Deep Packet Inspection.ca
Skip to ContentDPI Web Content
We have identified your Internet Service Provider (ISP) as:
Check our List of ISPS to see if yours uses Deep Packet Inspection.
Associated Projects
Identity Cards
Privacy Advocates
The New TransparencyWhat Is Deep Packet Inspection?
- Deep packet inspection is a networking technology installed by many of Canada’s Internet Service Providers (ISPs) to monitor what applications are generating data traffic.
- This technology is used to delay, or ‘throttle’, particular data content generated by some computer applications, such as peer-to-peer applications like BitTorrent and Limewire.
- Canada’s ISPs use the technology is used to improve customer billing by improving intelligence of how much data particular customers use.
DPI is used by many of Canada’s Internet Service Providers (ISPs) to monitor what applications are generating data traffic. The technology is used to delay, or ‘throttle’, some kinds of content generated by certain computer applications to control delivery of Internet data traffic and improve network security. ISPs don’t, however, use DPI to plant advertisements into customers’ browsers, or stop access to copywritten music, movie, or text files.
This section will describe some of the more important uses of DPI in Canada, as well as summaries of some of the controversies surrounding it.
Present Uses
Mediating Content Delivery
Deep packet inspection can identify which applications are generating and receiving Internet data traffic and delay or speed up their data transfers. In Canada, users of popular file transfer programs such as BitTorrent and Limewire are sometimes stopped from achieving maximum transfer rates because ISP DPI equipment ‘throttles’ or delays the delivery of data to, and transmission from, their computers.
These delays don’t stop content delivery, but they can have other unwanted effects. For example, when the CBC made Canada’s Next Great Prime Minister TV show available on P2P networkings, DPI equipment delayed traffic so much that while some people received their broadcast within 2.5 hours, others were still waiting 10 hours later.
The delaying of content has been an issue taken up by the Public Interest Advocacy Center (PIAC), mentioned by the Canadian Internet Policy and Public Interest Clinic (CIPPIC), and attended to by the Campaign for Democratic Media (CDM). The Canadian Radio Television and Telecommunications Commission (CRTC) ruled that, with non-time sensitive content such as videos, music, and movies, the delaying of content doesn’t influence the meaning of a data transmission and is therefore acceptable provided the delays don’t amount to actually controlling content.
Billing and Security
DPI can smooth billing practices, a reality which persuaded Bell Canada to initially build DPI into their networks. It can also be used to improve network security. For billing, deep packet inspection can identify an individual subscriber’s traffic, helping to make sure he or she has the correct Internet package. In this manner it is possible to more exactly provide consumers with the network services they purchase from their ISP.
DPI devices can also be set up in a purely ‘passive’ mode to gather data on how the network is being used at an aggregate level. This kind of intelligence can be used to refine the billing process, as well as to understand the nature of network attacks and prominent applications that are responsible for generating and receiving Internet data traffic.
It is important to note that not all ISPs that have deployed DPI use it for billing-related purposes. SaskTel, as an example, uses DPI dominantly for security-related reasons.
Advertising and Blocking Content
Some DPI equipment can modify the data packets, the small chunks of information computers send to and from the Internet. In the United States and United Kingdom DPI equipment has been used to generate advertisements based on a given subscriber’s behaviour online – behavioural targeting, in other words. It’s a practice that’s raised serious concerns in Canada surrounding whether or not Canadian ISPs were or are planning on using DPI to track Canadians and implant ads on webpages based on Canadians’ online activities.
In the 2009 CRTC hearing into how Canadian ISPs do or don’t use DPI, all Canadian ISPs denied that they presently use, or planned to use, DPI for advertising-related purposes. The CRTC has asserted, along with the Privacy Commissioner of Canada, that ISPs must communicate with regulators before implementing DPI for any advertising-related practice. Further, while various parties to the CRTC hearing were concerned about the impact of delaying content delivery over particular delivery services (eg, peer-to-peer networking applications such as BitTorrent), no party has actually accused Canada’s ISPs of censoring copywritten files.
Controversies
The Meaning of ‘Influence and Control’
As previously noted, PIAC, CIPPIC, the CBC, and CDM all maintained to varying degrees that using deep packet inspection to delay, or throttle, Internet data traffic amounts to influencing or controlling the content of the data traffic. In effect, where it take a substantially longer period of time for traffic to be delivered using non-traditional content deliver systems then the message itself is distorted.
Additional concerns were raised that focused on consumer behaviour. The worry was that delaying of content can lead people to abandon using content delivery systems that are being throttled. This is a substantial issue for alternate media sources and producers of documentaries that distribute their content over non-traditional delivery systems – such as peer-to-peer file sharing applications – that are subject to throttling. By delaying content delivery applications that are preferred by groups lacking financial resources to establish a traditional content distribution system, there is a risk that these groups will be unable to bring messages to the public eye.
Some ISPs say they’re forced to delay data traffic associated with some computer applications because if the applications are left alone they will use so much bandwidth that they will overwhelm network resources. Management of particular applications is required then to be fair to all subscribers, and DPI is a tool enabling these management practices. Can’t the ISPs simply enlarge their networks to take care of the problem? No. ‘Building out’ the network to meet bandwidth demands is untenable in the short- and long-run given that some applications will always strive to consume as much bandwidth as they can, and thus (re)generate the problem of network congestion.
In response to these differing positions, the CRTC has ruled that actual blocking of content is clearly an effort to modify the meaning or purposes of a telecommunications process and therefore needs Commission approval. More significantly, whenever time-sensitive traffic are affected by deep packet inspection imposed delays, to the point where there is a noticable degradation of Voice over Internet Protocol (VoIP) or real-time video quality then the DPI equipment is identified as influencing the content or process of the communications and thus prohibited.
If non-time-sensitive data traffic, such as that of peer-to-peer or file transfer protocol applications, is delayed to the extent that it amounts to blocking, this constitute an act of influencing the content. In this final case, however, delaying data traffic doesn’t require CRTC approval.
Privacy
Given that deep packet inspection offers ISPs unparalleled levels of intelligence into subscribers’ online activities, various privacy advocacy groups have been deeply concerned about how, exactly, Canadian ISPs have been and intend to use the technology.
To unpack this a little, all data traffic that courses across the ‘net is contained in individual packets that have header (i.e. addressing) information and payload (i.e. content) information. We can think of this as the address on a postcard and the written and visual content of a postcard. Whereas earlier network technologies gave only imprecise details on the payload, DPI can in some cases extract key information, as insert it. Such insertions would be like a postmaster adding the word ‘not’ to the sentence ‘I do love you!’ written on a postcard.
Given the substantial capacities of DPI equipment, the Office of the Privacy Commissioner of Canada as well as the CRTC are examining/have examined whether the equipment is presently configured in ways that infringe on Canadians’ privacy. As a result of one investigation, the Privacy Commissioner told Bell to change an element of their privacy and network management policy, and the CRTC laid down strict guidelines as to how the technology can and cannot be used.
Significantly, the CRTC said that it works in a complementary fashion with the Privacy Commissioner of Canada and that telecommunications providers are held to a higher standard than that contained in federal law alone. Critically, not only are primary ISPs, such as Bell, Rogers, and Shaw, prohibited from using data gathered from traffic management for anything other than management actions, but “the Commission directs all primary ISPs, as a condition of providing wholesale services to secondary ISPs, to include, in their service contracts or other arrangements with secondary ISPs, the requirement that the latter not use for other purposes personal information collected for the purposes of traffic management and not disclose such information.”
This direction is intended to harshly limit the possible uses of the technology in ways that deviate from those presented to the Commission in the traffic management hearings.
Function Creep
A key worry surrounding the deployment of deep packet inspection – and most other surveillance equipment, for that matter – is that it will be used for additional purposes in the future that increasingly infringe on Canadians’ privacy. As an example, Bell Canada initially deployed their DPI equipment for monitoring their own Bell Sympatico subscribers, and then began delaying some of their data content depending on the applications that are generating or receiving the data, and most recently began throttling wholesale ISPs that purchase bandwidth from Bell. This is a classic case of technology being used for purposes other than originally intended.
Accompanying the worry of function creep is the lack of transparency into what specific equipment is being used by Canadian ISPs. Not all DPI equipment is made equal; some kinds can be used for behavioural advertising whereas other can’t. Without an awareness of the total capabilities of the equipment, it is impossible to be certain whether presently deployed equipment could be used for further creep.
Additional Reading
If you’re looking for more technical depictions of deep packet inspection, or are just looking for more substantial discussions of the technology, you can hop over to the resources section of the website where we have various academic papers, news articles, and DPI-related websites that will hopefully address your interests. If that doesn’t sate you, send us a comment and/or question and we’ll get back to you as we’re able to.
If you have any questions regarding this website or our work, please contact us. DEEP PACKET INSPECTION CANADA by Christopher Parsons and Colin Bennet is licensed under a Creative Commons Attribution-Noncommercial 2.5 Canada License. Research, development, and maintenance of this website has been funded through the Office of the Privacy Commissioner's contributions program. Click here to see our Privacy Policy
[...] This post was mentioned on Twitter by JuriBlogSphere. JuriBlogSphere said: CAN – Un site à découvrir sur la technologie du "deep packet inspection" => http://tinyurl.com/y6zohsh #dpi [...]
[...] that, among other things, tells Canadians whether their internet service provider (ISP) uses Deep Packet Inspection technology or DPI. ISPs use DPI to look at what applications people are using to decide which ones [...]
[...] Deep packet inspection (DPI) marks a new period in the history of social control and, again, we must question the politics of control embedded in the technology. The control embedded in DPI differs from the architecture of overpasses; DPI runs through software and thus its mode of control is more fluid than concrete. Control does not block, but works by “increasing the probability of a desired outcome rather than its absolute determination” (Samarajiva, 1996, p. 129). The Internet appears open but the opaque software of deep packet inspection now subtly controls Internet traffic by gently guiding our communications into fast and slow lanes.[1] In this short essay I will identify what is significant about DPI’s capacity to control communications. I do so by first naming the nature of this control, secondly sketching its operation, and finally by speculating on the challenges it poses to democratic society. [...]
The statement made in this article (extract below) is incorrect.
Extraced:
“For example, when the CBC made Canada’s Next Great Prime Minister TV show available on P2P networkings, DPI equipment delayed traffic so much that while some people received their broadcast within 2.5 hours, others were still waiting 10 hours later.”
That is not how DPI works. One of the principle that this article refers to ensuring Quality of Service (QoS). DPI’s can prioritize traffic, e.g. a Skype needs to receive priority over an email deliver and therefore receives bandwidth priority. This is simply, because everyone would complain about delays in a Skype conversation, but unlikely about an emailt hat takes 2 seconds longer to be delivered. It is bandwidth management and not delaying content for hours as it is described in the article. Whoever wrote it, obviously doesn’t understand the technology.
[...] to be put in place, have been allowed to get away with up until this point (low bandwidth caps, Deep Packet Inspection, bandwidth throttling and [...]
[...] carriers are increasingly purchasing expensive and fungible systems that integrate deep packet inspection technologies. To offset equipment costs, these same carriers are motivated to use their fungible equipment to [...]