In yet another invasion of privacy couched in the rhetoric of “but the consumer will benefit!” comes this story from the Washington Post.  Apparently, a small but growing number of ISPs are monitoring their users’ every click and keystroke.  The ISPs then harvest the data to determine a user’s interests and preferences and provide it to advertisers who make highly targeted pitches to the user.  I can see the pitch now:  “We’ve noticed that you’ve typed in the word “hemorrhoids” 12 times, searched Google 3 times, and visited 9 sites.  Here’s a coupon to try Preparation H for free.  It will stop the itch!”

      This monitoring is known as “deep-packet inspection” and it divides every aspect of a user’s data into packets that an ISP can analyze for content.   First, as a general matter, whenever I see anything with the words “deep” and “inspection” in a title, I get somewhat concerned without even having to read any further (similar to how the FBI first named its now infamous packet-sniffing software ”Carnivore,” but later changed it to the more benign-sounding “DCS1000″).  From a more substantive perspective, however, it represents a considerable escalation of an ISP’s ability to monitor its users.  Barring any legislative or regulatory action, it won’t be long until all ISPs engage in this practice.  According to the article, only 100,000 users are affected at the moment.

     As usual, the ISPs gain their users’ consent by burying the monitoring in their lengthy customer service agreements.  According to the article, one ISP—Knology—has a 27 page agreement and only makes vague reference to the system.  Few people actually have the time and energy to read them, and those that do will not necessarily understand them anyway.  The lawyers that draft them are not exactly known for their clarity, especially when it comes to a controversial subject such as this.  In fact, according to one Knology executive, there’s no violation of privacy at all.

     The article is silent as to how long an ISP actually retains all of this information, but presumably can retain it indefinitely.  And even if it doesn’t, once the information is disclosed and sold to advertisers, copies of it could continue to reside in cyberspace even if the ISP purges its records.  The article is also silent as to how such information could easily be disclosed to law enforcement or to parties involved in civil litigation.  So the march towards “zero privacy” continues. <sigh>