Feeds

back to article FIPR: ICO gives BT 'green light for law breaking' with Phorm

The Foundation for Information Policy Research (FIPR) has slammed the Information Commissioner Office's (ICO) for glossing over doubts over the legality of Phorm's advertising targeting in its public statement on the controversial company. The ICO released a long-awaited statement on Phorm (pdf) on Friday. It said: "[Phorm] …

COMMENTS

This topic is closed for new posts.

Page:

Anonymous Coward

DPA != RIPA

Again they appear to have the Data Protection Act and RIPA confused.

If they keep personal info, then they would be contravening the DPA.

The act of intercepting a telecommunication is illegal under RIPA. Whether any info, personal or otherwise, is stored is utterly irrelevant.

0
0

Lies, lies and lies. But no surprises.

I read the BBC's news report today about Cambridge University's findings.

In that BBC coverage, a spokesdroid for Phorm said: "The Regulation of Investigatory Powers Act (RIPA) was drafted in the earliest days of the internet. It is not designed to criminalise legitimate business activities."

Even that simple statement is disingenuous empty spin - or more precisely it is completely wrong.

Firstly, K(u)nt and his odious PR drones obviously know nothing about the internet's history.

The RIPA Bill was introduced in the House of Commons on February 9, 2000 and received Royal Assent on July 28. That means it was drafted and debated during 1999 (although probably conceived the year before).

So they are saying that the year 2000 is "the earliest days of the internet." I think not!

Licklider had the idea in the early 1960s; ARPAnet went live in December 1969; the term 'internet' for a global network of networks was coined in 1974; the first TCP/IP WAN launched in January 1983 (when ARPAnet moved from Network Control Protocol to TCP/IP); the NFS network was made available to commercial users in 1988; CERN introduced Berners-Lee's HTTP and the World Wide Web in 1991; and the Mosaic browser was launched a year or so later.

Secondly, I concede that RIPA does not appear to be "designed to criminalise legitimate business activities." But Phorm's projected activity is not "legitimate business": it is an unauthorised interception of traffic as defined by Section 1 of RIPA and as such is illegal.

Moving on to the Wikipedia issue, I am sure El Reg readers take much of what appears there as manipulation by vested interests. So no surprise there!

It is no surprise, either, that pro-Phorm entries are traced to an IP address range assigned to BT.

Nor am I surprised that BT says: "It's nothing to do with BT PR. We haven't been involved with amending any Wikipedia entry on Phorm." After all, BT has consistently been deceitful and dishonest and secretive about Phorm. So why should we believe them now? They are habitual liars.

Phuck ophph Phorm.

Aux armes, citoyens.

0
0
Anonymous Coward

lol

lol nothing will stick, they'll just "prove" that they weren't "intercepting" anything.

Remember, the government want Phorm like access, the police want Phorm like access and the companies want Phorm like access.

The sheep will suck it up, and those who don't will rant and rave and look like paranoid crazies or just leave the country.

My advice, start looking for a new place to live. If nothing else at least nearly anywhere else is cleaner then this cesspit.

0
0

ICO

"Phorm has assured me that their system is very good for my bank balance, that is to say, very good for the consumer."

Come on, the ICO plainly ignored FIPR for no good reason. Phorm is illegal, its about time the ICO said so.

0
0
Stop

Jobs for the boys

The ICO won't upset the apple cart. They have long been proven to be useless at their job and why should they start the development of a spinal cord on something as wide ranging and far reaching as this. It makes sense to bury your head and pretend it was someone else. Despite the remit of the company [Phorm] saying they are going to use financial information (from their data protection listing) and depiste the fact the ICO is the data police.

They won't risk annoying the govt, the home secretary (And we know she is useless) backed it so why shouldn't the ICO.

I am not surprised.

Can we have another government please... This ones broke, corrupt and defunct.

0
0
Thumb Down

DPA is about more than storing personal data

The DPA also refers to processing personal data, not just storing it. In order to strip it out of their input stream, Phorm must process it even if they throw it away. Anyone using the DPA daily care to point out where my logic is wrong?

0
0

Re: DPA != RIPA

The first message is slightly wrong, you don't have to store personal information for something to fall under the DPA you simply have to processes it. Further more if the personal information you are processing is sensitive (health info, religious or political views, sexuality, trade union membership etc) then you require explicit rather than simply implicit consent

0
0
Thumb Down

Privacy for all

Note that it's now emerged that any website operator can read the Phorm user ID cookie if he wishes.

