Public Knowledge President and Co-Founder Gigi B. Sohn today warned the Senate Commerce Committee of the privacy intrusion that occurs when Internet Service Providers (ISPs) inspect detailed customer information using a technique called Deep Packet Inspection (DPI). In testimony to the Committee, Sohn told the Committee: “It should be clear that the very nature of DPI technology raises grave privacy concerns.” She described DPI as: “To put it simply, Deep Packet Inspection is the Internet equivalent of the postal service reading your mail. They might be reading your mail for any number of reasons, but the fact remains that your mail is being read by the people whose job it is to deliver it.” More and more, Sohn said, “ISPs are opening these envelopes, reading their contents, and keeping or using varying amounts of information about the communications inside for their own purposes.”
She added: “In some cases, ISPs are actually passing copies of the envelopes on to third parties who do the actual reading and use. In others, ISPs are using the contents to change the normal ways that the Internet works. And for the most part, customers are not aware that their ISPs are engaging in this behavior–much like if the postal service were to open your letter, photocopy it, hand that copy to a third party and then re-seal the letter, so that you would never know it had even been opened in the first place.”
Sohn said ISPs are looking for ways to make use of, and make money from, detailed customer information. Sohn noted that Comcast used the technology in its throttling of BitTorrent data from its consumers, which the Federal Communications Commission (FCC) ruled violated the agency’s Open Internet principles.
She noted that today’s legal structure has gaps in it, so that the privacy invasions that occur when DPI is used cannot be punished. Sohn called for “a comprehensive regulatory structure that will ensure that the privacy rights of all Internet users are protected.” Sohn noted that, “any solution should strive to be comprehensive in scope and ensure that the basic principles of privacy protection are applied across the entire Internet ecosystem.”
She outlined the following principles such a structure should have:
They must ensure that the purpose of the use of customer data is one which can be consistent with consumers’ privacy expectations.
They must ensure that the amount and type of data collected is narrowly tailored to the proposed use, and that the data is not kept or disseminated to third parties past what is necessary to that use.
They must ensure that customers have access to and actually receive adequate information about the proposed use, and have affirmatively and actively consented to any practices which could violate customers’ expectations of privacy.
Her written statement is here:
The oral statement is here:
Members of the media may contact Communications Director Shiva Stella with inquiries, interview requests, or to join the Public Knowledge press list at email@example.com or 405-249-9435.