[ NNSquad ] Possible Risks in MIT/ISPs Internet Traffic Analysis Study

NNSquad - Network Neutrality Squad
NNSquad Home Page
NNSquad Mailing List Information

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] Possible Risks in MIT/ISPs Internet Traffic Analysis Study

To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Possible Risks in MIT/ISPs Internet Traffic Analysis Study
From: Lauren Weinstein <lauren@vortex.com>
Date: Mon, 2 Nov 2009 09:09:06 -0800

Re the sharing of ISPs' traffic data with MIT researchers:

While http://mitas.csail.mit.edu/ discusses a number privacy-related
actions taken by the project participants, concern would still seem
appropriate.  I for one would like to know how much non-anonymized
*destination* traffic data is being made available for this project,
particulary in light of the stated ability to track (anonymized) MAC
addresses.  Also, to what extent are we dealing with aggregrate
statistics vs. actual traffic payload contents?

Research is continuing to show that it is surprisingly possible to
reconstruct identity data from supposedly "anonymous" data sets via
various analytical techniques.  One obvious concern in a situation
like this "deal" between ISPs and MIT is to what extent "outside
entities" could demand access to the data with the goal of scanning
for particular usage patterns of interest, traceable back to
anonymized MAC addresses.  At that point, it might be possible to go
to either the Internet services in question or back to ISPs to demand
identity information related to the particular activity patterns.  In
other words, even if MAC addresses are scrambled in this data, the
trackability of individual anonymized MAC addresses still creates
potential avenues for abuse.  If you can identify a given anonymized
MAC address of interest in terms of even a single connection in the
data, you can then use that scrambled MAC address to identify all
other related activity by that user.

Remember a few years ago when AOL released a massive pile of
supposedly "scrubbed" search data, but it was still possible to pick
out individual users? 
( http://en.wikipedia.org/wiki/AOL_search_data_scandal )

Analytical techniques have advanced considerably since then.

I believe that we need to know *much* more about the details of this
MIT/ISPs project.

--Lauren--
Lauren Weinstein
lauren@vortex.com
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, NNSquad
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, GCTIP - Global Coalition 
   for Transparent Internet Performance - http://www.gctip.org
Founder, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
Twitter: https://twitter.com/laurenweinstein

 - - -

----- Forwarded message from David Farber <dave@farber.net> -----

Date: Mon, 2 Nov 2009 10:48:12 -0500
From: David Farber <dave@farber.net>
Subject: [IP] MIT Internet Traffic Analysis Study
Reply-To: dave@farber.net
To: ip <ip@v2.listbox.com>

I assume proper care is taken on privacy djf

Begin forwarded message:

From: Jason Livingood <jason_livingood@cable.comcast.com>
Date: November 2, 2009 10:43:24 AM EST
To: Dave Farber <dave@farber.net>
Subject: MIT Internet Traffic Analysis Study

Dave - May be of interest for IP.

During the activities surrounding Comcast’s congestion management  
challenges and responses in 2007 - 2008, one of the criticisms we heard was 
that in the absence of good industry traffic data available to researchers, 
it was not possible to either (1) objectively analyze traffic data or (2) 
study any of the growth to develop new network designs and standards (not 
to mention conducting other general network research).  As a result of 
that, we’ve been working more closely with researchers on a number of 
fronts.  One of these efforts has just been announced by MIT, and Comcast 
has advised its users of its participation:

Comcast Participates in MIT Internet Traffic Analysis Study

The MIT Internet Traffic Analysis Study (MITAS) is a new research project 
at the MIT Computer Science and Artificial Intelligence laboratory (CSAIL). 
The goal of this project is to undertake novel empirical research of ISP 
traffic data. Data will be collected from at least six participating ISPs, 
including Comcast, and the project hopes to add more ISPs. Better data and 
collection methodologies are needed to inform the industry, the network 
research community, and policy discussions about appropriate technical and 
business approaches to traffic management.

Detailed traffic data will be collected from ISPs over time, enabling  
researchers to formulate empirically valid characterizations of both  
aggregate traffic patterns, as well as a traffic profile for the average 
users. It is important to note that no personally identifiable information 
about any participating ISPs' users will be used in this project.

More information about the MITAS research project can be found at the  
MITAS website, at http://mitas.csail.mit.edu.  The MITAS project is led at 
MIT by Bill Lehr, David Clark, and Steven Bauer.

Regards
Jason Livingood
Internet Systems Engineering
Comcast

PS – The above info was also noted recently our our Network Management web 
page at http://networkmanagement.comcast.net




-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com

----- End forwarded message -----

Prev by Date: [ NNSquad ] 100 Mbps symmetric broadband for $13/mo (for 24 months)
Next by Date: [ NNSquad ] Biggest Net Neutrality boosters question FCC proposal
Previous by thread: [ NNSquad ] 100 Mbps symmetric broadband for $13/mo (for 24 months)
Next by thread: [ NNSquad ] Re: [IP] BitTorrent uTorrent 2.0 uTP will self-throttle to protect networks
Index(es):
- Date
- Thread