Feeds

EU mulls intervention over BT's secret Phorm trials

Your views sought

Security for virtualized datacentres

The European Commission is considering intervening over the failure of UK data watchdogs to punish BT for the way it secretly co-opted tens of thousands of customers into trials of Phorm's profiling system to serve them targeted advertising.

At the end of May, the Information Commissioner's Office told Stephen Mainwaring, whose web browsing was tapped and profiled during the 2007 trial, that it would not pursue BT over alleged breaches of the European Privacy and Electronic Communications Regulations (PECR).

The ICO's letter claims that because it would have been hard for BT to explain to customers what it was doing with their broadband connections, regulators should let the secret trials pass. "Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT," the regulator wrote.

Now however, the European Commission is considering calling BT to account in lieu of a domestic response. A European Commission spokeswoman told The Register on Monday: "We are continuing to monitor this closely. If need be we will take action."

People who feel strongly about the trials or believe they were unwittingly profiled in 2006 or 2007 should write to Viviane Reding, the European Commissioner for Information Society and Media, the spokeswoman said. The Downing Street petition calling for government action has now passed the 14,000 signature mark.

Reding's spokesman told The Register: "This is first of all a matter for the UK authorities to deal with, as it is their responsibility to apply EU law in the UK."

"In case of incorrect application of EU data protection law by a national authority, the Commission could start infringement proceedings against the country concerned." He wrote that the European Commission does not currently have "indications that the UK authorities, in assessing the Phorm case, would have acted illegally".

Mainwaring now intends to approach Reding unless he receives a satisfactory response from the ICO to a complaint he has sent to it detailing objections to its response. He has asked regulators to reconsider their view that "there is no evidence that the trials generally involved significant detriment to individuals, or privacy risks to individuals". Mainwaring says he lost countless business hours attempting to identify the cause of unsusal activity on his BT Business broadband line, having been told by BT he most likely had a spyware infection.

He told us: "I believe the ICO is failing in its duty to protect personal information."

In a statement, the European Commission said: "The ePrivacy Directive [PECR] obliges Member States to ensure the confidentiality of communications and related traffic data through national legislation. In particular, they are required to prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than the users without their consent, which must be freely given, specific and informed indication of the user's wishes."

Anti-Phorm campaigners are set to picket BT's Annual General Meeting at the Barbican in London on the morning of 16 July. They will later hand a dossier of evidence to the Metropolitan Police in the hope that a criminal investigation will be launched under the Regulation of Investigatory Powers Act and Computer Misuse Act. Among the documents to be turned over is the internal BT report on the 2006 experiment that we revealed in April.

Conservative peer David Carnegie, the Earl of Northesk, backed the campaigners' bid to have BT fully investigated. "On the face of it the spirit if not the letter of the law has been breached," he said. "Criminally, I hasten to add. What's the point of having laws if they are not going to be enforced?"

He said that although police are under-resourced to deal with breaches of communications and computer laws, the BT trials are too significant an issue to be ignored.

BT maintains its statement that the advice it took ahead of the trials said they would be legal. Despite the ICO's view that it is impossible, BT aims to explain to customers what the Phorm "Webwise" system does when it begins a third trial, this time with permission, at some unspecified date soon. ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
'Serious flaws in the Vertigan report' says broadband boffin
Report 'fails reality test' , is 'simply wrong' and offers ''convenient' justification for FTTN says Rod Tucker
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
Apple Watch will CONQUER smartwatch world – analysts
After Applelocalypse, other wristputers will get stuck in
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.