If you enter a brick and mortar store, a smart shopkeeper will keep close tabs on what you do there--not just what you ended up buying, but what you paused to look at, what caught your attention enough for you to pick it up, what you asked about, etc. (And when shopkeepers aren't attentive to our wants and needs, we penalize them by griping and then finding a store that is more tuned into what we want.) But when they attempt to do essentially the same thing online, it causes an outcry. I'm as bad as anyone in being leary of Big Brother watching, but I guess I'm not so up in arms that I can't see the double standard.

When you enter a brick and mortar store, you are implicitly entering, by choice, a 2 party relationship between you and the store.

Similarly, when you visit a website you are entering a 2 party relationship with the site provider, and you have some reasonable expectation (sometimes outlined explicitly) about what the site provider might choose to do with the data you exchange with each other.

The difference in the online scenario is that multiple 3rd parties are involved in enabling the higher level interaction: ISPs. The closer analogy is communication through the mails. The post office, UPS, FedEx, etc. are service providers with clear-cut sets of responsibilities and limits: move well formed 'packets' of opaque data (envelopes, packages, postcards) between addresses.

The question is to what degree should we expect or permit these 3rd parties from participating in the contents of our communications?

The answer, I believe, is none. Even though the service provider has temporary custody over our packets, which may have commercially useful information in them, we should consider the contents of the packets to be the property of the sender and recipient.

Deep packet inspection violates the fundamental contract between the user and provider of the packet transport service. When I send internet packets, I expect them to be treated as understood in the relevant protocols and layered OSI model: an arbitrary address for routing to a destination node and arbitrary, opaque data to be interpreted at the destination node. If the ISP is handling the packet differently based on either the address or contents, it isn't providing internet service. It's providing something (mostly) compatible and possibly highly indistinguishable from internet service.

So what's the harm if your ISP is providing a service virtually indistinguishable from internet service but with deep packet inspection? I think it comes down to establishing a fundamental understanding of what internet service means and who has what rights over a packet. Accepting or granting an ISP rights to the contents of your packets, even for a supposedly benign purpose, establishes a precedent and a shared-rights model of internet communication. Once we give away a share of our rights over the contents of our communication, the extent of the invasion to our privacy and freedom of communication will forever be balanced against the profit needs of the ISP.

Instead, I believe we should demand the same level of privacy in content and neutrality in delivery that we demand from the postman or UPS. Prying into our packets should carry the same level of taboo as prying into our mail.

LMoE

LMoE,

You nailed it!

Sundown, I cannot agree with you. When I enter a brick and mortar store, it's possible the shopkeeper will watch me, but I doubt it. Do you really think Walmart watches where every single shopper goes and what they look at? Even in my small local grocery store there aren't enough workers to follow every shopper.

Then again, how about restaurants? I look at the menu board in my local pizzeria, and they have no idea what I'm doing. On the Internet, they know everything you did there. Plus, they know where you came from and where you went when you left the site. Then they sell it to the highest bidder.

The real world has nothing whatsoever to do with the Internet world in these kinds of cases. There is no double standard here.

From LMoE:

I believe we should demand the same level of privacy in content and neutrality in delivery that we demand from the postman or UPS. Prying into our packets should carry the same level of taboo as prying into our mail.

I agree 100% on this last point. Just because the information is out there does not mean it should be used. And, let's face it, how many people really want to be deluged with targeted ads?