Net Neutrality and Deep Packet Inspection: Discourse and Practice

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Stephane Leman Langlois

March 2009

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

Note: This essay was contributed by the author to the Office of the Privacy Commissioner of Canada's Deep Packet Inspection Project


Deep packet inspection appliances from Procera, Nortel and Cisco can cost several hundreds of thousands of dollars, plus installation and maintenance. The fact that most major ISPs, and especially backbone providers (who allow ISPs to connect to the network), have begun to adopt them as standard equipment can only mean that hefty benefits are expected. The first such benefit is the ability to filter millions of datastreams in real time, in order to allocate resources between network users. For instance, heavy downloading of music, video or other large files during peak hours can slow down the network for users simply browsing the web or trying to play online games. ISPs routinely refer to this situation as being unfair to the latter. Their response, the adoption of various DPI filtering products, allows for immediate recognition of the type of file being transferred by peaking inside the stream of packets and identifying the software they are associated to (so called “layer 7″ inspection). For instance, they can be set to throttle P2P file exchanges in favour of other uses. In fact DPI, in this case, replaces network speed and bandwidth improvement measures, such as replacing twisted pair connections by fibre optics in the case of phone line (A)DSL connections — which of course would cost much more than the DPI appliances (especially when tying to solve the “last mile” problem of optical home connection). However, since many ISP customers subscribe to a package especially sold by their provider as “unlimited,” and pay a higher price than other users, this throttling, however it may be justified, is seen as a breach of contract. The Canadian Association of Internet Providers (CAIP) recently applied for a ruling against Bell Canada, a backbone provider, with the Canadian Radio-television and Telecommunications Commission (CRTC) for this type of behaviour (typically referred to as “traffic shaping”).

Besides these purely technical reasons, ISPs can have other justifications for adopting DPI appliances — some of which actually stem from the technical DPI fix: by showing they can identify, sort out and filter types of data, ISPs and backbone providers may be increasing their responsibility for the uses their subscribers make of their networks. For instance, up to now, providers have been able to defend themselves from accusations of facilitating various copyright infringement activities by saying that they, much like the post office, do not know what envelopes or packets actually contain. This is no longer the case, and the situation creates new incentives for data sniffing that have nothing to do with resource allocation.

So, beyond traffic shaping, sniffing packets for content control is a normative activity, motivated by rules, laws and morality instead of purely technological imperatives. (For access providers who also happen to be content producers, one other obvious motivation is to control the use of their own material). Though none is commonplace today, and a few are not quite exceptional either, we can identify three general categories of normative content control through DPI:

  1. Commercial security:
    1. Protection of 3rd party copyrighted material: ISPs may be required to “listen” to internet traffic in order to block unauthorized file sharing and/or to identify the sharers (or at least their computer).
    2. Protection of systems: DPI can help protect networks and servers against cyberattacks such as distributed denial of service (DDoS) tactics.
    3. Protection of users: DPI appliances may, to a certain extent, recognize and defeat spam, viruses and trojans. On the other hand, they may not be immune to attacks themselves. It remains unclear what level of damage an infected DPI appliance might cause.
    4. Protection of commercial interests: DPI appliances can be used to interfere with certain web based technologies (such as VoIP) in favour of competing services (such as conventional phone service). They could also prioritize certain types of files according to existing commercial agreements between the corresponding software distributor and the owner/operator of the network.
  2. Anti “crime” security
    1. DPI appliances may allow the identification, tracking and blocking of various forms of criminalized content, such as child pornography and terrorism related materials
    2. DPI appliances may be used for wiretapping purposes. Any and all internet traffic generated by the target of a wiretap can be intercepted, much like the old “herbivore” FBI wiretap device, but at no cost to law enforcement (in the USA, the Communications Assistance for Law Enforcement Act, or CALEA, requires networks to be “wiretap ready”).
    3. States may criminalize other forms of content according to political views and specific versions of concepts such as sedition, immorality, blasphemy, etc.
  3. National security
    1. DPI appliances may also intercept communications deemed to threaten national security or which may offer information about national security threats. Typically, organisations tasked with the protection of national security have included commercial interests in their definition, which means that diplomatic and industrial data sources could be targeted.
    2. New military discourse of “national cyberspace” may eventually justify military monitoring of internet traffic through existing DPI devices. Communications Security Establishment Canada and Canadian Forces counter intelligence units are already involved in cyberspace activities.

Obviously, the list above contains more potential than actual applications of DPI technologies. However, history shows that potentials are usually put to use sooner or later. The “Net neutrality” announced in the title, whether desirable or not, is almost certainly a thing of the past. What remains to be seen is whether capable, efficacious watchdogs and regulation frameworks will accompany this brave new cyberworld.

Date modified: