Home / Why Deep Packet Inspection Is(n’t) Being Talked About

Why Deep Packet Inspection Is(n’t) Being Talked About

Please Share...Print this pageTweet about this on TwitterShare on Facebook0Share on Google+0Pin on Pinterest0Share on Tumblr0Share on StumbleUpon0Share on Reddit0Email this to someone

With the on-going debate over net neutrality, privacy and the recent battles being fought over SOPA and ACTA, one technology lurks in the background. Its name is often treated as a curse by activists, spoken of dismissively but rarely in any detail, perhaps because the arguments over privacy, civil liberty and human rights provide a more dramatic, if less quantifiable, focal point for the debate. For others, technologists and broadband providers, it is seen as a much needed tool to maintain a functional internet as demand for bandwidth escalates and a necessary means to comply with legal obligations. So what exactly is Deep Packet Inspection and why is it treated with contempt by some and as the saviour from a growing apocalypse of data overload by others?

Image courtesy of Kuiu

So What is Deep Packet Inspection and How Does it Work?

On a simple level, Deep Packet Inspection is a way of understanding what type of data is passing across a network. So, for example, it is possible to tell if a specific piece of information being sent across the network is HTML, streaming video, email, a web app or even a malicious virus. This then allows the service provider to decide what to do with that particular piece of data based on predetermined criteria. Bandwidth intensive? Throttle it so it doesn’t hog the network for everybody else. Possibly damaging? Deny it access into or out of the network entirely.

DPI technology is able to do this, and do it at scales of millions of simultaneous connections in real time, by analysing multiple layers of each packet of data that passes through the system – not just the IP and TCP header information but right down to the application layer. The application layer contains the information actually being transmitted by internet applications such as web browsers, instant messaging programs or peer to peer streaming tools. By drilling down to this level it is possible to actually identify which service or program the data is originating from. With that information available you can start to apply traffic-shaping and policy control rules such as managing bandwidth for services which are known to be bandwidth intensive or denying access entirely to services which are restricted by specific policy agreements or law.

Why is it Seen as a Threat?

As with most technology, Deep Packet Inspection is itself benign. It is simply a tool for managing the flow of millions of packets of different data simultaneously. That function, however, opens up a Pandora’s box of possible applications, many of them good and some of them concerning. Some of the possible uses of DPI at present include:

  • Limited or Tailored Service – For some specialist cases, such as cell phone contracts that are intended to only allow the user access to Facebook or other services, DPI can ensure that this is enforced.
  • Policy Control– Broadband providers can ensure that their service-level agreements and acceptable use policies are enforced.
  • Bandwidth Management – In addition to monitoring acceptable use and throttling excessive users, DPI can also managed on-the-fly bandwidth management to redistribute traffic loads during busy times.
  • Network Security – the ability to detect and intercept viruses, spyware and DDoS attacks before they reach their destination provides the potential for a massive improvement in network security, denying malicious traffic from reaching, and exploiting, vulnerable individual systems.
  • Law Enforcement Compliance – DPI technology provides networks with the means for complying with specific law-enforcement requirements in different regions, such as CALEA.
  • Quality of Service – The traffic control and bandwidth management abilities of DPI allows service providers to intelligently shape network traffic to prevent heavy users of streaming or P2P services from slowing down the network for other users.

So Where’s the Rub?

The main purpose of Deep Packet Inspection technology is to give users a better experience and to make intelligent delivery of service more manageable for network providers. All of the above applications are primarily aimed at stopping users or software from reducing the quality of service for other users, delivering the expected service or complying with legal requirements, so why is DPI at the centre of so many debates concerning issues as fundamental as free speech, civil liberties and privacy? To understand this it’s worth looking at some high-profile debates, campaigns and recent events to see how DPI fits in.

Net Neutrality

Net Neutrality is an issue which has been running for a few years now. Some big network providers have expressed a desire to not only shape traffic but actively charge content providers to guarantee a lion’s share of the bandwidth for their content. Net Neutrality campaigners see this as a move which would remove the democratic nature of information on the internet. The content providers with deeper pockets effectively being able to buy their way onto people’s computers whilst independent content providers would be locked out, bandwidth throttled to a snail’s pace or rejected from the networks altogether.


