NoSnooping.html
5.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta name="generator" content=
"HTML Tidy for Mac OS X (vers 31 October 2006 - Apple Inc. build 13), see www.w3.org" />
<title>
No Snooping - Design Issues
</title>
<link rel="Stylesheet" href="di.css" type="text/css" />
<meta http-equiv="Content-Type" content="text/html" />
</head>
<body bgcolor="#DDFFDD" text="#000000">
<address>
Tim Berners-Lee<br />
Date: 2009-03-09, last change: $Date: 2009/03/11 15:48:30
$<br />
Status: personal view only. Editing status: first draft.
</address>
<p>
<a href="./">Up to Design Issues</a>
</p>
<hr />
<h1>
No Snooping
</h1>
<p>
Most of these notes are about architecture at the web layer.
However, a healthy web for society places requirements also
on the Internet layer.
</p>
<p>
In 2008, this was threatened in the UK by the company
<a href="http://en.wikipedia.org/wiki/Phorm">Phorm</a>
proposing to use data from deep packet inspection (DPI). The
system would use special apparatus at the Internet Service
Provider (ISP) to monitor traffic, peek inside the IP
packet's payload, and determine every URL looked in a
household's browsing on the web. This profile would be used
to provide taregetted advertizing. They also planned to
automatically "protect" users by redirecting any access to
blacklisted (phishing, etc) sites.
</p>
<p>
A discussion was held at the House of Lords by Baroness
Miller on 2009-02-11. These are some notes I made for the
event, which I attended.
</p>
<ol>
<li>The Internet in general has and deserves the same
protection as paper mail and telephone.
</li>
<li>If fact you could argue that it needs it more, as it
carries more or our lives and is more revealing than our
phone calls or our mail.
</li>
<li>The access by an ISP of information within an internet
packet, other than that information used for routing, is
equivalent to wirtetapping a phone or opening sealed postal
mail.
</li>
<li>The URLs which people use reveal a huge amount about
their lives, loves, hates, and fears. This is extremely
sensitive material. People use the web in crisis, when
wondering whether they have STDs, or cancer, when wondering
whether they are homosexual and whether to talk about it, to
discuss political views which may to some may be abhorrent,
and so on.
</li>
<li>We use the internet to inform ourselves as voters in a
democracy. We use the internet to decide what is true and
what is not. We use the internet for healthcare and social
interaction and so on. These things will all have a
completely different light cast on then if the users know
that the click will be monitored and the data will be shared
with third parties.
</li>
<li>The URLs produced when using forms contain the
information typed into those forms. Personal data, private
data.
</li>
<li>If people really want privacy, then many users and sites
may switch to using SSL encryption: to doing theior actual
web surfing thorugh an encrypted tunnel. This takes a lot of
server CPU cycles, making server farms more expensive. It
would slow the user's computer. It would effectively slow
down the whole net. It also prevents the use of HTTP proxies,
which currently help the efficiency of web access.
</li>
<li>There are considerable risks if the information is
abused. Imagine:
<ul>
<li>To be able to buy a profile of a person you are
interested in;
</li>
<li>To discriminate based on profiles of people when
deciding whether suitable to employ them;
</li>
<li>To discriminate in giving life insurance, and so on,
against those the have lookup up (say) cardiac symptoms
on the web;
</li>
<li>Criminal attacks on government officials at home;
</li>
<li>Foreign attacks on the country made by targeting and
analyzing key individuals;
</li>
<li>Predators choosing, stalking, and targeting
victims;...
</li>
</ul>
<p>
to name a few.
</p>
</li>
<li>The information could be deliberately abused by an inside
worker, or could be acquired by an attack on the system's
machines.
</li>
<li>The power of this information is so great that the
commercial incentive for companies or individuals misuse it
will be huge, so it is essential to have absolute clarity
that it is illegal.
</li>
<li>To put his in perspective, it is like the company having
a video camera inside your house, except that it gives them
actually much more information about you.
</li>
</ol>
<p>
The act of reading, like the act of writing, is a pure,
fundamendal, human act. It must be available without
interference or spying.
</p>
<h3>
Acknowledgements
</h3>
<p>
Thanks to colleagues who reviewed these notes and provided
useful feedback, including Hal Abelson, Karen Myers, Thomas
Rössler, Amy van der Hiel, and Danny Weitzner
</p>
<h3>
References
</h3>
<p>
Phorm in Wikipedia http://en.wikipedia.org/wiki/Phorm
</p>
<p>
The author on BBC news disapproving of the spying on people's
URLs: http://news.bbc.co.uk/2/hi/technology/7299875.stm
</p>
<hr />
<p>
<a href="Overview.html">Up to Design Issues</a>
</p>
<p>
<a href="../People/Berners-Lee">Tim BL</a>
</p>
</body>
</html>