Tuesday, 15 February 2011

Warning the Public of the Perils of DPI

To clarify a possible miscommunication, I'm not saying the public at large should not be concerned about DPI.  The public should be concerned about it in the larger context.

When the public at large is warned of the dangers of a particular technology, and that technology becomes the focus of a movement, the public is then putting on blinders to what the true danger is.  The "problem" the public should be focused is not on DPI per se, the problem is policies around data sniffing and data controls in general.

The way the DPI debate is being framed, is akin to warning of the perils of long-gun use in a high crime area; and ignoring the fact that handguns and knives are readily available.  If a community group of some sort took action to ban rifles and shotguns, it wouldn't solve the overall problem, which is crime and violence in the neighborhood.

Such is the DPI debate.  By focusing on DPI (which has an unclear definition) public concern can by waylaid by a changing of the terms in the debate.  We see this very tactic in the "we're not a DPI vendor" claim from APConnections.  As an individual, do you really care if your ISP is shaping/sniffing/blocking/recording your data traffic with or without DPI devices?  Of course not, you care that your ISP is shaping/sniffing/blocking/recording your data!  So APConnections is no more pure than any other vendor, but because groups are focusing on DPI, they're vulnerable to claims made by supposedly none-DPI vendors.  They've traded long-guns for knives, knives that stab in the back because they trust the wielder.

By broadening the scope of the debate into the why of traffic management, rather than the how, we also avoid the other pitfalls of banning a useful technology.  ISPs do have legitimate uses for DPI technology, two none-debatable uses (I hope!) are anti-spam and anti-malware.  DPI can increase the effectiveness of end-user security so that you don't have to worry as much about spam in your messaging device (e-mail, smartphone, etc.) and being infected with a virus or a worm.  (Though customers over-relying on the ISP for their own security has its own pitfalls, but that is a separate debate.)  Why?  End-user security: Good.  Why? Tracking and recording so governments can spy on you: Bad.  You don't have to be a network engineer to debate those points.

These common reference points serve the none-technical public better than nerdy technical discussions that re over everyone's head.  The same factor is at play here in the Usage Based Billing debate that so gripped the country (OK some of the country) last week.  It was a very technical debate about how to charge for traffic for inter-connect links between ISPs, instead of a fundamental debate about how closed regulated markets hinder competition in Canada.

So yes, be concerned that ISPs/Governments/Criminal Organizations/whomever use DPI for nefarious intent, but be warned that if a specific technology such as DPI is banned, they'll just find something else to use.

No comments: