Sandvine

Last updated

Sandvine Incorporated
Company type Private
IndustryNetworking Hardware and Software
Founded Waterloo, Ontario (2001)
Headquarters Waterloo, Canada
Website www.sandvine.com

Sandvine Incorporated is an application and network intelligence company based in Waterloo, Ontario.

Contents

Sandvine markets network policy control products that are designed to implement broad network policies, including Internet censorship, [1] congestion management, and security. [2] Sandvine's products target Tier 1 and Tier 2 networks for consumers, including cable, DSL, and mobile. [3]

Operation

Sandvine classifies application traffic across mobile and local networks by user, device, network type, location and other parameters. The company then applies machine learning-based analytics to real-time data and makes technical policy changes. [4]

As of 2021, Sandvine has over 500 customers globally. [5]

Company history

Sandvine was formed in August, 2001 in Waterloo, Ontario, by a team of approximately 30 people from PixStream, a then-recently closed company acquired by Cisco. An initial round of VC funding launched the company with $20 million CDN. A subsequent round of financing of $19 million (CDN) was completed in May 2005.[ citation needed ] In March 2006 Sandvine completed an initial public offering on the London AIM exchange under the ticker 'SAND'. In October 2006 Sandvine completed an initial public offering on the Toronto Stock Exchange under the ticker 'SVC'.[ citation needed ]

Initial product sales focused on congestion management and fair usage as service providers struggled with the rapid growth in broadband traffic. As fiber rollouts and 4G networks became more prevalent, the company's application optimization and monetization use cases were adopted by many customers. This allowed service providers to deliver usage and application-based plans, zero-rate applications, reduce fraud, and introduce security and parental controls as a way to generate new revenues.

In June 2007 Sandvine acquired CableMatrix Technologies for its PacketCable Multimedia (PCMM)-based PCRF that enable broadband operators to increase subscriber satisfaction while delivering media-rich IP applications and services such as SIP telephony, video streaming, on-line gaming, and videoconferencing. [6]

In July 2017 Sandvine shareholders accepted a $562 million (CDN) takeover bid from PNI Acquireco Corp., an affiliate of Francisco Partners and Procera Networks. The acquisition was completed in September 2017 when Sandvine shares ceased to be listed in the Toronto Stock Exchange. [7]

The acquisition was completed despite concerns raised by Ronald Deibert, the director of the Citizen Lab at the Munk School of Global Affairs at the University of Toronto who argued that the takeover required “closer scrutiny” by the federal government, largely in light of some of the activities done by two of Francisco's portfolio companies. [8] Most notably Procera Networks was part of a controversy where its technology is alleged to have been used to spy on Turkish citizens. [9]

Internet throttling and censorship

Sandvine products were used by Comcast in the United States to limit number of sessions of Internet traffic generated by peer-to-peer file sharing software. [10] Sandvine's current traffic discrimination product, Fairshare, is described in detail in an RFC. [11] According to independent testing, Comcast injected reset packets into peer-to-peer connections, which effectively caused a certain limited number of outbound connections to immediately terminate. [12]

According to research by Citizen Lab, products sold by Sandvine are being used to facilitate censorship of the Internet in Egypt, an allegation the company denies. [1] On February 27, 2024, Sandvine Incorporated was added to the Bureau of Industry and Security (BIS) Entity List subject to Export Administration Regulations "based on information that Sandvine supplies deep packet inspection technology to the Government of Egypt, where it is used in mass web-monitoring and censorship to block news as well as target political actors and human rights activists." [13]

The P2P throttling [14] focuses on Gnutella, and uses a path cost algorithm to reduce speeds while still delivering the same content. Sandvine uses stateful deep packet inspection and packet spoofing to allow the networking device to determine the details of the P2P conversation, including the hash requested. The device can then determine the optimal peer to use, and substitute it for the one selected by the P2P algorithm by "[sitting] in the middle, imitating both ends of the connection, and sending reset packets to both client and server." [15] In March 2018, Citizen Lab published a report showing evidence that PacketLogic devices from Sandvine could have been used to deploy government spyware in Turkey and redirect Egyptian users to affiliate ads. [16]

