A little while ago I was talking about network neutrality and Deep Packet Inspection (DPI) technologies with a person interested in the issue (shocking, I know), and one of the comments that I made went something like this: given the inability of DPI technologies to effectively crack encrypted payloads, it’s only a matter of time until websites start to move towards secure transactions – in other words, it’s only a matter of time until accessing websites will involve sending encrypted data between client computers and servers.
The Pirate Bay and Beyond
Recently, Sweden passed a bill that allows for the wiretapping of electronic communications without a court order. This caused the Pirates Bay, a well-known BitTorrent index site, to announce that it was adding SSL encryption to their website as well as VPN solutions for native Swedes who wanted to avoid the possibility of having their network traffic surveyed. Recently, isohunt.com has done the same, and other major torrent sites are expected to follow the lead. The groups who are running these websites are technically savvy, allowing them to implement encrypted access rapidly and with little technical difficulty, but as more and more sites move to SSL there will be an increasing demand amongst tech-savvy users that their favorite sites similarly protect them from various corporate and government oversight methods. Read more…
In my last post I alluded to the fact that Deep Packet Inspection (DPI) technologies could be used by businesses to try and reduce the possibility of ‘inappropriate’ employee use of bandwidth and wrongful or accidental transmissions of confidential IP. In that last post I was talking about IT security, and this post will continue to reflect on DPI technologies’ applications and benefits to and for corporate environments.
A Quick Refresher on DPI
From ArsTechnica:
The “deep” in deep packet inspection refers to the fact that these boxes don’t simply look at the header information as packets pass through them. Rather, they move beyond the IP and TCP header information to look at the payload of the packet. The goal is to identify the applications being used on the network, but some of these devices can go much further; those from a company like Narus, for instance, can look inside all traffic from a specific IP address, pick out the HTTP traffic, then drill even further down to capture only traffic headed to and from Gmail, and can even reassemble e-mails as they are typed out by the user. (Source)
For a slightly longer discussion/description of DPI I suggest that you look at the wiki page that I’m gradually putting together on the topic of Deep Packet Inspection. Read more…
I’ve written about Deep Packet Inspection (DPI) technologies before, and their various potential privacy issues. Generally, I’ve talked about how the possibility of having your ISP persistently monitor your online actions could stifle the substantive abilities exercising of autonomy, liberty, and freedom of conscious. I won’t revisit those issues here, though I’d recommend checking out my earlier post on DPI. What follows examines how ISPs are injecting information into the webpages that you visit, which prevents you from viewing webpages as they were designed.
Web Tripwires
When you visit a webpage, your computer downloads a little bit of code and renders it on your screen – the web is an environment where visual stimulation necessitates copying data. Recently, researchers from the University of Washington and the International Computer Science Institute have discovered that about 1.3% of the time what is displayed on your computer’s screen has been altered. This having been said, Read more…
To fully function as a student in today’s Western democracies means having access access to the Internet. In some cases this means students use Content Management Systems (CMSs) such as Drupal, Blackboard, or wikis (to name a few examples) to submit homework and participate in collaborate group assignments. CMSs are great because teachers can monitor the effectiveness of student’s group contributions and retain timestamps of when the student has turned in their work. Thus, when Sally doesn’t turn in her homework for a few weeks, and ‘clearly’ isn’t working with her group in the school-sanctioned CMS, the teacher can call home and talk with Sally’s parents about Sally’s poor performance.
At least, that’s the theory.
Three-Strike Copyright and Some Numbers
I’m not going to spend time talking about the digital divide (save to note that it’s real, and it penalises students in underprivileged environments by preventing them from acting as an equal in the digitized classroom), nor am I going to talk about the inherent privacy and security issues that arise as soon as teacher use digital management systems. No, I want to turn our attention across the Atlantic to Britain, where the British parliament will soon be considering legislation that would implement a three-strike copyright enforcement policy. France is in the process of implementing a similar law (with the expectation that it will be in place by summer 2008), which will turn ISPs into data police. Under these policies if a user (read: household) is caught infringing on copyright three times (they get two warnings) they can lose access to the ‘net following the third infringement. Read more…
