thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Friday, March 20, 2009

Deep Packet Inspection: Reading List and Call for Papers

When I started my research project about the governance of Deep Packet Inspection (DPI) almost a year ago, there was basically no social-scientific or even political science literature about it. Some political reporting about it was done by specialized online sources like Ars Technica (hat tip to Nate Anderson for covering the issue so well and early), but all the academic literature on DPI was from some geeks publishing in computer engineering journals. Don't get me wrong, I love geeks, but sometimes they just get lost in the amazing technology options and forget about the political implications.

Times seem to change, and part of the reason for this is a more general awareness of this new technology and its powers. So, for all of you who want to understand more of the DPI debate, and who would be curious to find out how bandwidth management, ad injection, government surveillance, and internet censorship belong together and still often get different rules and regulations, here is a little reading list, in chronological order:
  • Christopher Parsons has published a working paper as early as 2008 for the New Transparency Project overseen by surveillance studies guru David Lyon. The paper is called "Deep Packet Inspection in Perspective: Tracing its lineage and surveillance potentials". Parsons argues that DPI equipment "should be identified as surveillance technologies that can potentially be incredibly invasive". He argues that ISPs "implicitly ‘teach’ their customers norms about what are ‘inappropriate’ data transfer programs, and the appropriate levels of ISP manipulation of customer data traffic."
  • Paul Ohm of the University of Colorado Law School was the first to make the link between the network neutrality debate and the unavoidable privacy invasions that come with any traffic discrimination approach: "The Rise and Fall of Invasive ISP Surveillance". A lengthy, but recommended legal paper that is a good read even for non-lawyers like me.
  • Ben Wagner presented a paper titled "Modifying the Data Stream: Deep Packet Inspection and Internet Censorship" at the 3rd Annual Symposium of the Global Internet Governance Academic Network last December.
  • Joseph Noel, a stock market analyst, has recently published an interesting analysis of the still emerging market for DPI gear. He is guessing that the FCC's decision last year is slowly making clearer where the rules for network management are going, and that this will break the "Traffic Management Deployment Logjam". His recommendations: Cisco Systems - Hold; Procera Networks – Strong Buy; SandVine Corp. - Buy; Allot Communications - Hold. I wonder about all the other DPI vendors, but I also wonder if he knows that the FCC's decision is still being challenged at the U.S. Court of Appeals (DC Circuit).
  • My own paper I presented at the International Studies Association's 50th Annual Convention in February is now available in an updated version: "Global technology trends and national regulation: Explaining Variation in the Governance of Deep Packet Inspection". I go through different use-cases and a few countries and try to explain the variation in DPI governance with the strategic actor setting shaped by each use case as well as with the institutional framework in which the governance debates took place. I also try to lay the groundwork for a "technology-aware policy analysis"-approach to internet governance studies (yes, feedback is welcome!).
  • Chris Riley and Ben Scott of Free Press, not really an academic institution but a lobbying think tank, just published a nice paper about the impact of DPI on Net Neutrality and ISPs' revenue considerations: "Deep Packet Inspection: The end of the internet as we know it?". A good provocative piece that points out potential "winners and losers" in the traffic management arms race (but hell - why did they steal my title?).
  • Nate Anderson again has already written a good summary of the Riley/Scott paper and put it into perspective: "This is the way the Internet ends: not with a bang, but DPI".
Of course, there is a lot more literature around on Net Neutrality, Internet Privacy and other related issues. But the fact that so few researchers have yet even mentioned Deep Packet Inspection or even systematically addressed it is also a sign that many of them are not really aware of the underlying technology trends here.

I would love to see more social-scientific, legal, and philosophical studies on DPI, e.g.
  • from a governmediality or "code is law" perspective, analyzing how the injection of DPI in our technology-mediated environment shapes the way we as Internet users can behave and which choices we have;
  • from a discourse-analytical perspective, tracing the discoursive frames and public perceptions around DPI;
  • from a governance perspective, explaining the variations in DPI governance and regulation from perspectives other than the "interaction-oriented policy analysis"-approach I used for my paper - hey, what about regulatory capture, agenda-setting, new modes of government, or plain old economic pressure?
  • with empirical data from beyond the U.S. or the english-speaking Western world (Wagner tries this, but the sources from China are limited so far);
  • with quantitative data on DPI usage by different ISPs in different countries, linking it with the regulatory and market environment and showing statistically significant links;
  • from a human rights perspective, making clear the possible conflicts of DPI with freedom of speech, freedom of assembly and freedom from intrusion (a.k.a. privacy) online;
  • edited to add: from a legal perspective, analysing the regulations for DPI and related technologies in different countries;
  • edited to add: [fill in your favourite social sciences / humanities / legal and related perspective here].
So, here is my pledge: If I get enough feedback and ideas for possible papers in these or other interesting directions, I promise to you that I will take the task of organizing a workshop or a conference where we can all meet and discuss wildly. How does this sound?