Feeds

Bell Canada chokes P2P and privacy?

'J'accuse!'

Beginner's guide to SSL certificates

What's worse than an ISP throttling your peer-to-peer traffic? An ISP throttling your peer-to-peer traffic while stepping on your privacy.

Late last week, the Canadian Internet Policy and Public Interest Clinic (CIPPIC) fired a letter to the country's privacy czar, urging an investigation into the traffic shaping practices of mega telco Bell Canada. The University of Ottawa-affiliated law clinic suspects that Bell is not just throttling BitTorrent and other peer-to-peer traffic, but illegally monitoring the activities of millions of Canuck web surfers.

In March, Bell Canada admitted to shaping P2P traffic on its own DSL-based ISP, Sympatico, as well as third-party ISPs that piggyback on its pipes. That's right, it's curbing packets on someone else's network.

"As a service provider, we have to ensure no individual or group is negatively impacting the majority’s internet access," Bell Canada spokesman Pierre LeClerq tells us. "That was happening with some wholesale ISP customers (a very small portion), who were hogging huge amounts of bandwidth with P2P during rush hour." We think he means the internet version of the rush hour.

P2P throttling is nothing new. As we all know, American cable behemoth Comcast has blocked BitTorrents for at least a year. The difference is that Bell Canada is throttling via deep packet inspection (DPI) - the packet filtering technology made famous by anti-virus vendors. When we spoke to LeClerq, he would not admit to this, but his company has already come clean in a recent filing with the Canadian Radio-Television and Telecommunications Commission.

"Bell's internet traffic management solution uses network equipment that can perform DPI," reads the filing. "DPI is used to examine each of the protocol headers that wrap the content in order to identify the type of application package being transmitted.

"This allows Bell to balance the delivery of different types of applications over a network similar to how a postal service needs to balance the delivery of time sensitive overnight packages and high volume shipments."

With a letter (PDF) to Canada privacy commissioner Jennifer Stoddart, CIPPIC director Philippa Lawson asks if this sort of behavior violates Canadian privacy law, arguing that DPI "inspects information that can be linked to internet subscribers."

She says that DPI is "not necessary to ensure network integrity and quality of service". She points out that Bell is inspecting packets for this purpose without user consent. And she wonders what else the ISP is doing with deep packet inspection.

"The problem is we don't know exactly what they're doing," Lawson tells us. "They say it's only for network management purposes. But who knows?"

Again, Bell Canada's LeClerq wouldn't cop to DPI. But he did have this to say in response to our inquires about Lawson's letter: "Bell respects the privacy of our customers. We are in compliance with our privacy obligations. We don't look at the content customer’s access."

It's worth noting that Lawson's letter accuses Bell Canada of examining packet content, while the company's CRTC filing says it inspects only headers.

As Lawson points out, so-called behavioral ad targeting firms like Phorm and NebuAd employ deep packet inspection within ISPs as a means of tracking the online activities of net surfers. But this likely has little to do with Bell Canada's P2P throttling. We asked Bell Canada if it partners with a behavioral ad firm, but it has yet to respond.

Clearly, LeClerq didn't know whether Bell Canada is using a Phorm or a NebuAd. But he does know the company is using deep packet inspection. And yet he still refuses to say so. If nothing else, Bell Canada is guilty of keeping people in the dark. Much like Comcast. ®

Secure remote control for conventional and virtual desktops

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.