Deep Packet Inspection is a threat to net neutrality, say campaigners

Some of Europe & # 39; s largest ISP & # 39; s and mobile operators are accused of using Deep Packet Inspection (DPI) technology to quietly undermine net neutrality rules and user privacy.

News of the troubling allegation reached the public domain earlier this year in an analysis of the German organization epicenter.works. It was claimed that it had discovered 186 products offered by suppliers aimed at applying DPI to their customers' traffic. Deep packet inspection filters network traffic by looking at the contents of data packets.

Mark Still from Naked Security explains:

Traditional network filtering is like driving road traffic based on the type of vehicle. DPI is like looking at who is driving and what is in the trunk.

Now a group of academics and advocates of digital rights led by European Digital Rights (EDRi) has sent an open letter to the EU authorities, citing the implications of this. The EDRi letter states:

Several of these products are confirmed by mobile operators with large market shares that they rely on DPI because their products allow application or service providers to identify their traffic through criteria such as domain names, SNI, URL & # 39; s or DNS snooping .

EU regulations prohibit DPI for anything other than basic traffic management, but it seems that providers in many countries have found a gray area that allows them to bend – and increasingly circumvent – those rules.

The front line of this is & # 39; zero rating & # 39 ;, where mobile operators attract subscribers by offering free access to a specific application – a streaming service is an example – without this counting for their data control.

Due to its nature, this is at the expense of larger providers of applications, which undermines the principle of net neutrality that all applications and services must be given equal priority on different networks.

DPI is the technology that makes this possible because:

DPI allows IAS providers to identify and differentiate traffic in their networks to identify traffic from specific applications or services for the purpose, such as otherwise restricting or prioritizing billing over other traffic.