Centre for Internet & Society

The highly contentious and polarising debate on net-neutrality will have a large impact on shaping the future of the internet and ultimately on the users of the internet. One important issue which needs to be prioritized while debating the necessity or desirability of a legal regime which advocates net-neutrality is its implication on privacy.

The principle behind net-neutrality, simply put, is that the data being transmitted to and from the user should be treated equally, i.e. that data carriage, at the level of ISP’s, should be ‘dumb’. This would mean that internet service providers cannot discriminate between different data based on the content of the data. Without the principle of net-neutrality being followed, ISP’s would become the ‘internet gatekeepers’, choosing what data gets to reach the end-user and how. There are many arguments for favouring or disfavouring net-neutrality, however, advocates of privacy on the internet should be wary of the possible implications of endorsing a non-neutral internet and allowing greater network management by ISP’s. So, how does the net-neutrality debate affect privacy?

It all depends upon what kind of network management ISP’s employ. Deep Packet Inspection (DPI) is a method of data inspection which allows the network manager to scrutinize data at the application level, and in real time. As compared to shallow packet inspection, which identifies based on headers like IP addresses or protocols like TCP and UDP, which are analogous to envelopes on a letter, DPI would be akin to having access to the contents. DPI-based network management can identify the programs, software and applications being used, and what they are being used for in real time. Unlike any ordinary online service provider ISP’s are in the unique position of having comprehensive access to all of their customers’ data. Allowing DPI-based network management for prioritizing certain data or applications, an almost certain outcome if net-neutrality is weakened, would mean that ISP’s would be able to intercept and scrutinize any and all user data, which would reveal substantial information about the user, and would be a serious blow to privacy. While DPI can have several benefits in its application (such as finding and fighting malware or viruses), but where it is used, must be for a targeted and legitimate aim. Even where DPI is not used, if network discrimination is allowed, based on a user-to-user basis it would require inspecting the IP addresses of the user, which can also be a problematic intrusion of privacy, especially since the ISP also has other data like addresses and names of users which it can use to identify them.

Privacy may not necessarily be affected through non-neutral internet systems, but in all probability, with the growth of systems like the DPI and commercial incentives for “gatekeeper ISP’s” who are in a position to profit greatly from an ability to scrutinize and discriminate between data, it is likely that it will. In India, though government ISP’s like MTNL and BSNL deny using DPI,[1] it’s likely that it is still applied by others, and that the government is aware of this (http://www.theinquirer.net/inquirer/news/2161541/indian-isps-block-104-websites). Even as the TRAI advocates and supports net-neutrality, Indian ISP’s seem to be heading the other way.[2] Before the trend becomes the norm, it’s high time for a comprehensive discussion about how policies should be framed for keeping the internet a more neutral, and more private, space.


References

  1. Apar Gupta, TRAI(ing) to keep it neutral, http://www.iltb.net/2010/09/traiing-keep-it-neutral/
  2. For a lay discussion on Deep Packet Inspection and net-neutrality, visit http://arstechnica.com/gadgets/2007/07/deep-packet-inspection-meets-net-neutrality/
The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.