I See Your DPI and Raise You a SSL

A little while ago I was talking about network neutrality and Deep Packet Inspection (DPI) technologies with a person interested in the issue (shocking, I know), and one of the comments that I made went something like this: given the inability of DPI technologies to effectively crack encrypted payloads, it’s only a matter of time until websites start to move towards secure transactions – in other words, it’s only a matter of time until accessing websites will involve sending encrypted data between client computers and servers.

The Pirate Bay and Beyond

Recently, Sweden passed a bill that allows for the wiretapping of electronic communications without a court order. This caused the Pirates Bay, a well-known BitTorrent index site, to announce that it was adding SSL encryption to their website as well as VPN solutions for native Swedes who wanted to avoid the possibility of having their network traffic surveyed. Recently, isohunt.com has done the same, and other major torrent sites are expected to follow the lead. The groups who are running these websites are technically savvy, allowing them to implement encrypted access rapidly and with little technical difficulty, but as more and more sites move to SSL there will be an increasing demand amongst tech-savvy users that their favorite sites similarly protect them from various corporate and government oversight methods.

The Open Web: Closing for Repair

John Gilmore’s famous line, “The Internet interprets censorship as damage and routes around it” seems to be a little less true now than it was when he proclaimed it. Rather than ‘routing around’ damage brought on by censorship/surveillance that is enabled by DPI technologies, packets charge right through the offending hardware having hardened their skins to avoid the penetrating gaze of their surveyors. The open web of the past, where most application traffic was available for inspection, where you could identify it at a glance, is gradually being abandoned and replaced with a web of fear, where individuals slowly move towards securing even their routine content.

I take Gilmore’s quote as an optimistic expression of what would happen on the open web – when a particular brand/node of the ‘net was found to be censoring groups, that particular node is cut out of available routing addresses and packets carry along the network with few concerns. As we pass from the open web to the web of fear, entering a electronic environment where and increasing number of the primary routing hosts are inspecting traffic and preventing/hindering packets from traversing the globe, an cautionary mindset that accords with the ‘security state’ sets in; while the security state sees citizens abandon/lose core rights and freedoms in the name of national and personal security without significant concerns, that same culture of security may allow for the easy adoption of encrypted data traffic on the basis of it maximally securing personal (though potentially not state) security. It will be interested to see how these two modes of approaching security develop and play out against one another.