Broadband

Deep Packet Inspection: What you need to know

All sorts of public and private entities would love to monitor your Internet browsing habits. It's now possible using "Deep Packet Inspection." Michael Kassner will shed some light on the technology involved and possible privacy issues.

Anyone who uses the Internet needs to be aware of Deep Packet Inspection (DPI), its uses, and potential misuses. You may recognize DPI as what ISPs use to conform to CALEA, the U.S. government-ordered Internet wire-tapping directive. If that's not enough, DPI, albeit behind the scenes, allows ISPs to block, shape, and prioritize traffic, which is now fueling the "Net Neutrality" versus traffic priority debate. So, what is DPI and how does it work?

Deep Packet Inspection

DPI is next-generation technology that's capable of inspecting every byte of every packet that passes through the DPI device, that means packet headers, types of applications, and actual packet content. Up until now, this wasn't possible with IDS/IPS systems or stateful firewalls. The difference being, DPI has the ability to inspect traffic at layers 2 through 7, hence the "deep" in DPI. A simple analogy would be that of snail mail. IDS/IPS firewalls would be the mail sorters who just read the letter's address, knowing nothing about the letter's content. Inspecting Internet traffic from layers 2 through 7 would correspond to the person who actually reads the letter and understands the contents.

To recap, DPI allows people controlling the device to know everything, including the payload of each packet in the data stream. For example, if an unencrypted e-mail is scanned, the actual body of the e-mail can be reassembled and read. Nate Anderson wrote an excellent Ars Technica article "Deep Packet Inspection Meets Net Neutrality, CALEA." The following quote appears in that article:

"Deep packet inspection refers to the fact that these boxes don't simply look at the header information as packets pass through them. Rather, they move beyond the IP and TCP header information to look at the payload of the packet. The goal is to identify the applications being used on the network, but some of these devices can go much further; those from a company like Narus, for instance, can look inside all traffic from a specific IP address, pick out the HTTP traffic, then drill even further down to capture only traffic headed to and from Gmail, and can even reassemble e-mails as they are typed out by the user."

Mr. Anderson also explains what happens at layer 7:

"Layer 7 is the application layer, the actual messages sent across the Internet by programs like Firefox or Skype or Azureus. By stripping off the headers, deep packet inspection devices can use the resulting payload to identify the program or service being used. Procera, for instance, claims to detect more than 300 application protocol signatures, including BitTorrent, HTTP, FTP, SMTP, and SSH. Ellacoya reps tell Ars that their boxes can look deeper than the protocol, identifying particular HTTP traffic generated by YouTube and Flickr, for instance. Of course, the identification of these protocols can be used to generate traffic shaping rules or restrictions."

What makes DPI all the more impressive is that the packet analysis happens in real time, with data stream throughput approaching 20-30 Gb. See where I'm going with this? With no loss of throughput, ISPs are able to insert these devices directly in their data streams, forcing all traffic to pass through the devices. Procera, Narus, and Ellacoya are front-runners in development of this technology, having placed equipment throughout the world.

DPI's potential uses

DPI technology is unique in that as of now it's the only way to accomplish certain governmental security directives. DPI also has the potential to do a great deal of good. For example, DDoS attacks are virtually impossible to thwart. Conceivably if DPI were in place and configured correctly it would detect the DDoS packets and filter them out. Some more potential uses are listed below:

  • Network security: DPI's ability to inspect data streams at such a granular level will prevent viruses and spyware from either gaining entrance to a network or leaving it.
  • Network access: DPI creates conditions where network access rules are easy to enforce due to the deep inspection of packets.
  • CALEA compliance: DPI technology augments traffic access points (TAP) technology used initially for governmental surveillance equipment.
  • SLA enforcement: ISPs can use DPI to ensure that their acceptable use policy is enforced. For example, DPI can locate illegal content or abnormal bandwidth usage.
  • QoS: P2P traffic gives ISPs a great deal of trouble. DPI would allow the ISP to instigate traffic control and bandwidth allocation.
  • Tailored service: DPI allows ISPs to create different services plans, which means users would pay for a certain amount of bandwidth and traffic priority. This one is controversial and affects Net Neutrality.
  • DRM enforcement: DPI has the ability to filter traffic to remove copyrighted material. There's immense pressure from the music and movie industries to make ISPs responsible for curtailing illegal distribution of copyrighted material.

