I've said before that I view DPI as useful for certain things - spotting denial-of-service attacks, throttling bandwidth consumption that seriously threatens network integrity etc. But I don't buy the idea that it can be used to identify individual applications & block/charge accordingly.
There's a bunch of reasons for this, including what happens when you put traffic into a VPN or encrypt it, or you use XML objects that could be used by 15 different applications.
Another good one is MySpace, which is a "meta-service" which can comprise 20+ different bits & pieces of software, application & service amalgamated on a single page. You try explaining to a customer why it costs them double to view Sarah's page than Eric's, just because hers has a short video clip delivered by a new streaming service that someone had tagged as "VoIP" or "P2P.
I think this is the ultimate problem for operators leaning towards the more "fundamentalist" end of the Net Neutrality spectrum. Let's say I get a bill which contains an extra £2 for using a prohibited streaming or VoIP "service". I call up the helpline and say "No I didn't use that". It cuts no legal ice as far as I can see, to say "our DPI box caught this stream of packets and it looks like it's Skype". Just because something "looks" like Skype, that's not a call detail record, or "proof of purchase" - it's a vague, automatically-generated photofit. It could be anything - some new non-VoIP application that someone's made to look like Skype. It could be a new thing that Skype's invented which isn't VoIP at all. It could be someone else initiating a Skype call to me. And so on.
I can't see too many regulators being happy about carriers billing customers based on things they suspect without a proper audit trail.
Bottom line.... I still can't be bothered to get worked up about Net Neutrality. It doesn't work, many supposed network policies are probably legally unenforceable, and all it takes is 1% of customers to query their bills & the whole thing falls apart in a world of customer service opex pain. DPI's fine for the big tasks like protecting the network - nobody's going to argue that one. But for fine-grain application and service discrimination and billing? No way.