Network Neutrality and Internet Security

Page 1 of 17

Historical Background Deep Packet Inspection

Explanation of Illustration The symbol of the customs inspection station represents the way that every packet is indiscriminately pried open and analyzed, and is then given a judgement by the software to determine the priority and action that will be done upon it. Unencrypted transmissions, which make up the majority of noncommercial Internet access are susceptible to interception by government or corporate proxies and censors, and have been known to be recorded and sold to advertising companies for consumer targeting and statistics. Even if the data is encrypted, the origin and destination are still known (unless it is being tunnelled through an indirect trusted route), to require such is counter-productive to the idea of a free and open network for human collaboration. Interference by network administrators are increasingly being motivated by monetary, political and personal agendas, as a result of the further integration of digital networking in modern human communications culture. Countries, Territories and Institutions Involved Worldwide Usage The technology is used throughout the world in every major gateway and telecommunications hub, it is even used in private routers to filter incoming transmissions, and determine specific actions (as specified by administrator). It is a very necessary technology to ensure efficient and secure networking, in most circumstances, it does not violate any technical specifications for the IP protocol or other linking standards, but its sophistication at detecting and analyzing content makes it a very potent tool for ethical abuse. Applications of Technology Network Operators and Governments Deep Packet Inspection (D.P.I.) is the intentional analysis and exposition of data packets sent across a network (i.e. the Internet), the technology is primarily employed by Internet Service Providers, but can, and has been used by law enforcement agencies, governments, and educational institutions. D.P.I.s exist in firewalls installed at major routers, gateways, and continental internet backbones, any unencrypted data could have its type identified, its contents copied and read, its transfer delayed, and its destination changed. I.S.P.s have been silently implementing the technology for extra-administration purposes, it was not until privacy groups in the United Kingdom and the United States of America finally brought the issue to light in 2007-2008 that it has become controversial (with the advent of the BitTorrent technologies). All of the major I.S.P.s in Canada have admitted to using the technology to throttle bit-torrent traffic, amongst other things, clearly discriminating against this form of network communication. D.P.I. can be likened to mailmen tearing open each and every letter sent, and after reading it, determines its priority, then secretly re-sealing it so that it can be delivered to its destination. The implications are numerous, if seen by the wrong people at any point between the client and the server, identity theft is a very real possibility; the information contained within personal and business messages are priceless to advertisers, D.P.I. has the potential to become the most severe and complicated breach of privacy, (Office of the Privacy Commissioner of Canada, n.d.).

Network Neutrality and Internet Security

Page 2 of 17

Illustration 1: The Customs symbol seen at inspection points when entering countries and territories

Network Neutrality and Internet Security

Page 3 of 17

Historical Background Network Neutrality

Explanation of Illustration The network map below by the Opte Project represents a small portion of the Internet, it visualizes how individual computers (clients) rely on many larger network switches, relays and sometimes tunnels to get the data packets to its destination, and return. The companies that run these large networks and routers may artificially reduce speed, censor or replace content, and discriminate against all types of traffic by purposely transmitting packets out of order (all need to be reassembled at once), sending garbage data, and holding back its transfer to increase latency. The lobbyists for Network Neutrality demand that the Internet Service Providers and governments do not interfere with Internet communication, and that access and pricing should be fair and level for all websites and services. It is necessary for all of them to cooperate, because of the dependant nature of the Internet to rely on often non-redundant infrastructure. Network Neutrality Ensuring Communications Integrity and Freedom from Discrimination Network neutrality is a fundamental principle that defines the equality of priority and prevention of interference in the communication by transmission of information across the Internet. No specific service or technology should be purposely altered, intercepted for invasive analysis or be throttled, there should not be any discrimination in the transfer of content. Major Internet companies in the United States of America have begun practising this, using their own judgement to determine the loading times of specific websites (especially of competitors), delivery speed of certain types of content (video streaming, file sharing, P2P), and opening up internet packets for analysis. The issue is very controversial, because it is necessary, and may be politically motivated by multi-billion dollar intellectual-property owners and media corporations to thwart internet piracy, though it influences this without legal empowerments, and also affects legitimate connections. The unencrypted personal and private information exposed can be used for marketing, anti-competition and advertising purposes, all without the knowledge and consent of the consumer. The most disturbing aspect of this practice is that it is exceedingly easy for an employee, visitor or even non-affiliated people to view and access the data, without leaving any trace. The Internet should be treated as international public infrastructure, use and control should be fair and equal in all places, no matter who owns the physical connections (Free Press, n.d.). Network Neutrality is not only limited to the Internet Protocol (IP) and its infrastructure, web services and applications have the capability to discriminate against clients, as the standard HTTP header (which is base protocol for the World Wide Web) sends along operating system, browser and the IP address. With this, it is possible to reject or refuse certain services based on ulterior motives, Yahoo! displays warnings when viewed on a Linux operating system (despite using state-of-the-art standardscompliant browsers like Firefox), Microsoft's Hotmail service used to purposely load disfigured on the competing Opera web browser, and IP geo-location is used extensively to indiscriminately block entire countries and continents. No public provider should refuse service to a valid client for any reason except for real and genuine security or legal issues.

Network Neutrality and Internet Security

Page 4 of 17

Illustration 2: Visualization of a portion of the Internet (Network Map) by the Opte Project

Network Neutrality and Internet Security

Page 5 of 17

Victims and Perpetrators Bit-Torrent Throttling

Explanation of Photograph The picture of protestors is of a demonstration against Comcast Corporation, a fairly large telecommunications company in the United States. In 2007, it became the first Internet Service Provider to admit to throttling bit-torrent traffic, and disconnecting seeds (clients with complete data sets) and severely depressing the rate of transfer. Although the bit-torrent and related P2P technologies are more widely known to be used for the redundant distribution of illegal copyrighted content, they also carry legitimate publications, and some of what is shared does not even have valid enforceable copyrights (out of jurisdiction, improper or expired licenses...). Although the Internet is an international infrastructure, countries tend to indiscriminately attack these communications, and as a result, a perfectly well-designed protocol for reducing the load on central file servers to distribute content takes collateral damage and is given a bad reputation. Violation of Network Neutrality Bit-Torrent Throttling TorrentFreak has been monitoring the incidences of bit-torrent traffic throttling by Rogers Corporation that began in September 2010, Rogers initially blamed the phenomenon on network upgrades, but eventually admitted that it was intentionally interfering with client-internet communications under intense pressure from consumers and the C.R.T.C. Users witnessed a severe degradation in both upstream and downstream bit-torrent (P2P), file-sharing site transfer and gaming traffic. Christopher Parsons of the University of Victoria indicates that pre-September 2010 transfer rates of several megabytes per second have been reduced to a mere several hundred kilobytes per second. Traffic throttling is contrary to Roger's own network management policy, but a lawyer said that the company would use this as an opportunity to revise its I.T.M.P. (requires C.R.T.C. Approval) (Ernesto, 2010). The C.R.T.C. Has made agreements with all of the major Internet Service Providers in Canada (including Rogers, Bell, Shaw and Telus) to selectively monitor internet activity and conduct trafficshaping as long as it is equal in all areas, to protect those places with older or less effective infrastructure.

Network Neutrality and Internet Security

Page 6 of 17

Photograph 3: Customers of Comcast Corporation protesting in the United States against the artificial throttling of internet traffic

Network Neutrality and Internet Security

Page 7 of 17

Victims and Perpetrators Web of Trust

Explanation of Diagrams The following two diagrams are of the system of public-key infrastructure trust system on the Internet, and the possibility of a man-in-the-middle scheme of attack on it. The SSL/TLS framework for web browsers are used for both authentication and encryption, though it is more often the latter. On the Internet, with sites constantly changing and addresses in fluctuation, it is difficult to ascertain the identity and location of places, companies known as root certificate authorities contact the site operators (the most basic level is by administrator e-mail from the ICANN record), and digitally sign their SSL/TLS certificates to vouch for their identity, so that the individual does not have to worry about the authenticity. The root C.A.s are all reputable corporations or institutions, and all operating systems are shipped with copies of their public-keys for unquestioned verification of website certificate signatures, hence the term 'Web of Trust'. If C.A.s blindly issue certificates however (Diagram 2), it is no longer possible to guarantee the authenticity of a server, and makes it vulnerable to malicious operations in between to exploit the automatic trust. Unjustified Faith The Necessity of Accountability in Outsourcing Trust to the Private Sector The Internet relies on the Web of Trust to verify the exchange of encryption certificates, it is the weakest, but most fundamental part of the Public Key Infrastructure scheme of SSL/TLS asymmetric cryptography. All web browsers and operating systems come with a set of global root certificates, downloading the browser software requires a blind 'leap of faith', that should theoretically be the only un-protectable step. Reputable companies and security firms act as Certificate Authorities, they create and digitally sign sub-encryption certificates to consumers (web merchants, platforms), after verifying that the company or individual is in control of the website (since TLS certificates are tied to the domain name). Because their root certificates (public key) are on every computer, they are automatically trusted, and their identity is assumed to be guaranteed. One of Comodo's 'Trusted Partner's automatically issued 9 certificates (including www.google.com, login.yahoo.com) without properly checking for ownership, if this had not been noticed, countless users would be at risk for man-in-themiddle attacks, and the browsers would not be able to tell real from fake, since the certificates were signed by a valid root C.A.. An Iranian later admitted responsibility for the 'hack', he had compromised a regional Registration Authority (R.A.) admin account with weak credentials. Although no damage was sustained, it shows how fragile the web of trust of which all e-commerce and internet communication rely on is, it only takes a single certificate authority to bring down the entire framework (Bright, 2011).

Network Neutrality and Internet Security

Page 8 of 17

Diagram 4: The Chain of Trust a client web browser or application takes in verifying the authenticity of a server

Diagram 5: The Man-in-the-middle attack, a classic and very effective interception technique, where the eavesdropper employs IP-spoofing or similar technologies to trick the client into thinking it is talking to the expected destination

Network Neutrality and Internet Security

Page 9 of 17

Victims and Perpetrators Internet Censorship

Explanation of Map The map on the following page is of the political countries of the world, shaded by degree of censorship (as determined by the British Broadcasting Corporation). Censorship is mainly focused in Asia and the Middle-East (which is also part of Asia), most of the countries highlighted were Cold-War era allies or supporters of each other, contrary to the original Western N.A.T.O. nations (and Japan), forming what the U.S. might call the axis of non-democratic tyranny and mass sufferance. Censorship is especially potent in China and Saudi Arabia. Suppressing the Right to Expression and Access to Knowledge State-Imposed Protection In larger populous countries such as China, where the Internet is major part of the culture of the younger middle-class, the chilling effect caused by the state media's glorification of the persecution of censorship violators make people think twice before writing out their minds in blog posts and personal websites. The government is able to control and limit the information sent by its citizens because all of the major social-networking sites are hosted and operated in China, many foreign sites are blocked, and the population and sophistication of Chinese infrastructure allows it to be isolated from other parts of the Internet world (most people do not speak English anyways). There is major misconceptions and unfair reporting of the P.R.C. in the West on its Internet policies, while it does block out content with anti-Communist Party of China views, it is mostly to filter the Internet of rampant immoral media such as pornography, dangerous information (such as of bomb manufacturing this is illegal in Canada) and libel present everywhere else. It is questionable whether the reporters have any knowledge at all of what they are publishing, or are themselves unwilling to go out or are ignorant to the truth, and would rather express their hatred of non-diplomatic (and therefore evil) countries, and of whether this applies to the government, or the entire race that not only tolerates, but accepts it. Use of D.P.I. in Internet Censorship A Realistic Unethical Application of Technology Deep Packet Inspection technology is actively employed in firewall technologies for a variety of purposes, from mitigating denial of service attacks by datacentres to traffic shaping by ISPs to torture their customers. In this paper published by Global Voices (the first draft of which was presented at the 3rd Annual Giganet Symposium in 2008), it was argued that D.P.I. would endanger the freedom of speech when used in the form of online censorship, than by the aforementioned means. Many restrictive states in the world require ISPs to filter the Internet of sites with explosive political views against it (Wagner, 2009), or promote communication with the Western world (especially the United States), the People's Republic of China, for example employs tens of thousands of staff to shut down websites, and enforce Internet regulatory laws.

Network Neutrality and Internet Security

Page 10 of 17

Map 6: B.B.C. Map of regions of the world that censor and filter Internet content before delivering it to the public

