ISPs throughout the United States and UK are using deep
packet inspection to track surfers’ online activities – search queries, web
sites visited, and information entered, among other things – in order to sell gleamed
data to advertisers interested in better targeting their advertisements.
The practice, largely swept under the rug “for fear of [a]
customer revolt,” says one unnamed executive, currently targets about 10
percent of all internet customers in the United States. Front Porch, a U.S. advertiser
that buys data from ISPs’ deep packet programs, says that it has detailed
web-use data for more than 100,000 customers.
None of the advertising firms involved would name whom they
are buying data from, instead telling the Washington
Post that “it’s up to the providers to announce how they deal with customer
data.”
A number of ISPs, however, have already altered their customer
service agreements: Embarq, the fourth largest provider of data services in the
United States, calls it a “preference advertising service,” and providers Wide
Open West and Knology have openly disclosed the fact that they are working with
advertising firm NebuAd.
Proponents of deep packet inspection claim that it’s a win
for everyone involved: customers see more ads that are relevant, ISPs make
money, site owners see better returns, and advertisers catch better data.
ISPs claim to remove customers’ personal data, with
significant effort taken to strip surfing histories of anything that could identify
an individual user. “I don’t view it as violating any privacy at all,” says Knology
marketing VP Anthony Palermo, “My understanding is that all these companies go
through great pains to hash out information that is specific to the consumer.”
NebuAd says that it protects users’ data in two ways: by
identifying customers with an arbitrary number untraceable to their original IP
address – a technique
that Lilburn, Georgia resident Thelma Arnold, also known as AOL Searcher No. 4417749, could
easily disprove – and by filtering out all data that relates to sensitive activities, such as e-mail and visits to banking,
health, or pornography sites.
Bob Dykes, chief executive of NebuAd, says that in some ways
its method of protecting consumer data is even better than that of Google,
which stores search logs by easily-traceable IP addresses and parses Gmail accounts for advertising information.
Privacy advocates are not satisfied, however, by ISPs’ efforts
to empower customers with control over their data: an easily-lost browser
cookie tracks users that opt out, meaning they could be back in the
system if they clear their browser cache or switch to another computer.
Further, text acknowledging the advertising partnership is buried deep within
service agreements: Knology customers have to search through 27 pages of
legalese in order to find one “vague reference” to the company’s tracking system.
Many ISPs have a long
and storied history with deep packet inspection, as it is an effective means of
monitoring and controlling customer activity: Comcast’s BitTorrent
controversy, recently
resolved, uses deep packet inspection hardware from Sandvine to prevent
users from contributing to the BitTorrent swarm after they’ve finished downloading,
and Canadian ISP Rogers uses similar technology to inject
subscriber notices into surfers’ web pages.
Web surfers east of the Atlantic recently found themselves
in the middle of a similar, secret arrangement
between UK ISP BT and advertising company Phorm, after a handful of intrepid
users noticed “dodgy
redirects” in their internet service. An online petition against the
arrangement, hosted by the British government, has so far gathered over 10,600
signatures.