Deep packet inspection under assault over privacy concerns

Add the Canadian Internet Policy and Public Interest Clinic (CIPPIC) to the list of groups concerned about the privacy implications of widespread deep packet inspection (DPI) by ISPs. CIPPIC has filed an official complaint with Canada's Privacy Commissioner, Jennifer Stoddart, asking her office to investigate Bell Canada's use of DPI (and we're flattered to be quoted as an expert source in the complaint). In addition, the group would welcome a wider investigation into possible DPI use at cable operators Rogers and Shaw, as well.

In writing up this morning's announcement of a massive new 80Gbps DPI appliance from Procera Networks, I noted that privacy concerns were one of the storm clouds in DPI's bright blue skies. Because DPI can drill down into packet headers and then further into the actual content being pumped through the tubes, it raises all sorts of questions from privacy advocates concerned about the easy collection of private personal information. Current gear is so sophisticated that it can reconstitute e-mails and IM conversations out of asymmetric traffic flows and it can essentially peek "under the hood" of any non-encrypted packet to take a look at what it contains.

Bell Canada's use of DPI gear has now ensnared the company in a pair of government actions over net neutrality concerns and privacy. Bell, apparently sensitive to such concerns, has made clear in its own responses to the network neutrality proceeding that its DPI gear looks at packet headers and traffic flows as a means of identifying various applications and protocols. Bell does not use DPI to actually peer at packet contents, however. "The content itself is not actually reviewed, analyzed or stored," Bell says.