So Phorm have inadvertentely/deliberately/incompetently (* delete as appropriate) introduced a global method of uniquely identifying evey user out there. It's like embedding your MAC address in every request...

Way to go, guys - nice to know that your technology is all about "enhancing privacy".

0
0
Boffin

ICO=

Internet

Confuses

Overlord!

When will these phuckwits get the message.

Good;

"Surfer" - Internet

Bad;

"Surfer" - Phorm - Internet

Simple.

0
0
Anonymous Coward

DDOS

Because the Phorm system redirects everything to webwise.net, a DDOS attack on that website will kill several ISPs customers stone dead. Let battle commence.

0
0
Silver badge
Unhappy

Phuck me!!

I'm getting my MAC code from BT today.

I wonder how many other customers BT are losing due to Phorm?

0
0

talktalk looking up?

In agreement with the first AC in this thread. I don't so much care whether data is stored or not, its the interception with the possibilities that leads to that has me concerned. I am far more concerned that a company might tap my communications. Once tapped what they do with it is a matter of trust and this company is far beyond trust worthy, but thats a mute point. I don't want my data anywhere near a third party.

Of the three major ISP's talktalk are the only one so far to confirm (via the members discussion forum) that their implementation will be opt in and will mean that for anyone who does not opt-in their data will never go phorm equipment or software. So far they have yet to confirm an implementation.

On top of that they recently announced a royal screw you to the BPI by saying they will fight the 3 strikes and your out rule for file sharers. Slight caveat being that they do shape p2p traffic.

I for one switched to talktalk from bt a few months ago (saving 20 quid a month in the process) and have to say nothing so far is making me regret that decision. I would be away from bt faster than the proverbial rat given current happenings.

0
0
Anonymous Coward

So Phorm don't have anything identifiable... so what?

Whether they do or not there is still interception going on with no explicit consent from both parties. Which according to the Clapham Omnibus test is against the law as defined by the RIPA.

Also the ICO might wish to head on over to http://www.un.org/Overview/rights.html and take a look at Article 12... it's a document with which they ought to be familiar.

0
0
Bronze badge

Bad Phorm old chap

Having read the missive from our wonderful guardians I thought I would ask them a few simple questions such as 'Will BT/Phorm be asking my permission to intercept communications between my website and my customers' and 'if I choose not to join this intercept process will my network traffic be routed around Phorm's intercept system or will it be passed through on the promise they will not peep'.

Will update if I ever get a reply

0
0
Coat

RIPA?

So what do we need to put on all our websites to make it clear to Phorm that we don't want them using OUR material to make money for them which is what it boils down to in the end.

I've seen "RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION" But is that enough.

Or do we all need to email Phorm and their scummy ISP associates with a formal notice informing them that they have NO rights to scrape websites that we run - and then list the websites that we own?

Failing that I'll just have to sign my own SSL cert and move all my sites to HTTPS!

0
0
Coat

I am Elvis Presley

""[Phorm] assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users. Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users.""

Hmm - if I tell the ICO that I'm actually Elvis Presley re-incarnated I'd hope they'd not just take my word for it.

The ICO should not just take Phorm's "assurance" that it doesn't do things. I'm sure the average psychopath assures people that they're perfectly safe.. just because they say something doesn't mean it actually is true.

Its the one with all the Rhinestones

0
0
Stop

Re: DDOS

A DDOS attack on webwise would not have any effect. The webwise site the ISP 307s to is sitting in the little black box within the ISP so is protected from high traffic volumes.

If they had not put webwise into the ISP, 10 million UK customers and a few more 10s of millions from around the world all being 307ed to the real webwise DNS would have been more effective than any DDOS attack at collapsing the system.

0
0
Stop

Big Telco in activity profile thieft?

I've been thinking about this:

My web browsing, is user generated content, thus it is a product created directly by my activity.

Think of it in the sense of "usage as a business" I'm using the model of a telemarketing company:

A telemarketing company buy their Telephone/Internet Service from Big Telco,

the telemarketing company then build up Profile Data ('target market information' as a result of Telephone/Internet Service activity.

The Big Telco then purchase the Profile Data produced by the telemarketing company. DATA COSTS MONEY. (any marketing company will tell you that)

Big Telco then use the Profile Data in whatever marketing application they have planned as they have bought typically LIMITED USAGE RIGHTS to that data

Big Telco would be unable to carry out their marketing application without buying the data as they wouldn't have the Profile Data.

Now my clickstream belongs to me, its my activity, it is certainly not the automatic property of Big Telco, what the Webwise/Phorm device proposes is the ILLEGAL DATA HARVESTING of my Click Stream thus robbing me of the ability to use or sell that Profile Data else where.

This is a DATA RIGHTS STING, Big Telco appear to be trying to get the jump on the population, to take ownership of a product of peoples activity, infringing on peoples human rights to privacy at the same time.

This is disgusting, this needs to be stopped.

Can this be brought to the European Commission?

it is astonishing, I read the ICO whitewash and couldn't believe what I was reading, what on earth is the Home Office doing green lighting illegal activity?!?

anybody know if this can get stamped on by the EU?

This makes me feel SICK.

DO. NOT. WANT.

0
0
Bronze badge
Thumb Down

Phuming Mad

So, I'm crazy enough to opt in to have my browsing habitually monitored for the benefit of advertising companies...

My wife pays the bill to BT. Is she opted in as well? And my son? Both use my computer.

It would be *THEIR* personal information that would be intercepted/processed, not just mine, and how the phuck would Phorm know the difference?

0
0
Paris Hilton

I still don't get it

Call me dense, but I still just don't get the fundamental business model here.

Marketers (whom are uber-data miners by nature these days) will accept from Phorm, that the advertisements are in fact reaching the targeted audience without proof ? Highly unlikely.

If I were paying for targeted ad placements (which I did in a former life), I would demand some proof that the ads could be linked to my actual sales. No ability to prove, no sale.

I'm not giving you (Phorm) good money to do something I could do myself (i.e. advertise my product on specific websites dedicated to the same genre) unless you (Phorm) can prove to me that my customer base increased as a result ... ergo, unless you can match your advertisement base to my customer base in a statistically sound manner, it's just a lot of "wouldn't it be great if" and "theoretical BS".

In order to actually prove some marketable results, they must, by definition be able to track individuals. This is, afterall, going beyond the basics of demographics.

I, as a business consumer, would require verifiable proof, which, by Phorm's explainations, can't possibly exist. I just don't understand how a thinking advertiser would opt in on this in the first place.

If I were in the business of managing your money, you'd expect for me to tell you and illustrate how much money I made for you ... and be able to separate out my actions from yours so that you could compare and contrast the two.

If I were in the business of selling you advertising space, you'd expect for me to illustrate, compare and contrast how that space I sold you resulted in an increase in sales/profits.

In neither case would you be content with "Well, your sales went up because of a reason we can't prove." Or worse, your sales went down for a reason we can't prove.

How the heck are they supposed to tweek these things (this is, in fact what I do for a living) if there's no front-end database of whom saw what ad, clicked on it ... whom saw what ad, clicked on it and made a purchase ?

According to Phorm, there is no way of being able to track and/or report on their success/failure (if you believe their press releases anyway). This business model just doesn't make sense.

Sorry this was so long. I'm just very confused at the seemingly self-voiding of their business proposition. Something just doesn't add up.

I guarantee you ... if this thing goes full-tilt, there will be a ruckas in the coming months about how they did, in fact, store and utilize the particular details of customers ... no responsible data mining could occur without it. Their advertising customers are going to demand proof and Phorm's gonna have to give it ... ergo, they'll have to have the data to back up their claims.

This just doesn't add up. "You want me to buy a service from you based upon your unverifiable word that it works ?" Hey, I've got a bridge in Brooklyn up for sale. Interested ?

Paris because I must be equally as confused.

0
0
Stop

orwellian dystopia?

sounds like the old "one law for the people, another for corporate raiders"

or

some doubleplus ungood double speak.

all data sharing/harvesting/rention done by individuals (pirates) is bad,

all data sharing/harvesting/rention done by corporates (paragons) is good economics and maintiaining the countries techonological edge.,

....Four legs good, two legs bad, unless....