Network Neutrality and Internet Security

Page 11 of 17

Current Day Perspectives Shadow Internet and Mobile Networks

Explanation of Diagram The suitcase software-enabled peer-to-peer 'mesh' tunnelling technology allows for a non-central connection that can not easily be shut down or discovered, not unlike bit-torrenting. Software is readily available for laptop computers, wireless-enabled P.C.s and even cell phones, to continually transmit and relay network packets (will have significant delay, but reliably delivers content). Unleashing the Internet Redundant Proxy Networks to Bypass Regional Censorship The United States Government, by the leadership of the Obama Administration has invested $2 million in creating a suitcase model to deliver free portable large-area wireless networks and over $50 million in independent mobile phone towers protected in U.S. military bases. This is a fairly effective method of providing proxies that bypass the D.P.I. filters installed at every I.S.P. in countries that oppressively censor the Internet, these suitcases can be shuttled between land-borders easily, and provide service to anyone with WiFi-enabled browsing devices. Funding is handed out generously by the State Department, which is also involved with supporting the development of anonymity software for tunnelling and masquerading targeted and countries like China. The suitcase project's infrastructure relies on a mesh network, instead of relying on a single point or gateway, data is sent to other devices to be relayed back to the central hub, there is no need for direct communication. The software to do this can be downloaded by connecting to the network, or spread through physical media (such as CDs). This is part of a larger scheme of the U.S. to permit foreign citizens of other countries to accept their ideals of unrestricted free-speech and democracy, it is common knowledge that it broadcasts its Voice of America radio content into other nations' territory to galvanize the citizens. In this case, the motives are questionable, but compatible with world views of pro-choice and the right to know and hold the governments of the citizens responsible on both ethical and moral counts. The official position of the U.S. is to enable free-speech, not to destabilize regimes, this however is a very obvious lie, and could potentially reveal its own hypocrisy in supporting those regimes that censor information and require of the use of such technology. The culture in Middle Eastern has changed, such that there is serious discontentment with rulers, the general illiteracy and inexperience to the democratic process tends to fester authoritarianism by political parties. The advent of cell phones has also changed the process of communication, from the several thousands of cell phone users in 2001, the figure is now in the millions, a significant proportion know how to use bluetooth ad-hoc technology to clone and share videos and other media wirelessly, without the Internet. The U.S. Army has also worked in rural areas to set up secure transmission towers, where the stateoperated networks are mysteriously shut down during the night by the Taliban to protect themselves while conducting their nocturnal activities. By the end of 2011, the Department of State estimates that $70 million would have been spent on these innovative initiatives to enable the people (Glanz and Markoff, 2011).

Network Neutrality and Internet Security

Page 12 of 17

Diagram 7: A diagram of the peer-to-peer tunnelling networking enabled by the 'suitcase technology', compared to conventional Internet connections

Network Neutrality and Internet Security

Page 13 of 17

Page Intentionally Left Blank

Network Neutrality and Internet Security Works Cited

Page 14 of 17

Bright, Peter. Ars Technica. How the Comodo certificate fraud calls CA trust into question. Mar. 24, 2011. Web. May 23, 2011. <http://arstechnica.com/security/news/2011/03/how-thecomodo-certificate-fraud-calls-ca-trust-into-question.ars/>. The incidence of Comodo, a major issuer of SSL/TLS certificates accidentally allowing a highpaying customer to issue illegitimate certificates is reported, the consequences of it, and the revelations of the greater picture of global certificate signing and automatic trust system is well described. Ars Technica is very reputable and popular technology and science blog-style news media organization, the authors of its articles consists of university graduates and industry field experts, their content is reviewed before publication, and is generally considered to be well researched and easy to understand. Their is no motive or reason for their bias in reporting on the faults of a present technology that is being actively developed, the author did not necessarily criticize Comodo for their frightening oversight. Ernesto. TorrentFreak. Rogers BitTorrent Throttling Experiment Goes Horribly Wrong. Dec. 13, 2010. Web. May 23, 2011. <http://torrentfreak.com/rogers-bittorrent-throttling-experiment-goes-horribly-wrong-101213/>. In a post, Ernesto, the creator and main author of the site writes of the bit-torrent and related services signal and transmissions degradation, retelling the events of how Rogers has initially attempted to prevent media and public attention on its practice, and the eventual implications on customers. TorrentFreak is a fairly reputable source, a leading voice in the reporting on grievances of users over I.S.P. and Government interference on the internet, it has been featured on C.N.N., the B.B.C., the Wall Street Journal, the Guardian, and the New York Times, asserting to its reliability and truthfulness of information. Free Press. Network Neutrality. n.d. Web. Jun. 7, 2011. <http://www.freepress.net/policy/internet/net_neutrality>. Article contains a brief overview of the fundamental philosophies and principles argued by it supporters, in addition to a number of useful examples of foul play and lack of accountability to and control by the public Free Press is a recognized media lobbying group in the United States for media reform and universal access to communication that is non-profit and non-partisan, with over 500, 000 members, it is the largest of its kind in that nation. The content of Free Press has been featured in numerous other media, and the nature of its publications assumes that it presents truthful neutral information that causes uneasiness. The organization has had run-ins with the American right-wing, who have taken to saying that it has socialistic/communistic Marxist ideals, but this of course expected of that people, it in no way affects the credibility of this source. Glanz, James and John Markoff. New York Times. U.S. Underwrites Internet Detour Around Censors. Jun. 12, 2011. Web. Jun. 13, 2011. <http://www.nytimes.com/2011/06/12/world/12internet.html>. The source is a four-page online article on direct U.S. Government efforts to set up and maintain reliable internet and mobile phone networks that are secondary to and completely independent of stateoperated ones, to bypass censorship and service interruptions when there is unrest. It is meant to allow

