Over the past few days I’ve been able to attend to non-essential reading, which has given me the opportunity to start chewing through Bruce Schneier’s Beyond Fear. The book, in general, is an effort on Bruce’s part to get people thinking critically about security measures. It’s incredibly accessible and easy to read – I’d highly recommend it.
Early on in the text, Schneier provides a set of questions that ought to be asked before deploying a security system. I want to very briefly think through those questions as they relate to Deep Packet Inspection (DPI) in Canada to begin narrowing a security-derived understanding of the technology in Canada. My hope is that through critically engaging with this technology that a model to capture concerns and worries can start to emerge.
Question 1: What assets are you trying to protect?
- Network infrastructure from being overwhelmed by data traffic.
Question 2: What are the risks to these assets?
- Synchronous bandwidth-heavy applications running 24/7 that generate congestion and thus broadly degrade consumer experiences.
Question 3: How well does security mitigate those risks?
In the current CRTC hearings over Canadian ISPs’ use of Deep Packet Inspection (DPI) to manage bandwidth, I see two ‘win situations’ for the dominant carriers:
- They can continue to throttle ‘problem’ applications in the future;
- The CRTC decides to leave the wireless market alone right now.
I want to talk about the effects of throttling problem applications, and how people talking about DPI should focus on the negative consequences of regulation (something that is, admittedly, often done). In thinking about this, however, I want to first attend to the issues of censorship models to render transparent the difficulties in relying on censorship-based arguments to oppose uses of DPI. Following this, I’ll consider some of the effects of regulating access to content through protocol throttling. The aim is to suggest that individuals and groups who are opposed to the throttling of particular application-protocols should focus on the effects of regulation, given that it is a more productive space of analysis and argumentation, instead of focusing on DPI as an instrument for censorship.
Let’s first touch on the language of censorship itself. We typically understand this action in terms of a juridico-discursive model, or a model that relies on rules to permit or negate discourse. There are three common elements to this model-type:
There are worries that Internet Service Providers (ISPs) may inject intelligence into their networks to try and unfairly differentiate their services from competitors’. Time Warner’s recently reformed End User Licensing Agreement (EULA) may be the most recent demonstration of this kind of differentiation. The EULA recognizes a difference between third-party video streaming, and streaming content from Time Warner’s own network spaces, and authorizes Time Warner to: