The Internet

The article 5 of law Creation and Internet of June 12th, 2009 envisages that Hadopi assesses  experimentation driven in the field of technologies of recognition of contents and of filtration  . Last Friday, Jean Berbinau, member of Hadopi, invited us to look at the experience of Australia in filtration of networks. There, tests, accomplished last year, on the basis of the voluntary service, by nine Internet providers, were performed on group of various technologies: DPI, DNS, URL by proxy and crosses.

During a conference in Montreal, in April, 2008, Jean Berbinau supported: Why is it possible to leak out? Because for a long time the speed of networks did not advance, what favours those who try to make filtration, notably thanks to the technique of Deep Packet Inspection which consists in noticing the packets of information on the bandwidth and allows to know almost all that they want to know: Who sent the packet? Who accepted it? What is the application corresponding to the contents of the packet? And what there is indoors?

It is therefore possible that filtration by DPI based on the centralisation of traffic at the level of a point of network where traffic is surveyed at the level of URL, or more in depth (harbour, application, key words, etc.) or one of the technologies which the High Authority is going to want to see applied for, as described him the head of state,  to clean up automatically networks and servers of all sources of piracy  .

 Skill is had to construct Maginot lines. It is possible to go on even for a long time  pointed to us out, recently, on this definite subject, Yves Le Mou l, managing director of the French Federation of Telecommunications (who notably regroups Bouygues, Telecommunications France, Num ricable and SFR). And Philippe Duluc, president of the committee Security of FFT, to reassert us their opposition to implement such system. Also, we are plunged back into the Environmental impact assessment of the blockage of sites pedopornographiques (Pdf), accomplished by the Federation, as part of Loppsi, to extract from it elements relating to filtration by DPI.

Summary:

Definition

DPI (for Deep Packet Inspection or Examination in depth packets), is a technology of examination of packets which examines the contents of a packet IP (at the same time is stubborn him and data) when he crosses a particular point of network. The examination of packets aims at searching information according to criteria predefined with the intention of sorting for mailing them towards another destination or collecting statistical information. DPI indicates the technology of blockage and by extension the server which operates on this function in network.

Principle of functioning

Technologies of blockage of contents by DPI consist in analysing the contents of packets IP by forcing their passage by a server DPI. According to criteria of blockage, DPI allows or forbids the transit of packets towards their address destination.

General principle is based on the blockage of packets IP according to a list of criteria defined by FAI. These criteria can be several natures: URL, number of harbour, signature of application The packets which meet the requirements of blockage suffer a particular treatment, for example a routeing different besides from traffic or pure and simple blockage without notification.

Criteria are compiled and sorted out by categories before being loaded in a software of blockage which can be configur in order to block only some categories. When the users try to achieve a Web page, software proves its list of prohibited sites and blocks the access to any page which is there.

Adopted at origin in not very democratic countries to control sitting Internet traffics, DPI can be used to make the examination of URL in the context of blockage of sites p dopornographiques. In the context of lawful blockage of contents p dopornographiques, approaches him by examination of URL calling in DPI proves to be expensive and inappropriate.

Principle of functioning of blockage by examination of contents Marpij source

Technical implementation and effects of edge

The technology of blockage by examination of URL acts at the level of an unique point of network which concentrates all traffic and that refuses the access to prohibited contents. It imposes therefore for the operator to route all its traffic to a point unique front to sort for mailing it towards its destination, what creates a neck of strangling and limits strongly the fluidity of traffic.

To remedy it, an operator can support his unchanged network architecture but will have to dispose at the level of every exit of network a server DPI to analyse all entrants and sitting fluxes. This second solution proves to be very expensive, not very stretchy (Scalable) and badly adapted to opened networks as networks of French FAI are it.

Although seemingly efficient, this technology remains contournable and especially requires disproportional investments in comparison with the benefit of effectiveness which she can bring in a frame of blockage of sites p dopornographiques. The single operator in seven countries of our sample set a blockage up by examination of URL, that he is migrating to a hybrid solution.

The techniques of bypass

- The use of sites Mirrors
- The change of IP more frequent than the bet of the bad book of IP.
- The use of proxy https
- Anonymisants ciphered networks, networks of type TOR

Cost: 140 million euro for three years

In the hypothesis of a list not exceeding 2000 entries and of an uniform adoption of the same technology of blockage by main FAI (3 FAI fixed mobile, 1 FAI basic salary-cable, 1 fixed FAI - DSL), the complete direct cost for the sector over 3 years is of about 140 million euro.

The models of costs do not take into account the financial impacts of the effects of edge . Foreign experiments show that these effects are unavoidable. Financial consequences can be significant if blockage concerns sites with strong traffic.

These consequences must therefore be anticipated by authorities. Compensation could be asked by:
- on one hand FAI, in case of deterioration notably of service quality for the final clients, of saturation of the centres of call (several hundred of k an hour in case of erroneous blockage), or of impairment of the brand image of FAI translated by an increase of terminations
- and on the other hand the editors of blocked sites, with the led loss of turnover and impact on the picture of the editor

Maj: This description answers some shapes of networks, as that of Telecommunications France currently. It is still in another way, and much more complex, for an architecture such there as that implemented by Free or SFR. They will come back there.