Fifteen American netizens have sued behavioral ad targeter NebuAd and several of its data pimping ISP partners, alleging wiretapping, packet forgery, and browser hijacking. Filed Monday in a California federal court, the class action accuses NebuAd and its partners of violating the US Electronic Communications Privacy Act, the …
Title No 23532
Come on British lawyers. Is there not one among you who wouldn't love to take on BT in the high courts? If the government refuse to help, and the police, and the regulatory bodies are prepared to look the other way, we have to hope and pray that the courts are above backhanders and the promises of cushy jobs for looking the other way.
If BT roll this thing out, and it's a success, all the ISPs will have it within three to five years. Quite apart from all the free money it generates, I suspect the government will lean on all of them to implement it, quietly and without fuss.
Your data - ISP - Phorm - Government database - internet.
The Lords<?> stopped the 42 day bill, they've stopped some other anti terror legislation going thru, but with this being a 'public service' run by corporations rather than law, they will be powerless to stop this.
It's time for democracy to become a public tool as it's supposed to be, where the powers that be listen to the concerns of its people - and whilst we're at it, can we curtail the obscene profits of the energy companies.
this is where "how much can you put into the license agreement" argument come into play. If the ISP change the license agreement to include data pimping, what can the user do about it?
also if *all* ISPs start adding a bit into the license agreement to cover current or future data pimping, the user will either have to accept and live with data pimping or the user can go offline.
no really, how much *can* they put into the license agreement before the license agreement can be considered illegal?
NuLab take notice
Since they love all things merkin, we can only hope they take some notice of the (hopefully) favourable result.
Having directly asked the City of London Police to explain their reasoning for not proceeding with the Phorm investigation (any guesses what the answer was?) the short-term answer would seem to be Judicial Review... but who's going to start that ball rolling?
In the longer term, The Lords - at least the Law Lords - could eventually definitively decide that the intercepts were illegal... but a case (private prosecution? - which the DPP unfortunately has to approve before it's allowed to proceed, IIRC) would first have to be brought by someone, and then probably appealed, appealed, appealed all the way to the top...
I'd be prepared to take part in this
If Phorm ever rolled out to my ISP.
I'm starting a Law degree in September, and would be EAGER to get my teeth into something like this, even just in part.
@Ash - Law Project
You could do worse than consider the following questions... <g>
The COLP chose not to "investigate" further... within the terms of the FOI is the information on that they did do "exempt"? (Clearly exempt, arguably exempt, arguably not exempt, not exempt?).
Is accepting "legal advice" that something is/probably is/might be legal before doing that something an adequate defence in law; how does it speak to "criminal intent"; or should it only be introduced in mitigation?
Has the COLP failed in its public duty? Misdirected itself? What grounds are there for Judicial Review?
What are the ramifications of the principle of "implied consent" called upon by the COLP? (and/or the Information Commissioner)
Would changes to ISP conditions to permit the "pimp my browsing experience and rummage through my drawers while you're at it" provisions be amenable to striking out?
What is an Anton-Pillar order (do they still exist?) and how would you use it in this instance?
NebuAd vs. NSA
Even if NebuAd's & other companies' efforts to track US citizens' online habits fail due to lawsuits it overlooks an equally insidious but far more difficult opponent- the National Security Agency. According to James Bamford's "The Shadow Factory" the NSA are busy constructing a massive 'data warehouse' that will be capable, in his words of "holding all the information in the world"! Their supercomputers already outstrip anything else in the world, but a new one is on the horizon that will put even them in the shade. It will data-mine just about every piece of communications traffic that they can get their hands on. Apparently the NSA only have the power to eavesdrop on calls & e-mails that originate abroad, so Americans calling other Americans shouldn't worry about surveillance. But everything else that leaves an electronic trace is fair game; so that's- all your internet searches, bank transactions, online purchases, etc.
