17 comments

[ 2.3 ms ] story [ 58.4 ms ] thread
Would SSL hide packet contents from deep packet inspection by an ISP?
It will surely obscure the content of your packets, but the goal of the carrier is to inspect what 'services' you are using that you are not 'entitled' to.

Port numbers for instance could point to certain services. Port numbers cannot be obscured using an encryption layer such as SSL.

They can, of course, be obscured with port forwarding, but I guess that isn't so big a current concern of the carriers.
It wouldn't surprise me if they'll just give unidentifiable traffic the lowest possible priority on their network to discourage it.
The news has now gone mainstream in the Netherlands, I doubt if this practice will survive the legal and political shitstorm it's about to cause.
For those not familiar with the matter: KPN used to be the state (monopoly) teleco company before privatization of the telco industry. As some other carriers, they banked too much on voice and SMS services. Since that income is quickly evaporating, they have to fire thousands of employees in the near future.

They are now trying to compensate their strategic mistakes by introducing tiered internet subscriptions where customers pay higher subscription fees to use VOIP and messaging services. Since there are only three big mobile operators in The Netherlands (T-Mobile, Vodafone, KPN), the worry is that the others will quickly follow suit.

I wonder if that affects Germany as well. For all I know EPlus, one of big three providers here (with T-Mobile/Vodafone) is part of the KPN group. It will be interesting to see if this is a trend that propagates..
Human (me) translation. All parentheses mine.

KPN uses deep packet inspection on mobile internet communications.

In a (Q&A) session with investors, KPN has admitted making use of controversial deep packet inspection technologies. By doing so the telecommunications company might be in violation of the law.

In a question and answer session with investors Marco Visser - VP of KPN Mobiel Nederland - confirmed KPN to have used controversial deep packet inspection eavesdropping methods to map mobile data traffic of it's customers. "As far as we know we are the first in the world to do this", according to the VP. According to Visser one of the purposes of dpi is measuring the WhatsApp-penetration among certain groups of customers.

Tuesday KPN CEO Eelco Blok presented numbers(/statistics) meant to illustrate the rapid growth of "sms-killer" WhatsApp among Hi(KPN)-customers. Now it is understood from Visser's comments that this data has been collected with the use of deep packet inspection over a period of at least nine months.

Visser also told shareholders that KPN intends to apply this same technology to VOIP-traffic to enable them to charge separately for related applications. Earlier this year KPN already announced the introduction of new subscription models and for prices of mobile internet subscriptions to increase, but the company never made clear which methods would be used to detect uses/applications like VOIP in its mobile data-streams.

It's unclear if KPN currently still makes use of dpi on it's mobile network, and if the telecommunications company also uses it on it's other networks; the company has yet to respond to any questions regarding the matter. It's also unknown whether KPN only analyses packet headers, or if their analysis also includes the payload. Nevertheless KPN enters a gray area with their use of dpi, and is possibly in violation of the law.

Clarification: Marco Visser isn't CEO, he's basically the VP of Mobile. Eelco Blok, mentioned later, is the CEO of KPN.
Yes, they are using DPI. Check out this page from leading DPI vendor Procera Networks[1]:

"The core component in PacketLogic is Procera’s own identification engine DRDL – Datastream Recognition Definition Language. DRDL facilitates a broad range of criteria to properly identify the application of each individual datastream, a.k.a. flow, session or connection. The identification relies on bidirectional information like the packet sequence in a handshake, header information, protocol, actual payload, and other distinguishing characteristics of an application. This way DRDL can properly identify even encrypted applications."

[1]http://www.proceranetworks.com/drdl-technology.html

To be honest, way back when I got my first mobile data plan, it actually surprised me to get the bill and NOT find a list of all the websites I had been visiting, in the same way that it shows each text message and each phone call w/phone number. I was kind of expecting them to be doing this from the beginning.
They are claiming now, that this was only done "to track the growth of Whatsapp over the course of nine months". They're very interested in charging extra for VOIP and Whatsapp-type services.

EDIT: See (dutch) statement at: http://www.kpn.com/corporate/overkpn/Perscentrum/nieuwsberic... They used DPI to analyze Whatsapp usage and are checking if all the rules were applied regarding data used for the analysis.

> charging extra

I doubt they will, as customers would simply leave for one of the competitors. They will loose much more than they'll gain. Continuing to try and cash in on SMS traffic is like continuing to try and sell music the old way: we've entered a new era and that business model just won't work.

I agree, I'm not at all sure how they plan on doing that. VoIP I can understand, and most contracts/plans also ban "SMSoIP", but Whatsapp is something different. For the longest time I had a phone with rockbottom SMS rates sitting at home that I used a webinterface for to send messages cheaply.