Network Neutrality and Internet Security

Page 15 of 17

the citizens of media-oppressive nations to speak their minds, hopefully without drawing to the hypocrisy of the U.S. at the same time. The New York Times is an American newspaper, and is therefore subject to regulatory and quality-of-publication regulations, the source is trustworthy, and its content is verifiable by its extensive resources. Office of the Privacy Commissioner of Canada. What is Deep Packet Inspection?. n.d. Web. May 23, 2011. <http://dpi.priv.gc.ca/index.php/what-is-deep-packet-inspection/>. Resource gives an overview of the implications of Deep Packet Inspection, presently permitted to be employed by Internet Service Providers by the Canadian Radio-television Telecommunications Commission. The Office of the Privacy Commissioner of Canada is an agency of the government of Canada and is well-maintained, thereby making it instantly reputable. The dates indicated within the articles are fairly recent, reflecting current perspectives and consistent updates. In addition, the article is an introduction to an open public invitation to telecommunications, law, philosophy, civil liberties and computer science representatives to submit multi-stance essays, it is therefore neutral of opinion and bias, and only presents the facts. Wagner, Ben. Global Voices Advocacy. Deep Packet Inspection and Internet Censorship: International Convergence on an Integrated Technology of Control. Jun. 25, 2009. Web. Jun. 12, 2011. <http://advocacy.globalvoicesonline.org/2009/06/25/study-deep-packet-inspectionand-internet-censorship/>. A connection between D.P.I. And its uses in internet censorship is made in the paper published by Global Voices Online (the parent organization). Global Voices Online is a network of journalists and bloggers, it was started by the Berkman Center for Internet and Society of Harvard University, amongst other things, it translates international content across the world into many languages, in order to link together places and cultures. The information provided is published and was presented before academic and industry representatives, it is an unbiased and realistic view of the use of technology against freespeech.

Network Neutrality and Internet Security Works Cited Images and Diagrams Ars Technica. Diagram 4: Chain of Trust. Mar. 24, 2011. Web. Jun. 13, 2011. <http://static.arstechnica.com/03-23-2011/ca-2.png>. Ars Technica. Diagram 5: Man-In-The-Middle Attack. Mar. 24, 2011. Web. Jun. 13, 2011. <http://static.arstechnica.com/security/ca-3-cropped.png>.

Page 16 of 17

CyberNetNews. Photograph 3: Comcast Protestors. n.d. Web. Jun. 5, 2011. <http://cybernetnews.com/wp-content/uploads/2007/10/comcast-throttling-downloads.jpg>. Illustration 1: Customs Symbol. n.d. Web. Jun. 6, 2011. <http://www.moveoneinc.com/blog/wp-content/uploads/2009/12/customs.jpg>. Opte Project. Illustration 2: Internet Map. Jan. 7, 2007. Web. Jun. 5, 2011. <http://upload.wikimedia.org/wikipedia/commons/d/d2/Internet_map_1024.jpg>. The Guardian. Map 6: Internet Censorship World Map. Jul 1, 2009. Web. Jun. 5, 2011. <http://static.guim.co.uk/sys-images/Guardian/Pix/pictures /2009/7/1/1246446743162/internet_censor_map.png>. The New York Times. Diagram 7: Creating a Stealth Internet. Jun. 12, 2011. Web. Jun. 13, 2011. <http://graphics8.nytimes.com/images/2011/06/12/world/12internet_graphic2 /12internet_graphic2-popup.jpg>.

Network Neutrality and Internet Security

Page 17 of 17

Page Intentionally Left Blank