If a user explicitly grants permission, then DPI is a tool, possibly a very helpful tool. If a user would like to see ads for products and services that they might actually use and enjoy, this can be very helpful. It could even possibly reduce the appearance of unwanted ads for a user. For example, some people complain about steamy, even pornographic ads that they see online. In theory, if a person’s browsing history reflects no interest in online dating or porn, over time they would be less likely to be presented with ads for that part of the Web that doesn’t interest them.

Without an explicit opt-in process, this technology is an assault on the user’s privacy. Nobody wants someone spying on them, and without inviting DPI, the helpful little program scribbling down your every move turns into a creepy digital stalker. It becomes even more concerning when the fate of all of this collected information is unclear. Can it ever be sold? Viewed by third parties? Compromised by identity theives? A program outside of a user’s control that assembles a specific profile of that person’s online habits presents a substantial liability, and it should be up to the user to determine if that level of risk is worth the convenience of targeted advertising.

DPI is a highly technical concept with no brief explanation possible to a person who doesn’t understand anything more complex about software than “point and click.” It’s extremely unethical to push an optional, risky technology on users without allowing them to understand what they are signing on for. Advertisers can still get their ads out there without cyberstalking users.

Fighting for an opt-in process seems even more important in a country like Britain, where there are far fewer options when it comes to ISPs. British Internet users don’t have as much flexibility as the U.S. when it comes to switching services if they disapprove of what they’re getting. With BT centrally holding the reins on most Web traffic in the UK, someone has to protect the users from losing control over their own information.

Web pages are delivered over a private personal connection with a web site, in a similar way to a phone call. Both use a shared public data communication network. Both are unencrypted. Both are private ‘conversations’.

Consequently, a web site may selectively decline or accept requests. The sueqnce content delivered is specific and personal to a given person. The content itself may also be specific and personal to a given personal (for example ecommerce, forums, webapps, webmail).

There are profound implications for anyone who publishes online, any community online, and electronic commerce in particular. UK ISPs/communication companies risk sacrificing their status as trusted couriers of data. (The concept of ‘common carrier’).

A significant amount of commercial intelligence can be gleaned from monitoring a person’s interaction with even a simplistic web site. It is this economic intelligence which is used to sell competitive advertising. Monitoring in this way is mass industrial espionage, identifying customers or prospective customers of a given web site/business, and selling competitor products/services instead.

The only available response is complete encryption, and/or selectively blocking untrusted ISPs from your site.

Even encryption doesn’t prevent your customers being identified by IP address.

Using DPI for marketing will radically change the future of the internet, and digital communication. For example, there are security implications for the wider community; do we really want a world where the only circumstance in which anyone can communicate privately requires strong encryption? How will that affect the need to conduct legal interception if you can’t decode the traffic in real time?

Longer term, there are implications for all forms of unencrypted B2C/C2C/B2B digital communication. Email. VoIP. SMS. P2P. PSTN. Once you concede interception of a given method of private communication, it is very difficult to make a coherent argument for not intercepting other communication methods (it is all ones and zeros on a wire crossing a public communcation network).

Very much looking forward to meeting you in London.

it’s called “riposte graduee” here in france, and about to go to the house for discussion…

see http://www.laquadrature.net/ for more information