Why Phorm means I'm dropping Virgin Media and avoiding BT and TalkTalk
Been meaning to post this for a while but there's so much information to collate it's taken me a while to get it together in my head. Still I figure that what is basically a technical (i.e. geek) issue needs to be made more public.
In a nutshell, BT, Virgin Media and Carphone Warehouse (TalkTalk) have signed an agreement with a company called Phorm to pass all Internet traffic through Phorm's servers to allow your net usage to be profiled, enabling them to deliver targeted advertising.
What's the problem with that I hear you cry? I get adverts anyway, so what's the difference? Well, it goes a bit deeper than just advertising.
Why Phorm is a threat to Internet privacy, your personal details and is also possibly illegal
The technical bit first: Basically when you ask the net to give you a web page, the request is passed from your computer to the web server, wherever that may be (BBC, Amazon etc.) via your Internet Service Provider (ISP), be it Virgin, BT, Sky broadband, AOL, whoever, and the resultant page is sent back to you again via your ISP. ISP's are basically a conduit. They simply pass the information on, they don't generally read or store what you're looking at. This is a bit of an over-simplification but I'm trying not to get too technical here.
With Phorm, the plan is now that when you request a web page, that request is sent from your ISP to the Phorm servers. They fetch the web page for you, read it, analyse it, add the relevant bits to your web profile and then pass the page on to you as requested. The reverse is also true when you send data to the net by filling in an online form. Your web profile is used to target the adverts that appear on your web pages to supposedly be more relevant to you. Phorm claim (through the system they call WebWise - PR here) that it will make for a better and safer surfing experience by allowing the Phorm servers to spot potential phishing sites (fake bank logins, infected web pages etc.) and stop you going there. Thing is most browsers already do this anyway so they're not adding anything to pre-existing software.
The only benefit is to advertisers, Phorm and the ISPs who all get a cut of the potential increased revenues. (BT are projected to make £85m in 2010
Okay, so I get targeted adverts, so what? It's no skin off my nose, is it?
Well yes it is cos Phorm are reading every single page that you request. They claim that they will never use any personal details such as bank logins, credit card numbers etc. and data will be collected anonymously but how do you tell what's private and personal? If you use webmail at all (GMail, Yahoo, Hotmail, etc.) then all of your private emails are transmitted as web pages and will be read and analysed by Phorm's software. All those private or filtered LJ posts that you have will be read if one of your friends calls them up through a Phorm system, even if you're not using it. Your secured Facebook profile will do the same.
And imagine if you had kids in the house. Your web surfing on the family PC influences the targeted ads they will see. If you surf porn sites when they've gone to bed, what sort of ads might your kids get to see the next day? If you were planing to propose to your partner and she suddenly starts seeing adverts for wedding rings and dresses, it kinda spoils the surprise a bit doesn't it? There are all sorts of knock-on effects from the adverts alone.
And even if Phorm stay true to their word and don't store anything they consider to be personal identifying information such as card numbers and addresses from legit business and shopping forms online (e.g they might recognise an Amazon checkout page), it's much harder to sift that information out in a generic webpage as there is no identifiable box that is filled in to say, "this is my delivery address; this is my phone number". that data might be on your LJ profile and will be added to your surfing profile and thus Phorm are storing identifying data that could be linked to you, even if they don't intend to.
Worried yet? There's more...
Let's assume Phorm are legit (and I'll get to that in a mo). Passing an entire ISP's traffic through one 3rd-party company makes it a prime attack point for hackers who are definitely after your credit card details etc.. If you knew for sure that those details were passing through one guaranteed bottleneck on the net, wouldn't you attack there first? Plus it's a bottleneck that will slow down your web browsing anyway and these servers could be anywhere - the US? China? You really want all your Internet traffic going through China?
So I'll not turn this Webwise system on then, you say. A fair point except that up to now, BT are going to make the system opt-out (i.e it's turned on unless you turn it off) and Virgin have yet to say whether it will be opt-in or opt-out. Even if you do opt-out, no-one's yet made it clear whether you're just opting out of the targeted advertising or the whole process. If it's the former then your data is still being profiled by Phorm, you're just not receiving the targeted ads. Assuming out really does mean out, the opt-out will most likely be done via a cookie in your browser. You think you've turned Webwise off but if you or your anti-spyware / anti-adware software regularly clears your cookies, suddenly you're opted in again without knowing it.
