Does “Deep Packet Inspection” Turn You On?
Becky Lentz / McGill University
Example of an x-ray body scan at an airport
Does “Deep Packet Inspection” turn you on?
Didn’t think so. And you’re wondering, ‘what’s that’? Hang in there. I’ll get to that in a minute.
Even though many economic, financial, political, and social activities depend on access to telecommunication infrastructure such as the Internet, telecommunication scholarship and policymaking remain opaque practices because of their technical orientation and focus mostly on infrastructure issues, anti-trust and competition regulation. When telecommunication issues are taken up in studies of media culture, they often travel under the “digital media/culture” or “convergence” monikers with discussions usually leading, once again, to concerns about content and/or critiques of the industries that produce or distribute content. Rarely do such critiques extend to the infrastructure itself or to what some people might think to be the “boring” policies that support it.
And this leads me to the issue of deep packet inspection (DPI, for short). Like regulation, deep packet inspection also works in the background of media culture, begging the question: So what?
Deep packet inspection is a stellar example of obscure, and as I argue here, misleading (perhaps even tacitly deceptive) telecommunication policy discourse. This discourse is produced and reproduced in a rarefied intellectual landscape inhabited by several cliques of mostly positivist-leaning economists, engineers, lawyers, and technologists. Status accrues to “experts” who succeed in influencing a select number of prominent stakeholders such as elected officials, journalists, regulators, industry leaders, think tank pundits, as well as funders.
As esteemed media critic Ken Auletta points out in his new book “Googled, the End of the World as We Know It”, even companies that many of us have come to revere, such as Google, participate in this exclusionary discourse, which is part of our so-called “new” digital media culture. He notes how fluency in engineering is the price of entry into their strategic conversations. But, exclusionary discourse isn’t the only thing happening here.
Contrary to what its name might lead you to believe, “deep packet inspection” is neither a sex toy, nor a cattle prod. Camouflaged as a “thing”, it is in fact, a deeply troubling process – a surveillance activity that permits eavesdropping, censorship, filtering and other “peeping Tom” functions. Deep packet inspection software transfers knowledge about our Internet use to our Internet service providers (ISPs, for short). This enables them to prevent or delay our use of certain types of applications or access to content, compromising our privacy by selling our Internet usage information to others, or mining it to sell us advertisements based on knowledge of what we do online.
This is bad enough, but we might also benefit from asking ourselves whether such technological “stuff” is as intentionally gendered and possibly even “raced” as some scholars have proposed. ((Dunbar-Hester, C. (May 20, 2009). Beyond “dudecore”? Challenging gendered and “raced” technologies through media activism. Paper presented at the annual meeting of the International Communication Association, Marriott, Chicago, IL; Sarikakis, K., & Shade, L. R., Eds. (2007). Feminist interventions in international communication: Minding the gap. Lanham, MD: Rowman & Littlefield; Wajcman, J. (2004). TechnoFeminism. Bristol, UK: Polity Press; Rakow, L. F. (1988). Gendered technology, gendered practice. Critical Studies in Media Communication, 5(1), 57-70.)) There are many examples that suggest that this is indeed the case. Here are two easy targets on the gender dimension.
Take the process of “shrinking or compressing of electronic data files” – something called zipping and unzipping files. What’s up with mention of deflation and dominance in the Wikipedia entry (emphasis mine) for zipping/unzipping files?
“The ZIP file format permits a number of compression algorithms but, as of 2009 the Deflate method continues to be dominant.”
And what about the same problem in law: soft law (regulation) and hard law (legislation). OK, I relent. So what if they’re gendered? Women wear trousers with zippers too, but be honest; what was your first association for “zip/unzip”? And who is wearing what? Ask yourself, what do bras and hard drives have in common? Bingo, they’re both storage devices! Yet why do their naming conventions differ so much? Just compare the best data storage products of the year with Consumer Reports’ best bras of 2008.
If it seems vulgar to be talking about bras as storage devices, or bras at all in a conversation about telecommunications policy, that’s just my point – we need to denaturalize the telecommunication policy dialect, which seems to work like this:
Let all things technological have at least one number, an acronym or two, and no handy vowels facilitating easy pronunciation or understanding!
And oh, let’s not forget hard or floppy disk drives while we’re at it. But I digress.
We were talking about deep forms of inspection vs. introspection. Here’s another example from the booming and prosperous online security business where technicians run what they call P E N E T R A T I O N tests. Even the ad graphics for some cybersecurity services (see image below) have predatory connotations.
Are computer forensics actually “stalker services?” Sure, cybersecurity is important to protect critical infrastructure. In fact, the United States Department of Homeland Security has designated October of each year National Cybersecurity Awareness Month.
Image from a website advertisement for cybersecurity services
And while the government is educating us about how to protect ourselves online, obscure and malicious processes like deep packet inspection harbor arcane naming schemes. Here’s an example from Santa Clara law professor and colleague Catherine Sandoval:
…deep-packet-inspection software examines Internet packets attempting to pass through an ISP network and allows the ISP to distinguish peer-to peer traffic [or any other Internet application they choose to track]. . . and either block it or reduce its available bandwidth. Using deep-packet-inspection, ISPs have the technical power to cut off Internet applications with the “flick of a switch”.
