DPI Web Content

ESSAYS » The Singular Challenges of ISP Use of Deep Packet Inspection

Written by Alissa Cooper

Massive growth in data processing power has spurred the development of deep packet inspection (DPI) equipment that potentially allows providers of Internet service and other intermediaries to collect and analyze the Internet communications of millions of users simultaneously. DPI has come to permeate numerous Internet policy debates, including those related to net neutrality, behavioral advertising, content filtering, and many others. Although the policy concerns that DPI raises differ in each case, one theme that recurs throughout these debates is the potential for DPI to essentially eliminate online privacy as it exists today, absent pervasive use of encrypted communications. As a technology that can provide Internet service providers (ISPs) and their partners with broad and deep insight into all that their subscribers do online, its potential to facilitate privacy invasion has been described in the most dire of terms: as “wiretapping” the Internet (Barras, 2009, p. 1), “unprecedented and invasive ISP surveillance” (Ohm, 2009, p. 1417), and even “the end of the Internet as we know it” (Riley and Scott, 2009, p. 1).

ISPs’ use of DPI has drawn scathing privacy criticism despite the fact that numerous other entities are capable of conducting content inspection. Content delivery networks and caching services could have similar capabilities, as can individual Internet users employing firewalls, home gateways, or packet sniffers. Likewise, many of the services that DPI can facilitate for ISPs – security protections, behavioral advertising, and content filtering, for example – have been offered for years by web- and software-based service providers.

There are several characteristics inherent to ISPs and their use of DPI that significantly increase the privacy stakes as compared to these other entities, however. ISPs are uniquely situated in three respects: they serve as gateways to all Internet content, switching ISPs can be difficult for Internet users, and their use of a tool as powerful and versatile as DPI makes it prone to mission creep. An exploration of each of these factors reveals that they are difficult or impossible to mitigate. Taken together they form the fundamental basis for the heightened privacy alarm that has characterized DPI debates.

ISPs as Internet Gateways

The Internet is often thought of as a dramatically free medium for speech, where little stands between an Internet user and the expression of his or her ideas to friends, colleagues, and the world at large. It is also an intensely personal medium used to maintain familial and social ties, to find information related to personal activities and pursuits, and to transact personal business. Millions of Internet users worldwide trust the medium enough to engage in a wide range of personal and commercial communications and transactions online. While “the medium” is composed of many services and applications providers at different levels, the foundation for this trust is the connectivity itself as provided by ISPs. Ohm (2009, p. 1446) has aptly described this service provider trust as the “sense of repose” that Internet users have as they use the network to conduct their lives.

DPI has the potential to disrupt this sense of repose by inserting a middleman – and potentially a gatekeeper – between Internet users and those with whom they communicate. To the extent that Internet users find themselves at ease conversing and transacting online, ISPs’ increased use of DPI presents the potential to chip away at that sense of security by introducing a surveillance element where it did not exist previously. ISPs are an important element of the trust that Internet users place in the network, and increased use of DPI calls that trust into question.

The effects of this loss of trust could be wide-ranging. As with other technologies of surveillance, increased use of DPI creates the potential for self-censorship and inhibition online (Lyon, 2007). It may also serve to deter online commerce if consumers and businesses question the confidentiality of their transactions. These are plausible risks whether or not specific uses of DPI are known to Internet users or indeed breach confidentiality, as even a general awareness that surveillance may be occurring can prompt people to alter their behavior (Foucault, 1977). Introducing DPI on the network thus has the potential to turn what was a trusted conduit into a suspicious eavesdropper, even if Internet users are only vaguely aware that DPI is in use.

Many other trusted service providers exist on the Internet, and many of them would be similarly capable of damaging user trust should they begin to examine their users’ communications in an unexpected way. In fact, there are clearly intermediaries in existence today that are capable of collecting more application-level data about many more Internet users than any single ISP could – Google is the obvious example. But neither Google nor any other service provider is as capable as an ISP of comprehensively monitoring the entirety of each individual subscriber’s online activities. Every one of a subscriber’s packets, both sent and received, must pass through the ISP’s facilities. What separates ISPs is the potential for their gaze over their subscribers to be omniscient.

ISPs may be far from realizing that potential, and encryption tools exist to help protect Internet users from the prying eyes of their ISPs. But as long as the majority of Internet users pursue their online activities without encrypting their communications, the mere existence of DPI on the network jeopardizes the bond between them and their ISPs.