The above applications have the potential to give users a better Internet experience. Yet it wouldn't take much mission creep to create major privacy concerns. I would feel remiss if I didn't point them out and help everyone understand the ramifications.

Possible misuses of DPI

DPI is another innovative technology that has ISPs arguing with privacy advocates. ISPs and DPI developers are adamant that the technology is benign and will create a better Internet experience. However, privacy groups have two major concerns: little or no oversight and the potential for losing still more individual privacy. Many experts find the following uses of DPI to be especially troubling:

  • Traffic shaping: Traffic shaping is where certain traffic or entities get priority and a predetermined amount of bandwidth. With the increasing number of bandwidth-hungry applications, ISPs are having to make decisions on whether to increase available bandwidth with infrastructure build out or increase control of the existing bandwidth. Installing a DPI system is usually the choice as it's cheaper and has a more predictable RoI. Albeit cheaper, it's riskier, and I suspect that's why the Net Neutrality debate is going on right now.
  • Behavioral targeting (BT): BT uses DPI technology for the sole purpose of harvesting user information anonymously (supposedly) and selling it to interested parties who use the information to create ads that are targeted to the individual.
Final thoughts

This is a very complex subject, having the potential to change everyone's view of the Internet. An optimist would say that DPI will help enhance the experience, even producing  ads that are relevant to each individual user. Whereas a pessimist would say it's "big brother" technology that only benefits ISPs. I don't think anyone is sure how the Internet will look when the dust settles about DPI, but it should be interesting.

I hope that I was able to increase awareness of how ISPs using a DPI device can intercept, read, and interpret every one of your Internet-destined packets. An ulterior motive for explaining DPI is that in my next article I'd like to discuss behavioral targeting, a very controversial technology that uses DPI. I also want to discuss what, if any, options are available to prevent DPI from scanning your Internet traffic.

-------------------------------------------------------------------------------------------------------------------

Michael Kassner has been involved with wireless communications for 40 plus years, starting with amateur radio (K0PBX) and now as a network field engineer and independent wireless consultant. Current certifications include Cisco ESTQ Field Engineer, CWNA, and CWSP.

About

Information is my field...Writing is my passion...Coupling the two is my mission.

136 comments
bill.tkach
bill.tkach

As much as it might be able to read and decipher normal traffic, it won't be able to do so with encrypted traffic. It might know it's a bit torrent, but it won't be able to tell anything about it because the flow is encrypted. It might know it's an email, but it won't be able to read it because it's encrypted. It might come from www.youtube.com, but how can you tell if it's a navy marines advertisement, or a white-supremacist enlistment video. If everything's encrypted, then it's all just blind data, unless you have the keys... and no hardware can solve encrypted files at real time speeds. I don't get Net Neutrality, on a different tangent. Say I'm Google. I pay 10 billion a year for the network connections I use. From that, tey pay the connections they use. So, now, why, should there be, on top of this, an added fee, so that I can have my data set at a higher priority than everyone else's? I'm paying for this service, why would it change, all the sudden? I pay to send x amount of data, through the system. Even if that data is more, I pay more, generally? Why on top of this would there suddenly be an extra priority tax, that really, should already be included. It looks like a money grab to me, and really has nothing to do with priority. Priority is for "priority traffic", like voice, or video-phone, or banking, or stuff that is fairly small, but requires to get sent fast.

s2_gn
s2_gn

Thanks for your interesting article. Could you please answer my question: Is it possible for my ISP or other governmental agencies to sniff (DPI) and read the contents of my packets,if I use an encrypted VPN connection?

Meesha
Meesha

The only thing clear here after reading all the comments and corollary links is that Democracy is an ideology that has become an oxymoron. The more we "believe" in our government the less we "trust" them. The only other clear thing is that corporations are definitely predictable - their only concern is the "bottom line". In my little thought process, corporations are an entity that should be treated with a greater level of control than we individuals are being forced to. But reality says they're not and DPI is just one of those things that prove the point. For example, when one entity pays out big bucks to capture a stream how does their competitor compete other than pay out bigger bucks. At the end of the day, only deep pockets will be left standing. Another example, if your neighbor pays for premium throughput while still using the same infrastructure they are not just treated to better performance but also access to better and further reaching services. Philosophically, I'm not sure the internet should be controlled at all if equality is to be maintained. It has been a wonderful and scary place for all ages, cultures, races, religions, etc. This is one medium that should not be "socially" experimented with on corporate and government scales. Realistically, it is what it will be and that is a tool for societal control by business and government. The individual is dying faster in this internet age than any other because we can't see the forest for the trees on our privacy.

