The Inability to Opt Out of DPI (or Why the Marketplace Cannot Cure Paul’s Worries)
Some might respond to Paul’s Ohm’s terrific article, The Rise and Fall of Invasive ISP Surveillance, by suggesting, as network providers do, that the marketplace will sort out our privacy concerns about Deep Packet Inspection practices because consumers can opt out of DPI tracking of their online life with a single click. Optimism about a proper functioning marketplace, however, is misplaced for several reasons. First, as Arstechnica reports, network providers bury notice of their inspection practices in densely worded privacy policies and do not email users to note the change in policy. Thus, a basic information asymmetry problem arises—consumers cannot reasonably be expected to know about, and protect themselves from, opaque practices. Second, even if consumers opt out of the creation of behavioral profiles for use in delivering ads, they may not be opting out of the copying of their traffic. And, third, as Dr. David Reed testified before the Subcommittee on Telecommunications and the Internet, even if some network providers switch to an opt-in approach or reject DPI entirely, consumers cannot totally control the use of DPI technologies by those with whom they communicate, thus rendering consumer choice illusory. Thus, the privacy concerns that Paul raises likely are not self-correcting.