Sandvine – Technology like Phorm

Sandvine ( is a company that provides technology for packet inspection of traffic as it passes through the users ISP – some may call it a “man in a middle attack”.

The technology they provide is clearly effective, as some of their reports and screenshots show.They are able to identifyn at the user level what sites, what protocols, and even how many VOIP calls are being made – for example they state:

” How many of your subscribers are using “free” VoIP applications like Skype

  • How many XBox Live subscribers are on your network
  • How much bandwidth each of the peer-to-peer file sharing protocols is consuming
  • Which subscribers are your “top-talkers” consuming the most bandwidth, and at what times of day
  • How much bandwidth email, HTML, news groups and streaming radio/video consumes”

For the VOIP calls that many people regard as annonymous, they can provide the following information:

  • Call Stats
  • Average Call Duration
  • Average Calls per User
  • Number of Calls
  • Calls by Provider
  • Calls by Provider Matrix
  • Number of Minutes
  • Minutes by Provider
  • Minutes by Provider Matrix
  • Connection Stats
  • Connections
  • Users
  • Protocol Distribution
  • Bandwidth by Protocol

Below is a screen shot showing how easily this is reported using their technology:

Screen Shot of VOIP monitoring from Sandvine

Sandvine are not a government agency, and state that this monitoring is to ensure maximum efficiency of broadband. They even have a white paper called “Net neutrality or Wild West?” which may indicate which side of the fence they sit on.

Sandvine argue that:

The current situation in broadband is fast becoming a classic example of what economists call the
“tragedy of the commons”. When too many owners are endowed with the privilege to use a given
resource, the resource is prone to overuse and eventual depletion or destruction.

Sandvine argue that people using YouTube, P2P, or the like are taking up too much bandwidth, so it needs to be monitored and then controlled. However as each individual buys bandwidth at a given limit, be it 512K or 8mb then surely that is the limiting factor and if a user wants to use up all their own bandwidth, so the rest of the people on “their” network (for work or home users), can’t get email or the like – that is their responsibility. If a large corporate wants to block YouTube, or P2P on their internal network to speed up their network for their staff, that sounds very legitimate and is their decision. But should companies such as Sandvine be stating that they should interfere with “your” network, be it at home or a corporation, and decide which protocols you can use? Surely each user is paying for a service, and if the ISP can not provide the 512 you requested then they are at fault not the user?

The argument of “over subscription” is often used. The basic gist of this that a service will have more people sign up for it than use it at the same time. Two obvious examples of this are your local gym and planes:

Your local Fitness First or David Lloyd gym (for the UK readers) probably has around 1,000 members, but only 50 to 100 are there at anyone time. For the business to work it needs more people to sign up than it can handle at anyone time. At peak times, e.g at 5pm, there can be ques for treadmills and the like, and so they may be signs limiting people to 20 minutes or the like, at the time. But in general the system works. Planes have a similar problem, they often over book a flight as they expect some people will always miss a flight. But not always, and hence some people, rarely, get bumped off flights because they have over booked.

Sandvine’s (and presumably ISPs) view is that broadband is same, hence they can monitor, filter and block your traffic as much as they like. To a degree they are right but they are, of course, deliberately misleading.

Firstly the gym and the airplane both have over subscription models, but have widely different numbers of over subscribing, but its is still only a problem rarely. The gym may have 10 or 50 times as many subscribed at any time, but the model works. The plane is likely to have only 1 or 2, but the model works and fails only occasionally – and those bumped off normally get great perks. However ISPs appears to have 1,000s oversubscribing all the time – and their model doesn’t work – so they have to put on restrictions and not just a key hours – but all the time. If they are continually over subscribed, all the time, this must be bad managment. If a plane was always kicking people off flights, or a gym was packed at 7am, then you would fly or train with a different company. Why can’t the ISPs except that they have more subscribers than they allowed for, and the lack of infrastructure is their problem not the users?

Secondly, each user is limited through an “over subscription model” already – in two ways. The first is the users their bandwidth – a user buys a certain amount of bandwidth and then the contention ratio – which is bought through the level of service. For example if a user buys a BT line of 512K with a standard 50:1 ratio they have a limit to how much data they can use. Also, it could be argued that as they are effecting 50 other people then they should be limited on how much P2P they are using. But if you go the the BT Business broadband and get a 4:1 ratio and an 8mb line, does that mean that they will allow whatever data you want, and they will remove all the monitoring? .

What about an SDSL line, with a 1:1 contention ratio, where no other customer is using the same resource, where you are paying for a “first class” ticket – are they going to remove all the technology and monitoring systems that track who, what, and when you visit, call, or email somebody online? As we know this technology does not get switched off when you pay for a better service this means that either the argument is flawed and misleading or the service is flawed and misleading.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: