ISPs as Privacy Custodians

Just published in the Canadian Journal of Law and Society (CJLS) is my article on Internet Service Providers as Privacy Custodians (a pre-print version is available here). The content is adapted (and updated) from a chapter of my PhD dissertation, wherein different chapters dealt with different social responsibilities of ISPs in Canada. The focus of this piece is on privacy responsibilities, but these are interrelated with ISPs’ other responsibilities and social roles, such as surveillance. For example, Canada’s Privacy Act was referred to as the “wiretap bill” while it was being debated in 1973, because while it criminalized the invasion of privacy, it also provided a formal legal route through which the police could obtain wiretaps (I particularly enjoyed studying the murky history of wiretapping in Canada for this piece, which I could only include in summary form).

The responsibilities of ISPs to protect privacy directly shape how police can carry out investigations involving subscriber information, how copyright enforcement operates, and the sorts of commercial relationships ISPs can enter into when monetizing subscriber information. I settled on the term “privacy custodians” to describe the role of ISPs in governing privacy for lack of a better one (the term is used in health care, and here I conceive of privacy governance as being broader than managing the personal information of users, encompassing a broader relationship to the public including policy advocacy, public accountability, and privacy education). I’ve been interested in how different ISPs approach the role of privacy custodian, at times through differing interpretations of legal obligations, but also through different kinds of voluntary efforts to go beyond legal obligations. I discuss these by distinguishing positive responsibilities (the responsibility to do something) and negative responsibilities (the responsibility to not do something). I argue that we should pay attention to the ways that ISPs are distinguishing themselves by carving out and asserting new positive responsibilities, but being mindful of the discretion with which they do so, and the pressures to compromise privacy given the growing value of the data that these intermediaries can collect.

The abstract reads:

This article examines the role of internet service providers (ISPs) as guardians of personal information and protectors of privacy, with a particular focus on how telecom companies in Canada have historically negotiated these responsibilities. Communications intermediaries have long been expected to act as privacy custodians by their users, while simultaneously being subject to pressures to collect, utilize, and disclose personal information. As service providers gain custody over increasing volumes of highly-sensitive information, their importance as privacy custodians has been brought into starker relief and explicitly recognized as a core responsibility.

Some ISPs have adopted a more positive orientation to this responsibility, actively taking steps to advance it, rather that treating privacy protection as a set of limitations on conduct. However, commitments to privacy stewardship are often neutralized through contradictory legal obligations (such as mandated surveillance access) and are recurrently threatened by commercial pressures to monetize personal information.

While tensions over privacy and state surveillance have been long-lasting and persistent, in recent years the most interesting developments have been related to the monetization of personal information. Recent news have included the re-launch of Bell’s targeted ads program, and another U.S. privacy scandal involving the resale of location information. Canadian incumbents collaborate on location and identification services through EnStream, which has so far remained relatively quiet and scandal-free, but also introduced a new role into the subscriber-provider relationship. We pay service providers to give us connectivity and some extent of privacy, but these companies are also serving the needs of customers who want information about us.

In short, the internet’s gatekeepers are also the gatekeepers of our identities and activities.

SuperNet 1.0 Post-Mortem

Earlier this month the Auditor General of Alberta released a major report, with a section on contract management at Service Alberta devoted to SuperNet. Several news outlets covered the release, and decided that the section dealing with SuperNet was the most newsworthy, summarizing it as mismanagement of a $1 billion contract.

The report is a bit of a strange read, since it is on the topic of the original SuperNet, discusses it in present-tense, but the relationships and contracts that defined SuperNet 1.0 belong to the past. The Auditor General’s office effectively studied the period between 2005 and 2017, carrying out interviews and analyzing documents in 2017, and completing the audit in January 2018 — long before the last-minute hand-off of the network last summer. One of the report’s findings was that the Government of Alberta had identified risks in the 2018 transition and “incorporated mitigation strategies” into its planning, but the audit did not look at the procurement process or how the transition (to Bell) actually took place, or what is in the new contract.

Service Alberta Minister Brian Malkinson took the opportunity to reassure that GoA has already learned the report’s lessons, and will post the new contract online once Axia’s assets are transferred to Bell. Since Bell reported that it had completed acquisition of Axia back in September, I’m not sure what the reason for the hold-up is. This is the sort of public accountability that was badly missing from the last SuperNet deal. This time, the public is being asked to accept the Minister’s reassurance that it’s all good, while we wait to learn what sort of deal was struck with Bell back in June.

