Home > cdnpoli, CDNTech, Copyright, CSEC, Digital Policy, NSA, Privacy, Snowden, Teksavvy, Telecommunications, Telus > The Price For Internet Providers To Look The Other Way On Privacy

The Price For Internet Providers To Look The Other Way On Privacy

Do Internet providers profit from disclosure of subscribers information?  It shouldn’t cost very much to get a low wage data admin to search a database full of IP addresses and correlate those assigned IP addresses to a subscriber.  Being a qualified database admin myself, setting up such a system would be relatively easy, and extremely cost effective.  Most ISP’s should already have a system like this in place to ensure the normal day to day operations, so essentially all that would be needed would be to have someone search a database of the IP addresses to find assigned subscribers.  Let’s take Teksavvy for instance.

2000 IP addresses were searched through this database to find the matching subscribers.  Manually inputting the IP addresses shouldn’t take more than a few hours, however getting a digital list of IP addresses, and running an SQL script to automatically search the database should take no more than 15 minutes for the development of the script (assuming you’re not using MS SQL and manually inputting the script and running test searches).  It should only take a few seconds once the script is run to query the database and come up with subscribers tied to those IP addresses.

I’ll be conservative here with the numbers.  This can easily be done with 2000 records manually within one 8 hour working day.  At $20/hour x 8 hours = $160. This cost gets even lower when the database system gets automated.  An estimated initial cost of maybe $500 would be required to automate this type of database search, secure the database, and send e-mails out automatically.  After that, it should take maybe less then 10 minutes from receiving IPs in digital form to send notices out to customers.  I’ve actually developed this type of database system for a small business client over a decade ago to handle his account receivables on payment due and automatically notify his clients through e-mails and texts of past due accounts (by using businesses records not IP addresses).  This can be easily adapted to the copyright notice to notice regime, in fact most businesses, let alone telecommunication companies are already using this type of system.

What exactly are the legitimate expenses incurred by an ISP when having to search through their databases to identify subscribers?  This question should be kept in minds of Canadians when looking at the current situation within copyright law, and mass surveillance.  Torrentfreak did an excellent article today regarding getting a system like this in place for copyright in Canada, which will allow for copyright trolling, as long as the internet providers are paid a good profit out of the deal:

“The notice-and-notice law permits the government to set a fee for sending a notice that an ISP can charge. At the moment, it does not look like the government will establish a fee, preferring to wait to see how the system develops. Were this [business model] to come to Canada, the government might face increased pressure from ISPs to allow them to charge for their participation in the process,” Geist concludes.

Things get even scarier when looking at Telus’s response to the Teksavvy vs Voltage decision, comparing this with the prospect of future lawful access legislation:

“We respect our customers’ privacy and would not voluntarily provide such information,” said Telus spokesman Shawn Hall.  ”That said, we fully support law enforcement’s need to access information to conduct investigations, and would comply with proper court-ordered warrants or any changes in privacy legislation.”

In my opinion, upping the costs associated with identifying subscribers will not deter abuse of privacy rights of Canadians, in fact what we’ve learned with the NSA disclosures, is that technology companies seem to be looking the other way regarding net citizens privacy. At least in Canada it comes with a cost, however what would be way more effective, would be to strengthen our privacy legislation to deter abuse, and profitability of that abuse of subscribers rights and allow for more targeted investigations by law enforcement.

Profiting from the abuse of the legal system, and abuse of users rights should be the last thing on the minds of our telecommunications providers. As Edward Snowden suggested yesterday in his presentation, it erodes trust within our digital communications network, and makes us less secure when those who would profit on such activities, are thinking more about their bottom line than actively participating in the democratic values of the society they serve.  In order to build that trust back, those telecommunications and technology providers have to step up to the plate.  Many already have from Microsoft to Yahoo, however Canadians need to be comfortable this is not going to happen within our telecommunications companies considering their position within copyright laws, let alone positions they have taken regarding government surveillance.

The equilibrium will be established through emerging technology currently in development.  Technology innovation cycles are around 18 months, and we are now in the 10th month of the NSA disclosures.  This means that tools being developed to secure communications due to the failure of the communications industry to date, will be soon available with ease of use to the regular net citizen.  These tools will essentially force an end to mass surveillance used by governments and the copyright lobby.  Not even you’re ISP will know what you are doing.  The only way to route around that would be through installed spyware or malware, making it extremely hard to mass surveil anyone, and force law enforcement and government towards targeted investigations.

As a technology developer myself, I cannot wrap my head around technology companies not thinking about securing their customers information from abuse, let alone making a profit from such abuse.  That to me is a breach of the fundamental trust of the principles most developers and service providers are taught. It’s made us less secure,  and a huge uphill battle to regain that trust, when profitability and the bottom line comes first above everything else.

Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: