Feeds

CPS: We won't prosecute over BT/Phorm secret trials

No fair cop after all

Internet Security Threat Report 2014

The Crown Prosecution Service confirmed today that it would not be prosecuting anyone in BT's secret trials of Phorm's web monitoring system.

"We have decided not to consent to a request from an individual to begin a prosecution of BT Group Plc and Phorm Inc in relation to alleged unlawful interception of internet browsing data," said the CPS in a statement on its website.

It said there was insufficient evidence to begin a prosecution under section 1 of the Regulation of Investigatory Powers Act (RIPA) 2000, and added it wasn't in the public interest to take the case any further.

The ISP wiretapping case had been under consideration "at a senior level" with the CPS. In October 2008 privacy campaigner Alex Hanff complained to the agency after police refused to investigate.

Here's CPS's reviewing lawyer on the case Andrew Hadik's statement in full:

We have thoroughly reviewed all of the material supplied by the individual who wished for us to consent to a prosecution, as well as the evidence provided by City of London Police, BT and Phorm. On the basis of the evidence gathered and with advice from legal and technical experts, we have determined the extent and seriousness of the alleged criminality.

At present, the available evidence is insufficent [sp] to provide a realistic prospect of conviction. In the vast majority of cases, we would only decide whether to prosecute after the investigation had been completed and after all the likely evidence had been reviewed. In rare cases, however, it may become clear prior to the collection and consideration of all the likely evidence that a prosecution would not be in the public interest.

We would only take such a decision if we were satisfied that the broad extent of the criminality had been determined and that we could make a fully informed assessment of the public interest. This is such a case.

We obtained expert evidence to enable us to understand how the technology worked, how many people were affected and how they were affected. Those are the key elements of the alleged offending. Even if further evidence were available and collected, we are satisfied that it could not change our assessment.

We have concluded a prosecution would not be in the public interest. As such, consent to a prosecution cannot be given.

The CPS said it found several public interest factors against prosecution of anyone involved in BT's secret trials of Phorm's controversial software.

It said BT and Phorm had received considerable legal advice about the use of the web monitoring system and were advised it was unlikely to be contrary to section 1 of RIPA. "Informal advice" on the same matter was also provided by the Home Office, said the CPS.

"BT received further and conflicting legal advice that led to it halting the covert trials. As there was no evidence to suggest either company acted in bad faith, it could be reasonably argued that any offending was the result of an honest mistake or genuine misunderstanding of the law," it added.

The agency said that both companies had cooperated with the police investigation, and added that the "behaviour in question" was "unlikely to be repeated".

It also cited the separate probe by the Information Commissioner's Office, which decided not to take action in the case.

“The CPS was also asked to consider if an offence had been committed under the Computer Misuse Act 1990 or the Copyright Designs and Patents Act 1988," said Hadik.

“The core alleged criminality in this case was the possibly unlawful interception of data, not computer modification or copyright. Additionally, the same factors that would weigh against a prosecution in relation to the alleged interception would also apply to a prosecution for another offence.”

Hanff reacted with anger at the CPS's decision not to prosecute.

"My argument is that wholesale interception of the nations communications for commercial gain is absolutely a public interest issue and refusal to prosecute undermines confidence in our entire judicial system; it paints a very clear picture that big business is above the law," he told The Register.

Hanff said he would consider a judicial review and mull the process of filing a complaint against the CPS if he can find the funds needed to take the matter any further.

BT told us it was "pleased with the decision not to allow a prosecution." ®

Providing a secure and efficient Helpdesk

More from The Register

next story
WHY did Sunday Mirror stoop to slurping selfies for smut sting?
Tabloid splashes, MP resigns - but there's a BIG copyright issue here
Spies, avert eyes! Tim Berners-Lee demands a UK digital bill of rights
Lobbies tetchy MPs 'to end indiscriminate online surveillance'
How the FLAC do I tell MP3s from lossless audio?
Can you hear the difference? Can anyone?
Google hits back at 'Dear Rupert' over search dominance claims
Choc Factory sniffs: 'We're not pirate-lovers - also, you publish The Sun'
Inequality increasing? BOLLOCKS! You heard me: 'Screw the 1%'
There's morality and then there's economics ...
While you queued for an iPhone 6, Apple's Cook sold shares worth $35m
Right before the stock took a 3.8% dive amid bent and broken mobe drama
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.