So what did the Auditor General learn about SuperNet 1.0? A lot of the report puts on official stamp on what we already knew — lax oversight, a badly-written contract, Axia doing things GoA thought was inappropriate, but GoA feeling largely powerless to stop them:

“In 2011 the department sought legal advice on potential non-compliance with operator independence requirements. The department then sought additional information from the operator on services provided to third parties… The operator has asserted it is compliant with contract terms and obligations. As a result, again, the parties to the contract did not consistently interpret the terms and conditions”


“The department attempted to exercise these audit rights in 2015 as a result of a number of contract disputes, including those identified above. The department has not been successful in exercising that right… again because of differing interpretations of contract terms”

The report does offer a kind of explanation for something I’ve wondered since reading the SuperNet 1.0 contracts — what about all the regular reporting that Axia was supposed to provide GoA about how the SuperNet was running?

“We found that, since 2006, the department has not always received this reporting from all contract parties. We also found no evidence of the department routinely requesting this information from the parties. We asked department management why they have not obtained this information as required under the contract. Management stated that they considered the reporting to be more relevant to the initial construction of the network rather than ongoing operations.

Right. I’m guessing that the various ministries responsible for SuperNet over much of this period really weren’t interested or capable in monitoring what was happening with the network. What about when GoA started to have more serious concerns about the contract after 2011? Maybe no one at Service Alberta saw this information as valuable enough to ask for. Maybe some people weren’t aware this was in the contract. Whatever the reasons, I’ll be interested in what kind of accountability is written into SuperNet 2.0, and whether accountability on paper translates to accountability in practice.

So, we now have some more specifics about fundamental issues that  Service Alberta was quite up-front about last year before the contract expired. The SuperNet seems to be chugging along in continuity mode for the time being, and the communities Axia fibred up are still getting the internet they agreed to for the same price. But last summer did not exactly inspire confidence about the SuperNet 2.0 transfer. What was all that last-minute contract negotiation about? What exactly is Alberta paying for right now? Here, the Auditor General can tell us nothing — these sorts of audits can take many months to pull together.

Maybe next year?

SuperNet 2.0 (update)

With the transition to Bell’s operation of the SuperNet a smooth one so far, it’s worth revisiting the topic and my previous blog post. Any anticipated squabbles between Bell, Axia, and GoA have been rendered moot by Axia ceasing to exist as an independent entity in Alberta, now that it is being absorbed into the big body of Bell. This means Bell now owns anything that Axia might have wanted to claim as its property, and it inherits all of the corporate infrastructure responsible for keeping the SuperNet running. I wonder if this was the plan all along ever since GoA started favoring Bell for the contract, or if it’s what led to the last-minute nature of the announcement, as Bell and GoA belatedly realized they would face some serious disruption if they tried to go around Axia.

The remaining question is what happens to the communities that Axia (Connect) has extended fibre networks in during the past few years. The SuperNet 2.0 contract should really have done away with the possibility for such an arrangement, which violated the “level playing field” intent of the SuperNet (with the wholesaler also competing in the retail market). But so far we have indeed witnessed continuity for places like Nanton and Stavely, which makes me wonder, is this continuity just a temporary arrangement? Is there a plan to sell these networks off to another party, or does everyone previously served by Axia Connect just become a Bell customer? If the latter, this legitimates what Axia had done in recent years and would be a big win for Bell, which would not be confined to the role of middle-mile intermediary. It could open up the possibility for Bell to use the SuperNet to great competitive advantage against rural Alberta ISPs, whether they rely on SuperNet or not. It would also be another example of the GoA choosing to maintain the SuperNet status quo, rather than making difficult decisions and much-needed changes to the contract. I hope this is not the case, but it’s certainly a possibility given previous history.

2019 UPDATE: In keeping with its practice to only offer retail internet service in Eastern Canada, Bell has sold the Axia retail operation to TELUS.

SuperNet 2.0 Deadline Hits

The clock almost ran out.

In a decision that should have been announced months ago, the Government of Alberta (GoA) has just declared it was handing the SuperNet’s management over to Bell – the company that had pulled together the original consortium which had won the contract back in 2000 and funded a great deal of the network, but which had played a more marginal role as its once-partner Axia assumed operational control. The next stage for Alberta’s province-spanning fibre-optic network is about to begin, and if the transition continues to generate bad press, more Albertans might actually become aware that this urban-rural infrastructure exists.

Whatever is happening this long weekend at the offices of Bell, Axia, and the GoA, it wasn’t supposed to be this way. The province was working on a long-term fix for the situation last Spring, when Service Alberta’s Stephen Bull assured that the file had the government’s attention at the highest level. Then something got bogged down, someone lost the script, or there were too many cooks in the kitchen. All that’s known publicly is that the Minister responsible for Service Alberta was shuffled a couple of weeks ago, and the GoA seemed ill-prepared to comment on what was happening, leaving Axia to mount a last-minute PR campaign to defend their interests and encourage Albertans to write their MLAs to keep the SuperNet “managed from Alberta, by Albertans.” It all seemed reminiscent of how the province has neglected the SuperNet since it was built, leaving the day-to-day to Axia, the network’s former operator, with the GoA’s responsibilities shuffled between the province’s shifting ministries and only occasionally receiving higher-level attention.

