Feeds

UK.gov misses deadline on EU Phorm probe

Commission's data pimping quiz-o-gram leaked

Combat fraud and increase customer satisfaction

Exclusive The government has failed to meet a deadline to respond to European Commission questions over the UK's handling of BT's allegedly illegal secret trials of Phorm's ISP-level adware and its planned rollout of the system to millions of subscribers, The Register has learned.

The Commission wrote to the UK government to quiz officials on why no action has been taken over the trials under the Privacy and Electronic Communications Regulations 2003 (PECR), which implement European Directives on wiretapping and communications data.

Fabio Colasanti

Fabio Colasanti

Contrary to reports last week, the letter was sent on 30 June, not mid-July. It required the UK to respond to the letter one month after it was sent, not by the end of August, as wrongly claimed by the BBC.

A spokeswoman for the Department for Business, Enterprise and Regulatory Reform (BERR) admitted today that the UK had not met the deadline. "We haven't responded yet," she said. The spokeswoman declined to comment further beyond saying that BERR is working on a reply with other departments.

We have obtained the EU's letter. It requests answers on how and why the UK government has acted over both the secret trials of Phorm in 2006 and 2007, and planned future deployments of the technology.

It sets out the context of the EU's interest in the controversy and asks detailed questions ahead of possible Commission intervention. Failure to implement a European Directive properly can land national governments in the European Court of Justice in Luxembourg.

"In order to provide the response that is expected from it, the Commission needs to base itself on a clear understanding of the position of the United Kingdom authorities," the letter says. "Several EU law provisions concerning privacy and electronic communications may be applicable."

It is signed by Fabio Colasanti, Director General of combative European Commissioner Viviane Reding's Information Society and Media Directorate. It is addressed to Kim Darroch, the UK's ambassador to the European Union. His office acts as a diplomatic conduit for contact between the UK government and the European Commission.

The letter concludes with five bullet-point questions for UK officials to answer. The majority focus on the uninvestigated trials revealed by The Register.

Campaigners and unwitting participants in those secret trials have been frustrated by the failure of any UK authority, including the Information Commissioner's Office (ICO), to investigate BT and Phorm for alleged lawbreaking. The ICO has stated that although it believes the data laws were breached when tens of thousands of BT customers' web browsing was co-opted into Phorm's systems, it does not intend to pursue the matter. BT has publicly insisted "it was not illegal".

But the Commission is also concerned about how Phorm's technology will behave once fully rolled out in ISP networks. In one passage, Colasanti queries the mismatch between the ICO's insistence on a positive opt-in for future deployments and Phorm's own line that consent will be obtained via "transparent meaningful user notice".

Phorm's language prompts Colasanti to ask: "What exactly will be the methodology followed by the ISPs in order to obtain their customers' consent for the deployment of Phorm technology in accordance with the relevant legal requirements and what is the United Kingdom authorities' assessment of this methodology?"

After the ICO toughened its stance on future Phorm deployments in April, the firm's CEO Kent Ertugrul has insisted that debate over opt-in versus opt-out is a "huge red herring".

Correspondence between Phorm and the ICO disclosed after a Freedom of Information Act (FOIA) request by a member of the public paints a different picture. The regulator's stance that only a positive opt-in would be allowed for any future deployment was not so readliy dismissed inside Phorm. A company representative wrote to the ICO: "[I] was a little surprised that in your latest statement you seem to have come down fairly firmly in favour of opt-in, but obviously I understand the issues. I'd very much welcome a quick chat on this point."

The ICO remains committed to a positive opt-in.

The EU's interrogative approach to the issue is in contrast to the secret liasons between the Home Office, BT and Phorm going back to November 2006. The government provided a legal opinion - which has since been heavily criticised by independent experts - on ISP-level adware that said it didn't think such systems would contravene the Regulation of Investigatory Powers Act 2000 (RIPA).

Colasanti wants to know which body would investigate a breach of RIPA.

BERR's spokeswoman said she was unable to explain why the government has not responded yet. ®

See the next page for the EU's letter in full.

High performance access to file storage

More from The Register

next story
Virgin Media so, so SORRY for turning spam fire-hose on its punters
Hundreds of emails flood inboxes thanks to gaffe
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
AT&T dangles gigabit broadband plans over 100 US cities
So soon after a mulled Google Fiber expansion, fancy that
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
Google looks to LTE and Wi-Fi to help it lube YouTube tubes
Bandwidth hogger needs tube embiggenment if it's to succeed
Turnbull gave NBN Co NO RULES to plan blackspot upgrades
NBN Co faces huge future Telstra bills and reduces fibre footprint
NBN Co plans fibre-to-the-basement blitz to beat cherry-pickers
Heading off at the pass operation given same priority as blackspot fixing
NBN Co in 'broadband kit we tested worked' STUNNER
Announcement of VDSL trial is not proof of concept for fibre-to-the-node
prev story

Whitepapers

Mainstay ROI - Does application security pay?
In this whitepaper learn how you and your enterprise might benefit from better software security.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.