Feeds

BT's secret Phorm trials open door to corporate eavesdropping

Government bumbling exposes oversight gap

Security for virtualized datacentres

The government has refused to investigate BT's covert wiretapping of thousands of its customers in 2006 and 2007, despite its own expert's view that without consent Phorm's advertising targeting technology is a breach of criminal law.

Whitehall's willingness to turn a blind eye to the fact that tens of thousands of people were spied on by big business in order to serve up targeted marketing has angered web users. "I'm absolutely sickened and appalled," Pete John, who has tried to interest authorities, told The Register this week.

BT customers who have attempted to report the secret listening and profiling experiments to the police have been told to approach the Home Office. One was subsequently told over email by an official: "It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission."

The Home Office advice to BT and Phorm meanwhile, written by civil servant Simon Watkin, says a proposed Phorm deployment may be legal under RIPA only if consent is obtained.

BT and Phorm did not obtain any consent for either the autumn 2006 or the summer 2007 trial. The technical report on the earlier secret wiretap states: "The customers who participated in the trial were not made aware of this fact as one of the aims of the validation was not to affect their experience."

The pair claim the two trials were legal under UK law, but refuse to provide any explanation as to why. BT says it doesn't know which of its customers it co-opted into the system.

A Home Office spokesman told The Register yesterday that responsibility for infringements of the Regulation of Investigatory Powers Act 2000 (RIPA) lies with the the Investigatory Powers Tribunal.

However, the tribunal only has powers to investigate eavesdropping carried out on behalf of law enforcement, not commerce. Its website states: "The tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA."

Liberal Democrat shadow culture, media and sport secretary Don Foster blasted the Home Office's brick wall stance today. "It is clear the government is completely confused over who has responsibility for this matter. The Information Commissioner's Office and the public have expressed considerable concerns and it is time for the Government to stop passing the buck and deal with the matter immediately," he said.

"The Home Office needs to step up to the plate and decide whether BT's secret technical tests were legal and, if not, decide what will be done about them."

Foster is meeting BT executives next week to question them on the trials.

The Information Commissioner's Office (ICO) is meanwhile investigating the tests for alleged breaches of the Data Protection Act and Privacy and Electronic Communications Regulations, but not the alleged criminal wiretap under RIPA. The ICO's work is based on a complaint from Stephen Mainwaring, the BT Business customer in Weston-super-Mare that we revealed was misled by his ISP over its involvement with Phorm last summer.

In its broad public statement on Phorm, the ICO also referred the question of an illegal interception under RIPA to the Home Office. It wrote: "The Home Office is responsible for compliance with RIPA, and Phorm has approached the office directly and had a written response."

But as we've seen, that response referred to a proposed deployment, not historical secret interceptions. The internet legal think tank FIPR has described the RIPA case against the trials as "clear cut".

The Home Office's spokesman, however, disavowed any responsibility for holding the pair to account for eavesdropping on what is now known to be between 38,000 and 108,000 customers. "The tribunal is there for people who have a complaint," he said. We pointed out that the interception tribunal only has jurisdiction over law enforcement. The Home Office refused to say where people can go to report that they believe they have been illegally eavesdropped upon by a company.

The spokesman repeatedly said the Home Office "has made a statement and won't be adding to it".

Pete John raged: "BT and Phorm seem to be above the law. No one wants responsibility for enforcing complaints against ISPs. ICO say the Home Office. The Police say the Home Office. The Home Office say they have no investigative role." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
Shades of Mannesmann: Vodafone should buy T-Mobile US
Biting the bullet would let Blighty-based biz flip the bird at AT&T
Drag queens: Oh, don't be so bitchy, Facebook! Let us use our stage names
Handbags at dawn over free content ad network's ID policy
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.