As we approach the July 1st hand-off, it’s worth reviewing what’s at stake:

Axia was small, new, and unknown in 2000, with no experience building and running a network like SuperNet. Today, the company has experience around the world, but its core operations in the province do seem to be in jeopardy. Presumably, there are contingency plans, but GoA didn’t give Axia much time to work things out, and everything the company does in Alberta seems tied to the SuperNet contract.

Bell invested significantly in the SuperNet during the early 2000s, which was meant to give the company more of a Western presence, but the project ended up being more of a money-pit than anticipated and I can imagine the subsequent legal disputes left the company with some regrets. Now the company gets to gain control over infrastructure it has actually owned since 2005.

We don’t know what the contract looks like, and it may be some time before we do. The original SuperNet contract was treated as confidential business information rather than public policy and had to be eventually obtained through a FOIP (freedom-of-information) request. Last week, Axia was promoting the idea that its much-touted open-access model would be under threat if Bell got the contract. But the GoA has promised “continuity”, including for the ISPs that get wholesale access to SuperNet, so it’s unlikely there will be a fundamental change in that regard. Also, Axia abandoned a key principle of the open-access model years ago, when it effectively dropped structural separation by becoming a retail ISP through SuperNet. Sure, they did so without blocking other ISPs from accessing the network, and they were arguably meeting a market need that was ill-served, but in an open-access middle-mile network the operator should not also be competing with last-mile ISPs.

GoA tacitly approved all of this by staying out of the way as Axia offered fibre networks to municipalities across the province, through an entity legally separate from its SuperNet operations, but which advertised connectivity through the SuperNet as its competitive advantage. This is something that always gave me (and others) trouble, since Axia SuperNet and Axia Connect were supposed to be separate entities, but the dependencies between the two were quite explicit (with Axia Connect communities used to promote SuperNet, and SuperNet used to promote Axia Connect). Did municipalities understand the risk they were entering into when they inked their contracts with Axia Connect? I hope so, since Axia Connect’s contingency on the SuperNet contract was not a secret, but some are understandably confused that the next-generation network they had secured for their town could now be a stranded asset in need of a long extension cable. I’m guessing that Axia will lease that cable if they have to and pass the cost on to consumers, or if things get really bad they could sell these fibre networks. Still, whatever happens this will only affect a relatively small number of Alberta towns with Axia Connect (Nanton, Vulcan, Nobleford, Stirling, Barnwell, Fairview, Pincher Creek, Fort Macleod, Raymond, Magrath, and Hanna). The rest of rural Alberta relies on the traditional SuperNet arrangement that connects public facilities and allows access to private ISPs.

Something else I anticipate will become an issue is the question of who-own-what. This has always been one of SuperNet’s most confusing aspects, since at the end of the 1990s the GoA really did not want to become owner of a telecom network. Government ownership is what the SuperNet contract stipulates could happen in 2035 – at least for the Extended Area Network that Axia was responsible for, but by then it might not be worth much. The Base Area Network, which connects Alberta’s cities, is owned by Bell. Ownership of the Extended Area Network is also technically Bell’s, but the network has not been static since it was built, with Axia building upgrades and integrating the network with its own business endeavors. I can imagine it may be complicated to sort out which bits of equipment belong to Axia, and which belong to the Extended Area Network being transferred over to Bell’s control. Both companies are contractually obligated to ensure a smooth and orderly transition, and in a perfect world the priority would be to maintain connectivity to all SuperNet clients while these things get sorted out, but everything related to SuperNet so far has been from perfect.

What happens on Canada Day remains uncertain — more to follow.

Security Versus Surveillance After Snowden

Just published in the latest issue of the open-access Surveillance & Society journal is a piece I originally wrote while attending the Surveillance Studies Network conference in Barcelona in 2014. By that point, nearly a year after the first Snowden disclosures, the most significant revelations had come out and it was possible to take stock of their impact. I was studying the Canadian telecom policy at the time, attending industry conferences and international events like NANOG and the IETF. At both kinds of meetings, discussions of privacy, surveillance and Snowden were unavoidable that year. We had entered the post-Snowden era, and this was evident beyond conferences’ discussion topics.

When the first Snowden disclosures happened in June 2013, conflicts between the NSA and private industry had cooled (and relations warmed), following mid-1990s fights over the clipper chip. Many information security practitioners in 2013 had not been involved in these political battles from twenty years ago. Some infosec professionals had started out as troublesome hackers, but the NSA now saw domestic hackers as less of a threat and more of a recruitment opportunity, with the head of NSA (Gen. Hayden) giving a keynote at Def Con in 2012. Individuals from the NSA had also participated at the IETF, and many in the private sphere had come to see themselves as essentially fighting on the same side as government. The biggest enemies were foreign state-backed hackers (“advanced persistent threats”), concern over which had reached an all-time high in 2013, particularly through the threat emanating from China. Snowden changed all that; Chinese hackers dropped from the headlines, the IETF took a public stand, and the NSA took a “time out” from hacker conferences. It wasn’t just that the Five Eyes were carrying out mass surveillance — they were doing so by compromising the security of technologies, institutions, and people they claimed to protect.

