What Your Wireless Carrier Knows About You

Deep Packet Inspection

Illustration: Jeffrey Pelo

Deep Packet Inspection (DPI) software lets the operator identify the Websites that users are visiting and the Web services that they’re using. The software--or “middleware,” as it’s called--captures a few packets of data flowing to or from a device on the network, and then quickly analyzes the details of the content contained in the packet. This content, called the “payload,” could be anything from inbound or outbound Skype videoconferencing data to an OnLive cloud gaming session to a Facebook update.

The carrier can use DPI intelligence to confirm delivery of a guaranteed quality-of-service level for a specific app, such as corporate-level videoconferencing. In this case the software identifies the packets coming from the app, and monitors the amount of time during a given interval that the network cannot convey all of the packets at the promised speed. If there is too much of this “down time,” the operator may compensate the customer in some predetermined way.

DPI intelligence can also help the carrier identify revenue opportunities in a given market. Dave Caputo, CEO of network intelligence software maker Sandvine, gives the example of an operator in Latin America that used DPI data to discover that many of its subscribers were spending a lot of time on Facebook; in fact, they were using it more than they used YouTube (by bandwidth). The operator also learned that the subscribers were willing to pay for a higher-priced data plan if the service could guarantee them unlimited use of the Facebook service every month.

Caputo says that this situation is a win-win for the operator and the subscriber: The operator makes more money per subscriber, while the subscriber enjoys the certainty of not incurring overage charges. Alcatel-Lucent’s McDonald likens such a plan to a phone company plan that provides for unlimited night or weekend minutes.

On the dark side, carriers may use DPI software for "lawful interception"--that is, to capture data for law enforcement from the data streams of "persons of interest." Darker still, critics have cited DPI as a tool that operators may use to detect and then then inhibit or block certain kinds of content--a violation of the principals of network neutrality.

Large Trends, Not Single Users

Clearly wireless operators can look pretty deeply into their networks and into the devices connected to them. But Andrew McDonald, Alcatel-Lucent’s vice president of network and service management product unit, stresses that wireless carriers are far more interested in the habits of large groups of users than in those of single users. “Carriers need to understand the traffic load on all parts of the network now and in the future,” he says. “They are looking to see if something is changing in a bad way; they are looking for trends.”

Specifically, operators are concerned about correcting or preventing bandwidth shortfalls and about forecasting the amount of bandwidth that various parts of the network will need in the future, McDonald explains. McDonald says that mobile operators are not so much using network intelligence data to optimize networks around today’s usage patterns as using it to predict large shifts in bandwidth usage habits over time.

He gives the example of what mobile carriers used to call “the busy hour.” This was a high-usage time of day when people were heading home from downtown to the suburbs. It was a time of heavy traffic and also a time when users were passing from one cell to the next as they traveled homeward.

But usage patterns changed, and the so-called busy hour became much less pronounced as people began using their smartphones and apps throughout the workday, and from lots of different locations--including at home, where more and more people now spend their workdays.


Sandvine’s Caputo and Alcatel-Lucent’s McDonald agree that wireless carriers are acutely aware of the fact that too much information (TMI) can be a problem when it comes to detecting activity in the network. Carriers know that a subscriber may deem their monitoring of a single device and its browsing habits as an invasion of privacy. They also realize that you can’t learn much about usage demand by watching just one user.

Of course, there are exceptions to the rule. For billing or security reasons, carriers may associate the device with its owner through something called “IP to subscriber mapping.” This involves mapping the IP address of a device to the subscriber account that it’s registered under. Doing so can be necessary if, for instance, a connected device becomes infected with a virus and begins to abuse network resources so heavily that it begins to compromise other users' network performance. In that case, network engineers may detect the device running the bad app and either suspend or limit its access to the network until the device is fixed or the offending app terminated.

The operator can easily detect such problems at the level of a device, but isolating problems at the app level is a little more difficult, though still possible, McDonald says. He adds that carriers have detected apps from every major mobile OS that have abused network resources, and says that wireless carriers have been very active in minimizing the adverse effects of these flare-ups.

For comprehensive coverage of the Android ecosystem, visit Greenbot.com.

Subscribe to the Best of PCWorld Newsletter