be keeping a close eye on as the situation unfolds, and how this these photo’s were obtained. 

Expendables 3 Leak and Fall Out Example of Industry Use Of P2P?

Over the past several weeks, I’ve been following the Expendables 3 leak with interest. The music industry has become masters at manipulating industry sales figures through their use of P2P. The shift in income as a result of P2P use (which more than makes up any lost sales) comes in the form of live events for the music industry.

The film industry is impacted in a similar way regarding pre-releases of films and the impact it has on theater attendance which is doing quite well overall. There has been a lot of discussion centered around the impact the Expendables 3 leak has had on the film performance, in fact I believe that it’s very possible the film was intentionally leaked by the producers of the film to generate interest at the box office while facing a release date that would see this film pitted up against 2 other films (The Teenage Mutant Ninja Turtles, and Guardians of the Galaxy) which have a solid cult following, more so than the Expendables franchise. In in fact this promotional and intentional release of Expendables 3 becomes quite obvious after one has a solid understanding on how the entertainment industries are using illegal file sharing to their advantage all while taking a heavy handed approach to torrent site operators, and internet users for using these promotional materials.

To fully understand how the entertainment industry is using “illegal” file sharing to its benefit, one has to look at the economics of the situation and several economic studies that have occurred over the years. I dove deep into the trenches of this research, because a few years ago I was trying to understand what was taking place on an economic front, and how to use P2P as an avenue to promote musical talent in the industry. I was seriously thinking about opening up my own record label at the time. I witnessed a lot of industry use of P2P over my time in the music industry that couldn’t be actively proved until now. Researchers are starting to catch on, and with each day that passes, there are more and more examples of heavy industry presence in the file sharing culture to promote their works. Even though a lot of what I’m about to reveal in this post has to do with the music industry, the media industry on whole has been affected by the same shift in the digital paradigm in very similar ways. I’m going to outline all of this in this post with quoted research.

Back around 2007, there was an Industry Canada study down by two researchers, one of which was Bridget Anderson that showed the potential positive effects on music sales regarding a P2P download. Anderson was attacked by industry on that research, and she took to her blog to defend herself. What became more interesting to me, was not the response Anderson had made, but a comment by a senior researcher at the United Nations Conference on Trade and Development Zeljka Kozul-Wright, back in 2007:

The recorded music industry is rapidly undergoing a process of Schumpeterian creative destruction (Kozul-Wright, Z. and Jenner, P., “Creative Destruction in the Music Industry and the Copyright”, forthcoming). It is facetious to believe in perfect substitutability between downloaded (authorized or unauthorized) musical content and record sales. There is little empirical basis for such an assumption (see Oberholzer-Gee and Strump, 2004). Music consumers are rapidly switching from purchasing records (CDs and other more traditional formats) to a variety of alternative digital formats, such as mobile music devices and other digital formats (such as single track downloads, album downloads, music video online downloads, streams, master recording ring tones, full track audio download to mobile, ringback tunes, music video downloads to mobile and subscription income.).


Indeed, overall earnings of the industry are on the increase, not on the decrease (PWC, 2007). The broader music sector, is now worth more than $US 130 billion globally. Its economic importance extends far further than the recorded music sector, ranging from radio advertising revenue, record company revenues, musical instrument sale, live music sector, music retail sectors, portable digital payers, to music publishing (IFPI, 2007). The so called “demise of the music industry” is highly contentious; indeed and completely disingenuous, for example, Price Waterhouse Cooper argues that the media industry, including music, is in a strongest position since 2000; and predicts a 7.3 per cent growth annually up to $ 1.8 trillion in 2009 (PWC, 2005).
PWCooper (PWC) estimates that the broad entertainment and information sector already accounts for over one trillion us dollars globally and is likely to rise to $ 1.8 trillion by 2009 (PWC, 2006). While sales of recorded music (physical retail) have been on a declining trend since 2002, the sales of digital content have been on a notable increase (by 60 per cent since 2006, IFPI, 2007).
To hold file sharing uniquely responsible for the decline in record sales i.e., largely unauthorized downloading, is basically erroneous and far too simplistic. Moreover, such an assertion indicates a lack of understanding of the dynamics of the current process of creative destruction and transformation to the digital paradigm in the “recorded” music industry. The word “recorded” itself denotes a kind of backward looking perspective, as it may no longer be the primary technological format for the rapidly converging music-ICTs-entertainment-telecommunications industry in the third millennium.
However, it may not be possible to fully “test” this hypothesis econometrically, as we are really comparing apples and oranges. There is no reason to assume that the downloaders would have necessarily bought the equivalent volumes of products in records, CDs or other physical music formats. This assumption can be highly misleading and steers the whole debate in the wrong direction. The implication of such reasoning would be to hinder or even halt the process of technical change and innovation in the music industry, which is not only unadvisable but impossible.
Our own research would support the arguments made in the Andersen and Frenz Study , 2007, that indeed there may be a significant positive relationship between file sharing and purchase or greater use of various other formats containing music content (although not necessarily record sales per se). According to IFPI, legal downloads have risen significantly over the last 5 years and IPR-related earnings have also been on a significant increase at this time (IFPI, 2007; HFA, 2007). While record sales have declined, that does not imply that the entire industry in the decline. Indeed, other segments have risen in volume and in earnings, more than offsetting the decline in record /CD sales (IFPI, 2007; PWC, 2006; Kozul-Wright and Jenner, forthcoming).
The more recent, healthy overall industry earnings indicate the opposite of Liebowitz’ assertion that …”file-sharing appears to have caused the entire decline in record sales and appears to have vitiated what otherwise would have been a growth in the industry” (Liebowitz, 2007). There is no empirical basis for such a facetious assertion. Additionally, there may be many other reasons for decline in record sales (the white elephant in the room), other than increase in file sharing (e.g., transformation to the digital technological paradigm, excessively high prices of CDs, i.e., excessive mark up, standardized quality, decline in purchasing power for luxury goods, lower degrees of choice and diversity, etc).

File sharing and downloading not only increases market exposure but significantly reduces marketing and advertising costs. File sharing, as the imminent dominant mode of music consumption, is proving to be more “efficient” than simply purchasing pre-recorded music. Owing to diffusion of technical change, it is far cheaper, as it reduces the costs of intermediation and allows consumers greater choice over listening patterns; facilitating the growth of demand-driven patterns of consumption thereby enabling greater consumer participation, and more interactive modes of consumption. Global consumers as well as new producers can benefit greatly from the new P2P file sharing technologies that should be facilitated and legalised, rather than hindered.
Improved new technologies cannot be suppressed simply because they threaten vested industry interests. That would be against the logic of the market and the well known dynamics of technical change and innovation, as analysed by Schumpeter over 40 years ago. It is precisely this feature of innovation-led creative destruction that characterizes capitalist markets; explain their resilience, dynamism and ultimate superiority over other forms of production and consumption.
Zeljka Kozul-Wright,
Geneva, November, 20, 2007.

About a year ago, I wrote a 3 part series on how the Electronic Dance Music sector has used piracy to its advantage throughout its history including in present day. Essentially these posts detail how the music industry uses pre-releases and pirated works to generate interest in the artist and try and bolster industry sales. I came to the conclusion that P2P is quickly becoming the test market for works, and labels are using P2P to generate interest in legal sales, and also generate interest in live events. A snippet of Part 2 of the series:

In 2012 a working paper was released by Robert G. Hammond of North Carolina State University on the impact of album pre-releases in file-sharing networks on physical and digital album sales. What they are essentially studying is industry’s test market, evolved from the white label days to the P2P file sharing networks, and it’s now industry wide. The report summarized:

The paper comes to the conclusion that album sales benefit from album leaks. “[A]n album that became available in file-sharing networks one month earlier would sell 60 additional units”. In addition the results also suggest that popular artists benefit more from file-sharing than newcomers and less establised artists.

