Analysis: ipoque, DPI, and encryption

Package-reportipoque is one of the world’s leading Deep Packet Inspection (DPI) appliance manufacturers. For the past several years they have been producing detailed reports on the constitution of Internet bandwidth usage; their 2006 report was predominantly based on German data (100,000 German households’ data was incorporated into the study, versus 10,000 European households outside of Germany), whereas their 2008/2009 report takes data from Northern Africa, South Africa, South America, the Middle East, Eastern Europe, Southern Europe, Southwestern Europe, and Germany. In short: the study’s range of participants and associated data points have increased substantially.

While the most recent report isn’t ‘comprehensive’ in the sense that it offers a perfect picture of the Internet’s global bandwidth and protocol usage during the data accumulation period, there are interesting things that we can learn from it. Perhaps most interesting, is that ipoque learned that P2P protocol usage grew far less than during the 2007 data collection period. The 2008/2009 report routinely identifies Direct Download Sites and services such as Usenet as reasons for the decline of P2P usage, as well as increasingly rich multi-media HTTP traffic. (While it is well beyond the scope of the ipoque study, it would be delightful to see if there is a corresponding relationship between content owners providing their media through web accessible portals and decreases in the growth of copyright infringement online.)

What is of most interest and concern in the report (to me, at least) is ipoque’s way of discussing file encryption that is used by P2P applications. The report reads;

Many modern P2P clients offer various forms of obfuscation and encryption. The common claim is that this is meant to improve the privacy of P2P users is plain dishonest. Even if encryption is enabled, files are still shared with the general public, so for everybody to download and store unencrypted. This is also why encryption does not provide any protection against copyright investigations in P2P networks, where investigators use normal P2P clients to participate in the network and download files from potential infringers. The only sensible reason for encryption is the attempt to circumvent bandwidth limitations imposed for P2P transfers by the ISP. However, with modern traffic management systems, which are able to reliable detect obfuscated and encrypted P2P traffic, this measure is totally ineffective (ipoque 2009: 7).

The authors of the study are not entirely wrong, but at the same time I think that more and more P2P users are likely seeing their ISPs as collaborating with copyright agents and, as such, think that they need to hide what they are doing online from their ISPs. Sure, ISPs can identify what application is transmitting the data, even when it’s encrypted, but they cannot easily identify whether P2P transfers are moving infringing packets. Moreover, ipqoque’s claim that the obfuscation and encryption of P2P traffic is totally ineffective remains to be seen; the claim is not backed up by contemporary objective third-party analyses of DPI equipment. Instead, we are given a blunt ‘truth’ from a DPI manufacturer – while I would agree that DPI is likely able to routinely identify even encrypted P2P activity (rather than encrypted P2P content), the chances that it catches all such traffic is difficult to believe. False negative and false positive were identified in Internet Evolution’s study, and will presumably continue for some time.

Encryption remains the best, and really the only, solution that consumers have to securing their privacy online. The issue with this, of course, is that upon encrypting one’s traffic it immediately stands out like a sore thumb. This has been pointed out by Diffie and Whitfield in Privacy on the Line, where they argue that traffic analysis can be as revealing (or perhaps even moreso) as content analysis itself. Moreover, even SSL leaves TCP/IP header information unencrypted so that packets can route to their destination points; while obfuscation can try to mask this information from DPI appliances, any and all appliances that support software updates/flashes to heuristic algorithms mandate a persistent ‘encryption-war’ between security vendors and those aiming to circumvent DPI surveillance processes. At the moment, it seems to me that methods of trying to secure one’s data privacy from your ISP leads to the exposure of the community that you are participating in. As such, it appears as though the present ‘encryption-wars’ broadly prioritize a liberal conception of privacy, whereby the individual is privileged over the community. I might be wrong about this, and it’s very much an idea-in-progress, and would welcome contradictory positions that demonstrate why I’ve gotten things totally wrong!