At least 186 EU ISPs use deep-packet inspection to shape traffic, break net neutrality
Despite net neutrality regulation being in effect in the EU since 2016, European internet service providers are already breaking the rules and shaping traffic, according to a conglomerate of NGOs, academics, and private companies.
Earlier this week, this group — made up of 45 entities from 15 countries — has sent an open letter to EU authorities expressing concerns about European ISPs breaking net neutrality rules, and local regulators ignoring their actions.
The letter was sent as European authorities are in the midst of negotiations on the EU’s new net neutrality rules. These negotiations are currently being held behind closed doors with national telecom regulators.
The group of NGOs and academics, spearheaded by the European Digital Rights (EDRi) organization, are worried that “some telecom regulators appear to be pushing for the legalisation of DPI [deep packet inspection].”
The EDRi is worried about the increased usage of deep-packet inspection technology as a whole, because this technology allows ISPs to shape traffic and enforce tiered pricing plans, but it also poses a threat to user privacy, as it allows telcos a deeper look at the sites users are accessing.
Some EU ISPs already breaking the rules
The current net neutrality rules allow European ISPs to inspect and shape traffic under certain circumstances, but only for network resource optimization, and not for commercial or surveillance purposes.
The EDRi points out in its letter that EU ISPs are already ignoring net neutrality rules, and, for the past years, have been deploying DPI to examine customer traffic and detect intended traffic destinations.
EDRi cited a report published in January 2019, which found that 186 European ISPs appeared to be using DPI to offer customers differential pricing offers.
“[ISPs] are increasingly using DPI technology for the purpose of traffic management and the differentiated pricing of specific applications or services (e.g. zero-rating) as part of their product design,” the EDRi and partners said.
“DPI allows [ISPs] to identify and distinguish traffic in their networks in order to identify traffic of specific applications or services for the purpose such as billing them differently throttling or prioritising them over other traffic.”
“Most regulators have so far turned a blind eye on these net neutrality violations. Instead of fulfilling their enforcement duties, they seem to now aim at watering down the rules that prohibit DPI,” the EDRi said.
DPI should not be legalized
If ISPs get exemptions to use DPI technology legally, the fear is that telcos might use it as a legal loophole to mask tiered pricing plans as mundane traffic management operations and bypass any current net neutrality rules.
Further, the EDRi warns about the huge threat DPI poses to EU users’ privacy, as it would also allow telcos access to user data without their consent, under the guise of “approved” traffic management operations.
European authorities are expected to hold a public consultation on new net neutrality rules in the autumn of 2019. The EU’s revised net neutrality rules are expected to come under vote in March 2020. The EDRi and its partners hope DPI will not be legalized, and effectively neuter both net neutrality and EU privacy legislations.