BT Retail wheeled out Emma Sanderson, its "director of value added services", on BBC Breakfast today to account for its secret profiling and targeting of credit card advertising to 18,000 of its customers using Phorm technology in 2006. She parroted the same line we've been hearing from BT since the 2007 secret trial was …
People say I'm wrong about BT...
"Surely they can't be that bad?" they say to me.
And then more stuff like this happens. Roll on someone taking their backsides to court and getting them kicked. Hard.
BT are spewing the same bulldust Phorm do about this non-consensual wiretapping being legal and no personally identifiable data being processed. Phorm haven't come back with an open, honest answer to convince those who don't believe them and neither, I expect, will BT.
The claim that "Customers absolutely can trust BT, " is absolute bollocks. BT are, in my professional view, the lowest of the low. This merely confirms it.
Anyone with a BT provision needs to ask themselves a simple question: "Is BT really the kind of company I want to be associated with?"
Needs a "taking names and kicking ass" icon - maybe Rowdy Roddy Piper from "They Live"?
Priceless opening line from Emma Sanderson...
"We absolutely were not spying on our customers..."
But they admit to a trial where they observed customers traffic without the customers knowing about it.
CAN WE PLEASE BUY HER AND SEND TO HER A DICTIONARY!?
From the Compact OED
1 not known or seen or not meant to be known or seen by others.
2 fond of having or keeping secrets; secretive.
1 a person employed to collect and report secret information on an enemy or competitor.
2 a person or device that observes others secretly.
A PERSON OR DEVICE THAT OBSERVES OTHERS SECRETLY
Put the cat back in the bag
I hope BT will be compensating everyone who is traced through the coding errors of the 2006 trials. I hope BT get to their customers before the customers get a phone call from a complete stranger asking them who they got their internet connection from.
Anonymous - BT don't know the meaning of the word.
If BT claim to not know who was in the trials, that does not say very much for the managerial control they have over the systems. If they don't know who was in the trials, how can they claim that no PII data was obtained?
Waste of time ....
Having them on Breakfast, a 6 year old press packer from newsround could have done a better job.
BBC stop calling them journalist's ...... and refer to them in their new true guise.....presenters.
BT - too powerful
How about this scenario:
Most people send some real post and receive post - both junk and non-junk. It's mainly delivered by the Royal Mail.
So the Royal Mail decide to intercept outgoing and incoming mail. They scan it, understand the content etc. It's left unaltered, you don't know it's been analysed.
They then offer to sell the information to marketing companies - in an anonymous form (i.e. they don't provide your name, just your postal address)... they don't get actual personal information, just profile information (e.g. you receive and send a lot of stuff to mail order catalogue companies). The companies buying the data can target the addresses with more appropriate junk mail - good for everyone all round!
Who'd be comfortable with that? Phorm don't mention analysing email, just browsing hence the analogy is only valid for the commercial equivalent of browsing.
Is the anything wrong with the analogy?
I'm so annoyed that 70% (by market share) of the internet users are going to be subject to this and there is nothing anyone can do about it. The remaining players can't take on more customers and the big players have locked in users with binding contracts.
Joe public has no idea what this means or the more implications. We need the equivalent of the EFF in the UK to lobby the government - no individual can afford to take BT court; their pockets will buy the best and most expensive lawyers in the country.
When will BT start inserting ads into private 'phone conversations to "improve your conversational experience?"
BT: "It wasn't illegal"
So? Anyone who uses this defence probably doesn't have any scruples. Something being 'legal' doesn't automatically make it OK.
I would have had a tiny bit more respect for BT if they 'fessed up to maybe making a mistake or 'error of judgement', some other bullshit.
You can only trust BT to screw up
Everytime I call them for anything to do with my phone its a bloody drama . Each person you talk to says something different and its a damn mess . And they wonder why when they offered me adsl after the rigmarole of getting a line activated I told them to get bent .
Everyone can benefit
So let me get this straight. It was all done anonamously so they DO NOT know who they wired tapped.
So surely then EVERY SINGLE BT customer should SUE them.
