DPI and Net Neutrality's Overseas Weak Spot

Ian Lamont writes "An unnamed source at an American ISP says staff there briefly considered using Deep Packet Inspection to comply with an order from Argentina's Department of Justice to block access to a local gambling site. The ISP ended up not going that route, owing to the cost, but some engineers at the company worry that DPI will eventually be implemented on the ISP's overseas network, thereby positioning it for an easier US rollout should Net Neutrality lose out in Washington. Besides being used for traffic-shaping, DPI can also monitor the traffic of ISP subscribers to supply targeted advertising."

This is where customers put their foot down.

And say "No".

Even if it hurts in the short run. The loss of consumer bargaining power in these instances, where the contracts possibly allow for this, is the fault of the general consumer to begin with.

Re:This is where customers put their foot down.

And say "No".

I ask, "to whom?". The ISPs are not the only ones who want (to use a generalization) the traffic of subscribers to be monitored. I think you overestimate the power of the consumers in this case.

Re:

I think you overestimate the power of the consumers in this case.

If the consumers go away, the corporation goes out of business.

Now how is the GP "overestimating" the power of consumers if the very life of the corporation in question hangs in the balance?

In the past decade, American consumers went trillions into debt to purchase foreign consumer goods and thus kept the funny-money US economy from crashing like the Hindenberg. I would say that's a mighty display of "power".

The only people who don't think c

Re:This is where customers put their foot down.

You convinced me. I'd like to get in on this boycott. Send me an e-mail when I need to cancel my internet, and then send me another email when the boycott is over and I can resume using the... internet...

I think I may see a problem here.

Re:

Don't be a tool. The Internet has always operated on the principle that traffic on the public network isn't private. Let them use Deep Packet Inspection. If you didn't encrypt your data, that's your fault.

And as for consumer bargaining power, we never had any. Residential broadband has always been without an SLA. Even if you network goes down or is slow for weeks, your only recourse is to cancel your service.

What we need are SLA's for consumer broadband that guarantee a minimum (not maximum) bandwidth. Then

Re:This is where customers put their foot down.

I'll encrypt what I need to be private. And let them block all they want within the SLA, I'll pay for the level of service I need.

What happens when ISPs start to throttle (or block all together) encrypted or binary data ?

I can already imagine the justifications: "binary data consists largely of pirated software and media!", "only terrorists, pedophiles and other criminals have something to hide and use encryption!" "yap yap yap!"

At the risk of sounding pretentious, I believe that the Internet is one of the greatest assets for human advancement and achievement since the printing press. It is far too important to us to allow certain groups with special interests to ruin it for everyone. One last resort is to force ISPs who succumb to government pressure out of business. In the meantime we have to use every single democratic and diplomatic means at our disposal to force government to make the decisions that serve the larger population's wishes, and not the small special interest groups that want to shut the rest of the world up.

Re:

What happens when ISPs start to throttle (or block all together) encrypted or binary data ?

Then we'll Uuencode or BinHex the binary data so it looks like ASCII.

Re:

They throttle https? How have online banks and retailers reacted?

Re:

Let me toss this one back at you. How many times do you continually push high bandwidth traffic to or from your bank? You could easily throttle those pages down to 10% of "full speed" and very few people would notice, let alone figure out the pattern.

Re:

They throttle https? How have online banks and retailers reacted?

Rather slugglishly, I'm afraid.

Re:

If you didn't encrypt your data, that's your fault.

Don't think for a second that private use of encryption isn't under attack by the telecoms and the government that works for them.

Re:All the more reason to move to IPv6...

That actually makes me wonder if the whole reason IPv6 adoption is so miserably low is that the government and communication companies know that when they adopt it wholesale, they lose the ability to do easy DPI and other such shenanigans.

Re:

I'd hand out a complimentary tinfoil hat if I had one.

IPv6 is on the radar and requested as a must-have, but normally only on a roadmap level ("Will your product support this some time in the future?"). In some parts of the world (there's more to it than the US), any device incapable of IPv6 won't get onto the network in the first place.

If you stop to think about the practical implications for a while, it's very unlikely that encryption will be that much more widespread than it is today (it's a processing p

Re:This is where customers put their foot down.

Tell you what: people are quickly learning about the means and meaning of the surveillance of our data and behavior.

Here in Chicago, tens of thousands of drivers have gotten little notes in the mail from the City of Chicago, telling them that they have to pay $100 or have their car seized, based on a picture taken at an intersection.

When a local, nationally prestigious university recently had a public symposium on the effect of electronic surveillance upon personal, public and political life, you would have been quite surprised at the number, and the variety, of the people who showed up. In fact, a lot of last-minute shuffling had to take place at the venue to accommodate the unexpected number of attendees. And a surprisingly small number of them were techies and geeks. A large number were under age 18.

