Feeds

Phorm agrees to independent inspection of data pimping code

But what's a privacy group doing in bed with it anyway?

Boost IT visibility and business value

Phorm has agreed to allow an independent software expert to inspect its source code as it continues to battle the firestorm provoked by agreements with BT, Virgin Media and Carphone Warehouse to let it build profiles of their broadband customers' web browsing.

It seems a move by the battered firm to try to win some public trust. The identity of the scrutineer has not been decided, but according to Simon Davies, a privacy campaigner who has become embroiled in the controversy because of consulting work he has done for Phorm, it has to be someone universally respected in UK security circles. "Someone like Ross Anderson or Richard Clayton," he suggested.

Both are leading computer security researchers at the University of Cambridge.

Phorm has tried to deflect scrutiny of its Russian-developed code by emphasising that the profiling hardware will be administered by the ISPs. This has not satisfied web users and website adminstrators who have been up in arms over the technology for three weeks now. More than 7,000 have signed a Downing Street petition against the technology.

Davies, a London School of Economics researcher best known as the founder of the pressure group Privacy International, has come under increasing criticism for his commercial role in the Phorm affair. A Privacy Impact Assessment (PIA) by his consulting company, 80/20 Thinking, has been repeatedly cited by Phorm to defend its system, prompting questions over Privacy International's independence.

It hasn't helped that Phorm itself seems confused over whose opinion it has paid for in the PIA. When The Register first became interested in the story, we were told on more than one occasion that Privacy International itself had praised the technology.

"This could all have been handled much better," Davies said.

Yesterday evening, he personally released the PIA to the media. In it, 80/20 Thinking raises, but does not answer many of the questions that have fired the debate. It reads: "Can cookies lead back to users in any way? Of course it is merely a unique identifier but a unique identifier can still be linked to individuals.

"Can an external attacker gain access to the required information to re-link the individual and the unique identifier?"

The report is dated 10 February, and Davies has since praised the system. Defending himself against criticism on the influential UK-Crypto mailing list, he wrote: "For what it's worth, we do believe the company [Phorm] has created some extremely interesting and privacy friendly technology. And in my view the company has gone above and beyond the norm to expunge personal data from its system."

Seven Steps to Software Security

More from The Register

next story
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Google Nest, ARM, Samsung pull out Thread to strangle ZigBee
But there's a flaw in Google's IP-based IoT system
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
'Two-speed internet' storm turns FCC.gov into zero-speed website
Deadline for comments on net neutrality shake-up extended to Friday
Oh girl, you jus' didn't: Level 3 slaps Verizon in Netflix throttle blowup
Just hook us up to more 10Gbps ports, backbone biz yells in tit-for-tat spat
Want to beat Verizon's slow Netflix? Get a VPN
Exec finds stream speed climbs when smuggled out
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.