Barbara Miller co-authored this post.
A few years back, the use of deep packet inspection software – software that examines individual data packets in a broadband transmission – to deliver targeted advertising was a hot topic in regulatory and privacy circles. Those activities spawned a series of cases against the DPI companies and their Internet Service Provider (“ISP”) partners. In one such case, the ISP just won an important victory closing a potentially troublesome area of liability. On December 28, 2012, in Kirch v. Embarq Management Co, the Tenth Circuit held that an ISP was not liable under the Electronic Communications Privacy Act of 1986 (“ECPA”) for authorizing an online advertising company to collect and use certain customer electronic information for the purpose of targeted direct online advertising. This ruling effectively ends this particular case against Embarq and likely will close a chapter in the deep-packet inspection saga. However, because the Tenth Circuit’s finding is closely tied to the facts of this case, ISPs should carefully consider potential liability under the ECPA for any actions involving the collection of customer information for purposes other than provision of ISP services.