CFP2008: Deep thoughts on deep packet inspection

DPI came up on the Friday morning discussion of network neutrality and when exactly an ISP has crossed the line. There is a material distinction between “content” and “meta-data” of communications. For example the rules around a pen register / trap-trace and different and more stringent than those governing a full wiretap. For IP communications, the parallel for phone number is the header of an IP packet, which might describe its destination, how much data it contains and perhaps hint at the protocol.  Looking past that into the payload of the packet is what can be termed “deep packet inspection.”

On the panel it was pointed out that DPI simply not commercially feasible until recently. The hardware required to look at every packet flying by a high-speed gigabit link is not exactly stocked at the local BestBuy. According to David Reed, initial demand was driven by intelligence applications. But Moore’s law does not discriminate between military and commercial use. As soon as the capability was within striking distance for large ISPs, people started looking for ways to capitalize on it: in other words, a solution in search of a problem. As with most of these contrived, artificially created uses of technology that start from the ISDN position (“innovations-subscribers-don’t-need”) the first attempt has proved less than brilliant.

The proposals from Charter and British-Telecom cross the line from dubious into no-doubt-about-it nefarious. This is the one scenario where less intrusive solutions are not possible because the business model favors collecting more data about customers. There is an interesting correlation between how far into the IP packet the ISP must look and the social acceptability of its objectives. Comcast can manage its scarce resources by simply counting bits– looking at the size of the IP packets sent, without regard for its destination or port. As it turned out their first crude, inept attempt did look at port numbers and single out BitTorrent. Luckily bandwidth is bandwidth and while the ISP has every right to create different pricing models that may require limiting resources consumed by the heaviest users, it has no business deciding which protocol the customer will use or what endpoints they choose to communicate with. Looking at the size of the IP packet and keeping tabs on usage is good enough for this purpose.

Looking at more data in the packet cranks up the intrusiveness level. Destination address will reveal the websites the customer is visiting. Advertising networks have traditionally relied on this information for targeting. This is the same data Charter and British-Telecom are going after. The final step will involve looking past the header and directly into the contents of the packet. Moore’s law is not on the side of privacy in this case. The CFP discussion and Peter Ohm’s ideas about the ECPA connection are very timely.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s