Markey Eyes DPI


Congress might need to pass a law that protects the information Internet service providers collect from Web-using consumers without their permission, House Telecommunications and the Internet Subcommittee chairman Rep. Edward Markey (D-Mass) said last Thursday.

At a hearing, Markey said he was concerned about the use of deep packet inspection (DPI) technology as a revenue-generating tool in which the habits of Internet consumers are collected and used to engage in targeted advertising.

Most troubling, Markey said, was that DPI technology helped to build a consumer Internet profile that far exceeded the scope of information that individual Web sites collected with their tracking technology.

“As opposed to individual Web sites that know certain information about visitors to its Web sites and affiliates, deep packet inspection technologies can indicate every Web site a user visits and much more about a person’s Web use,” Markey said.

In the absence of a new law, Markey called on broadband access providers to notify consumers on their use of DPI; refrain from using DPI until a consumer consents, or opts-in, to be tracked; and not engage in “monitoring or data interception of those consumers” who have not provided consent.

Rep. Cliff Stearns (R-Fl.) stressed that Web-based companies were collecting vast amounts of consumer data that deserved equal examination by the subcommittee.

“Companies such as Google, Yahoo and Microsoft all have search engines and have long used tailored Internet advertising,” Stearns said.

Markey indicated that cable and electronic privacy laws on the books today might be sufficient to address DPI issues, but that a new law might be necessary — he called it an Internet Bill of Rights — to include major Web players like Google, Yahoo and Amazon (see related story in Platforms, page 58).

“We need a comprehensive online privacy bill to close the gaps that exist with search engines and other cites,” Markey said.

DPI is a technology that can be used for network management purposes, including efforts to fight spam, worms, and viruses. DPI probes the inside of a data packet instead of reading just the header information. Assisting law enforcement is another DPI use, though encryption technology used by banks and other financial institutions can frustrate DPI monitoring.

In June, Charter Communications dropped plans for 30-day test of DPI technology developed by a start-up company called NebuAd. Although Charter notified customers in the four test markets, Markey and Rep. Joe Barton (R-Texas) put pressure on Charter not to go forward.

At the hearing, NebuAd chairman and CEO Robert Dykes said the company turns off customers who have opted out.