Online Journal 
Tuesday, Nov 11, 2008
There are plans to deploy ‘black boxes’ in UK ISPs’ networking hubs so that the government can capture and record every website that UK citizens visit.
A similar operation is in full swing in the United States, where the NSA has hooked up their own ‘black boxes’ to American Internet Service Providers’ (ISPs) networks to capture ‘questionable content’ passing through these networks. Unlike the Americans, who only examine questionable content, the UK government is planning to develop a database to hold the contents of all messages passing along their nations’ telecommunications networks.
While this issue has recently been sensationalized in the media, I have yet to find a source addressing the actual technologies that will (likely) drive these ‘black boxes.’ I want to address that deficiency, calling attention to the Deep Packet Inspection (DPI) technologies that will presumably be responsible for examining, categorizing, and heuristically evaluating the data flowing across British ISPs’ networks. In this piece, I want to briefly explain how DPI technology works, its technical limitations, and modes of actively evading its surveillance powers. Evading DPI-enabled surveillance is essential to participate in free, unsurveyed discourse in the contemporary digital environments that Western citizens find themselves within.
ISPs are uniquely situated to survey all of the data traffic that their customers are involved in. ISPs, unlike Google, Yahoo!, or Microsoft, act as gateways that individuals must pass through to access the Internet-at-large. Thus, any attempt to comprehensively survey an individual’s online activities must occur at the ISP-level. While simultaneously monitoring millions of customers might seem a Herculean task, or one firmly situated in the realm of science fiction, networking hardware vendors such as Cisco, L-1, Ellacoya Networks, and Procera Networks have risen to the challenge, producing devices that can survey, filter, alter, and censor content in real time, as it passes through ISPs’ networks.
(Article continues below)
Packets of data traversing the Internet are composed of two parts: a header and a payload. The header holds the general addressing information — where the packet is going, in what order it should arrive at its destination, and so on. The payload holds information about the application that sent the packet, as well as the particular contents of the packet itself — in the case of email, each packet holds the address that it should be delivered to, a bit of information that notes that an email application sent the packet, and some of the email’s text. Metaphorically, a packet can be thought of in the terms of postal mail: the header corresponds with the address on the outside of the envelope, and the payload the letter itself.
DPI equipment lets ISPs examine the header information as well as the payload. This means that ISPs can examine the text of email, instant messages, cellular phone text messages, and unencrypted Voice over Internet Protocol (VoIP) communications, in real time, as these messages are transmitted. Given the present state of available networking equipment that the world’s networking vendors have made available to the market, I strongly expect that the UK government’s ‘black boxes’ are, in essence, DPI devices that capture data as it moves across UK ISPs’ networks, and will transmit the contents of those packets to government databases while analyzing packets’ contents to identify if they are carrying ‘questionable’ payloads.
The effectiveness of DPI
The Internet Evolution actually tested DPI equipment provided by Ellacoya and Ipoque earlier this year. In their tests, they found that these vendors’ devices could not filter ‘unwanted’ content 100 percent of the time — the applications targeted by the devices continued to function, although at reduced speeds, in spite of the censoring and filtering heuristics that the devices employ. This suggests that attempting to capture unencrypted Voice over Internet Protocol conversations, as an example, will never be fully successful because some packets associated with a conversation will not be correctly identified, captured, and saved in meaningful ways by the UK government’s ‘black boxes.’ Moreover, and pertaining to the following section, the tests that the Internet Evolution performed suggest that data-encryption strategies can prevent the capture and filtering of data traffic.
Evading DPI surveillance
It seems that every day we hear about a new data scandal in the UK; some new database is accidentally leaked, putting the information of hundreds, thousands, or millions of UK citizens at risk of being used for nefarious purposes. The suggestion that all citizens’ digitized conversations and online actions be captured and stored by the UK government only heightens worries: what will happen when (not if) this proposed database is breached? How much information will be accessible to criminals?
Fortunately, UK citizens can prevent their government’s DPI equipment from ever capturing conversations or online actions, and thus simultaneously limit exposure to the risks of identity theft and ubiquitous government surveillance. A core weakness of DPI equipment is that it cannot read the contents of fully encrypted communications. This means that when you send or receive encrypted data packets that the government’s devices will be unable to capture the contents of your email, your VoIP sessions, or your instant messages.
Encryption isn’t something that is terribly hard to set up; Voltage Security has a product that will let Windows users encrypt their sent email at a low annual cost. By default, Skype encrypts its data traffic to prevent surreptitious snooping of your private conversations, actually providing more privacy than talking on the phone. When it turns to instant messaging, there are several open source clients such as Trillian (for Windows) and Adium (for OS X and Linux) that have built-in encryption and compatibility with all major messaging services. Finally, when browsing websites, access the ‘https’ versions of the sites whenever possible to encrypt data traffic to and from the websites.
Why Hide from Her Majesty?
You may be asking: why should I bother with this encryption nonsense? I don’t have anything to hide — as a law-abiding citizen I find it offensive, but not necessary ‘dangerous,’ that my government is snooping on me. Only criminals have something to hide!
The collection and centralization of large amounts of personal data gives criminals a single point that they can attack to access to vast swathes of information about law-abiding citizens. As the UK government persistently demonstrates, it cannot be trusted to secure the citizen data that it holds. By continuing to predominantly send unencrypted messages, you greatly enhance the chances that your personal information could be used to open lines of credit, create phony identification documents, and generally cause mischief in your good name. Encrypting your data, hiding your personal thoughts and communications from the proposed UK ‘black boxes,’ is essential to prevent your identity being stolen, and ensures that you can continue to engage in free speech without feeling the chilling effects of persistent government surveillance. Protecting your communications isn’t about hiding because you’re a criminal: it’s about limiting criminals from taking advantage of your good name while protecting your enshrined right of free speech.