As many (including Snowden) argued, secret government surveillance in a democracy is a political issue, and the disclosures brought secret programs to public attention to make an informed policy debate possible. But other than the USA Freedom Act, meaningful political action did not materialize, and in the United States the debate largely centered on the question of whether Americans were illegitimately spied upon by their own government (as opposed to larger questions of international mass surveillance and governments compromising technologies used by their own citizens). But some institutional relationships and technologies were immediately altered because of Snowden, and the practical consequences of changes undertaken in the private sector and civil society have been more significant than political reforms.

Post-Snowden security responses include Google securing its own international links, a wider shift toward encrypting web traffic (through HTTPS), or Apple’s post-Snowden security upgrade, which set off a massive legal fight with the FBI over an iPhone in 2016. It’s not that mass surveillance has become more difficult across the board — Apple now faces new concerns about iPhone security and the privacy compromises it has made to enter into the Chinese market, but the company’s pre-Snowden cooperation with U.S. authorities is over.

More broadly I hope this piece will be useful in distinguishing between different kinds of security: cyber, national, and information technology (IT), and how these relate to privacy and surveillance. Before Snowden, many in Five Eyes nations saw national, cyber, and IT security as working together. After Snowden, IT security has become a form of resistance against surveillance tied to national security and cyber security projects.

All good things…

Since 2012, I’ve been working on my PhD dissertation research into Canadian internet policy at the University of Alberta’s Department of Sociology. This month I successfully defended the dissertation (pdf), which addresses the theme of this blog — intermediation. This includes an analysis of the political economy of Canadian telecom, competition regulation, public connectivity, privacy, security and lawful access, copyright, net neutrality, and alternative or public approaches to connectivity.

An enormous thanks to all those who have helped me get to this point by sharing what you know about these topics. Many people have told me things that do not appear in the final thesis, but rest assured every interaction I’ve had over the years has helped to inform my understanding to get to this point. It’s been really great hearing from internet pioneers, Canadian telecom professionals, public servants, policy experts, and all those who help make this connected world what it is.

So what’s next? I plan to continue pursuing all the topics that have animated this research. We’re still talking through many of the same telecom and internet policy debates as when I started, and ISPs are still crucial gatekeepers and mediators of connectivity. The blog will keep its focus, though there may be some changes in frequency as I move on to new professional responsibilities at UBC. However, I imagine in the future I will be thinking more about Silicon Valley companies and the business model we might call platform capitalism, so the nature of the intermediaries I focus on may change. I will also be keenly looking for approaches to connectivity that are more locally-oriented, and alternatives to the giant firms that currently dominate connectivity and our online experiences.

ISPs as Providers of Equitable Connectivity

Recently in the news — Canadians love connectivity and they want it cheaper. We can see this either as an indicator of increasing competition in the sector (thanks to Freedom Mobile), or a sign of how high rates and data caps make Canadians scramble for a deal when it’s offered.

The focus now is on mobile plans, but we’re not having the discussion about an affordable option for residential broadband. As announced in last year’s federal budget, affordable government-approved broadband for low-income Canadians may eventually become available. While there are strong parallels between this approach and 20th century efforts to achieve universal service through cross-subsidization, this will likely not be a universal program. Rather than imposing some sort of “skinny basic” for the internet, the federal Cabinet has made affordable internet a priority, allocated money, and left us waiting on the details.

In a previous post, I wrote about the CRTC’s universal service objective, and how the Commission likes to stay out of setting retail prices for broadband (unless we’re talking about an IPTV service). The CRTC does regulate wholesale internet rates to promote competition, and this is supposed to control prices, but part of the rationale for not intervening directly on retail pricing was to avoid doing something that would “inadvertently hinder the development of further private and public sector initiatives” on affordability. Well, the federal government’s $2.6 million annual program announced last March, can be seen as a public program to nudge private sector initiatives along. The money is meant to help support ISPs that offer low-priced connectivity to low-income families, who will also receive refurbished computers.

This is similar to what Rogers and TELUS have been doing already in select markets, and these companies may end up being able to roll their existing programs into whatever is finalized as the government’s plan with little effort. But if other providers do join (or are compelled to participate in a mandatory program), then this becomes more of an industry norm than a distinguishing virtue. Rogers and TELUS have been trying to behave and stand out as good corporate citizens (Bell’s distinctive efforts in this regard have been championing the issue of mental health).