In Jordan, Sandvine Inc.’s equipment was used to censor an LGBTQ website. Egypt’s government relied on Sandvine equipment to block access to independent news sites. In Azerbaijan, it was deployed for a social media blackout, current and former employees say. [17] But the company’s equipment — which is often used to manage the flow of network traffic — has also been used to censor the internet in more than a dozen countries in recent years, according to three current, five former employees and company documents. Those countries include Algeria, Afghanistan, Azerbaijan, Egypt, Eritrea, Jordan, Kuwait, Pakistan, Qatar, Russia, Sudan, Thailand, Turkey, the United Arab Emirates and Uzbekistan, according to Sandvine sales records with government agencies and network operators — both private and government-controlled. Sandvine, which is owned by the private equity firm Francisco Partners, said it would stop selling its equipment in Belarus after Bloomberg News reported that it was used to censor the internet during an election. In explaining its decision, the company said it abhors “the use of technology to suppress the free flow of information resulting in human rights violations.”

Support for Internet shutdowns during Belarus protests

During the 2020–21 Belarusian protests, Belarusian officials shut down internet access with technology made by Sandvine. [18] Peter Micek, general counsel at the human rights group Access Now, called on federal authorities to investigate Sandvine and the private equity firm Francisco Partners and questioned the effectiveness of Sandvine's business ethics committee. “Their services appear to have been used in Belarus to silence people and to cover up egregious human rights violations”, Micek said. [19] According to media reports, there was unease among Sandvine employees about the role of their company in the repression of political protests in Belarus since August 2020. In a conference call with employees on September 10, 2020, Sandvine's management, however, seems to have been unapologetic about their role in Belarus: "Alexander Haväng, Sandvine’s chief technology officer, ... said that Sandvine had concluded that the internet, and access to specific material on websites, wasn’t 'a part of human rights'. 'We don’t want to play world police', he said. 'We believe that each sovereign country should be allowed to set their own policy on what is allowed and what is not allowed in that country.'" [20] [21]

On September 15, 2020, Sandvine cancelled its deal with Belarus, citing that the government "used its product to violate human rights". [22] However, its hardware was left at two locations near Minsk, which allows the government to control approximately 40% of internet traffic in the country. [23]

Egyptian Censorship

On February 27, 2024, Sandvine was placed on the Entity List [24] by the Department of Commerce due to Sandvine's role in internet censorship in Egypt.

Related Research Articles

<span class="mw-page-title-main">Internet</span> Global system of connected computer networks

The Internet is the global system of interconnected computer networks that uses the Internet protocol suite (TCP/IP) to communicate between networks and devices. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the interlinked hypertext documents and applications of the World Wide Web (WWW), electronic mail, internet telephony, and file sharing.

<span class="mw-page-title-main">Peer-to-peer</span> Type of decentralized and distributed network architecture

Peer-to-peer (P2P) computing or networking is a distributed application architecture that partitions tasks or workloads between peers. Peers are equally privileged, equipotent participants in the network, forming a peer-to-peer network of nodes. In addition, a personal area network (PAN) is also in nature a type of decentralized peer-to-peer network typically between two devices.

An anonymous P2P communication system is a peer-to-peer distributed application in which the nodes, which are used to share resources, or participants are anonymous or pseudonymous. Anonymity of participants is usually achieved by special routing overlay networks that hide the physical location of each node from other participants.

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is often used for baselining application behavior, analyzing network usage, troubleshooting network performance, ensuring that data is in the correct format, checking for malicious code, eavesdropping, and internet censorship, among other purposes. There are multiple headers for IP packets; network equipment only needs to use the first of these for normal operation, but use of the second header is normally considered to be shallow packet inspection despite this definition.

Internet traffic is the flow of data within the entire Internet, or in certain network links of its constituent networks. Common traffic measurements are total volume, in units of multiples of the byte, or as transmission rates in bytes per certain time units.

<span class="mw-page-title-main">Net neutrality</span> Principle that Internet service providers should treat all data equally

Network neutrality, often referred to as net neutrality, is the principle that Internet service providers (ISPs) must treat all Internet communications equally, offering users and online content providers consistent transfer rates regardless of content, website, platform, application, type of equipment, source address, destination address, or method of communication. Net neutrality was advocated for in the 1990s by the presidential administration of Bill Clinton in the United States. Clinton's signing of the Telecommunications Act of 1996, an amendment to the Communications Act of 1934, set a worldwide example for net neutrality laws and the regulation of ISPs.

