Feeds

BT's secret Phorm trials: UK.gov responds

EU lawyers mull action

Top 5 reasons to deploy VMware with Tegile

Updated The European Commission is analysing the government's explanation of why UK authorites have taken no action over BT and Phorm's allegedly illegal broadband wiretapping and ad-targeting experiments in 2006 and 2007.

A spokeswoman for Vivian Reding's information society and media commission confirmed that a response to its call for information had been received in Brussels and would form part a "legal assessment" of the trials. The UK government's letter was about a month and a half late, the EU having originally set a reply deadline of the end of July.

The Department for Business, Enterprise and Regulatory Reform (BERR), which coordinates UK diplomatic dealings with the European Commission, refused today to provide the full text of the letter.

It sent The Reg a statement detailing only a small part of the letter. It dodges the central issue: That the UK's largest telecoms provider secretly monitored tens of thousands of its customers' web browsing habits without consent, and that so far the Information Commissioner's Office and the police have not taken any enforcement action.

Here's BERR's statement in full:

The UK is committed to providing a high level of consumer protection. We take our community obligations very seriously especially in the area of data protection and e-privacy. The possible future use of Phorm technology has raised material concerns in this area and the UK authorities are working to ensure that if it is introduced into the market for internet based advertising services, this is done in a lawful, appropriate and transparent fashion.

After conducting its enquiries with Phorm the UK authorities consider that Phorm's products are capable of being operated in this fashion on the following basis:

  • The user profiling occurs with the knowledge and agreement of the customer.
  • The profile is based on a unique ID allocated at random which means that there is no need to know the identity of the individual users.
  • Phorm does not keep a record of the actual sites visited.
  • Search terms used by the user and the advertising categories exclude certain sensitive terms and have been widely drawn so as not to reveal the identity of the user.
  • Phorm does not have nor want information which would enable it to link a user ID and profile to a living individual.
  • Users will be presented with an unavoidable statement about the product and asked to exercise a choice about whether to be involved.
  • Users will be able to easily access information on how to change their mind at any point and are free to opt in or out of the scheme.
Future developments involving Phorm will be closely scrutinised and monitored by the enforcement authorities.

Four out of the five questions posed by information society and media departmental director general Fabio Colasanti targeted UK authorities' failure to act over BT's secret trials in 2006 and 2007. Viviane Reding has herself said that the acts were a breach of EU privacy directives without consent.

In July the Commissioner said: "It is very clear in EU directives that unless someone specifically gives authorization [to track consumer activity on the Web] then you don't have the right to do that."

Yet BERR's statement makes no mention of the two secret experimental deployments. Rather, it is a close relative of the Home Office's disputed advice to BT and Phorm, repeating that the government believes future Phorm deployments could be legal if consent from ISP subscribers is obtained. [The Home office had contact with BT on interception for behavioural ad targeting from autumn 2006, but says it had no knowledge of the secret trials until they were revealed by El Reg.]

A spokeswoman for BERR said it had decided not to disclose the government's line on the trials. "We believe it's important to have an open and frank discussion... it's not normal practice to disclose [such letters]," she said.

Meanwhile campaigners are awaiting the City of London Police's decision on whether to formally investigate BT and Phorm for breaking criminal wiretapping laws governed by the Regulation of Investigatory Powers Act.

Watch this space. ®

Catch up with the Phorm saga here.

Update

Following publication of this story, Phorm's PR agency Citigate Dewe Rogerson sent a statement. It's fairly standard stuff:

The UK's Government's position on Phorm's technology reflects our common commitment to transparency and superior standards of online privacy. We also believe that revolutionary technologies should be introduced in line with stringent criteria. For instance, our unique 'privacy by design' approach means our internet advertising and online fraud protection system stores no personally identifiable information or browsing histories. We will continue to engage with stakeholders from regulators to consumers and are excited about demonstrating how our system will benefit all of them by introducing a new way to help fund the future of the internet and its richness and diversity.

Choosing a cloud hosting partner with confidence

More from The Register

next story
Of COURSE Stephen Elop's to blame for Nokia woes, says author
'Google did have some unique propositions for Nokia'
FCC, Google cast eye over millimetre wireless
The smaller the wave, the bigger 5G's chances of success
It's even GRIMMER up North after MEGA SKY BROADBAND OUTAGE
By 'eck! Eccles cake production thrown into jeopardy
Mobile coverage on trains really is pants
You thought it was just *insert your provider here*, but now we have numbers
Don't mess with Texas ('cos it's getting Google Fiber and you're not)
A bit late, but company says 1Gbps Austin network almost ready to compete with AT&T
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.