That paper concluded (emphasis added):

Considering all model specifications, file sharing has a positive effect on physical and digital album sales. “[A]n album that leaked one month earlier will receive 59.6 additional sales” (p. 15). However, more established artists – with two previous albums, both of which sold at least 100,000 units – benefit more from file sharing than less established ones. The author speculates “(…) that artists with established fan bases are positively predisposed toward the [new] album” than younger and less established artists (p.19).

In respect of music genres the file sharing effect on more popular genres such as pop, country and hiphop/rap is larger on less popular or niche genres such as folk, metal, jazz. In addition, major labels benefit more from pre-releases on file sharing networks than major-distributed indie labels, which outperform pure independent labels. Among the major companies Sony Music Entertainment benefits most from file sharing, followed by Universal Music Group, EMI and Warner Music Group.


In 2013 a similar conclusion was reached by the researchers at the London School of Economics:

Entertainment industries are beginning to realize that the sharing of films and music online generates marketing benefits and sales boosts that often offset the losses in revenue from illegal sharing of content, the authors say.

The report points to the results of a consumer tracking study by the U.K. communications regulator Ofcom that found that file sharers in the U.K. spent more on content than those who only consumed legal content.

The growing use of streaming, cloud computing, so-called digital lockers that facilitate the sharing of content and sites that offer a mix of free and paid methods of getting content will, the study predicts, spur the entertainment industries to shift their focus from pursuing illegal downloading to creating more legal avenues for getting content online.

The LSE researchers urge countries like the U.K. and the U.S. to reform their copyright enforcement regimes, which they say are out of step with such developments and with online culture generally and do not necessarily even serve the interests of the creators they claim to be protecting.

“Insisting that people will only produce creative works when they can claim exclusive ownership rights ignores the spread of practices that depend on sharing and co-creation and easy access to creative works; this insistence privileges copyright owners over these creators,” the report says.

In 2014, the Electronic Dance Music sector released its annual numbers. This sector of the music industry now surpasses all other genres, and is the top money maker for the industry as a whole with a overall worth of $6.2 billion. The vast majority of this is coming from fan attendance at major live events. To go back to what Kozul-Wright had said in her comment:

Our own research would support the arguments made in the Andersen and Frenz Study , 2007, that indeed there may be a significant positive relationship between file sharing and purchase or greater use of various other formats containing music content (although not necessarily record sales per se). According to IFPI, legal downloads have risen significantly over the last 5 years and IPR-related earnings have also been on a significant increase at this time (IFPI, 2007; HFA, 2007). While record sales have declined, that does not imply that the entire industry in the decline. Indeed, other segments have risen in volume and in earnings, more than offsetting the decline in record /CD sales (IFPI, 2007; PWC, 2006; Kozul-Wright and Jenner, forthcoming).

There has been a dramatic shift in income as a result of the use of P2P. Recorded music is largely now being used by the industry as a promotional tool to get people out to events. The offset in digital sales lost, more than makes up in the amount of attendance at live events as a result. What the music industry has essentially found is that the selling of the music experience at live events is a much more profitable venture. The same goes for the film industry. For the film industry, there has been a steady incline year over year. To go back to the London School of Economics study:

“Despite the Motion Picture Association of America’s claim that online piracy is devastating the movie industry, Hollywood achieved record-breaking global box office revenues of $35 billion US in 2012, a six per cent increase over 2011,”

In 2013, box office attendance was again showing growth with attendance up 6% over 2012. The film industry numbers are showing an increase and substantial growth if you look at where the money has shifted, which is to the experience of watching a film in the theater. You can’t get that from a downloaded copy, or purchased DVD.
Now back to Expendables 3. Following the research that’s been conducted on the manner, leaked media has been known to bump up sales. The producers of Expendables 3 know this. They have a tremendous amounts of competition right now from the cult following of Teenage Mutant Ninja Turtles, and Guardians of the Galaxy, they get this mysterious “leaker” to release the film on P2P to generate promo for the film, all while this leaker played up the part on how bad he would be for leaking this film, which is a promotional technique I covered in Part 1 of my Business End of Piracy to generate interest in the release.

To make matters even more clear, one of the actors of Expendables 3, Kellan Lutz openly slipped the following on the leak (which I’m sure given time will be retracted if he wants another job):

“So for the people who downloaded it, I actually think they’re gonna wanna watch it in the theaters because it’s a good movie,”

From a promotional stand point, I can see the promotional team at Lionsgate go; “Okay, we have no chance at becoming number one at the box office due to the cult following of the films we are up against. We’ll release of the film on the torrent sites, hoping to generate interest in the release and see if our box numbers go up. If we don’t end up at number one than we can just blame the whole thing on piracy, get the films name out there in the press and recover profits we would have made if Teenage Mutant Ninja Turtles and the Guardians of the Galaxy. That’s how we’ll cover our losses.”

Not only is the research quite clear on how P2P is being used by the entertainment industry, it’s also quite clear on what offsets the lost sales. New wealth has been created as a result of file sharing, which more than offsets the amount lost in physical and digital copies. If all the torrent sites in the world were to shut down tomorrow, I would strongly suspect the entertainment industry would be at a significant net loss.

Now in Canada we are facing the prospect of a movie producer Voltage Studios on suing about 2000 people for downloading their content. If the film industry is using file sharing to bolster promotion for their films, along with copyright related lawsuits; is it fair, actually let me rephrase this, is it constitutional for movie studios to be suing active participants of a legal market place in which there is heavy industry presence? How can one determine what is a legal download, and what isn’t in this environment? Is the release of user data justified under public interest in this circumstance? Food for thought, and a lot more on this forthcoming.

Canadian Cyber Bullying Legislation a Threat to EU Data Privacy

A few months ago, I blogged about the possibility that the EU would be reviewing our privacy laws due to the NSA disclosures and Canada’s role in US surveillance. Since that date, there have been staggering disclosures regarding warrant-less access to subscribers’ information by the telecommunications companies in Canada, legislation drawn up that is a blatant attempt to expand warrant-less access, and a lawsuit launched this week on the constitutionality of the misuse of our current privacy laws by government and telecommunications companies.

Conveniently Canada for the most part has entered this debate under the radar of the EU Justice Commission most likely as a result of the EU being busy dealing with the US disclosures of its citizen’s data, and being in an election campaign for EU Parliament. Politically this would be the best time for the Canadian government to try and squeak surveillance legislation through under the noses of the EU Justice Commission. Judicial redress has been a big sticking point for US and EU trade negotiations, something the cyber bullying legislation seeks to dismiss for Canadian telecom and is most likely a result of heavy lobbying by the telecom industry to avoid accountability for essentially being accessories to constitutional crimes against the Canadian citizenry, and quite possibly breaking EU and international law.

The last review of our privacy laws by the EU was in 2006, in which found no evidence of abuse at the time. Abuse has certainly occurred over the years, and the EU Parliament in recent months have been steadfast on curtailing warrant-less disclosures that are being abused by the US Government and US law enforcement. I have a hard time believing that EU Parliament and the EU Commission would agree to such abuse that has been now disclosed. Simply put recent comments that were made in the media by Canadian government officials over the months regarding the adequacy of our laws with the EU are out of date, and sorely inaccurate considering recent disclosures of current warrant-less access by our telecom companies. From following the diplomatic stance the EU Justice Commission has taken in recent months with the US that the EU will have stark issues with what the Canadian Government and Canadian Law Enforcement have been up too.

This week I’ve tweeted out a few links to Paul Nemitz who is a director at the EU Justice Commission making him aware of the situation and public debate in Canada in hopes to put pressure on the government to abide by the constitutional rights of not just Canadians but ensure that going forward, any breaches of EU law are dealt with accordingly. Next week is when Vice President to the EU Commission Viviane Reding returns back from paid leave. Reding has been extremely outspoken regarding data privacy in recent months with the US, and I would find it hard to believe that if the information sent to Nemitz landed on her desk, that Reding wouldn’t pipe up either through diplomatic channels or publicly on the abuse and subsequent adequacy of our privacy laws.

Next week is when a large portion of our legal community in Canada will be also speaking out on the current lack of privacy on the cyber bullying bill C-13 in committee in which I’m expecting calls from the legal community to have government split the bill. Pass the cyber bullying portion of it, and separate the surveillance portion of it for further study. That maybe a wise move, in order to ensure that Canada’s economic trade isn’t put at risk with the EU under the leadership of Defense Minister Peter McKay and Prime Minister Harper.

Rogers Admits to Trottling Netflix?

Yesterday Netflix released it’s ISP speed index.  Essentially these are speed tests to Netflix services to determine the speeds in which ISP’s are connecting to the service, which have an impact on the quality of video delivered to Netflix customers.  Rogers reached the lowest on the speed index.  In response Rogers has released the following statement (emphasis added):

“Netflix’s test was done just before we virtually doubled Netflix capacity and we’ll continue to add more capacity as it’s needed. These results only apply to customers’ specific Netflix connection and not overall internet speeds.”

This statement strongly suggests that Netflix connections are being specifically targeted and slowed down by Rogers, using the same technology that’s been used in the past to slow down file sharing applications in which the company in the past has publicly stated they don’t use anymore.  If this proves to be the case, than Rogers had an obligation under CRTC regulations prior to this admission to disclose the use of traffic management on Netflix specific applications, and hasn’t.

The return of connection throttling has always been a concern of mine.  The misuse of traffic management by ISPs needs to be fully addressed at the CRTC with the regulator doing regular audits to ensure compliance with disclosure policies.

New Mind Bending Politics Blog

I would like to introduce to my readers my new political blog called: “Mind Bending Politics”.  When I was in school for journalism, I had one professor that everyone loved, that took me under his wing.  He was a great guy, and got me very much interested in current events and politics.  One of the things I remember my journalism prof said, is that politics is the “soap opera” of journalists. What came after that statement was one of ethics and responsibilities journalists hold within our democratic society to ensure accountability within government.  As a result of my education around journalism I watch maybe 3 Canadian political shows daily, and 4 news casts per night before I go to bed, and read a lot during the day thanks to my professor on getting me addicted to politics and current events.  I’ve been doing this since 1996.  I also used to cover local politics, and pretty much ran the newsroom in my college years.  I’m well informed as a result.

I’ve been politically active for a while now on twitter and on this blog regarding digital rights issues.  I’ve been a long standing advocate not just on digital rights issues, but on government policy, civil liberties and the need to bring more oversight and accountability in our bureaucracy, and within our elected officials and system of government as well. I’m hoping to move that forward as an independent political pundit with my new blog, and offer up commentary on issues I feel are important for Canadians to learn about to stay informed politically.

If you’ve enjoyed this blog, you will love my Mind Bending Politics blog.  I will be posting on that blog almost daily on issues and events.  I will still be posting on this blog regarding digital policy issues, but not as often as I have in the past.


Categories: cdnpoli, Commentary, Politics

Harper and CDN ISPs Set To Destroy International Credibility of The Canadian Tech Sector

Last week, information became available through access to information requests which threw the spotlight on exactly what Canadian telecommunications companies (one would suspect independent providers who apparently support the “pro-internet” community and have remained for the most part completely silent on this issue) are doing with respect to subscribers information and data requests by law enforcement.

Our telecommunications companies are handing over data of thousands of subscribers per year without a warrant to law enforcement. Apparently this is all “legal” due to an exemption in our privacy laws.  Michael Geist explains:

The absence of court oversight may surprise many Canadians, but the government actively supports the warrantless disclosure model. In 2007, it told the Privacy Commissioner of Canada that an exception found in the private sector privacy law to allow for warrantless disclosure was “designed to allow organizations to collaborate with law enforcement and national security agencies without a subpoena, warrant or court order.”