"Comrades!" he cried. "You do not imagine, I hope, that we pigs are doing this in a spirit of selfishness and privilege? Many of us actually dislike milk and apples. Milk and apples (this has been proved by Science, comrades) contain substances absolutely necessary to the well-being of a pig. We pigs are brainworkers. The whole management and organization of this farm depend on us. Day and night we are watching over your welfare. It is for your sake that we drink that milk and eat those apples."

"Animal Farm" the Orwell version, not the "other" version ;oP

0
0
Gold badge
Pirate

@ DPA != RIPA

You're absolutely correct. We're talking about legal intercept issues here and privacy is NOT a critical element here to create a breach of law.

This means that the ICO is correct (their domain is DPA), but Home Office should intervene as (AFAIK) RIPA is their animal. And it's not small beer either, a RIPA breach of this order is, if I recall correctly, a CRIMINAL offence.

So, nice try for a distraction, didn't work..

0
0
Unhappy

ICO statement

Apart from the fact that it isn't the *technology* that's the problem (so all statements from Phorm are irrelevant) it's how it's implemented, a point that the ICO seemed to have managed to avoid addressing.

Unless the system is *opt-in* (for all parties of the tcp connection) and when someone is 'opted-out' then their traffic bypasses the profilers then this is an unacceptable situation. I'm a network designer for a living (most recently for BT *hint*) and I fail to see a legal way of doing this.

"We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts."

Bullshit. They [ICO] have only addressed the proposed trial which BT have clearly stated will intercept *all* traffic even if you opt-out (discarding info is irrelevant to RIPA).

BT have said that they are 'designing' the system to avoid this interception if you are opted-out for the *live* platform. The reason they have yet to give out any networking details around the proposed *live* platform (as they claimed they would do on the BT forums) is probably down to the fact that it can't be done without hitting the same issues they currently have. I know, I design networks for a living remember.

I also know that the BT Retail designers are not part of the general BT design team (which is why this platform probably came as a shock to a lot of internal BT people) and which is probably why it's so half-assed and unworkable. If BT Retail had followed the normal BT internal design procedures then this would have reached the e2e design team and all the things that have been said about this platform would have come to light a long time ago (btw this would have constituted the 'due diligence' which they [BT Retail] have obviously failed to perform).

"BT has also stated that the system does *not store* personally identifiable information, URLs, IP addresses or retain browsing histories and that search information is deleted almost immediately, and is not retrievable."

My emphasis. So it still intercepts it then? Yes? Probably Illegal? Yes.

“We will continue to maintain close contact with Phorm and BT throughout the trial. Clearly the trial should reveal whether this is a service that web users want, whether it is privacy friendly and that users are comfortable with the privacy safeguards put in place by Phorm.”

I'm less concerned about the privacy aspect (which even technical experts will agree they [Phorm] have actually addressed with a lot of diligence) than the *fact* that my data is intercepted and then *something* happens to it.

I don't want my data intercepted at all, not even so it can be discarded, because I believe that would be illegal without a warrant.

Having said all this, I don't think the ICO statement contains any concrete approval or disapproval at this point, although the tone does seem uncomfortably supporting.

If they [ICO] don't stop this then I will change ISP to one who does not allow it. If it should ever become law that all ISP's must run some sort of *filter* - after all pandora's box cannot be closed - then I will simply stop using the internet at any personal identifiable level.

Once they prove they can DPI all our traffic, the ISP's will cease to have any argument against the imposition of filters based on *filesharing/child-porn/<insert bad thing of the day here>*

Oh last thing, the ICO statement mentions 'web browsing' as if that's all the system does. Ho ho ho. I think the FIPR should be given the fangs and the ICO should be put out to pasture.

</rant - phew>

0
0

Consumers should vote with their feet ...

It will take years to argue around the legal aspects of RIPA and/or DPA possible breaches ... so I would say people should just move away from any ISP which signs up with Phorm.

Maybe someone might start-up a TOR friendly ISP and advertise (mostly) anonymous Internet access as a Unique Selling Point ??

0
0
Unhappy

Phorm & BT just dont get it

I dont want my browsing intercepted, not because I'm a terrorist or a kiddie fiddler I just dont want anyone sitting on my shoulder as I surf. The whole idea behind the system is wrong, if you want to introduce WebWise, great, if it is so compelling then people will opt in to it but dont Assume that no one will be bothered by you intercepting all their data!

