NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] ISPs Spying On and Modifying Web Traffic -- With Patent Application

  [ From my blog: ( http://lauren.vortex.com/archive/000336.html )

    This appears to be a foundational network neutrality issue that
    could easily affect the technical aspects of this project in
    significant ways.  So long as we don't get out of hand, some
    additional discussion of the issue on this list would seem appropriate. 

                                                             -- Lauren ]

Greetings.  Over on the NNSquad (Network Neutrality Squad) mailing
list ( http://www.nnsquad.org ), the topic has arisen of ISPs spying
on Web traffic and using the derived data to insert their own ads
into the user data stream 
( http://www.nnsquad.org/archives/nnsquad/msg00280.html ).

In my view, such behaviors by any conventional general purpose ISP
with their paid subscribers is unacceptable, even when opt-outs of
some sort are supposedly available (from the spying or just from the
ads? -- Not clear!)  This appears to represent a clear violation of
basic network neutrality principles.

A fairly new patent application
( http://www.freepatentsonline.com/20070233857.html ), demonstrates
the depth of intrusion that has been contemplated for the associated
enabling devices [emphasis added]:

   United States Patent 20070233857 (Application)

   A network device for monitoring and modifying data traffic
   between a client device and a server device is disclosed. The
   network device is configured to provide targeted advertisements
   to a user *based on some or all of the data traffics generated
   the user*.  Different from a proxy server, the network device
   *operates transparently from both perspectives of a computer
   being used by the user and a website being visited by the
   user*. The network device is disposed in line between the
   computer and the network so that *all data traffics are
   examined*. The data packets exchanged between a computer and a
   website being visited are *altered or modified* in such a
   way that the head of the packets remains largely intact while the
   payloads of the packets are changed to suit the need of
   delivering transparently the targeted commercial information.

It's important to note the vast difference between this sort of
activity by a primary ISP, vs. ad insertions at Web sites that occur
with the cooperation or at least the assent of the Web site

The latter category only affects users who choose to visit
particular Web sites or use specific services (e.g. Gmail) as an
affirmative (essentially, an opt-in) choice.  While it's possible in
some cases to argue the fine points of privacy issues related to ad
serving systems in this class of environments, it's generally the
case that these services are chosen voluntarily by users on a
case-by-case basis.

However, since ordinary "last mile" ISP circuits represent the only
means of accessing the Internet for the vast majority of consumers
and businesses, ISPs drafting their conventional paying customers on
a default basis into *pervasive traffic monitoring and
modification* regimes, are taking improper and unacceptable
advantage of their gateway roles and are obviously behaving in a
non-neutral and potentially highly abusive fashion.

This sort of ISP behavior may arguably be more acceptable in some
very specialized situations -- such as with WiFi access services
provided without charge for example, but even then only with full
and complete disclosure and ironclad privacy protections, with
appropriate data destruction - expiration - anonymization guidelines
for the collected transactional data.  

For ISPs providing conventional paid Internet access services --
even where such protections and guidelines are present -- these
monitoring and traffic modification systems deployed in any form
other than with affirmative customer "opt-in" cannot be condoned and
should not be accepted by any Internet users.

Lauren Weinstein
lauren@vortex.com or lauren@pfir.org 
Tel: +1 (818) 225-2800
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, NNSquad 
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com 
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com