Packet inspection - Shifting the paradigm of fundamental rights

Abstract

In recent years deep packet inspection (DPI) has often been cited as a major factor in the debate concerning net neutrality. Packet inspection (PI) enables a profound analysis of the contents of IP-packets, especially with respect to the application layer and private data. To protect against this sort of privacy invading attack users are usually advised to encrypt as much of their data as possible in an online transaction. However, current PI-engines not only use plain text analysis but also employ a variety of statistical methods. This in turn allows the analysis and classification of packets even if encryption or obfuscation methods have been applied. It is possible to monitor and shape packet flows in real time and on a large scale. These PI-engines are deeply embedded in the current network infrastructure due to the requirements of lawful interception. This brings about a huge potential for misuse, because the engine's operation is not 'visible' to the end-user. © 2012 IFIP International Federation for Information Processing.