0
0
Joke

@ Peter

"This means that the ICO is correct (their domain is DPA), but Home Office should intervene as (AFAIK) RIPA is their animal. And it's not small beer either, a RIPA breach of this order is, if I recall correctly, a CRIMINAL offence."

With any luck, Kent will end up in Wormwood Scrubs where he will learn the true meaning of "invasion of privacy" when he first visits the showers.

0
0
Anonymous Coward

@ Peter - "Criminal offence"

> And it's not small beer either, a RIPA breach of this order is, if I recall correctly, a CRIMINAL offence.

So you're saying that BT broke the law in their trial run. Therefore shouldn't one or more of BT's managers be spending some time with Bubba?

And if the Home Office won't prosecute, aren't they failing at their duty to uphold the law and thus breaking the law themselves?

Can't someone go to BT's HQ and execute a citizens arrest on the chairman?

0
0
Pirate

Information On Space Travel = A Holiday to the Bahamas

“We will continue to maintain close contact with Phorm and BT throughout the trial. Clearly the trial should reveal whether this is a service that web users want, whether it is privacy friendly and that users are comfortable with the privacy safeguards put in place by Phorm.”

Of course, this does mean that the 10'000 user's targetted will be selected from computer numpties who click yes on everything ("Would you like to download this Virus", " oo, erm, yes please"), BT employees and Phorm Representitives... Nice one!!

Incidentally:

vi·rus

3. a corrupting influence on morals or the intellect; poison.

4. a segment of self-replicating code planted illegally in a computer program, often to damage or shut down a system or network.

0
0
Anonymous Coward

I dont understand why businesses will want this

Do business ever think anybody will conduct money / data transfers or anything on else on the net ever again once they know a bunch of spyware merchants of dubious origin have the ability (should they wish) to intercept their data.

It is the end of online transactions as we know it. I know https is different from http - but I will no longer feel safe with Kent and his Russian cronies 'guarding' my packets of data.

Get rid of Phorm NOW!

0
0
Anonymous Coward

Criminal breaches of RIPA

My understanding is that breaching RIPA is a criminal offence punishable by up to 5 years in prison for each offence (up to 2 years if tried in magistrates court). Of course one attempt to report the 2007 trials to the police met with stonewalling as they refused to issue a Crime Reference Number.

Others, including myself, have also tried to start a new petition on the downing street website calling for either the Police, Home Office, or Crown Prosecution Service to start an investigation into the 2006 and 2007 trials, Not surprisingly these have all been rejected (sometimes for the arguable issue of duplication, once even rejected claiming that its outside the Prime Ministers and Governments powers).

One rule for the people and another for big business. Its disgraceful.

0
0
Dam

MONEY WILL FLOW

Regardless of legality in the UK under DPA and RIPA, it still isn't legal in France where my servers sit, and where my intellectual property is hosted.

Now I can't wait for the moment Phorm starts *intercepting* *my* intellectual property and make money out of it.

I'm so sueing and claiming damages.

0
0

ICO, short for incompetent?

From personal experience I've found those in the ICO to be an idle lot who will do anything which involves producing reams of pre-formatted paragraphs, but nothing which involves doing any actual effort or work.

The only surprise is that they managed to get out any comment before Christmas. Must be a record.

0
0

Dear Government,

I promise that I do not have any children, haven't broken the law and feel completely healthy and furthermore promise that I shall not change my circumstances in the future (despite the fact that I am on record as saying otherwise). Therefore I shall be witholding the part of my Council Tax that pays for education, policing and healthcare.

Together we can both share the efficiencies of me not paying for a service I am not using. Moving forward, I shall also be investigating the reduced government administration overhead that might be leveraged through opting out of taxation altogether.

0
0

Boycot BT

How can showing adverts targeted at me (using personal data) to other people I share a computer with not be a breach of my human rights? BT might as well put 'This is what X has been looking at' posters up around my house!

This government is becoming really scary - Gordon 'Stalin' Brown is selling our human rights down the river for some abstract concept of 'the greater good' that a huge number of electorate disagree with. Well, that's BT on my boycot for life list (along with Nestle and Shell), and Labour are almost there as well.

0
0
Alert

who gives a f#k

dont just sit there thinking oh this is bad, get off your arse and send a f#king letter... Email just wont do, this is important people.. FFS more people want Leed's point back, whatever they are?! . this is fast becoming a non issue...

