Last month, a Brazilian court order mandated the 72 hour shutdown of popular mobile messaging application, WhatsApp, leaving its roughly 100 million users in Brazil unable to communicate with family and friends abroad. In response to WhatsApp’s refusal to turn over chat records related to an ongoing drug investigation, claiming these records were not accessible following the app’s newly implemented end-to-end encryption capabilities, the court saw no solution other than shutting down the app.
Enter network intelligence; this situation could have been easily avoided if Brazilian operators had the ability to effectively filter app traffic. In fact, granular application visibility could have made it entirely possible for WhatsApp to precisely block individual subscribers even though traffic is encrypted, providing the court with the information they needed and without disrupting the quality of experience (QoE) for millions of mobile users.
Deep Packet Inspection (DPI) allows mobile operators to monitor, filter, and granularly analyze app traffic, enabling communication service providers (CSPs) to improve network performance and drive business profitability. As mobile data use continues to grow, more and more operators are turning to network intelligence to enhance subscribers’ broadband experience while relieving network congestion.
Some commentators have made the claim that encryption makes DPI irrelevant – well, quite the opposite. A few years ago, as websites and mobile apps made moves to encrypt their content and user data, this encryption challenge only triggered advances in classification techniques, creating an opportunity for network intelligence platforms to not only maintain their capabilities in an encrypted world, but to optimize the customer experience that their subscribers demand and expect.
Network intelligence provides CSPs with a bird’s eye view of their network for optimized policy management, traffic monitoring, analytics and more, providing operators with access to information and data that were previously unavailable or scattered among multiple systems. And while many – Brazilian operators not excluded – are under the impression that adapting the technology to encryption means breaking that encryption, this is not the case. Indicators such as packet size, delays between packets, heuristic patterns and more can serve as a barometer in the traffic, allowing operators to map it back to an application or service.
These advances in classification have enabled vendors to evolve the technology without jeopardizing user security or privacy. WhatsApp serves as a prime example of encrypted apps that demand continuous monitoring in order to maintain high precision identification. Had the Brazilian court had network intelligence on its side, the shutdown could have been easily avoided, allowing them to secure the information needed for the investigation without interrupting the digital lives of WhatsApp users.
[su_box title=”About Maya Canetti” style=”noise” box_color=”#336588″][short_info id=’70971′ desc=”true” all=”false”][/su_box]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.