Content-Aware DPI. Nirvana or dead end?

(This article is imported verbatim from my old blog and originally dates back to December 2008. )

I’ve been seeing some buzz in the industry regarding content-aware DPI solutions. While I think it’s a bit of an oxymoron — show me DPI that isn’t content aware and does any sort of meaningful recognition — it’s really a fancy name for P2P content awareness in this case.

The general idea is that providers will use this to differentiate between freely distributable and non-freely distributable material over P2P. This is interesting in several ways.

To set the stage — DPI boxes are pretty capable nowadays and relatively cheap — maybe not in euros, but on a cost-per-subscriber basis. So it’s quite possible to do fairly advanced (and in some cases, invasive) stuff if you want to munge the data. If you combine a box seeing all the traffic for a given provider with an external service that traverses P2P networks, you can piece together quite an accurate image of what data the subscribers are hauling. If you care about this for whatever reason, do not just assume that encryption is the holy grail for avoiding it.

Who would like this?

From a provider point of view, it’d be possible to treat the ‘illegal’ traffic differently — shaping, prioritizing, blocking or sending it down a different/cheaper network path. If this is a good thing or a bad thing is entirely up to the observer. In terms of euros and cents, P2P accounts for 75% of the total traffic transferred in some european markets. The majority of that would be movies. Make a dent in this and you can postpone network investments for a while. In a world where hardware gets cheaper and cheaper down the line, postponing an investment for a year can mean a lot of money saved. There’s also possible bandwidth savings on top of this.

From a governmental point of view, this is technology that somewhat reliably allows for stopping copyright infringement. It’s also cheap enough so that providers can be mandated to implement it (I’m sure providers would see this differently for obvious reasons)

From the copyright sensitive and lawyer-happy trade group point of view, this is nirvana. Paint yourselves as victims, ask the government to protect this important GNP-improving revenue stream. “It’s not only the right thing to do, it’s also the reasonable thing, right?”

What would it lead to?

Better legal music and video services is one thing. If we see something like RIAA-friendly-P2P filters implemented, it will mean that JaneRegularUser will have trouble using her torrent/gnutella client to fetch music and movies and either will have to update to a newer version (which might not be available right off the bat) or use something else. We’re seeing an emergence of services that fill this ‘something else’ gap. Judging by Spotify usage statistics, there’s already quite a few people who are using that and it’s a steadily increasing number. I’d estimate roughly 1.5% of the Swedish internet users, compared to 0.3% six weeks ago.

There might be a rise in Darknet activity — but darknet limitations in terms of latency and outright virtual hooliganism (to mess the network up) — won’t make this attractive to JaneUser — especially not compared to the legal means of sourcing the material.

P2P clients will adapt. There’s quite a few ways to screw DPI gear (most of which I haven’t seen in the wild yet) and we’ll be seeing more of that. There’ll be a spot of an arms race, but the end result will probably result in P2P looking quite different from what we’re used to — from a networking perspective, at least. I’m quite sure that P2P would still be identifiable as P2P — identifying the content in transit, however, might not be doable.

Options?

Simple. Don’t go down that path. As mentioned, we’re seeing legal means of distributing music (Spotify, others) and video (Hulu, iPlayer, many more) gaining popularity as is. P2P is largely a convenience thing for the majority of users and as the legal means of distribution gets more convenient than the P2P, well.. you do the math.

From a governmental perspective, we have a small but fairly deep-pocketed number of trade groups who really would love stricter control over what’s being transferred over the Internet. Most of their problems stem from their reluctance to get on with the times. Sure, consumers are breaking laws, but seeing that pretty damn large swathes of the population does it and that they seem quite keen on going for a legal option where one exists makes it more of a non-issue. Less regulation is a good thing in this case, methinks.