US lawmakers target deep packet inspection in privacy bill
U.S. lawmakers plan to introduce privacy legislation that would limit how Internet service providers can track their users, despite reports that no U.S. ISPs are using such technologies except for legitimate security reasons.
Representative Rick Boucher, a Virginia Democrat, and three privacy experts urged lawmakers Thursday at a hearing before the House Energy Commerce subcommittee to pass comprehensive online privacy legislation in the coming months. Advocates of new legislation focused mainly on so-called deep packet inspection (DPI), a form of filtering that network operators can use to examine the content of packets as they travel across the Internet.
While DPI can be used to filter spam and identify criminals, the technology raises serious privacy concerns, Boucher said. "Its privacy-intrusion potential is nothing short of frightening," he added. "The thought that a network operator could track a user's every move on the Internet, record the details of every search and read every e-mail ... is alarming."
Boucher, chairman of the House Subcommittee on Communications, Technology and the Internet, said he plans to introduce a privacy bill for online users. That legislation could possibly prohibit DPI for use in behavioral advertising and other uses not related to security or network management, he suggested.
Officials with Free Press, the Center for Democracy and Technology (CDT) and the Electronic Privacy Information Center (EPIC) all spoke in favor of online privacy legislation. "In our view, deep packet inspection is really no different than postal employees opening envelopes and reading letters inside," said Leslie Harris, president and CEO of CDT. "Consumers simply do not expect to be snooped on by their ISPs or other intermediaries in the middle of the network, so DPI really defies legitimate expectations of privacy that consumers have."
Comcast and Charter Communications, both cable-based broadband providers, have experimented with using DPI in conjunction with behavioral advertising, but panelists at the hearing said they knew of no U.S. ISP now using DPI that way. However, there are about a dozen companies offering DPI services to ISPs, said Ben Scott, policy director at Free Press.
With ISPs staying away from DPI, Congress should let ISPs self-regulate, said Kyle McSlarrow, president and CEO of the trade group the National Cable and Telecommunications Association. "Any technology can be used for good purposes and for bad," he said. "We recognize that no one would want us looking at the communication in e-mail. We don't particularly want to do that."
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Legitimate security uses?
I am really encouraged to hear the DPI is only being used for legitimate security purposes.Does that mean that whoever has been using the kindsight.net domain for USA traffic has not been using it via a DPI system that intercepts user traffic so that partner sites can display relevant adverts?
Must be that the 400k unique users on the system are just testing it then - http://www.quantcast.com/kindsight.net - and pure coincidence that visitors are also showing ad network domains in the 'also visit' stats.
As kindsight is now owned by Alcatel-Lucent it should not be too difficult for reporters and legislators to find out just what purposes kindsight is being used for, regardless of what is claimed.