"We need legislation expressly proscribing intercept by the ISP or anyone else"
We have some already, it's called the Regulation Of Investigatory Powers Act.
"The fact that Phorm, BT, The Guardian etc. thinks that this could fly shows that the law is shaky."
In fairness to potential OIX customers, I doubt they even considered the legislative aspects, nor should they really have had to, because it _should have been_ almost inconceivable that a company with the top three ISPs in the UK as partners would be selling anything even remotely dodgy. OIX will have been sold to their marketing people as an ad platform, and those people neither know nor care about the technical implementation of the platform.
As for BT, well, I'm sure they'll hide behind the Home Office note issued by Simon "mass data mining is OK by me" Watkin, and say that the HO said they could do it, and that would be all nice and legal because of his rather novel interpretation of RIPA, but the law isn't, in fact, all that shaky AFAICT, and as the incumbent telco BT should have been well aware of this. Certainly they ought not to have started intercepting packets in summer 2007, well before the 'it's OK with consent and opt in' advice was issued, since they had neither, and since before Mr Watkin chimed in to muddy the waters, it was plainly obvious to all that to do so for the purposes of targeted advertising would be illegal under _any_ circumstances. And not just "oh, theres another fine from ICO, pay up and be about your business" illegal, but "oh shit, we're going to prison" ilegal.
As someone already mentioned, the fact that BT (or any of the other ISPs involved) managed to get so far down the line without someone being in a position to say "Hold on a minute guys, this might not look so good to our customers", or "hang on a mo, there night be some issues with RIPA and the DPA here that I think we should discuss", or that people did but were ignored, is barely credible.
And yet that appears to be exactly what's happened. I'm still having difficulty believing that people running such large companies can truly be _that_ stupid, despite having plenty of first hand experience of corporate venality and stupidity, which makes me wonder if they've something up their sleeves yet.