Paris - Cos I've always wanted to....
bunch of cnuts
That was the lamest most weak and watery piece of shite reporting I've ever seen on BBC brekky before work this morning - I was practically spitting blood by the time I left the house.
It was more a concillatory whitewash than any kind of reporting - "but everyone is doing it and it's completely anonymous, what's the problem?" ... what a load of utter tosh; but because it was on Aunty people are going to believe it - bastards.
so BT basically said "Yeah Phorm come on in, here's our network go knock yourself out, I'm off to the pub."
Will someone just get arrested already, please
Send the coppers in, this was a mass wiretap, end of story.
I'd give anything to see BT execs marched out in handcuffs over all this.
And well done to The Reg, and the anonymous whistleblower who's leaked all this, good on yers.
They do all this and then let us know they can be trusted? They aren't even giving credible interviews. Do you think they are lying, speaking untruths, or are engaging in a bit of misspeak? The more this goes on the more depressing it gets.
I'm really unimpressed with the whole thing, but at the end of the day they are taking a lead from the government who are just as free an easy with our private information from the introduction of ID cards and more importantly the joined up databases that will be accessible by all and sundry so they can get ya from the cradle to the grave, lost CDs, fingerprinting kids to take out library books, etc, ad nauseam.
Finally, I've still not been able to work out how our surfing data going to a bunch of shady characters (or not?) increases our security. I'd be very grateful if someone could explain this to me without spin.
The dog ate their data?
"BT doesn't know whether they were participating in the trial or not... it should reassure them."
...You mean if customers submitted a legal request for full, complete disclosure of the information the company holds about them under the Data Protection Act, they wouldn't be able to fulfil it? Oh, how shocking. Would Phorm? Shall we find out?
What scary is...
...that most internet users haven't even heard of Phorm and when the ISP's go live with this, they will put enough spin on it to make it sound like a good deal and dupe the user into it.
Well now we know it's legal to watch my webbing, how about...
...listening-in on my phone calls. Then when I mention a retailer, they could chip-in with the phone number and also suggest others that may suit, but who are obviously appropriate to me needs, just because those retailers pay BT to tell me so.
How about extending that service by warning me when I'm straying onto subjects that the government would prefer I not discus?
Then combine both to suggest a retailer for a book on a the subject and maybe recommend a title. 1984 perhaps?
Could I then wonder why it wasn't titled 2014?
We aren't quite there yet, but it's not so far now.
Big Brother has the ability to nick your details
Now, if this actually happened, then it would be possible for users data (name/address etc. and even worse, their credit card details) to be sent to and from the PHORM software using Ajax, and the un-savy user would never know that it happened.
Now, imagine someone less than savoury is working at BT; they could decide to inject their own code into the pages to grab this information with very little effort and no-one would really know. A database created on the fly (or even something like a csv file) could then hold all this data. As as it has been created without anyone else's knowledge there's a real good chance that it would never be detected.
I think BT users have the right to be very worried about this possibility. And I'm now worried about Virgin's 'abilities' with regards to this matter.
I just hope that in 2 months I wont be reading an article about how some little b*stard has stolen users details using this scam, sorry I mean Trial :S
Maybe they'll get pulled up by Ofcom? Oh no, that's right, it's full of BT's ex board members which is why they've never been pulled for any of their other violations since privatisation.
Improved browsing experience
I'm not so naive as to think that the Web can do without ads, but as someone who has a "Niven's hyperspace blind spot" for web adverts, targeted ads would not improve the browsing experience.
I wish somebody would go to prison. That would be hilarious, and also stop this whole debacle in its tracks.
One thing I'm still not 100% sure on is which part of BT performed the trials?
Was it the part in charge of the underlying infrastructure or BT the ISP?
Could I as a PlusNet user have been tapped due to it being performed on the underlying phone network or was it simply those who subscribe to BT Internet?
My interest is because I truly am willing to follow this up if there's potential I could've been a victim of this snooping but obviously as I don't use BT Internet and use PlusNet as my ISP it may not have effected me.
Of course, BT owns PlusNet anyway which muddies the waters somewhat.
Can anyone narrow down the set of affected users this far at least to the point we know if it was anyone attitude to BTs phone network or just people using BTs ISP?
