Deep Packet Inspection

The Objection to Deep Packet Inspection

What is Deep Packet Inspection?

Let me begin my definition of Deep Packet Inspection(DPI), by distinguishing it from Stateful Packet Inspection(SPI). Stateful Packet Inspection is a term that is used primarily by networking professionals, to describe the process of how firewalls work in terms of protecting a system. SPI is by nature, very different from DPI - the primary difference is that the content is never looked at during inspection. SPI merely looks at the state (hence the name) of network communication across a network. On the other hand, DPI is essentially a step further than SPI. DPI will look at more than just the state of the connection to protect a network from an attacker. To do this, DPI will look at the data of a packet during network traffic, and sometimes the header of the packet.

In simple terms, SPI is looking at merely the state of incoming and outgoing packets and DPI is looking at everything it can: the state, the data and potentially the header of the packet.

Is Deep Packet Inspection bad?

In short, no - but let me be clear; there are very big concerns when it comes to DPI. The primary example, is companies sacrificing your personal privacy under the guise of safety. An example of a good use of DPI would be a personal network that is under attack by someone with too much time and bandwidth. The company could use DPI as a mode of protection against the attacker. An example of bad use of DPI would be an Internet Service Provider monitoring a person’s network traffic. Another example of bad use of DPI would be an Internet Service Provider censoring a person’s network traffic.

How Deep Packet Inspection relates to Net Neutrality.

From my previous blog post, “The term(Net Neutrality) is used to represent an ideological standpoint, for proponents of free and open internet”. Proponents of Net Neutrality, are in large part against DPI because DPI will inevitably be used by Internet Service Providers(ISP) as a tool against Net Neutrality. Internet Service Providers can use DPI to monitor network traffic or censor network traffic.

As an example of this, lets say you are an ISP and you already have some marginal percentage of global internet customers, but you want to expand by making people pay more for the same internet they are currently receiving. A way in which you could do this, is by tracking packet use to certain applications. For example, you notice that a lot of customers are constantly playing some online game that uses a lot of bandwidth. As the ISP, you make it cost more to play this online game - to make sure your users have to upgrade you use DPI to catch when a user is playing the game.

My opinion on Deep Packet Inspection

In large part, I think Deep Packet Inspection is a morally neutral tool. The issue is primarily that there are very damaging ways an ISP can utilize this tool to cause situations where DPI is no longer a morally neutral tool. Internet censorship and monitoring, are just a few examples of ways DPI can be used to cause havoc amongst proponents of Net Neutrality.

In my next few blog posts about Net Neutrality, I will talk more about potential solutions and political opinions.

Cheers,

Brandon

Sources/Inspiration

// The video is very long, but gives a good example of how DPI can be used for good

http://www.sonicwall.com/us/en/products/Deep_Packet_Inspection.html

http://www.priv.gc.ca/information/research-recherche/dpi_intro_e.asp

http://kb.kerio.com/product/kerio-control/firewall-packet-filtering/what-is-stateful-packet-inspection-429.html