From a New York Times article: “”As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.”
The system is due to roll out at the end of this year but BT have already run secret trials with 18,000 customers in 2006 where they profiled peoples usage without even informing them and that brigs me to the legal bit.
Under the Regulation of Investigatory Powers Act 2000 (RIPA), intercepting Internet traffic without a warrant or consent is an offence. Not only did BT intercept countless transmissions in this way (basically a wiretap) but even if you did opt-in to Phorm, consent is needed from both parties in a communication for it not to be an illegal intercept and the website you're visiting will most likely not have consented to have their page analysed by Phorm and so consent is not given under the RIPA. The Home office seems to disagree but they do say that is just informal guidance rather than a legal ruling. The foundation for Information Policy research FIPR) think otherwise.
So BT have secretly wiretapped 18,000 users data already; they, virgin and carphone warehouse are bringing in this system under the guise of a safer better web experience and forcing it on their customers who will mostly have nothing but the marketing spin to go on and therefore will see no point in turning it off; and your personal data are all passing through a single point on a server somewhere. Even if this were an honest (and I use the word loosely) business, if it goes ahead a precedent is set in the interpretation of the RIDA for less-scrupulous businesses in the future posing an even bigger threat to net privacy. Not so good, is it?
Remember above I said that I'd get round to whether Phorm were legit or not? Well here's the icing on the cake. The people running Phorm are those that used to run a company called 121Media, whose product, PeopleOnPage, was blacklisted as spyware by Symantec and F-Secure. Not exactly a trustworthy background.
None of this, of course is mentioned in the advertising blurb - it's just a "better, safer web experience", no mention of them making money off your private web surfing (a process you're paying them for of course, not the other way round).
There's extensive articles on it all on The Register's Phorm Files but if this has you sufficiently worried about (and I hope it does), contact your ISP if you're on BT, Virgin or TalkTalk, There is already some movement by MPs on the issue but contacting your MP will help. Alternatively, sign the petition. The more people raise the issue, the more likely it is to get discussed properly.
Sorry this is long and rambly. I've tried to stay away from the technical as much as I can to make it clearer. There's much more to it than this as the articles and links from there will show but in a nutshell, it's a really bad idea both in itself and as a precedent. I contacted Virgin over a week ago asking for clarification on what exactly they would do with my data. I've yet to receive a reply. If they send me the standard marketing reply (which I suspect they will) I'll be changing ISP on the spot. If they go ahead with Phorm, I'll be changing ISP anyway.
Update: Thursday 3rd April: Well, looks like the Phorm debate has stepped up a notch. BBC Breakfast ran this article this morning and this interview. It misses out most of the tech points and only covers the advertising side of it but it does address BT's alleged illegal trials.
And apparently a BT spokesperson will also be on Channel 4 News today. Not sure if it's this evening or if it was lunchtime, but will be worth a look.
All the details in the latest Register article
ETA: Emma Sanderson, BT's head of value-added services (whatever that title might mean?), looked distinctly less comfortable on Channel 4's lunchtime news - article here
Update: Friday 4rd April: After not receiving a reply to my enquiry with Virgin in over a week (despite their site saying they'll respond in 48 hours) I started looking around for other ISPs tonight. I posted this in comments earlier but am more impressed with Be Un Limited than I have been with anyone else so far, so it gets it's own post. Got a reply by email in a little under 3 hours on a Friday evening.
My email to Be:
In light of the recent press surrounding Phorm and BT / Virgin Media, and the potential illegality of the intercept system that Phorm appear to be using, I'm seriously considering changing ISPs and a friend recommended your services. I have a couple of questions first though that I'm hoping you can answer for me.
Firstly, are you, or are you planning to be, involved with Phorm or any web intercepting / targeted advertising company?
