Feeds

BT's secret Phorm trials open door to corporate eavesdropping

Government bumbling exposes oversight gap

The Essential Guide to IT Transformation

The government has refused to investigate BT's covert wiretapping of thousands of its customers in 2006 and 2007, despite its own expert's view that without consent Phorm's advertising targeting technology is a breach of criminal law.

Whitehall's willingness to turn a blind eye to the fact that tens of thousands of people were spied on by big business in order to serve up targeted marketing has angered web users. "I'm absolutely sickened and appalled," Pete John, who has tried to interest authorities, told The Register this week.

BT customers who have attempted to report the secret listening and profiling experiments to the police have been told to approach the Home Office. One was subsequently told over email by an official: "It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission."

The Home Office advice to BT and Phorm meanwhile, written by civil servant Simon Watkin, says a proposed Phorm deployment may be legal under RIPA only if consent is obtained.

BT and Phorm did not obtain any consent for either the autumn 2006 or the summer 2007 trial. The technical report on the earlier secret wiretap states: "The customers who participated in the trial were not made aware of this fact as one of the aims of the validation was not to affect their experience."

The pair claim the two trials were legal under UK law, but refuse to provide any explanation as to why. BT says it doesn't know which of its customers it co-opted into the system.

A Home Office spokesman told The Register yesterday that responsibility for infringements of the Regulation of Investigatory Powers Act 2000 (RIPA) lies with the the Investigatory Powers Tribunal.

However, the tribunal only has powers to investigate eavesdropping carried out on behalf of law enforcement, not commerce. Its website states: "The tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA."

Liberal Democrat shadow culture, media and sport secretary Don Foster blasted the Home Office's brick wall stance today. "It is clear the government is completely confused over who has responsibility for this matter. The Information Commissioner's Office and the public have expressed considerable concerns and it is time for the Government to stop passing the buck and deal with the matter immediately," he said.

"The Home Office needs to step up to the plate and decide whether BT's secret technical tests were legal and, if not, decide what will be done about them."

Foster is meeting BT executives next week to question them on the trials.

The Information Commissioner's Office (ICO) is meanwhile investigating the tests for alleged breaches of the Data Protection Act and Privacy and Electronic Communications Regulations, but not the alleged criminal wiretap under RIPA. The ICO's work is based on a complaint from Stephen Mainwaring, the BT Business customer in Weston-super-Mare that we revealed was misled by his ISP over its involvement with Phorm last summer.

In its broad public statement on Phorm, the ICO also referred the question of an illegal interception under RIPA to the Home Office. It wrote: "The Home Office is responsible for compliance with RIPA, and Phorm has approached the office directly and had a written response."

But as we've seen, that response referred to a proposed deployment, not historical secret interceptions. The internet legal think tank FIPR has described the RIPA case against the trials as "clear cut".

The Home Office's spokesman, however, disavowed any responsibility for holding the pair to account for eavesdropping on what is now known to be between 38,000 and 108,000 customers. "The tribunal is there for people who have a complaint," he said. We pointed out that the interception tribunal only has jurisdiction over law enforcement. The Home Office refused to say where people can go to report that they believe they have been illegally eavesdropped upon by a company.

The spokesman repeatedly said the Home Office "has made a statement and won't be adding to it".

Pete John raged: "BT and Phorm seem to be above the law. No one wants responsibility for enforcing complaints against ISPs. ICO say the Home Office. The Police say the Home Office. The Home Office say they have no investigative role." ®

The Essential Guide to IT Transformation

More from The Register

next story
Trying to sell your house? It'd better have KILLER mobile coverage
More NB than transport links to next-gen buyers - study
iWallet: No BONKING PLEASE, we're Apple
BLE-ding iPhones, not NFC bonkers, will drive trend - marketeers
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Speak your brains on SIGNAL-FREE mobile comms
Readers chat to the pair who flog the tech
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Maximize storage efficiency across the enterprise
The HP StoreOnce backup solution offers highly flexible, centrally managed, and highly efficient data protection for any enterprise.