Back in November, UK ISP Virgin Media announced that it would start using deep packet inspection gear to start riffling through user traffic. The goal was to search some of the leading P2P networks in order to measure copyrighted material passing through them. Today, the European Commission indicated that the plan is problematic, and it will keep a close eye on the trial.

In the middle of last year, Virgin announced a stunning music plan: unlimited streaming and downloads of non-DRMed music files from Universal (with deals hopefully to come from other labels). The music would be part of your ISP subscription fee, and downloads would be yours to keep forever.

After giving Virgin permission to use the "carrot," though, labels wanted a bit more "stick" applied to users who continued to infringe copyright. Virgin had no real way to measure the effective rate of copyright infringement by its users, so in November 2009 it turned to Detica, a unit of European arms contractor BAE systems.

Detica developed a product named CView that, in the words of the company, "applies high volume, advanced analytics to anonymous ISP traffic data, and aggregates this information into a measure of the total volume of unauthorised file sharing."

The data appears to be "anonymous" only in the sense that it consists of IP addresses and not usernames. When deployed by an ISP, however, linking IP addresses to one's own user accounts is trivial.

Do ISPs even have the authority to install such systems on their network? "Anonymous" or not, DPI tools might be considered wiretap devices, and a group called Privacy International promptly complained to the European Commission about the issue (during the debates over a similar DPI-based ad-serving system called Phorm, the UK government made clear it would not do much to stop such trials).

Today, the European Commission indicated that it took the Privacy International complaint seriously and would watch Virgin's actions closely.

The BBC also went to Virgin, asked a couple of obvious questions about how CView would work, and elicited some amazing responses from an ISP spokesman.

"He admitted that potentially 40 percent of Virgin Media's customers could have their data scrutinised and confirmed that it has no plans to inform them beforehand. He also conceded that it would not be technically difficult to link up deep packet inspection technology with the IP addresses which would identify individuals but stressed that was not the plan currently."

Not informing your customers before scanning all of their Internet traffic—what could possibly go wrong?