DPI and Net Neutrality's Overseas Weak Spot

Ian Lamont writes "An unnamed source at an American ISP says staff there briefly considered using Deep Packet Inspection to comply with an order from Argentina's Department of Justice to block access to a local gambling site. The ISP ended up not going that route, owing to the cost, but some engineers at the company worry that DPI will eventually be implemented on the ISP's overseas network, thereby positioning it for an easier US rollout should Net Neutrality lose out in Washington. Besides being used for traffic-shaping, DPI can also monitor the traffic of ISP subscribers to supply targeted advertising."

This is where customers put their foot down.

[MindlessAutomata]

And say "No".

Even if it hurts in the short run. The loss of consumer bargaining power in these instances, where the contracts possibly allow for this, is the fault of the general consumer to begin with.

Re:This is where customers put their foot down.

[snl2587]

And say "No".

I ask, "to whom?". The ISPs are not the only ones who want (to use a generalization) the traffic of subscribers to be monitored. I think you overestimate the power of the consumers in this case.

Re:This is where customers put their foot down.

[pseudorand]

Don't be a tool. The Internet has always operated on the principle that traffic on the public network isn't private. Let them use Deep Packet Inspection. If you didn't encrypt your data, that's your fault.

And as for consumer bargaining power, we never had any. Residential broadband has always been without an SLA. Even if you network goes down or is slow for weeks, your only recourse is to cancel your service.

What we need are SLA's for consumer broadband that guarantee a minimum (not maximum) bandwidth. Then, let them inspect all they want, I'll encrypt what I need to be private. And let them block all they want within the SLA, I'll pay for the level of service I need.

Don't get me wrong, I'm all for Net Neutrality. The ISP I'm handing my money to should be routing anything I choose to send, illegal or no (since IPSs should just be carriers and not liable or responsible for how I choose to use their network), but just don't everyone go panicking that "they're looking at my data".

Re:This is where customers put their foot down.

[garett_spencley]

I'll encrypt what I need to be private. And let them block all they want within the SLA, I'll pay for the level of service I need.

What happens when ISPs start to throttle (or block all together) encrypted or binary data ?

I can already imagine the justifications: "binary data consists largely of pirated software and media!", "only terrorists, pedophiles and other criminals have something to hide and use encryption!" "yap yap yap!"

At the risk of sounding pretentious, I believe that the Internet is one of the greatest assets for human advancement and achievement since the printing press. It is far too important to us to allow certain groups with special interests to ruin it for everyone. One last resort is to force ISPs who succumb to government pressure out of business. In the meantime we have to use every single democratic and diplomatic means at our disposal to force government to make the decisions that serve the larger population's wishes, and not the small special interest groups that want to shut the rest of the world up.

Re:This is where customers put their foot down.

[PopeRatzo]

I think you overestimate the power of the consumers in this case.

If the consumers go away, the corporation goes out of business.

Now how is the GP "overestimating" the power of consumers if the very life of the corporation in question hangs in the balance?

In the past decade, American consumers went trillions into debt to purchase foreign consumer goods and thus kept the funny-money US economy from crashing like the Hindenberg. I would say that's a mighty display of "power".

The only people who don't think consumers have "power" are mostly running banks and corporations. It might be time to give them a refresher course on the meaning of the word.

In a way, it's very similar to the situation between the people who have political power in this country and the citizens.

Re:This is where customers put their foot down.

[PopeRatzo]

If you didn't encrypt your data, that's your fault.

Don't think for a second that private use of encryption isn't under attack by the telecoms and the government that works for them.

Re:This is where customers put their foot down.

[PopeRatzo]

Tell you what: people are quickly learning about the means and meaning of the surveillance of our data and behavior.

Here in Chicago, tens of thousands of drivers have gotten little notes in the mail from the City of Chicago, telling them that they have to pay $100 or have their car seized, based on a picture taken at an intersection.

When a local, nationally prestigious university recently had a public symposium on the effect of electronic surveillance upon personal, public and political life, you would have been quite surprised at the number, and the variety, of the people who showed up. In fact, a lot of last-minute shuffling had to take place at the venue to accommodate the unexpected number of attendees. And a surprisingly small number of them were techies and geeks. A large number were under age 18.

Re:This is where customers put their foot down.

[philspear]

You convinced me. I'd like to get in on this boycott. Send me an e-mail when I need to cancel my internet, and then send me another email when the boycott is over and I can resume using the... internet...

I think I may see a problem here.

Re:This is where customers put their foot down.

[Ichijo]

What happens when ISPs start to throttle (or block all together) encrypted or binary data ?

