Feeds

BT's secret Phorm trials open door to corporate eavesdropping

Government bumbling exposes oversight gap

Combat fraud and increase customer satisfaction

The government has refused to investigate BT's covert wiretapping of thousands of its customers in 2006 and 2007, despite its own expert's view that without consent Phorm's advertising targeting technology is a breach of criminal law.

Whitehall's willingness to turn a blind eye to the fact that tens of thousands of people were spied on by big business in order to serve up targeted marketing has angered web users. "I'm absolutely sickened and appalled," Pete John, who has tried to interest authorities, told The Register this week.

BT customers who have attempted to report the secret listening and profiling experiments to the police have been told to approach the Home Office. One was subsequently told over email by an official: "It is important to remember that private companies such as ISPs are allowed to do certain things under section 3 of [the Regulation of Investigatory Powers Act] that Law Enforcement Agencies cannot do without permission."

The Home Office advice to BT and Phorm meanwhile, written by civil servant Simon Watkin, says a proposed Phorm deployment may be legal under RIPA only if consent is obtained.

BT and Phorm did not obtain any consent for either the autumn 2006 or the summer 2007 trial. The technical report on the earlier secret wiretap states: "The customers who participated in the trial were not made aware of this fact as one of the aims of the validation was not to affect their experience."

The pair claim the two trials were legal under UK law, but refuse to provide any explanation as to why. BT says it doesn't know which of its customers it co-opted into the system.

A Home Office spokesman told The Register yesterday that responsibility for infringements of the Regulation of Investigatory Powers Act 2000 (RIPA) lies with the the Investigatory Powers Tribunal.

However, the tribunal only has powers to investigate eavesdropping carried out on behalf of law enforcement, not commerce. Its website states: "The tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA."

Liberal Democrat shadow culture, media and sport secretary Don Foster blasted the Home Office's brick wall stance today. "It is clear the government is completely confused over who has responsibility for this matter. The Information Commissioner's Office and the public have expressed considerable concerns and it is time for the Government to stop passing the buck and deal with the matter immediately," he said.

"The Home Office needs to step up to the plate and decide whether BT's secret technical tests were legal and, if not, decide what will be done about them."

Foster is meeting BT executives next week to question them on the trials.

The Information Commissioner's Office (ICO) is meanwhile investigating the tests for alleged breaches of the Data Protection Act and Privacy and Electronic Communications Regulations, but not the alleged criminal wiretap under RIPA. The ICO's work is based on a complaint from Stephen Mainwaring, the BT Business customer in Weston-super-Mare that we revealed was misled by his ISP over its involvement with Phorm last summer.

In its broad public statement on Phorm, the ICO also referred the question of an illegal interception under RIPA to the Home Office. It wrote: "The Home Office is responsible for compliance with RIPA, and Phorm has approached the office directly and had a written response."

But as we've seen, that response referred to a proposed deployment, not historical secret interceptions. The internet legal think tank FIPR has described the RIPA case against the trials as "clear cut".

The Home Office's spokesman, however, disavowed any responsibility for holding the pair to account for eavesdropping on what is now known to be between 38,000 and 108,000 customers. "The tribunal is there for people who have a complaint," he said. We pointed out that the interception tribunal only has jurisdiction over law enforcement. The Home Office refused to say where people can go to report that they believe they have been illegally eavesdropped upon by a company.

The spokesman repeatedly said the Home Office "has made a statement and won't be adding to it".

Pete John raged: "BT and Phorm seem to be above the law. No one wants responsibility for enforcing complaints against ISPs. ICO say the Home Office. The Police say the Home Office. The Home Office say they have no investigative role." ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.