Does “Deep Packet Inspection” Turn You On?
Becky Lentz / McGill University

X-ray body scan

Example of an x-ray body scan at an airport

Does “Deep Packet Inspection” turn you on?

Didn’t think so. And you’re wondering, ‘what’s that’? Hang in there. I’ll get to that in a minute.

Even though many economic, financial, political, and social activities depend on access to telecommunication infrastructure such as the Internet, telecommunication scholarship and policymaking remain opaque practices because of their technical orientation and focus mostly on infrastructure issues, anti-trust and competition regulation. When telecommunication issues are taken up in studies of media culture, they often travel under the “digital media/culture” or “convergence” monikers with discussions usually leading, once again, to concerns about content and/or critiques of the industries that produce or distribute content. Rarely do such critiques extend to the infrastructure itself or to what some people might think to be the “boring” policies that support it.

And this leads me to the issue of deep packet inspection (DPI, for short). Like regulation, deep packet inspection also works in the background of media culture, begging the question: So what?

Deep packet inspection is a stellar example of obscure, and as I argue here, misleading (perhaps even tacitly deceptive) telecommunication policy discourse. This discourse is produced and reproduced in a rarefied intellectual landscape inhabited by several cliques of mostly positivist-leaning economists, engineers, lawyers, and technologists. Status accrues to “experts” who succeed in influencing a select number of prominent stakeholders such as elected officials, journalists, regulators, industry leaders, think tank pundits, as well as funders.

As esteemed media critic Ken Auletta points out in his new book “Googled, the End of the World as We Know It”, even companies that many of us have come to revere, such as Google, participate in this exclusionary discourse, which is part of our so-called “new” digital media culture. He notes how fluency in engineering is the price of entry into their strategic conversations. But, exclusionary discourse isn’t the only thing happening here.

Q&A: Ken Auletta

Contrary to what its name might lead you to believe, “deep packet inspection” is neither a sex toy, nor a cattle prod. Camouflaged as a “thing”, it is in fact, a deeply troubling process – a surveillance activity that permits eavesdropping, censorship, filtering and other “peeping Tom” functions. Deep packet inspection software transfers knowledge about our Internet use to our Internet service providers (ISPs, for short). This enables them to prevent or delay our use of certain types of applications or access to content, compromising our privacy by selling our Internet usage information to others, or mining it to sell us advertisements based on knowledge of what we do online.

This is bad enough, but we might also benefit from asking ourselves whether such technological “stuff” is as intentionally gendered and possibly even “raced” as some scholars have proposed. ((Dunbar-Hester, C. (May 20, 2009). Beyond “dudecore”? Challenging gendered and “raced” technologies through media activism. Paper presented at the annual meeting of the International Communication Association, Marriott, Chicago, IL; Sarikakis, K., & Shade, L. R., Eds. (2007). Feminist interventions in international communication: Minding the gap. Lanham, MD: Rowman & Littlefield; Wajcman, J. (2004). TechnoFeminism. Bristol, UK: Polity Press; Rakow, L. F. (1988). Gendered technology, gendered practice. Critical Studies in Media Communication, 5(1), 57-70.)) There are many examples that suggest that this is indeed the case. Here are two easy targets on the gender dimension.

Take the process of “shrinking or compressing of electronic data files” – something called zipping and unzipping files. What’s up with mention of deflation and dominance in the Wikipedia entry (emphasis mine) for zipping/unzipping files?

“The ZIP file format permits a number of compression algorithms but, as of 2009 the Deflate method continues to be dominant.”

And what about the same problem in law: soft law (regulation) and hard law (legislation). OK, I relent. So what if they’re gendered? Women wear trousers with zippers too, but be honest; what was your first association for “zip/unzip”? And who is wearing what? Ask yourself, what do bras and hard drives have in common? Bingo, they’re both storage devices! Yet why do their naming conventions differ so much? Just compare the best data storage products of the year with Consumer Reports’ best bras of 2008.

If it seems vulgar to be talking about bras as storage devices, or bras at all in a conversation about telecommunications policy, that’s just my point – we need to denaturalize the telecommunication policy dialect, which seems to work like this:

Let all things technological have at least one number, an acronym or two, and no handy vowels facilitating easy pronunciation or understanding!

And oh, let’s not forget hard or floppy disk drives while we’re at it. But I digress.

We were talking about deep forms of inspection vs. introspection. Here’s another example from the booming and prosperous online security business where technicians run what they call P E N E T R A T I O N tests. Even the ad graphics for some cybersecurity services (see image below) have predatory connotations.

