EC challenges internet snooping

Michael Hedges March 30, 2009

Privacy rights are accepted and, generally, honored in Europe. The wealth – literally and figuratively – of personal information made available through the internet staggers the imagination. Staggering, too, is the prospect of privacy rights being trampled.

EC Consumer Protection Commissioner Meglena Kuneva has a bone to pick with internet snooping. And she’s launching an investigation into deep data mining. In an official statement (to be released March 31) she will outline concerns of vague and misleading ‘term of use’ for access to Web sites that can breach EC privacy rules. Commissioner Kuneva was born and raised in Bulgaria during a time when snooping on people was common, legal and nasty.

The European Parliament (EuroParl) voted (March 27) overwhelmingly for recommendations in a report linking data surveillance, advertising and cybercrime. The report recommends safeguards for the privacy rights of internet users.  The EuroParl called for “making use of existing national, regional, and international law.”

The MEPs raised the “imbalance of negotiating power between (internet) users and institutions.” Internet users, said the MEPs, have the right to “permanently delete” personal details. Facebook’s recent change in ‘terms of use’ allowing it to retain personal information brought a firestorm of criticism and the social networking portal backtracked. And the EC was watching.

"It wasn't regulators who spotted the proposed change of terms at Facebook, it was one of the 175 million users," said Commissioner Kuneva’s spokesperson Helen Kearns.

Collecting and analyzing profile data is big business. It is “the new petroleum of the Internet world,” said Ms Kearns, quoted in PC World (March 30). “If you are happy trading your data that's fine, but you should at least know how valuable it is.”

As Google and Microsoft have learned European Commission rules, unlike American rules, tend to set a low bar for compliance. The former prefers a high bar. Most European governments tend to follow the Commission’s lead, toward prevention of abuse, in rights issues. Facebook, perhaps, is paying attention.

The British government continues to avoid EC requests for information about the controversial Phorm trials by telecom BT in which information on individuals Web browsing habits (deep packet inspection) was collected to profile consumers without their knowledge. The British government said the test was safe, clean, legal and none of the ECs business.

Deep packet inspection (DPI) has a wide variety of applications including protection against span, viruses and worms. DPI is used by ISPs for copyright enforcement. DPI collects and analyzes everything in a ‘packet’ of data transmitted through the internet. Governments use DPI for snooping. Others use it for targeted advertising. How wonderful it is that technologies are multi-purpose!

Advertising people adore the idea. If technology provides a sufficiently accurate profile of consumers specific ads can be targeted more precisely to needs, interests and, perhaps, motives. People, says the theory, only ‘see’ ads for products and services they’re ‘looking’ for. It seems rather benign if the product is an automobile, hand lotion or bananas.

The EuroParl report by Greek MEP Stavros Lambrinidis criticized the proposed French ‘three strikes and your out’ rule that boots people off the internet after the third illegal download. Detection of these dastardly criminals is provided by DPI. “Governments or private companies,” said Lambrinidis, “should not see the denial of access as a means of imposing sanctions.”