High ISP Switching Costs

The potential for ISPs to abuse their gatekeeping power is further exacerbated by the fact that switching ISPs is comparatively more difficult than switching between other services like search engines or web browsers. While the latter may involve a simple mouse click or software download, changing ISPs can be a much more elaborate process involving a time investment to explore new options and bundled services, installing new equipment, setting up new bill payments, and time at home waiting for an engineer to hook up new service (Krafft and Salies, 2008). Because of these barriers to switching, subscribers may be unwilling or unable to switch ISPs even if their current ISPs introduce DPI-based practices with which they disagree. Internet users may perceive their choice of ISP to be much more binding than their choice of other online services, which reduces their ability and inclination to avoid ISPs’ privacy-invasive practices.

Notably, even where consumers have many ISP choices, switching costs may still impede consumers from changing ISPs over DPI concerns. This may be one reason why even less concentrated ISP markets appear to lack a market for privacy. For example, in the competitive UK market, many ISPs indicate in their web site disclosures that they are using DPI of some form to manage congestion, and the majority of Canadian ISPs that responded to a recent regulatory inquiry indicated that they are using DPI for some network management purpose (Parsons, 2009). Whereas competition for privacy is appearing in other online sectors with low switching costs – the major search engines, for example, continue to improve upon each others’ data retention policies (Center for Democracy & Technology, 2007) – higher ISP switching costs may reduce ISPs’ incentives to compete on privacy.

While there may be limited steps that ISPs can take to reduce switching costs – lowering or eliminating contract termination fees, establishing flexible schedules for hooking up new service, and so forth – the burdens of changing to a new ISP are in some ways inherent to the provision of Internet service. Because these burdens are largely unavoidable, relying on competition to discipline ISPs’ privacy behavior is not likely to be sufficient.

Propensity for Mission Creep

Another distinguishing feature of ISPs’ use of DPI is the potential for “mission creep:” having DPI equipment that was installed for one purpose used for multiple new purposes over time (Werbach, 2005). The potential uses of DPI are nearly as wide as computing itself. Many of the capabilities of DPI equipment are generic computing capabilities: intercepting packets; pattern-matching their content; and storing the raw data, statistics about the data, or conclusions drawn from the data. Because each of DPI’s uses employs some or all of these generic capabilities, DPI vendors are finding it more efficient and less costly to build their equipment to suit multiple uses. Several vendors tout the fact that a single one of their products can be used for congestion management, usage monitoring and prioritized or tiered service offerings, for example (Arbor Networks, 2010; ipoque, 2008). The trend is toward more functionality built into individual DPI products, not less.

When mission creep does occur, it may be invisible to users. Because ISPs’ use of DPI occurs in the middle of the network, there need not be any indication to subscribers that inspection is occurring. There is also no technical reason why DPI equipment should leave any trace on users’ computers (although DPI used to facilitate behavioral advertising, for example, may be employed in conjunction with cookies or other files stored on users’ computers). This is in contrast to other kinds of technologies that can perform similar functions to those of DPI – for example, while many web-based behavioral advertising networks deposit cookies on users’ computers for tracking purposes, an ISP could employ a DPI-based behavioral advertising system without storing anything on users’ machines. Furthermore, one of the core design goals of DPI vendors is to build equipment that has the least possible impact on network performance and user experiences (Allot Communications, 2007). The combination of these technological factors create the potential for DPI to be deployed – and subsequently put to new uses – mostly invisibly on the network.

Perhaps because of the fact that DPI technology does not need to reveal itself on the network, several early DPI systems were deployed without any indication to users (European Commission, 2009; Federal Communications Commission, 2008). Furthermore, despite the limited public scrutiny that ISPs’ DPI practices have been subjected to thus far, one large ISP has already admitted that “even though DPI equipment was originally intended to introduce usage data collection functionality. . . it was subsequently determined that DPI should be used for traffic shaping” (Engelhart, 2009, p. 3). This sort of mission creep is precisely what raises concerns about the misuse of the technology and its ability to erode consumer trust in the network. Concerns over mission creep are driven by features of the technology itself that are not easy to overcome – the cost effectiveness of producing general-purpose DPI equipment and its lack of transparency on the network.

Conclusion

In the heat of DPI policy debates, serious concerns have been raised about the potential for the technology to facilitate massive privacy invasion. For some stakeholders, these risks are enough to reject DPI altogether and call for its prohibition (NoDPI, 2008). But given that a number of other kinds of applications and services have or could have similar capabilities to DPI, it is important to understand precisely what differentiates ISPs’ use of DPI. The aspects of ISPs discussed here – their role as trusted network onramps, their switching costs, and DPI’s particularly promising territory for mission creep – set them apart from other service providers, raising the bar for what ISPs must do to mitigate privacy risks as they pursue new DPI-based solutions.

