With the on-going debate over net neutrality, privacy and the recent battles being fought over SOPA and ACTA, one technology lurks in the background. Its name is often treated as a curse by activists, spoken of dismissively but rarely in any detail, perhaps because the arguments over privacy, civil liberty and human rights provide a more dramatic, if less quantifiable, focal point for the debate. For others, technologists and broadband providers, it is seen as a much needed tool to maintain a functional internet as demand for bandwidth escalates and a necessary means to comply with legal obligations. So what exactly is Deep Packet Inspection and why is it treated with contempt by some and as the saviour from a growing apocalypse of data overload by others?
Image courtesy of Kuiu
So What is Deep Packet Inspection and How Does it Work?
On a simple level, Deep Packet Inspection is a way of understanding what type of data is passing across a network. So, for example, it is possible to tell if a specific piece of information being sent across the network is HTML, streaming video, email, a web app or even a malicious virus. This then allows the service provider to decide what to do with that particular piece of data based on predetermined criteria. Bandwidth intensive? Throttle it so it doesn’t hog the network for everybody else. Possibly damaging? Deny it access into or out of the network entirely.
DPI technology is able to do this, and do it at scales of millions of simultaneous connections in real time, by analysing multiple layers of each packet of data that passes through the system – not just the IP and TCP header information but right down to the application layer. The application layer contains the information actually being transmitted by internet applications such as web browsers, instant messaging programs or peer to peer streaming tools. By drilling down to this level it is possible to actually identify which service or program the data is originating from. With that information available you can start to apply traffic-shaping and policy control rules such as managing bandwidth for services which are known to be bandwidth intensive or denying access entirely to services which are restricted by specific policy agreements or law.
Why is it Seen as a Threat?
As with most technology, Deep Packet Inspection is itself benign. It is simply a tool for managing the flow of millions of packets of different data simultaneously. That function, however, opens up a Pandora’s box of possible applications, many of them good and some of them concerning. Some of the possible uses of DPI at present include:
- Limited or Tailored Service – For some specialist cases, such as cell phone contracts that are intended to only allow the user access to Facebook or other services, DPI can ensure that this is enforced.
- Policy Control– Broadband providers can ensure that their service-level agreements and acceptable use policies are enforced.
- Bandwidth Management – In addition to monitoring acceptable use and throttling excessive users, DPI can also managed on-the-fly bandwidth management to redistribute traffic loads during busy times.
- Network Security – the ability to detect and intercept viruses, spyware and DDoS attacks before they reach their destination provides the potential for a massive improvement in network security, denying malicious traffic from reaching, and exploiting, vulnerable individual systems.
- Law Enforcement Compliance – DPI technology provides networks with the means for complying with specific law-enforcement requirements in different regions, such as CALEA.
- Quality of Service – The traffic control and bandwidth management abilities of DPI allows service providers to intelligently shape network traffic to prevent heavy users of streaming or P2P services from slowing down the network for other users.
So Where’s the Rub?
The main purpose of Deep Packet Inspection technology is to give users a better experience and to make intelligent delivery of service more manageable for network providers. All of the above applications are primarily aimed at stopping users or software from reducing the quality of service for other users, delivering the expected service or complying with legal requirements, so why is DPI at the centre of so many debates concerning issues as fundamental as free speech, civil liberties and privacy? To understand this it’s worth looking at some high-profile debates, campaigns and recent events to see how DPI fits in.
Net Neutrality is an issue which has been running for a few years now. Some big network providers have expressed a desire to not only shape traffic but actively charge content providers to guarantee a lion’s share of the bandwidth for their content. Net Neutrality campaigners see this as a move which would remove the democratic nature of information on the internet. The content providers with deeper pockets effectively being able to buy their way onto people’s computers whilst independent content providers would be locked out, bandwidth throttled to a snail’s pace or rejected from the networks altogether.
SOPA, PIPA and ACTA
SOPA, PIPA and ACTA are three bills – SOPA and PIPA introduced to the US and ACTA to the European courts - which have recently been the centre of dispute. Broadly speaking, their purpose is to put the liability for copyright infringement on content providers and ISPs and to grant copyright holders and the Courts the ability to take unilateral action, forcing websites to be blocked at source if they are located outside of the US, placing the onus on ISPs to identify and exclude copyright infringing material and mandatory net-work level filtering to block individual users from the internet for repeat allegations of copyright infringement. These bills variously raise concerns over the damage that could be done to ‘the internet as we know’, making it possible that services such as Twitter and Facebook could be blocked as well as concerns over the infringement of privacy rights which could be caused by mandatory requirements for ISPs to actively inspect and identify all personal network traffic.
DPI is actively used in many countries to censor unsavoury content such as pornography on 3G networks in the UK. Whilst this is typically done to protect the ISP from any legal repercussions as a result of minors using their services it does have its detractors especially as the filtering is often applied presumptively without the opt-in of the subscriber. Of even greater concern to civil liberties campaigners is the use of DPI in countries such as Iran where it is being used country-wide to deny access of individuals of all ages to content and services which the regime considers 'dissident technology' such as Twitter and Tor. And it’s not just far removed dictatorships who see the allure of being able to manipulate and control the tools of civil uprisings; in the wake of anti-capitalist demonstrations in London and riots across the country in 2011, UK Prime Minister David Cameron raised the notion of having the option to deny access to social media service such as Facebook, Twitter and BlackBerry Messenger during future civil unrest.
Of course, in all of these cases it isn’t the technology itself which is at fault but the intent of the organisations deploying the technology. Deep Packet Inspection is clearly an essential tool in effectively managing bandwidth across mobile and fixed networks and to maintain a high quality of service for as long as the increase in demand outpaces the ability for ISPs to upgrade infrastructure. Meanwhile, its role in more politically charged aspects of our online world will continue to be debated until legislation can be put in place which protects the individual from potential abuse of access to and control of personal data which the technology affords corporations and government organisations alike.