Privacy experts urge panel to regulate Internet filtering method

Privacy experts urged the House Energy and Commerce Communications Subcommittee today to regulate a type of computer network filtering employed by broadband Internet providers for security because it could also be used to build extensive customer profiles and target content and advertising without consent.

An executive representing network providers such as Charter Communications, Comcast and Time Warner pressed members not to legislate and instead allow stakeholders to craft a market-based solution to concerns about "deep packet inspection," or DPI.

House Energy and Commerce Communications Subcommittee Chairman Rick Boucher, D-Va., who is working on a broad bill aimed at protecting individuals' Internet privacy, said today's hearing was the first in a series to inform that process. A second hearing, which he is planning jointly for early summer with the Energy and Commerce Commerce, Trade and Consumer Protection Subcommittee will focus on behavioral advertising where Web firms and marketers likely will testify. "We see this measure as a driver of greater levels of Internet uses," Boucher said.

Boucher and House Energy and Commerce Communications Subcommittee ranking member Cliff Stearns, R-Fla., agreed they will use as a starting point legislation they co-sponsored four years ago that required consumer notification and prominent privacy policies that explain what is being collected and how it could be used, sold or otherwise disclosed. Consumers would have been able to opt-out and violators would have faced hefty fines.

Energy and Commerce Oversight and Investigations Subcommittee Chairman Bart Stupak, D-Mich., said Internet users lack a clear understanding of what happens with their information, and existing law does not give a solid definition of when affirmative consent is required. Rep. Anna Eshoo, D-Calif., argued any legislation should ensure Web-based services and broadband providers are treated differently.

On a related track, aides say Energy and Commerce Consumer Protection Subcommittee Chairman Bobby Rush, D-Ill., will soon reintroduce a bill to require strong security policies from firms that collect and store sensitive information and provide for nationwide notification in the event of a data breach. That bill and a measure sponsored by Rep. Mary Bono Mack, R-Calif., that would regulate peer-to-peer file-sharing services will be the focus of a May hearing, aides said.

With respect to DPI, Boucher acknowledged potentially beneficial uses but said "its privacy intrusion potential is nothing short of frightening." Boucher looked to witnesses for perspectives on DPI use and what functions should necessitate user opt-in or opt-out. Center for Democracy and Technology President Leslie Harris said all uses of DPI raise red flags "because they all begin with interception and analysis of [network] traffic." DPI "is no different than postal employees opening envelopes and reading the letters inside," she said.

Free Press Policy Director Ben Scott warned DPI could be used to speed up or slow down certain online applications, which would "Balkanize the Internet."