Bandwidth throttling consists in the limitation of the communication speed, of the ingoing (received) or outgoing (sent) data in a network node or in a network device such as computers and mobile phones.

<span class="mw-page-title-main">Internet censorship</span> Legal control of the internet

Internet censorship is the legal control or suppression of what can be accessed, published, or viewed on the Internet. Censorship is most often applied to specific internet domains but exceptionally may extend to all Internet resources located outside the jurisdiction of the censoring state. Internet censorship may also put restrictions on what information can be made internet accessible. Organizations providing internet access – such as schools and libraries – may choose to preclude access to material that they consider undesirable, offensive, age-inappropriate or even illegal, and regard this as ethical behavior rather than censorship. Individuals and organizations may engage in self-censorship of material they publish, for moral, religious, or business reasons, to conform to societal norms, political views, due to intimidation, or out of fear of legal or other consequences.

Hart v. Comcast was a suit filed by Jon Hart, a citizen of California against Comcast in Alameda County. Comcast is a provider of internet access and services. The suit alleged that Comcast was illegally interfering with certain types of internet traffic, such as BitTorrent. The suit alleged that Comcast is guilty of false advertising for advertising high speed services yet deliberately using technology to interfere with access speeds. The suit also claimed Comcast's actions violated established Federal Communications Commission policies on Net Neutrality. The case has since been settled out of court.

Peer-to-peer caching is a computer network traffic management technology used by Internet Service Providers (ISPs) to accelerate content delivered over peer-to-peer (P2P) networks while reducing related bandwidth costs.

File sharing is the practice of distributing or providing access to digital media, such as computer programs, multimedia, documents or electronic books. Common methods of storage, transmission and dispersion include removable media, centralized servers on computer networks, Internet-based hyperlinked documents, and the use of distributed peer-to-peer networking.

Founded in 2004 in New York City, Pando Networks was a managed peer-to-peer (P2P) media distribution company backed by Intel Capital, BRM Capital and Wheatley Partners. The company specialized in cloud distribution of games, video and software for publishers and media distributors and also operated a freemium consumer business for sending large files.

A TCP reset attack, also known as a forged TCP reset or spoofed TCP reset, is a way to terminate a TCP connection by sending a forged TCP reset packet. This tampering technique can be used by a firewall or abused by a malicious attacker to interrupt Internet connections.

<span class="mw-page-title-main">Blue Coat Systems</span> American cybersecurity and network management company

Blue Coat Systems, Inc., was a company that provided hardware, software, and services designed for cybersecurity and network management. In 2016 it was acquired by and folded into Symantec and in 2019 as part of Symantec’s Enterprise Security business it was sold to Broadcom.

Internet censorship circumvention is the use of various methods and tools to bypass internet censorship.

Procera Networks is a networking equipment company based in Fremont, California, United States, that designs and sells Network Intelligence solutions based on deep packet inspection (DPI) technology. Procera sells solutions to telecom operators, governments, enterprises, and network equipment vendors in the areas of Analytics, Traffic Management, Policy and Charging Control, and Service Provider Compliance.

Traffic classification is an automated process which categorises computer network traffic according to various parameters into a number of traffic classes. Each resulting traffic class can be treated differently in order to differentiate the service implied for the data generator or consumer.

Net bias is the counter-principle to net neutrality, which indicates differentiation or discrimination of price and the quality of content or applications on the Internet by ISPs. Similar terms include data discrimination, digital redlining, and network management.

<span class="mw-page-title-main">Criticism of Comcast</span>

A number of different controversies and criticisms have surrounded Comcast for various reasons over its recent history. Customers of the telecommunications company report low levels of customer satisfaction on both service and cost. Comcast has also had several customer service scandals, the most notorious of which featured a representative not allowing a customer to cancel his service. This clip went viral. Comcast has also been widely criticized, most publicly by Netflix, for its position against net neutrality, the principle that all traffic on the internet should be treated equally.

<span class="mw-page-title-main">Domain fronting</span> Technique for Internet censorship circumvention

Domain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than that which is discernable to third parties monitoring the requests and connections.

References

  1. 1 2 Malsin, Jared (18 July 2018). "Throughout Middle East, the Web Is Being Walled Off". The Wall Street Journal . Archived from the original on 19 July 2018. According to Citizen Lab, an internet research group at the University of Toronto, Egypt is blocking websites with the help of devices whose digital fingerprint matches those of products sold by Sandvine, a firm based in Fremont, Calif., and Waterloo, Ontario [...] A former Sandvine engineer said the company rolled out a platform for network insights in Egypt in 2016.
  2. "Adelphia Selects Sandvine to Protect Subscribers from Worms and Spam. - Free Online Library". Archived from the original on 20 May 2011.
  3. Sandvine Management's Discussion and Analysis [ dead link ]
  4. "Sandvine Launches Industry's First Service Innovation and Intelligence Portfolio for 5G, Cloud and Edge Networks".
  5. "Sandvine Overview Application and Network Intelligence" (PDF).
  6. "Sandvine Buys CableMatrix for Peanuts". Haaretz. Retrieved 4 February 2024.
  7. Critchley, Barry. "Four years and interest from four private equity firms later, Sandvine is set to be sold" . Retrieved 28 September 2017.
  8. "Will a "closer scrutiny" stop the sale of Sandvine Corp. from getting over the line". Financial Post. 17 July 2017. Retrieved 3 November 2017.
  9. Fox-Brewster, Thomas. "Is An American Company's Technology Helping Turkey Spy On Its Citizens?". Forbes. Retrieved 3 November 2017.
  10. "In the Matter of Formal Complaint of Free Press and Public Knowledge Against Comcast Corporation for Secretly Degrading Peer-to-Peer Applications, File No. EB-08-IH-1518". 19 September 2008. Archived from the original (PDF) on 8 April 2013.
  11. Bastian, Chris; Livingood, Jason; Mills, Jim; Woundy, Richard; Klieber, Tom (1 December 2010). Comcast's Protocol-Agnostic Congestion Management System (Report). Internet Engineering Task Force.
  12. Eckersley, Peter (20 October 2007). "Comcast is also Jamming Gnutella (and Lotus Notes?)". Electronic Frontier Foundation. Retrieved 4 February 2024.
  13. "Additions of Entities, Revisions of Entries, and Removal of an Entity From the Entity List". Federal Register . 27 February 2024.
  14. "WO2003094465 PATH OPTIMIZER FOR PEER TO PEER NETWORKS". patentscope.wipo.int. Retrieved 4 February 2024.
  15. Bangeman, Eric (22 October 2007). "Comcast traffic blocking: even more apps, groupware clients affected". Ars Technica. Retrieved 4 February 2024.
  16. "BAD TRAFFIC: Sandvine's PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?". The Citizen Lab. 9 March 2018. Retrieved 9 March 2018.
  17. "American Technology Is Used to Censor the Web From Algeria to Uzbekistan" . Bloomberg News . 8 October 2020. Archived from the original on 22 June 2023. Retrieved 19 July 2023.
  18. "Belarusian Officials Shut Down Internet With Technology Made by U.S. Firm". Bloomberg.com. 28 August 2020. Retrieved 28 August 2020.
  19. Ryan Gallagher (11 September 2020). "U.S. Company Faces Backlash After Belarus Uses Its Tech to Block Internet". Bloomberg.com.
  20. "U.S. Company Faces Backlash After Belarus Uses Its Tech to Block Internet". Bloomberg.com. 11 September 2020. Retrieved 14 September 2020.
  21. "Accès à Internet : la Biélorussie a ordonné la coupure du réseau mobile durant les dernières manifestations". lemonde.fr (in French). 14 September 2020. Retrieved 14 September 2020.
  22. Ryan Gallagher (15 September 2020). "Francisco-Backed Sandvine Nixes Belarus Deal". Bloomberg.com.
  23. BBC World Service’s Newsday program (September 16, 2020).
  24. Bloomberg (27 February 2024). "US Blacklists Sandvine for Censorship, Web Monitoring in Egypt". Livemint.