Combine class actions and cutting-edge technology (two topics of interest to me in different ways) and you have what I consider to be the ideal subject matter for blog pontification. On November 10, 2008, 15 consumers filed a putative class action lawsuit against NebuAd, Inc. and certain Internet Service Providers (ISPs) over the use of NebuAd's "Deep Packet Inspection" (DPI) technology. (Sam Diaz, NebuAd, ISPs, named in class action lawsuit (November 11, 2008) blogs.zdnet.com.) A copy of the suit is hosted here.
Perhaps you don't know much about computers on a technical leval and are wondering why this should interest you. Perhaps you know that you can connect to the Internet but don't know much about what happens after electrons fly out of your home over a DSL line or a Cable line or (please, no) a dial-up internet connection. If you take nothing else away from this post, know that Deep Packet Inspection is evil. Be horrified by it. If you hear of such a program coming to an ISP near to you, protest like your life depends on it.
In basic terms, computers find each other on the internet with numerical IP addresses. You type in the name of a website. Behind the scenes, your computer asks a Domain Name Server to translate "thecomplexlitigator.com", for example, into a numerical IP address. Your computer then requests something from that address such as a website homepage. The request is passed from router to router, out of your ISP's network and into other networks until it finds the server with the numerical address your computer requested. That server then delivers the packets of data that comprise the reponse to your request. Each packet has your delivery address in it. Each packet makes its way to your computer on its own. Your computer receives the response packets and reassembles the response, be it a webpage or a file download or something else, by putting the various packets back together in the correct order (they are sequentially numbered).
Your ISP knows that you have requested something from a particular site, but it doesn't know the details of what is passing back and forth between your computer and some server somewhere else on the Internet. DPI, however, is a method by which NebuAd (or other companies) can peek inside packets and examine the contents of your communications in detail. This gives far more information about your online activities than merely knowing the IP addresses that your computer visits. "Having an IP address might tell the system what sites you visit on a regular basis, but for sites like Amazon.com, this is less than helpful. DPI gear can see exactly what pages on the site are being accessed, though, and it can scan those pages for keywords to use in building its profile." (Nate Anderson, Charter "enhances" Internet service with targeted ads (May 13, 2008) arstechnica.com.)
Phorm, another company providing DPI services, has been given the green light to proceed in the United Kingdom. While the technology is beyond the scope of this blog, Phorm's DPI technology is even worse than NebuAd because it essentially impersonates you on the Internet in a manner that is undetectable to you and the site you are visiting. Where provided access by ISPs, Phorm will read the URLs visited, the search terms used by every user, and the content of every page visited. The resulting profiles are then sold to advertisers who are salivating at the thought of this highly specific targeting. ISPs will share in the revenue with Phorm.
Imagine someone following you around a mall, noting every product that caught your eye, even for a moment, and then selling that information to every store in every mall you visit. Then imagine walking into a different mall and realizing that every store already knew this information about you and actively solicited you to purchase competitors' products that are similar to what you viewed. Don't let it happen to you!
[UPDATE: Thanks to the reader who occasionally catches my typos. I often have limited free time for posting, and proofreading is the first thing that gets sacrificed.]