Analyzing Net Monitoring/Filtering: Canada, Iran, China

In this post I will focus on the ongoing debates regarding Deep Packet Inspections in Canada. I will also point out its extreme use in countries such as Iran and China.


A recent debate in Canada revolves around Internet Service Providers (ISPs) use of Deep Packet Inspections (DPI) technology. DPI provides a mechanism for scanning the content of every message sent over the Internet. DPI can go as deep as deep reading the message content, or it can be shallow, scanning only message headers. It is similar to the third party who opens and reads a letter sent by mail before the envelope reaches its destination.

Currently Canadian Radio-television Telecommunication Commission (CRTC) is holding hearings in Gatineau, Quebec, to examine whether the way ISPs, such as Bell and Rogers, manage and manipulate traffic on the Internet is consistent with the Telecommunication Act. One common strategy used by ISPs is DPI throttling. By scanning messages ISPs can identify the types of messages that is sent over the net and prioritize them. This allows the ISPs to block or significantly slow down certain message transmission. For instance, Bell use of DPI throttling technique is notable in case of peer-2-peer networking software such as bit-torrent.

The opponents of DPI technology criticize it because it fails to provide net neutrality, a principal that states every message sent over the Internet should be treated equally and with no interference from the ISPs. For them, it seems, DPI does not comply with the Telecommunication Act since, by reading the content of every message sent, DPI intrudes on personal privacy. (S. 7(i) of the act defines as its objective the protection of the privacy of persons)
Other arguments against the current practices are: (See also here and here for more detailed discussions):

  • The anti competitive nature of current practices: smaller ISPs who buy bandwidth from Bell and resell it are forced to follow Bell’s policy regarding DPI throttling, for instance.
  • ISPs should not act as gatekeepers to what people download
  • The discriminatory nature of current practices against downloading of certain types of data
  • Current practices dissuade investment, thereby reducing consumer choice
  • They hinder freedom of expression

One issue that concerns me, is the combination of DPI technology with the recently introduced legislative package called the Investigative Powers for 21st Century, which forces ISPs to disclose subscriber information, including transmission data, to the police. If the ISPs are to be equipped with DPI and the legislative package is enacted, then how much intrusion are we looking at? True that the government said the package does not allow access to content of a private communication without judicial order, but with ISPs equipped with DPI that information would be readily available.

However, according to Sandvine CEO, a company that provides ISPs with traffic controlling mechanisms like DPIs,  “the idea of net neutrality will be laughable in few years”. For him Internet monitoring is a necessity. He calls for more competition to better regulate Internet traffic. “If Johnny comes home and he’s scoring better on Halo at Bobby’s house because Bobby has a different ISP, and that’s the reason, Johnny is going to say, “Daddy, can we switch to Roggers? or whatever”. When asked how deep is deep for DPIs, he said it goes as deep as it needs to, “if we limit how deep we are going, the malicious writer will go one byte deeper”.


The Iranian disputed presidential election aftermath highlights the power of the Iranian government in terms of limiting access to online content. According to The Wall Street Journal Journal (WSJ), the Iranian regime has “one of the world’s most sophisticated mechanisms” for restricting Internet use. Estimates from the press-freedom group Reporters Without Borders indicates that in the past few years the government has blocked approximately 5 million websites, including news sites, file sharing sites like Youtube, and social networking sites like facebook.

Furthermore, as WSJ reports, the Iranian government is equipped with Deep Packet Inspection (DPI) tools, which further allows for restricting communications. Since many web-based messages contain sensitive private information, for instance people’s name or their location, the government uses this tool to track down protestors.

It is true that the government cannot completely monitor the Internet, as there are tools like Psiphon that allow people to bypass filters, however, as reported, Internet access has significantly dropped in Iran, after the election.

The censorship in Iran started as a mean to stop viewing pornography, however, it seems that its role has evolved to monitoring and filtering political contents. For a private citizen government activities violate freedom of speech and are intrusive. However, if the online activities are regarded anti-Islamic and western propaganda then arguably the government is able to justify its action under the Iranian constitution (English version). Article 25 of the constitution forbids eavesdropping and censorship, unless prescribed by law. The preamble defines the mass media as “a forum for healthy encounter of different ideas which should strictly refrain from diffusion and propagation of destructive and anti-Islamic practices”.


Another frontier with respect to monitoring and filtering online content is China. According to BBC, reports from Xinjiang suggest some Internet and mobile phone services have been blocked during the ethnic clashes. However, Analysts are optimistic that dedicated Internet users will find a way to bypass the government’s so-called Great Firewall of China, which it uses to block unwanted Internet material. The Great Firewall of China is, too, equipped with DPIs. However, according to the WSJ, unlike Iran, the use of DPIs is decentralized and is at the level of Internet Service Providers (ISPs), which requires the cooperation of all the ISPs for the Great Firewall to reach its full capabilities.

In addition to the Great Firewall, China is planning to require PC makers to preinstall Green Dam Youth Escort software, which filters pornography. However, experts warn that the software is capable of restricting some online political contents. Although, enforcing the requirement has been delayed, the Chinese Minister has indicated that the delay is only temporary.