This is a bit of the speech I gave at the ACLU Membership Conference on June 9, 2008. The speech isn’t available online; I don’t archive them. The moderator was Barry Steinhardt, Director of the ACLU Technology and Liberty Program. The other panelists were Gigi Sohn, Executive Director of Public Knowledge, and Jim Tucker, Policy Counsel at the ACLU.
In the last few weeks, there has been a great deal of debate about the BT-Phorm and Charter-NebuAd plans to use deep packet inspection to build profiles on individual users in order to better target advertising toward those individuals. But not a lot of people understand what deep packet inspection actually is. Here is a very simplified explanation of how the Internet works: Whenever you send an e-mail or visit a Web site, your data is broken up to packets of information and directed toward the destination requested. Internet Service Providers do a lot of shallow packet inspection – looking into the packet just enough to figure out how to route the data.
ISPs have traditionally only done deep packet inspection (where you can read the contents of an e-mail or figure out what Web site a customer is visiting) in order to do systems testing (for example, identifying computer viruses). Advances in technology have made deep packet inspection easier, and it can be done in almost real-time. And now, some ISPs are proposing to use deep packet inspection of their customers’ data as an advertising tool, to enforce copyright law, and more. And it’s unclear if individuals can opt-out or if individuals must suffer this privacy invasion if they wish to use these ISPs. Deep packet inspection also enables non-ISP service providers, such as search engines or webmail companies, to build user profiles.
Ars Technica has good explanation of deep packet inspection and the Charter Communications controversy here.