OTTAWA – The Canadian Internet Policy and Public Interest Clinic (CIPPIC) is charging that Bell Canada has contravened the Personal Information Protection and Electronic Documents Act (PIPEDA) by using deep-packet inspection technology (DPI) to control traffic over its Internet lines.
DPI reveals what subscribers are using their connections for, to find and limit peer-to-peer applications such as BitTorrent. Bell has said it needs to ensure traffic over its infrastructure doesn’t slow down, and DPI is aimed at optimizing its network.
CIPPIC, a University of Ottawa-based legal clinic specializing in Internet law, though noted in a May 9 letter to the Privacy Commissioner of Canada that the practice means Bell is inspecting Internet traffic headers and content, both of which contain information linked to Internet subscribers.
“Such practices – i.e., those involving the collection and use of personal information – are not necessary to ensure network integrity and quality of service. Moreover, subscribers whose traffic is being inspected have not consented to the inspection and use of their data for this purpose,” wrote CIPPIC director Philippa Lawson in the letter.
The letter accuses Bell of failing to obtain the informed consent from individuals for the collection and use of their personal information for the purpose of traffic management, to limit the collection of personal information to that which is necessary for its stated purposes, and to make readily available specific information about its traffic management.
Lawson’s letter pointed out that Bell is engaging in Internet traffic management at both the retail and wholesale levels. Bell sells Internet access service to more than 2 million business and residential subscribers through its Sympatico division.
Bell has denied its use of DPI affects end-users’ privacy.
“…Bell is using DPI to manage traffic not only of its own retail customers but also of end-users who are customers of Bell’s wholesale ISP customers. As Bell has no contractual relationship with these end-users, it cannot obtain their consent to the inspection of the traffic,” countered Lawson.
She added, “Even with respect to its own customers, however, Bell is failing to obtain informed consent to this practice.”
The Canadian Association of Internet Providers (CAIP) on April 3 filed a Part VII application to the CRTC over Bell’s use of DPI technology to allegedly allow it to restrict and reduce the bandwidth it provides to third parties. The CAIP is asking the commission to issue on an expedited basis an interim order directing Bell Canada to “immediately cease and desist from using any technologies to ‘shape,’ ‘throttle,’ and/or ‘choke’ its wholesale ADSL services.”
It also wants the CRTC to issue a final order that would prevent Bell from employing the practice. A response is expected this week from the commission.
In the letter to Privacy Commissioner Jennifer Stoddart, CIPPIC also asks that other company’s Internet traffic management practices be investigated for compliance with PIPEDA.
“In Canada, Rogers Communications Inc. has been the subject of many user complaints about its traffic shaping practices, even before Bell began engaging in similar practices. Other Canadian ISPs who have been accused of engaging in this practice include Shaw Communications, Cogeco, and Eastlink,” noted Lawson in her letter.