SOPA, PIPA and ACTA are three bills – SOPA and PIPA introduced to the US and ACTA to the European courts – which have recently been the centre of dispute. Broadly speaking, their purpose is to put the liability for copyright infringement on content providers and ISPs and to grant copyright holders and the Courts the ability to take unilateral action, forcing websites to be blocked at source if they are located outside of the US, placing the onus on ISPs to identify and exclude copyright infringing material and mandatory net-work level filtering to block individual users from the internet for repeat allegations of copyright infringement. These bills variously raise concerns over the damage that could be done to ‘the internet as we know’, making it possible that services such as Twitter and Facebook could be blocked as well as concerns over the infringement of privacy rights which could be caused by mandatory requirements for ISPs to actively inspect and identify all personal network traffic.


DPI is actively used in many countries to censor unsavoury content such as pornography on 3G networks in the UK. Whilst this is typically done to protect the ISP from any legal repercussions as a result of minors using their services it does have its detractors especially as the filtering is often applied presumptively without the opt-in of the subscriber. Of even greater concern to civil liberties campaigners is the use of DPI in countries such as Iran where it is being used country-wide to deny access of individuals of all ages to content and services which the regime considers ‘dissident technology‘ such as Twitter and Tor. And it’s not just far removed dictatorships who see the allure of being able to manipulate and control the tools of civil uprisings; in the wake of anti-capitalist demonstrations in London and riots across the country in 2011, UK Prime Minister David Cameron raised the notion of having the option to deny access to social media service such as Facebook, Twitter and BlackBerry Messenger during future civil unrest.


Of course, in all of these cases it isn’t the technology itself which is at fault but the intent of the organisations deploying the technology. Deep Packet Inspection is clearly an essential tool in effectively managing bandwidth across mobile and fixed networks and to maintain a high quality of service for as long as the increase in demand outpaces the ability for ISPs to upgrade infrastructure. Meanwhile, its role in more politically charged aspects of our online world will continue to be debated until legislation can be put in place which protects the individual from potential abuse of access to and control of personal data which the technology affords corporations and government organisations alike.

Powered by

About Stanley Cooper

  • FalseFlagging

    The marketing of internet connections packages are misleading and in many cases, FALSE ADVERTISEMENT.
    if a user pays for the connection, its the job of the provider to assure they get the product. the telecoms movement to monetize packets beyond all recognition is criminal

  • Jim H

    I participate in several forums related to my hobbies. One is scale military modeling. Often some point about a detail on the real vehicle or uniform or something related is discussed. Sometimes it may be something like the presence or absence of a bracket on a tank turret or the tire tread pattern on a truck tire or if a certain camouflage pattern was used in a certain theater of war. Members will post images from sources, often books or magazines to support or disprove these points. There isn’t any intent to steal or plagiarize anything- these things are done for reference or educational purposes. Since the sheer quantity of material is huge, diverse, and world-wide, there is no other practical means to provide this information. Often, one can’t simply go out and buy the book to reference a photo because the materials are often ultra expensive, hard or impossible to find, or any number of other reasons. Usually it’s a case of a picture is the only way to adequately describe the topic.

    I am sure people can come up with any number of similar issues where this law will do more harm to more people than do any good.

    Besides, there are plenty of readily available software that will record any audio and/or video streamed to or played over a computer. Screen shot software can still capture images that are blocked from being copied from their respective web sites. The people who large scale ‘steal’ copyrighted material will still find a way and these laws won’t make much difference for them. But, everybody else will suffer.

    This makes me wonder (fear) what the next step will be. Will ISPs scan subscriber computers for certain types of software and then punish the computer user for it? As one who had computer hardware damaged by Starforce (I think it was) DRM software that came on a computer game some years ago I well understand the danger of this kind of idiot-ology. It took the presence of a CD writer and CD copy software on my PC to mean I was a pirate and it trashed my writer by altering it to continually reducing its write speed until it was no longer able to write. I have had other DRM software prevent software from installing based on the fact I had virtual drive software on my machine. Is this what we’re coming to yet again?

  • Igor

    My local coffee shop already practices DPI to throttle BT traffic (and maybe some others). But that’s just because BT has a prominent signature. Better obfuscated transports can hide their intention better. And in the end the internet architecture can solve those internet problems. Thus proving the superiority of such a free system over proprietary systems and centralized systems.

  • donger

    its an article about, nothing..
    everyone is writing about something…
    we’ll do, nothing…