Feeds

BT admits misleading customers over Phorm experiments

We know what you pimped last summer

Beginner's guide to SSL certificates

BT has admitted that it secretly used customer data to test Phorm's advertising targeting technology last summer, and that it covered it up when customers and The Register raised questions over the suspicious redirects.

The national telecoms provider now faces legal action from customers who are angry their web traffic was compromised.

Stephen Mainwaring, a BT Business customer in Weston-super-Mare, believes sensitive banking data relating to his online horse racing business was press-ganged into a trial of an unproven technology. He suffered sleepless nights after detecting the dodgy DNS requests, and said today: "It is very likely that I and others will take legal action against BT for what they did last summer."

In a statement, BT said: "We conducted a very small scale technical test of a prototype advertising platform on one exchange in June 2007. The test was specifically conducted to evaluate the functional and technical performance of the platform.

"Absolutely no personally identifiable information was processed, stored or disclosed during this trial. As with all service providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose."

Speaking to El Reg on Friday, Stephen agreed: "Absolutely, new technologies should be stringently tested, but not using mine and my customers' data. If they wanted to run a trial, they should have asked. I would have told them I did not want to be part of it.

"I note the statement, 'absolutely no personally identifiable information was processed, stored or disclosed'. That means that all my information was processed, stored or disclosed but the personal bits were filtered out. Clearly that was unlawful."

Stephen has already filed a complaint with the Information Commissioner's Office and is consulting on how to proceed through the courts with other BT subscribers who believe their connection was subject to illegal Phorm tests.

Today, he and a fellow BT customer also disputed the claim that only one exchange was involved in the covert testing.

Spike, a Reg reader based in Brighton and Hove, also noticed dodgy redirects of his web traffic last July to sysip.net, a domain owned by Phorm. He wrote about the mystery here at the time.

Spike and Stephen urged other BT customers who believe they may have been co-opted into last summer's secret trials to speak out.

We first asked BT about its relationship with Phorm in July 2007, when it was widely known as 121Media, a firm deeply involved in spyware. BT denied any testing and said customers whose DNS requests were being redirected must have a malware problem.

It wasn't until 14 February this year, when the deals between BT, Virgin Media and Carphone Warehouse to pimp customer web browsing were announced, that a cover-up was revealed. You can read the original story here.

BT's belated confession that it secretly used its customers' traffic to test the safety of ad targeting technology can only add to the distrust around Phorm, whose executive team includes a former BT Retail CTO. Several security firms have confirmed plans to classify Phorm's cookies - both for opting in and opting out of Webwise - as adware.

As part of its admission to the secret 2007 trials, BT also said it will follow Carphone Warehouse's lead and develop an opt-out that does not involve cookies and means no data will be mirrored to a profiling server, even if it is ignored. It follows serious concerns raised by experts on the Regulation of Investigatory Powers Act 2000 (RIPA) that Phorm's plan to use cookies to exclude people who opt-out is illegal.

BT repeated its insistence that the technology is legal, however. It said: "We are already developing an opt-out solution that would remove the need for opt-out cookies altogether. We have carried out significant due diligence in this area, and informed consent from our customers will satisfy the necessary legal requirements."

Yet some authorities on RIPA have argued that ISPs would also need permission from website owners to profile the content of their pages. BT has not responded to our questions on this point.

ISP data pimping has also invoked the ire of the Greatest Living Briton™. Today the BBC reports that Sir Tim Berners-Lee, inventor of the web, has spoken out against ISP ad targeting. He summed up public opposition to the system: "It's [web traffic] mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."

Meanwhile, the Downing Street petition against Phorm has now garnered almost 5,000 signatures.

Carphone Warehouse has said it will ensure that its subscribers are opted out of Phorm and Webwise by default. BT and Virgin Media have made no such promise.

You can follow all our reporting of Phorm over the last three weeks here. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Sea-Me-We 5 construction starts
New sub cable to go live 2016
Vodafone to buy 140 Phones 4u stores from stricken retailer
887 jobs 'preserved' in the process, says administrator PwC
BT claims almost-gigabit connections over COPPER WIRE
Just need to bring the fibre box within 19m ...
EE coughs to BROKEN data usage metrics BLUNDER that short-changes customers
Carrier apologises for 'inflated' measurements cockup
Comcast: Help, help, FCC. Netflix and pals are EXTORTIONISTS
The others guys are being mean so therefore ... monopoly all good, yeah?
Surprise: if you work from home you need the Internet
Buffer-rage sends Aussies out to experience road rage
EE buys 58 Phones 4u stores for £2.5m after picking over carcass
Operator says it will safeguard 359 jobs, plans lick of paint
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.