I still sympathise if I wasn't affected of course and it was just BT Internet users, don't get me wrong but I can't take action over something that doesn't affect me either unfortunately.
antiphorm.com and antiphorm.co.uk
These domains are available for the princely sum of £28, I havnt got my credit card with me today, somebody buy them so we can fook BT and Phorm and then become internet squillionaires by reselling the user list.....LOL
""BT doesn't know whether they were participating in the trial or not... it should reassure them."
...You mean if customers submitted a legal request for full, complete disclosure of the information the company holds about them under the Data Protection Act, they wouldn't be able to fulfil it? Oh, how shocking. Would Phorm? Shall we find out?
Time to make a request methinks:
"I would like to know everything you know about me, including whether I was involved in the October 2006 trial."
What do you mean you don't know? Either I was or I wasn't, which is it??
Paris knows when she is getting screwed unlike BT customers
Usual BBC Dross then
No counter angle, no alternate interviewer to clarify the truth, just a whitewash interview allowing BT to promote their side of the story.
I notice that Phorm have gone quiet now.
@ BT - Too Powerful
"The remaining players can't take on more customers and the big players have locked in users with binding contracts."
BT Have stated that they will need to change your contract T&C's once this is going operational. At that point I am going to tell them I dont agree with the T&C's and request my MAC.
Also, anyone else angry about the BBC "Report" which made it seem that Phorm was only looking at your terms entered into search engines? not once did they tell the viewers that EVERY http packet would be profiled, opted in or out.
"I just hope that in 2 months I wont be reading an article about how some little b*stard has stolen users details using this scam, sorry I mean Trial"
Personally, I'm looking forward to that article...with all the news about data leaks recently, the public are beginning to give a damn, and such an article would probably be the final nail in the coffin for Phorm
Vote with your feet
As an organisation we have many broadband circuits with BT which we will be migrating away from them over the next few months directly as a result of this action and loss of trust.
The supplier we move to will provide a written undertaking not to do this type of interception without prior permission.
Reassure them how ?
"We do not know whether they were participating in the trial or not... it should reassure them."
How ? I mean seriously, how is that meant to be reassuring ? BT enrolled 18,000 customers in their covert trial and didn't know which ones. How did they chose them ? Why didn't they keep any records ? If they don't know who they were, how did they count them ?
This is either serious incompetence, or BT knew they were in the wrong and sought to cover their tracks even at this early stage.
It's getting harder and harder to believe the former.
I have to agree, they WERE spying, simple as.
Soooo glad I am not, and havent for a long time, with BT. My parents are though... wont be using their PCs except through a secure tunnel.
Someone needs to sue the b******s, to let the world know they are bullshitting. And to stop this from happenning!
Come on BBC you can do better than that
Where is the investigative journalism. Why don't you hit BT with some of the good points raised here already.
Do your research.
Ask BT did they know that 121 media at the time of the 2006 trial was a well know spyware / rootkit company.
Then watch them squirm when you hit them with the: How do you know their data wasn't compromised if you don't know who was involved in the trial. Why did you trust 121 media?
These presenters let them off far too lightly!
go to badphorm.co.uk instead..
Perhaps el Reg should write to a Chief Constable and ask for a criminal investigation into this illegal activity - it works for MPs.
Lets Go Shopping With Emma Sanderson
Stand over her shoulder watching what she's shopping for.
Then evry time she looks at an item we could try and sell her three other items of interest. throw three posters of the latest movie at her, ask is she happy with her current bank, mortgage, car insurance...... and is she sure that those prada shoes not for her. realy sure! go on you, want them, you do!
how long before she get P!$$£& off
Where BT's argument fails
BT's argument seems to be based on the misconception that it's ok to intercept telecommunications so long as "no information was divulged, and that people were completely anonymous."
The problem of course is that under RIPA, it is the *act of intercepting telecommunications without consent* that is illegal. Whether any personal data is stored, processed or deleted immediately is utterly irrelevant.
It is no different from eavesdropping on telephone calls and claiming it was ok because no notes were taken, or that the eavesdropper 'wasn't concentrating'.
