When The Wall Street Journal reporter Margaret Coker visited the Libyan government’s surveillance centre in Tripoli, she saw that the authorities had been monitoring everything: the internet, mobile phones, satellite phone and internet connections. Some files included emails and online conversations between Gaddafi’s opponents.
Notices on the walls revealed that the company which had installed the equipment was Amesys, a subsidiary of French firm Bull.
It was later reported that France’s military intelligence directorate had been solicited to help train Libya’s internal spies.
In Syria, US equipment helps Bashar al-Assad’s regime censor the internet, and retrieve logins and passwords to access people’s emails or Facebook and Twitter pages. This tool is particularly useful for tracking the communications of opponents with internal or foreign connections.
The technology is innocuously named “deep packet inspection” (DPI). When someone sends an email, a series of servers relays it to its destination. DPI technology allows people to read the content of internet traffic, modify it, and even send it to someone else.
US press agency Bloomberg recently reported that another French company, Qosmos, had provided DPI technology to a consortium equipping Syria to the same standard as Gaddafi’s Libya. DPI is also at the heart of China’s firewall, which allows the government to censor internet traffic and spy on its citizens.
The recent Wikileaks publication of numerous internal documents from these companies shows that monitoring communication networks is “a secret new industry spanning 25 countries.
DPI entered the spotlight in May 2006 when Mark Klein, a former technician with US internet provider AT&T, leaked the fact that the company had installed DPI technology at the heart of the county’s internet network, in cooperation with the US National Security Agency. The technology was provided by internet surveillance company Narus (slogan “See Clearly, Act Swiftly”).
The flow of information over the internet includes the web, emails, synchronous exchanges (instant messaging) and asynchronous exchanges (blogs, discussion forums), phone conversations, video, raw data, etc. Most of this communication is not encrypted, so it is easy for both the casual hacker and state security services to monitor it.
Some private companies are also seeing a financial advantage in this technology. Telecoms operators such as Free, SFR and Orange have started to complain that large amounts of information are being conveyed on their networks without the producer paying. Internet service providers (ISPs) are not happy about paying to transmit YouTube videos, which they are obliged to provide to their subscribers. So they came up with the idea of charging a supplement to the information’s producer or its final user, or slowing down some traffic in favour of others. But to do that they have to be able to measure precisely what is passing through their networks.
Mobile phone operators have tried to limit their infrastructure costs by restricting their customers’ access to the internet. So they prohibit smart phone users from peer-to-peer file sharing, or using vocal or video communication like Skype.
Here too, DPI allows them to monitor and manage the traffic, and allocate higher bandwidths to certain services, such as those they provide. This contradicts the notion of “network neutrality”, whereby service providers are meant to convey all requested information without discrimination.
When DPI is applied to web browsing, it can record every move a person makes online. Orange recently launched Orange Shots, which uses DPI technology to analyse the websites a subscriber uses. That could make ISPs as profitable as Facebook and Google, as long as these programmes attracted subscribers; it would be enough to claim that the data was anonymous to make it a perfectly marketable product.
The curious reader could check the Data Privacy page on the website of GFK, an international market research group and Qosmos shareholder. While it casually mentions web “cookies”, it fails to explain that it also tracks visitors to websites using a DPI technology which is supposedly anonymous because GFK alone knows the formula. GFK is present in more than 150 countries.
DPI is also attracting intellectual property rights and copyright holders who are trying to fight “illegal” file sharing on peer-to-peer networks (BitTorrent), or sites for uploading and downloading files directly, like Megaupload.