Europe Wants ‘Deep Packet Inspection,’ Here’s Why That’s Alarming

CYBERSPACE—The internet technology known as “deep packet inspection” is currently illegal in Europe, but big telecom companies doing business in the European Union want to change that. They want deep packet inspection permitted as part of the new net neutrality rules currently under negotiation in the EU, but on Wednesday, a group of 45 privacy and internet freedom advocates and groups published an open letter warning against the change.

But what is “deep packet inspection” technology, and why is it important—and alarming?

All online data is filtered and inspected as it passes through various security checkpoints on its journey through the internet. But deep packet inspection technology allows the big telecom companies using it to pull out seemingly unlimited detail about the online habits of internet users.

Using DPI, internet service providers can tell almost anything about you, from the type of computer or device you use, to the news sources and specific articles you read or videos you view, to “specific health conditions, sexual preferences, or religious beliefs,” according to the open letter sent by the advocacy group European Digital Rights, together with 45 academics, NGOs and tech firms.

Use of DPI clearly raises serious privacy concerns, but it also appears to make violating principles of net neutrality much easier for internet service providers. Current EU net neutrality rules currently ban deep packet inspection. But with most European countries allowing “zero rating” exceptions to net neutrality rules—that is, the ability of a telecom company to favor its own content over content generated by other companies—deep packet inspection is also used “to charge certain data packages differently or to throttle services and cram more internet subscribers in a network already running over capacity," according to EDRi.

By digging deep into the content of user online communications, the ISPs can decide how to group certain types of data into packages that can be priced at a premium rate. According to EDRi, European regulators have generally turned a blind eye to such net neutrality violations. The group says that it has identified 186 ISPs now “potentially” using deep packet inspection technology—even though it is illegal to do so.

But the law against using DPI comes with a loophole. DPI is only banned for use in deciding how to treat different types of online traffic differently. But DPI is not banned for use in extensive data collection on unsuspecting users.

The new net neutrality rules in Europe, including rules on the use of DPI, are currently in closed-door negotiations, with the first public hearing expected in the fall of 2019, and a final decision on what those rules will be decided by March of 2020

Photo By Camelia.boban / Wikimedia Commons