Track the Anonymous exchange
Because of the unique way that the BT is funded we can trace the effects of the BT Phorm Trial in 2006 Serach Google for "http://ntp.sysip.net/tag/2.js"
and hey presto you have now found forum posts with strange java script inserts .. ooo very annonymous now we have usernames...
Like poor old dayglo jim here: http://www.bikegirl.co.uk/forum/forum_posts.asp?TID=2418&PN=1 now read that and say they weren't affected!
or duffy666 or Delise The list goes on...
What bothers me more than anything in this is that.....
Not one of our legislators or, indeed, the police seems to be taking an interest. If it was - as asserted - a mass illegal wiretap then there should be a criminal investigation and, if appropriate, prosecutions in the public interest of those executives involved. BT will not reveal who the targets were just in case the list contains some Americans or Germans who would take a much more vigorous approach to having their confidentiality maintained.
If it wasn't an illegal mass wiretap then the sooner the general public know it is quite legal for an ISP to pimp your internet usage the sooner they can start moving their accounts to the secure ISP of their choice.
As another contributor said just 'cos it may be legal doesn't mean it has to be done - or are we in a race to the lowest common denominator of standards?
If BT, Phorm and the rest get away with this continued fudge then eventually the momentum will build to let it pass and your browsing habits will be pimped by all ISP because they won't commercially - in the shareholders interest - be able to justify not doing it.
In this case there is no honour amongst thieves!
Hey this is better than 'Watergate'..
Wonder if they'll turn this Bt scandal into a film one day..
Taken from the Phorm website:
Phorm enables ISPs to play a pivotal role in the online advertising market while offering a better and safer browsing experience for their customers and fully protecting their privacy.
Current partners include BT, TalkTalk and Virgin Media - companies representing approximately 70% of the UK broadband ISP market.
It doesnt mention however what encompasses 'BT' but it looks like you may be safe.
This also answers my question about Virgin Media... dammit
And what about the option to not have adverts?
I dont care if im looking up holidays i dont want a big advert shouting at me to go to spain.
...possible Phorm thwart ?
Since it seems a few websites are a little unhappy at this, how about an informal industry arrangement where every webpage is sent with some sort of MD5 hash in the headers ? The browser could run a comparison of the hash with one computed from the actual page.
My letter going out to news channels, gov bodies and one MEP.
Phorm and the profiteering of BT, Virgin Media and Carphone Warehouse.
Or, how your online browsing habits are up for sale.
I've just been left wondering why no decent investigation or coverage off the Phorm and BT/Virgin Media/Carphone warehouse association has not been carried out in any depth by any news media or unbiased governmental body, has investigative journalism truly died in the country? Are the laws of British citizens no longer applicable to big businesses?
Phorm, an ex adware/spyware company (placing files unbeknownst onto a user’s computer without their knowledge) is run by a man called Kent Ertrugul who used to run a company, 121 media. This company would watch your browsing habits so that targeted ads could be delivered whilst you were surfing. Most antispyware programs would delete these cookies as spyware. As 121 Media they ran a series of secret trials with BT without their customer’s knowledge or consent in 2006 and 2007.
Having changed their name they now intend that ad targeting be run by your internet service provider so antispyware will no longer have anything to delete. As Phorm they are being allowed to run their own proprietary software on two of the UKs largest broadband servers, BT & Virgin Media, who do not have access to their code, yet who can state with unequivocal assurance that it is safe, and that identifiable customer information cannot be seen.
How one top man, Stratis Scleparis, from BT has moved across to Phorm after the secret and illegal profiling trials of ‘06, ‘07, and how over 9000 people have signed a government petition trying to stop it has caused little to no reaction in the countries news media.
This is invasion of privacy on a massive scale yet the BBC seems hardly aware of it except for one little item where they appear to agree that the secret BT profiling trials of some 8000 customers last year may have been illegal - well, I've not seen anyone arrested yet, not even an investigation – what gives?
The opt in/opt out measures (requiring a cookie?) are a joke as all your info still goes through the profiler, which, apparently never gets to Phorm, but seeing as how the code on the ISPs server belongs to Phorm, I’m unsure how exactly the ISP’s know, with such confidence, what information is (or will be when the code is updated) passed through.
Labour MP Patricia Hewitt is on the BT Board which might explain somewhat why more fuss is not being made about this issue, and of course, Stratis Scleparis, the BT Retail CTO moved over to become Phorm CTO might explain why BT are desperately pushing this through.
Thanks for reading - Tony F Paulazzo.
If you're still reading, any thoughts of what I've missed, what else needs to be said, etc, Cheers.
Valued Added Services
Emma Sanderson - Director of Valued added services.
I don't know about IT but in finance value added services is a nice way of saying screwing more money out of our client
No personally identifiable information was (...) disclosed
Um, but it was, BT apparently allowed Phorm to install their own equipment in the middle of the network, thus BT disclosed everything transferred through the network to Phorm. Whether personally identifiable or not.
***"When will BT start inserting ads into private 'phone conversations to "improve your conversational experience?" "***
Right after they start listening in to your private conversation in order that the inserted adverts are more appropriate. Of course the 'listening in' will be done by sophisticated speech recognition systems. All that will happen is that key phrases and words will be recognised in order to build up a profile of your likes and dislikes. No actual conversations will be recorded and your anonymity will be preserved.
I'm *sure* everyone would be perfectly happy with BT doing that? Yes?
But that is exactly what they are doing to your private *web* conversations.
Action or words?
More hot air. Are you going to email the BBC complaining about their bad reporting? That might just possibly have some effect. Whinging here will have none.
Anyway if you expect any of the national media to understand anything technical you will always be disappointed.
What about the BBC's role in this...?
Just seen something purporting to be a news item on the BBC website by one Julia Caesar. More BBC whitewash.
"The technology works by monitoring your search engine activity?" DId I mishear that? What complete garbage. As is known already, the technology works by monitoring *all* your activity, not just your search engine searches.
The "report" fails to mention the other company involved in this illegal wiretapping incident, Phorm. Why is this? Does the BBC have some hidden interest in or alliance with Phorm?
Their so called "journalists" are to that profession as I am to an international standard batsman.
£28? where are you buying your domains from?
There's no reason to be paying more than £4 for a .com and you can get .uks at close to cost, which is £5...
Friends tell us BT will get a grilling on Channel 4 News today.
It did. And C4 interviewed one poor sod who queried the matter with BT and was toldl it must be a virus. As he couldn't remove it, he bought a new computer.
Time for the wookie defence?
How long before we hear this in the British courts?
Chewbacca is a Wookiee from the planet Kashyyyk. But Chewbacca lives on the planet Endor. Now think about it; that does not make sense!
Why would a Wookiee, an eight-foot tall Wookiee, want to live on Endor, with a bunch of two-foot tall Ewoks? That does not make sense! But more important, you have to ask yourself: What does this have to do with this case? Nothing. Ladies and gentlemen, it has nothing to do with this case! It does not make sense!
Look at me. I'm a lawyer defending a major communications company, and I'm talkin' about Chewbacca! Does that make sense? Ladies and gentlemen, I am not making any sense! None of this makes sense! And so you have to remember, when you're in that jury room deliberatin' and conjugatin' the legality of BT snooping on it's punters, does it make sense? No! Ladies and gentlemen of this supposed jury, it does not make sense! If Chewbacca lives on Endor, you must acquit! The defense rests
Good news for Pirates tho.
BT said that while they recorded IP addresses, those can not be turned into a way of identifying an individual.
So, as an ISP, who has full access to the DHCP lease logs and Customer Billing information, and (hopefully) the means to tie these together, they are claiming its impossible to say that IP address 22.214.171.124 was definately Joe Bloggs (as it could have been his wife, Jane Bloggs, or his son, Jimmy Bloggs) are they not also saying its impossible to say who is using the connection to download MP3's/DivX's ?
Also does it not through all the Police IT enquiries into Grooming and Child Pornography Rings out of the window too?
How thick can you get
So, the friendly friends at the Reg. think "that BT's statement does not answer our questions ". But if I read the BT statements, they answereed all your questions loud and clear with a resounding:
BUGGER OFF, STOP PESTERING US!
So, there you have it, glad to be of service, and if you need any further translation don't hesitate to ask.