ISP use of Deep Packet Inspection (May/July 2008)

On May 9, 2008, CIPPIC asked the Privacy Commissioner to investigate the use by Bell Canada and other ISPs of "deep packet inspection" technology. DPI allows ISPs to view and make decisions based on the contents of internet traffic flowing over their networks. It is being increasingly used by ISPs to "manage" internet traffic (especially P2P traffic), but can also be used to profile individual subscribers for marketing or other purposes. CIPPIC filed a supplementary submission on May 26th, asking the OPC to investigate possible Bell uses of DPI for behavioural targeting purposes as well as for traffic-shaping purposes. On June 24th, CIPPIC filed a further submission with additional evidence, urging the OPC to consult with independent experts as well as Bell in its investigation of this matter.

On July 25, 2008, CIPPIC filed complaints against ISPs Rogers, Shaw and Eastlink for their alleged use of DPI for traffic-shaping purposes. These complaints parallel that filed earlier against Bell.

On December 2, 2009, CIPPIC sent the OPC a letter highlighting a number of factual errors it identified in the OPC's draft Report of Finding regarding Rogers' user of Deep Packet Inspection equipmpent. CIPPIC did not take issue with the outcome of the complaint, but was concerned that the OPC's description of Internet protocols, the factual representation of the capacity (as opposed to current use) of DPI equipment, and of the nature and purpose of traffic management practices found in the OPC's Report reflected serious inaccuracies.

On July 25, 2008, CIPPIC also filed a formal request to the Privacy Commissioner for an industry-wide investigation of potential ISP practices involving the use of DPI technology for behavioural marketing purposes.The OPC responded by way of a letter dated August 8, 2008, noting that because these issues "involve an entire industry, they are more appropriately dealt with through research and consultation with stakeholders", and stated that it would undertake research into the use of DPI by Canadian ISPs "over the coming months". In a subsequent letter dated Sept 9, 2008, the Privacy Commissioner herself noted that the office was researching the issue and consulting with experts. Some results of that consultation are available on a website hosted by the OPC and collecting an expansive number of submissions on the uses and potentials of DPI.


Page last updated September 2010