Works Cited:

Allot Communications. (2007). Digging Deeper Into Deep Packet Inspection. Retrieved from http://www.allot.com/Common/FilesBinaryWrite.aspx?id=3053

Arbor Networks. (2010). Arbor e100 Datasheet. Retrieved from http://www.arbornetworks.com/de/docman/arbor-e100-data-sheet-english/download.html

Barras, C. (2009, March 16). Tim Berners-Lee: Internet at risk from ‘wiretapping’. Computer Weekly. Retrieved from http://www.computerweekly.com/Articles/2009/03/16/235279/Tim-Berners-Lee-Internet-at-risk-from-39wiretapping39.htm

Center for Democracy & Technology. (2007). Search Privacy Practices: A Work in Progress. Retrieved from http://www.cdt.org/privacy/20070808searchprivacy.pdf

Engelhart, K. G. (2009, January 13). Response to Interrogatory: Rogers(CRTC)4Dec08-1. CRTC Public Notice 2008-19. Retrieved from http://www.crtc.gc.ca/public/partvii/2008/8646/c12_200815400/1005723.zip

European Commission. (2009, April 14). Commission launches case against UK over privacy and personal data protection. IP/09/570. Retrieved from http://europa.eu/rapid/pressReleasesAction.do?reference=IP/09/570&format=HTML&aged=0&language=EN&guiLanguage=en

Federal Communications Commission. (2008). Memorandum Opinion and Order In the Matters of Free Press and Public Knowledge Against Comcast Corporation for Secretly Degrading Peer-to-Peer Applications; Broadband Industry Practices; Petition of Free Press et al. for Declaratory Ruling that Degrading an Internet Application Violates the FCC’s Internet Policy Statement and Does Not Meet an Exception for “Reasonable Network Management”. Retrieved from http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-08-183A1.pdf

Foucault, M. (1977). Discipline and Punish. Pantheon Books.

ipoque. (2008). Datasheet PRX-10G. Retrieved from http://www.ipoque.com/userfiles/file/datasheet-prx10g.pdf

Krafft, J., & Salies, E. (2008). The diffusion of ADSL and costs of switching Internet providers in the broadband industry: Evidence from the French case. Research Policy, 37(4), 706-719. doi:10.1016/j.respol.2008.01.007

Lyon, D. (2007). Surveillance Studies: An Overview. Polity.

NoDPI. (2008). No Deep Packet Inspection FAQ. Retrieved February 27, 2010, from https://nodpi.org/faq/

Ohm, P. (2009). The Rise and Fall of Invasive ISP Surveillance. University of Illinois Law Review, 2009(5), 1417-1496. Retrieved from http://lawreview.law.uiuc.edu/publications/2000s/2009/2009_5/Ohm.pdf

Parsons, C. (2009). Summary of January 13, 2009 CRTC Filings by Major ISPs in Response to Interrogatory PN 2008-19 with February 9, 2009 Updates.Retrieved from http://preview.tinyurl.com/289mpax

Riley, M. C., & Scott, B. (2009). Deep Packet Inspection: The End of the Internet As We Know It? Free Press. Retrieved from http://www.freepress.net/files/Deep_Packet_Inspection_The_End_of_the_Internet_As_We_Know_It.pdf

Werbach, K. (2005). Breaking the Ice: Rethinking Telecommunications Law for the Digital Age. Journal on Telecommunications & High Technology Law, 4, 59. Retrieved from http://heinonline.org/HOL/Page?handle=hein.journals/jtelhtel4&id=65&div=&collection=journals

Biography:

Alissa Cooper is a doctoral student at the Oxford Internet Institute. Her research focuses on how social, economic, technical and regulatory forces are challenging the open and decentralized Internet paradigm. She is interested in examining the balance of intelligence between the ends and the middle of the Internet; what the consequences of shifts in this balance might be for innovation, expression and privacy; and how individual Internet constituencies may be able to contribute to maintaining Internet openness.

Alissa is also the Chief Computer Scientist at the Center for Democracy and Technology (CDT), a non-profit public policy organization headquarted in Washington, DC. Her work at CDT focuses on a range of Internet policy issues including consumer privacy, net neutrality, and technical standards. At CDT she conducts original research and writing on numerous policy topics, serves as technical liaison between CDT and engineers at technology companies and within Internet standards bodies, and serves as CDT’s technical voice in public forums. During her time in DC, she has testified before the US Congress and and on several occasions before the Federal Trade Commission. While pursuing her doctoral work she is continuing to serve as CDT’s Chief Computer Scientist on a part-time basis. Alissa also currently co-chairs the Geographic Location/Privacy working group (Geopriv) within the Internet Engineering Task Force (IETF).

Alissa joined CDT after completing her Bachelor’s and Master’s degrees in Computer Science at Stanford University. There her work focused on computer security issues and included research into the structure and organization of botnets and online forums used to perpetrate fraud.

Interested in more? Subscribe to our RSS feed for new essays and site news as it comes available.