The discussion is understandably focused on the incumbents here, but let’s not forget there are a host of organizations and ISPs that have long been devoted to a more equitable distribution of connectivity in society: FreeNets & community networks (NCF, VCN, ViFA, Chebucto), publicly-funded rural broadband (like SuperNet, or one-time funding programs like Connecting Canadians and Connect to Innovate), First Nations initiatives, as well as public internet access sites. The federal government’s affordable access program for low-income households was criticized for being developed independent of groups that have been advocating for affordable connectivity in recent years, and following this criticism the proposal was sent back to the design stage to gestate further.

Personally, I love to see programs targeted for low-income Canadians that need them most, but the shelved affordable access proposal was a feather-light welfare policy. This was not the state using the market to achieve a public good — this was the state trying to achieve a public good without imposing any undue burdens on the market, with the private sector invited to participate. It would have encouraged a form of cross-subsidization, where ISPs use wealthier subscribers to subsidize poorer ones. In the monopoly era, cross-subsidization is how universal service (a phone in every home) was achieved. The telco companies had their regional monopolies, and one justification for this monopoly power was that you could take profits from urban areas to subsidize connectivity for more expensive (or less profitable) rural areas. After the monopoly era ended, we shifted to the cultivation of competition and deference to market forces. The societal benefits of internet access for everyone are clear, but the distribution of connectivity is still treated as a corporate responsibility.

This Liberal government is taking its time on this issue — perhaps they see flaws in the previous approach but are reluctant to push a more robust policy.  In the meantime, telecom companies may be less willing to develop their own affordable access programs knowing they may have to adjust to whatever shape government policy takes.

Competition Regulation and Internet Policy

If you’re interested in domestic internet governance in Canada, you need to know something about competition regulation. The same is true in much of the rest of the world where the telecom industry underwent liberalization (was opened to market competition) and also exhibits high levels of concentration and regulatory concerns about market power. For instance, Uta Meier-Hahn’s survey of network operators found that competition regulation was one the most common forms of interconnection regulation reported by participants. Here in Canada, telecom competition has been regulated ever since we moved away from monopoly control. This is why it’s inaccurate to describe what happened in the 1990s as deregulation. The neoliberal fantasy may have been to get government out of the way and turn everything over to market forces, but government decided it was going to take some purposeful regulation to get us there, and we never got there.

I’d like to distinguish between two basic kinds of competition regulation that matter: positive and negative (modifying this previous contrast I used to talk about ISP responsibilities). The first mode of regulation is the set of regimes, like mandated wholesale, that specify how competitors are required to behave and relate to one another, and other ways of addressing imbalances or insufficient competition in the market. This includes the way that smaller companies or “new entrants” are given certain advantages and protection (“set-asides”) in spectrum auctions. All of there rules are justified as promoting more, better, or fairer competition — they are positive forms of regulation, in that they create, cultivate, and encourage that which is desirable. They are premised on the idea that competition is a problem and that liberalization is incomplete. In other words, the market is not competitive enough and whatever the goal that the policy transformation of the 1990s was meant to achieve, has not been reached. The state can structure and configure conditions so as to improve things, or to set up market actors in a way that increases competitiveness. These are the kinds of competition regulation that matter most in the day-to-day of the telecom industry, and are often structured through a system of CRTC decisions (ISED when it pertains to spectrum).

The second set of regulations are essentially negative — they ward off the undesirable. Where positive regulations try to seed and fertilize the field (giving more fertilizer to the plants that need it the most), negative regulations tear out the weeds. This metaphor helps to show how this distinction is not entirely neat, since tearing out weeds creates better conditions for growth (there is a positive aspect to negative regulation and vice versa), but hopefully you get the idea — this is a heuristic. Both are forms of regulatory action, but the first promotes the good while the second restricts the bad. Negative regulations focus on what will not be tolerated and work to eliminate or prohibit these. They impose sanctions or consequences for undesirable conduct, drawing lines across which market actors shall not cross.

Canada’s Competition Bureau is a key actor when it comes to these negative forms of regulation, not only in the way it punishes abuses of market power (albeit rarely in telecom) but also the distinctions it makes when approving or rejecting mergers. There is a positive dimension here, in that a merger or consolidation can be approved along with conditions that are meant to promote competition, and the Bureau generally holds that mergers are good for competitiveness, but it also draws lines that big businesses wishing to swallow competitors will not cross. These lines can be quite permissive, as in Bell’s recent acquisition of MTS, but with so few major players left in the telecom market, further consolidation among these giant firms (the recurrently raised prospect of a Bell-TELUS merger) would be tricky. While positive regulations try to foster competition, negative regulations prevent us from slipping back to monopoly.