Tearat
Tearat

How popular is that? http://techrepublic.com.com/5208-6230-0.html?forumID=102&threadID=269896&messageID=2559963 By Michael Kassner Well I haven't done any surveys So I wouldn't want to comment Or speak for others regarding trust It is not my place to tell anyone whom he or she should trust Almost everyone who does, ends up being wrong That is why I offered my opinion I also believe it is foolish to trust any politician or business Would you trust a salesman? If you do, I have a used car you may like It is the job of politicians and business to earn peoples trust That job never ends It is everyone's job to criticize It is their job not someone else's job to defend themselves If they cant handle the criticism they should get out of the business New Zealand law is fun I would recommend that people always consult a lawyer But I am not up-to-date on this branch of the law One of the things to keep in mind is information crossing national borders Freight, shipping, air transport, telephone calls and postage All need to be considered I started listening to the pod cast but ran out of time I have just finished listening to it while I wrote this reply Thanks Michael

graham_j_hall
graham_j_hall

Whats the difference between DPI and a 'Man in the middle' attack? I don't think hackers should be allowed to hide behind a corporate guise. There is a disparity between the leniency and toleration of deliberate and intentional corporate and goverment hacking compared to the bungling efforts of individuals like Gary McKinnon.

PRIMEREBEL
PRIMEREBEL

Encrypting the data makes it so that the body is unreadable but protocol is still visible, otherwise the other end of the conversation wouldn't know what to do with it. So, what about encapsulating the whole thing, header and all, into a packet (or whatever) of another protocol and encrypting the contents of that? Then it would still get to its destination but the type of data within is hidden. Would that work?

Meesha
Meesha

It may see to be a bit dramatic but gosh, there goes the internet neighborhood. In a land that cherishes its freedoms, this is just another nail in its coffin. How soon we forget the days of segregation. The "gated" communities of the 1950/60's where if you were Jewish, Catholic,Irish, Italian, or anything not WASP you were banned from entering except as a laborer. Now the internet is being segregated to establish corporate domain and government domain. The people have no domain. The internet should be free of these types of controls as they are far more insidious than the fascism of the 1930/40's. Democracy demands that you and I are free from this sort of prejudice and our privacy is protected. However, as long as the government and the corporations are bedfellows, Democracy is just a sweet veil of deceit to the gullible and compliant public. DPI is no slippery slope it is the beast.

pgit
pgit

Great article, this stuff is important. I used to teach an A+ course. When covering basic networking I showed how easy it is to grab somebody else's traffic. We'd discuss privacy and security concerns, brainstorming over what horrible things can be done with this kind of network. (to see if they really grasped how it works) I would always conclude with a comment about human nature. I said "If an average shmoo like you and me can imagine it, you can bet the farm somebody is already doing it." They've been "spying" on us for years. They're just coming out of the closet with it now. (the whole telcom thing, for instance) We need to clean the government out and get some real humans in there. I've had it with the lizards. ;-)

stephen.bailey
stephen.bailey

I applied a DPI device to an ISP Network last year. This was put in place to throttle P2P traffic thus giving more bandwidth to HTTP and email etc. P2P traffic costs ISP's millions in bandwidth costs every year, although its not good for the end user downloading P2P, it does benefit the ISP and helps produce P2P or business type packages. Good read though

tinyang73
tinyang73

Can it read encrypted packets? The thought of DPI being used makes me ill.

Michael Kassner
Michael Kassner

I've read many articles that comment about how the great Internet experiment needs to remain free. Vin Cerf is a real proponent of that and I tend to agree.

Michael Kassner
Michael Kassner

It's tough to figure all this out and the speed at which the decisions need to be made today is part of the problem. Did the pod cast make any sense to you? Are your laws similar?

Neon Samurai
Neon Samurai

Deep packet inspection is not hacking. A business is putting an appliance on its own network that inspects both the traffic header and actual contents of the data transfer. Even in the blatantly wrong "hollywood" use of the term Hacking to mean only malicious intent; the company owns the network in the first place and you pay for the privaledge of moving your data over it according to your user agreement. This has nothing to do with Hacking in the correct use of the term or the hollywood curruption of it. Ethically and Legally, it's between you and your service provider.

-Q-240248
-Q-240248

Very common reaction. To those who think they are 'losing freedoms', in fact, the only thing that is happening is that YOU will be held RESPONSIBLE for things you do on the 'Net. DPI does not introduce this at all however; the government is already monitoring the 'net for criminal activities. THANK GOD THEY ARE! Wise up people, as DPI gets faster, it's capable of making you SAFER! This has really nothing to do with monitoring your porn activities or whatever other fears you have...

Michael Kassner
Michael Kassner

Encrypted packets, like those used in SSL or IPsec VPNs or encrypted email are not viewable by DPI.

Meesha
Meesha

in those early days at Rand Corporation when Baran and others began the discussions regarding "mesh" networks ( http://www.rand.org/publications/RM/baran.list.html ) which then became part of the NSF's (National Science Foundation) collaboration for the conceptualization of an "internet" there were numerous discussions and debates regarding the "free" aspects of this new global potential medium. I even recall discussions at computer shows in the 80's in regards to how to regulate, or should it regulate the internet which were conducted/supported by concerned legal organizations, religious groups, parent groups, etc. Note, even then those who would nefariously use the new medium were already doing so vis a vis bulletin boards, Compuserve, usenet, etc. long before WWW. The nature of instant communications (i.e. the telephone) has always been a thorn in the side of those who wish to control or govern. As technology advances their need to "control" increases exponentially and at a cost of individual right to privacy. Throughout the centuries knowledge as power has always divided society. Once access to the printed word and then the electronic word was let loose, those who govern or wish to control feel their grip lessening and therefore are looking for ways to put the genie back in the bottle, hence DPI and the like. I humbly believe that the internet must remain as free as it can possibly be, warts and all. If citizens are concerned then create their own communities, i.e. Second Life, which they can then dictate/adhere to. Let those of us who cherish diversity and freedom to access freely at will the internet.

Tearat
Tearat

But I was tired at the time I will have to have another listen if I get time I am not so interested in the law as it is now The fact that ISP?s can invade the contents of the packages they are paid to deliver Shows the law is not up to the job It is also a very stupid thing to do If they are ignorant of the contents of the packages they have some protection from the law They should be the ones driving law change that requires them to protect the privacy of the packages If they know the contents of the package They can then be held responsible if the contents are illegal or are used to commit an illegal act Here is one situation that will help A person buys two cell phones Then sets up one as a detonator of a bomb They use the other to set off the bomb Should the company who owns the network be punished for the actions of this person? No is the correct answer But what if they knew what the call between the phones was going to do? That is very simple and not very good but it should show the pitfalls of invading privacy I think DPI is a stupid and dangerous thing for ISP?s This is about marketing This sort of thing shows why sales, marketing and advertising should always be under the microscope of the highest level of any business Perhaps they should put the accountants in charge of them Make them accountable for everything They will be too busy documenting everything to screw up

Tearat
Tearat

You assume ownership of the data by the business You would also need to discuss Lease or rental of the circuits involved Also who owns the network when the data is passed over it? More If the business is owner of or knows what is transmitted over their network Can they be held responsible for any illegal actions that result from that information? Including the possession of what may be illegal information

Michael Kassner
Michael Kassner

Like any good discussion or debate, definitions are needed to make sure we're all looking at the same thing. I think I may have misled the members and I apologize. DPI is the same as Man in the Middle attack only if you are considering technique. That's where I live and it's my main concern, so I focus on that. Legality and politically correctness of DPI are up for grabs in my book. I'd love to start a thread on that. Also Neon Samurai makes a good distinction, that I hadn't previously thought about. We need to define business entities. I totally agree with Neon Samurai, if the business owns the equipment, the access, and you work for them, it's their call. Where it gets nebulous and needs to be further defined is when the business is an ISP. Is there a difference? Or is owning the pipe enough to allow them to monitor and regulate subscriber's experiences. I know the language of EULAs and being a responsible business are sources of controversy right now, but I have faith that ISPs and subscribers will find common ground somewhere.

