For an essay for the Office of the Privacy Commissioner of Canada, I spent some time over the last few days looking at deep packet inspection materials.
CDT has an excellent Policy Post on this subject this month, collecting links to their testimony and legal analysis. Gigi Sohn of Public Knowledge testified on this subject recently, pulling together the evidentiary record before the Senate Commerce Committee here. Verizon’s testimony at the same hearing points to increased disclosure and self-regulated “best practices” as the solution (and softly conflates network access with Web services generally).
Chris Hoofnagle of Berkeley pointed out online recently that consumers simply don’t read or understand disclosures:
Joe Turow at Annenberg has written a series of reports suggesting that even clear disclosures will not help in the information privacy context, because consumers believe that the phrase “privacy policy” implies a baseline set of protections. Therefore, even if we were to improve disclosures, the effect would be limited, because consumers never take time to read them–they assume that many common market practices are illegal. See: http://www.annenbergpublicpolicycenter.org/NewsDetails.aspx?myId=31. [ed.: here's another link: http://www.law.berkeley.edu/samuelsonclinic/privacy/48]
When my essay comes out I’ll link to it here. I’m not convinced that disclosures are the answer to the question; in fact, I’m not sure we’re even asking the right question.
For me, the key question is: What should the providers of general-purpose network access be permitted to do as a social and economic policy matter?