Thursday, June 25, 2009
More questions about WSJ claims of Iran DPI
The Wall Street Journal's dubious story about Iran's use of Deep Packet Inspection (DPI) for spying, censorship and disinformation appears in a highly charged atmosphere. The US Republican right wing wants the US to talk tougher to Iran, to bomb-bomb-bomb, invade, or commit "regime change."
More questions than mine [my original post here] have surfaced about the WSJ's story from a graduate student in Australia and from Wired's Threat Level Blog. Meanwhile, Free Press, the major driving force behind the Net Neutrality movement, seems to have swallowed the WSJ story hook, line and sinker accepted the major claims of the story.
Cui bono, these claims about Iran's use of DPI? Suppose the Right could co-opt US techno-leftists with claims about issues they care about, such as Net Neutrality and Internet spying, would it not further their Iran agenda? I'm not saying they ARE doing that, but suppose they were, would not the WSJ be a convenient channel for doing so?
Christopher Parsons, a doctoral student at the University of Victoria, wrote to Lauren Weinstein, who posted to Dave Farber's IP list,
Zettner also blogs Consumers Boycott Nokia, Siemens for Selling to Iran. This article is completely, totally unsourced, and seems to be the only primary information on this supposed boycott. If anybody knows anybody who is organizing this boycott, or participating in it, or a Web site for it, or any other free-standing evidence that does not originate with Zettner's story, please leave a comment or let me know!
Josh Silver, Executive Director of Free Press, an organization whose general aims I strongly support, has fallen for the dubious WSJ story. In an interview on Democracy Now, Silver says,
Just before the Iran election hit the fan, Free Press released a report on the use of DPI that outlines many REAL DANGERS that DPI poses, and the bulk of Silver's interview turns on these dangers. To Silver's credit, he does state that the WSJ story on Iran "has not been completely proven." But it is too bad that Free Press can't make their points about the dangers of Internet monitoring from higher, more solid ground.
Reminder: I'm not saying that Iran isn't using DPI. I'm not saying there's no Nokia-Siemens boycott. I am saying that I'm waiting for solid evidence. Got evidence? Please let me know.
More questions than mine [my original post here] have surfaced about the WSJ's story from a graduate student in Australia and from Wired's Threat Level Blog. Meanwhile, Free Press, the major driving force behind the Net Neutrality movement, seems to have swallowed the WSJ story hook, line and sinker accepted the major claims of the story.
Cui bono, these claims about Iran's use of DPI? Suppose the Right could co-opt US techno-leftists with claims about issues they care about, such as Net Neutrality and Internet spying, would it not further their Iran agenda? I'm not saying they ARE doing that, but suppose they were, would not the WSJ be a convenient channel for doing so?
Christopher Parsons, a doctoral student at the University of Victoria, wrote to Lauren Weinstein, who posted to Dave Farber's IP list,
I have some serious doubts that the WSJ is accurate in their depiction ofIf you follow the link above, Parsons writes, in part,
DPI. I'm doing my doctoral studies on DPI as it relates to privacy, and
neither I nor the network engineers that I have communicated with (who are
using DPI appliances) are aware of ANY DPI appliance that is actually
capable of doing what the WSJ is claiming is going on. I've written about
this, informally, here.
. . . Iran is either using DPI in incredibly complex and sophisticated ways that push the technology to its limits, or the WSJ is blowing smoke.
. . . DPI could, potentially, in an ideal world do what the WSJ is suggesting, but networking environments where admins are trying to regulate gigabytes of traffic each second are hardly these ideal environments for mass surveillance and content regulation using DPI appliances. Hopefully the pressure gets Nokia-Siemens or other network manufacturer to fess up about what they sold, but I’m not holding my breath.Whereas my doubts are largely about the article's primary source, Parsons also casts doubt on one of two named secondary sources, Bradley Anstis, director of technical strategy with Marshal8e6, when he says,
I truly wonder just how accurate the story from the WSJ is on the technical capabilities of the DPI devices that are deployed, and am also incredibly interested to know what the tests are to see if DPI is being used. I’m not saying that such tests don’t exist, but I’m not certain what, exactly, you’d be looking for. A network engineer would have a better grasp, but I haven’t found any product that Marshal8e6 offers that would give them particular insight into this. Now, if we were talking about spam or phishing I wouldn’t doubt their competencies. I also have to note that the data Marshal8e6 fed to the WSJ isn’t available on their website anywhere that I could find it.Threat Level Blog's Kim Zetter, in reporting on the WSJ story, says,
Although the Journal has published questionable “spying” stories in the past, we’re willing to go with them on this one.Zetter fails to say WHY Threat Level is "willing to go with them on this one."
Zettner also blogs Consumers Boycott Nokia, Siemens for Selling to Iran. This article is completely, totally unsourced, and seems to be the only primary information on this supposed boycott. If anybody knows anybody who is organizing this boycott, or participating in it, or a Web site for it, or any other free-standing evidence that does not originate with Zettner's story, please leave a comment or let me know!
