Study: Deep Packet Inspection and Internet Censorship

Download PDF

Deep Packet Inspection and Internet Censorship: International
Convergence on an ‘Integrated Technology of Control’[1] *


The academic debate on deep packet inspection (DPI) centres on methods of network management and copyright protection and is directly linked to a wider debate on freedom of speech on the Internet. The debate is deeply rooted in an Anglo-Saxon perspective of the Internet and is frequently depicted as a titanic struggle for the right to fundamentally free and unfettered access to the Internet.2

This debate is to a great extent defined by commercial interests. These interests whether of copyright owners, Internet service providers, application developers or consumers, are all essentially economic. All of these groups have little commercial interest in restricting free speech as such. However some might well be prepared to accept a certain amount of ‘collateral damage’ to internet free speech in exchange for higher revenues.
It can be argued that more transparent and open practices from network service providers are needed regarding filtering policy and the technology used. Nevertheless these practises are unlikely to fundamentally endanger free speech. Within the international system however, there are a large number of actors who have a considerable interest in limiting free speech, most obviously states.

As this paper will argue, the link between deep packet inspection and internet censorship is of far greater concern for freedom of speech than its use in traffic shaping or preventing copyright infringement. At the present time many of the states censoring the internet are already known to use deep packet filtering.3

A further question that arises in this context is whether state actors which censor the internet are following the lead of non-state actors and modifying content within the data stream rather than just blocking it. As DPI opens the door for far more subtle censorship methods, it could lead to a move from filtering internet content to editing it.

This paper will start by providing a short overview of DPI and it’s technical capabilities, before discussing the motivations of state and non-state actors using DPI. A short sample of various actors using DPI for censorship purposes will be provided and various scenarios related to censorship which are enabled by DPI will be introduced. Finally, some preliminary conclusions will be drawn and technical and institutional responses to dpi will be sketched.

A short overview of deep packet inspection (DPI)

Deep packet inspection technology has been used in various forms since the late 1990s. Its initial development was closely linked to the security industry and early versions of DPI found their way into firewalls and other security software during this time.4

The rise of denial of service (DoS) attacks at the beginning of the 21st century further contributed to the rollout of DPI technology, as it was seen as an effective form of defence against this and other forms of attack.5 Advances both in processing power6 and in DPI technology allowed for the advent of security products including very advanced features such as “application intelligence.”7

Generally speaking, DPI focuses on analyzing all the content of data packets passing through the network, the headers and the data protocol structures (as opposed to the prior “Shallow Packet Inspection” that would only analyze the packet header) and compares this content against rules or signatures (for example, virus signatures).8

What Security Focus described as the “Firewall Evolution” in 2003 has quickly come to signify that a large number of security products and firewalls now incorporate DPI technology.9 The use of DPI solutions has become so widespread that it is now used by many major global internet service providers. Furthermore, the use of DPI technology has become pervasive across the Internet, with most users frequently completely unaware of its existence.10

Before discussing the implications of the widespread use of DPI, a detailed description of the technical capabilities of DPI will be provided.

Please Continue Reading Complete Report here (pdf), link to it and help disseminate this important information.

Table of contents

  1. Introduction
  2. A short overview of deep packet inspection (DPI)
  3. Technical capabilities of DPI technology
  4. Reasons for using DPI technology
  5. Actors currently using DPI for censorship
  6. Scenarios enabled by DPI technology
  7. Preliminary Conclusions
  8. References


[*] A first draft of this paper was presented at the 3rd Annual Giganet Symposium in December 2008 in Hyderabad, India. For their advice and support preparing this paper I would like to thank: Ralf Bendrath, Claus Wimmer, Geert Lovink, Manuel Kripp, Hermann Thoene, Paul Sterzel, David Herzog, Rainer Hülsse, Wolfgang Fänderl and Stefan Scholz.

[1] (Bendrath 2009)
[2] (Frieden 2008, 633-676; Goodin 2008; Lehr et al. 2007; Mueller 2007, 18; Zittrain 2008)
[3] For further examples see page 6
[4] (Theta Networks Inc 2008; Top Layer Networks 2008)
[5] (Houle and Weaver 2001, 21; Top Layer Networks 2008)
[6] (Cox 2008)
[7] (Leyden 2003)
[8] (Theta Networks Inc 2008)
[9] (Dubrawsky 2003-07-29)
[10] (Anderson 2008; Kassner 2008)


Join the conversation

Authors, please log in »


  • All comments are reviewed by a moderator. Do not submit your comment more than once or it may be identified as spam.
  • Please treat others with respect. Comments containing hate speech, obscenity, and personal attacks will not be approved.