Deep Packet Inspection Its Ethical Implications Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Packet Inspection refers to a detailed examination of each packet transferred across networks. ISPs and internet traffic regulators use Deep Packet Inspection, a commonly used technology to monitor customer's internet traffic. Mostly the customers are not aware of the fact that they are being monitored. What would be the impacts of DPI on censorship, privacy & net neutrality if consumers are wearing blinders?

DPI is capable of inspecting every byte of each packet transmitted. A network packet consists of a header and the payload (the actual content). DPI analyzes also the payload with the specified criteria. In contrast with shallow packet inspection that looks at header only. [1] For e.g. an e-mail typed by user can be easily reassembled after inspection of the packets. An administrator sitting at a site may read transferred mails. [2]

Critics argue that inspection of the contents of the packet or even if protocol headers are examined then this is damage to privacy. This definition contradicts with traditional definitions of firewall where they have to look at the content to support protocols like FTP. [3] Another problem is that critics assume that there is something wrong with packet inspection. If we assume this then we must also have to oppose Intrusion Detection Systems, anti-spam and also Anti-Virus systems. These systems are a complete failure if they won't look at the content.

This paper will focus on Deep Packet Inspection being used for internet censorship and affecting people privacy. Whether it is justified to be used or not? Whether DPI is used only for blocking content or is there any possibility of editing it. Potential uses & misuses, a list of countries using DPI for censorship and general opinion of clients will be provided. Finally, some preliminary conclusions will be drawn based on the stats and individual opinions related to dpi.


From Late 1990s Deep Packet Inspection has been used in many forms. Initially used for security applications then also found in firewall and other security related software.

Arrival of Denial of Service (DoS) attacks in early 21st century gave rise to the advancement in DPI technology. DPI is taken as an effective means of defense against DoS and many other forms of attacks. This advancement allowed DPI technology to be used in high end security systems with advanced features like Application Intelligence. [4]

Cisco, Symantec, Microsoft and many other organizations started developing firewall techniques based on Deep Packet Inspection in from 2003. DPI if implemented in a firewall, generally rejects or allows a packet based on the ruleset defined by administrator. Deep Packet Inspection now gave firewalls the ability to analyze XML messages, dynamically open or close ports for Voice over Internet Protocol (VoIP) related traffic. Can be used to act as an Anti-Spam or Anti-Virus for inline packets, setup a proxy for Instant Message Traffic dynamically, block P2P traffic and do traffic shaping. [5] These terms will be explained in detail in the sections followed.

Technical Capabilities

DPI can be considered as an automated beneath a postal service that opens each letter, read its contents and modifies if required, closes the envelope and then send it to its destination. Receiver and sender are completely unaware, process is totally transparent. There is no perceivable delay that's why sender or receiver won't notice any delay.

DPI filtering is different from previous technology because of its precision and coarse nature of the filters. Legacy filters had the ability to filter only the IP address, host name or port while DPI can filter the whole packet based on keywords which is the actual content of a website or an email. When a packet is identified based on the defined criteria it is either blocked or entire internet connection can be disturbed. Also there is a possibility to remove offensive content from packet or modify it. [6]

This allows DPI to apply more precise and effective content filtering rules for censorship.

Some Reasons of Use

Actors using DPI can be divided into two broad categories "state & non state actors". [4] Non-state actors own large networks and use DPI for Network Management and they consider it as part of management. Some important reasons for non-state actors to use DPI are:

Agreement with local government to allow them to access data flowing between their networks.

Security of their network by monitoring network packets for viruses or malware.

Network Access: Due to deep inspection of packets, network access rules can be enforced.

Service Level Agreements: Can be enforced by ISPs to restrict their clients of illegal content.

DRM (Digital Management Rights): DPI is capable to block copyrighted materials.

Quality of service: Traffic Control & Bandwidth allocation can be enforced using DPI by blocking P2P services that give a great deal of trouble

Allowing the network administrator to have a look at users whether they have access to the services they require.

Tailored service: ISPs can host certain service plans for users.

Privacy Groups are criticizing the technology, that it affects individual privacy. Following uses are troublesome by many experts:

Traffic shaping: A DPI system installed can be used to restrict bandwidth hungry applications.

Targeted advertisement by creating network users profiles based on their behaviors

Sate actors have no commercial concern that's why they use DPI for security reasons. DPI is the only technology on which governments depend against Distributed Denial of Service (DDoS) attacks. Also used for:

Surveillance is the most important need for state to have a look at big brothers. As all layers of OSI model are analyzed with DPI, its easy to achieve the required detail for monitoring.

Censorship can be easily applied through DPI by analyzing the content.

Summing up the reasons of use, major interests of non-state actors are commercial; on the other hand state actors are interested in security reasons. There is a little convergence of interests between the two; as a result there is collaboration between the groups.

DPI for Censorship

Governments use DPI for surveillance and censorship as described in last section. DPI controversies have been seen in USA, China, Iran and Tunisia.

In 2006, US, FCC informed all Internet Access Providers to meet Title 47, Subpart Z requirements. DPI was one of the essential requirements and deployed all over USA. The National Security Agency (NSA) in cooperation with AT&T used DPI to identify packets with e-mail or VoIP traffic. Stories have been there that their labs contained Naurus traffic analyzers which are capable of capturing at 10 Gb/s. [7]

Chinese government use DPI to block internet traffic including pornography, politically sensitive or religious content. They claim it harmful and connection is cut in between without any notice. Text messages are subject to DPI such as curse words, are not transmitted without informing any of the participants. [8]

In 2008, Iranian government purchased DPI equipment from Nokia Siemens Network. NSN spokesperson Ben Roome said: "system enables authorities to not only block communication but to monitor it to gather information about individuals, as well as alter it for disinformation purposes." [9]

Deep Packet Inspection is used in Tunisia for monitoring and to censor http traffic. It is still not known whether DPI is widely used in Tunisia. It is likely that some forms of it exist. [10]

DPI as Immune System

Adoption of internet has brought all goods & ills of the physical world with it. Internet is like a community, every criminal in it has the capacity to directly access any workstation. Each connected computer should be best defended against certain threats including malicious code, worms, server hijacking, DoS attacks and many other threats.

In 2008, Symantec released a report that found "the release rate of malicious code and other unwanted programs may be exceeding that of legitimate software applications." F-Secure an Anti-Virus computer company estimated that malware produced in 2007 was equal to the previous 20 years altogether. [3]

Consumers mostly have no reliable means to protect them against these kinds of attacks. There should be a variety of technical means to defend against these threats or just to minimize. It would not be possible to securely defend by placing a piece of software at an individual's computer. Network Intrusion Detection System inspecting each packet can detect hackers, viruses and any other lethal payloads transferred across networks.

DoS attacks

DoS attack's purpose is to exhaust the victims resources by bandwidth saturation techniques. It's network operator's responsibility to block a DoS attack. Figure 1 below show the occurrence of attacks in 1st quarter of 2009.

Figure 1: DoS attacks in 2009

Responsible network operators not only cut malicious traffic from the attacker but also cut incoming traffic from customer's side. Figure 2 shows if we cut it closer to the source then the damage will be less. [3]

Figure 2: Mitigating DoS attacks

Opinion given is this section totally contradicts with the critics who look at DPI as an enemy. This is one of the views that take DPI as an immune system for internet.

DPI & National Security

DPI is not only used for internet security. Often assistance of Internet Service Providers (ISP) is required to hunt down cyber criminals. Here DPI deployed at ISP's side comes into play. In US, a user's DataStream can be accessed if ordered by Court anytime. This is called Lawful Intercept. Usually refers to the legal capturing of information in accordance with local and national laws. [10]

Targeted Advertisement

Behavioral targeting used for commercial advertisement using DPI is considered as an unethical act. User's browsing habits are monitored in a very detailed way. Then this allows them to collect information related to customer's interest.

User wish to keep 3 things private: [11]

ClickStream: a list of URLs visited by the user

Behavioral Profile: description of user's interest concluded from clickstream

Ad Impression history: list of ads shown to user

Ad Click History: a list of all ads clicked

Goal should be to provide advertisement while the information private that user wants to keep.

