Privacy-minded consumers celebrated a victory as the ISP Charter Communications announced a decision to scuttle a controversial advertising plan that would have involved surveillance of customers' Internet traffic -- likely using an invasive technique called deep packet inspection.
When Charter originally announced the plan in late April, many subscribers were instantly suspicious of a change described as an "enhancement to your web browsing experience...an enhanced online experience that is more customized to your interests and activities." Also troubling was the fact that users would be automatically enrolled in the program unless they specifically took action to opt-out -- clearly running counter to the more acceptable practice of doing nothing with a user's data until the user specifically decides to opt-in. It was shortly revealed that Charter was planning a partnership with online advertising company NebuAd and that subscribers' Internet traffic would be monitored using a technique with the potential to reveal far more information than is typically provided in the course of normal Internet surfing.
While Charter's focus group testing and early assessment of consumer sentiment suggested that the advertising plan wasn't objectionable, the backlash that followed the announcement was broad and swift. Recipients of the announcement letter posted to forums, and blogs quickly shared the story, with the mainstream press not far behind. Alarmed by the proposal, concerned legislators from the House Committee on Energy and Commerce sent a letter to Charter's CEO over concerns about privacy rights.
Charter has emphasized in interviews that it seeks to be consumer-oriented, so we commend them for listening to their customers and realizing that their advertising scheme was unacceptable. But there are other important questions emerging as a result of this episode -- for example, other ISPs with relationships with NebuAd have been less forthcoming about the extent of their monitoring. This episode has also served as an example of the maturity of deep packet inspection technology and that without scrutiny from consumers, technologists, regulators, and lawmakers, it may proliferate without adequate attention to necessary privacy protections.