Josh Silver, Executive Director of Free Press, an organization whose general aims I strongly support, has fallen for the dubious WSJ story. In an interview on Democracy Now, Silver says,
[The WSJ story has] been disputed by the European company, but the validity of the report seems solid.Silver fails to say why the validity of the report seems solid. He fails to note that not only did "the European Company" (Nokia-Siemens) dispute the report, but also the primary source for the story, Ben Roome, a Nokia-Siemens spokesman, denies that he said what is attributed to him.
Just before the Iran election hit the fan, Free Press released a report on the use of DPI that outlines many REAL DANGERS that DPI poses, and the bulk of Silver's interview turns on these dangers. To Silver's credit, he does state that the WSJ story on Iran "has not been completely proven." But it is too bad that Free Press can't make their points about the dangers of Internet monitoring from higher, more solid ground.
Reminder: I'm not saying that Iran isn't using DPI. I'm not saying there's no Nokia-Siemens boycott. I am saying that I'm waiting for solid evidence. Got evidence? Please let me know.
Technorati Tags: Censorship, DeepPacketInspection, FreePress, Iran, IranElection, NetworkManagement, NetworkNeutrality, Press, Wiretap, WSJ
Comments:
Hi David,
I consult with Free Press and others, but I haven't discussed these comments with them. My comments are mine alone.
My take on the WSJ article was that they were using the rather odd traffic speed variations that took place a few days after the election as a clue that traffic was being slowed by, or slowed for the purposes of, monitoring.
DPI equipment can be inlined or it can sit out-of-path. For government purposes, you want this DPI capability inlined because you don't want any traffic to escape without being captured. The caution with using inlined equipment is that if you put in too many analysis rules (things to look for and log), the processing power required actually becomes a performance bottleneck and the traffic slows. This slowing was noted. I think that what we saw is consistent with a government trying to use its monitor and intercept capability (which we also have here in the USA) to see what was going across the net.
That's not to say that other factors may also explain that slow-down that was observed -- such as net congestion or even an artificially imposed slow-down that wasn't using government monitoring.
I have no idea if the editorial policies of WSJ or the investigative or story-telling practices of that reporter are sufficient to guard against raising concern where concern is not warranted. If the story ultimately is inaccurate, fine, but it is plausible that overreaching net snooping would cause the performance problems that were observed.
I am concerned that DPI is the wiretapping technology for the Internet and currently operates in the USA without any of the precautions we apply to our telephone wiretapping capabilities. As scanning web-sites for twice-removed Iran stories would quickly result in poor results, the next natural place for Iran to look to isolate who was sending what communications would be the outgoing packets themselves. For that they would use DPI.
Robb Topolski
I consult with Free Press and others, but I haven't discussed these comments with them. My comments are mine alone.
My take on the WSJ article was that they were using the rather odd traffic speed variations that took place a few days after the election as a clue that traffic was being slowed by, or slowed for the purposes of, monitoring.
DPI equipment can be inlined or it can sit out-of-path. For government purposes, you want this DPI capability inlined because you don't want any traffic to escape without being captured. The caution with using inlined equipment is that if you put in too many analysis rules (things to look for and log), the processing power required actually becomes a performance bottleneck and the traffic slows. This slowing was noted. I think that what we saw is consistent with a government trying to use its monitor and intercept capability (which we also have here in the USA) to see what was going across the net.
That's not to say that other factors may also explain that slow-down that was observed -- such as net congestion or even an artificially imposed slow-down that wasn't using government monitoring.
I have no idea if the editorial policies of WSJ or the investigative or story-telling practices of that reporter are sufficient to guard against raising concern where concern is not warranted. If the story ultimately is inaccurate, fine, but it is plausible that overreaching net snooping would cause the performance problems that were observed.
I am concerned that DPI is the wiretapping technology for the Internet and currently operates in the USA without any of the precautions we apply to our telephone wiretapping capabilities. As scanning web-sites for twice-removed Iran stories would quickly result in poor results, the next natural place for Iran to look to isolate who was sending what communications would be the outgoing packets themselves. For that they would use DPI.
Robb Topolski
David,
Worked for municipal govt. with DPI in-place in 2000. Do not doubt it's in-use in many org. & govt. There's too much profit to be made by device makers playing on environment.
dpacket.org
bivio.net
Worked for municipal govt. with DPI in-place in 2000. Do not doubt it's in-use in many org. & govt. There's too much profit to be made by device makers playing on environment.
dpacket.org
bivio.net
# posted by 
: 6/25/2009 3:04 PM
: 6/25/2009 3:04 PM
My take is that the WSJ is technically ignorant and doesn't know the difference between GSM and the Internet. "Lawful intercept" is an element of all GSM networks as per the ETSI standards, and every GSM net in the world has some such feature. Including the ones built by Motorola, Nortel, and pre-ALU Lucent.
Post a Comment
