DPI raises privacy issues because ISPs deploy it at key chokepoints in their Internet infrastructure, because the costs to users of switching ISPs are high, and because of the technology’s propensity for mission creep. While many parties can potentially investigate digital communications, none have access to communications on the scale of ISPs; all communications must pass through ISPs’ networks in transit between Internet-connected computers. This affords ISPs, and actors influencing ISPs, the potential to monitor all data traffic. While consumers may voice concerns about DPI usage, their ability to switch to a non-DPI using provider may be limited. High costs (stemming from the loss of savings associated with telecommunications bundles of phone, Internet, and mobile services), potential requirements for new hardware, and the need to learn a new billing regime all restrict consumers’ ability and willingness to switch providers—even in situations where competition between ISPs is relatively prolific. Finally, DPI’s fungibility lets ISPs deploy it for one reason, such as enhanced billing possibilities, and then repurpose it for others, such as throttling particular traffic or modifying data packets in real time. Given the potential for deep packet inspection technologies and vendors’ aim of making the technologies invisible, they constitute particularly significant privacy risks that must be addressed through regulatory or legal processes.
Cooper, Alissa (2010). The singular challenge of ISP use of deep packet inspection. Deep packet inspection Canada. Retrieved from http://www.deeppacketinspection.ca/the-singular-challenges-of-isp-use-of-deep-packet-inspection/
If you’re interested in downloading Christopher Parsons’ full annotated bibliography about deep packet inspection, click here.