US lawmakers target deep packet inspection in privacy bill

A congressman plans to introduce an online privacy bill

Grant Gross (IDG News Service)
24 April, 2009 05:05
Comments

U.S. lawmakers plan to introduce privacy legislation that would limit how Internet service providers can track their users, despite reports that no U.S. ISPs are using such technologies except for legitimate security reasons.

Representative Rick Boucher, a Virginia Democrat, and three privacy experts urged lawmakers Thursday at a hearing before the House Energy Commerce subcommittee to pass comprehensive online privacy legislation in the coming months. Advocates of new legislation focused mainly on so-called deep packet inspection (DPI), a form of filtering that network operators can use to examine the content of packets as they travel across the Internet.

While DPI can be used to filter spam and identify criminals, the technology raises serious privacy concerns, Boucher said. "Its privacy-intrusion potential is nothing short of frightening," he added. "The thought that a network operator could track a user's every move on the Internet, record the details of every search and read every e-mail ... is alarming."

Boucher, chairman of the House Subcommittee on Communications, Technology and the Internet, said he plans to introduce a privacy bill for online users. That legislation could possibly prohibit DPI for use in behavioral advertising and other uses not related to security or network management, he suggested.

Officials with Free Press, the Center for Democracy and Technology (CDT) and the Electronic Privacy Information Center (ERIC) all spoke in favor of online privacy legislation. "In our view, deep packet inspection is really no different than postal employees opening envelopes and reading letters inside," said Leslie Harris, president and CEO of CDT. "Consumers simply do not expect to be snooped on by their ISPs or other intermediaries in the middle of the network, so DPI really defies legitimate expectations of privacy that consumers have."

Comcast and Cox Communications, both cable-based broadband providers, have experimented with using DPI in conjunction with behavioral advertising, but panelists at the hearing said they knew of no U.S. ISP now using DPI that way. However, there are about a dozen companies offering DPI services to ISPs, said Ben Scott, policy director at Free Press.

With ISPs staying away from DPI, Congress should let ISPs self-regulate, said Kyle McSlarrow, president and CEO of the trade group the National Cable and Telecommunications Association. "Any technology can be used for good purposes and for bad," he said. "We recognize that no one would want us looking at the communication in e-mail. We don't particularly want to do that."

The technology is changing so rapidly, it may be difficult to draft appropriate legislation, he added. "There are new models being created," he said. "It's fairly hard to freeze, in one point and time, a fairly immature marketplace. We should allow industry and all stakeholders to try to work together ... come up with self-regulatory principles that protect consumer privacy."

Some Republicans on the subcommittee also questioned whether legislation should be targeted only at ISPs. "Our focus should ... look at the entire Internet universe, including search engines and Internet advertising networks," said Representative Cliff Stearns, a Florida Republican. "Consumers don't care whether you are a search engine or a broadband provider; they just want to ensure that their privacy is protected."

Privacy advocates also urged lawmakers to go beyond rules that would force ISPs to get opt-in permission from customers before tracking their online activities. In many cases, customers don't completely understand what they're being asked to opt into, said Marc Rotenberg, EPIC's executive director.

"I don't think [opt-in] is sufficient because it won't be meaningful unless consumers understand what data about them is being collected and how it's being used," he said.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email CIO
Follow CIO on twitter

More about: CDT, Comcast, Cox Communications, DPI, Electronic Privacy Information Center, etwork

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"{A friend linked me to this resource."

The 30 best Safari extensions -- so far
"Isn't it surprising that Google, with all the resources it has at ..."

Apple and Google disagree over licensing of essential patents
"As are ours."

Monash Uni reduces IT teams after consolidation project
"QR code is a great invention people made. I'm making mobile apps ..."

FTC warns makers of background checking apps
"It hasn't cost the government, its cost the people -'The bungle has ..."

QLD govt demands answers after pay glitch

Tags: government, internet, privacy, security

Latest Blog Posts

Whitepapers

8 reasons why Citrix NetScaler beats the competition
Application delivery controllers (ADC) are one of the most critical elements of cloud infrastructures and enterprise data centre architectures. ADCs strongly impact performance, scale and security of the entire application environment, so it is extremely important for IT leaders to choose the right one.

Learn more »
Implementing, Serving, and Using Cloud Storage
Organisations of all types are trying to control costs and satisfy increasing demands at the same time— demands created by explosive data growth and ever-changing regulations. To address these challenges, storage industry professionals are turning to cloud computing and cloud storage solutions.

Learn more »
Book 2 - The Practical Guide to Securing Assets
Keeping your information technology (IT) systems and information secure in the face of constant changes in hardware, software, threats, and regulations can seem like an impossible task. You must constantly monitor and evaluate asset security controls effectiveness in addition to monitoring regulatory and contractual security requirement compliance. To be effective, you must implement IT controls in context with your entire organisation assets. Read on.

Learn more »

All whitepapers

Most Read
Most Commented

Get exclusive access to Invitation only events CIO, reports & analysis.

Latest Jobs

Zones

Featured Whitepapers

The Convergence of IT Operations Management

The new wave of mobile consumer devices, combined with the surge of interest in cloud computing, is creating complex challenges for IT. In this white paper, read about new research ...

US lawmakers target deep packet inspection in privacy bill

Comments

Post new comment

The hierarchy of wisdom

ERP reload

Tourism sector bites the bullet

iPad 3 rumour rollup for the week of February 7

Internode, iiNet improve results in customer satisfaction survey

How to create a clear project plan

Preview: Prada Phone by LG 3.0

5 open source help desk apps to watch

Monash Uni reduces IT teams after consolidation project

iPad initiative for pupils in WA

QLD govt demands answers after pay glitch

FTC warns makers of background checking apps

Apple and Google disagree over licensing of essential patents

HP Business Efficiency - Money Payback Guarantee Resource Centre

The Australian Cloud

The Convergence of IT Operations Management

Top Ten Considerations when Deploying IT Operations Management in the Cloud

Unified Storage Strategy guide

2011 Pathways Advanced ICT Leadership Development Program

Enabling Agile and Intelligent Businesses