Feeds

Phorm failed to mention 'illegal' trials at Home Office meeting in 2007

Just fancy that!

Choosing a cloud hosting partner with confidence

Exclusive The Home Office held a private meeting with Phorm in August last year, but BT's interception and profiling partner did not disclose that it had completed an allegedly illegal trial of its technology on tens of thousands of unwitting broadband subscribers just weeks earlier.

Senior civil servant Andrew Knight revealed the meeting had taken place in a response to a Freedom of Information Act (FOI) request from a member of the public, passed to The Register. Today, the Home Office said it had no knowledge of the secret interceptions until we revealed the 2007 trial on 27 February and the 2006 trial on 1 April this year. BT reps were not present, Knight's note implied.

The Home Office refused to disclose further details of who was present at the August 2007 meeting with Phorm, how it was arranged, or what was discussed, saying that the information remained the subject of an ongoing FOI inquiry.

The trials have been widely branded a criminal interception on a grand scale, under the Regulation of Investigatory Powers Act 2000 (RIPA). Phorm refers all questions on the legality of the action to BT, which in turn refuses to comment beyond stating that it took legal advice.

In response to our questions about its meeting with the Home Office, Phorm said in a written statement: "We have been entirely open on our consultations with stakeholders across the industry and that part of this process included a meeting, at our request, with the Home Office."

A Phorm spokesman said during a phone call that it would not discuss what it had told the Home Office or the reasons for those choices. "We've made our statement and that's all we're going to say," he said.

Nicholas Bohm, an expert on interception law at the Foundation for Information Policy Research, an internet policy think-tank which has called for BT to be prosecuted, said: "It's surprising that Phorm didn't think it was relevant to tell the Home office what they had been up to. You have to wonder whether they were certain about the propriety of what they had done with BT."

Several months after the meeting took place, in January 2008, Phorm and BT requested legal advice from the Home Office. It was written by Knight's colleague Simon Watkin, who came to the published conclusion that the advertising targeting system might be within current law if full consent was obtained from broadband subscribers. No attempt to get customer consent was made by BT during either the 2006 or 2007 trial.

To tell or not to tell

Phorm's failure to disclose the fact it had carried out the interceptions without consent suggests three possible conclusions.

Obviously, it would be understandable for anyone who knew they had broken the law on a grand scale to keep that fact on the down-low when talking to the government department charged with ensuring that those laws are enforced.

A second possibility is that the legal advice BT claims it took went against the the opinion of the Home Office's own RIPA expert and all other legal opinion we've heard over the last three months, and so Phorm didn't feel it needed to mention the trials.

Finally, perhaps in its keenness to rise from the ashes of its spyware business, Phorm forgot to consider the law.

Yet the Home Office has disavowed any responsibility for pursuing transgressions of RIPA, even on this scale, so why not just toss it into the conversation? Phorm has not been shy about its ability to "see the entire internet" now that it is looking for publishers and advertisers to join its targeting network.

Authorities including the police and Information Commissioner have so far not investigated the events of Autumn 2006 and July 2007. Private individuals who believe their broadband line was subject to the secret wiretapping still have several legal avenues open to them, including the right under RIPA to pursue a private prosecution. ®

Bootnote

We tried to obtain an interview today with Andrew Knight via a direct email approach. A Home Office press officer called soon after to say that "I'm not impressed by that... you [El Reg] do not do that, you come through us. If you do you will not get any response [at all to your queries]".

We asked if it was Home office policy to threaten journalists with excommunication if they try talking to senior civil servants. "No," she said. "It's just the way it is."

Beginner's guide to SSL certificates

More from The Register

next story
Mighty Blighty broadbanders beg: Let us lay cable in BT's, er, ducts
Complain to Ofcom that telco has 'effective monopoly'
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Fujitsu CTO: We'll be 3D-printing tech execs in 15 years
Fleshy techie disses network neutrality, helmet-less motorcyclists
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
Ofcom tackles complaint over Premier League footie TV rights
Virgin Media: UK fans pay the most for the fewest matches
FCC: Gonna need y'all to cough up $1.5bn to put broadband in schools
Kids need more fiber, says Wheeler, and you'll pay for it
prev story

Whitepapers

Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
5 critical considerations for enterprise cloud backup
Key considerations when evaluating cloud backup solutions to ensure adequate protection security and availability of enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Protecting against web application threats using SSL
SSL encryption can protect server‐to‐server communications, client devices, cloud resources, and other endpoints in order to help prevent the risk of data loss and losing customer trust.