BT's secret Phorm trials: UK.gov responds
EU lawyers mull action
Updated The European Commission is analysing the government's explanation of why UK authorites have taken no action over BT and Phorm's allegedly illegal broadband wiretapping and ad-targeting experiments in 2006 and 2007.
A spokeswoman for Vivian Reding's information society and media commission confirmed that a response to its call for information had been received in Brussels and would form part a "legal assessment" of the trials. The UK government's letter was about a month and a half late, the EU having originally set a reply deadline of the end of July.
The Department for Business, Enterprise and Regulatory Reform (BERR), which coordinates UK diplomatic dealings with the European Commission, refused today to provide the full text of the letter.
It sent The Reg a statement detailing only a small part of the letter. It dodges the central issue: That the UK's largest telecoms provider secretly monitored tens of thousands of its customers' web browsing habits without consent, and that so far the Information Commissioner's Office and the police have not taken any enforcement action.
Here's BERR's statement in full:
The UK is committed to providing a high level of consumer protection. We take our community obligations very seriously especially in the area of data protection and e-privacy. The possible future use of Phorm technology has raised material concerns in this area and the UK authorities are working to ensure that if it is introduced into the market for internet based advertising services, this is done in a lawful, appropriate and transparent fashion.
After conducting its enquiries with Phorm the UK authorities consider that Phorm's products are capable of being operated in this fashion on the following basis:
Future developments involving Phorm will be closely scrutinised and monitored by the enforcement authorities.
- The user profiling occurs with the knowledge and agreement of the customer.
- The profile is based on a unique ID allocated at random which means that there is no need to know the identity of the individual users.
- Phorm does not keep a record of the actual sites visited.
- Search terms used by the user and the advertising categories exclude certain sensitive terms and have been widely drawn so as not to reveal the identity of the user.
- Phorm does not have nor want information which would enable it to link a user ID and profile to a living individual.
- Users will be presented with an unavoidable statement about the product and asked to exercise a choice about whether to be involved.
- Users will be able to easily access information on how to change their mind at any point and are free to opt in or out of the scheme.
Four out of the five questions posed by information society and media departmental director general Fabio Colasanti targeted UK authorities' failure to act over BT's secret trials in 2006 and 2007. Viviane Reding has herself said that the acts were a breach of EU privacy directives without consent.
In July the Commissioner said: "It is very clear in EU directives that unless someone specifically gives authorization [to track consumer activity on the Web] then you don't have the right to do that."
Yet BERR's statement makes no mention of the two secret experimental deployments. Rather, it is a close relative of the Home Office's disputed advice to BT and Phorm, repeating that the government believes future Phorm deployments could be legal if consent from ISP subscribers is obtained. [The Home office had contact with BT on interception for behavioural ad targeting from autumn 2006, but says it had no knowledge of the secret trials until they were revealed by El Reg.]
A spokeswoman for BERR said it had decided not to disclose the government's line on the trials. "We believe it's important to have an open and frank discussion... it's not normal practice to disclose [such letters]," she said.
Meanwhile campaigners are awaiting the City of London Police's decision on whether to formally investigate BT and Phorm for breaking criminal wiretapping laws governed by the Regulation of Investigatory Powers Act.
Watch this space. ®
Catch up with the Phorm saga here.
Following publication of this story, Phorm's PR agency Citigate Dewe Rogerson sent a statement. It's fairly standard stuff:
The UK's Government's position on Phorm's technology reflects our common commitment to transparency and superior standards of online privacy. We also believe that revolutionary technologies should be introduced in line with stringent criteria. For instance, our unique 'privacy by design' approach means our internet advertising and online fraud protection system stores no personally identifiable information or browsing histories. We will continue to engage with stakeholders from regulators to consumers and are excited about demonstrating how our system will benefit all of them by introducing a new way to help fund the future of the internet and its richness and diversity.
Sponsored: Becoming a Pragmatic Security Leader