Ronny Lam


ISP Content Inspection

Yesterday in the SNR Podcast we talked about Facebook scanning for malicious activity in their chats. They are doing that mostly automatic by robots which are scanning for keywords that could lead to child pornography, criminal activities or other suspicious content. Let me be clear on this one: I think this is completely wrong. Although Facebook says that the algorithm is built in such a way that false positives are minimal, which could argue that this scanning is a good thing, it is still wrong. Why? Because the algorithm has to be built with rules that have to filter suspicious content. Child pornography looks like a clear case, but Facebook is also determining that an older guy is chatting with a young girl and that the content is sexual. And if you still think that is clear, I ask you what suspicious content is?

Google’s robots are scanning my mail. The funny thing is that because I am a paying Google apps user I can turn it off, but I leave it on because Google uses the scanning to target my ads. Not to turn me in to law enforcement. For me that is a big difference.

I think we all agree that Child Pornography is utterly wrong. Exchanging images and videos is wrong. Sometimes people seem to forget that in order to produce that content children have been abused. And if we keep exchanging, and worse paying for, that content we keep the producers of fresh content alive.

In order to filter that hash databases have been created where a checksum of abusive content is stored. In that way files van easily be scanned and verified through this database for abusive content.

It has been said in our podcast, and also in comments afterwards, that ISP’s are performing scanning of Internet traffic in order to find this content. This is until today, at least in the Netherlands, not true. A pilot has been started by Dutch law enforcement to scan certain hosting providers for content they host. If abusive content has been found, the file is removed and the IP-address of the owner of the file will be stored for investigative usage.

There have been numeral discussions about (Deep Packet Inspection) scanning by ISP’s, especially after 9/11, but this has not yet been rolled out large scale. Pro-active scanning of all user content going through ISP’s would be to much. Instead it is done on a per user basis in the form of tapping by Law Order. DPI has been used to do certain application filtering within ISP’s and Telecom providers but this has proven to be wrong and not compliant with Net Neutrality, which has recently been accepted in Europe.

To conclude: In my opinion pro-active content inspection, by real-time Deep Packet Inspection, is wrong. This is not the way to go, we are not living in China. And I also think that we are not doing this, at least not in our country. A case can be build for pro-active scanning of hosting providers for child porn by doing checksum comparison, but nothing more than that. Other suspicious content must be dealt with reactive, after complaints and law order. The same goes for tapping.