Gang rape is legal only if your properly registered corporate gang who do their tax returns...

0
0
Thumb Down

Powerless Prime Minister

Just had another petition rejected on the Number 10 website. Response below, apparently the upholding of the law is outside the Prime Ministers powers or remit.

Judge for yourselves:

Hi,

I'm sorry to inform you that your petition has been rejected.

Your petition was classed as being in the following categories:

* Outside the remit or powers of the Prime Minister and

Government

If you wish to edit and resubmit your petition, please follow

the following link:

[Removed]

You have four weeks in which to do this, after which your

petition will appear in the list of rejected petitions.

Your petition reads:

We the undersigned petition the Prime Minister to: 'Request

that the home office investigate criminal behaviour by BT and

Phorm in 2006 and 2007.'

In 2006 and 2007 BT instigated trials of a system called

Webwise (then Pagewise) this system involves intercepting

Broadband Users web requests and response and processing them

to build up a profile of the end user.

The interception of the users web request without the user and

the websites explicit consent is on offence under the

Regulation of Investigatory Powers Act.

As the trial was conducted in secret by BT and BT are

"reluctant" to give further information about the trial it is

necessary for the Home Office to investigate what interceptions

took place and to bring about prosecutions on behalf of the

effected parties.

This is not a petition against the implementaion of Phorm by

BT, Virgin Media or Talk Talk. To register for that petition

use the following link:

http://petitions.pm.gov.uk/ispphorm/

-- the ePetitions team

0
0
Joke

I just had a thought........

If the BT & Phorm are looking for 10,000 volunteers to see how many people would be interested in using this technology there is a list of just over that many people here:

http://petitions.pm.gov.uk/ispphorm/

Maybe they could canvass these people to see just how popular the more relevant advertising feature would be........

0
0
Stop

@money will flow

the problem is how would the website owner know if the traffic was being profiled (intercepted) as any change to the data that is returned to the client is performed inside the ISP network?

the only thing a site onwer can do is check for the opt-in cookie and display an alternate page that says "pages not supplied to users that have opted into phorm !!" in big red letters

Peter White

0
0
Silver badge

Not a lawyer - but...

BT says the trials in 2006 and 2007 were legaland were not in breach of RIPA or the DPA, as a consequence they did not need to inform the customers nor amend the terms and conditions of the service.

HOWEVER, before WebWank goes live, BT says it must amend the terms and conditions of the service. Presumably to protect themselves from the wrath (hah!) of the DPA and RIPA.

So which is it? Legal or illegal?

Well my DPA request is in the post to BT. I'm awaiting their response with interest.

0
0
Anonymous Coward

boycott?

The only way to boycott is to go with Virgin media... and weren't they intending on using phorm too?

Why? Well becouse phorm is implemented at the exchange... and we all go through BT exchanges.

0
0
Alert

@AC

I agree - write to your MP - or email them, get them sending questions to each other, point out to your MP that all their web mails will get diverted through Phorm.

letters and emails and constituents are the main interface between themselves and reality for a lot of them and a few letters can have a surprisingly large effect - so let them know their voters are angry.

You can mail them from here

http://www.theyworkforyou.com/

0
0
Alert

Legal Issues

My analysis of the secret trials in 2006/2007 is that multiple laws were broken as outlined below:

Regulation of Investigatory Powers Act 2000

Secret trials = no consent from either party to intercept.

Privacy and Electronic Communications (EC Directive) Regulations 2003

Secret trials = no consent from either party to intercept or process.

Data Protection Act 1998

Secret trials = no consent to process personal data, even anonymising is processing

European Convention on Human Rights

Right to privacy of correspondence

Human Rights Act 1998

Right to privacy of correspondence

Computer Misuse Act 1990

Knowledge and Intent to "Hinder" access and "Impair" operation

Fraud Act 2006

Masquerading as the intended destination (Phorm's "special machine") for the purpose of gain (revenue from advertising)

Torts (Interference with Goods) Act 1977

Trials inserted javascript programs into web pages which then took resources to process (see Ebay vs Bidders Edge) = trespass to goods/trespass to chattels

The Council of Europe's Convention on Cybercrime

Covers this issue very comprehensively

Copyright, Designs and Patents Act 1988

Copying a website for commercial purposes, see cases against Google and Archive.Org

I am in the process of writing my dissertation based around all of the above legal arguments, it will be publicly available under Creative Commons once it is finished.