Secondly, your website says a BT landline is required. Since I'm currently on a cable line, I'd have to get a line installed / reactivated. Does it have to be a BT line or is it possible to use a LLU line through yourselves as I believe this is available from the Leith, Edinburgh exchange to which I am connected and could this be included as part of a broadband package?
Their reply:
We have no plans to join or use Phorm software, if that changes we will of course inform the whole member base.
If it was ever to happen we will make sure that our member base is given 3 month notice period so members who wish to move can, but once again there are no plans for Be to use/join/trail/sign up/take part in Phorm.
Currently we provide our service on a working BT telephone lines only.
Unfortunately Be Un Limited will not be able to provide you with the phone service, for this purpose you have to contact BT.
For any further information, please contact us on 0808 234 8570 so we can be more helpful
Seems Be Un Limited also win hands down in terms of line speed in Edinburgh on Speedtest.net and they're reasonably priced. Just a shame that I'd have to get a BT line but at least that doesn't go through Phorm, only BT's web traffic does.
Even so, the fact is that even if I'm not signed up for Phorm, eventually someone that I send an email to will be - and if they download it via webmail that's still an illegal intercept of my personal and privately sent information. Here's hoping Phorm will be stopped in the courts before it gets started.
If the Home Office advice is upheld (see sec.15 halfway down the page) and it's ruled that putting web pages up for general consumption is an implied opt-in on the part of the web page publisher and even if Phorm say they'll ignore Hotmail, Yahoo, Gmail etc to cancel out the private webmail part, that doesn't cover individual businesses using something like Outlook Web Access on their own mail servers. Emails from private web mail servers will still go through Phorm's systems as it's impossible to make an exclude list to skip them all. Illegal intercept of information that I've sent privately, not publicly (i.e. private email, not public web page) - no question in my mind.
If you're thinking of changing too, for a list of non-Phorm ISPs, see here
To find out what's available in your area, see here
Update: Sunday 6th April: Independent assessment of exactly what Phorm will do to your data by Dr Richard Clayton, treasurer of the FIPR and security researcher at Cambridge University.
Very heavy on the tech but an interesting read if you're familiar with cookies and website indexing by search engines. Whilst the report itself is objective and opinion-free, the BBC News article that led me to it, isn't. He still thinks, after being given the technical spec, that it's illegal.
The crux of the report, to me at least, is that there are ways for a web-site (not the requesting browser) to opt-out too - remember I said about interception having to require the consent of both parties to not be illegal? - but they're not exactly clear about it under certain circumstances and it's still an opt-out rather than opt-in on the part of the page provider. And if the page is being provided by a webmail service that is not on Phorm's "blacklist" it's not clear how this could be done if it's not inserted automatically by the webmail system, which brings us back to the potential interception and analysis of emails I send to others who download them on business webmail systems.
Update: Monday 7th April: Conclusive proof that the Information Commissioner has no balls or no teeth or both :(
Meanwhile, it seems that someone has been trying to take all the non-shiny words off the Wiki Phorm page. Bad bad Phorm people.
Update: Thursday 10th April: Seems that just maybe the Information Commissioner has grown a pair after all....
Information Commissioner: Phorm must be opt-in only - not great, but it's a start at least, although it completely fails to address the point that an intercept still requires the permissions of both parties (customer and web=page provider), even if the system is allowed to go ahead with a customer opt-in.
And in case our friends across the pond thought this was just fun and games in the UK, seems US companies are already ahead of the UK furore. Not sure that the privacy laws and legislation on interception don't make it easier to do over there too.
Update: Wednesday 16th July Things seem to have gone a bit quiet with Phorm the last couple of months but might pick up again today with picketing of the BT AGM. World+Dog in terms of regulators, police and government seem to have passed the buck and refuse to investigate saying it's not their remit to do so, but that may change with Alex Hanff meeting City of London police and Baroness Miller meeting the Home Office to outline her objections.
Virgin it seems have already distanced themselves from Phorm a little saying they only agreed to evaluate how the system might work, not test or deploy it, but of course Phorm claimed they had Virgin well and truly on board. Still won't stop me leaving them at the end of August though when I move house.