This is why issues around concentration of power and competition are so fundamental for internet governance — domestically, they make the difference between a world of multiple interconnected networks, and a world under monopolistic control. On that note, Dwayne Winseck and his team at the Canadian Media Concentration Research Project have been an important resource for tracking shifts in consolidation and concentration in Canadian media, ISPs included. With the latest annual update just released, I encourage you to check it out for lots of details and background. One of the takeaways is that when it comes to internet access in Canada, things are holding relatively steady. This means that the positive regulations aren’t being very successful in effecting change in the market, while the negative ones help maintain the status quo.

Review of Susan Landau’s — Surveillance or Security?

I’ve been going through my files recently, and discovering some that I had forgotten. A couple of times now I’ve had submissions to journals fall into a void. Ideally, when this happens the piece can still find a home somewhere else, but this was a review of book from 2010 written in 2012, and in 2013 Snowden changed the world and I felt the need move on. Still, Landau’s book remains valuable and some of these issues are even more salient today (also of note, in the 1990s Landau co-wrote Privacy on the Line with Whitfield Diffie).

Book Review: Landau, Susan. 2010. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. Cambridge, MA: MIT Press.

The choice between security and civil liberties remains a commonplace way of framing many surveillance debates. Susan Landau’s argument in Surveillance or Security? is that many surveillance technologies and systems not only compromise privacy, but may actually make us less secure. This thesis, while worth repeating, will not be novel for some readers familiar with surveillance and security debates. However, readers who are already well-versed in criticisms of the freedom-security opposition will still find a great deal of value in Landau’s book, including the nuance of her more policy and technology-specific arguments and the wealth of detail she provides on various electronic surveillance practices. The patience and clarity with which Landau walks readers through this detail is commendable, and the book makes many technical and legal matters understandable to those unfamiliar with telecommunications, electronic surveillance, or U.S. law. Despite this, reading Surveillance or Security? from beginning to end requires a considerable interest in the subject matter, and much of its detail will be superfluous to those interested in more general surveillance questions or electronic surveillance in a non-U.S. context.

The nuance of Landau’s argument preserves a legitimate and lawful role for surveillance by state actors, and her critique is targeted specifically at emerging forms of surveillance made possible in the age of digital networks. Of greatest concern is the ability to embed surveillance capabilities into our increasingly-capable communications infrastructures. Justifications for expanded or “modernized” police and national security surveillance capabilities are often premised on the need to bring telephone-era laws and abilities up to date with the internet. Landau provides a very effective introduction to telephone and packet-switching networks, the development of the internet, and the contemporaneous changes to U.S. surveillance law and practice. In the process, she shows how the nature of communication and surveillance has been transformed, and how inappropriate the application of telephone-era surveillance logic can be for internet architecture. While telephone and packet-switching networks are now deeply integrated, the reader will learn just how difficult “wiretapping the internet” is when compared to traditional telephone wiretaps. On the other hand, the book also discusses the vast amounts of information available about our digital flows, and how these possibilities of data collection introduce new dangers.

The most forceful of Landau’s arguments are against the embedding of surveillance capabilities into our networked communications infrastructure, as this amounts to an “architected security breach” (p.234) that can be exploited or misused. The main example provided by the author of such modern wiretapping gone wrong is the activation of surveillance capacities embedded in the software of an Athens mobile phone network during 2004 and 2005, wherein parties unknown targeted the communications of Greek government officials. While this case of wiretapping was highly selective, Landau also cites the current U.S. “warrantless wiretapping” program to illustrate the dangers of overcollection. A third case, the FBI’s misuse of “exigent letters” to acquire telephone records after September 11, shows how the risk of overcollection is exacerbated when wiretapping cannot be audited and fails to require “two-organizational control”. In the exigent letters case, FBI investigators and telephone company employees working closely alongside one other were able to nullify institutional boundaries and circumvent legal requirements. From these cases, Landau concludes that “making wiretapping easy from a technical point of view makes wiretapping without proper legal authorization easy” (p.240). Among her chief concerns is the historical propensity to take advantage of surveillance-ready technologies to target journalists and political opponents, and the possibility of “nontargets” being caught up through overcollection.

Surveillance or Security? offers solutions as well as warnings, and these are primarily oriented towards safeguarding communications security. As a general prescription, Landau argues for partitioning our networks to a greater and more sophisticated degree. This includes increased use of identity authentication and attribution for particular networks, and keeping others entirely inaccessible from the public internet. But Landau expressly opposes building identity authentication and surveillance mechanisms (such as deep packet inspection) into the internet itself. Overall, this is a sensible solution that can address “digital Pearl Harbor” fears while preserving the general openness of the internet. Our networks already have “walled gardens” for governments and corporations, and Landau calls for more effective partitions as well as open public vetting of security mechanisms (pp.240-241). Sanctioned wiretaps should also be auditable and not under the independent control of any one organization.

