Skip to Content

Government Surveillance

The Privacy Risks of ISPs Using Deep Packet Inspection

Deep packet inspection (DPI) — technology that potentially allows providers of Internet service to collect and analyze the Internet communications of millions of users simultaneously — has been a hot topic in a number of different policy circles in recent years. In the privacy arena, ISPs’ use of DPI has drawn scathing criticism despite the fact that other kinds of service providers (like content delivery networks and web-based service providers) are capable of conducting content inspection. In a guest essay over at the Canadian DPI portal, I explore what separates ISPs from other kinds of service providers, and why their use of DPI can raise unique concerns:

There are several characteristics inherent to ISPs and their use of DPI that significantly increase the privacy stakes as compared to these other entities . . .. ISPs are uniquely situated in three respects: they serve as gateways to all Internet content, switching ISPs can be difficult for Internet users, and their use of a tool as powerful and versatile as DPI makes it prone to mission creep. An exploration of each of these factors reveals that they are difficult or impossible to mitigate. Taken together they form the fundamental basis for the heightened privacy alarm that has characterized DPI debates.