Consumer Privacy and 'Deep Packet Inspection' Explored at House Hearing

On Thursday, the House Subcommittee on Telecommunications and the Internet held a hearing on "deep packet inspection" (DPI) and its implication on online privacy. The Subcommittee is chaired by Rep Ed markey (D-MA) who opened the meeting saying, "Privacy is a cornerstone of freedom. Without question, the digital era in communications technologies will heighten concern about the sensitivity of personal information that can be collected or disclosed about individual citizens and the ever increasing pervasiveness of such data collection." He suggested that broadband providers deploying deep packet inspection technologies must adopt clear privacy policies: 1) clear, conspicuous, and constructive notice about what broadband provider's use of deep packet inspection will be, 2) meaningful, "opt-in" consent for such use, and 3) no monitoring or data interception of those consumers who do not grant consent for such use. House Commerce Committee Chairman John Dingell (D-MI) said that DPI is "part of the Internet now, and it will be part of the Internet in the future. That much is clear. However, any industry that includes a company whose motto is, 'See Everything. Know Everything.' is worthy of close scrutiny. He highlighted the Federal Communications Commission's failure to establish any clear privacy protections for customers of wireline broadband services. legislators and witnesses at the hearing agreed that protecting users' privacy was important, but they differed on how to achieve that. The basic schism was between mandating an opt-in system, where consumers should have to actively agree to have their online surfing information tracked by Internet-service providers and turned over to third parties like behavioral advertising network NebuAd, or whether the current opt-out system is sufficient. In the wake of the hearing, American Civil Liberties Union senior legislative counsel Timothy Sparapani said there is a "massive risk" to privacy from "intrusive deep packet inspection," particularly if the government gets access to it. "Every time we visit the Internet, everything we read, everything we see -- all of it is up for grabs with DPI," he added. "If that information is obtained by the government, then you have exactly zero privacy online." But the ACLU is worried about commercial misapplications, as well, which could lead to discrimination. "DPI could lead to a disparity in Internet speed or pricing based on content, usage or application," Sparapani said. "That would diminish, not help maximize, the Internet's potential." The Center for Democracy and Technology testified, warning that consumers are increasingly concerned about the growing amount of personal data being collected by online advertising practices, but that they are ill-equipped to take steps to protect their privacy. CDT also said that the emerging advertising model partnering ISPs with ad networks brings new legal complexities and privacy risks to the e-commerce equation. CDT urged Congress to take a comprehensive look at online advertising practices and made several recommendations for designing policies and laws that insure consumer privacy and instill trust in the electronic marketplace.