Feeds

EU mulls intervention over BT's secret Phorm trials

Your views sought

Internet Security Threat Report 2014

The European Commission is considering intervening over the failure of UK data watchdogs to punish BT for the way it secretly co-opted tens of thousands of customers into trials of Phorm's profiling system to serve them targeted advertising.

At the end of May, the Information Commissioner's Office told Stephen Mainwaring, whose web browsing was tapped and profiled during the 2007 trial, that it would not pursue BT over alleged breaches of the European Privacy and Electronic Communications Regulations (PECR).

The ICO's letter claims that because it would have been hard for BT to explain to customers what it was doing with their broadband connections, regulators should let the secret trials pass. "Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT," the regulator wrote.

Now however, the European Commission is considering calling BT to account in lieu of a domestic response. A European Commission spokeswoman told The Register on Monday: "We are continuing to monitor this closely. If need be we will take action."

People who feel strongly about the trials or believe they were unwittingly profiled in 2006 or 2007 should write to Viviane Reding, the European Commissioner for Information Society and Media, the spokeswoman said. The Downing Street petition calling for government action has now passed the 14,000 signature mark.

Reding's spokesman told The Register: "This is first of all a matter for the UK authorities to deal with, as it is their responsibility to apply EU law in the UK."

"In case of incorrect application of EU data protection law by a national authority, the Commission could start infringement proceedings against the country concerned." He wrote that the European Commission does not currently have "indications that the UK authorities, in assessing the Phorm case, would have acted illegally".

Mainwaring now intends to approach Reding unless he receives a satisfactory response from the ICO to a complaint he has sent to it detailing objections to its response. He has asked regulators to reconsider their view that "there is no evidence that the trials generally involved significant detriment to individuals, or privacy risks to individuals". Mainwaring says he lost countless business hours attempting to identify the cause of unsusal activity on his BT Business broadband line, having been told by BT he most likely had a spyware infection.

He told us: "I believe the ICO is failing in its duty to protect personal information."

In a statement, the European Commission said: "The ePrivacy Directive [PECR] obliges Member States to ensure the confidentiality of communications and related traffic data through national legislation. In particular, they are required to prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than the users without their consent, which must be freely given, specific and informed indication of the user's wishes."

Anti-Phorm campaigners are set to picket BT's Annual General Meeting at the Barbican in London on the morning of 16 July. They will later hand a dossier of evidence to the Metropolitan Police in the hope that a criminal investigation will be launched under the Regulation of Investigatory Powers Act and Computer Misuse Act. Among the documents to be turned over is the internal BT report on the 2006 experiment that we revealed in April.

Conservative peer David Carnegie, the Earl of Northesk, backed the campaigners' bid to have BT fully investigated. "On the face of it the spirit if not the letter of the law has been breached," he said. "Criminally, I hasten to add. What's the point of having laws if they are not going to be enforced?"

He said that although police are under-resourced to deal with breaches of communications and computer laws, the BT trials are too significant an issue to be ignored.

BT maintains its statement that the advice it took ahead of the trials said they would be legal. Despite the ICO's view that it is impossible, BT aims to explain to customers what the Phorm "Webwise" system does when it begins a third trial, this time with permission, at some unspecified date soon. ®

Internet Security Threat Report 2014

More from The Register

next story
Brits: Google, can you scrape 60k pages from web, pleeease
Hey, c'mon Choc Factory, it's our 'right to be forgotten'
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.