Then we'll Uuencode or BinHex the binary data so it looks like ASCII.

Packet Encryption

[camperdave]

So, we'll all have to implement some form of packet encryption so that our packets can't be inspected. It is sad that there's so much interest in our communications, whether it be for marketing, or government control, that we can no longer trust our old internet which transmits everything in the clear.

Re:Packet Encryption

[Intron]

The problem is that even if every website also did this, which they won't, your ISP could still sell your browsing history to advertisers or give it to the feds because they know what sites you visit even if they don't see the contents of the packets.

To avoid this you need something like Tor.

Re:Packet Encryption

[BountyX]

Ive been routing my internet through trusted nodes accross the net in encrypted form for a while now and have given up the "old internet". NSA has dpi level inspection at major fiber lines via light bending, especially with underwater fiber. They also use spoilia (spillage of communication signals caught by satalites due to the earths sphere shape) to intercept our activities on wireless communications. If your data is ever transmitted in the air, assume it is being watched. Fiber optics is harder to snoop in on since it requires a physical tap. I wouldn't worry about the US spying on its citizen. It dosn't need to. Under the UK-USA agreement, the NSA shares its intelligence info with the UK, Nz, and Aus and in return those countires share their info with us. The US does not engage in spying on citizens, instead, it usually asks one of its allies to spy on a specific person. By doing this, the US bypasses many laws on privacy. The NSA's largest establishment in the UK USA agreement is at menwith hills and fort mede, maryland. The two agencies (both controlled by the NSA) coordinate sigint. Bottom line, all of our traffic is monitored and run through thousands of different communication algorithms for data mining. Do not share any identifiable information online, to any one for anyreason. Even anonymous browsing is vulnerable to time analysis.

Re:Packet Encryption

[ColdWetDog]

Mr. Bin Laden? I didn't realize you joined Slashdot. Do you run Linux? Welcome.

Re:Packet Encryption

[BountyX]

Ironically, bin laden DID NOT encrypt his communications. Instead, he chose to plan is activities on the internet in sex chat rooms and other public locations on the internet. Bin laden, who had a relationship with the CIA before becoming a terrorist, knew that encrypting communication was one of the NSA's criteria that alerted the agency of an individuals suspicous activitiy. Encryption draws attention becuase its like feeding the NSA bad data. If enough people encrpyt their communications regularly, it will make it harder for the NSA to snoop...and yes, I do run linux :)

Re:Packet Encryption

[Braino420]

Dude, weren't you supposed to submit that anonymously or something?

Out of interest

[sakdoctor]

How much extra resources are used in delivering a page by HTTPS instead of HTTP?

Re:Out of interest

Quite a lot when negotiating the crypto handshake (there's hardware for this and it scales pretty decently, even if it's not exactly cheap) - but you'd still be able to pick up what was being visited from the certificate if you wanted.

DIP will likely be rolled out to support QoS.

[Ungrounded+Lightning]

IMHO Deep Packet Inspection will be rolled out to identify the protocols in use on connections, to support assigning the correct QoS to different protocols.

For instance: File transfers accelerate until they consume (and equally divide) all bandwidth at the most congested link in their path, but just slow down if they're artificially limited below that level. Meanwhile Streams are band limited but must go to the front of the line to meet their jitter and delivery reliability requirements, though delayed stream packets are useless and should be dropped to avoid also delaying their successors.

Unfortunately the tagging of the packet itself can't be trusted because there is an incentive to achieve improved service by cheating, requesting better service than necessary. (And a Microsoft IP stack, widely deployed, made just this "improvement".)

My take: The right solution is to write a contract for various rates of "premium" packets, then accept the labeling but demote the QoS on packets above the running limit. Then the incentive is on the user to obtain software that doesn't cheat, and the ISP doesn't need to deep inspect.

Unfortunately, the ISPs and equipment vendors seem to be going with the DPI identification approach. And that means deploying DPI, which can then be misused by the ISPs to do the bad kind of non-neutrality.

All the more reason to move to IPv6...

[albee01]

IPv6 was designed to be more secure and encryption is built in (IPsec). It seems that the best solution to the whole net neutrality issue is to encourage the transition to IPv6 as quickly as possible.

Re:All the more reason to move to IPv6...

[Broken+Toys]

Net neutrality isn't about Internet protocols.

It's about social and political neutrality on the Internet.

Re:All the more reason to move to IPv6...

[cbiltcliffe]

That actually makes me wonder if the whole reason IPv6 adoption is so miserably low is that the government and communication companies know that when they adopt it wholesale, they lose the ability to do easy DPI and other such shenanigans.

