Profiling the Profilers: Deep Packet Inspection and Behavioral Advertising in Europe and the United States
Syracuse University, School of Information Studies, Students; Stanford University - Stanford Center on International Security and Cooperation
Georgia Institute of Technology
September 1, 2012
This paper examines the use of deep packet inspection (DPI) in online advertising, and analyzes the effects public pressure, regulatory actions and judicial and policy-making proceedings had on those deployments. The research is part of a larger project on the effects of DPI on Internet governance which is funded by the U.S. National Science Foundation. DPI, which allows Internet service providers (ISPs) to monitor the content of data packets in real-time, can be considered a disruptive technology because of the way its use conflicts with pre-established principles and norms of Internet governance.
In this comparative study, we examine the rise and fall of NebuAd in the U.S. and of Phorm in Europe. We also include some less visible companies and spill-overs to Brazil and South Korea. We conduct a comprehensive analysis of these cases – from the early development and secret trials of the technology to the regulatory actions, business failures and litigation in the aftermath. Looking at a timeline of several years that covers the dynamic technical, economic and institutional interactions at play, the framework contrasts distinct actors, actor constellations and modes of interaction across institutional settings to illustrate similar and divergent policy outcomes. This research is based upon comprehensive analysis of political and legal documents and a series of interviews with DPI vendors, Internet advocates, engineers, and advertisers.
The narrative follows four stages that we have found in similar case studies of DPI deployments: 1) unilateral, secret deployment, 2) uncontrolled public disclosure of the deployment, 3) civil activism around net neutrality and privacy norms, 4) political, legal and regulatory proceedings to resolve the conflicts. This framework highlights the interaction of technical, economic and institutional factors that are at work when politically contested technologies with a disruptive potential are deployed on the Internet. In this case, as in many others, the analysis shows how the deployments ran afoul of established principles and expectations and how the “notification” and “consent” practices so crucial to privacy law failed to bridge the gap between the expectations of Internet users and the formal legal definition applied by the courts. We show how this gap led to intense political pressure and market exit of DPI-based advertising platforms in both countries.
Number of Pages in PDF File: 31
Keywords: Deep Packet Inspection, Online Behavioral Advertising, Targeted Advertising, NebuAd, Phorm, USA, European Union, Privacy, Informed Consent, Internet Service Providers, Actor Centered Institutionalism, Technology Aware Policy Analysis Framework, Internet Governance
Date posted: March 2, 2012 ; Last revised: September 14, 2012