Does Ukraine need control over Internet traffic?

By summer of 2014, all Russian Internet providers will have to install the specialized programs to record and store Internet traffic within their networks for a period of not less than 12 hours. All this information will be available to intelligence agencies.

The relevant draft order of the Ministry of Communications and Mass Media of the Russian Federation was agreed on by Federal Security Service of Russia and the Ministry of Justice. Currently, the order is pending registration. It is expected to enter into force before the end of 2013. Thus, the intelligence agencies will obtain direct access to telephone numbers, IP- addresses, logins and e-mail addresses of users of social networks.

In December last year, at the World Telecommunication Standardization Assembly (WTSA -12) of the International Telecommunication Union ( ITU), its member countries, including Russia and Ukraine, supported the implementation of the recommendation Y.2770 on using Deep Packet Inspection (DPI) technology by Internet operators. The main DPI’s function is to examine the Internet traffic. Having installed such a computer network packet filtering, an Internet provider obtains a possibility to filter information, which does not meet the specified criteria. Furthermore, with this technology the intelligence may monitor network activity of specific users and block their access to specific web resources.

ForUm asks the experts whether Ukraine needs to monitor Internet traffic, and whether DPI technology is dangerous for ordinary users:

Dmytro Dubov, deputy chief of the information society and media strategies research department of the National Institute for Strategic Studies under the President of Ukraine:

- I do not think something will be fundamentally changed for the worse after introduction of the DPI standard. In general, it simply formalizes and makes officially the already applied technologies. ITU has just openly stated the thing, previously implemented by some providers. Now search queries and e-mails of users can be checked more deeply. Using any electronic communication systems, we must be aware that they can be viewed any time. For example, France has a law on three warnings and the service, which is officially in charge of monitoring those who download pirated products.

- DPI standard will change nothing. Internet won’t stop working. Some tell different horror stories, scaring of Russia's position to close the Internet. In fact, these protocols provide for several specific technical things concerning the interaction between the operators, traffic exchange and so on. That’s it. I do not believe that someone can take control over the Internet. And those streams of information that are now being collected and analyzed, to put it mildly, for research purposes, are domain of Americans.

- DPI is the content filter. Standard itself is just the standard, which use is not mandatory. It did not become mandatory after WTSA-12 had ratified it - it just was made the preferred means of ensuring "security". On the other hand, the Articles 5A and 5B in the ITU Regulations are another step to turning this standard into a must. 

- Today, the contradictions have sharpened between two parties - the countries standing for strict state control over the Internet and the countries defending liberal and democratic values of the Internet. There should be clear and transparent decisions and agreements that are made on behalf of the Ukrainian people by representatives of the Ukrainian government at the international forums. Ukraine was one of the four countries of the Council of Europe, which voted for the introduction of state control over the global network. Now the issue is solved whether these decisions should be ratified. I hope this will not happen.

- Internet providers have long performed DPI analysis, users just do not know about it. Deep Packet Inspection (DPI) is used by those providers, which have a lot of money and which need that. DPI is an analogue of the great Chinese firewall. If desired, our government can legally force providers to filter the traffic. But then the Internet will rise in price, as providers will have to buy a lot of expensive equipments, which need to be compensated for someone else's expense. Theoretically, it may be explained that the DPI is used to fight crime, child pornography or piracy. But it's a double edged sword. After all, you can simply sell access to advertising companies, which will know what you are going to buy tomorrow, using traffic analysis.

- DPI system is not dangerous for ordinary users. It enables telecommunications operator to plan its actions by itself, nothing more. It is a professional tool for telecommunications operators. They do not engage in censorship and viewing the transferred messages.

- What's wrong with adopting DPI? The thing, have long been used in networks, is now approved as the standard. Generally, the ITU standards are not binding and have the status of recommendations. Of course, it’s easier to pass appropriate technical regulation within the country, if there is a recommendation of the ITU. The main question here directly concerns the concept of a "network neutrality". All protocols and, as a consequence, megabytes should have the same value. But that will result in collapse for telecommunications companies, providing telephony services. In that case, they would lose $ 1.6 trillion per year, if people communicated only via Skype or Viber.

Oleksandr Korneyko, deputy chairman of the State Service for Special Communication and Information Protection of Ukraine:

- Administration of the State Service for Special Communication and Information Protection of Ukraine does not intend to initiate implementation of this particular ITU recommendation in Ukraine at the legislative level. DPI standardization in support of services/applications implies the ability to identify specific properties of the application (for example, MP4Video Player), not verifying user’s data (for example, content of the video, viewed by user). In addition, the recommendation for DPI introduction does not apply to private user information and does not preclude the use of measures of ensuring confidentiality of international correspondence.

- Deep Packet Inspection has long been possible. However, the main issue is that this possibility should be clearly regulated by law in each country. Some countries have already done that. DPI issue for Ukraine is not very important as this question is not legally regulated, and while we are talking only about the ability of law enforcement agencies to use such information. However, to solve the question of Internet traffic control, it must be discussed openly. The problem of managing a global network must be addressed at the global level. The current model has a lot of drawbacks. All that should be discussed openly. Internet is a very delicate issue as it is a matter of freedom of speech, and any attempt to regulate it may affect this ability.

– Why do we need DPI? First, the number of available mechanisms is insufficient. Second, Internet can’t be censored effectively without DPI. Third, to make money on equipment. Now intelligence services can only wiretap the Internet traffic. State security services need DPI as an element of censorship, and as means of spying. Surveillance will become slightly more efficient, using DPI. Far more efficient will be blocking of objectionable websites or entire services. Without DPI technology, they can only be blocked through the IP- addresses, and that is practically ineffective. What does the introduction of this mechanism mean for an average user? He just will not be able to surf websites, where he can read the unwanted information. Introduction of the Deep Packet Inspection standard is only the ITU recommendation. So, our country can implement it in practice, developing an appropriate legislation, or just ignore it.