Bottom Line?

BT trials in 2006/2007 can only be seen to have been criminal offences under multiple Acts as well as leaving BT liable for litigation under Tort law.

ICO?

They have a duty to investigate BT's secret trials for the unauthorised processing of personal data (irrespective of what was done with it "after the fact") under DPA and PETR

Home Office?

They have a duty to investigate BT's secret trials on multiple counts under RIPA, CMA, Fraud Act 2006.

Other stuff?

Any case which is initiated in a court of law (either criminal or civil) can also attach complaints under Human Rights Act 1998 irrespective of the fact that BT are not a public body. A judgement from a court -MUST- be compatible with ECHR and HRA as a court is a public body as explicitly defined in the Convention and the Act.

Possible EU Action?

Definitely. Council of Europe's Convention on Cybercrime is a mandatory convention, European Court of Human Rights may be applicable for breaches of ECHR and HRA. EU Copyright Directives and Data Protection Directives may also be relevant.

That's -my- opinion and it is such a strong opinion I have decided to study for a Masters in Law next year in order to help prevent this dogmatic attack on the fundamental rights of our society.

Phorm CEO (Kent) wants to talk to me on the telephone according to message I got from his PR team, but given the misquoting of Dr. Richard Clayton on their Blog this weekend, they can whistle.

0
0
Black Helicopters

So what we want is a website owner

to make official complaint to the fuzz. They will not usually investigate criminal offence without one.

How about it ElReg!!

0
0
Go

Setting up an on-line petition

Those who had the good idea to set up an on-line petition to call for the government or various government bodies to investigate BT for breaching criminals laws could set up a petition here:

http://www.petitiononline.com/

At the very least, it would be highly embarrassing and a huge PR blow to have ten thousand signatures from the public asking for the directors of your company to be investigated from crimes and possibly locked up if found guilty!

0
0
Boffin

About other ISP's using BT infrastructure

Just to clarify a little for people who aren't aware of how 'BT' is structured..

BT Retail is effectively a customer of BT Wholesale (the same as Tier-2 ISP's are customers of BT Wholesale).

As this sorry mess was put together by BT Retail, it is unlikely in the extreme that BT Wholesale would dare put this kit in line with their infrastructure (and thus in-line with Tier-2 ISP connectivity).

In fact, I don't even think BT customers using business products would be affected by this (so far). I may even just change my DSL to a business line and pay for it from my company (but with another ISP of course - it might be easier to obtain injunctions and pursue legal matters if from a business rather than an individual).

</2p>

0
0
Anonymous Coward

VPNs and HTTPS

Any good links to get going?

0
0
Anonymous Coward

"phorm is implemented at the exchange"

No it isn't, although BT's earlier comments about who was or wasn't involved in the earlier trial may have led you to think that. But they were being misleading. The criminal behaviour inside BT comes from BT Retail, whose Chief Technology Officer left to go to Phorm (as CTO). As you do.

If you are with one of the many BT-based ISPs from AAISP to Zen and many others in between, connectivity between you and the ISP is provided by BT Wholesale, a (separate, so they say) part of BT, distinct in economic and technical terms from BT Retail.

If BTwholesale do get caught doing this kind of thing it will seriously upset the smaller quality-focused ISPs (e.g. Zen have said "no Phorm here"), but maybe the quality market is so small that BTw won't care...

0
0
Unhappy

Really...

.... is there anything these f**kers won't do?

And now the ICO has more or less said:

'Phorm has told us they'll be good boys and only use the illegally intercepted and analyzed packets for good things that everyone wants, so it's all ok'

I guess this is a slight step back - keep fighting!

0
0
RW
Joke

@ StillNoCouch: Oxymoron Alert!

"a thinking advertiser"

I rest my case.

0
0
Paris Hilton

Wow, check the number of Webwise FAQ's now!

Has anyone seen the size the Webwise FAQ list has grown to?

Anyone would think they're getting the questions directly from the Reg.....

I notice they haven't got "What does BT think of Phorm previously being responsible for some really insipid rootkit crapware and being registered in virtual offices?"

Paris - Because there are some things even SHE won't do for money.

PS - Still waiting on a reply back from BT to my question about getting out of the contract early when they change their T&C's.

0
0

Page:

This topic is closed for new posts.