European telecom companies are pushing for the legalization of deep packet inspection (DPI), which would allow them access to the contents of any non-encrypted packet transmitted over their communication networks.
If allowed to do so, this would give Telcos in Europe access to detailed information about their users, including their “preferred news publications, interest in specific health conditions, sexual preferences, or religious beliefs.”
45 academics, companies, and non-government organisations have published an open letter to the European Union in response, outlining the dangers of DPI.
As well as invading user privacy, DPI could be used by Telcos for anti-competitive purposes. For example, knowing more about users’ internet habits could allow internet service providers to throttle access to rival services or websites. It could even allow them to introduce custom billing based on web habits rather than data usage.
Such use of DPI would go against basic net neutrality principles, and so current European law explicitly bans it. However, the law only bans DPI use when used to examine communications data for the purpose of treating web traffic differently. This has led to the use of DPI in legally murky situations and, by the most recent count, there are 186 telco products in the EU which potentially make use of DPI.
There is a long history of telecom giants abusing DPI in order to collect more data from their users. The Canadian Internet Policy and Public Interest Clinic (CIPPIC) unsuccessfully advocated bringing an end to the use of DPI by ISPs in Canada as long ago as 2008. For now, the EU has the most progressive regulations on its use.
If European telcos were to start using DPI, we predict that EU citizens would turn to VPNs to secure their web communications. VPN software routes web traffic through a secure server before accessing a website or application. This secure route is known as a VPN tunnel, and it prevents governments and ISPs monitoring people’s web browsing data, as well as ISP throttling.