In reading through the recent CRTC filings, something that has been striking me is that the ‘regular’ metaphor for how Deep Packet Inspection (DPI) technologies work seems a bit awkward. When you send packets of data along the ‘net, they are broadly composed of a header and a payload. The metaphor goes as follows: the header is like the addressing information on an envelop, and the payload is the actual letter in the envelop. DPI opens the envelop, sees the content of the letter, examines it, reseals it, and then passes the letter along to its destination (assuming that the contents aren’t of a type that shouldn’t be sent onwards).
I like the metaphor because of its power, but at the same time I have to wonder about its accuracy, at least in the Canadian situation. When reading the ISP’s CRTC filings, I keep reading that they use DPI devices for flow analysis – they’re not looking for the content of your email, they just want to identify whether you’re sending email or an instant message. Rather than assume that the ISPs are being duplicitous, why not reconsider the metaphor to see if it can’t be developed to distinguish between different usages of DPI equipment.
In the already stated metaphor, we have a case where the equipment is looking at the content of messages – what messages you send to your friends via instant messenger, for example. This is a terribly heavy computational process, and really only works well (at the moment) when either targeting particular packet streams, or when putting massive resources behind content-inspection capacities. This isn’t exactly cost efficient (as I understand it) for ISPs at the moment. ISPs, as I note in a working paper that should be live soon (I hope), are interested in enhancing revenue streams, not in invading people’s privacy unnecessarily.
In light of this, and in how ISPs claim they use DPI equipment, I suggest the following way of ‘conditioning’ the already existing metaphor. DPI can be understood to be looking past the envelope/wrapping of the mailed package, but not so that it can read the contents, but so it can identify the kind of mail that you’re sending. Does the envelop/package hold written text? Does it hold a pair of scissors? Have you stuffed it with cat fur?
The contents of the letter are then categorized according to a particular metric and then a ‘content flow analysis’, that is a regulated enumeration of the categories of content-types, can be made. This analysis allows the postal service/ISPs to more efficiently identify when they need to make adjustments to their transmission network – where it is found that people are sending packages that are all marked ‘delicate’, and the packages actually contain crystal swans, extra training should be provided to mail handlers so that they don’t damage items. Conversely, to the region that labels everything ‘delicate’ but is actually sending pieces of steel to one another, such extra training probably isn’t necessary. For ISPs, packet flow analysis lets them see where they need to augment network capacity for ‘legitimate’ traffics, and areas where this isn’t such a substantial issue.
I’ll note in conclusion that: (a) this is still a rough thought-in-progress; (b) doesn’t alleviate the privacy/surveillance concerns that many hold surrounding DPI; (c) raises very real questions about what ‘legitimate’ traffic is. Regardless, I think that it might be a better metaphor (if slightly longer, and thus a little less sexy) to try and explain how Canadian ISPs appear to be using DPI equipment in their day-to-day operations to throttle particular Internet traffic based on its content-type.