We recently wrote about how Swedish ISP Bahnhof had announced plans to use a VPN to encrypt all traffic
running over its network, thus making any log files it was required to store under data retention rules useless. Slashdot
points us to the news that ISP Review, over in the UK, has asked a bunch of UK ISPs their thoughts
on encrypting all traffic, and questioning whether they would do the same to protect user privacy.
The answers are pretty interesting. None of them seem interested going as far as VPNing all traffic, with some suggesting that it's just too expensive. One ISP, AAISP, says that there's a better solution than VPN, which is to just switch to a carrier grade NAT, for which there are no requirements to log those sessions. IDNet suggested that it might consider making such a service "opt-in," since some people might want it, but it creates other downsides that not all customers appreciate. The one response that struck me as questionable was from Entanet, who seemed to indicate that the only
reason to encrypt traffic was if you were doing something wrong:
As a responsible communications provider, we don't advocate any steps to proactively create the ability to avoid the identification of parties who are deliberately committing acts of data piracy.
The focus is not to "avoid identification" of people involved in "piracy," but to provide privacy in general
. Given just how many examples we've seen of governments spying on users' data habits with very little legitimate purpose, it seems like an ISP that actually protects its users privacy should be seen as a good thing.
It makes me wonder if we'll start to see more ISPs like Bahnhof pop up, with a focus on promoting the fact that they protect your privacy. In an age when so many people flipped out about Google's WiFi sniffing, you would think that these same people would celebrate ISPs that automatically encrypt traffic, as that would solve such problems. Yet, instead, it seems like the very same people are suggesting that such encryption is only for bad purposes.
Of course, here in the US, there are almost no choices among ISPs, and the ones that are available all have strong and close relationships with the government (hi, AT&T!), so it's not like they have any interest in protecting customer privacy. Though, this also explains why there's nothing serious in any US-based broadband plan around increasing competition. If there were real competition, perhaps some providers would look at better ways to protect user privacy. So, as long as the government can keep competition limited to a few entities who rely on the government, the government knows it can always get the info it wants, no matter how dubious the legal rationale.