graham_j_hall
graham_j_hall

where I come from 'hacking' includes electronic invasions of privacy (different laws in different countries). Also UK is very clear that you don't have to be malicious at all - It's more about unauthorised access. If I put the external ports of my OWN servers into promiscous mode and start eavesdropping your traffic (assuming we happened to be on the same subnet) how happy would you be? Would it be ok that I saw that chat with the mistress? or your passwords? or the repeat prescription request for your child? Are you really comfortable that I can look at that stuff just as long as I'm not malicious? (It's MY server after all). I'm sorry - you are wrong. It clearly IS an invasion of privacy and a violation of rights, and hence in the UK it is illegal. My point was that the law should be applied with an even hand to individuals and corporations alike. Besides, I pay the post office to deliver my post. Just because it's their vans and sorting machines doesn't mean they don't break the law by 'looking inside' (seperate by very similar laws apply). It's insane to suggest that it would be ok for parcel companies to open packages, look inside, record details, anonymise or pseudonomise that information and sell it on the marketing companies. You said it yourself. I pay my internet service provider to MOVE my data. Ethically it's a gross invasion of privacy. Legally just as soon as I had sufficient evidence I would prosecute. The law is not a matter of personal opinion. The facts get put before the courts and they will decide.

PRIMEREBEL
PRIMEREBEL

Of course, I'm thinking of applying the principle on a broader scale. For instance, building that feature into p2p software so that it automatically encapsulates everything it sends out, disguising it as http or ftp or something to that effect. But then I suppose the software would have to have the decrypting key built in too and that would make it pretty easily discovered. I don't suppose asymmetric keys would make a difference if everyone with the program had the same private and public keys.

pgit
pgit

Ironic you should have a picture of Q there. You're not thinking far enough out into the future. First off, it's a huge mistake to think government has the slightest interest in "protecting" you. I think history nails that fact. But what do you see on Star Trek next gen all the time? "Computer, where's Mr. LaForge?" "Commander LaForge is in holodeck three." Get it? Where are YOU? Your car will be tagged, already is if you have GPS. You will be tagged, you already are if you carry a cell phone. They're putting RFID into licenses and passports. It's all about command and control. And that all-seeing eye atop the pyramid now has the technology to know everything you are doing and saying, where you are, where you've been, where you're going, what you're buying... Tell me how that makes you safe?

Michael Kassner
Michael Kassner

History always seems to bring a certain amount of clarity to any topic, as it did here.

Michael Kassner
Michael Kassner

I've never heard that analogy before, it's very good. Thanks for sharing it.

dankasnitzel
dankasnitzel

One thing Government and big business are great at is slowly incorporating their will upon the population. Pretty much the same way one would prepare lobster. You don't know you've been had until the water reaches a boil!

Michael Kassner
Michael Kassner

Privacy seems to be an issue that has been around since day one. I suspect what's different today is the fact that any ramifications from privacy issues affect concerned parties almost immediately.

Michael Kassner
Michael Kassner

I'm primarily concerned about the content and that can and most likely will be taken care of by all sites moving over to SSL. SSL is not that big of deal anymore and if DPI forces the issue, I'm all for it. The second issue is the profiling being done based on application and not content. That's where it gets more complicated. I have a feeling that P2P is going to morph as the ISPs are targeting it. Actually P2P is the primary reason that ISPs are installing DPI, IPSes as mentioned by Q in another comment, or other solutions that can ferret out application signatures and thus block their traffic.

Tearat
Tearat

Didn?t include emotive subjects like children in your argument The thing that is being overlooked by many You may trust a person or group with your information But can you trust them to protect it? Can you trust their judgment about other persons or groups? Tony your reply was good I just wanted to make it clear to those who have a hard time understanding I don?t know why people insist on using the price of a life verses the price of privacy argument The loss of privacy can mean the loss of life Or the other argument The value of a life is determined by age or some other factor Including a number of lives versus a single life They have never worked But people do keep on trying

TonytheTiger
TonytheTiger

of the greater good, as long as it's not their ox being gored :)

Michael Kassner
Michael Kassner

I was listening to the presidential candidates and they skated all around the issue of privacy versus greater good. It kind of shook me up, as I had though greater good and privacy were one and the same.

TonytheTiger
TonytheTiger

[i]I like to ask people which they trust more, private business or governments?[/i] It is a lot easier to stop dealing with a business that has violated your trust than a government that has.

TonytheTiger
TonytheTiger

Email to mom" "Yes Mom, it's true, I have a hundred million dollar lottery ticket. I'm going to the lottery office tomorrow at 10:00 to turn it in." Government employee who monitored the packet containing message calls friends in low places... "Hey bud, I gotta tip for you. Joe Blow is heading to the lottery office tomorrow at 10 to turn in a winning ticket. Friends wait in parking garage for Joe to show up. Steal his lottery ticket. Lots of bad things could happen when you trust your communications to government employees... Theft, insider trading,release of sensitive information... If I INTEND for something to be private, it should remain so.

-Q-240248
-Q-240248

You call me a facist, yet this facist served his country to protect our freedoms, our liberties for a government you elected and yet at the same time do not trust, and yet instead you trust businesses who employ complete strangers and have agendas that are completely private. Weird. So, in a nutshell, if two different people knocked on your door, separately, both had guns, one a police officer the other a complete stranger, you'd be more afraid of the officer? Or does things change when it gets down to reality. Would you depend on your government protecting you when the crap hits the fan or maybe you believe Walmart will come to your rescue? Blah...knee-jerker.

pgit
pgit

Everyone thinks these databases are to keep you safe? Well, if it suits their needs they just delete you, like they did this victim: http://www.youtube.com/watch?v=yVHCPtuY3d8 Our government refused to take action because there was no "record" of his ever having been in Canada. Feel safe now?

Michael Kassner
Michael Kassner

Ahh yes, excellent point. That's very true and ironically is both good and bad.

pgit
pgit

Spoken like a true liberty-hating fascist. I think I know where those 225 thumbs went... But forget you. Michael: I implicitly trust business more than government for one fundamental reason: you cannot be a slobbering moron and keep your position in business for very long. This does not mean business is "better," "more fair" "honest" or any implied positive. What I mean is you can KNOW what their intent is. All assumptions are valid because you know what the bottom line is. You cannot ever be certain about anything from government except that they lie. The degree to which business and government have melded is another matter. But taken in the pure, government is a dangerous servant and a fearful master. I can walk away from any deal with a business.

Michael Kassner
Michael Kassner

Techno Rat, I'm curious to learn if you have any specific laws or regulations in New Zealand (one beautiful country, hope to get there some day) that pertain to this subject? England seems to have more than the US, but are hard to enforce. Also I was curious if you listened to the pod cast that I linked? Your opinions on that would be appreciated as well. http://www.grc.com/securitynow.htm It's episode 153 and you can fast forward about half way to get to the interview.

Tearat
Tearat

It is a difficult question The motives for government are difficult to predict Power is only one motive Greed is another Both are related to sloth For business it is impossible to say You need to know what products are involved Regulations Economic forces In this case I trust business less This is about money and how to part people from theirs Privacy is unimportant I do not trust them to look after any information they may have about me

Tearat
Tearat

But not really what I was talking about

Michael Kassner
Michael Kassner

I have mixed feelings about this subject. I like to ask people which they trust more, private business or governments? You will understand why I asked this if you read my next article in this series: http://blogs.techrepublic.com.com/networking/?p=612 I'd appreciate your comments about the other article as well.

PRIMEREBEL
PRIMEREBEL

I completely agree with on this and so should anyone involved in network administration. There's a well known and fundamental principle in administration known as the principle of least privilege that states you should assign only the minimum amount of privileges to get the job done. The same should be applied to government. They're there to serve us, the public. They should only be given the minimum amount of rights to accomplish that task, and no more than that.

PasserDomesticus
PasserDomesticus

A government has awesome power. In some primitive countries they can kill us. (Sometimes they plan to kill innocent people, but sometimes these innocents are located on death row by the score through DNA). They can take our money( taxes), they can take our freedom ( prison; and don't tell me that only guilty people go to prison - innocent people do too), they can tell me if I can drive a car or not (driver's license) and they can tell me if I can travel abroad ( passport). So it is important that the power of governments is limited to the absolute necessary. A government should only collect information on people they reasonably suspect. They should not be allowed to go on "fishing" expeditions. A measure of democracy is the separation of public and private space.

Tearat
Tearat

You are misusing the arguments Stop it Next you?ll be telling us they really did go to the moon

-Q-240248
-Q-240248

Again, your paranoid reaction fits nicely. Quote: "Get it? Where are YOU? Your car will be tagged, already is if you have GPS. You will be tagged, you already are if you carry a cell phone. They're putting RFID into licenses and passports." So? Imagine for a second; AMBER ALERT: 9-year-old girl stolen from neighborhood. Later the suspects car is tracked by GPS and they rescue the girl. Suspect was quoted as saying, "Damn GPS in the car, the government has violated my privacy!" Parents of the girl: "Thank God for the GPS!" So I ask you, why are you afraid? You should feel more secure. I do.