[Infowarrior] - Hearing on Deep Packet Inspection

Richard Forno rforno at infowarrior.org
Fri Apr 24 20:45:02 UTC 2009 

Cable: DPI is good for us; Congressman: it's frightening

By Nate Anderson | Last updated April 24, 2009 12:02 PM CT

http://arstechnica.com/tech-policy/news/2009/04/cable-dpi-is-good-for-us-congressman-its-frightening.ars

It takes a certain chutzpah for the cable industry to tell Congress  
that deep packet inspection (DPI) gear is "pro-consumer" because it  
can block viruses and spam on the network, help ISPs plan their  
capacity upgrades, and help law enforcement wiretaps—all while  
avoiding mention of Comcast's "TCP reset packet" blocking of  
BitTorrent connections or Cox's plan to decide what priority its  
users' traffic should have.

But that's just what National Cable & Telecommunications Association  
(NCTA) head Kyle McSlarrow told Congress at a hearing yesterday,  
despite the hearing's focus on consumer issues arising from DPI  
technology.

Perhaps he didn't need to say much about these far more controversial  
uses of DPI, since Free Press policy director Ben Scott was also  
testifying at the hearing. Scott made sure to point out the examples  
of both Cox and Comcast, and threw in a few more (like NebuAd) to  
bolster his case that Congress might like to take a closer look at how  
the technology is being used.

The amazing thing about the hearing wasn't the fact that McSlarrow and  
Scott could sit only feet from one another without canceling each  
other out in some kind of matter/antimatter reaction; it was that  
Congress now cares about topics like DPI at all.

Congress has been taking an unusual interest in the Internet, due in  
large part to groups like Free Press and to grassroots uprisings like  
the one that occurred last week in response to Time Warner Cable's  
data cap plans. Sen. Chuck Schumer (D-NY) helped to end the TWC  
program, and Representatives like Ed Markey (D-MA) have used their  
committee positions to investigate companies like NebuAd and to  
discuss issues like net neutrality. DPI, the technology used in many  
throttling/blocking schemes (and deployed at all the major Canadian  
ISPs) has now captured Congress' fickle attention.
Predictable metaphors

Since Congress doesn't tend to understand such issues all that well,  
just about everyone in attendance trotted out the dreaded "postal  
system" analogy. Traditional routers look only at a packet's  
"envelope," while DPI gear opens up the packet and reads the "letter"  
inside. (Read our DPI primer for extensive background on the  
technology.)

The witnesses also stressed that it wasn't DPI itself that is evil,  
only the uses to which it might be put that could be bad. Scott said  
that "the technology itself is not necessarily problematic," while a  
network engineer said that "technologies are neither good nor bad,  
it's the uses we put them to use that matter." McSlarrow laid down a  
harmony track: "any technology can be used for either benign or  
nefarious purposes."

Consensus! Well, almost. Leslie Harris of the Center for Democracy &  
Technology (CDT) sounded a strong dissenting note, saying at the start  
of her remarks, "it is important to stress at the outset that all  
applications of DPI raise serious privacy concerns because all  
applications of DPI begin with the interception and analysis of  
Internet traffic."

Harris went on to make the case that Congress should jump directly  
into the debate, collecting information on DPI practices at the major  
ISPs, developing tech-neutral Internet privacy legislation, and  
passing network neutrality rules.

Who needs rules when you can hold hearings?

While Congress is unlikely to mull any sort of DPI-specific rules,  
general data privacy and protection legislation may be coming later  
this year. Rep. Rick Boucher (D-VA) chairs the Subcommittee on  
Communications, Technology, and the Internet. In remarks opening the  
hearing, he announced his "intention for the Subcommittee this year to  
develop legislation extending to Internet users that assurance that  
their online experience is more secure."

But even the mere fact of Congressional attention causes companies to  
take action and change policies. Last year's NebuAd hearings helped  
push the company into a new line of work, for instance. The  
Congressional emphasis on DPI, coupled with the FCC's own ruling  
against Comcast last year, are both likely to constrain certain uses  
of the technology even without new laws or regulations.

In other words, when Boucher says that DPI's "privacy intrusion  
potential is nothing short of frightening," those using DPI take  
notice, even without new rules.

More information about the Infowarrior mailing list