Fifteen people have filed suit against online media company NebuAd, alleging that its use of deep packet inspection technology violates consumer privacy. The technology tracks the Web-surfing habits of ISP customers in order to better target ads to them.
The complaint, filed in the U.S. District Court for the Northern District of California, also names Internet service providers Bresnan Communications, Cable One, CenturyTel, Embarq, WideOpenWest, WOW and Knology.
NebuAd and the ISPs violated the Electronic Communications Privacy Act, Computer Fraud and Abuse Act, California’s Invasion of Privacy Act and California’s Computer Crime Law, according to the suit. The plaintiffs are seeking class action status. The plaintiffs’ fundamental argument is that NebuAd was not authorized by subscribers to access their online transmissions — nor were the ISPs.
“ISPS are allowed, within their normal course of business as a necessary incident to the rendition of their services, to inspect a subscriber’s datastream for reasons such as viruses, spam, searching for non-protocol compliance, securing their bandwidth, police bandwidth and maintenance of the overall health of their network; however, conducting Deep Packet Inspection for subscriber content is not within those rights,” the complaint reads.
NebuAd said it is reviewing the allegations and plans to defend itself vigorously.
Deep packet inspection technology is the offspring of adware — a previous generation of software that was equally despised by privacy advocates. Like its earlier counterpart, deep packet inspection tracks where Web users go online in order to better target ads to them. However, there are slight but significant differences with deep package inspection. Because the technology is deployed at the ISP level, there is little consumers can do to protect themselves from it. Content from e-mail and other ISP-provided services is caught up in the data-diving sweep.
“Not that we condone other forms of online snooping, but deep packet inspection is the most egregious and aggressive invasion of privacy out there,” Paul Stephens, director of policy and advocacy for the Privacy Rights Clearinghouse, told the E-Commerce Times. “It crosses the line in a way that is very frightening.”
There appears to be no way for consumers to keep their online habits secure of ad networks that use NebuAd, Stephen said, unless they switch to an ISP that doesn’t partner with it.
There are signs that ISPs are backing away from deep packet inspection technology. In Congressional hearings this September, executives from AT&T, Verizon and Time Warner testified that they did not monitor customers’ online behavior — although even if they did, they said, they would not be breaking the law.
Perhaps wary of the threat of regulatory oversight, these three companies plus Charter discussed forming an industry coalition to craft best practices that would center on notifying consumers of how the data collected about them would be used.
The Senate Committee on Commerce, Science and Transportation and the House Committee on Energy and Commerce held hearings on these issues over the summer, with executives from the major ISPs as well as NebuAd testifying.
Charter Communications also came under fire earlier this year when it informed users of a test pilot in which it would be using NebuAd’s technology. It eventually decided to drop the test.
Clearly, ISPs have become aware that Congress is taking an interest in such behavior-tracking technology, Lillie Coney, associate director of the Electronic Privacy Information Center, told the E-Commerce Times.
Privacy advocates will have a better sense of just where ISPs sit on the matter once answers to congressional inquiries start rolling in, Coney said. As a result of the hearings, senior members of Congress have sent letters to 33 Internet companies, including Google and Microsoft, asking whether they are tracking online behavior of their users.
These letters were sent Aug.1, she said. “We plan on following up with the committee to see what the responses are.”