Re: When they outlaw deep packet inspection...

["Larry Seltzer" <larry () larryseltzer com>]

> > How many ISP's *actually* do DPI in order to provide *security* for
their subscribers?  

Lots of them do security functions. They scan for malware, they scan for
spam, and to do any of this they have to look at the data inside
packets.

> > Actually reading the article, it sounds like what Boucher wants is a
"Thou shalt not Phorm thy users without their consent" law.

A cursory reading might give you that impression, but I suspect it's
wishful thinking. Consider the testimony before the committee of Leslie
Harris of the CDT: " It is important to stress at the outset that all
applications of DPI raise serious privacy concerns because all
applications of DPI begin with the interception and analysis of Internet
traffic." 

There are definitely those agitating to turn ISPs into simple conduits
of data, the electric companies of data. Ironically at the same time
they want to make the grid smart they want to make the networks dumb.
(hey, I have to use that line.)

Larry Seltzer
eWEEK.com Security Center Editor
http://security.eweek.com/
http://blogs.pcmag.com/securitywatch/
Contributing Editor, PC Magazine
larry.seltzer () ziffdavisenterprise com


-----Original Message-----
From: Valdis.Kletnieks () vt edu [mailto:Valdis.Kletnieks () vt edu] 
Sent: Friday, April 24, 2009 12:38 PM
To: Thomas Raef
Cc: Larry Seltzer; funsec
Subject: Re: [funsec] When they outlaw deep packet inspection...

On Fri, 24 Apr 2009 07:37:29 CDT, Thomas Raef said:

(OK, Boucher is my congresscritter, since I live in the Virginia 9th
district)..

> Why don't politicians stay out of something so technical and stick to 
> what they do best - take bribes and sell Senate seats (Blago - 
> Illinois)?

Actually, Boucher is probably one of the *more* technically clued guys
in Congress - among other things, he's the one who's been actually
trying to get the damned DMCA anti-circumvention clause fixed (by adding
an exemption if the data you're extracting would itself be usable under
"fair use" or other rights).

> On Behalf Of Larry Seltzer

> I should add that at the same time the Senate is considering a bill 
> mandating security standards for large parts of the Internet to follow

> it seems as if the Senate is about to ban security

(Noting s/Senate/House/ second time around).

How many ISP's *actually* do DPI in order to provide *security* for
their subscribers?  (And no, "block ports 137-139 and refuse to contact
the user when it's obvious they're botted" doesn't count).  Now compare
that to the number of ISPs that want to do DPI in order to monetize the
data (Phorm, etc)?

Actually reading the article, it sounds like what Boucher wants is a
"Thou shalt not Phorm thy users without their consent" law.



_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.