Deep Packet Inspection Canada

Last week my advisor, Dr. Colin Bennett, and I launched a new website that is meant to provide Canadians with information about how their Internet Service Provider (ISP) monitors data traffic and manages their network. This website, Deep Packet Inspection Canada, aggregates information that has been disclosed on the public record about how the technology is used, why, and what uses of it are seen as ‘off limits’ by ISPs. The research has been funded through the Office of the Privacy Commissioner of Canada’s contributions program.

Deep packet inspection is a technology that facilitates a heightened awareness of what is flowing across ISP networks. It has the ability to determine the protocols responsible for shuttling information to and from the Internet, the applications that are used in transmitting the data, and (in test conditions) can even extract elements of data from the application layer of the data traffic in real time and compare it against other packet signatures to block particular data flows based on the content being accessed. Additionally, the technology can be used to modify packet flows using the technology – something done by Rogers – but it should be noted that DPI is not presently used to prevent Canadians from accessing particular content on the web, nor is it stopping them from using P2P services to download copywritten works.

The website was developed so that Canadians can easily, and quickly, learn whether their ISP uses this technology and, if so, how it is used to survey data traffic and the motivations and limitations of such surveillance. The project, and associated web space, has five elements composing its mandate:

  1. To develop the largest publicly accessible repository of information concerning the use of DPI in Canada;
  2. To explain to Canadians in non-technical language whether and how their ISP uses DPI technologies;
  3. To provide regular analyses of current uses of dPI in Canada, as well as abroad when relevant;
  4. To facilitate discourse about DPI technologies amongst Canadians;
  5. To provide research and analyses of DPI technologies that could be used by government agencies, including privacy and information commissioners.

Presently, we have loaded the website with information about Canada’s largest ISPs – the Bells, Rogers, Cogecos, and so forth – and are beginning to gather and input information about small- and mid-sized ISPs. This present collation of data is the ‘stage two’ of our research, and stage three will see us gather information from university networks to try and identify how Canada’s post-secondary educations system is (or is not) surveyed and mediating academic data traffic.

I would invite all of my readers to take a look at the site, and provide feedback. This is seen as a community-informed project; without the community Colin and I stand as two researchers, but with the community our blind spots and areas of ignorance can be revealed and addressed.