ISPs Using "Deep Packet Inspection" On 100,000 Users

dstates writes "The Washington Post is reporting that some Internet Service Providers (ISP) have been using deep-packet inspection to spy on the communications of more than 100,000 US customers. Deep packet inspection allows the ISP to read the content of communications including every Web page visited, every e-mail sent and every search entered, in short every click and keystroke that comes down the line. The companies involved assert that customers' privacy is protected because no personally identifying details are released, but they make money from advertisers who use the information to target their online pitches. Deep packet inspection is a significant expansion over tools like cookies in the ability to track a user. Critics liken it to a phone company listening in on conversations."

Re:Good luck with that

[mpaulsen]

Never mind that it's evil, or that it's a great step to losing their common-carrier status.

They don't have a common-carrier status to lose.

People already do

[mark_hill97]

its called tor.

Re:Encrypt everything.

[interiot]

Wrong RFC. That would be RFC4366,

Re:Encrypt everything.

[darkpixel2k]

It's beyond me why this hasn't happened already.

As far as I know, IIS and Apache don't quite support TLS yet (although it's in-progress) which means every SSL-enabled website would have to be on it's own unique IP/port...making the IP 'crunch' even more of an issue.

Re:Up to 2 years imprisonment

[Stevecrox]

Phorm argues it doesn't break the law because they offer an "opt out" clause and so isn't effected by the RIPA act. BT's trial last year of Phorm against 10,000 users is being investigated as potentially illegal as users wern't given the chance to opt out. It should be a easily won case since BT by supplying 121media and not asking if they can share this information have broken the Data Protection Act. BT maintains plans to implement Phorm with the ability to opt out (through a cookie on your PC.)

I've already sent a letter to my service provider (virgin media) informing them I want no part of Phorm and if they implement it (which they are considering) I will be prosecuting them under the Data Protection Act. I suggest all BT, Talk Talk and Virgin Media users do the same.

The Data Protection Act in the UK is the best defense against this sort of thing, it defines how companies my handle personal data, the right a person has to that data and what responsibilities the organisations have with it. The biggest problem with it tends to be phone operators who've never read it trying to tell you the section you read to them is wrong.

I believe someone is trying to prosecute Facebook because they were unable to remove their information from Facebook (when you leave a service you have a right to have all information on a companies database to be deleted) If I were to go into a police station and demand all the CCTV footage they have on me they would have to supply it (my right to see) finally if I don't agree that companies can share my information with 3rd parties then they aren't allowed to share it full stop if they do you can prosecute.

121Media argue phorm doesn't violate the Data Protection Act because you are visiting public websites (it being akin to walking along a public highway and so no right to privacy) Hopefully the Information Commisson won't see it that way and will enforce the view that sending unencrypted http packets through port 80 is the same as making a phone call and so falls under the same protections.