Interesting People mailing list archives
DPI and expectations of privacy
From: David Farber <dave () farber net>
Date: Thu, 17 Jul 2008 19:47:22 -0700
________________________________________ From: Brett Glass [brett () lariat net] Sent: Thursday, July 17, 2008 10:07 PM To: David Farber; ip Subject: DPI and expectations of privacy [Dave: Please post this to IP. It's important -- in fact, fundamental -- and should evoke some good conversation. -BG] At 05:44 PM 7/17/2008, David Reed wrote:
As I note in my blog entry, the use of Deep Packet Inspection is apparently a really hot area of investment. This distresses me a great deal. It may concern your readers as well. What gives the ISPs (Charter, Embarq, BT, ...) the right to read every packet that every one of their users sends, analyze the data, modify the responses, etc.?
As an ISP, I fiercely defend my users' privacy. However, it must be recognized that my ability to do this ends where the public Internet begins. I always warn my users that there is NO reasonable expectation of privacy in an unencrypted packet on the public Internet. Let me say that again, because I have to keep drumming it into my users' heads: There is NO reasonable expectation of privacy in an unencrypted packet that traverses the public Internet. Those who preach the horrors of "deep packet inspection" often assert that packets are like letters in envelopes -- and that the addressing information is somehow less sacrosanct or less visible than the payload. In fact, Internet packets are really analogous to postcards in that there is no difference between the readability of the addressing information and that of the data. All of it is readable by dozens -- maybe hundreds -- of complete strangers on its way to its destination. Whether or not your local ISP's equipment examines them (and there is good reason for them to do SOME looking -- for example, to see if they are Voice over IP and give them priority to keep the call clear), they will pass through dozens -- maybe hundreds -- of machines that might. Some of that equipment may belong to private parties or corporations and not an ISP or telecommunications provider. Some may not even be in this country (and so may not be subject to ANY restriction the US government might impose upon one's behavior with respect to them). They may also pass over the air via unencrypted wireless networks (or ones with encryption that is trivial to break, such as WEP). In short, this is not the telephone system. It's a cooperative, somewhat anarchistic "network of networks," held together by weak and changing contracts, agreements, and conventions. There's no central control center that can guarantee your privacy. Therefore, as I always tell my customers, if you want to send something that's really confidential over the Net, make darned sure that you are using encryption. Otherwise, no matter what your ISP does, it's subject to sniffing and snooping in so many places that you simply cannot expect it to be private -- and no court that truly understands how the Internet works would rule otherwise. As an ISP, we do our best to educate our users about this, but it always bears repeating. Deep packet inspection? "Shallow" packet inspection? Makes no difference. Expect your Internet packets to be looked at, and you will not be disappointed when it happens. --Brett Glass ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- DPI and expectations of privacy David Farber (Jul 17)
- <Possible follow-ups>
- Re: DPI and expectations of privacy David Farber (Jul 18)