Re:All the more reason to move to IPv6...

[kriss]

I'd hand out a complimentary tinfoil hat if I had one.

IPv6 is on the radar and requested as a must-have, but normally only on a roadmap level ("Will your product support this some time in the future?"). In some parts of the world (there's more to it than the US), any device incapable of IPv6 won't get onto the network in the first place.

If you stop to think about the practical implications for a while, it's very unlikely that encryption will be that much more widespread than it is today (it's a processing power issue as well, not just one of protocol ease of implementation) while the whole NAT issue will be zapped. This means that DPI gear all of a sudden can pick out a whole lot more, since traffic that'd normally be aggregated by a NAT - won't be. Insta-higher-resolution.

There's no conspiracy here. Really.

Re:ISPs in Canada already throttle encrypted traff

They throttle https? How have online banks and retailers reacted?

In NZ

[duckInferno]

The worst we have here is a monopolising telecommunications company. We have data caps and high prices compared to other countries. Sometimes I find it really hard to treasure what we have, but it's articles like these that make it easier. Precious few ISPs here throttle data and I've never heard of any kind of push against p2p, let alone all the blocked/throttled/privacy-busting measures I've been hearing about what's going on in the US.

Of course, I still have reason to worry. A lot of NZ traffic goes through the US. :)

There's DPI and there's DPI

[kriss]

Yes, there's DPI devices for traffic shaping (or throttling or management or whatever term you prefer), and there's DPI devices for ad insertion but those really wouldn't be the same devices, probably not even made by the same vendor. Plugging my own blog, here's a shortentry about this.

As for the article, I think - but I could well be called biased - that the unnamed sources may be overreacting a bit. Could you do the things described with a decent traffic shaping DPI enabled box? Sure. Do ISP's do this? With the exception of some high profile cases we're all aware about, not that I noticed. As it happens, I wrote about this as well fairly recently (the text is quite long, if you want only the relevant bits on DPI uses, scroll down to 'DPI uses' near the bottom)

(In all honesty, I could well see the point of very restricted and extremely cheap access though. The net is a resource you pretty much need access to in order to function well in society nowadays. If that's all you need it for, it might make a lot more sense to get a $10/mo line restricted to only web and mail than a $30-or-more/mo line unrestricted. I sure as heck wouldn't get a restricted one myself, but then again, I'm not really the target audience of that idea)

As for an american rollout, quite a few ISP's run the gear in the US already. Again, with a few (very notable) exceptions, you don't really notice it. Which is kind of the point of a good implementation, in my book.

Everything Should Be Secure-ish

[Nymz]

A lock doesn't need to be unbreakable in order to be of some value, it only needs to be good enough to deter some violators. Examples:

• Envelope - takes time and effort to hold up to a light, or reheating the seal with an iron
• Padlock - takes a large shearing tool, or a couple picking tools
• Car - takes a 'slim jim' door shim, or breaking a window noise
• ROT13 - takes a simple function to decrypt, which is a conscious action that can deter simple temptation

Excuses that governments may have nearly limitless resources, or that "I don't have anything to hide", are irrelevant if you care about an internet of communications that is as secure, as it can be, for everyone in the areas of commerce, privacy, and political free speech worldwide. If you value these things, then we need to start securing our comminications.

Even the strongest chain has a weak link...

[pathological+liar]

How and why do you trust those nodes? Unless it's a completely dark net there's an egress point, and that point can be coopted/coerced. At the very least all traffic going through that endpoint can be trivially sniffed by at least one person. If you're worried about the NSA or its cronies tapping your communications, why aren't you worried about someone exerting pressure on the weakest link in the chain?

If you're on a completely dark net, well, that's great... but won't the lack of content get boring after a while? (And again, the other humans will always be the weakest link)

Re:Even the strongest chain has a weak link...

[BountyX]

Long answer short, the exit node is the weakest link. But what if an individual owned a network of exit nodes colocated in facilities throughout the world? These nodes were hosted in secure locations without physical access. ;) time analysis still works :(

Re:ISPs in Canada already throttle encrypted traff

[rjstanford]

Let me toss this one back at you. How many times do you continually push high bandwidth traffic to or from your bank? You could easily throttle those pages down to 10% of "full speed" and very few people would notice, let alone figure out the pattern.

Re:ISPs in Canada already throttle encrypted traff

[TheVelvetFlamebait]

They throttle https? How have online banks and retailers reacted?

Rather slugglishly, I'm afraid.