Virgin to Inspect your Packet

P2P system to monitor 40 percent of accounts

Virgin Media is to start monitoring the internet accounts of 40 per cent of its customers in a bid to determine the level of illegal filesharing on its network, according to a report on The Register.

An application called CView will be used to scan network traffic to identify peer-to-peer packets. These packets will then be inspected to see whether or not the data within includes material which is subject to copyright according to information provided by the record industry.

Virgin is not planning to inform the customers whose accounts are being checked, because, according to a spokesperson: “It would be counter-productive because it doesn’t affect customers directly”.

He also noted that individual customer records would not be kept and that the data generated would be anonymised. However, the CView system uses the same technology as Phorm, which was widely condemned when used by BT to surreptitiously gather data on its customers without their knowledge, and the Virgin trial is likely to be equally as controversial.

Civil rights group Privacy International has responded to Virgin’s actions with the following (abridged) statement:

The global watchdog organisation Privacy International today expressed its deep concern  at the revelation that Virgin Media is about to commence a trial of Deep Packet Inspection technology by Detica, known as CView.

It has been reported in the press that Virgin Media is planning to deploy the trials across 40% of its customer base without either obtaining a warrant or seeking the consent of all parties involved in the communications.

Under the Privacy and Electronic Communications (EC Directive) Regulations (PECR) and the Regulation of Investigatory Powers Act (RIPA) as well as the European ePrivacy Directive, that interception and processing of communications requires either explicit informed consent from all parties or a warrant.

We would also remind the UK Government that it is already subject to Stage 2 of Infringement Proceedings by the European Commission for failing to address the issue of interception of communications data when Phorm Inc. trialled similar Deep Packet Inspection technology with BT Group PLC.  In 2006/2007 for the purpose of behavioural advertising.

It should be noted that there is no exemption in the regulations for the purpose of detecting illicit copyright infringement – and indeed in such cases where interception is being used for law enforcement, a warrant is required.

We are further concerned that such a system generates a paradigm shift with regards to the balance of justice.  Virgin Media’s plans assume that all consumers are guilty of copyright infringement until their communications data proves otherwise – whereas the onus should be on the injured parties to provide their own evidence that an infringement has occurred.

Another concern is that such technology will only lead prolific infringers to move to Dark Nets, Open WiFi networks and Encryption.  This will result in a catastrophic number of false positives.

Privacy International is currently drafting complaints to the Information Commissioner’s Office and the European Commission on this matter.  We would ideally file a complaint to the Interception Commissioner, but as has been highlighted by the European Commission’s Infringement Action, the UK has failed to meet the requirements of the EU Directive in appointing one for private sector RIPA violations.

Privacy International will pursue all avenues available to ensure that such privacy infringements will not be permitted to continue.