Are computer forensics actually “stalker services?” Sure, cybersecurity is important to protect critical infrastructure. In fact, the United States Department of Homeland Security has designated October of each year National Cybersecurity Awareness Month.

Image from a website advertisement for cybersecurity services

Image from a website advertisement for cybersecurity services

And while the government is educating us about how to protect ourselves online, obscure and malicious processes like deep packet inspection harbor arcane naming schemes. Here’s an example from Santa Clara law professor and colleague Catherine Sandoval:

…deep-packet-inspection software examines Internet packets attempting to pass through an ISP network and allows the ISP to distinguish peer-to peer traffic [or any other Internet application they choose to track]. . . and either block it or reduce its available bandwidth. Using deep-packet-inspection, ISPs have the technical power to cut off Internet applications with the “flick of a switch”.

Clearly, the plain language law movement sailed right past the kingdom of electronic media policy. In the case of deep packet inspection, linguistic camouflaging involves neutering a verb into a noun. Language experts call this nominalization. Drawing on systemic functional linguistics, Fairclough argues that nominalization occludes meaning:

Nominalization…has the effect of backgrounding the process itself…and usually not specifying its participants, so that who is doing what to whom is left implicit.((2002: 179))

Let’s switch this to active voice to see what deep packet inspection actually means:

SomeONE (like your internet service provider, or the government working in conjunction with your ISP, or advertisers seeking information through your ISP] authorizes the use of someTHING to inspect what you’re doing online.

Still not convinced that the naming of these technological processes is purposefully obscure or gendered? Well then, what about the “sniff tests” that Professor Frieden talks about that ISPs routinely carry out?

“[t]he ability to “sniff” packets makes it possible for ISPs to deviate from “best efforts” routing by discriminating [between bitstreams] on the basis of the price paid for service and as a function of what kind of traffic a bitstream represents.” ((Frieden, R. (2008). Internet packet sniffing and its impact on the network neutrality debate and the balance of power between intellectual property creators and consumers, Fordham Intellectual Property, Media & Entertainment Law Journal XVIII(3), 633-642.))

the sniff test

The ‘sniff test’ is another example of obscure technological nomenclature

And what about the digital body scan technology (as seen in the photo at the top of the page) now being used at 10 U.S. airports and who knows how many international ones (also see Magnet).

Telecommunication practices like deep packet inspection and technology security services like digital scans are disguised in the arcane and off-putting dialect of telecommunication policy, which I argue is a technologized discourse per Fairclough’s use of the term. ((Fairclough, N. (1993). Discourse and Social Change. Bristol, UK: Polity Press.))

Let’s get serious about democratizing the naming of at least some of these invasive, masculinist processes – making their true nature more transparent so that non-experts can understand how to assert their rights in this overly celebrated “convergent” media culture and policy landscape. Let me propose starting with the following (feel free to add more):

  • Digital body scans = public strip searches
  • Content control (aka Internet filters, parental control software, and/or accountability software) = censorship
  • Deep packet inspection = creepy peeping
  • Network neutrality = allowing us to access the online content, applications, and services of our choice

Some of those already working to help make these processes more accessible include: OpenMedia, the OpenNet Initiative, the Electronic Privacy Information Center, Public Knowledge, the Electronic Frontier Foundation, Privacy International, and the Internet Governance Project.

Image Credits:
1. “Talking Bollocks” blog entry titled “X-Ray scanners at airports – More big brother and a cancer risk too”
2. Image from a website advertisement for cybersecurity services
3. Nose

Acknowledgments:
Thanks to the following people for their comments and reflections as I prepared this column: Joan Grossman, Robert Leckey, Milton Mueller, Daniel Pare, Tina Piper, Catherine Sandoval, and Thomasina Williams. ((Additional Recommended Reading: Anderson, N. (July 26, 2007). Deep packet inspection meets ‘Net neutrality, CALEA’: Deep packet inspection provides the tools that ISPs need to throttle, cap, and spy on users. Depending on who you believe, it might also save the Internet. Retrieved from http://arstechnica.com/hardware/news/2007/07/Deep-packet-inspection-meets-net-neutrality.ars

Braman, S. & Rob, S. (2003). Advantage ISP: Terms of service as media law. New Media and Society, 5(3), 422-448.

Cooper, A. (July 17, 2008). What your broadband provider knows about your web use: Deep packet inspection and communication laws and policies. Statement before the House Committee on Energy and Commerce, Subcommittee on Telecommunications and the Internet. Washington, DC: Center for Democracy and Technology. Retrieved from http://cdt.org/testimony/20080717cooper.pdf

Crawford, S. P., (June 2009). Transporting communications. Boston University Law Review, 89(3), 871-937.

