Deep Packet Inspection Here to Stay, Say Computers, Freedom and Privacy Conference Experts

WASHINGTON, June 4, 2009 – The problems with so-called “deep packet inspection” are too big to ignore, a panel of broadband experts said on the third and final day of the Computers, Freedom and Privacy conference at George Washington University here.

WASHINGTON, June 4, 2009 – The problems with so-called “deep packet inspection” are too big to ignore, a panel of broadband experts said on the third and final day of the Computers, Freedom and Privacy conference at George Washington University here.

“Every corporation has some form of DPI,” said Don Bowman, co-founder and chief technology officer of Sandvine, a technology company.

Bowman was skeptical of the long-term effectiveness of legislation that would attempt to regulate such packet inspection. Bowman said that DPI is necessary for internet capacity planning and prediction, and was also useful for quality experience measurement.

What is needed instead, said Bowman, are broad guidelines with specific goals.

Kyle Rosenthal, executive director of dPacket.org, spoke on the importance of deep packet inspection to internet usage, but also about the need to use it properly.

“A lot of networks need to know about the applications that are running over them, he said, adding that “there are already many multi-billion dollar markets built around DPI.”

He said that the market for this technology would begin to consolidate. Rosenthal emphasized the necessity of studying, addressing and monitoring consumer privacy and civil liberties – as well as ensuring transparency and adequate consumer privacy protections. When it comes to abuses of this technology, “it’s really important that we focus on [positive] use cases and not bad DPI,” he said.

Robb Topolski, of the New America Foundation’s Open Technology Initiative, agreed with Bowman and Rosenthal that banning DPI was not the way to go. One of the abuses of DPI is that some internet service providers block the applications of their competitors, said Topolski. Access to applications should be under the control of the user, he said.

Topolski said that an analogy could be made to wire-tapping. Although often a vilified word, wiretapping is frequently authorized for law enforcement purposes. “DPI can be treated in very much the same way,” he said.

Chris Riley from Free Press was slightly less optimistic about the uses of DPI. “From our perspective,” said Riley, DPI “can be used to monitor and control every aspect of the internet.”

One of the problems with internet service provider discrimination against certain competitors’ applications is that it hinders innovation by “discouraging the use of new applications for everyday users,” he said.

The solution, said Riley, is to establish internet neutrality and privacy rules, and to ensure that ISPs follow those rules. A hallmark of whether or not ISP action is reasonable is “whether or not they are willing to disclose what they are doing,” he said.

Ralf Bendrath, internet governance researcher for the Delft University of Technology, said that ISPs use deep packet inspection because it is cheaper than investing in more bandwidth.

Bendrath said that full disclosure should be given to consumers, plus the option of an unmanaged internet for those users willing to pay more. “DPI is here to stay, but it needs regulation,” he said.

But Topolski said that some type of regulation besides disclosure was necessary.

The most effective way to limit abuses is a combination of regulatory agencies, consumer education, best practice groups, and engineers providing input to regulatory agencies, said Riley.