Ultimately, questions about how the internet should be designed and governed boil down to what we value in the network. Many have pointed out that that the values which drove the development of the internet did not include ensuring its security, so that concerns over identification, authentication, malware and cyberattack surfaced later in its development and are difficult to resolve. The debate over whether internet governance and internet architecture needs to be revised in the interests of security continues to this day, but the choice is not simply between security and openness. Rather, “security” can point to a whole host of challenges, some of which can be in opposition to one another. Landau does indeed distinguish between different security threats, but while there is a chapter entitled Who are the intruders?, no equivalent breakdown is given of “whose security” is of primary interest. Instead, Landau treats personal security, national security, and corporate security as compatible and amenable to some of the same solutions. She explicitly values personal privacy and the open innovation made possible by the internet, but also warns against growing foreign threats to the economy and critical infrastructure of the United States. The closing sentence of the book calls for communication security “to establish justice, maintain domestic tranquility, and provide for common defense” (p.256), and it is in the tensions between these three objectives that the supposedly false choice between freedom and security materializes once again.

Landau promotes the value of privacy and journalistic freedom, puts the danger of terrorism “in context” (p.222), and warns against heavy-handed approaches to illegal file-sharing (pp.34-35). But in debating the appropriateness of embedded surveillance or privacy-enhancing cryptography, the reader also learns that “we must weight the costs” (p.35) or the advantages against the disadvantages (p.219) of such technologies and practices. The problem is that different readers may have rather different conception of who is denoted by the “we” in such a formulation, and where the costs accrue. If the security threat is the “havoc” that can be wreaked through an internet connection multiplied by the size of the cyber-capable Chinese army (as Landau suggests in the epilogue, p.255), then Richard Clarke and Robert Knake’s (2010) proposal to embed surveillance and filtering at internet service providers (ISPs) to deal with foreign cyberattacks might seem quite reasonable (such surveillance would receive “rigorous oversight by an active Privacy and Civil Liberties Protection Board to ensure that neither the ISPs nor the government was illegally spying on us” [Clarke & Knake 2010, p. 162]). The principles which guide Landau’s judgments are those embodied in the U.S. Constitution, the open and innovative possibilities of our networks, the right to privacy in communication, and the need to be protected from electronic “intruders” and “threats”. But in making these various appeals Landau is also providing the means to undercut her argument against embedded surveillance, if one values a particular type of security or fears a threat to security over others. She closes with an appeal to consider communications security as vital to both national and personal security, to democracy as well as defense (p.256), but the argument that embedded surveillance makes us less secure is on weaker footing when faced with the catastrophic specter of a cyber-war with China.

In the end, readers may find themselves confronting the dilemma identified by Jonathan Zittrain (2008, pp.60-61), who argues that “the cybersecurity problem defies easy solution, because any of the most obvious solutions to it will cauterize the essence of the Internet”. Like Zittrain, Landau thinks we can improve cybersecurity without sacrificing the internet’s propensity for openness and innovation, but at times she seems to address her arguments more at U.S. policy makers, security officials, and American citizens than at a general readership. The book includes a chapter devoted to analyzing “the effectiveness of wiretapping” in the furtherance of national security and criminal investigations, and the threat of China’s espionage and cyberattack capabilities looms large against a “United States that is being weakened by the very information technologies that brought the nation such wealth” (p.171). Landau’s approach may appeal to those Americans in greatest need of convincing, but it marginalizes arguments based on more critical premises, such as the potential of open networks and private communications to facilitate valuable forms of disruption and social change.

Surveillance or Security? focuses on the U.S. because the complexity of wiretapping policy is better explored through one nation’s economic and legal perspective, and Landau claims that “it should not be hard to reinterpret the issues from the perspective of other nations” (p.10). The networks that constitute the internet certainly warrant analysis on the level of the nation-state, in particular due to the increased assertion of territorially-based state power over and through the internet. The U.S. also deserves study in its own right by anyone interested in global telecommunications, not only because of the influential role of the U.S. in the history of telecom, but because the world’s telecom networks remain disproportionately dependent on U.S.-based institutions and infrastructure. The layout of global fiber-optic cable makes the U.S. “a communications transit point for the entire world” (p.87), and the overall layout of the World Wide Web also remains largely U.S.-centric.

However, many of the details of U.S. wiretapping legislation and practice will not be of interest either to the general reader or to the scholar interested in broader questions of surveillance and telecommunication. The book’s detailed analysis of the U.S. case is therefore its greatest strength, or, for a more general audience, its greatest weakness. Among other strengths are the clarity of Landau’s descriptions of network architecture and internet history, which do not presume prior knowledge on the reader’s part. Surveillance or Security? is clear and approachable, and contributes some much-needed scholarship on the intersection between state and private institutions underpinning contemporary surveillance systems. At its best, it pours cold water on the need to overhaul the internet and expand the scope of electronic surveillance, but Landau is not above fanning the flames to give the issue of communication security some added urgency. In between, surveillance scholars will find plenty of value in the book’s well-researched detail and Landau’s considerable expertise.