Electronic Frontier Foundation. (December 1, 2009). Lawsuit demands answers about social-networking surveillance – Government agencies withholding information on data gathering from Facebook, Twitter, and other online communities. [Press Release] Retrieved from http://www.eff.org/press/archives/2009/11/30

Jayasuriya, M. (July 22, 2009). Forcing the Net through a sieve: Why copyright filtering is not a viable solution for U.S. ISPs. Official Website of Public Knowledge. Retrieved December 1, 2009, from http://www.publicknowledge.org/node/2568

Jonesxxx. (October 13, 2009) X-Ray scanners at airports – More big brother and a cancer risk too. Talking Bollocks. Retrieved from http://talkingbollocks.wordpress.com/2009/10/13/x-ray-scanners-at-airports-more-big-brother-and-a-cancer-risk-too/

Ohm, P. (August 30, 2008). The rise and fall of invasive ISP surveillance. University of Illinois Law Review, 2009, University of Colorado Law Legal Studies Research Paper No. 08-22. Retrieved December 1, 2009, from SSRN: http://ssrn.com/abstract=1261344

Sandoval, C. J. K. (November 2009). Disclosure, deception and deep-packet inspection: The role of the Federal Trade Commission Act’s deceptive conduct prohibitions in the net neutrality debate. Fordham Law Review, 78(2), 641-712.

Sandvig, Christian E. (2007). Network neutrality is the new common carriage. Info, 9(2/3), pp. 136-147. ))

Please feel free to comment.




Regulation is Boring
Becky Lentz / McGill University

Online freedom of expression depends on our ability to untangle the web of regulation

Online freedom of expression depends on our ability to untangle the web of regulation.

At least that’s what some think about media and telecom regulation, anyway. I don’t blame them. Who cares who “the deciders” are for geeky regulatory issues like spectrum allocation and broadband policy? Just make sure I get my cable, telephone, and wireless service, please! Oh, and while you’re at it, don’t be like the Europeans and mess with the likes of Google, Facebook, or YouTube, ok? I just want to Tweet, not worry about who owns or controls Twitter. ((Lentz, Becky. (in press). Media Infrastructure Policy and Media Activism. In Downing, J.D. (Ed.) Sage Encyclopedia of Social Movement Media. Thousand Oaks: Sage.))

Yet, dullness is what camouflages the power and importance of regulators – at times at our own peril. When few are taking note of their delegated legislative, judicial, and police power (Kerwin, ((Kerwin, Cornelius M. (2003). Rulemaking: How Government Agencies Write Law and Make Policy, 3rd Edition. Washington, DC: Congressional Quarterly Press.)); Furlong, ((Furlong, Scott R. (2003). Regulatory Policy, Role and Importance of. In J. Rabin (Ed.), Encyclopedia of Public Administration and Public Policy. New York: Marcel Dekker, Inc.: 1053-1056.)); Warren, ((Warren, Kenneth F. (2004). Administrative Law in the Political System, 4th Edition. Boulder, CO: Westview Press.))) bad things can happen. Consider the infamous Minot, North Dakota chemical spill in 2002 that helped fuel a storm of activism around the Federal Communication Commission’s efforts to loosen restrictions on corporate media ownership. Inattentiveness to the regulation of radio station ownership limits contributed to the failure of local stations to warn the public about the spill, according to news reports. The corporations that are subject to regulation, however, are anything but inattentive. According to a study by watchdog group the Center for Public Integrity, from 1998 to the first half of 2004, the communications industry spent $764 million lobbying Congress and regulators.

Even though regulation plays an integral role in shaping media culture, journalist, advocacy, scholarly, and consumer attention is often directed to more conspicuous flashpoints – legislation or litigation – instead of what public interest lawyer Harold Feld refers to as a sausage factory of policymaking. Ew.

The sausage factory of policymaking

Regulation has been referred to as the “sausage factory of policymaking.”

My wish is that smart TV writers figure out how sex up the work of “administrative science” in ways similar to the otherwise boring, calculating, messy, gooey-erotic, reconstructive, and research-driven kinds of work portrayed, respectively, in shows like Numbers, Dirty Jobs, CSI, Bones, and Cold Case. Forget drama, I’d even settle for franchise spinoffs of The Office or Reno 911! to tee up some refreshing regulatory ridicule.