Packet Encryption

So, we'll all have to implement some form of packet encryption so that our packets can't be inspected. It is sad that there's so much interest in our communications, whether it be for marketing, or government control, that we can no longer trust our old internet which transmits everything in the clear.

Re:

The problem is that even if every website also did this, which they won't, your ISP could still sell your browsing history to advertisers or give it to the feds because they know what sites you visit even if they don't see the contents of the packets.

To avoid this you need something like Tor.

Re:Packet Encryption

Ive been routing my internet through trusted nodes accross the net in encrypted form for a while now and have given up the "old internet". NSA has dpi level inspection at major fiber lines via light bending, especially with underwater fiber. They also use spoilia (spillage of communication signals caught by satalites due to the earths sphere shape) to intercept our activities on wireless communications. If your data is ever transmitted in the air, assume it is being watched. Fiber optics is harder to snoop in on since it requires a physical tap. I wouldn't worry about the US spying on its citizen. It dosn't need to. Under the UK-USA agreement, the NSA shares its intelligence info with the UK, Nz, and Aus and in return those countires share their info with us. The US does not engage in spying on citizens, instead, it usually asks one of its allies to spy on a specific person. By doing this, the US bypasses many laws on privacy. The NSA's largest establishment in the UK USA agreement is at menwith hills and fort mede, maryland. The two agencies (both controlled by the NSA) coordinate sigint. Bottom line, all of our traffic is monitored and run through thousands of different communication algorithms for data mining. Do not share any identifiable information online, to any one for anyreason. Even anonymous browsing is vulnerable to time analysis.

Re:Packet Encryption

Mr. Bin Laden? I didn't realize you joined Slashdot. Do you run Linux? Welcome.

Re:Packet Encryption

Ironically, bin laden DID NOT encrypt his communications. Instead, he chose to plan is activities on the internet in sex chat rooms and other public locations on the internet. Bin laden, who had a relationship with the CIA before becoming a terrorist, knew that encrypting communication was one of the NSA's criteria that alerted the agency of an individuals suspicous activitiy. Encryption draws attention becuase its like feeding the NSA bad data. If enough people encrpyt their communications regularly, it will make it harder for the NSA to snoop...and yes, I do run linux :)

Re:Packet Encryption

Dude, weren't you supposed to submit that anonymously or something?

Even the strongest chain has a weak link...

How and why do you trust those nodes? Unless it's a completely dark net there's an egress point, and that point can be coopted/coerced. At the very least all traffic going through that endpoint can be trivially sniffed by at least one person. If you're worried about the NSA or its cronies tapping your communications, why aren't you worried about someone exerting pressure on the weakest link in the chain?

If you're on a completely dark net, well, that's great... but won't the lack of content get boring aft

Re:

Long answer short, the exit node is the weakest link. But what if an individual owned a network of exit nodes colocated in facilities throughout the world? These nodes were hosted in secure locations without physical access. ;) time analysis still works :(

Everything Should Be Secure-ish

A lock doesn't need to be unbreakable in order to be of some value, it only needs to be good enough to deter some violators. Examples:

• Envelope - takes time and effort to hold up to a light, or reheating the seal with an iron
• Padlock - takes a large shearing tool, or a couple picking tools
• Car - takes a 'slim jim' door shim, or breaking a window noise
• ROT13 - takes a simple function to decrypt, which is a conscious action that can deter simple temptation

Excuses that governments may have nearly limitles

Out of interest

How much extra resources are used in delivering a page by HTTPS instead of HTTP?

DIP will likely be rolled out to support QoS.

IMHO Deep Packet Inspection will be rolled out to identify the protocols in use on connections, to support assigning the correct QoS to different protocols.

For instance: File transfers accelerate until they consume (and equally divide) all bandwidth at the most congested link in their path, but just slow down if they're artificially limited below that level. Meanwhile Streams are band limited but must go to the front of the line to meet their jitter and delivery reliability requirements, though delayed stream packets are useless and should be dropped to avoid also delaying their successors.

Unfortunately the tagging of the packet itself can't be trusted because there is an incentive to achieve improved service by cheating, requesting better service than necessary. (And a Microsoft IP stack, widely deployed, made just this "improvement".)

My take: The right solution is to write a contract for various rates of "premium" packets, then accept the labeling but demote the QoS on packets above the running limit. Then the incentive is on the user to obtain software that doesn't cheat, and the ISP doesn't need to deep inspect.

Unfortunately, the ISPs and equipment vendors seem to be going with the DPI identification approach. And that means deploying DPI, which can then be misused by the ISPs to do the bad kind of non-neutrality.