Funnily enough, as of today, Phorm stock price is at an all time low... :)
It's not just the UK though. As I mentioned before, across the pond, NebuAd are already doing what Phorm are thinking of trying here, although since that first article, it seems they've been noticed by Congress and several of the ISPs who were running the system have either suspended it or pulled out altogether.
Update: Thursday 17th July Finally! Now someone will have to stop passing the buck and do something with Phorm.
Oh, and for those that are interested, an (obviously one-sided) account of the BT AGM yesterday
And an update from across the pond too. Congress is doing more than the UK government at least...
Update: Wednesday 1tth February 2009 It's been a while, but it seems Phorm have stuck their heads above the parapet again...
Interview with Dow Jones
They seem to think that they'll roll out on BT by the end of the year. BT seems less sure.
Interesting to note in the Dow Jones interview that they're still working on a cookie-based system - an idea that provoked the most scorn when it was first announced as if the system is still set to be opt-out then clearing your cookies would opt you back in again without you realising. My personal favourite line from the interview however, is this one: "We're a privacy enhancing technology." So you're going to intercept and examine every single piece of web traffic going to and from my PC and this enhances my privacy how exactly?
ETA The EU are at least still on the case with the threat of formal action
[Viviane] Reding [Eurpoean Telecoms Comissioner]'s chief spokesman Martin Selmayr said: "The European Commission's investigation with regard to the Phorm case is still ongoing."
Selmayr added that the Commission had written to the UK government for a third time at the end of January. "The Commission may have to proceed to formal action if the UK authorities do not provide a satisfactory response to the Commission's concerns on the implementation of European law in the context of the Phorm case," he said.
The CPS is also still considering allowing a private prosecution over the alleged illegal wiretaps in the BT trials although the Met Police apparently couldn't be bothered to follow it up. Maybe it was all a bit too confusing for them as their decision seems to have been solely based on a conversation with BT where BT seem to have said, "We didn't mean to do anything wrong, honest guv." I'm sure most of those drivers convicted of causing death by dangerous driving didn't mean to do anything wrong either....
Will the last one off the WWW please turn the light out...
This is one of my rare public posts. Feel free to link others to it and pass on the info. Those of you that know me will know that it's very rare for me to get this wound up about an issue that I post something like this. That's how serious I think this could be.
In a nutshell, BT, Virgin Media and Carphone Warehouse (TalkTalk) have signed an agreement with a company called Phorm to pass all Internet traffic through Phorm's servers to allow your net usage to be profiled, enabling them to deliver targeted advertising.
What's the problem with that I hear you cry? I get adverts anyway, so what's the difference? Well, it goes a bit deeper than just advertising.
Why Phorm is a threat to Internet privacy, your personal details and is also possibly illegal
The technical bit first: Basically when you ask the net to give you a web page, the request is passed from your computer to the web server, wherever that may be (BBC, Amazon etc.) via your Internet Service Provider (ISP), be it Virgin, BT, Sky broadband, AOL, whoever, and the resultant page is sent back to you again via your ISP. ISP's are basically a conduit. They simply pass the information on, they don't generally read or store what you're looking at. This is a bit of an over-simplification but I'm trying not to get too technical here.
With Phorm, the plan is now that when you request a web page, that request is sent from your ISP to the Phorm servers. They fetch the web page for you, read it, analyse it, add the relevant bits to your web profile and then pass the page on to you as requested. The reverse is also true when you send data to the net by filling in an online form. Your web profile is used to target the adverts that appear on your web pages to supposedly be more relevant to you. Phorm claim (through the system they call WebWise - PR here) that it will make for a better and safer surfing experience by allowing the Phorm servers to spot potential phishing sites (fake bank logins, infected web pages etc.) and stop you going there. Thing is most browsers already do this anyway so they're not adding anything to pre-existing software.
The only benefit is to advertisers, Phorm and the ISPs who all get a cut of the potential increased revenues. (BT are projected to make £85m in 2010
Okay, so I get targeted adverts, so what? It's no skin off my nose, is it?
