Hi Fred.
An interesting topic. As mentioned by Kelly, I have been asking some probing questions today, which hopefully will address your concerns, never mind increasing my education.
In the Ellacoya rules we have virtually every application you could think of covered.
Some by port, some by IP address, ie source IP,such as game servers, and some by traffic signature, such as FTP, Bittorrent, IRC, VOIP and some games.
Whilst the Ellacoya picks this up and identifies what the traffic is, it then uses that identification against your account type to ensure the correct priority is applied to your traffic.
It reads the signature as a hex string which could look something like this 123456789876543
For sip it looks for the sip realm.
We use the Ellacoya E30 for traffic management. It only looks at the header of the packet, it doesnt look at the payload. This means that whilst we can identify the traffic we have no idea what it contains, nor do we want to know. Any router routing your traffic will read that header because its reading the destination and source of the traffic. An example of this would be if you are downloading something, every router along the path needs to read that packet to know where to send it to. We make one change to the tcp header which is part of the TCP/IP specification. The differentiated services field Link is widely used within QoS rules which can be applied to any router at wan or lan level.
The crux of this issue is "the man in the middle" interception of the traffic.
This does not happen. The only data feed we get is the total usage per category, ie what you see in VMBU. We do not see the payload nor do we obtain any information about our customers activities and there is certainly no man in the middle. The E30's are on our network, under our control and no-one outside of PlusNet has access to the data feed.
I hope that alleviates your concerns. QoS rules have been around for a long time as have differentiated services. Many of your home routers will use the same facilities where QoS rules or routing is applied. Ours simply do it on a grander scale and more efficiently.

Mark,
Thanks for your reply. It is good, at last, to have some facts rather than the assertions and guesswork that plagued this thread early on. On 4 April, I asked how do the Ellacoyas work. I pointed out that the Ellacoya site is bland, to the extent of containing no information. I asked if someone could write a short guide.
James_H, a forum moderator, and not a PlusNet employee, tried to cover some of the background on 5 April, and pointed out an interesting Ars Technica article. All four parts of that article make some quite interesting reading about the technical possibilities of these machines, none of it reassuring. It also led on to a Deep Packet Inspection White Paper which again made "interesting" reading.
After that, there has been little further factual input from the PlusNet side, and the whole thing went quiet on 7 April apart from a couple of posts by myself to bump the topic up a bit. And clearly PlusNet were content to see the topic die unresolved. Given the great "Phuss about Phorm", PlusNet's silence only adds to my disquiet.
On 15 May suddenly PlusNet wanted to say something. I am glad that someone in PlusNet Towers reads the comments on articles in The Register, such as [http://www.theregister.co.uk/2008/05/14/bell_canada_throttling_and_privacy/], and that facts are now forthcoming. But as Kelly said: it is "down to whether he trusts our responses on it". That was probably said after having read my ticket on the topic which included a CSC Analyst telling me that "I'm sorry but we cannot discuss the legality of this in any way."
Why should I not trust the information yet?

• Initial refusal to (or at least failure to) discuss


• PlusNet's owners (BT) being proven liars on a very similar topic (Phorm trials)


• Ars Technica spelling out the technical capability of the kit


• Claims that the kit is overspecified (level 7 DPI) wrt the use to which it is said to be put

Add to that a general distrust of the surveillance society that the UK has indeed sleepwalked into, with such excitement as

• Forthcoming mandatory record keeping of all emails and web visits


• The increasingly politicised actions of enforcement bodies


• "Voluntary" checks of all (port 80 at present) activity against the IWF Block List, to which PlusNet may or may not have access, depending on which reply one reads

On that last point, I agree with the actions over kiddie porn, except that it abuses the 404 message, and should instead say "access denied" or something similar. And given the secrecy surrounding the method of generation of the list, I do not trust the government to insert other sites for banning in a few years time. Without public scrutiny, it has the potential to match the Great Firewall of China. Function creep is not unknown, eg the DNA database. The IWF is a government creature. By doing it "voluntarily" the ISPs saved the government from having to force the issue with legislation, and thereby they make any challenge regarding function creep less likely to succeed.
Against this background, simple bland assurances at the depth of "I am an ISP, trust me" won't do. Your note about the traffic signature just being a hex string could be the whole story, or it could be as disingenuous as the claim that automated fingerprint machines do not store fingerprint images. That is in fact the case, but what they do store is the minutiae that are used to check against the recorded print on file.
My initial worry was that the Ellacoya starts from the premise that the port number, or other packet header descriptor is a lie, and it must have some further proof that the traffic is what it purports to be, so that it can be correctly regulated or discarded. Then reading that Ellacoya machines are CALEA compliant really started the alarm bells ringing.
In the past, we could trust information on postcards, because the postman was probably too busy to read many of them, and anyway how many people did he know who would be interested in what he had read. These days of course, the techniques of electronic communication make it feasible to undertake 100% surveillance, and certain parties consider that a desirable outcome. The same techniques make it possible to store such interceptions permanently, and current observations make that seem a likely outcome. Data storage is coming down in price stupidly quickly (a 1TB hard drive now costs half of what I paid for my first 2GB drive). Data mining techniques ensure that information can be retrieved whenever those in power want to.
Plenty (but not all) of these matters are outside PlusNet's control. But it would help my trust if the organisation did not appear to want to keep hidden those matters that are under their control. Please can you or someone post an article telling what the Ellacoyas do, how they do it, what interception capability exists, a little bit on why the Ellacoyas are necessary, and any other information that could support the PlusNet claim that they deserve to be trusted in this matter.

Hi fred.
The Everything Internet forum is not monitored as much by us as the Community Support board. This one, like many others is generally where the community discuss issues with little involvment from us, hence the lack of reply.
We have absolutely nothing to hide with regard the E30's. We have been talking about them since we introduced them in 2004.

Quote

Please can you or someone post an article telling what the Ellacoyas do, how they do it, what interception capability exists, a little bit on why the Ellacoyas are necessary, and any other information that could support the PlusNet claim that they deserve to be trusted in this matter.

I thought that's what I had done on Friday tbh. What more do you need? As to why they are necessary, can I point you to the following articles on our portal.
http://www.plus.net/support/broadband/quality_broadband/index.shtml?supporta=qualitybroadband
and in particular this article http://www.plus.net/support/broadband/quality_broadband/roadmap.shtml
I will reiterate that whilst there are a number of Ellacoya systems, we use the E30's which do as I have outlined in my last post.
If, having read the articles linked, you have further remaining questions, I'll be happy to seek any further clarification you need. I will point out that we pride ourselves on our open and honest approach and our ability to engage and discuss issues publically with our customers in open forums. We will not stop doing this and we will maintain our openness about intelligent traffic management. We are good at what we do in this field and have absolutely no alterior motives. I am conscious that a number of tin foil hats have appeared since the emergence of the Phorm debate, and some would say with just cause. We have made our position clear on this and have no intention of saying one thing and doing another through the back door.
I will reiterate once again. We utilise differentiated serices on the Ellacoyas which is level 3 inspection or at worst level 4 and thats it. We do not examine the payload nor do we want to. I dont think I can be much more definative tbh.
However, as suggested, have a read at the links and let me know if you have further queries.
Thanks.