Sat | Sep 23, 2017

We're sitting ducks on the Internet

Published:Sunday | October 5, 2014 | 10:00 AM

Trevor Forrest, Guest Columnist

In my last article, 'The dark side of VoIP block', I discussed the ongoing VoIP block in effect by the telecom providers and shared with you the method by which these and other network service providers were able to block specific types of traffic moving across their networks.

I introduced the practice of deep packet inspection (DPI) and briefly highlighted how it works. I also brought into focus some of the privacy concerns surrounding its use.

In this follow-up, I want to further discuss this practice of DP) and bring it and the issues of data privacy into sharper focus.

Why DPI is important

In summary, DPI is the inspection of all aspects of a data packet as it passes specific checkpoints on a network. It is used to verify whether the contents stored within a data packet should be allowed to continue on their journey from source to destination or if it should be redirected elsewhere or even blocked. It is important to note that use of this kind of technology is not only available to service providers, but also available to your corporate IT departments and the networks they operate.

DPI has, over the years, become increasingly important because network operators and service providers use it primarily to secure their networks and make them run more efficiently. However, as this technology matured, new ways in which it could be used emerged. Today, DPI can be used to do lawful data interception and data surveillance, quality of service management and compliance, network bandwidth management, targeted marketing, electronic copyright enforcement and, eventually, it will be used in the provision of tiered and packaged services.

Each one of these uses has inherent benefits to service providers, network operators and consumers alike. As technology consumption and delivery models continue to change, the benefits will become more and more obvious. Service providers globally have scurried to embrace these benefits and uses as the battle to create new revenue-generating streams heats up. So it's safe to say DPI is here to stay.

The possibility for misuse

The concern I have with these DPI technologies and their use in the delivery of a 'public service' is the fact that the possibility for misuse exists. Therefore, protections must be put in place for consumers as we send our data across these networks. In my view, the existing legislation is terribly lagging behind the technological advancements, and the Government is not acting with sufficient urgency to close this gap.

How do marketers who you never gave your email address to suddenly start clogging your email inbox with useless and annoying marketing messages that you cannot opt out of? Who gave them your information in the first place without your consent? (This is called email address harvesting).

Or, let's say you have an idea, an extremely valuable idea, and you communicate this idea to a friend via email or text message with explicit instructions to delete after reading. It is reasonable to establish that you only had one intended recipient of that message. If that email was intercepted unlawfully in transit by someone who works for a provider, and your idea was stolen and used to create a business opportunity that benefits someone other than you, how would you deal with that? How could you prove that someone else gained access to it? What are the responsibilities of the service providers or operators as it relates to notifying you about this possible violation if or when they become aware of the breach? Yes, they may deal with the matter internally, but shouldn't they also be required to notify the public of the breach?

Another case in point: You provide personal information to a financial institution or credit-reporting agency and in the conduct of their normal business operations, they transmit your data across a public network and such data are hijacked and used in nefarious ways. Or perhaps they outsource some of their IT operations so now your data are in the possession of a third party? Sounds familiar?

Can we say call centres/BPOs in the furtherance of the services they provide to their clients? Oh, wait, call-centre employees and their involvement in the lotto scam might be a good example of the devastating effects of data misuse.

WHAT IT MEANS TO YOU

As technology continues to become a major part of our everyday existence and as the country moves towards a more knowledge-based, digital economy, public and private networks will become as important as power lines. Our personal and confidential information will be stored and transmitted on and across these networks and, as such, the need for adequate protections and privacy protocols for our data becomes more and more important. Why? Imagine an entity legally or illegally accessing this information and using it either against your will or in ways that could bring harm to you, your family or your business. What is your recourse?

Think about it:

  • Personal contact and demographic information.
  • Credit and finance-related information.
  • Electronic medical records.
  • Text messages, voice notes and voice calls.
  • Emails and attachments.
  • Pictures, videos and video clips.

These are all things that will be transmitted over public and private networks.

The point I want to make is this: While it may never be the intention of service providers or network operators to unlawfully use data which they are capable of capturing, the POSSIBILITY exists for this to happen with or without their knowledge. It is this possibility that we must look to guard against.

Legislation and enforcement urgently needed

We need greater urgency in the creation, review and repeal of our laws to ensure that citizens are protected in this environment of increased use of technology. I understand that the Data Protection Act is not expected until 2016. That is a long way off in technology terms. The current Telecommunications Act is 14 years old (minor amendments were made in 2012).

It is painfully clear to me that, as a country, we find ourselves in a situation where the legislation is not in lockstep with the technology advances. I find that the Government is, for whatever reason, slow in acting. This is not healthy for our country and where we need to go as a truly knowledge-based digital economy.

Trevor Forrest is CEO of 876 Technology Solutions, a company specialising in website design, cloud hosting and document management. Email feedback to columns@gleanerjm.com and trevorforrest@876solutions.com, or tweet @trevorforrest.