Well yes it is cos Phorm are reading every single page that you request. They claim that they will never use any personal details such as bank logins, credit card numbers etc. and data will be collected anonymously but how do you tell what's private and personal? If you use webmail at all (GMail, Yahoo, Hotmail, etc.) then all of your private emails are transmitted as web pages and will be read and analysed by Phorm's software. All those private or filtered LJ posts that you have will be read if one of your friends calls them up through a Phorm system, even if you're not using it. Your secured Facebook profile will do the same.
And imagine if you had kids in the house. Your web surfing on the family PC influences the targeted ads they will see. If you surf porn sites when they've gone to bed, what sort of ads might your kids get to see the next day? If you were planing to propose to your partner and she suddenly starts seeing adverts for wedding rings and dresses, it kinda spoils the surprise a bit doesn't it? There are all sorts of knock-on effects from the adverts alone.
And even if Phorm stay true to their word and don't store anything they consider to be personal identifying information such as card numbers and addresses from legit business and shopping forms online (e.g they might recognise an Amazon checkout page), it's much harder to sift that information out in a generic webpage as there is no identifiable box that is filled in to say, "this is my delivery address; this is my phone number". that data might be on your LJ profile and will be added to your surfing profile and thus Phorm are storing identifying data that could be linked to you, even if they don't intend to.
Worried yet? There's more...
Let's assume Phorm are legit (and I'll get to that in a mo). Passing an entire ISP's traffic through one 3rd-party company makes it a prime attack point for hackers who are definitely after your credit card details etc.. If you knew for sure that those details were passing through one guaranteed bottleneck on the net, wouldn't you attack there first? Plus it's a bottleneck that will slow down your web browsing anyway and these servers could be anywhere - the US? China? You really want all your Internet traffic going through China?
So I'll not turn this Webwise system on then, you say. A fair point except that up to now, BT are going to make the system opt-out (i.e it's turned on unless you turn it off) and Virgin have yet to say whether it will be opt-in or opt-out. Even if you do opt-out, no-one's yet made it clear whether you're just opting out of the targeted advertising or the whole process. If it's the former then your data is still being profiled by Phorm, you're just not receiving the targeted ads. Assuming out really does mean out, the opt-out will most likely be done via a cookie in your browser. You think you've turned Webwise off but if you or your anti-spyware / anti-adware software regularly clears your cookies, suddenly you're opted in again without knowing it.
From a New York Times article: “”As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.”
The system is due to roll out at the end of this year but BT have already run secret trials with 18,000 customers in 2006 where they profiled peoples usage without even informing them and that brigs me to the legal bit.
Under the Regulation of Investigatory Powers Act 2000 (RIPA), intercepting Internet traffic without a warrant or consent is an offence. Not only did BT intercept countless transmissions in this way (basically a wiretap) but even if you did opt-in to Phorm, consent is needed from both parties in a communication for it not to be an illegal intercept and the website you're visiting will most likely not have consented to have their page analysed by Phorm and so consent is not given under the RIPA. The Home office seems to disagree but they do say that is just informal guidance rather than a legal ruling. The foundation for Information Policy research FIPR) think otherwise.
So BT have secretly wiretapped 18,000 users data already; they, virgin and carphone warehouse are bringing in this system under the guise of a safer better web experience and forcing it on their customers who will mostly have nothing but the marketing spin to go on and therefore will see no point in turning it off; and your personal data are all passing through a single point on a server somewhere. Even if this were an honest (and I use the word loosely) business, if it goes ahead a precedent is set in the interpretation of the RIDA for less-scrupulous businesses in the future posing an even bigger threat to net privacy. Not so good, is it?
Remember above I said that I'd get round to whether Phorm were legit or not? Well here's the icing on the cake. The people running Phorm are those that used to run a company called 121Media, whose product, PeopleOnPage, was blacklisted as spyware by Symantec and F-Secure. Not exactly a trustworthy background.
None of this, of course is mentioned in the advertising blurb - it's just a "better, safer web experience", no mention of them making money off your private web surfing (a process you're paying them for of course, not the other way round).
There's extensive articles on it all on The Register's Phorm Files but if this has you sufficiently worried about (and I hope it does), contact your ISP if you're on BT, Virgin or TalkTalk, There is already some movement by MPs on the issue but contacting your MP will help. Alternatively, sign the petition. The more people raise the issue, the more likely it is to get discussed properly.