Last week, the EU and US submitted a joint statement after the EU threatened the US to veto trade agreements starting with immediate suspension of the EU safe harbor provisions to US companies.  The joint statement released last week, seems to suggest that court oversight on subscribers information is a big sticking point for US and EU trade relationship.  The statement stated that both the US and EU agree to stronger private sector judicial oversight:

We are committed to expedite negotiations of a meaningful and comprehensive data protection umbrella agreement for data exchanges in the field of police and judicial cooperation in criminal matters, including terrorism. We reaffirm our commitment in these negotiations to work to resolve the remaining issues, including judicial redress. By ensuring a high level of protection of personal data for citizens on both sides of the Atlantic, this agreement will facilitate transfers of data in this area.

Viviane Reding, European Commissioner for Justice, Fundamental Rights & Citizenship, has given the US until this summer to shape up, with very strong language suggesting that if this doesn’t happen, immediate suspension of safe harbour provisions will most likely go through, and veto’s on US trade deals will be possible by the new year as a new parliament sets to fully address this issue.  Reding gave her US counter parts a 13 point “to do list”.  Reding’s office has not been available to further explain exactly what that 13 point list details, however judicial oversight looks to be on that list from the joint statement.  From the sounds of it, the US seems to be committed to working with the EU on the issue of data privacy.

In light of all of the developments in the EU the United Stated Trade Representative  (USTR) has just piped up in regards to branches of Canadian government that have taken the approach of stopping data transfers to the US.

The strong growth of cross-border data flows resulting from widespread adoption of broadband-based services in Canada and the United States has refocused attention on the restrictive effects of privacy rules in two Canadian provinces, British Columbia, and Nova Scotia. These provinces mandate that personal information in the custody of a public body must be stored and accessed only in Canada unless one of a few limited exceptions applies. These laws prevent public bodies such as primary and secondary schools, universities, hospitals, government-owned utilities, and public agencies from using U.S. services when personal information could be accessed from or stored in the United States.

The Canadian federal government is consolidating information technology services across 63 email systems under a single platform. The request for proposals for this project includes a national security exemption which prohibits the contracted company from allowing data to go outside of Canada. This policy precludes some new technologies such as “cloud” computing providers from participating in the procurement process. The public sector represents approximately one-third of the Canadian economy, and is a major consumer of U.S. services. In today’s information-based economy, particularly where a broad range of services are moving to “cloud” based delivery where U.S. firms are market leaders; this law hinders U.S. exports of a wide array of products and services.

Rather than taking this as a diplomatic threat to Canada by the USTR, it’s representative on how weak the US tech sector has become economically on the issues of privacy protections, when the USTR is coming out with statements like this.

This should serve as an example of a potential downfall in the Canadian tech sector, should the Government continue with it’s approach towards lawful access legislation in the cyber bullying legislation, and not get in front of all of this, to strengthen our privacy laws.  I think it could be devastating to Canadian tech companies when eventually the EU comes knocking looking for change in our laws, and forcing that change, rather than implementing that change before it’s forced upon us, at a time when our democracy is currently under the microscope internationally due to the Government’s Election Reform Act.

While the two most powerful economic bodies are working on solutions to enhance data privacy protections for citizens, the Canadian government doesn’t seem to want to let go of the idea of warrentless wiretapping.  Even though it’s legal in Canada already, the point continues to be made clear with Harper’s cyber bullying bill, which reaffirms the stance of the Canadian government that it is extremely reluctant (even after all of the diplomatic dance between the EU and US on data privacy) to recognize that this provision can and most likely will cost Canadian jobs if they don’t change it.

The Price For Internet Providers To Look The Other Way On Privacy

Do Internet providers profit from disclosure of subscribers information?  It shouldn’t cost very much to get a low wage data admin to search a database full of IP addresses and correlate those assigned IP addresses to a subscriber.  Being a qualified database admin myself, setting up such a system would be relatively easy, and extremely cost effective.  Most ISP’s should already have a system like this in place to ensure the normal day to day operations, so essentially all that would be needed would be to have someone search a database of the IP addresses to find assigned subscribers.  Let’s take Teksavvy for instance.

