DPI as an Integrated Technology of Control – Potential and Reality

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Ralf Bendrath

March 2009

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

Note: This essay was contributed by the author to the Office of the Privacy Commissioner of Canada's Deep Packet Inspection Project

The end-to-end principle for the Internet, where the intelligence is at the edges of the network, not within its core infrastructure, is supported by three types of arguments:

  • Technical Simplicity: Because of the layered protocol stack, the sub-networks are only connected through the TCP/IP protocol suite and a shared address space. Therefore, they are highly open to new transportation methods as well as new applications.
  • Political Freedom: Because the payloads at the application layer are encapsulated for the lower transport layers, the users have uncensored and uncontrolled end-to-end communication channels.
  • Economic Openness: Because of the openness for new applications, the Internet does not discriminate traffic based on its source, therefore treating all innovations equally and giving them a fair chance to succeed at the market.

Lawrence Lessig in his 1999 book “Code and other Laws of Cyberspace” used a nice illustration for the end-to-end model: “Like a daydreaming postal worker, the network simply moves the data and leaves interpretation of the data to the applications at either end.” Now, imagine a postal worker who is not just daydreaming and moving packets from one point to another in the transportation chain. Imagine the postal worker opens up all packets and letters; inspects and even reads the content; checks it against databases of illegal material and if finding a match, sends a copy to the police authorities; destroys letters he finds having prohibited or immoral content; sends packets with content from those mail-order companies which pay extra to the postal service to a special and very fast delivery truck, while the ones from the competitors go to an extra-slow and cheap sub-contractor. Such a postal system would infringe on the values embodied by the internet as described above:

  • Political Freedom: The postal system would now invade the privacy of communications and introduce censorship, potentially leading to “lost” letters from trade unions or political dissidents.
  • Technical Simplicity: Such an inspection system would create an additional overhead that would slow down postal delivery and place a significant responsibility on the postal worker. The letters and packets would also be damaged when being opened. And, most importantly, the postal service would assume functions it never was founded for.
  • Economic Openness: The differential treatment of content from different senders and companies basically means blackmailing content companies like mail-order stores into signing additional and costly high-speed contracts. New business models that solely rely on innovative content being delivered through the normal postal system would have to negotiate specialized fees with the postal service for their products.

Now, imagine a postal worker could all do this without significant delays compared to his (former, now fired) daydreaming colleague. This is what deep packet inspection technology is designed for.

Many of the functions provided by DPI have been available before. Internet traffic could be intercepted and logged with tools like TCPDump or Wireshark, copyright was enforced with digital rights management (DRM) and watermarks, scarce bandwidth was prioritized by the TCP congestion management and quality of service protocols, user behaviour was tracked and used for advertising with cookies, and so on. The potentially paradigm-changing characteristic of DPI is the fact that it integrates these diverse functions into one hard-coded and extremely fast piece of equipment. It thereby also integrates the interests of a diverse set of actors, who all have their distinct ideas of how to use DPI:

  • government agencies and content providers, who are interested in the monitoring and filtering of information flows (political control)
  • network operating staff, who have to deal with more malware and bandwidth-hungry applications than ever before and who often have limitations for expanding bandwidth on the last mile (technological efficiency),
  • vertically integrated ISPs that want to create additional revenues or protect them, e.g. through preventing the internet from cannibalizing their telephone- or video-on-demand revenues (economic interests).

DPI thus has the potential to change the nature of the internet, by making it a less open network, by introducing means for political control, and by stifling economic openness. But a potential does not necessarily, and rarely fully, translate into reality. DPI usage does not have to implement all the above functions of the highly awake postal worker. Some use-cases of DPI already seem to be disappearing. They do so for different reasons:

  • Market Reactions: NebuAd has ended its behaviour-based marketing activities because of the public outcry, and UK ad injection provider Phorm may undergo the same fate. The ISPs are publicly fleeing from this model for extra revenue before their customers flee from them.
  • Legislation: The European Parliament has voted against demands of the music and film industry, which was pushing for mandatory copyright filtering provisions. This happened mainly because of an intensive publicity campaign by internet users’ rights groups.
  • Regulatory Action: ISPs Comcast in the US and Rogers in Canada have undergone scrutiny by regulatory and privacy authorities because they throttled some of their users’ traffic based on what seemed appropriate and what not.
  • Technological Circumvention: A growing number of filesharing and other programs now allow for encrypting their traffic, which makes DPI-based copyright filtering impossible.

An important factor in all these cases is awareness and transparency. The market as well as technology vendors and public bodies reacted only after privacy advocates, bloggers and consumer protection groups had published how DPI works and what it does to the users’ privacy and the idea of an open Internet. As long as DPI vendors can successfully hide under ambiguous terms like “intelligent network” or “network management”, the dangerous potential of DPI will not be under enough public scrutiny.

It may well be that there is a sustainable and legitimate market for DPI technology, but with a much smaller set of use-cases. These will probably include corporate firewalls and malware filters, and potentially differentiated internet access pricing models and behavioural advertising – if this is done very openly and on an opt-in basis.

In the end, DPI teaches us again that while engineers invent powerful technologies, it is society and its norms, rules, and institutions that define if and how these technologies should and will be used. Any technology use-case that violates fundamental rights and user expectations is doomed to die. This does not happen automatically, of course. But the internet users’ rights groups have become a powerful force, and if they are supported by fundamental beliefs and basic rights of society, there is not much to do against them.

Appendix: Previous Technologies and DPI – Use Cases and Drivers

Political Control
Purpose Old New (DPI) Drivers
interception / surveillance TCPdump, Wireshark, dsniff (store & analyze) analyze in real-time police, intelligence community
filtering / censorship blocking based on URL or IP-Number content-based filtering anti-hate-speech, anti-terrorism, related efforts
copyright filtering DRM, watermarks, lawsuits content-based filtering content industry
Technological Efficiency
Purpose Old New (DPI) Drivers
bandwidth management TCP congestion management, QoS application-based routing last mile over-subscription, P2P traffic
subscriber management pay per minute, pay per volume differentiated services and pricing heterogeneous user behaviour and user needs
network security look for communication patterns look for content patterns corporate network operators
Economic Interests
Purpose Old New (DPI) Drivers
vertical integration I (content) tying throttle competing services video on demand etc.
vertical integration II (telecommunications services) tying throttle competing services integrated phone & internet providers
copyright filtering cookies
(website owners)
ad injection (ISPs) ISPs, ad networks
Report a problem or mistake on this page
Please select all that apply (required): Error 1: This field is required.


Date modified: