Deep Packet InspectionMatthew Carson

What is Deep Packet Inspection?

A form of packet filtering which examines the

data portion of an internet packet as it passes an

inspection point, which searches for protocol non-

compliance, viruses, spam, intrusions or other

specified criteria to determine whether the packet

may pass through the inspection point or if it

needs to be routed to a different destination.

How is it used?

• Network Security

• Network Optimization

• Copyright enforcement

• Data mining

• Eavesdropping

• Censorship

Why is it important?

How much data??According to Intel

• In just 60 seconds, nearly 640 TB of IP data is transferred over the internet

• Amazon averages $83,000 in sales

• Google processes over 2 million search requests

• In one day, on average, nearly 900 Petabytes are sent over the internet

My information is protected…

Right?

Electronic Communications Privacy

Act of 1986(ECPA)

• Prevents unauthorized interception of electronic communications

• Imposes civil liability upon those who do

• Includes traffi c on the internet

Embarq & NebuAd

In 2007 ISP Embarq authorized NebuAd to collect information about their customers

Collected Browsing data as customers passed through network “checkpoints”

Class Action Lawsuit fi led November 2008

Legal vs Ethical

Court Ruling

• Embarq was not in violation of ECPA

• Embarq had “access” to the information through the use of devices used during the course of normal business operations

• Embarq had no access to the data apart from its access as an ISP

And NebuAd?

SUBSEQUENTLY DISSOLVED

AGREED TO A $2.4 MILLION DOLLAR SETTLEMENT

ASSERTS NO WRONG DOING

Other Uses of DPI technology

Security• Dell utilizes a DPI technology known as

Reassembly-Free Deep Packet Inspection (RFDPI) to monitor for viruses, malware, Trojans, etc.

Internet Censorship• China uses DPI to monitor and control

the flow of information throughout the population

CALEA

Communications Assistance for Law Enforcement Act

(CALEA)

• Requires Telecommunications providers to provide the ability for law enforcement to intercept communications in the pursuit of criminal activity

Conclusion

• DPI is a powerful and necessary technology

• Mostly used for security purposes

• Can be misused, like all other technology

• Need for more detailed, up-to-date laws

Referenceshttp://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

https://www.sonicwall.com/us/en/products/Deep-Packet-Inspection.html

http://en.wikipedia.org/wiki/NebuAd

http://arstechnica.com/uncategorized/2008/07/06-opt-out-nebuad-hides-link-in-5000-word-privacy-policy

http://www.telecomlawmonitor.com/2013/01/articles/litigation/court-rules-for-isp-in-deep-packet-inspection-lawsuit

Referenceshttp://blogs.wsj.com/venturecapital/2009/05/19/turning-out-the-lights-nebuad

http://blog.ericgoldman.org/archives/2013/01/tenth_circuit_g_1.htm

http://www.techspot.com/news/52011-one-minute-on-the-internet-640tb-data-transferred-100k-tweets-204-million-e-mails-sent.html

http://www.mediapost.com/publications/article/155980