2000 IP addresses were searched through this database to find the matching subscribers.  Manually inputting the IP addresses shouldn’t take more than a few hours, however getting a digital list of IP addresses, and running an SQL script to automatically search the database should take no more than 15 minutes for the development of the script (assuming you’re not using MS SQL and manually inputting the script and running test searches).  It should only take a few seconds once the script is run to query the database and come up with subscribers tied to those IP addresses.

I’ll be conservative here with the numbers.  This can easily be done with 2000 records manually within one 8 hour working day.  At $20/hour x 8 hours = $160. This cost gets even lower when the database system gets automated.  An estimated initial cost of maybe $500 would be required to automate this type of database search, secure the database, and send e-mails out automatically.  After that, it should take maybe less then 10 minutes from receiving IPs in digital form to send notices out to customers.  I’ve actually developed this type of database system for a small business client over a decade ago to handle his account receivables on payment due and automatically notify his clients through e-mails and texts of past due accounts (by using businesses records not IP addresses).  This can be easily adapted to the copyright notice to notice regime, in fact most businesses, let alone telecommunication companies are already using this type of system.

What exactly are the legitimate expenses incurred by an ISP when having to search through their databases to identify subscribers?  This question should be kept in minds of Canadians when looking at the current situation within copyright law, and mass surveillance.  Torrentfreak did an excellent article today regarding getting a system like this in place for copyright in Canada, which will allow for copyright trolling, as long as the internet providers are paid a good profit out of the deal:

“The notice-and-notice law permits the government to set a fee for sending a notice that an ISP can charge. At the moment, it does not look like the government will establish a fee, preferring to wait to see how the system develops. Were this [business model] to come to Canada, the government might face increased pressure from ISPs to allow them to charge for their participation in the process,” Geist concludes.

Things get even scarier when looking at Telus’s response to the Teksavvy vs Voltage decision, comparing this with the prospect of future lawful access legislation:

“We respect our customers’ privacy and would not voluntarily provide such information,” said Telus spokesman Shawn Hall.  ”That said, we fully support law enforcement’s need to access information to conduct investigations, and would comply with proper court-ordered warrants or any changes in privacy legislation.”

In my opinion, upping the costs associated with identifying subscribers will not deter abuse of privacy rights of Canadians, in fact what we’ve learned with the NSA disclosures, is that technology companies seem to be looking the other way regarding net citizens privacy. At least in Canada it comes with a cost, however what would be way more effective, would be to strengthen our privacy legislation to deter abuse, and profitability of that abuse of subscribers rights and allow for more targeted investigations by law enforcement.

Profiting from the abuse of the legal system, and abuse of users rights should be the last thing on the minds of our telecommunications providers. As Edward Snowden suggested yesterday in his presentation, it erodes trust within our digital communications network, and makes us less secure when those who would profit on such activities, are thinking more about their bottom line than actively participating in the democratic values of the society they serve.  In order to build that trust back, those telecommunications and technology providers have to step up to the plate.  Many already have from Microsoft to Yahoo, however Canadians need to be comfortable this is not going to happen within our telecommunications companies considering their position within copyright laws, let alone positions they have taken regarding government surveillance.

The equilibrium will be established through emerging technology currently in development.  Technology innovation cycles are around 18 months, and we are now in the 10th month of the NSA disclosures.  This means that tools being developed to secure communications due to the failure of the communications industry to date, will be soon available with ease of use to the regular net citizen.  These tools will essentially force an end to mass surveillance used by governments and the copyright lobby.  Not even you’re ISP will know what you are doing.  The only way to route around that would be through installed spyware or malware, making it extremely hard to mass surveil anyone, and force law enforcement and government towards targeted investigations.

As a technology developer myself, I cannot wrap my head around technology companies not thinking about securing their customers information from abuse, let alone making a profit from such abuse.  That to me is a breach of the fundamental trust of the principles most developers and service providers are taught. It’s made us less secure,  and a huge uphill battle to regain that trust, when profitability and the bottom line comes first above everything else.


Get every new post delivered to your Inbox.

Join 2,138 other followers