Web giants urged to bar Phorm
Google and Microsoft encouraged to opt out
Privacy activists have urged top web firms to ensure they tell Phorm not to monitor communications with their users, ahead of BT's proposed deployment of its interception and profiling system.
In an open letter to privacy officers at Amazon, AOL, eBay, Facebook, Google, Microsoft and Yahoo!, campaigners claim the system, which will be branded "Webwise", "may well bring your own system into disrepute". Phorm's technology uses a complex series of traffic redirects and spoofed cookies to scan broadband users' web use for keywords to help target advertising.
It's planned that the search terms entered at the web's top destinations will be grabbed in transit and used by Phorm to judge surfers' interests. Because they strongly indicate intentions, they will be some of the most valuable data fed into the targeting algorithm. When contacted by The Register last year, Google, Microsoft and Yahoo! all declined to comment on the such activity.
The open letter was signed by Open Rights Group executive director Jim Killock, Richard Clayton of the Foundation for Information Policy Research (FIPR), and prominent anti-Phorm campaigners Alex Hanff and Pete John. Last year, with Phorm's cooperation, Clayton, a University of Cambridge security researcher, carried out a detailed analysis of how the system operates.
"We strongly believe that it is clearly in your company's interest, it is in the interests of all of your customers, and it will serve to protect your brand's reputation, if you insist that the Phorm/Webwise system does not process any data that passes to or from your website," the group wrote.
Phorm offers website owners who don't want their traffic to be intercepted the opportunity to opt out. "While we recognise that an 'opt-out' is an entirely second-rate way of dealing with this problem, we would strongly urge you to take advantage of it, in order to immediately reduce the risk of harm to your company and to your customers," the open letter said.
Phorm declined to say whether any of the companies the letter was sent to asked to be excluded from its system. It sought to compare its approach to behavioural advertising to that of Google and Microsoft, which collect targeting data by working with websites.
Phorm said: "We are aware of the letter and note that the vast majority of recipients use or offer interest based advertising. Many of them have, like Phorm, demonstrated their commitment to user privacy as signatories to the IAB UK’s interest based advertising good practice principles."
The Internet Advertising Bureau (IAB), a trade association, published guidelines earlier this month, in a move widely interpreted as an attempt to head off regulation.
FIPR's general counsel Nicholas Bohm has argued that the Regulation of Investigatory Powers Act requires both ends of a communication to consent to Phorm's interception, and so the firm needs to ask the owner of every website it intends to monitor for permission. Phorm and BT have disputed FIPR's analysis, although they have declined to provide details of their legal position.
In response to privacy concerns, Phorm has consistently stated that its technology retains no data and that users remain anonymous. However, at a recent event at Parliament to discuss monitoring of the internet, Sir Tim Berners-Lee, who invented the worldwide web, said he objected to the interception itself. "It is very important that when click we click without a thought that a third party knows what we're clicking on," he said, arguing that Google-style behavioural targeting does not violate privacy in a comparable way.
Phorm executives will appear at a second "Town Hall Meeting" at the London School of Economics on April 7, a year after they mounted a first public defence of their firm. The details are here.
Sponsored: 2016 Cyberthreat defense report