DPI and Net Neutrality's Overseas Weak Spot

Ian Lamont writes "An unnamed source at an American ISP says staff there briefly considered using Deep Packet Inspection to comply with an order from Argentina's Department of Justice to block access to a local gambling site. The ISP ended up not going that route, owing to the cost, but some engineers at the company worry that DPI will eventually be implemented on the ISP's overseas network, thereby positioning it for an easier US rollout should Net Neutrality lose out in Washington. Besides being used for traffic-shaping, DPI can also monitor the traffic of ISP subscribers to supply targeted advertising."

This is where customers put their foot down.

[MindlessAutomata]

And say "No".

Even if it hurts in the short run. The loss of consumer bargaining power in these instances, where the contracts possibly allow for this, is the fault of the general consumer to begin with.

Re:This is where customers put their foot down.

[snl2587]

And say "No".

I ask, "to whom?". The ISPs are not the only ones who want (to use a generalization) the traffic of subscribers to be monitored. I think you overestimate the power of the consumers in this case.

Re:This is where customers put their foot down.

[pseudorand]

Don't be a tool. The Internet has always operated on the principle that traffic on the public network isn't private. Let them use Deep Packet Inspection. If you didn't encrypt your data, that's your fault.

And as for consumer bargaining power, we never had any. Residential broadband has always been without an SLA. Even if you network goes down or is slow for weeks, your only recourse is to cancel your service.

What we need are SLA's for consumer broadband that guarantee a minimum (not maximum) bandwidth. Then, let them inspect all they want, I'll encrypt what I need to be private. And let them block all they want within the SLA, I'll pay for the level of service I need.

Don't get me wrong, I'm all for Net Neutrality. The ISP I'm handing my money to should be routing anything I choose to send, illegal or no (since IPSs should just be carriers and not liable or responsible for how I choose to use their network), but just don't everyone go panicking that "they're looking at my data".

Re:This is where customers put their foot down.

[garett_spencley]

I'll encrypt what I need to be private. And let them block all they want within the SLA, I'll pay for the level of service I need.

What happens when ISPs start to throttle (or block all together) encrypted or binary data ?

I can already imagine the justifications: "binary data consists largely of pirated software and media!", "only terrorists, pedophiles and other criminals have something to hide and use encryption!" "yap yap yap!"

At the risk of sounding pretentious, I believe that the Internet is one of the greatest assets for human advancement and achievement since the printing press. It is far too important to us to allow certain groups with special interests to ruin it for everyone. One last resort is to force ISPs who succumb to government pressure out of business. In the meantime we have to use every single democratic and diplomatic means at our disposal to force government to make the decisions that serve the larger population's wishes, and not the small special interest groups that want to shut the rest of the world up.

Re:This is where customers put their foot down.

What happens when ISPs start to throttle (or block all together) encrypted or binary data ?

Then those ISP's customers are shut out of commerce ("Whaddya mean I get a timeout when I try to send my credit card to amazon or log into my bank?") and the users decide to use some other ISP.

Re:This is where customers put their foot down.

[PopeRatzo]

I think you overestimate the power of the consumers in this case.

If the consumers go away, the corporation goes out of business.

Now how is the GP "overestimating" the power of consumers if the very life of the corporation in question hangs in the balance?

In the past decade, American consumers went trillions into debt to purchase foreign consumer goods and thus kept the funny-money US economy from crashing like the Hindenberg. I would say that's a mighty display of "power".

The only people who don't think consumers have "power" are mostly running banks and corporations. It might be time to give them a refresher course on the meaning of the word.

In a way, it's very similar to the situation between the people who have political power in this country and the citizens.

Re:This is where customers put their foot down.

[PopeRatzo]

If you didn't encrypt your data, that's your fault.

Don't think for a second that private use of encryption isn't under attack by the telecoms and the government that works for them.

Re:This is where customers put their foot down.

[philspear]

You convinced me. I'd like to get in on this boycott. Send me an e-mail when I need to cancel my internet, and then send me another email when the boycott is over and I can resume using the... internet...

I think I may see a problem here.

Re:This is where customers put their foot down.

[Ichijo]

What happens when ISPs start to throttle (or block all together) encrypted or binary data ?

Then we'll Uuencode or BinHex the binary data so it looks like ASCII.

DIP will likely be rolled out to support QoS.

[Ungrounded+Lightning]

IMHO Deep Packet Inspection will be rolled out to identify the protocols in use on connections, to support assigning the correct QoS to different protocols.

For instance: File transfers accelerate until they consume (and equally divide) all bandwidth at the most congested link in their path, but just slow down if they're artificially limited below that level. Meanwhile Streams are band limited but must go to the front of the line to meet their jitter and delivery reliability requirements, though delayed stream packets are useless and should be dropped to avoid also delaying their successors.

Unfortunately the tagging of the packet itself can't be trusted because there is an incentive to achieve improved service by cheating, requesting better service than necessary. (And a Microsoft IP stack, widely deployed, made just this "improvement".)

My take: The right solution is to write a contract for various rates of "premium" packets, then accept the labeling but demote the QoS on packets above the running limit. Then the incentive is on the user to obtain software that doesn't cheat, and the ISP doesn't need to deep inspect.

Unfortunately, the ISPs and equipment vendors seem to be going with the DPI identification approach. And that means deploying DPI, which can then be misused by the ISPs to do the bad kind of non-neutrality.

Re:Packet Encryption

[Intron]

The problem is that even if every website also did this, which they won't, your ISP could still sell your browsing history to advertisers or give it to the feds because they know what sites you visit even if they don't see the contents of the packets.

To avoid this you need something like Tor.

All the more reason to move to IPv6...

[albee01]

IPv6 was designed to be more secure and encryption is built in (IPsec). It seems that the best solution to the whole net neutrality issue is to encourage the transition to IPv6 as quickly as possible.

Re:All the more reason to move to IPv6...

[kriss]

I'd hand out a complimentary tinfoil hat if I had one.

IPv6 is on the radar and requested as a must-have, but normally only on a roadmap level ("Will your product support this some time in the future?"). In some parts of the world (there's more to it than the US), any device incapable of IPv6 won't get onto the network in the first place.

If you stop to think about the practical implications for a while, it's very unlikely that encryption will be that much more widespread than it is today (it's a processing power issue as well, not just one of protocol ease of implementation) while the whole NAT issue will be zapped. This means that DPI gear all of a sudden can pick out a whole lot more, since traffic that'd normally be aggregated by a NAT - won't be. Insta-higher-resolution.

There's no conspiracy here. Really.

Re:ISPs in Canada already throttle encrypted traff

They throttle https? How have online banks and retailers reacted?

Everything Should Be Secure-ish

[Nymz]

A lock doesn't need to be unbreakable in order to be of some value, it only needs to be good enough to deter some violators. Examples:

• Envelope - takes time and effort to hold up to a light, or reheating the seal with an iron
• Padlock - takes a large shearing tool, or a couple picking tools
• Car - takes a 'slim jim' door shim, or breaking a window noise
• ROT13 - takes a simple function to decrypt, which is a conscious action that can deter simple temptation

Excuses that governments may have nearly limitless resources, or that "I don't have anything to hide", are irrelevant if you care about an internet of communications that is as secure, as it can be, for everyone in the areas of commerce, privacy, and political free speech worldwide. If you value these things, then we need to start securing our comminications.

Re:ISPs in Canada already throttle encrypted traff

[rjstanford]

Let me toss this one back at you. How many times do you continually push high bandwidth traffic to or from your bank? You could easily throttle those pages down to 10% of "full speed" and very few people would notice, let alone figure out the pattern.