A question on Deep Packet Inspection

So KPN admitted it applies Deep Packet Inspection (DPI), a technique which makes it possible to look into the digital packets that as a whole make up an e-mail or data sent on the Internet.

Old telephony vs. the new Internet world
The world seems deeply alarmed by this admission (also of Vodafone and I have so far not heard convincing reasons why we should exempt other mobile operators from using the same techniques). It was admitted that DPI was used in order to see where traffic was sent. Why? Because mobile operators are losing money to alternative techniques their customers use on their smart phones. So no text messages but Whatsapp and no cell phone calls but Skype. This is a severe threat to mobile operators’ (present) business case. What KPN Mobile and all others are catching up on, is that it has entered the ISP realm, with different business models, different priorities, different security issues and moreover different customers, with different needs.

A dumb question
But now a maybe dumb question, but to quote my old German teacher, Mr. Ostendorf: “There are no dumb questions, only people that do not get answers because they do not ask questions”.

We do not want to receive spam, malware, phishing e-mails, etc. What techniques do ISP (and hopefully the mobile ISPs as well) use to filter these messages? Can they afford to discriminate between messages? In order to find the link leading to an infected or a spam site within a message, isn’t it necessary to delve deep into a packet to find the traces the spammers leave? Or is this different, a different technique? And hasn’t ENISA regularly asked ISPs whether they do ingress and egress filtering on spam for it’s spam report? What do AV companies’ products do? If there’s no difference in technique, is it then the moral difference between inspecting a message before it is really sent out on the web and inspecting a message before someone receives the message?

Privacy trots a thin line on the Internet
I appreciate this discussion is a very fine line from a privacy point of view. But it is only in fairness that within political and/or judicial circles this line should be defined. What is allowed and what is not? What if the criminal investigation that is allegedly started against KPN because of DPI concludes that DPI is not allowed? What are the consequence for spam, phishing and malware filtering? Is everything that is filtered on the Internet covered by im- or explicit consent of the end user? How can we ever expect ISPs to filter egress traffic and thus save the world from a lot of harm, if they are not allowed to do checks?

Reactions please!
In short, conclusions drawn fast after this admission may have been drawn to fast. Does anyone care to react to my questions so we get clear what is exactly going on and more importantly where it should go?

Wout de Natris, De Natris Consult

Leiderdorp, 2 June 2011

Advertisements

About Wout de Natris

As a consultant I specialise in establishing new and different relationships between industry, governments and law enforcement where internet safety and the fight against cyber crime are concerned. This makes me a bridge builder. Hence the blogs name. In this blog I intend to stress the need for interaction, cooperation and exchange of information in order to change the mentioned relationships. On offer: a comprehensive training on all non-technical aspects of spam enforcement and a cyber awareness presentation for companies and institutions
This entry was posted in Cyber crime, Cyber ethics, Cyber security, Internet governance, Mobile, Privacy, spam and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s