Sorry this is long and rambly. I've tried to stay away from the technical as much as I can to make it clearer. There's much more to it than this as the articles and links from there will show but in a nutshell, it's a really bad idea both in itself and as a precedent. I contacted Virgin over a week ago asking for clarification on what exactly they would do with my data. I've yet to receive a reply. If they send me the standard marketing reply (which I suspect they will) I'll be changing ISP on the spot. If they go ahead with Phorm, I'll be changing ISP anyway.
Update: Thursday 3rd April: Well, looks like the Phorm debate has stepped up a notch. BBC Breakfast ran this article this morning and this interview. It misses out most of the tech points and only covers the advertising side of it but it does address BT's alleged illegal trials.
And apparently a BT spokesperson will also be on Channel 4 News today. Not sure if it's this evening or if it was lunchtime, but will be worth a look.
All the details in the latest Register article
ETA: Emma Sanderson, BT's head of value-added services (whatever that title might mean?), looked distinctly less comfortable on Channel 4's lunchtime news - article here
Update: Friday 4rd April: After not receiving a reply to my enquiry with Virgin in over a week (despite their site saying they'll respond in 48 hours) I started looking around for other ISPs tonight. I posted this in comments earlier but am more impressed with Be Un Limited than I have been with anyone else so far, so it gets it's own post. Got a reply by email in a little under 3 hours on a Friday evening.
My email to Be:
In light of the recent press surrounding Phorm and BT / Virgin Media, and the potential illegality of the intercept system that Phorm appear to be using, I'm seriously considering changing ISPs and a friend recommended your services. I have a couple of questions first though that I'm hoping you can answer for me.
Firstly, are you, or are you planning to be, involved with Phorm or any web intercepting / targeted advertising company?
Secondly, your website says a BT landline is required. Since I'm currently on a cable line, I'd have to get a line installed / reactivated. Does it have to be a BT line or is it possible to use a LLU line through yourselves as I believe this is available from the Leith, Edinburgh exchange to which I am connected and could this be included as part of a broadband package?
Their reply:
We have no plans to join or use Phorm software, if that changes we will of course inform the whole member base.
If it was ever to happen we will make sure that our member base is given 3 month notice period so members who wish to move can, but once again there are no plans for Be to use/join/trail/sign up/take part in Phorm.
Currently we provide our service on a working BT telephone lines only.
Unfortunately Be Un Limited will not be able to provide you with the phone service, for this purpose you have to contact BT.
For any further information, please contact us on 0808 234 8570 so we can be more helpful
Seems Be Un Limited also win hands down in terms of line speed in Edinburgh on Speedtest.net and they're reasonably priced. Just a shame that I'd have to get a BT line but at least that doesn't go through Phorm, only BT's web traffic does.
Even so, the fact is that even if I'm not signed up for Phorm, eventually someone that I send an email to will be - and if they download it via webmail that's still an illegal intercept of my personal and privately sent information. Here's hoping Phorm will be stopped in the courts before it gets started.
If the Home Office advice is upheld (see sec.15 halfway down the page) and it's ruled that putting web pages up for general consumption is an implied opt-in on the part of the web page publisher and even if Phorm say they'll ignore Hotmail, Yahoo, Gmail etc to cancel out the private webmail part, that doesn't cover individual businesses using something like Outlook Web Access on their own mail servers. Emails from private web mail servers will still go through Phorm's systems as it's impossible to make an exclude list to skip them all. Illegal intercept of information that I've sent privately, not publicly (i.e. private email, not public web page) - no question in my mind.
If you're thinking of changing too, for a list of non-Phorm ISPs, see here
To find out what's available in your area, see here
Update: Sunday 6th April: Independent assessment of exactly what Phorm will do to your data by Dr Richard Clayton, treasurer of the FIPR and security researcher at Cambridge University.
Very heavy on the tech but an interesting read if you're familiar with cookies and website indexing by search engines. Whilst the report itself is objective and opinion-free, the BBC News article that led me to it, isn't. He still thinks, after being given the technical spec, that it's illegal.
