I’m with you that the international analogy strains the metaphor, and quickly begins to cloud its initial usefulness. Re: your questions. I prepared an introductory paper on the legalities, and expected legislation-types, that will likely follow in the next few years to begin thinking through the differences between corporate and government uses of DPI. As you mention, I expect that government uses of DPI would be legitimated (likely under national security or policing terms), whereas non-governmental uses may not. In Canada, we’ll soon see if its legal for private corporations to manage networks using DPI technology, and in the US we’ve seen the NebuAd debate start to sour regulators’ tastes for DPI. What the consequences will be in either country remains to be seen.

Thus, I think that we begin by asking “Is DPI legal?” and, if so, under what contexts? Can/should we be making a distinction between ‘citizens’ and ‘aliens’, and if so, how do we avoid examining citizens’ data as it courses through networks and only examine aliens’. At the moment, I can’t imagine how this could be done. Can you think of any international law that is binding that would preclude the use of DPI?

As for whether it’s good public policy, I think that the question quickly turns on who’s definition of ‘good’ and ‘public policy’ we’re speaking about. I tend to focus on citizens first, and ask whether DPI is good for them – is the possibility to manipulate packets based on application-layer data a good thing, or does it run the risk of doing more harm than good? I still don’t know exactly where I lie on this – I’ve ideas, but nothing 100% firm at this point. At the moment, my own worry is that DPI could operate as a massive threat to individuals’ privacy, and their perception of the technologies’ possibilities (regardless of how it is actually deployed in practice) could undermine the communicative freedoms that ground democracies.

If, on the on the other hand, we’re referring to good public policy for businesses (i.e. good in a cost/benefit analysis), then it’s likely a good thing for them – they can control data flows, comply with data capture legislation such as CALEA, etc. Whether DPI is the best equipment for this task is another question, and one that I lack an answer to at the moment.

So, what questions am I interested in? In addition to those above, a few are:
(1) Is DPI legal in Canada and in the US?
(2) Under what conditions is it permissible to deploy DPI in business operations (e.g. at the perimeter), and what can/should be done to data coming in and out of these networking spaces?
(3) What, empirically, is built into calculations of whether or not to deploy DPI equipment in large networking environments – what are thresholds that motivate networking groups to use these technologies?
(4) If DPI is legal to use generally, then what social responsibilties (if any) should telcos assume, given that they are rapidly becoming the gatekeepers of all of our data? By integrating ‘intelligence’ into the network, is their relationship with customer/citizen data changing, and if so, how?
(5) Should something be done to require ISPs to openly disclose their use of DPI, and should they be permitted to apply DPI processes to wholesalers as well as retail customers?
(6) What are telcos’ worries surrounding the use of DPI, if any?

Admittedly, several of those are fairly ‘basic’ questions (e.g. #6), but questions that would let me then approach broader question: ‘can we perceive this technology as facilitating, or undermining, a democratic (in Canada) or republican (in the US) system of governance that is predicated on freedom of expression?’

Is DPI Legal?
Locally vs. extra-territorially vs. at the border
As applied to citizens vs. aliens
According to statutory law?
According to Constitutional law?
According to International Law?

Is DPI Good Public Policy? Ie, cost-benefit analysis.
…as applied to private entities?
…as applied to State actors?

So, which of the many permutations of those options are we asking? The question, properly asked, will inform an appropriate analogy.

You raise good points! What are your thoughts if we think of ‘sending mail’ as ‘sending packages’ internationally? When I mail something across country lines, I’m required by Canada Post to declare what is in it – this isn’t a new practice. If I do lie and the package is inspected by customs, then I can have various nasty things happen to me. Given that packets travel internationally, maybe this kind of ‘postal model’ might be more appropriate?

Note that I’m not trying to doggedly stand by the analogy, but rather just have a good talk and though about it *grin*. Thanks for the comment!

And that brings me to the second point. In this analogy, the post office would have been delivering letters for years, without a single one being labeled “fragile.” Then one day, they assert that they can no longer deliver packages unless they’re properly labeled “fragile.” And if we don’t label the packages, they’ll take a peek inside to see whether their fragile or not.

Perhaps there’s a little hyperbole there, but I think it strikes at the root of any weaknesses in the analogy.