cancel
Showing results for 
Search instead for 
Did you mean: 

Should your ISP monitor your connection?

Should your ISP monitor your connection?

Should your ISP monitor your connection?

One topic that is sure to get an emotive reaction is the idea of authorities spying on you. Likewise many people might feel uncomfortable about ISPs monitoring customers' broadband lines. But there is an increasing call for ISPs to track and monitor more and more. We use Deep Packet Inspection (DPI) to identify what applications our customers are using on their connection. But we don't do this to spy on people or report back to anyone on what our customers are looking at. Likewise we don't, and can't, use our traffic management system to track copyright material. DPI allows us to make sure that time sensitive applications get priority on our network. But we're considering when there might be a good reason to monitor what websites customers are visiting and track in more detail what is happening on our customers' broadband lines. There are two distinct areas of debate emerging where there might be good reason for ISPs to take more detailed look at customer usage. Safer surfing for children Firstly online safety for children. The Byron review was commissioned by the government last year and published at the end of March. It examines the effects on children of violence and sexual images in video games and on the internet. It made a number of recommendations, one of which has particular relevance for ISPs:

"[There should be] better information for parents on how to block children accessing some websites. Byron has been struck that the technology exists to impose timers and filters, but there has been little take-up, knowledge or development of the technology"

In the wake of this there were a number of calls for ISPs in particular to take responsibility for preventing kids seeing nasty stuff online. We disagree with this and Neil Laycock, our CEO wrote to the Financial Times saying so. We believe responsibility lies primarily with parents for making sure their children are safe online. Information and education are of course key. Dr Byron summarised things from a child's viewpoint:

"Kids don’t need protection we need guidance. If you protect us you are making us weaker we don’t go through all the trial and error necessary to learn what we need to survive on our own…don’t fight our battles for us just give us assistance when we need it."

As an ISP information and education is something we can and do help with. But we're also now looking at what tools we could also provide parents with to assist them in their role. This could include parental control software on PCs combined with network-based tools to monitor and/or block certain types of content. Blocking the bots The second area where ISPs are being called on to take action is to block zombie networks or botnets. Bob Pullen has written a very interesting piece about Kraken, the biggest zombie network found so far. ISPs could also play a role here, in automatically detecting and blocking suspicious traffic. But port-blocking or traffic blocking is not a simple subject. Some of our customers have lots of legitimate reasons why they want certain ports open. And who decides what is suspicious? Even the experts can't decide on this. An article on the BBC last week where hackers warn about potential attacks on high-street brands highlighted the different views on ISPs' responsibilities.

"I think it's unacceptable that ISPs are content to let their customers be part of bot-nets." Angus Pinkerton, of Lynks Security Consulting

Contrasting his opinion:

"I don't think the ISPs should have any role in security" Roberto Preatoni, founder of the cyber crime monitoring site, Zone-H, and WabSabiLabi

So what? We really like the idea of giving our customers the tools where they can keep themselves safe online, be that protection from bots, trojans, viruses or spam, or unwanted content or indeed unwanted contact. We already monitor out-going email volumes for business customers and look for unusual patterns that might indicate a compromised network being used to send spam emails. We contact half a dozen customers a week where we think they might have a problem and those customers are always very grateful for the call, even if we've got it wrong. In our plans for 2008/09 post we've stated our intention to develop online safety and security tools for customers. These are likely to be a combination of network-based monitoring and customer equipment based services. Evolving our network management tools to be able to spot unusual patterns is something we're working on - much like when your credit card company calls you to check it's really you using your credit card in a particular store if they think it doesn't fit with your normal buying habits. But are we over-stepping the line here? Do you want us to look out for nasties on your behalf or would you rather we left you alone? Our product team would love to know what you think, to help us develop the right safety and security tools that would really help you.

0 Thanks
13 Comments
1844 Views
13 Comments
Jack912
Newbie
I totally agree with the fact that parents at the end of the day, are responsible for what there children visit. ISP's cannot be made accountable if a child surfs on something nasty when there wasn’t a parent present. You already participate in the IWF scheme so you’re doing your bit, the rest is up to the parents. There’s allsorts of software packages out there to also keep kids safe if need be. In terms of botnets i think it would be very hard and costly to implement systems to identify strange patterns of traffic that could potentially be Botnet/Zombie networks when other types of traffic could have similar patterns but be legitimate. As a customer i believe at the end of the day its up to us what we want on our connection, Plusnet provide all sorts of tools to keep you safe inc a built in firewall etc and its your choice if you want them or not. If ever you decided you wanted to monitor connections, such as businesses with their critical traffic then make it an Opt in process. I can see from a business perspective if a client got turned into a zombie machine it would cause major problems, or even started to get spammed with multiple DDOS attacks which is slowing down their networks. If you spotted things like that and contacted them to help im sure they would be grateful. In terms of residential connections such a system isn’t needed, we have sophisticated security packages to keep us safe online today and we should have the choice what we want on our connection not the authorities. The last thing we need is our internet turned into a dictatorship and loose the freedom of what we want to do, we don’t want or need big brother.
Ralph1
Not applicable
Parents are uneducated when it comes to their children's safety on the Internet. I used rather draconian Norton nanny software for my daughter and kept a log of sites she was visiting which I reviewed. It sometimes caused conflicts but at least she couldn't get onto those suicide websites (or drugs, or self-harming etc). Tragically it seems I am in a tiny minority in restricting Internet access, so if PlusNet can offer a setting to protect its users then I for one would vote for it like a shot. How it would work for one user but not another [in the same household] is a bit of a problem though.
beano
Grafter
I didn't realise you actually check the data section of the packets being sent and frankly that's a little worrying. You can tell us that "we don’t do this to spy on people or report back to anyone", and I'm inclined to believe you but the potential is still there. I don't know if I'm the only one but I just want a connection; one that's fast and reliable and good value. These added extras sound potentially quite expensive and are of little interest to me. "port-blocking or traffic blocking is not a simple subject. Some of our customers have lots of legitimate reasons why they want certain ports open." Some kind of self-service area in the member centre to unblock anything you decide to block? I haven't given it a lot of thought but my initial impression is this, coupled with notifying users about what you're blocking, should be sufficient.
Rob4
Not applicable
opendns.com offers a free way to control what websites are allowed or blocked with minimal config changes to your pc. It is the sort of service that your ISP doesn't force onto you but can be very useful. I can see why ISPs would want to monitor the traffic types on their network - and it is good that Plusnet is so open what they do.
And I thought I was being paranoid by using encryption on any P2P activity I do! If you want to "monitor" my traffic without my permission then I believe that this is illegal (as BT/Phorm have belatedly discovered). How would you know if you monitoring my connection to save a child from something horrible or blocking me from a site I wished to visit (I have more than one PC in the house). Have BT been pressuring PN into heading down the Phorm route? I don't ever recall opting-in to this deep packet inspection. I just want an ISP that delivers data. No fancy unwanted services please.
Mark1
Not applicable
Axis. DPI is what allows us to ensure that time sensitive traffic is not impeded by apps such as P2P and Usenet and is how our traffic management works. Our approach is not to look at what you are downloading, frankly thats not our business, but to ensure that the correct protocols are given the proper priority on our network. We are under pressure from no quarter to go down the Phorm route and this is certainly not on our road map. For more info on our Traffic management see this link
LordFox
Rising Star
I always find it strange when monitoring data is talked about. If the police, or even the Security Services, wanted to do this, they would require a warrant and would need to give grounds why they suspect criminal activity to be going on requiring the data monitoring. Why then is it so simple for an ISP, Phorm or whoever to just 'do it'? No offense meant to PN, BTW. I just think that the only people who should be allowed to monitor my (or anyone's) data without express permission is the government in the course of legitimate criminal/national security issues. Not an ISP, or Google etc. Personally, I'm in the 'I don't want everything I do being watched' camp. Did you guess? I don't care what info the NSA gives MI5 from Echelon about my 'phone calls and bot searches. They might find some of my scientific research 'interesting', but not much more than that. However I really object to anyone else being allowed to peruse my browsing habits. I accept that there are some levels of monitoring needed to ensure the efficient running of the network etc. These should be made clearly available to people so they know what is being watched and why. Any more than that, should be an 'opt-in' service, again with clear and contractual information as to exactly what is monitored and what is done with the data.. If I don't opt-in, I don't get monitored. Simple as that. Just my thoughts...
I'm well aware that you prioritize traffic according to the type of traffic - and I don't think anyone would have any issues with that. But I wasn't aware that "We use Deep Packet Inspection (DPI) to identify what applications our customers are using on their connection." That sounds very intrusive (and quite unnecessary).
Jack912
Newbie
No axis its necessary in terms of it ensures that all services run smoothly and a small majority of users downloading files dont effect other customers for example. Without the packet inspection, Plusnets systems wouldnt be able to identify what each protocol is and prioritise them accordingly. All the Ellacoya sytem is doing is seeing what protocols are being used by the customer and reflecting what the service offer (tariff) has signed up to whilst at the same time doing it to the other thousands of customers. It then ensures everyone gets a fair share of service to what they paid for. Without it the gateways would just fill up most likely to the point where packet loss starts to occur and then everyone within that gateway is effected.
Sorry to be so persistent:- But the phrase “We use Deep Packet Inspection (DPI) to identify what applications our customers are using on their connection.” makes no mention about protocols - I read it as PN tries to discover which *applications* I run - which is something completely different. Is this bad phrasing or is it something else? It's obviously desirable that time-critical applications should get higher priority than FTP, P2P, etc.
Neil_A1
Not applicable
Hi Axis - it's protocols we're looking for i.e. email, VoIP, gaming, VPN, FTP, P2P etc. I guess you can choose whatever phrasing suits. Email for me is the application - SMTP, IMAP, POP3 would be the protocols that make up that application. We can't for example tell if you're using Firefox or IE, if that's what you mean by application?
zen
Newbie
Hi For those interested, take a look at ( arstechnica.com post 120080512 regarding deep packet inspection and the links from the piece. All systems can lead to function creep, whereby what was a fairly neutral piece of technology or system can take us down all sorts of avenues, just look at I/D cards. I believe ISPs should provide a system that is as hands off as possible and if more bandwidth is required to stop traffic shaping then they should be honest with the customer and we should pay for it. Regards.
Steve2
Not applicable
I found many isp in east EU spy me.