I See Your DPI and Raise You a SSL

200806272354A little while ago I was talking about network neutrality and Deep Packet Inspection (DPI) technologies with a person interested in the issue (shocking, I know), and one of the comments that I made went something like this: given the inability of DPI technologies to effectively crack encrypted payloads, it’s only a matter of time until websites start to move towards secure transactions – in other words, it’s only a matter of time until accessing websites will involve sending encrypted data between client computers and servers.

The Pirate Bay and Beyond

Recently, Sweden passed a bill that allows for the wiretapping of electronic communications without a court order. This caused the Pirates Bay, a well-known BitTorrent index site, to announce that it was adding SSL encryption to their website as well as VPN solutions for native Swedes who wanted to avoid the possibility of having their network traffic surveyed. Recently, isohunt.com has done the same, and other major torrent sites are expected to follow the lead. The groups who are running these websites are technically savvy, allowing them to implement encrypted access rapidly and with little technical difficulty, but as more and more sites move to SSL there will be an increasing demand amongst tech-savvy users that their favorite sites similarly protect them from various corporate and government oversight methods.

The Open Web: Closing for Repair

John Gilmore’s famous line, “The Internet interprets censorship as damage and routes around it” seems to be a little less true now than it was when he proclaimed it. Rather than ‘routing around’ damage brought on by censorship/surveillance that is enabled by DPI technologies, packets charge right through the offending hardware having hardened their skins to avoid the penetrating gaze of their surveyors. The open web of the past, where most application traffic was available for inspection, where you could identify it at a glance, is gradually being abandoned and replaced with a web of fear, where individuals slowly move towards securing even their routine content.

I take Gilmore’s quote as an optimistic expression of what would happen on the open web – when a particular brand/node of the ‘net was found to be censoring groups, that particular node is cut out of available routing addresses and packets carry along the network with few concerns. As we pass from the open web to the web of fear, entering a electronic environment where and increasing number of the primary routing hosts are inspecting traffic and preventing/hindering packets from traversing the globe, an cautionary mindset that accords with the ‘security state’ sets in; while the security state sees citizens abandon/lose core rights and freedoms in the name of national and personal security without significant concerns, that same culture of security may allow for the easy adoption of encrypted data traffic on the basis of it maximally securing personal (though potentially not state) security. It will be interested to see how these two modes of approaching security develop and play out against one another.

Technorati Tags: , , ,

Christopher Parsons

I’m a Postdoctoral Fellow at the Citizen Lab in the Munk School of Global Affairs at the University of Toronto and a Principal at Block G Privacy and Security Consulting. My research interests focus on how privacy (particularly informational privacy, expressive privacy and accessibility privacy) is affected by digitally mediated surveillance and the normative implications that such surveillance has in (and on) contemporary Western political systems. I’m currently attending to a particular set of technologies that facilitate digitally mediated surveillance, including Deep Packet Inspection (DPI), behavioral advertising, and mobile device security. I try to think through how these technologies influence citizens in their decisions to openly express themselves or to engage in self-censoring behavior on a regular basis.