본문 바로가기

CURRENT ISSUE

KT, 가입자상대 패킷 감청의혹 - 패킷 감청 관련 문답 : 폼사의 위험성

https://nodpi.org/faq/

What is NoDPI?

NoDPI is a grass roots campaign of netizens opposed to the illegal use of Deep Packet Inspection equipment by Internet Service Providers. We’re volunteers. We have members from the Americas, Asia, Australasia, but primarily the UK.

Our members include privacy campaigners, technologists, network engineers, and ordinary net users.

What is Deep Packet Inspection?

Deep Packet Inspection refers to the use of network equipment to intercept and modify, examine, restrict, or copy the content of data communications.

With ever increasing computer performance, it has now become possible to process communications ‘on the fly’.

Why are you concerned?

DPI equipment can compromise the privacy, security, and integrity of telecommunications. It can be used to undermine network neutrality. And it can be used for censorship.

Used for legitimate warranted surveillance, it can be a vital tool in crime detection.

However, when used for commercial surveillance, it can be used to violate private communication. Internet users can be profiled using the entirety of their communications, and then presented targeted advertising and content. In effect this amounts to mass personal surveillance, industrial espionage, high volume copyright theft, and trademark infringement.

When used for ‘network management’, DPI can be used to unfairly prioritise communication traffic. This automates anti-competitive bias in the operation of the network. DPI can be used to favour a particular service or service provider. For example, many telecos will prioritise their own IPTV service, but cap users who would otherwise prefer alternative third party providers. Or it can also be used to obstruct legitimate use of peer to peer protocols. This undermines the principle of network neutrality.

DPI can also be used for censorship. For example, in the UK, mobile broadband connections are filtered to restrict content (which is perfectly legal) but deemed ‘unsuitable for children’. Similarly, Australia has attempted to implement a regime of filtering. Censorship of this nature can be used to suppress information about war, crime, sex, sexual orientation, religion, health, and controversial politics (all of which might be considered unsuitable topics for childrens eyes). Yet this censorship is operating on an ‘opt out’ basis, and the list of sites that are ‘prohibited’ is unpublished.

The key issue is trust: communication services that are free from illegal monitoring, hidden restrictions, and secret censorship.

Is DPI operating in my country?

We are aware of covert trials of DPI marketing systems that have taken place in the USA, UK and Korea.

Many ISPs presently operate DPI throttling/capping policies, typically those with flat rate access particularly those that offer their own IPTV (such as Virgin Media and BT in the UK).

Communication censorship is being practised in the UK, Australia, China, and Saudi Arabia.

Who is doing this?

Of the marketing systems using DPI surveillance, Phorm and Nebuad are perhaps most well known. Others include KindSight, Experian Hitwise, FrontPorch, Adzilla.

In the UK, BT, VirginMedia, and TalkTalk are Phorm partners. In Korea, Korea Telecom are Phorm partners.

In the UK censorship is being applied by mobile broadband companies like O2, T-Mobile, Virgin Mobile, Orange, Vodafone. In Australia internet service providers like Telstra, iiNet, and Internode are compelled to censor.

Isn’t DPI Surveillance by Telecom Companies Illegal?

The Foundation for Information Policy Research have published a couple of legal opinion documents which address the legality of commercial surveillance in the UK.

In their first legal analysis they state that the use of DPI for marketing violates section 1 of the Regulation of Investigatory Powers Act 2000, section 1 of the Fraud Act 2006, unlawful processing of sensitive personal data contrary to the Data Protection Act 1998, and civil wrongs.

In a second report, they state the view that use of private communication traffic will infringe the Copyright, Designs and Patents Act 1988.

Other applicable legislation includes the Computer Misuse Act 1990, Privacy and Electronic Communications (EC Directive) Regulations 2003, Trademark Act 1994.

And the European Convention on Human Rights, Article 8.

Yet despite all of this legislation, no UK regulator has yet acted.

Why so much focus on Phorm?

Phorm is the most high profile, and perhaps the most controversial example of DPI surveillance for marketing.

Phorm was trialled in the UK by BT Internet in 2006, 2007, and 2008. The trials were conducted without the knowledge or consent of tens of thousands of BT internet users, or the web sites that they communicated with. We commenced a private prosecution against BT Internet in October 2008.

Phorm previously traded as 121Media. During this time, they used desktop spyware to monitor users. Their software, ContextPlus/Apropos/PeopleonPage, was categorised by respected anti-virus companies like Symantec as ‘high risk spyware’ and rookits.

Where can I find more information about Phorm?

A good starting place for introductory information about Phorm is DoNotTrustWebwise.org or the InphormationDesk.org.

We have a sister site, badphorm.co.uk.

For a legal viewpoint try IsWebwiseLegal.co.uk.

And for video, audio, and other multimedia resources try Dephormation’s multimedia page.

You might also wish to read Sir Tim Berners Lee’s notes here.

What about Googe/Yahoo/DoubleClick, aren’t they bad too?

NoDPI is primarily concerned with protecting the privacy/security/integrity of telecommunications from Deep Packet Inspection systems.

Google, Yahoo, and DoubleClick don’t use Deep Packet Inspection equipment to obtain data.

That’s not to suggest we endorse what they do, but we don’t consider them in the scope of our campaign.

I want to help, but what can I do?

Write letters, and lots of them. Experience tells us writing emails isn’t very productive. If you need help writing your first letter to an MP, try the Dephormation letter wizard.

Please contribute funds, we need funding to get volunteers to conferences and protests, and print promotional information.

Join in… we’re all volunteers so every pair of hands helps.

Above all, please, spread the word about DPI. Governments, media organisations, and internet service providers are not keen to shine a light on this topic.

Word of mouth is a vital communication channel.

Are you opposed to advertising?

No.

Advertising is a vital and popular source of funding for some web sites.

However, we believe using DPI to support marketing systems is an obscene personal intrusion, and a threat to the privacy/security/integrity of all communications.

(Bear in mind, like any other business, advertising professionals require privacy/security/data integrity when they communicate with customers and suppliers).