Traffic Shaping

Traffic Shaping also known as packet shaping, bandwidth management or Quality of Service (QoS) is the act of manipulating and prioritizing the network traffic to reduce the load of heavy users (bandwidth hungry) from affecting other users. Most common example is the use of P2P applications mostly used for file sharing consuming large amount of bandwidth.

DPI allows network operators to identify such traffic and take certain actions to provide Quality of Service to other users. ISPs mostly allocate high priority to low latency protocols like VoIP.

Tiered Services

DPI is also used by mobile and broad band service providers to differentiate between "wall-garden" and "value-added" services. Operator tailors his offers to an individual customer and increases his Average Revenue per Customer. Policies are created for individual users or groups and DPI deployed to enforce the policy, allowing user access to certain services.

Myths about DPI

DPI violates inviolate Protocols:

Critics of DPI argue that it violates standards or principles of Internet. But in light of the applications discussed above, this argument has no similarity to today's reality. The glue holding the internet is not the standards only but it's the commitment between autonomous system operators and service providers.

DPI violates Privacy:

DPI's role is like an airline scanner that perceives and identifies everything in a suit case. Unlike airline scanner DPI looks at the items prohibited to be taken. There is no violation of privacy if it's done after permission and purpose is to ad the user. "The key distinction is whether the practice done with permission and not with the practice itself." [3]

An encryption arms race:

Some argue that deployment of DPI will start an encryption arms race where users try to protect them by encrypting their emails. And start preventing their ISPs resulting in high encryption costs for doing business on internet. Given the advances in technology, the encryption cost is negligible for many coming years. The load comes when encrypted session is setup but that load is already handled nowadays during protected login. Use of encryption may prevent websites to be cached, but this can be improved by leaving public content unencrypted.

A campaign of internet users opposed to the wide use of DPI technology by ISPs. Their members are from America, Asia and Australasia, but primarily the UK. Their members include privacy campaigners, technologists, network engineers, and ordinary internet users. [12]

Results of Survey

A survey related DPI technology was conducted in form of a Google Docs Form. Detailed results are covered in Appendix A. Purpose of the questionnaire was to get an opinion from clients using internet. A scenario was posed if their ISP is using DPI. How much they are aware of this technology? Whether they have any privacy concerns related it? Should DPI be used after taking clients into confidence? The opinion given only represents the individuals who filled the questionnaire. Following results are concluded from the survey:

69% of the people heard the term DPI for 1st time.

Most surprising thing was that 61% of the people understood the term after reading the given definition.

42 % would like to interrogate their ISP if they find them using DPI.

28% would switch their provider

81% think it affects their privacy

25% would like their ISP to use DPI if they are informed, 36% will not and 31% think it cant be justified

Conclusion & My opinion

DPI technology is a tool. Like any other tool it can be used for good as well as for evil means. The use of DPI should be questioned as discussed in this paper and not whether the technology itself is good or bad. Governments implementing censorship policies doing an abuse of the technology. DPI should not only be viewed as an abuse to some one's privacy, there is room for exploitation. The applications planned for DPI are mostly good and also vital to the survival of the Internet.

DPI should be used where needed but users are told before monitoring system is implemented. A level of monitoring is defined after consulting the users i.e. which kind of content should be allowed to monitor. On the sake of privacy only, national security issues can't be ignored.


Packet Inspection refers to a detailed examination of each packet transferred across networks. ISPs and internet traffic regulators use Deep Packet Inspection, a commonly used technology to monitor customer's internet traffic.

From Late 1990s Deep Packet Inspection has been used in many forms. Initially used for security applications then also found in firewall and other security related software.

DPI can be considered as an automated beneath a postal service that opens each letter, read its contents and modifies if required, closes the envelope and then send it to its destination.

Mostly used for QoS, Targeted advertisement, Traffic shaping, Security, Tiered Services, censorship, Surveillance and DRM (Digital Management Rights).

Governments use DPI for surveillance and censorship as described in last section. DPI controversies have been seen in USA, China, Iran and Tunisia.

Certain Myths about DPI like it violates Protocols, privacy and a start of costly encryption arms race. a campaign started by some volunteers to oppose the use of DPI by ISPs.