A little while ago I was talking about network neutrality and Deep Packet Inspection (DPI) technologies with a person interested in the issue (shocking, I know), and one of the comments that I made went something like this: given the inability of DPI technologies to effectively crack encrypted payloads, it’s only a matter of time until websites start to move towards secure transactions – in other words, it’s only a matter of time until accessing websites will involve sending encrypted data between client computers and servers.
The Pirate Bay and Beyond
Recently, Sweden passed a bill that allows for the wiretapping of electronic communications without a court order. This caused the Pirates Bay, a well-known BitTorrent index site, to announce that it was adding SSL encryption to their website as well as VPN solutions for native Swedes who wanted to avoid the possibility of having their network traffic surveyed. Recently, isohunt.com has done the same, and other major torrent sites are expected to follow the lead. The groups who are running these websites are technically savvy, allowing them to implement encrypted access rapidly and with little technical difficulty, but as more and more sites move to SSL there will be an increasing demand amongst tech-savvy users that their favorite sites similarly protect them from various corporate and government oversight methods. Read more…
In my last post I alluded to the fact that Deep Packet Inspection (DPI) technologies could be used by businesses to try and reduce the possibility of ‘inappropriate’ employee use of bandwidth and wrongful or accidental transmissions of confidential IP. In that last post I was talking about IT security, and this post will continue to reflect on DPI technologies’ applications and benefits to and for corporate environments.
A Quick Refresher on DPI
From ArsTechnica:
The “deep” in deep packet inspection refers to the fact that these boxes don’t simply look at the header information as packets pass through them. Rather, they move beyond the IP and TCP header information to look at the payload of the packet. The goal is to identify the applications being used on the network, but some of these devices can go much further; those from a company like Narus, for instance, can look inside all traffic from a specific IP address, pick out the HTTP traffic, then drill even further down to capture only traffic headed to and from Gmail, and can even reassemble e-mails as they are typed out by the user. (Source)
For a slightly longer discussion/description of DPI I suggest that you look at the wiki page that I’m gradually putting together on the topic of Deep Packet Inspection. Read more…
I feel like I should start with a notice: This is not a product placement blog post.
The image that you see at the head of this post is for a CCTV-like mirror. I was linked to these recently and the very first thing that I thought was “Wow, my partner would never let me buy these and install them as replacements for mirrors in the house”. The second was “I wonder what the consequences of having them secretly delivered and installed while she was out would be”.
I’ve decided the consequences would far outstrip my (sure to be incredibly!) momentary amusement. That said, I would love to have something like this outside of a well-trafficed bathroom in a place that I lived in, just so that people thought a little bit about how often cameras watch them do private actions, but without a necessarily clear reason for why the cameras need to be there.
(Really, I think that I’d like them because it would be something to talk about that is a bit more interesting than the paintings that we have on the walls, because I’m really not all that competent at discussing the intricacies of fine art. Plus, I just think that the CCTV-like mirrors are kind of cool.)
Technorati Tags: Humour
Rather than talk about the FBI’s desire to patrol the Internet backbone, have your laptop searched without warrant or any particular reason when facing US Customs officers, or Microsoft’s Computer Online Forensic Evidence Extractor (COFEE), I want to quickly talk about the Australian government’s desire to give law enforcement and corporate IT the power to monitor and inspect any and all electronic employee communications. What is most concerning is that it continues an Australian trend to insert American attitudes into common-law.
Terrorism Down Under
I don’t want to come off seeming as though I think terrorism is a small or unimportant issue. It’s not – terrorism is a very real issue, and it has incredible financial and human costs. That said, whenever someone mentions either children or terrorism as a justification for a new piece of legislation that would dramatically extend the surveillance powers of public and private actors, I immediately want to know just how invasive those new powers might be. Whereas Australian law presently only allows security companies and those dealing with the government to survey communications without permission, after a four year fight to revise the Telecommunications Interceptions Act the government may be successful in extending those surveillance powers. If the amendments are passed, all corporate IT groups will be able to survey employees’ digital communciations. The government’s reason for extending the surveillance powers is that, by monitoring workers’ emails, it will be possible to stop/deploy coercion towards those who would;
attack to disable computer networks that sustained the financial system, stock exchange, electricity grid and transport system “[and would consequently] reap far greater economic damage than would be the case of a physical [terrorist] attack”. (Source) Read more…
