ISP advertising and behavioral privacy

The Center for Democracy and Technology discusses aspects of behavioral advertising on your ISP:

Here is how the basic ISP model works: ad networks that partner with ISPs potentially gain access to all or substantially all of an individual’s Web traffic as it travels through the ISP’s infrastructure, including traffic to all political, religious, and other non-commercial sites. While traditional ad networks may be large, few (if any) provide the opportunity to collect information about an individual’s online activities as comprehensively as in the ISP model, particularly with respect to activities involving non-commercial content. These companies use what is known as “deep packet inspection” technology to collect information as consumers surf the Web. (Bits of data that consumers send back and forth on the Internet are known as “packets.”) Although we have yet to see it in action, these new ad networks also have the potential to mine emails, chats, file transfers, financial information, and many other kinds of data for targeting purposes.

While the creators of these systems have taken steps to disassociate data from the individual as it is captured, the use of Internet traffic content for behavioral advertising still defies expectations about what happens when a person uses the Web and communicates online. Absent unmistakable notice, consumers simply do not expect their ISP or its partners to be looking into the content of their Internet communications.

Additionally, independent analyses of existing systems have revealed that these systems engage in an array of practices that are inconsistent with the usual flow of Internet traffic, by virtue of their ability to intercept traffic in the middle of the network and track individual Internet users. This kind of conduct has the potential to create serious security vulnerabilities in the network, hamper the speed of users’ Internet connections, and interfere with ordinary Web functionality.