Surely, there is something at least partly intriguing about the fact that, according to Warren (Warren, p. 12), the United States administrative law as a professional field is “populated by the most powerful class of workers” who spend most of Americans’ tax dollars” (ibid). Mitnick, for example, observes that:

The concept of regulation is not often defined; indeed, it is not often discussed as a concept. It has no accepted definition….[instead, it] is…defined essentially through a listing of regulatory targets and regulatory tools, rather than through consideration of the generic nature of the activity itself. ((Mitnick, B. M. (1982). Political Economy of Regulation: Creating, Designing, and Removing Regulatory Forms. New York: Columbia University Press.))

Mitnick highlights the indirect power of regulation as a process that involves “the intentional restriction of a subject’s choice of activity, by an entity not directly party to or involved in that activity.” (Mitnick, p. 9)

[youtube]http://www.youtube.com/watch?v=k_9t_SFpHL0[/youtube]

Not even Al Franken could make the topic of net neutrality interesting.

So how do we make regulation more interesting when even Al Franken can’t do it in his recent speech on network neutrality? Thankfully, the Daily Show’s writers are following the issue. See, it “can” be explained!

What works about the work-oriented television shows mentioned already? Why do people tune in each week to the mind-numbing, monotonous work of crime lab technicians, lifeguards, FBI profilers, forensic archeologists, or math geniuses? Aha, regulatory work has no dead bodies?

[youtube]http://www.youtube.com/watch?v=YInRabJYxyw[/youtube]

Wanted: interesting people to help animate the topic of regulation.

Maybe we simply need more geeky women to help animate the topic, like Garcia‘s character in Criminal Minds – the gal who sits at her computer 24/7 “looking stuff up” for her team. What about a similar character taking consumer complaint calls all day at the FCC? Or, dare I suggest, we could use more visible conflict of the sort recently stirred up by the “aw shucks” Glenn Beck’s vilification of Mark Lloyd, the FCC’s new director of diversity. At least it got people talking about regulators. Otherwise, what goes on in D.C. agencies is simply invisible to the rest of us.

[youtube]http://www.youtube.com/watch?v=wF2C235fD7o[/youtube]

Glenn Beck’s vilification of Mark Lloyd, the FCC’s new director of diversity.

Warren (2004) bluntly characterizes administrative law as a “mutt” or “mongrel” (p. 27) whose “significance is not appreciated” (p. 29). The activity itself is the boring part. Who has time to sit in endless meetings to discuss standards, for example? But that’s precisely the point: only those already paid to do so. Put the word “policy” in the title of a media studies syllabus and you’re sure to get limited, if any, student enrollment. By the same token, talk about ‘regulation’ in general, and it’s as if you have cracked the conversational version of a rotten egg.

So what’s interesting about regulation is its perceived dullness, the illusion that it’s not about people but simply about ‘things’ — like broadband infrastructure (yawn) – or packet-switches (eyes glazing over). The downside of inattention is what Bowker and Star point out in their study of information infrastructures:

[T]yrannies of various sorts flourish. Some are the tyrannies of inertia – red tape – rather than explicit public policies. Others are the quiet victories of infrastructure builders inscribing their politics into the systems. Still others are almost accidental – systems that become so complex that no one person and no organization can predict or administer policy. ((Bowker, G.C., and Star, S.L. (2002). Sorting Things Out: Classification and Its Consequences. Cambridge, MA: MIT Press.))

Regulatory work goes on out of plain sight, the putatively monotonous task of invisible bureaucrats. We don’t tell dramatic stories about media or telecom regulators – and that’s too bad. Policy debates about network neutrality, Internet governance and copyright law around the world, issues as diverse as those summarized in this essay might seem personally irrelevant, but they aren’t. Examples of egregious industry behavior abound.

Consider the willingness of telecommunications companies to turn over customer information to the National Security Agency of the U.S. in the aftermath of the 9/11 disasters; or the revelation in 2008 that the Chinese government was tracking text messages sent by customers of a joint venture owned by a Chinese wireless operator and eBay, the Web auctioneer that owns Skype. Equally worrisome was when Verizon rejected a request from the National Abortion Rights Action League, or “NARAL,” to send text alerts on reproductive rights to subscribers of NARAL’s text alert service.

To be sure, it’s endlessly more interesting to talk about media culture. Yet what doesn’t garner enough dramatic or satirical attention is the tedious regulatory process that produces the spaces for media culture to even exist. Much like infrastructure, we often only notice when policy fails. But our online freedom of expression depends on attention to regulatory processes. As we speak, corporate engineers and regulators are fixing the rules of the game for 21st century media. Sure, it’s boring. But we had better start tuning in.

Becky Lentz is an Assistant Professor of media and public policy at McGill University’s Department of Art History and Communication Studies in Montreal, Quebec.

Image Credits:

1. Untangling the web of regulation
2. The sausage factory of policymaking

Please feel free to comment.