DPI
I'm at a hotel that won't let me send SMTP mail - in Mountain View! - and so I thought today would be a good day to talk about Deep Packet Inspection. Nate Anderson of Ars Technica wrote a fine article about this recently.
In talking about tricky “when the law hits the network” questions, we often assume that non-cableco ISPs can't know all that much about what their subscribers are doing online. It would take so much computational effort to look at packets zipping by that the user experience would grind to a halt - people would take their business elsewhere.
It turns out that's just not true. Anderson's piece points out that there are vendors selling products that are designed to dig into a packet's payload and make educated guesses about what the packet is part of. And more than that - they can reconstitute webmail messages and chat sessions.
Patient visitors to this blog will remember that I've spent a lot of their time talking about CALEA. Well, these same vendors make CALEA compliance easy for ISPs, because they can just isolate all the traffic coming from a particular subscriber and forward it on (in response to adequate legal process, you hope) to law enforcement.
The vendors' argument on “traffic shaping” is that it's only fair - why should some bandwidth hogs get away with whatever they want to, when capacity is constrained? A response could be: why don't you provision more bandwidth, and then charge people for using more capacity?
The key point, the money quote, is here:
Think about that for a second. We assume for purposes of the whole Net Neutrality debate in this country that competition is absent in the “last mile.” What if there's no competition for backbone transport? What if the backbone providers think they can get away with private traffic shaping too? We'll have no way of knowing, and they'll be able (apparently) to watch the payload of every packet.
Comments
4 Responses to “DPI”
Got something to say?
Can you ssh out? Or is port 22 blocked, too?
Also, if you have tcptraceroute available on your laptop, can you reach, say, port 1022 on one of your static boxen outside the hotel?
Listen, Susan, if they've got you locked up in there, just holler for help. I'm sure lots of people would be willing to you help tunnel out of that prison.
1. As a so-called “ICANN Director” (and Esther Dyson plant), it is shocking that you have apparently not spent much time considering the evolution that is happening NOW. The migration is to an FCC-regulated back-bone and an enhanced edge community.
2. That migration is partly to allow North America to route around many of the unsavory actors that ICANN showcases as “Internet Pioneers”.
3.Millions of people have been quietly moved off of the ICANN cabal infrastructure.
They no longer rely on that clique's DNS or routing, or even the address blocks.
They do get a high-speed back-bone they really really like.
4. It gets very ugly from here, as those protected millions continue to get
better and better service and….routing is cut-off to the ICANN cabal.
The FCC, the telcos and the cablecos are now in the dominant role. Millions
of protected users prefer it that way. They elected the FCC and they vote
with their dollars with the carriers. Did they vote you into ICANN ? No!!!
The FCC-bashing and telco-bashing that YOU have done helps to fuel
the good people in the .USA to work hard to route around your cabal.
It is unfortunate that much of the world has no bandwidth to participate in
the Next Generation Network. The laws of physics prevent them from
being able to participate. Not even the ICANN cabal has the arrogance
to claim to be able to change the laws of physics. Instead, they are telling
people to move OFF of the FCC broadband back-bone to their IPv6
text-chat IM services. Broadband NA users could not care less where
the ICANN cabal moves. They want their .TV and their .MP3 and .USA
and the FCC is delivering and will continue to deliver.
Again, it gets very ugly from here. Massive de-routing, based on lack of
USA bandwidth performance on the back-bone, will free up address space
for the FCC to re-distribute. Spectrum is spectrum. The FCC spectrum
auction of the old IPv4 address blocks will be intereting to watch. Just
think, you will have something else to bash as unfair, while being a so-called
Director of the most unfair cabal ever seen by mankind, ICANN.
Hello All:
I certainly do NOT consider Professor Crawford a lackey for ICANN or anyone. She calls them as she sees them without corporate sponsorship.
I too see the problem in deep packet inspection. See http://www.personal.psu.edu/faculty/r/m/rmf5/Net%20Neutrality%20and%20IPR.htm. DPI provides the means for ISPs to enforce DRM without any opportunity for end users to claim fiar use. The packets can be preempted and blocked not at the receiver's PC, but at the ISP's router. The router decides whether I can receive specific bitstreams.
Hello All:
I certainly do NOT consider Professor Crawford a lackey for ICANN or anyone. She calls them as she sees them without corporate sponsorship.
I too see the problem in deep packet inspection. See http://www.personal.psu.edu/faculty/r/m/rmf5/Net%20Neutrality%20and%20IPR.htm. DPI provides the means for ISPs to enforce DRM without any opportunity for end users to claim fair use. The packets can be preempted and blocked not at the receiver's PC, but at the ISP's router. The router decides whether I can receive specific bitstreams.