Feeds

FIPR: ICO gives BT 'green light for law breaking' with Phorm

Wikipedians smell a rat on Phorm-friendly edits

Next gen security for virtualised datacentres

The Foundation for Information Policy Research (FIPR) has slammed the Information Commissioner Office's (ICO) for glossing over doubts over the legality of Phorm's advertising targeting in its public statement on the controversial company.

The ICO released a long-awaited statement on Phorm (pdf) on Friday. It said: "[Phorm] assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users. Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users."

The comments have angered many who have followed the controversy over the last month and a half.

Nicholas Bohm, FIPR's general counsel, said on Sunday: "[BT] appear to ignore the fact that they can only legalise their activity by getting express permission not just from their customers, but also from the web hosts whose pages they intercept, and from the third parties who communicate with their customers through web-based email, forums or social-networking sites.

"We sincerely hope that the Information Commissioner will reconsider what appears to be a green light for lawbreaking."

The ICO said it will monitor BT's imminent third trial of Phorm with 10,000 volunteers. Its statement makes no mention of the two trials in 2006 and 2007 that intercepted and profiled the web browsing of tens of thousands of BT customers without their consent.

Neither BT or Phorm have explained why they believe the fully deployed system will be legal, or why that the secret trials were legal, beyond that their lawyers say so.

Meanwhile a battle over the Wikipedia article on Phorm began on Friday, with suspicious forum posters at Badphorm charging interference by self-interested parties. Widespread criticisms of Phorm were censored in a revision to the entry and more "on message" PR-type statements were inserted.

Wikipedians quickly moved to revert the changes to the article. You can compare the different versions here. The apparently Phorm-friendly edits included removing BT's admission that it misled customers and the media over its second secret Phorm trial, conducted in summer 2007.

A quote from The Guardian's advertising manager Simon Kilby where he explained the paper's decision to withdraw from negotiations to join Phorm's advertising network on ethical grounds was also censored from a BT IP address. It read: "Our decision was in no small part down to the conversations we had internally about how this product sits with the values of our company."

The Phorm-friendly edits have been traced* to an IP address range assigned to BT, although this does not imply its direct involvement.

BT denied the Badphorm posters' allegations today. A spokesman said: "It's nothing to do with BT PR. We haven't been involved with amending any Wikipedia entry on Phorm."

"BT employs 100,000 people."

Separately, a technical analysis of Phorm's technology by Cambridge University security researcher Richard Clayton has been released. Based on a lengthy consultation at the company's London offices, it confirms the FIPR's view that the final deployment will be illegal, because no consent is obtained from webmasters to profile the pages they send to users.

Clayton wrote:

Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception as defined by S1 of the Regulation of Investigatory Powers Act 2000.

Phorm argue, with some justification, that their system does not permit them to identify individuals and that they meet and exceed all necessary Data Protection regulations - producing a system that is superior to other advertising platforms that profile Internet users.

Mayhap, but this is to mix up data protection and privacy.

Phorm says that of course I can opt out - and I will - but just because nothing bad happens to me doesn't mean that the deploying the system is acceptable.

You can read Clayton's report and accompanying blog post here.

Meanwhile, a petition on the Downing Street website arguing that Phorm's technology is inherently invasive has now passed the 10,000 signature mark. ®

The essential guide to IT transformation

More from The Register

next story
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
Don't call it throttling: Ericsson 'priority' tech gives users their own slice of spectrum
Actually it's a nifty trick - at least you'll pay for what you get
Three floats Jolla in Hong Kong: Says Sailfish is '3rd option'
Network throws hat into ring with Linux-powered handsets
Fifteen zero days found in hacker router comp romp
Four routers rooted in SOHOpelessly Broken challenge
Netflix swallows yet another bitter pill, inks peering deal with TWC
Net neutrality crusader once again pays up for priority access
New Sprint CEO says he will lower axe on staff – but prices come first
'Very disruptive' new rates to be revealed next week
US TV stations bowl sueball directly at FCC's spectrum mega-sale
Broadcasters upset about coverage and cost as they shift up and down the dials
Trans-Pacific: Google spaffs cash on FAST undersea packet-flinging
One of 6 backers for new 60 Tbps cable to hook US to Japan
Tech city types developing 'Google Glass for the blind' app
An app and service where other people 'see' for you
Canadian ISP Shaw falls over with 'routing' sickness
How sure are you of cloud computing now?
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.