Deep Packet Inspection

From the Nov. 2008 Issue

When it comes to morality, technologies tend to be pretty neutral. Only when people make use of the technologies do they tend to emerge as good or evil. Nuclear technology produced both power plants and powerful bombs. Gutenberg’s printing press enabled the mass production of Bibles and of pornography.

And then there is Deep Packet Inspection (DPI). DPI is a technology used to inspect the packets of information that travel across the Internet. A more extensive examination than a simple “Packet Inspection,” which looks only at the headers of each packet for information, DPI is increasingly used to examine the protocols and data within each packet.

Such deep packet inspections can be used for enormous good. They can spot spam and viruses, shuttling them off the network for further inspection or quarantine, thus making them an essential defense against increasingly sophisticated Internet attacks. But the same deep inspection can be used for targeted advertising, data mining, eavesdropping and censorship.

And that’s a problem for tax and accounting professionals in private practice.

Accountants, like many other professionals, rely heavily on their guarantees of confidentiality. Even when using web-based accounting and payroll tools, there is an understanding and bond that requires that client data be safeguarded.

But Congress is wrestling with the extent to which deep packet inspection can and should be used in support of law enforcement (with or without a warrant) and other activities. This means that in the very near future it may be possible for anyone to identify and read packets of information over the Internet. And while this doesn’t yet mean that they can piece together data to read a complete tax return or filing, the possibility can’t be ruled out for the future.

The prudent accountant, particularly one who uses the public Internet for client communications and web-based accounting services, should begin now to look for ways to protect the bond of client confidentiality. And that generally means making use of three technologies for data protection: