Just Deliver the Packets

This page has been archived on the Web

Information identified as archived is provided for reference, research or recordkeeping purposes. It is not subject to the Government of Canada Web Standards and has not been altered or updated since it was archived. Please contact us to request a format other than those available.

Archived

This page has been archived on the Web.

Hal Abelson Ken Ledeen
Harry Lewis

March 2009

Disclaimer: The opinions expressed in this document are those of the author(s) and do not necessarily reflect those of the Office of the Privacy Commissioner of Canada.

Note: This essay was contributed by the author to the Office of the Privacy Commissioner of Canada's Deep Packet Inspection Project

---

“Neither rain, nor snow, nor heat, nor gloom of night stays these couriers from the swift completion of their appointed rounds.” So wrote Herodotus of the fifth-century-BCE packet delivery service used by Xerxes, king of the Persians. This famous passage is inscribed on the general post office in New York City. Less familiar are the next words of the text: “The first courier transfers the message to the second, the second to the third, and thence it passes from one to the next.”^{Footnote 1}

Though the technologies have changed, the principles have not. Break the delivery chain into segments; provide fast service on each link; make your best effort to complete the handoff at each stage; and don’t try to do anything else with the message except to deliver it.

In the Internet, “deep packet inspection” (DPI) is usually described as the practice by Internet Service Providers (ISPs) of looking at the contents of packets, not just their addresses, before deciding how to deliver them. In fact, DPI is more than that: “inspection” is a euphemism. As actually used, DPI may involve introducing forged packets into the data stream—packets apparently created by a sender, but in fact created by the ISP to alter the recipient’s experience. Comcast used this method to “manage” communications by slowing certain data streams (mostly video), and drew a stinging rebuke from the U.S. Federal Communications Commission.

Some ISPs consider DPI to be a useful tool in their quest to provide high-quality service and rational allocation of limited bandwidth. In their view, regulation of DPI would hobble innovation in their business practices. Some have even suggested that anti-DPI legislation would be a precedent for government regulation of Internet speech itself.

In fact, DPI should be banned for two reasons. The first is privacy. DPI violates the universal expectation that delivery services won’t read the messages they are delivering. Second is “generativity,” to use the term coined by Harvard Law School professor Jonathan Zittrain^{Footnote 2} to describe technologies on which users can build in unanticipated ways. Reliability of the delivery service is the mother of creativity at the endpoints.

Privacy first. Users do not expect service providers to examine packets en route, any more than they expect the phone company to decide by listening in whether a call merits a high-quality line. The Internet by design connects peers to peers. For example, “distributors” and “consumers” of movies streamed over the Internet are architecturally on an equal footing with email in and out of African Internet cafes. The real threat of censorship comes not from government guarantees of content neutrality, but from carriers discriminating on the basis of content, source, and destination—probably in favor of the powerful and against the weak. It has happened before, as when Western Union cut a deal with the Associated Press in 1867 to exclude other news services from its telegraph wires, and when Verizon denied a pro-choice group access to text messaging in 2007 on the basis that its agenda was “controversial or unsavory.”

Analysis of packet protocols (“he’s been downloading a lot of video lately”) and origins (“those videos are from YouTube, not Comcast”) is intrusive. Indeed, the presumption of privacy, and of neutral treatment of all data types and sources, is so strong that DPI might be self-defeating. Were it widely known that ISPs could lawfully exploit information they glean from peeking inside packets, Internet users might encrypt their communications to defeat the ISPs’ payload analysis.

Generativity second. As Internet pioneer David Reed explained to the U.S. Congress,^{Footnote 3} creative software engineers at the edge of the network gave us countless useful applications for which the Internet was not designed. Internet telephone protocols, for example, changed the international phone call from an expensive luxury into a routine part of millions of daily lives. Such creativity will continue into the future only if the functioning of the core of the Internet remains documented, consistent, and predictable.

The market won’t sort out this conflict because necessary competitive conditions don’t exist. When many areas have only one choice for broadband services, and few have more than two, service providers find it more profitable to sustain and manage scarcity than to build toward reducing it.

The Internet is a public good owned by private businesses, which enjoy monopoly or duopoly powers almost everywhere. Though any regulation must judiciously avoid hobbling future technological innovation, broad legal guarantees of the Internet’s secure and transparent operation will serve the public interest.