The European Commission is considering intervening over the failure of UK data watchdogs to punish BT for the way it secretly co-opted tens of thousands of customers into trials of Phorm's profiling system to serve them targeted advertising. At the end of May, the Information Commissioner's Office told Stephen Mainwaring, whose …
Anybody read this?
>The ICO's letter claims that because it would have been hard for BT to explain to
>customers what it was doing with their broadband connections, regulators should
>let the secret trials pass. "Taking into account the difficulties involved in providing
>meaningful and clear information to customers... in this case, this is not an issue
>we intend to pursue further with BT," the regulator wrote.
Wow! I never realised that "It's just too hard to obey the law" was a valid legal defence.
Get _Hackers_ on their asses
As in the film, not the people. Though they could probably help as well.
Pretty much, fine the hell out of BT and Phorm, all profits going to the gov't (UK or EU, whichever one acts first) to encourage them to keep enforcing these laws (sort of a litigious pavlovian response- Data laws broken in a big way, you sue, you get more money).
Then ban Phorm-like systems from operating in the UK (setting an example for other countries and giving leverage to their local campaigns to ban it).
Ban the founders/developers of Phorm from any computer forever. Right back to forcing them to use mechanical timers on their microwaves/washing machines.
And to enforce this we should have them tagged with a random number- so it's annonymised :P- and shocked any time they make a typing motion with their hands or enter an internet cafe (or Dixons).
Finally - the EU look at something worth looking at, why our government and watchdog's are complete wastes of space and sell us to the highest bidder?!?!!
Flame - because we all want to see BT and Phorm offices burned to the ground!!
ICO = Waste of space?
> "Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT"
> "BT aims to explain to customers what the Phorm "Webwise" system does"
So what has changed that BT can now give sufficient information so that users can make an informed decision before opting in that they would have found impossible to have done before?
Finally the EU may be worth it
I think its more a case of impossible to justify to customers its actions rather than explain the intention.
Come on BT its pretty clear;
“Dear customer, we wish to sniff around in your browser and identify “things” you may be interested in so we can make heaps of money from the purveyors of “things”.
We do not intend to link your identity to the “things” but in such a large data gathering exercise it may be inevitable that some purveyors of “things” may contact you or use information about you to their advantage.
Rest assured dear customer we want to improve your web experience (and our bank balance.)"
This may be the first time that I believe something good came out of Europe !!
"Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT,"
This is the part of the quote which you relayed so I only have this to base my opinion on. At issue is the fact that they believe that if it is too difficult to explain to the masses then there is no need.
On this basis then the gov't could bring in a KGB/SS style organization to abduct people and not be held accountable for its' actions. Seem far fetched, so was Orwells 1984 when he wrote it, but look around now and see where society is headed.
IF BT have an opinion that the trial was legal.....
then they should have no fear about publishing it. And, they should also Publish the question to the lawyers to which they recieved the positive reply. After all, if they have nothing to hide they should have nothing to fear?
Clearly, that is what the roll out of Phorm (or Webwise or whatever other name they want to give it) implies to their customers privacy. Commercial confidentiality isn't a defence for BT becasue it isn't a defence for their customers?
Paris, 'cos she can spot a toad.
I cant wait to see the usual comments on Phorm-related topics, maybe the guys with the http://ifyoulikeitsomuchwhydontyougolivethere.com/the-twat-o-tron/ can come up with a El Reg phorm-o-tron!
That is pathetic
"Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT," the regulator wrote.
So the regulator is saying that BT customers are too stupid to understand what BT are doing, or that BT were too lazy to explain it properly, they should just let it go. This guy should be sacked.
I just managed a screen and a half without ranting.
It was polite, reasoned and (I think) mostly spelt rite <sic> ;)
What is the world coming to?
Hurray for the EC
It is times like this that I am really glad that the EC can act when our lame duck Government sits on its fat backside when clear illegalities have occurred and the law are ignored!
"The ICO's letter claims that because it would have been hard for BT to explain to customers what it was doing.."
How about: A are going to let a company called B (who might have been in the business of stealing data under a different company name) look at everything you do on the Internet. They promise they will not look at your credit card details. If you do not give A permission, then A will probably be breaking the law.
There, what's hard about that?
Sue BT to high heaven... I feel like switching to Be anyway.
Point of no return
"Taking into account the difficulties involved in providing meaningful and clear information to customers"
"having been told by BT he most likely had a spyware infection."
Seems like they might have provided meaningful and clear information at that very point instead of deliberately trying to cover up what they were doing - it wouldn't have been very difficult. It's about time BT had some proper scrutiny, anyway, being yet another private monopoly from the Thatcher/Major era that the country has been saddled with. Had the executives only been slightly less incompetent, I'm sure they'd have a virtual monopoly on mobile services, too, by now.
"BT maintains its statement that the advice it took ahead of the trials said they would be legal."
So why did BT have a problem telling their customers what they were doing?
Is it too late to hope that a solution based on common law and human decency may yet prevail?
Thanks for going to the effort of chasing this up Chris, it is very good news and confirms the statements the Commissioner recently sent to members of the public.
Breaking rocks in the hot sun....
The point the ICO miss completely is this; while there may be little measurable economic damage... BT have no idea how much economic damage they inflicted... because they didn't care to measure it.
BT didn't care what privacy or security risks they exposed their customers to... because they didn't care to consult customers, offer an opt out, or even talk to the Home Office.
That's the problem if you rely on the assurances you get from someone with a criminal vested interest. They don't care about the consequences, because its not their problem.
BT are still, **still** leaking user names and security credentials to Phorm's webwise.bt.com server days after it was first reported. Anonymous my arse.
BT must be punished, without mercy.
And the Information Commission must be punished too. For being a berk. Get your coat.
Remember, who is looking at your data
Check out Phorm's history on the Wiki
Ask yourself. Do you want this organisation profiling your data?
Bonne chance Madame commissioner
Excellent news. It is time somone gave our own Information Commissioner a reminder about his duties to the citizen rather than large corporations. It is amazing that it appears to be so clear to so many that a prosecution is called for with regard to BT's actions over the secret trials, yet our privacy watch-chihuahua does nothing except a little bit of "informal" chatting. Bring on Mme Reding, and if possible bring on a new IC for the UK.
punish the UK data watchdogs then punish BT then punish phorm, a public flogging could be held and raise money for charity
And exactly how anonymous is this if they can target advertising at MY browser?
Flame, because there is not a two fingers icon!
Mines the tin foil lined parka.
Not Impossible to explain
"Despite the ICO's view that it is impossible, BT aims to explain to customers what the Phorm "Webwise" system does when it begins a third trial, this time with permission, at some unspecified date soon."
It's not that impossible, just send customers to:
I will say it again.....
The information commissioner is a total waste of space. I made a complaint about a serious breach of the DPA 1998 by a Governmental organisation and yet insetad of the ICO investigating they made a unilateral agreement, without reference to myself at all, agreeing that the ICO would not investigate this organisation until the organisation told the ICO it was ok for them to investigate. Totally useless. Looks good on paper, as always,but in reality if you pull the curtain up there is nothing behind it .
Phorm gets it's coat...
Mine's the one with the bright orange radio tag on it.
Get out your pens
Could everyone please put pen to paper (not fingers to keyboard) and write Commissioner Vivian Reding a letter applauding the news and reiterating your concerns over the Phorm issues (including the trials and future deployments of the technology). It is critical that we now make sure Commissioner Reding discovers just how much of a public issue this is, and that it is not just a few geeks complaining.
If everyone writes to her office, she will have no reason to doubt the seriousness of this case and will hopefully pursue the issue accordingly. This is a great opportunity to bypass the regulatory capture currently being demonstrated by ICO.
Dear information commissioner
the reasons I am posting you this 4kg anthrax-fueled bomb are so complicated that you won't understand them, so there's no way I can be presecuted for breaking ANY laws, right?
Or is it one rule for me and a much easier one for BT?
The "you're to thick to understand" defence.
***"The ICO's letter claims that because it would have been hard for BT to explain to customers what it was doing with their broadband connections, regulators should let the secret trials pass."***
So I wander into PC World and make off with a shiny new laptop. When I'm stopped and asked what I'm doing I just have to say "I'm taking this laptop, but I'm afraid you are too stupid to understand why". At that point they let me go and let me keep the laptop, yes?
One law for us, a different law for them.
Jail the bastards, and lets hope they drop the soap.
Ok, I must be blind or something but I can't seem to find an address for Mme Reding for us to send all of our anti-Phorm letters to.
And 29 comments, and not a trace of the words "K*nt" or "Sp*nkb*bble"?!? Shocking!
Heres to the EU.
I am off to send her a letter to tell her what I think of BT and Phorm and our own ICO.
If they managed to keep the trials secret
surely no-one noticed, and so they can conclude that it didn't work?
If I remain British, I can only turn down the volume on the view screen.
If I become European, I can turn the whole thing off.
Mine's the coat 'cos i'm off to Paris.
BT say he had a spyware infection...
... Err, they were right surely?
Made me chuckle(because I can't cry at work) that the ICO felt that because BT couldn't explain to them what phorm was actually doing, it seems to me that no-one who's supporting phorm have *actually seen it working*. If you read back through all the previous statments from ISP's, Home Office, ICO, 80/20 etc, they all say the same thing "phorm assure us" and "phorm tell us" and "phorm ensure this". Here's a news flash for you people, ... Dramatic pause... *Advertisers Lie!* It's their only reason for existing. That and to grab as much cash as possible with F**k all regard to the consequences. As if they're going to tell the truth about their own product.
This is an open call to BT. You may think we're ignorant and can't possibly understand the legal complexities of just *how* what you've done is legal, so what have you got to worry about putting *All* your internal documents relating to phorm (and I mean every letter, every memo, every email, since k*nt and his c*nts first got in contact with you) and let us judge for ourselves. If by some laughable chance you're worried about the privacy of your staff, assign them all a unique number to replace their names. I mean, apparently you can never figure out a persons name from a unique number
Just read this after making my first post
Read this from ICO.
"Regulation 7 of PECR will require the ISP to get the consent of users to the use of their traffic data for any value added services. This strongly supports the view that Phorm products will have to operate on an opt in basis to use traffic data as part of the process of returning relevant targeted marketing to internet users."
Interesting to see the spin BT puts on it.
As for the defence line saying you are too thick. BT could have tried.
"We are conducting trials in targeted advertising. We will watch what you type and record it for future use. Everything you type will be saved and stored by third parties and BT will be making money from this, that won't be passed onto yourselves.
The technology will sit on your machine and you will notice a slight lag in web browsing while we take this information, this will be noticeable on older machines, or shared internet connections. It will be in effect regardless of the web site you go onto."
Explains it in a nutshell and gets to the point. Or am I missing something?
If BT and the IC can treat the law with such contempt I think we should be able to totally ignore the UK crime and punishment statutes and for BT's obviously "special" case reinstate Trial By Ordeal:
Emma Sanderson vs Red Hot Poker
Mine's the black cape & executioner's mask
Member of the European Commission
@ Alexander Hanff: Important!
"Could everyone please put pen to paper (not fingers to keyboard) and write Commissioner Vivian Reding..."
Absolutely correct. As a former bureaucrat, I am well aware that snail-mail letters provoke more response and carry more weight than emails. Someone can just press "delete" and plead "never saw it, must've been eaten by the network" but a paper document has to be logged in, date stamped, filed, and given a response.
Handwriting, if legible, is even better then machine printing.
Be sure to keep your letters very short and to the point. Ideally they should fit on one page of standard paper when printed out, with generous margins all round.
Historical note: The most shameful part of the UK Govt's failure to act on Phorm is that this is happening in the nation that established that even the monarch was not above the law. Shame! Shame! Shame! Shame on you, o worthless ICO! Shame on you, feckless Gordon Brown! Shame on you, clueless Jacqui Smith! And shame on the managers at BT!
ICO endorses data theft?
Funnily enough, Richard Thomas has been one of the more robust regulators in a country that is awash with NuLabour's supine placemen who are only too happy to implement the government's system of light-touch regulation. The true benefits of this kind of oversight are now apparent to anyone who cares to look around the shambles that this country has descended into. A license to print money for the few and rip-off-Britain for the rest of us.
So, is Thomas coming under pressure from HMG and its corporate buddies? Go figure!
It's my data, and if these sticky fingered bastards want it they are gonna have to buy it on a pay per packet basis. We're all entrepreneurs now in NuLab's Brave New World.
BT open letter - first draft
Dear valued customer,
We will shortly be commencing the third secret trial of a brand new snooping system that monitors your browsing habits so that we can make lots of extra cash selling that information to any disreputable con artist who wants to sell you crap that you don't want using adverts that count towards your capped downloads. Please note that this will not affect the bill we send you for the dismal service that you have received of late.
We will also shortly be appearing in the European courts because the British legal system is so corrupt that they let us get away with it and to date not even the data protection act has caused us even one sleepless night. The system, inextricably linked to a former spyware producer, will be run from our own servers so that you won't have to install anything on your computer and should you wish to opt out of the scheme you will need to repeat this exercise every time you empty your "temporary internet files" (we advise this is performed regularly due to the risk of virus infection).
We have absolutely no intention of apologising for this blatant abuse of our powerful position as a monopoly organisation because of the vast sums involved and the fact that one of our senior employees has already taken up a new post with the company that masterminded this private scheme.
There - wasn't so difficult was it?
There is too much advertising already.
BT is not providing users a service out of the goodness of their hearts. Those users are PAYING for that service.
There is therefore absolutely NO QUESTION of there being any justifiable NEED for the users to have to be subjected to YET MORE ADVERTISING.
That's right, no need for advertising -- targeted or otherwise -- and because there is no need for the advertising, there is no need for the targeting.
In the full text of the ICO response on the cable forum, they say "BT’s view is that as the 2007 trial was small scale and technical in nature and no adverts were served, it would have been difficult to frame any advice for customers about the operation of cookies, and obtain any relevant consents for the processing of traffic data"
In other words, "we don't have to tell customers that we're sharing every detail of their browsing habits with a third party because we're not using it to generate adverts".
That bit of BT sophistry should have been given a good mauling by the ICO, instead, the toothless tiger didn't even attempt a gummy suck.
Paris, on the grounds that she'd appreciate the last comment.
I want Phorm
To be sending my pr0n to the computer whilst my kids are online using it. Then I can sue the crap out of them all the while protecting the children!!
ha ha hahaha
The information comissioner
You may not be aware than in Siberia, there is a little girl called Svetlana. She has a baby rabbit. Sadly this baby rabbit is the runt of the litter, and may not live. It is weak, and only has one eye. It cannot even hop. It makes faint wheezing noises, and has diffuclty eating lettuce.
This rabbit is important because BT fears this nearly dead baby rabbit more than it does the information commissioner. There is no action no matter how appalling that any large outfit can do that will cause the ICO to act. Their sole objective is to collect fees to pay themselves. This will invoke prosecution, but I put more faith in Svetlana's rabbit than the ICO.
A thought from across the pond...
While I sympathize with those that want pubic floggings, I wonder how this would affect your nation's sovereignty. An outside organization going after your own (good, bad or other) regulators. Sounds like a slippery slope... Then again, we've got enough problems to worry about here in the US where we seem to whore ourselves out to the highest bidder and regulators are a dream...
Well done El Reg - pretty good coverage of this story! :)
Got to say that, to me at least, this Phorm trial stinks of unofficial wiretap - and therefore illegal. I'm pretty hacked off at my ISP (VM) at the moment, but I'll tell 'em now - if *they* introduce any variety of Phorm - or should that be "form of Phorm"? - then I'll be cancelling my contract with them very quickly indeed. And BT can whistle if they think they're getting the business instead!
I cannot see *any* benefit of Phorm to me - if I want adverts then I'm content to have them appear when I Google - and I strongly resent some "Big Brother" snooping on me when I'm just strolling in the information highway. Although maybe I'm at the level of one of those "stupid users" that BT feels they can't talk to? :P
Meanwhile, I've done what I can and signed the ePetition, and would encourage others to do similarly.
Parting shot - wonder if it's worth "dropping a dime" to Alan Duncan MP? As Tory spokesperson on "Business, Enterprise and Regulatory reform" doesn't this fit his remit - high time the goverment got asked some searching questions about this issue methinks.
So what's so hard...
...about this, "We're spying on your internet usage so we can pump your browser full of targeted adverts".
I suppose ignorance of the law isn't a defence, but not being able to explain yourself is.
It's the one with the barristers wig.
Who gets the fine money?
If the people who have had their privacy invaded get the cash, then bring in the EU.
But, if the EU gets the cash, and Mr Asterix and Obelix spend it on fine boar, and Belgium Beer, then we get hit twice.
BT will pass on the cost of the fine to the network, or in lay offs, and we will have traded some of our rights to the EU. That's the problem here.
Beware white knights on chargers, didn't someone else use that idea the last time Western Europe was united and one little country was holding out against occupation.
Who advised whom?
The way the latest ICO comments read to me is that the ICO has been talking to BT and Phorm since before the 2006 trials. If they used the same text that 121 used to encourage people to join their 'relevant ads and safer browsing', then it is no wonder that the ICO could not see what he was being shown any more than the many thousands of people who were duped into downloading the adware / spyware to their computers.
Considering that KE had to make an amendment to the published version of how everything works, I find myself wondering if he even knows how it works or just the salesman. When the person doing the selling gets the methodology wrong is it any wonder that those he is selling the system to are unable to understand the implications.
The defence statements coming from BT show a lack of understanding by the person who initially wrote the statement and comes across as a bunch of lies which is proved inaccurate by the next revelation.
The thing that astonishes me the most is the naivety of the people at ISPs who first spoke with 121 et al. The whole of the rest of the world was trying to clear the spyware from their computers while management were having tea and biscuits with one of the main distributors of the spyware.
BT support must have had tech calls helping people clean their computers without knowing that the man in the boardroom was the cause of their grief. Meanwhile, those in power had no more computer knowledge than the 'click everything' brigade - a quick call to support was always able to clear those nasty pop-ups so where was the problem? Maybe they themselves were also annoyed by the pop-ups and welcomed anything that promised to remove them forever.
I wish I was still a BT shareholder so that I could go into the AGM and ask the board to explain themselves: to reveal the background to the meetings and the decision to inflict the parasite on their customers and the web sites they visit.
ICO - where is the informed consent from the web sites? If you won't investigate, at least get that part into the equation. It is costing web sites a lot of time and effort to protect their copyright and commercial interests / customers privacy. Web sites are not published so that a parasite can use them for commercial profit without paying royalties or buying a commercial use licence.
This whole thing is quite scary..
I'm still shocked this once respected household service has started dealing with such notorious rogues like 121media. Even more shocked that their criminal activities are being permitted under UK laws.. Is this a break down of the UK legal system or what?
I forced BT to scrap my £300 penalty over this and have gone onto Zen broadband with a £7 a month saving and I'm really delighted with their service, absolutely wonderful people. Believe me it's so easy and you do not need BT or their hackers..