The Office of the Privacy Commissioner has created a new website. In addition to the commissioner’s blog, there is now a website devoted to deep packet inspection, announced here.
Deep packet inspection is quite a profound modification of how the internet works. All information passed across the web goes through a number of machines. In the classic version of this arrangement, they just forward the information to the next link without giving it any consideration. With packet inspection, the datastream can be monitored by those intermediate machines, including the ones at a user’s internet service provider (ISP) between their computer and the rest of the internet. Given that the computers of your ISP see all your traffic, having them implement deep packet inspection raises some especially serious questions. That is especially true given that they may be vulnerable to attack by malicious actors, and may be willing to cooperate with requests from governments, even if those requests are illegal.
The technology could have good uses, like stopping viruses and worms. It could also have many malicious ones. Companies could use it to block competition, by making the internet discriminate against their existing rivals and new startups. It could also be used for data mining, eavesdropping, and censorship. Personally, I would prefer an internet without it, and I am glad to see that it’s something Canada’s official privacy official has been devoting a fair bit of attention towards.
Your Rights Online: An Education In Deep Packet Inspection
Deep Packet Inspection, or DPI, is at the heart of the debate over Network Neutrality — this relatively new technology threatens to upset the balance of power among consumers, ISPs, and information suppliers. An anonymous reader notes that the Canadian Privacy Commissioner has published a Web site, for Canadians and others, to educate about DPI technology. Online are a number of essays from different interested parties, ranging from DPI company officers to Internet law specialists to security professionals. The articles are open for comments. Here is the CBC’s report on the launch.”
“But I think the fact that the Chinese have not done this reveals something usually overlooked about the nature of the anti-censorship arms race. The situation is frequently cast as a battle between the evil geniuses who run the government filters and the good geniuses who write the software to get around the filters, while the grateful citizens of the censored country are the beneficiaries. But if the government censors haven’t even done some simple experiments like this in order to block UltraSurf, they must not think it’s a high priority to stop the program from working. This in turn suggests that the number of people using UltraSurf in a country like China, while large in absolute numbers, don’t constitute a large enough proportion of the population to worry the government. Presumably either the ideas leaking in through an unfiltered Internet are not reaching a large enough proportion of the population, or the ideas are not expected to take hold in enough people’s minds to reach a tipping point that causes a problem for the ruling party.”
“‘… two US companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people’s privacy with steps that include obtaining their consent. They also say they don’t use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users’ interests. Both would share ad revenue with the ISPs. Kindsight says its technology is sensitive enough to detect whether a particular person is online for work, or for fun, and can target ads accordingly.”