Last year I spent some time and put together a working paper entitled, “Deep Packet Inspection in Perspective: Tracing its lineage and surveillance potentials,” for the New Transparency Project (of which I’m a student member). The document has gone live as of today – if you have any comments/thoughts concerning it feel free to send them my way! The abstract is below:
Internet Service Providers (ISPs) are responsible for transmitting and delivering their customers’ data requests, ranging from requests for data from websites, to that from file-sharing applications, to that from participants in Voice over Internet Protocol (VoIP) chat sessions. Using contemporary packet inspection and capture technologies, ISPs can investigate and record the content of unencrypted digital communications data packets. This paper explains the structure of these packets, and then proceeds to describe the packet inspection technologies that monitor their movement and extract information from the packets as they flow across ISP networks. After discussing the potency of contemporary packet inspection devices, in relation to their earlier packet inspection predecessors, and their potential uses in improving network operators’ network management systems, I argue that they should be identified as surveillance technologies that can potentially be incredibly invasive. Drawing on Canadian examples, I argue that Canadian ISPs are using DPI technologies to implicitly ‘teach’ their customers norms about what are ‘inappropriate’ data transfer programs, and the appropriate levels of ISP manipulation of consumer data traffic.
Technology, Thoughts & Trinkets 
Sorry can’t seem to access your paper 😦
My question: it’s easy to criticze, but is it possible to design and operate privacy-enhanced DPI?? if so, How might it work?
LikeLike
Sorry about the link – I’m locally hosting now, so it should work. I’d no idea that they’d modified the link structure….
To answer your question: sort of, but with conditions on the intended uses. I’ve written about Detica and CView in this space (a few links at end of my comment) and they seem to have designed an appliance that is meant to engage in surveillance while ‘maintaining’ as much privacy as possible (through the anonymization and aggregation of data). Where this kind of pure ‘traffic management’ approach is taken, it is possible to limit the exposure of private information to ISPs.
I think, however, that this approach I take – minimizing the invasiveness of DPI – is drastically different from any kind of ‘privacy-enhanced’ DPI. An ‘enhancement strategy’ suggests that the device itself is somehow enhancing privacy, which it clearly is not. Think of it like a surveillance camera: you don’t ‘enhance’ the privacy provided by a camera, but recuperate the lost privacy. I focus on the loss -> regain, rather than just the ‘regain/enhance’ because rhetorically I see it as important to acknowledge that there are costs to installing surveillance gear. Sure, there can be benefits as well – and DPI is a great example of possible benefits to carriers, whereas the benefits are more nebulous when dealing with other systems of surveillance – but we should focus on costs when talking surveillance, or at least not obviate them from the discussion.
Such a discussion of costs shouldn’t turn to a ‘balancing’ discussion, but be put in the start terms of security (or other desired outcome of the surveillance apparatus) gain and rights loss. The two are not commensurate, as far as I’m concerned, and there isn’t any shame in recognizing this division. Instead, it makes for a more honest discussion of the actual implications of surveillance systems, and avoids the ‘is surveillance a threat to privacy’ nonsense, which is a loaded discussion that (in my view) requires the intermediary of constitutional rights to bridge the divide between surveillance and privacy as issues and concepts in contemporary Western environments.
Many apologies for that bad link, again. I’ve fixed it, and I’ll email along a copy of the article, just to be sure that you receive it!
Links as promised:
http://www.christopher-parsons.com/privacy/aggregating-information-about-cview/
http://www.christopher-parsons.com/privacy/update-to-virgin-media-and-copyright-dpi/
http://www.christopher-parsons.com/privacy/virgin-media-to-monitor-copyright-infringement/
LikeLike