One of the commonest and strongest arguments against the idea of deep packet inspection by ISP's is that it is a system with wide potential for abuse. This criticism is often acknowledged and then met with wide assurances of proper controls and oversight.
The problem is that there now appears to be a real world example of a monitoring system being abused. And it has happened exactly as predicted.
Harriton High, Pennsylvania. The school purchases laptops for their pupils to use in class - a modern move for a modern school supporting children in the digital age. And better yet the laptops can be taken home, indeed it is encouraged.
But there the story starts to go wrong. Because those laptops have security software installed. Software which, if activated, takes a picture using the webcam, a screen-shot and records the IP address before sending all of this information to the school servers. This occurs every 15 minutes.
The feature was, according to the school, to be used for "the limited purpose of locating a lost, stolen or missing laptop".
But here's the kicker; it appears that abuse of the system has occured. Imagine the surprise of Blake Robbins when he was suddenly disciplined for using illegal substances at home (apparently it was actually candy). How did the school know? The webcam images of course. It now turns out that hundreds of images may have been taken of Blake over a 2 week period of him using the laptop.
There is a lot of discussion over whether the software was activated deliberately. I believe this to be irrelevant. If the laptop was considered stolen by somebody then, fine, turning on the tracker is legitimate. But why were pictures still taken over the course of several weeks? It should have been immediately clear that one of the pupils had the laptop, the software could have been turned off and a phone call would have confirmed the situation.
Why did that not happen? A mistake, poor school policy, a rogue sysadmin? I'm sure details will come out in the wash but for me there is a wider problem. Why was Blake disciplined for the supposed drugs indiscretion?
It's an issue because he was in his own home and being spied on. Whether or not he is using drugs why is it the schools prerogative to discipline him? If the image had been noticed accidentally as part of the theft tracking process then why did the school not talk to his parents first?
There is a yet deeper issue. Parents and kids do not appear to have been notified of the tracking softwares existence. Indeed it appears they may even have been mislead when asking about the blinking of the camera light (which flashes when a screenshot is taken); told that it was a glitch and would be fixed.
This case is going to be focused, I suspect, on the actions of a few people. Im sure there will probably be a witch hunt to try and prosecute them for child pornography (hint: there is no need, plenty of other laws cover their actions). But what it really needs to be about is the abuse of a system put in place under the auspices of security and protection.
Deep Packets
So, we come back to the idea of web filtering and deep packet inspection. Much lauded by some as perfect for stopping child pornography (I've already contributed my views on that topic) and other illegal activity it's an idea that governments are becoming more and more in favour of.
Fair enough; there is logical basis to the argument. Some illegal activity would be affected (I don't think the word stopped really applies for obvious reasons) but, conversely, the scope for abuse is massive.
What happens when a mistake (or otherwise) notices that I am Googling for drug related keywords. Do I get a visit from my MP to "discipline" me? Extreme example I know but once the system is in place it is, I feel, the kind of thing that would slowly become normal. Not for any malicious or "tyrannical" reason but because someone, somewhere, thinks he's protecting me.
Or what happens if a rogue individual/organisation begins to store information on people. Unlikely to happen? Everyone would be vetted we are told. Sorry, that doesn't make me feel safer when such checks are easy to subvert.
Don't get me wrong: I am not an over-the-top conspiracy zealot. I don't believe that governments (well, most governments) want to install these systems for malicious purposes. Just like at Harriton High there are bureaucrats, somewhere, who honestly believe this is a Good ThingTM and will protect people. It's a pipe dream.
We are slowly seeing more and more systems imposed under the auspices of security and protection. Systems installed by people driven mostly out of fear; the fear that on their watch something will happen that they could have prevented. Or by pride; the desire to implement a system that, for example, finally stops the paedophiles.
Ultimately, I think, it is too fine a line for us to walk safely along. Now is the time to stand up and say so - before it becomes normal.