The crux of the report, to me at least, is that there are ways for a web-site (not the requesting browser) to opt-out too - remember I said about interception having to require the consent of both parties to not be illegal? - but they're not exactly clear about it under certain circumstances and it's still an opt-out rather than opt-in on the part of the page provider. And if the page is being provided by a webmail service that is not on Phorm's "blacklist" it's not clear how this could be done if it's not inserted automatically by the webmail system, which brings us back to the potential interception and analysis of emails I send to others who download them on business webmail systems.
Update: Monday 7th April: Conclusive proof that the Information Commissioner has no balls or no teeth or both :(
Meanwhile, it seems that someone has been trying to take all the non-shiny words off the Wiki Phorm page. Bad bad Phorm people.
Update: Thursday 10th April: Seems that just maybe the Information Commissioner has grown a pair after all....
Information Commissioner: Phorm must be opt-in only - not great, but it's a start at least, although it completely fails to address the point that an intercept still requires the permissions of both parties (customer and web=page provider), even if the system is allowed to go ahead with a customer opt-in.
And in case our friends across the pond thought this was just fun and games in the UK, seems US companies are already ahead of the UK furore. Not sure that the privacy laws and legislation on interception don't make it easier to do over there too.
Update: Wednesday 16th July Things seem to have gone a bit quiet with Phorm the last couple of months but might pick up again today with picketing of the BT AGM. World+Dog in terms of regulators, police and government seem to have passed the buck and refuse to investigate saying it's not their remit to do so, but that may change with Alex Hanff meeting City of London police and Baroness Miller meeting the Home Office to outline her objections.
Virgin it seems have already distanced themselves from Phorm a little saying they only agreed to evaluate how the system might work, not test or deploy it, but of course Phorm claimed they had Virgin well and truly on board. Still won't stop me leaving them at the end of August though when I move house.
Funnily enough, as of today, Phorm stock price is at an all time low... :)
It's not just the UK though. As I mentioned before, across the pond, NebuAd are already doing what Phorm are thinking of trying here, although since that first article, it seems they've been noticed by Congress and several of the ISPs who were running the system have either suspended it or pulled out altogether.
Update: Thursday 17th July Finally! Now someone will have to stop passing the buck and do something with Phorm.
Oh, and for those that are interested, an (obviously one-sided) account of the BT AGM yesterday
And an update from across the pond too. Congress is doing more than the UK government at least...
Update: Wednesday 1tth February 2009 It's been a while, but it seems Phorm have stuck their heads above the parapet again...
Interview with Dow Jones
They seem to think that they'll roll out on BT by the end of the year. BT seems less sure.
Interesting to note in the Dow Jones interview that they're still working on a cookie-based system - an idea that provoked the most scorn when it was first announced as if the system is still set to be opt-out then clearing your cookies would opt you back in again without you realising. My personal favourite line from the interview however, is this one: "We're a privacy enhancing technology." So you're going to intercept and examine every single piece of web traffic going to and from my PC and this enhances my privacy how exactly?
ETA The EU are at least still on the case with the threat of formal action
[Viviane] Reding [Eurpoean Telecoms Comissioner]'s chief spokesman Martin Selmayr said: "The European Commission's investigation with regard to the Phorm case is still ongoing."
Selmayr added that the Commission had written to the UK government for a third time at the end of January. "The Commission may have to proceed to formal action if the UK authorities do not provide a satisfactory response to the Commission's concerns on the implementation of European law in the context of the Phorm case," he said.
The CPS is also still considering allowing a private prosecution over the alleged illegal wiretaps in the BT trials although the Met Police apparently couldn't be bothered to follow it up. Maybe it was all a bit too confusing for them as their decision seems to have been solely based on a conversation with BT where BT seem to have said, "We didn't mean to do anything wrong, honest guv." I'm sure most of those drivers convicted of causing death by dangerous driving didn't mean to do anything wrong either....
Will the last one off the WWW please turn the light out...
This is one of my rare public posts. Feel free to link others to it and pass on the info. Those of you that know me will know that it's very rare for me to get this wound up about an issue that I post something like this. That's how serious I think this could be.