DPI is not a Four-letter Word!
As founder and CTO of Ellacoya Networks, a pioneer in DPI, and now having spent the last year at Arbor, a pioneer in network-based security, I have witnessed first hand the evolution of Deep Packet Inspection. It has evolved from a niche traffic management technology to an integrated service delivery platform. Once relegated to the dark corners of the central office, DPI has become the network element that enables subscriber opt-in for new services, transparency of traffic usage and quotas, fairness during peak busy hours and protection from denial of service attacks, all the while protecting and maintaining the privacy of broadband users.
Yet, DPI still gets a bad rap. Guilty until proven innocent! Why is that?
DPI means different things, because it is an overloaded term. I can think of at least four separate product categories of DPI:
1) Traffic Management: DPI that classifies application traffic by examining the headers, without looking into the actual content itself.
2) Surveillance: DPI that logs, reconstructs, or plays back communication exchanges.
3) Ad-Insertion (and profiling): DPI that profiles subscriber web browsing or search activities, inserts cookies, or logs URLs visited by a subscriber.
4) Security: DPI that examines content for viruses, trojans, or other forms of vulnerabilities.
Paramount to each of these product categories is privacy. Service providers and consumers share in concerns over privacy, as do industry luminaries. Yesterday, according to ZDNet, Sir Tim Berners-Lee, “inventor” of the World Wide Web, spoke out against the use of deep packet inspection citing concerns over how snooping on clicks and data reveals more information about people than listening to their conversations.
His concerns are valid. And I can attest, having worked with service providers around the globe, that service providers are deeply aware of how important it is to protect consumer privacy. That is why service providers are becoming more transparent and giving consumers choices with opt-in and opt-out capabilities. This new era of transparency is as much a result of consumer interests, service provider best practices, and increasing regulatory pressures, as it is an indication of the broader shift of how DPI-based services are being used.
That is why Phorm, the targeted advertising service company mentioned in the ZDNet article which uses DPI, has a technology that can’t know who users are and allows users to switch it off or on at any time (opt-out or opt-in).
But transparency and consumer opt-out are not limited to broadband service providers and DPI. Yesterday, Google launched “interest-based” advertising on their partner sites and on YouTube, where ads will associate categories of interest based on the types of sites you visit and the pages you view. And, in line with DPI and service provider models of transparency and consumer choice, Google is offering transparency, choice with Ads Preference Manager, and a non-cookie based opt-out capability.
So at the heart of any service over broadband, not just DPI-based services, is the need for transparency, fairness, consumer choice and protection while preserving the privacy of individuals. These are the new discussion points that need to transcend specific technologies in the network. The public debate and regulatory directions has to be centered on these key areas – stay tuned as Arbor becomes more active in these arenas.
As for DPI itself, it has proven to be a critical network element in service provider networks, by providing those things that we all hold dear: privacy, protection, fairness and transparency. DPI is not a four-letter word!