UK.gov misses deadline on EU Phorm probe
Commission's data pimping quiz-o-gram leaked
Exclusive The government has failed to meet a deadline to respond to European Commission questions over the UK's handling of BT's allegedly illegal secret trials of Phorm's ISP-level adware and its planned rollout of the system to millions of subscribers, The Register has learned.
The Commission wrote to the UK government to quiz officials on why no action has been taken over the trials under the Privacy and Electronic Communications Regulations 2003 (PECR), which implement European Directives on wiretapping and communications data.
Contrary to reports last week, the letter was sent on 30 June, not mid-July. It required the UK to respond to the letter one month after it was sent, not by the end of August, as wrongly claimed by the BBC.
A spokeswoman for the Department for Business, Enterprise and Regulatory Reform (BERR) admitted today that the UK had not met the deadline. "We haven't responded yet," she said. The spokeswoman declined to comment further beyond saying that BERR is working on a reply with other departments.
We have obtained the EU's letter. It requests answers on how and why the UK government has acted over both the secret trials of Phorm in 2006 and 2007, and planned future deployments of the technology.
It sets out the context of the EU's interest in the controversy and asks detailed questions ahead of possible Commission intervention. Failure to implement a European Directive properly can land national governments in the European Court of Justice in Luxembourg.
"In order to provide the response that is expected from it, the Commission needs to base itself on a clear understanding of the position of the United Kingdom authorities," the letter says. "Several EU law provisions concerning privacy and electronic communications may be applicable."
It is signed by Fabio Colasanti, Director General of combative European Commissioner Viviane Reding's Information Society and Media Directorate. It is addressed to Kim Darroch, the UK's ambassador to the European Union. His office acts as a diplomatic conduit for contact between the UK government and the European Commission.
The letter concludes with five bullet-point questions for UK officials to answer. The majority focus on the uninvestigated trials revealed by The Register.
Campaigners and unwitting participants in those secret trials have been frustrated by the failure of any UK authority, including the Information Commissioner's Office (ICO), to investigate BT and Phorm for alleged lawbreaking. The ICO has stated that although it believes the data laws were breached when tens of thousands of BT customers' web browsing was co-opted into Phorm's systems, it does not intend to pursue the matter. BT has publicly insisted "it was not illegal".
But the Commission is also concerned about how Phorm's technology will behave once fully rolled out in ISP networks. In one passage, Colasanti queries the mismatch between the ICO's insistence on a positive opt-in for future deployments and Phorm's own line that consent will be obtained via "transparent meaningful user notice".
Phorm's language prompts Colasanti to ask: "What exactly will be the methodology followed by the ISPs in order to obtain their customers' consent for the deployment of Phorm technology in accordance with the relevant legal requirements and what is the United Kingdom authorities' assessment of this methodology?"
After the ICO toughened its stance on future Phorm deployments in April, the firm's CEO Kent Ertugrul has insisted that debate over opt-in versus opt-out is a "huge red herring".
Correspondence between Phorm and the ICO disclosed after a Freedom of Information Act (FOIA) request by a member of the public paints a different picture. The regulator's stance that only a positive opt-in would be allowed for any future deployment was not so readliy dismissed inside Phorm. A company representative wrote to the ICO: "[I] was a little surprised that in your latest statement you seem to have come down fairly firmly in favour of opt-in, but obviously I understand the issues. I'd very much welcome a quick chat on this point."
The ICO remains committed to a positive opt-in.
The EU's interrogative approach to the issue is in contrast to the secret liasons between the Home Office, BT and Phorm going back to November 2006. The government provided a legal opinion - which has since been heavily criticised by independent experts - on ISP-level adware that said it didn't think such systems would contravene the Regulation of Investigatory Powers Act 2000 (RIPA).
Colasanti wants to know which body would investigate a breach of RIPA.
BERR's spokeswoman said she was unable to explain why the government has not responded yet. ®
See the next page for the EU's letter in full.
" - 1 : Hate Phorm. Think BT were [if not wrong] very VERY cheeky.
- 2 : What the "£$%££$%£W"$E%$!" has it got to do with a bunch of jacked up europeans. The B in BT is BRITISH telecom. "
1) Well, the BT trials were ILLEGAL under PECR and RIPA. The key issue there is consent, and no customers were informed. IMO (call me naive?), corporations should not be allowed to wiretap people just for profit.
2) The EC are the people making the laws (directives) which the UK Govt translate into RIPA, PECR and so on. ICO and the Home Office have been passing the hot potato, BT are saying it took 'legal advice' at the time, and noone from the UK Govt wants to deal with this problematic issue.
The EC are the ONLY people pushing for accountability here. What's the point of signing in laws if you're going to f****** ignore them when the UK's most powerful comms monopoly craps all over them?
TEST CASE NEEDED NOW
Dear Chris, El Reg,
Once again I am not so outraged - this is great work from you.
One thing has started to appear on forums is a call for a test case to decide if Phorm breaches RIPA, Computer Misuse Act, PECR, DPA, Copyright, Designs and Patents act, etc.
Would El Reg consider making this a campaign, to call on the government for a test case into data pimping by ISPs (Phorm)?
After all, it would be hard for governments, ISPs and Phorm to say they don't want a test case. If Phorm is legal, then go ahead, lets have a case. If it's illegal, then surely for the ISPs and govt. POV best to find out NOW!
A TEST CASE - LETS HAVE A TEST CASE!
@AC RE: I asked BT a couple of weeks ago....
Word on the blogs and newsgroups is that BT customer service and sales employees have been specifically told to deny they know anything about Phorm if asked.
its your data property to profit from , Not their.
"Once this data has been collected by Phorm it is no longer personal, rather the property of a company."
No it isnt, its still the property of the owner,that is you the end user and your *unique datastream, and the website owner and their ^unique datastream being the two partys involved in the webpage transaction, the ISP is just a conduit according to them, any unlawful act of commercial piracy is werth £50000 a time now ;) or will be soon.
they collect the data without consent, make a derivative work and sell that data, its commercial piracy end of story.
they dont own it,they dont have a licence to make a derivative work from it, its not theirs to sell...
*its pritty clear cut
existing as the only one or as the sole example; single; solitary in type or characteristics
. the embodiment of unique characteristics; the only specimen of a given kind