The semantics of privacy

Bell and the Canadian Association of Internet Providers made submissions to the CRTC in answer to questions the regulator had over their respective cases in the traffic-throttling controversy. (Long story short, if you missed it: Bell is choking off P2P traffic on the lines it leases to reseller ISPs. The ISPs claim a) that’s anticompetitive, even though Bell does the same to its retail customers, and 2) not only P2P traffic is being affected. The ISPs are seeking an injunction against Bell precluding the practice. For past episodes of this drama, click here.)

While it was the collateral damage issue — applications other than P2P traffic that are being affected — that drew the largest catalogue of complaints from irate ISP customers, there’s a curious bit of double-talk in Bell’s description of the deep packet inspection technology it uses to identify P2P traffic. The CRTC asks, among other things, “whether the DPI technology deployed by Bell Canada has the capability to examine the content of the P2P traffic being shaped and to identify the sender and the intended recipient.”

Bell Canada’s reply is several pages long, but comes down to this: It can identify the customer premises device, but not the person using the machine. Thus, concludes Bell, it cannot identify the sender or the intended recipient.

Hold the, er, phone. Bell can tell where the traffic is coming from, which, for the telco, is good enough to bill the user. Twist Bell’s rationale just a hair, and you can argue that since the carrier doesn’t know who’s using the machine in my house, I shouldn’t be billed for its use.

Splitting hairs and arguing semantics over your customers’ privacy is trivializing something very important. Identifying the customer premise is good enough for Bell to bill me; it’s good enough for me to cry “invasion of privacy.”