Clearly, the plain language law movement sailed right past the kingdom of electronic media policy. In the case of deep packet inspection, linguistic camouflaging involves neutering a verb into a noun. Language experts call this nominalization. Drawing on systemic functional linguistics, Fairclough argues that nominalization occludes meaning:
Nominalization…has the effect of backgrounding the process itself…and usually not specifying its participants, so that who is doing what to whom is left implicit.((2002: 179))
Let’s switch this to active voice to see what deep packet inspection actually means:
SomeONE (like your internet service provider, or the government working in conjunction with your ISP, or advertisers seeking information through your ISP] authorizes the use of someTHING to inspect what you’re doing online.
Still not convinced that the naming of these technological processes is purposefully obscure or gendered? Well then, what about the “sniff tests” that Professor Frieden talks about that ISPs routinely carry out?
“[t]he ability to “sniff” packets makes it possible for ISPs to deviate from “best efforts” routing by discriminating [between bitstreams] on the basis of the price paid for service and as a function of what kind of traffic a bitstream represents.” ((Frieden, R. (2008). Internet packet sniffing and its impact on the network neutrality debate and the balance of power between intellectual property creators and consumers, Fordham Intellectual Property, Media & Entertainment Law Journal XVIII(3), 633-642.))
The ‘sniff test’ is another example of obscure technological nomenclature
Telecommunication practices like deep packet inspection and technology security services like digital scans are disguised in the arcane and off-putting dialect of telecommunication policy, which I argue is a technologized discourse per Fairclough’s use of the term. ((Fairclough, N. (1993). Discourse and Social Change. Bristol, UK: Polity Press.))
Let’s get serious about democratizing the naming of at least some of these invasive, masculinist processes – making their true nature more transparent so that non-experts can understand how to assert their rights in this overly celebrated “convergent” media culture and policy landscape. Let me propose starting with the following (feel free to add more):
- Digital body scans = public strip searches
- Content control (aka Internet filters, parental control software, and/or accountability software) = censorship
- Deep packet inspection = creepy peeping
- Network neutrality = allowing us to access the online content, applications, and services of our choice
Some of those already working to help make these processes more accessible include: OpenMedia, the OpenNet Initiative, the Electronic Privacy Information Center, Public Knowledge, the Electronic Frontier Foundation, Privacy International, and the Internet Governance Project.
Thanks to the following people for their comments and reflections as I prepared this column: Joan Grossman, Robert Leckey, Milton Mueller, Daniel Pare, Tina Piper, Catherine Sandoval, and Thomasina Williams. ((Additional Recommended Reading: Anderson, N. (July 26, 2007). Deep packet inspection meets ‘Net neutrality, CALEA’: Deep packet inspection provides the tools that ISPs need to throttle, cap, and spy on users. Depending on who you believe, it might also save the Internet. Retrieved from http://arstechnica.com/hardware/news/2007/07/Deep-packet-inspection-meets-net-neutrality.ars
Braman, S. & Rob, S. (2003). Advantage ISP: Terms of service as media law. New Media and Society, 5(3), 422-448.
Cooper, A. (July 17, 2008). What your broadband provider knows about your web use: Deep packet inspection and communication laws and policies. Statement before the House Committee on Energy and Commerce, Subcommittee on Telecommunications and the Internet. Washington, DC: Center for Democracy and Technology. Retrieved from http://cdt.org/testimony/20080717cooper.pdf
Crawford, S. P., (June 2009). Transporting communications. Boston University Law Review, 89(3), 871-937.
Electronic Frontier Foundation. (December 1, 2009). Lawsuit demands answers about social-networking surveillance – Government agencies withholding information on data gathering from Facebook, Twitter, and other online communities. [Press Release] Retrieved from http://www.eff.org/press/archives/2009/11/30
Jayasuriya, M. (July 22, 2009). Forcing the Net through a sieve: Why copyright filtering is not a viable solution for U.S. ISPs. Official Website of Public Knowledge. Retrieved December 1, 2009, from http://www.publicknowledge.org/node/2568
Jonesxxx. (October 13, 2009) X-Ray scanners at airports – More big brother and a cancer risk too. Talking Bollocks. Retrieved from http://talkingbollocks.wordpress.com/2009/10/13/x-ray-scanners-at-airports-more-big-brother-and-a-cancer-risk-too/
Ohm, P. (August 30, 2008). The rise and fall of invasive ISP surveillance. University of Illinois Law Review, 2009, University of Colorado Law Legal Studies Research Paper No. 08-22. Retrieved December 1, 2009, from SSRN: http://ssrn.com/abstract=1261344
Sandoval, C. J. K. (November 2009). Disclosure, deception and deep-packet inspection: The role of the Federal Trade Commission Act’s deceptive conduct prohibitions in the net neutrality debate. Fordham Law Review, 78(2), 641-712.
Sandvig, Christian E. (2007). Network neutrality is the new common carriage. Info, 9(2/3), pp. 136-147. ))
Please feel free to comment.