Feeds

Phorm failed to mention 'illegal' trials at Home Office meeting in 2007

Just fancy that!

Beginner's guide to SSL certificates

Exclusive The Home Office held a private meeting with Phorm in August last year, but BT's interception and profiling partner did not disclose that it had completed an allegedly illegal trial of its technology on tens of thousands of unwitting broadband subscribers just weeks earlier.

Senior civil servant Andrew Knight revealed the meeting had taken place in a response to a Freedom of Information Act (FOI) request from a member of the public, passed to The Register. Today, the Home Office said it had no knowledge of the secret interceptions until we revealed the 2007 trial on 27 February and the 2006 trial on 1 April this year. BT reps were not present, Knight's note implied.

The Home Office refused to disclose further details of who was present at the August 2007 meeting with Phorm, how it was arranged, or what was discussed, saying that the information remained the subject of an ongoing FOI inquiry.

The trials have been widely branded a criminal interception on a grand scale, under the Regulation of Investigatory Powers Act 2000 (RIPA). Phorm refers all questions on the legality of the action to BT, which in turn refuses to comment beyond stating that it took legal advice.

In response to our questions about its meeting with the Home Office, Phorm said in a written statement: "We have been entirely open on our consultations with stakeholders across the industry and that part of this process included a meeting, at our request, with the Home Office."

A Phorm spokesman said during a phone call that it would not discuss what it had told the Home Office or the reasons for those choices. "We've made our statement and that's all we're going to say," he said.

Nicholas Bohm, an expert on interception law at the Foundation for Information Policy Research, an internet policy think-tank which has called for BT to be prosecuted, said: "It's surprising that Phorm didn't think it was relevant to tell the Home office what they had been up to. You have to wonder whether they were certain about the propriety of what they had done with BT."

Several months after the meeting took place, in January 2008, Phorm and BT requested legal advice from the Home Office. It was written by Knight's colleague Simon Watkin, who came to the published conclusion that the advertising targeting system might be within current law if full consent was obtained from broadband subscribers. No attempt to get customer consent was made by BT during either the 2006 or 2007 trial.

To tell or not to tell

Phorm's failure to disclose the fact it had carried out the interceptions without consent suggests three possible conclusions.

Obviously, it would be understandable for anyone who knew they had broken the law on a grand scale to keep that fact on the down-low when talking to the government department charged with ensuring that those laws are enforced.

A second possibility is that the legal advice BT claims it took went against the the opinion of the Home Office's own RIPA expert and all other legal opinion we've heard over the last three months, and so Phorm didn't feel it needed to mention the trials.

Finally, perhaps in its keenness to rise from the ashes of its spyware business, Phorm forgot to consider the law.

Yet the Home Office has disavowed any responsibility for pursuing transgressions of RIPA, even on this scale, so why not just toss it into the conversation? Phorm has not been shy about its ability to "see the entire internet" now that it is looking for publishers and advertisers to join its targeting network.

Authorities including the police and Information Commissioner have so far not investigated the events of Autumn 2006 and July 2007. Private individuals who believe their broadband line was subject to the secret wiretapping still have several legal avenues open to them, including the right under RIPA to pursue a private prosecution. ®

Bootnote

We tried to obtain an interview today with Andrew Knight via a direct email approach. A Home Office press officer called soon after to say that "I'm not impressed by that... you [El Reg] do not do that, you come through us. If you do you will not get any response [at all to your queries]".

We asked if it was Home office policy to threaten journalists with excommunication if they try talking to senior civil servants. "No," she said. "It's just the way it is."

Secure remote control for conventional and virtual desktops

Whitepapers

Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.