I was abroad this week when Brazilian court has ordered mobile operators in the country to block WhatsApp for 72 hours due to a dispute over access to encrypted data (the decision was reversed and service restored a day later). WhatsApp refused to turn over chat records related to a drug investigation to the courts, claiming these records are not accessible following the newly implemented end-to-end encryption capabilities.
Although there are many alternatives out there I can use for communicating with my family, as a regular “WhatsApper” I felt somewhat disconnected, and even strangely despaired. What I could not understand is why am I being “punished” as obviously it was not my messages that they were after. Working for Allot, I also knew that it is possible to precisely block individual WhatsApp subscribers even though the traffic is encrypted. I therefore assume the issue is that unfortunately not all operators in Brazil have the ability to effectively filter app traffic, even though it is widely available.
Deep Packet Inspection (DPI) allows mobile operators monitor and granularly analyze and filter app traffic. DPI became popular among operators with the increasing growth of mobile data as a mean to relieve network congestion by intelligently adjusting the bandwidth to each subscriber individually. It allows individual applications to be prioritized, leading to improved quality-of-experience (QoE) for every subscriber in the cell.
I recall a few years ago as more websites and apps moved to encrypt their content and user data, some questioned the future of DPI. However, the encryption challenge only triggered advances in classification techniques and allowed DPI platforms to maintain their capabilities in an encrypted world delivering the customer experience subscribers demand. One may think that adapting the technology to encryption means breaking the encryption, but it isn`t. There are still many indicators in the traffic to allow mapping it to an app or service such as packet size, delay between packets, heuristic patterns, etc. Advances in classification actually allowed DPI technology vendors to evolve their technology without jeopardizing user privacy. WhatsApp is a good example to those encrypted apps that change frequently and demand continuous monitoring to maintain high precision identification.
In an attempt to communicate with my family, I was forced to look for alternatives. I could have switched to Telegram for instance, but that would mean everyone I try to contact also had to switch to Telegram. Eventually I decided to look for a VPN tool that will encrypt my communication and will allow me to bypass WhatsApp blocking. As most routers don`t obtain the advanced capabilities to block anonymity or VPN tools it seemed like a good plan. I was thinking, what was it exactly that the Brazilian court was trying to achieve with the WhatsApp block? – If I could easily bypass the obstacle, it is likely to assume that the criminals the Brazilian court was aiming to block must have done the same, so the only ones left disconnected are the innocent 100 million Brazilians. On the other hand, there seems to be a much easier and more effective option: Network Intelligence can come to the rescue.