Slashdot Mirror
Deep Packet Inspection and Net Neutrality
EncryptKeeper writes "Ars Technica has an in-depth feature on deep packet inspection, and it's a disturbing read. ISPs are starting to turn to DPI to monitor their networks, and, more troubling, to look at how they can use it to shape, block, monitor, and prioritize traffic. 'The "deep" in deep packet inspection refers to the fact that these boxes don't simply look at the header information as packets pass through them. Rather, they move beyond the IP and TCP header information to look at the payload of the packet. The goal is to identify the applications being used on the network, but some of these devices can go much further; those from a company like Narus, for instance, can look inside all traffic from a specific IP address, pick out the HTTP traffic, then drill even further down to capture only traffic headed to and from Gmail, and can even reassemble emails as they are typed out by the user.'"
Hmm, I need some help with this one, since my networking kungfu sucks... When I login to Gmail, I am in a https mode, and this persists through my whole session. I was under the impression, perhaps naively, that this meant my session to Gmail was encrypted and that only I and the Gmail server could decipher the contents of my mail, that is until I click send, and it goes from the Gmail server to wherever I send to. So if this is true, how would someone be able to reassemble my email as I type?
It really is time to start encrypting everything from everywhere/to everywhere.
The NSA wiretapping with the collusion of the US telecom industry is just the start.
This technology is going to be seen as a data mining opportunity. Want to bet that some of the big data aggregators are going to start installing this technology - or paying ISPs or backbone providers for the privelege.
The whole point of common carrier protection should be that if they do any tampering to the content, it is assumed that they knew what was passing through their network. It should be a protection that only exists when the company is in 100% compliance. The moment they insert ads into web pages they didn't buy, rewrite an email, censor someone, etc. even if it is one group in a 100,000+ employee company, the entire company should lose common carrier status and be open to litigation from everyone who has any copyright or other type of valid complaint otherwise shielded by common carrier status.
I wonder about this somewhat.
I work for a telephone coop in their internet dept. We've been drilled about the evils of Vonage/Skype, etc cutting in to our MUCH more lucrative-than-internet-or-tv-depts for a while now.
But, as all of our customers have access to our's and other's(namely cable) broadband. I don't know that filtering out VoIP would be a good move. We've had a few customers whine that their VOiP isnt reliable(duh) on our service. (mine seems to work just fine) So the first thing they do is go to the cable company for service(not that this makes any difference in their reliability)
So with the cable and other non-dialtone companies, filtering VoIP causes phoe co's to loose not only an internet customer but a landline costomer as well. As we require a landline for our broadband, we stil get the best of both worlds while still providing VoIP access.
This has already been done.
See Relakks.
I am sure there are more.
I worked on developing one of these boxes. Not Naurus, but a competitor (who's name starts with "P"). You are absolutely spot on. But you, and many here, are really not understanding the scale or the scope intended, or what is possible. This stuff is kept well out of the mainstream press, for good reason.
First, it's not just ISP's and the NSA, but also Universities. U.C. Berkeley is the biggest fanboi of this stuff. Any new tech, they want. And their IT department has been all over this. Nor are they aren't the only University.
And yes, the RIAA is promoting this stuff too. Very eagerly. And every other control freak out there.
The next obvious step is to network these boxes across the global, to keep track of traffic in realtime. Yes, that's a jump up. But it's doable. And it will happen. That is, people will be able to keep track of what you're doing on the internet in real time.
Also, what people aren't thinking about is the abilitiy to preserve this information. Vast storage is cheap, and getting cheaper. People are targeting saving two-years of realtime data. That's pushing things, but this is what people want. And they want to be able to preserve it longer. There's a huge amount of potential datamining there. Especially when they are able to preserve Internet traffic for longer and longer periods.
In short, the goal is to not only be able to track your every Internet connection, and what you did, but to preserve it for years. Some folks want cradle-to-grave. While they won't get it for a while, that's the direction this stuff is headed.
The bottom line is that encryption is one key defense. Necessary but not sufficient. Just be grateful that the PGP battle was won back in the 90's. If the battle for publically available strong cryptography had been lost then, you wouldn't be having this option. Connections are the other item. The support for obscuring this is lagging, and some cases broken. But it's still critical.
Finally, everyone should be aware that all of these boxes are hackable. If you know why Ethereal/Wireshark was kicked out of OpenBSD, you understand what's going on. The development environments common in this industry are also prevalent here. Harried developers don't care about buffer overflows. That's a total afterthought with minimal risk in the commercial space.
Or, to put it simply, you should in theory be able to not only detect when your traffic is being sniffed, but also be able hijack the sniffing as well.
So in summary, yes, encryption is useful. But it's not sufficient. And there's a heck of a lot more going on in this field than people are aware of, or even thinking about.