It takes a certain chutzpah for the cable industry to tell Congress that deep packet inspection (DPI) gear is "pro-consumer" because it can block viruses and spam on the network, help ISPs plan their capacity upgrades, and help law enforcement wiretaps—all while avoiding mention of Comcast's "TCP reset packet" blocking of BitTorrent connections or Cox's plan to decide what priority its users' traffic should have.

But that's just what National Cable & Telecommunications Association (NCTA) head Kyle McSlarrow told Congress at a hearing yesterday, despite the hearing's focus on consumer issues arising from DPI technology.

Perhaps he didn't need to say much about these far more controversial uses of DPI, since Free Press policy director Ben Scott was also testifying at the hearing. Scott made sure to point out the examples of both Cox and Comcast, and threw in a few more (like NebuAd) to bolster his case that Congress might like to take a closer look at how the technology is being used.

The amazing thing about the hearing wasn't the fact that McSlarrow and Scott could sit only feet from one another without canceling each other out in some kind of matter/antimatter reaction; it was that Congress now cares about topics like DPI at all.

Congress has been taking an unusual interest in the Internet, due in large part to groups like Free Press and to grassroots uprisings like the one that occurred last week in response to Time Warner Cable's data cap plans. Sen. Chuck Schumer (D-NY) helped to end the TWC program, and Representatives like Ed Markey (D-MA) have used their committee positions to investigate companies like NebuAd and to discuss issues like net neutrality. DPI, the technology used in many throttling/blocking schemes (and deployed at all the major Canadian ISPs) has now captured Congress' fickle attention.

Predictable metaphors

Since Congress doesn't tend to understand such issues all that well, just about everyone in attendance trotted out the dreaded "postal system" analogy. Traditional routers look only at a packet's "envelope," while DPI gear opens up the packet and reads the "letter" inside. (Read our DPI primer for extensive background on the technology.)

The witnesses also stressed that it wasn't DPI itself that is evil, only the uses to which it might be put that could be bad. Scott said that "the technology itself is not necessarily problematic," while a network engineer said that "technologies are neither good nor bad, it's the uses we put them to use that matter." McSlarrow laid down a harmony track: "any technology can be used for either benign or nefarious purposes."

Consensus! Well, almost. Leslie Harris of the Center for Democracy & Technology (CDT) sounded a strong dissenting note, saying at the start of her remarks, "it is important to stress at the outset that all applications of DPI raise serious privacy concerns because all applications of DPI begin with the interception and analysis of Internet traffic."

Harris went on to make the case that Congress should jump directly into the debate, collecting information on DPI practices at the major ISPs, developing tech-neutral Internet privacy legislation, and passing network neutrality rules.

Who needs rules when you can hold hearings?

While Congress is unlikely to mull any sort of DPI-specific rules, general data privacy and protection legislation may be coming later this year. Rep. Rick Boucher (D-VA) chairs the Subcommittee on Communications, Technology, and the Internet. In remarks opening the hearing, he announced his "intention for the Subcommittee this year to develop legislation extending to Internet users that assurance that their online experience is more secure."

But even the mere fact of Congressional attention causes companies to take action and change policies. Last year's NebuAd hearings helped push the company into a new line of work, for instance. The Congressional emphasis on DPI, coupled with the FCC's own ruling against Comcast last year, are both likely to constrain certain uses of the technology even without new laws or regulations.

In other words, when Boucher says that DPI's "privacy intrusion potential is nothing short of frightening," those using DPI take notice, even without new rules.