Tuesday, May 13, 2008

Bell accused of privacy invasion

From CBC news (thanks to Michael Geist for the pointer):
"The Canadian Internet Policy and Public Interest Clinic, a University of Ottawa legal clinic specializing in internet- and other technology-related law, has joined the assault on Bell Canada Inc. and its traffic-shaping practices, urging an investigation by the country's privacy commissioner.

The group says Bell has failed to obtain the consent of its retail and wholesale internet customers in applying its deep-packet inspection technology, which tells the company what subscribers are using their connections for. Bell is using DPI to find and limit the use of peer-to-peer applications such as BitTorrent, which it says are congesting its network.

The CIPPIC, which is made up mainly of lawyers and law students from the University of Ottawa, says Bell has not only failed to show that its network is congested and that its actions are necessary, but it has also run afoul of the Personal Information Protection and Electronic Documents Act (PIPEDA) in doing so.

"Practices [such as] those involving the collection and use of personal information are not necessary to ensure network integrity and quality of service," wrote CIPPIC director Philippa Lawson in a letter to the commissioner dated May 9."

The CIPPIC's news release and a copy of their letter to Canadian Privacy Commissioner Jennifer Stoddart, are available on their website.
"Large ISPs including Bell Canada and Rogers Communications Inc. may be monitoring internet
subscribers’ online activities contrary to Canada’s privacy legislation, and the Canadian Internet
Policy and Public Interest Clinic has asked Canada’s Privacy Commissioner to investigate.
The Canadian Internet Policy and Public Interest Clinic (CIPPIC) today filed a complaint with
Canada’s Privacy Commissioner about Bell Canada’s alleged practice of monitoring internet
subscribers’ internet activities without their knowledge or consent. Bell began to apply “deep
packet inspection” to its own Sympatico retail customers late in October 2007, but only admitted
this practice late in March 2008, after it began applying the same practice to subscribers of other,
independent internet service providers.
Bell claims it is respecting the privacy of ISP subscribers, but has refused to describe just what its
deep packet inspection of subscribers’ activities really uncovers. “Millions of Canadians use the
Internet every day,” said Philippa Lawson, Executive Director of the Clinic. “How can they
know if their privacy is being respected, if Bell won’t disclose what it is actually doing?”
There is evidence that other large ISPs such as Rogers, Shaw, and Cogeco may be engaging in
similar practices, said Lawson. “Our complaint focuses on Bell, but we are asking the
Commissioner to investigate all ISPs who engage in traffic-shaping practices.”
“Canada has privacy legislation that Bell and other ISPs must follow,” Ms. Lawson pointed out.
“We’re asking the Privacy Commissioner to investigate just what Bell’s use of deep packet
inspection involves. Canadians have a right to know who is looking over their shoulders, and
CIPPIC is based at the University of Ottawa, Faculty of Law. The clinic seeks to ensure balance
in policy and law-making processes on issues that arise as a result of new technologies."

No comments: