Tuesday, June 23, 2009

Iran, China, and Deep Packet Inspection: A Cautionary Tale

Recently, electronics manufacturers have developed so-called Deep Packet Inspection (DPI) technology capable of tracking Internet communications in real time, monitoring the content, and deciding which messages or applications will get through the fastest.

Here’s how it works, as explained by The Free Press in their recent report Deep Packet Inspection: The End of the Internet as We Know It?:

"Messages on the Internet are broken down into small units called packets. Each packet contains a header and a data field. The header contains processing information, including the source and destination addresses. The data field contains everything else, including the identity of the source application (such as a Web browser request, a peer-to-peer transfer, or an e-mail), as well as the message itself (part of the contents of a Web page, file or e-mail). Packets are much like letters – the outside of the envelope is like the packet header, and the inside, like the data field, carries the message.


"DPI technology opens and reads the data field in real time, allowing network operators to identify and control, at a precise level, everyday uses of the Internet. Operators can tag packets for fast-lane or slowlane treatment – or block the packets altogether – based on what they contain or which application sent them."


"Although early uses of real-time DPI by ISPs have been geared toward targeted advertising and reducing congestion, manufacturers market the technology for its ability to determine and control every use of a subscriber’s Internet connection. When a network provider chooses to install DPI equipment, that provider knowingly arms itself with the capacity to monitor and monetize the Internet in ways that threaten to destroy Net Neutrality and the essential open nature of the Internet."

But here's where it starts to get a little freaky. Yesterday, the Wall Street Journal reported that Iran and China are likely using DPI technology to monitor and control the Internet. The Iranians appear to be using DPI "to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes."

The Chinese government is believed to be using it to implement its "Great Firewall," "widely considered the most advanced and extensive censoring in the world" -- an "arrangement that depends on the cooperation of all the service providers."

The Wall Street Journal writes:

The Iranian regime has developed, with the assistance of European telecommunications companies, one of the world's most sophisticated mechanisms for controlling and censoring the Internet, allowing it to examine the content of individual online communications on a massive scale...The monitoring capability was provided, at least in part, by a joint venture of Siemens AG, the German conglomerate, and Nokia Corp., the Finnish cellphone company, in the second half of 2008, Ben Roome, a spokesman for the joint venture, confirmed.


All eyes have been on the Internet amid the crisis in Iran, and government attempts to crack down on information. The infiltration of Iranian online traffic could explain why the government has allowed the Internet to continue to function -- and also why it has been running at such slow speeds in the days since the results of the presidential vote spurred unrest.

Users in the country report the Internet having slowed to less than a tenth of normal speeds. Deep packet inspection delays the transmission of online data unless it is offset by a huge increase in processing power, according to Internet experts.


Countries with repressive governments aren't the only ones interested in such technology. Britain has a list of blocked sites, and the German government is considering similar measures. In the U.S., the National Security Agency has such capability, which was employed as part of the Bush administration's "Terrorist Surveillance Program." A White House official wouldn't comment on if or how this is being used under the Obama administration.


Several years ago, research by OpenNet discovered the government using filtering equipment from a U.S. company, Secure Computing Corp. Due to the U.S. trade embargo on Iran, in place since the 1979 Islamic revolution overthrew the U.S.-backed shah, that was illegal. Secure Computing, now owned by McAfee Inc., at the time denied any knowledge of the use of its products in Iran. McAfee said due diligence before the acquisition revealed no contract or support being provided in Iran.

Click here to read the rest of the Wall Street Journal's article.

The dangers that DPI technology poses to consumer privacy cannot - and should not - be understated. It would give network providers unprecedented access to Internet users private web surfing habits as well as enormous power over consumers and the evolution of the net itself.

US companies Comcast and Cox have already sparked widespread concern about abuses of online privacy through their own controversial use of the technology. It was just recently that NebuAd offered an advertising service to network providers that would secretly sit at key places within the network and monitor all consumer communications passing through the network, using DPI to search within packets for URLs and search terms. The devices would then analyze some or all of that traffic to identify consumer behavior patterns.

NebuAd artificially inserted packets of data into the stream of traffic to redirect Web browsers to a NebuAd-owned domain for the purpose of placing unsolicited tracking cookies on the user’s computer. In March 2008, Internet users began detecting unsolicited cookies originating from NebuAd systems put in place by ISPs without notice.

The good news is NebuAd is virtually gone, and thanks to an organized and effective effort by public interest groups in 2008, so to is the use of DPI technology for such purposes...for the time being. But the fact is, the manufacturers of DPI equipment are still in business (thanks partly to Iran and China), and still looking for ways to put their monitoring and discrimination tools to use here in America.

And this leads me back to the much more sinister uses of this technology being utilized by Iran and China. If ISP's in America are allowed to take advantage of DPI, how different would this really be than allowing our government to do so too?

It was OUR government that orchestrated a massive, illegal warrantless wiretapping program targeting American citizens. It was also our government that then gave retroactive immunity to those telecommunication companies that ILLEGALLY shared our private information with it...a classic government-corporate win-win deal to be sure.

In light of that tidbit of trivia, why should we believe - even for a second - that such a scenario could not occur again? Our government may someday want to monitor our movements and actions on the net. But in this case, ISP's are the gatekeepers, and it is they that can and are monitoring every "movement" we make on the net thanks to DPI technology. The government asks "can we have that please", the ISP's say "of course". Suddenly, America isn't so different from Iran and China after all...but not in a kumbaya sort of way.

Josh Silver, executive director of Free Press, connected these critically important dots in a press release yesterday:

"DPI technology is America's sleeping giant. It has been widely deployed by Internet service providers across the country, and could be secretly put to use without our knowledge or consent.

"The American Internet experience is not the same as that of Iran or China. But we see how dangerous this technology can be when it falls into the wrong hands, or is used for the wrong purposes. Whether DPI is wielded by a government or a big corporation, the power to pursue political or economic discrimination is disturbing."


"We urge our lawmakers to heed the cautionary tale of Iran and China. We should not blindly permit concentrated control over the Internet. Before this technology is widely activated, we encourage Congress to open a broad inquiry to determine what is in the best interest of the American people."

In a speech just last month, President Barack Obama did give us some reason to be optimistic, stating:

"Our pursuit of cybersecurity will not -- I repeat, will not include -- monitoring private sector networks or Internet traffic. We will preserve and protect the personal privacy and civil liberties that we cherish as Americans. Indeed, I remain firmly committed to Net Neutrality so we can keep the Internet as it should be -- open and free."

But I have a long memory, and I won't soon forget how fast and thorough the President flip flopped on telecom immunity. So, let me finish by quoting the Free Press one last time from their seminal report, Deep Packet Inspection: The End of the Internet as We Know It?:

The debate over the use of DPI has only begun. Appropriate uses of DPI technologies do exist. But the applications we have seen thus far are not encouraging, and the burden of proof for their benefit rests squarely with the network operator.

It appears I have yet another important issue to cover here.

No comments: