House Telecommunications & Internet Subcommittee chairman Ed Markey (D-Mass.) signaled Thursday that Congress needed to pass comprehensive online-privacy legislation and that consumers should have to affirmatively agree before cable and phone networks can collect surfing data for various purposes, including targeted advertising.
That came in a hearing in the House Telecommunications & Internet Subcommittee Thursday on deep-packet inspection, or DPI, which is a way for networks and third parties to determine what information users are surfing for on the Web.
It was prompted, in part, by tests of targeted online advertising using DPI and conducted by NebuAd in conjunction with cable company Charter Communications and phone company Embarq. Markey joined with other legislators to write to both companies about the practice.
Both the legislators and witnesses at the hearing agreed that protecting users' privacy was important, but they differed on how to achieve that.
The basic schism was between mandating an opt-in system, where consumers should have to actively agree to have their online surfing information tracked by Internet-service providers and turned over to third parties like behavioral advertising network NebuAd, or whether the current opt-out system is sufficient.
Markey said he got the clear signal from the hearing that the "strong sentiment" was for "clear notice" and "meaningful opt-in." He was half right.
From the chairman of NebuAd, Robert Dykes, to Internet architect David Reed of the Massachusetts Institute of Technology, informed consent got thumbs-up all around.
Dykes called it "robust consent," saying that his company's ISP partners already include notices in snail-mail bill-stuffers and separate letters, as well as e-mail and a new plan to add online notification.
Pressed by Markey to give a yes or no answer to whether he supported an opt-in regime, Dykes would not say, but later in the hearing, he argued that mandating an opt-in system could adversely impact the online advertising that helps to fund innovation.
Saying that he was there to clear up misconceptions, Dykes said he felt like Galileo proposing that the earth was flat. He added that the technology is available to create anonymous profiles that cannot be hacked or tracked back to individuals, so that advertising can be better targeted while users’ identities are protected.
Markey said the difference between the DPI technology used by networks in conjunction with third parties and the data gathering by individual Web sites was that DPI indicated much more than just what sites they had visited and could be applied across multiple Web sites.
But committee ranking member Cliff Stearns (R-Fla.), with an assist from Scott Cleland, president of consulting firm Precursor, said looking at ISPs and third parties was too narrow, and missed the other elephant in the room -- search engines like Google and Yahoo that have reams of information on users via their various map, travel and other tools.
"You can't have this discussion without addressing them, as well," Stearns said, although the discussion was pretty much had without much mention of them.
Stearns occasionally referred to the issue, seemingly inadvertently, as "deep-pocket inspection," but that issue was addressed, as well.
Venture capitalist Bijan Sabet of Spark Capital argued that without some certainty that networks would not be favoring their own content by using DPI to block or impede competitors’ traffic -- the central issue in the BitTorrent complaint against Comcast -- investors would be reluctant to back start-ups facing such potentially anticompetitive practices.
Network-neutrality supporter Rep. Anna Eshoo (D-Calif.) weighed in to make sure Cleland disclosed that he was opposed to network-neutrality legislation and also ran a Web site, NETCompetition.org, backed by cable and telephone companies. He disclosed it at the outset but conceded it again for the record.
Stearns then weighed in to establish that DPI critic Alissa Cooper's Center for Democracy and Technology got some of its funding from Google and other computer companies.
While Galileo may have been the most striking analogy, the most common of the hearing was to the Post Office.
Markey said the Internet was like a delivery service, and that DPI, when abused, was like the Post Office inspecting mail and even altering it.
Reed agreed that the Internet was designed as a conversation between end-users who had a certain expectation of privacy. While DPI used to manage traffic, root out viruses and for some law-enforcement purposes was necessary, the technology that allowed that inspection on the fly and in real time now allowed networks to go beyond that for uses that implicated privacy.
Dykes disputed the Post Office analogy, saying that the operators and his company were commercial ventures trying to boost the ad return, which would fuel Internet investment and help smaller companies to compete with larger one by better targeting their ads.
Markey stepped in to adapt the analogy to FedEx and UPS, saying that they, too, were commercial businesses but that their users had some baseline expectation of privacy. It is that baseline that Markey suggested Congress would have to set.
The hearing concluded with Markey invoking the American Revolution and the British desire to enter American homes without permission, likening it to the privacy implications of DPI. He also said he expected the issue to get more congressional attention in the future.
