The security and privacy of personal data are being jeopardized as Deep Packet Inspection is deployed by internet service providers.
By Katherine Barnett – Europe has not escaped the global move towards ‘surveillance capitalism’. Numerous pieces of legislation are under consideration which put online freedoms and privacy at risk—the UK’s Online Harms white paper is just one example.
The European Digital Rights (EDRi) organization recently discovered that European telcos were monitoring internet connections and traffic through a technique known as Deep Packet Inspection (DPI).
European telcos have so far escaped penalization for their use of DPI, on the grounds that it counts as ‘traffic management’. Under current net-neutrality law, it is technically allowed for purposes of network optimization—but its use for commercial or surveillance purposes is banned.
In January, however, the EDRi produced a report, outlining how as many as 186 European ISPs had been violating this constraint, using DPI to affect the pricing of certain data packages and to slow down internet services running over-capacity. Alongside 45 other NGOs and academics, it is pushing for the use of DPI to be terminated, having sent an open letter to EU authorities warning of the dangers.
Deep Packet Inspection is a method of inspecting traffic sent across a user’s network. It allows an ISP to see the contents of unencrypted data packets and grants it the ability to reroute or block traffic.
Data packets sent over a network are conventionally filtered by examining the ‘header’ of each packet, meaning the content of data traveling over the network remains private. They work like letters, with simple packet filtering allowing ISPs to see only the ‘address’ on the envelope but not the contents.
DPI however gives ISPs the ability to ‘open the envelope’ and view the contents of data packets. It can also be used to block or completely reroute data.
Regulators have so far turned a blind eye to this blatant disregard for net-neutrality law and telcos are pushing for DPI to be fully legalized.
This sparks major concerns about user privacy and security, as DPI renders visible all unencrypted data sent across a user’s connection, allowing ISPs to see browsing activity. more>