One of the headings in the book, What it means to “get communication security right”, remains an open question, with governments moving slowly on the issue, and private institutions largely pursuing their own policies. While it seems clear that securing our communications networks will not be quick or easy, a more immediate concern are poorly-considered proposals to embed and institutionalize surveillance regimes and their attendant harms. Surveillance or Security? contributes to an important conversation, injects caution into a frequently overheated discussion, and offers much of substance for those acquainting themselves with communications security and surveillance.


Clarke, Richard. A., & Knake, Robert. (2010). Cyber War: The Next Threat to National Security and What to Do About It. New York: Ecco.

Landau, Susan. 2010. Surveillance or Security?: The Risks Posed by New Wiretapping Technologies. Cambridge, MA: MIT Press.

Zittrain, Jonathan. 2008. The future of the internet–and how to stop it. New Haven: Yale University Press.


Bell, the British Columbia Telephone Company, and Cold War Surveillance

Late last year, a story broke about a researcher trying to get the Privy Council Office to release a secret surveillance order from the 1950s. This once again demonstrated why news investigations are vital for holding government accountable: the day after the CBC published its story the PCO decided to release the file, and Dennis Molinaro could finally get to finishing a journal article on the topic. More recently, he published the source documents he got from the PCO as a pdf, which if you’re a security & surveillance geek like me makes for great reading alongside his journal article (big up Dr. Molinaro!).

As a result, our understanding of Canadian state surveillance and Cold War security practices has had a significant boost. Something I discovered a couple of years ago was the difficulty of figuring out what police telephone surveillance in Canada was like prior to the era of the Privacy Act (the 1970s and earlier). These documents give us only a view into one particular surveillance program, and only in its early years. The file deals with the period around 1954 when the RCMP’s very very secret PICNIC program needed to be reauthorized, and there was a need to expand its wiretapping beyond Bell to other companies. Interestingly, one option (initially favored by Bell’s lawyer) was to use section 382 of the Railway Act, which allowed the government to take control of telephone infrastructure (“place at the exclusive use of the Government of Canada any electric telegraph and telephone lines, and any apparatus and operators which it has”), but this also required and Order in Council. To put the program on firmer legal footing, the government wanted the company’s cooperation in accepting warrants under the Official Secret Act (something the British Columbia Telephone Company was already happy to do). Some readers may wonder how railway regulation got connected to this mess, and maybe I’ll explain the pre-CTRC link between rail and telecom in another blog post. However, the government of the day, under Prime Minister Louis St Laurent, feared that using the Railway Act as a “cover plan” to govern surveillance was too much of a stretch, though they seemed prepared to go that route if Bell didn’t see things their way, and prepared some dubious legal justifications for doing so.

Bell’s position gave the government significant “difficulties”, and I would love to know the company’s reasoning. Presumably, using the Railway Act as a secret justification would simply have been easier, without having to bother with the paperwork of warrants. But the company was persuaded to agree with the government’s view, and the resulting surveillance regime targeted “subversives” and national security threats, where warrants were written for “a given area” rather than individuals, and seems to have carried on through the 1970s. This was the decade when Canada’s initial privacy and wiretapping laws were developed, replacing the previous jurisdictional patchwork.

The documents released by the PCO give us a fascinating insight into early domestic telecom surveillance in Canada, but this was certainly not representative of how police investigations were carried out in Canada. The RCMP’s (variously renamed) Special Branch/Security Service carried out tasks currently performed by CSIS, with a list of targets informed by a Cold War ideology that saw homosexuals, anti-war activists, and unions as a national security threat. Today, the internet and international terror networks are sometimes blamed for making foreign and domestic communications indistinguishable, but during the Cold War domestic surveillance was routinely carried out under the presumption that the targets were actually foreign agents or channels for foreign influence.

PICNIC was surveillance that was never intended to see the light of day, and it seems that early criminal investigations by Canadian police using wiretaps were also generally not meant to be revealed as evidence in court (it was apparently against RCMP policy to use wiretaps in 1973 and 1974, but they were still used for criminal intelligence). Molinaro writes about how “The monitoring of Canadians required a close level of partnership with corporate society; in this case, with telecommunications companies like Bell Canada”. However, I was reminded of a 1977 wiretapping story where the RCMP finally decided to use wiretap evidence in a drug case, and an officer explained in court about his routine practice of looking like a Bell employee and simply breaking into an apartment building’s terminal room with a screwdriver whenever he needed to tap a phone. In these cases, police did what they wanted with the phone network and there’s no indication that company executives ever complained (if they were even aware).

Kind of reminds me of this other time Canadian police decided to hack the phone network without permission