It’s not hard to understand why people got upset with Facebook over “Beacon,” the company’s effort to track what its users do on the Web and auto-transform those actions — like buying products or tickets to a movie — into messages broadcast over a personal network. Who wouldn’t be creeped out, at least sometimes, by this transmutation of private transactions into public statements?
But Facebook is just facing the same pressures all tech companies encounter when they find they have to deliver on sky-high valuations for investors and markets. Facebook, and the people pouring money into it, now claim the company is worth $15 billion. Expect plenty more “monetization” gambits.
I’ll remain wary, but I won’t be surprised. Instead, I’m keeping my eyes on a different, and far more troubling, violation of Web norms: it’s called “deep packet inspection.” That geeky phrase hides a world of potential ill.
All Internet messages travel as packets of data. Packets have headers; they’re like the addresses on envelopes, and service providers’ routing equipment uses the headers to make sure messages get where they’re going. Deep packet inspection (DPI) involves looking at the content of the packet as well — it’s the equivalent of the post office opening your envelope, or the phone company listening to your call. Internet service providers use DPI for security purposes. It’s usually been discussed in the past as a tool that enables ISPs to limit Bittorrent use or other peer-to-peer filesharing activities; it is also what would enable various schemes being bandied about for creating “fast lanes” of privileged types of Internet communication. The debate over such schemes is well-advanced.
But now, it seems, hardware companies have begun producing devices that enable service providers to use DPI to target ads. The Wall Street Journal covered this topic last week here. And that, to me, is just way over the line.
I don’t want my ISP looking at how I use the Internet to target ads to me, period, any more than I want the phone company listening in on my conversations in order to sell me stuff.
I’m sure we’ll hear that the DPI-based targeting schemes are a Big! New! Benefit! in providing us with more relevant ads. But I’d rather be the steward of my own personal information than let a service provider make decisions for me. We’ll also hear that privacy-minded users should just find a service provider that suits them. But how can we make an informed choice about service providers unless they are forthright about telling us exactly what they’re doing with DPI, in words everyone can understand? In many communities, high-speed Net service is a monopoly, anyway.
Then we’ll hear that this is no different from the way Google’s Gmail scans your messages to target text ads to you. But Gmail has tons of competition. And Google’s accumulation of personal data has begun to raise privacy concerns as well — so saying “Google does it too” doesn’t exactly provide full ethical cover.
This issue sits at the heart of the Net neutrality debate, and it comes at us in a form that is more easily understandable to the everyday user than its previous manifestations. “Packet inspection” may be unintelligible to non-geeks, but anyone can understand why you don’t want the post office opening your mail.
[tags]deep packet inspection, net neutrality, ISPs, targeted advertising[/tags]
There are no revisions for this post.
Good heads up.
Business opportunity for VPN service providers, who can now promise not to look at packets in return for business. DPI doesn’t work on encrypted connections.