Telcos in Europe are pushing for the legalization of deep packet inspection (DPI), which would allow them access to the contents of any non-encrypted packet transmitted over their networks. This would allow them access to detailed information about users, including their “preferred news publications, interest in specific health conditions, sexual preferences, or religious beliefs.”
45 academics, companies, and non-government organisations have published an open letter to the European Union in response, outlining the dangers of DPI.
As well as invading user privacy, DPI could be used by telcos for anti-competitive purposes. For example, greater knowledge of user access would allow them to throttle access to services or the sites of their competitors, or allow custom billing based on website access rather than data usage.
Such use of DPI would go against basic net neutrality principles, and so current European law explicitly bans it. However, the law only bans its use when it is used to examine communications data for the purpose of treating traffic differently. This has led to the technology’s use even in legally murky situations, and by the most recent count there are 186 products in the EU which potentially make use of DPI.
There is a long history of telecom giants abusing DPI in order to collect more data from their users. The Canadian Internet Policy and Public Interest Clinic (CIPPIC) advocated bringing an end to the use of DPI by ISPs in Canada as long ago as 2008. However, this did not lead to regulation: for now, the EU has the most progressive regulations on its use.
It is likely that were EU citizens to become subjected to DPI they would use a VPN to secure their information, as VPNs route user data through a secure tunnel which prevents governments and internet service providers from gaining access to their browsing data. A VPN would also allow users to bypass any attempts by ISPs to throttle specific services.