Deep Packet Inspection is being deploying by an increasing number of operators for a host of purposes, including content analysis, flow analysis, network management (broadly stated), network management as integrated with policy management, and behavioural advertising (to name a few). While BT, in the UK, has openly admitted to working with Phorm to bring behavioral advertising to its consumers, it now appears as though network owners are going to be analyzing Internet traffic from mobiles, as well as desktop and notebook computers.
The Guardian is reporting that in a recent GSMA trial to collect information of where mobile users’ are browsing, that “the UK’s five networks – 3, O2, Orange, T-Mobile and Vodafone – used deep packet inspection technology to collect data covering about half the UK’s entire mobile web traffic” (Source). There is no indication that this is presently being associated with customers’ geolocation, but this does suggest that DPI is gaining increasing acceptance in the UK as a means of tracking what people are doing. Apparently the weak regulatory responses in the UK are spurring companies to deploy DPI before they are left behind the rest of the pack.
A core difference between mobiles and ‘regular’ computers is that people typically have their mobile with or near them most of the time. Browsing can be (and often is) spontaneous, and tends to be in brief bursts – this is different from the experience of sitting down at a computer and then doing something. In surveying the spontaneous, it is possible to identify what people are doing, where, and when – what are Briton’s looking at online, and how much time do they spend doing it? What are the population trends? Within particular population categories, what trends do we see, and how can we more precisely target those particular users?
Traditional ad-blocking software was, in part, meant to prevent tracking cookies from ever reaching your computer and thus limit the capacity for some vendors to monitor what consumers do online. Even in the case of Phorm, there are countermeasures that individuals can take to mitigate their data being identified and sorted – what solutions will be made available to mobile consumers, or is the fact that these are ‘different devices’ mean that old solutions will be seen as not applying? One hopes that this isn’t the case, but the incredibly weak responses by British authorities doesn’t exactly fill me with hope.