I presume there's no restrictions on whatever data the NSA can access from abroad. Once the British government's surveillance network is up & running I strongly suspect GCHQ will be more than willing to pass on all our internet traffic to the US. If the EU agree to share the data of people flying into the US you could have your online behaviour scrutinise to see if you are a 'threat'. I don't know how much (if anything) Obama will do to rein this in.
Every single day, to the general ignorance of the media & public, whether it's done in the name of national security, fighting crime and copyright infringement, technological progress or benefiting consumers, our privacy is being undermined in leaps & bounds. Every time it happens in makes us more accepting of it & easier for those in power to impose it. Even as we lose our privacy, those who are in positions of power & influence are steadily increasing theirs, becoming less publicly accountable, e.g. the Max Moseley case & the proposed censorship of newspapers on the grounds of national security. I thought it quite ironic that Sarah Palin refused to divulge who she voted for saying it was “private” at the same time the average American is under more scrutiny from a Republican administration than at any other time in their history. We are rapidly approaching a situation where we will be judged electronically for our everyday actions & the authorities will know everything about us at the touch of a button.
One futurologist has recently warned that the ‘Stepford Society’ we are creating will lead to serious civil unrest in the future. The seeds are already being sown. In the UK speed cameras are burned on a regular basis (£93,000 worth in Cambridgeshire last year alone) & last year a school caretaker sent letter bombs to protest at the taking of his father’s DNA. There will be other effects. Maybe most people will fall into the ‘nothing to hide’ brigade. However, considering the way ordinary people have been spied on by local councils & prosecuted for doing the wrong thing with their rubbish, I think lots of us will be seriously inconvenienced. And that’s by those who are accountable to the public. Organisations like the NSA & GCHQ are shrouded in secrecy & there will be little or no recourse against them for mistakes (which statistics reveal there are hundreds of a year in bugging requests), if we ever find out about it (which we won’t). What we should be worried about most is what sort of profiles are built of us from our online behaviours. The mere fact people suspected they were potentially being watched online, despite being in the privacy of their homes, will have a big chilling effect on the internet. On the plus side it probably would deter criminals. However, considering MI5’s track record of keeping tabs on politicial opponents, it would be no surprise if people visiting certain websites or leaving critical comments on blogs would come under the spotlight. If keywords are tracked some people will avoid typing or saying certain phrases. Certain books wouldn’t be bought just in case. Mobiles phones will be switched off or dumped to avoid our locations being pinpointed.
If this is the sort of society we want to leave in we should just carry on with our lives & ignore these issues. If we don’t then we have to fight. We have to fight by signing petitions, by protesting in the streets, by writing letters to the government & MPs, or voting out those responsible. You can be part of the public consultation of the Communications Data Bill before it comes to Parliament. You can sign a petition on the Downing Street website. You can install programmes on your computer that mask your IP address (e.g. Tor) or confuse those building profiles (TrackMeNot & SquigglesR add-ons through Mozilla Firefox). You could try to avoid leaving records of your purchases by paying only in cash or not having a loyalty card. Ultimately you could disconnect your internet connection & phone. Whether these could be much defence against the security services’ sophistication I don’t know, but it’s worth a try. Otherwise we’ll all be living in 1984, not 2008.
Funnily enough I'm quite happy about NSA/UK-equivalent (hush, hush, whisper it not) intercepts... UK gov policy on using intercept evidence in trials has been a very definite "No", for which one might hypothesise numerous explanations, among which might be
a) Then you would know that we know how to know what you know - which we don't want you to know, or
b) Part of the famous "special relationship" is just how well the listeners get on... if the NSA were to be snooping on UK comms on behalf of... someone else... I would expect that mere fact to be at least Top Secret.
Consequently, any personal peccadilloes that do not involve bio-weapons, highly enriched transuranic elements, or the making or breaking of highly energetic chemical bonds, or nasties in general, whilst possibly entertaining (though not recently) are likely to remain as hush-hush as the capability. I don't care where the Orange Cabinets full of tricky chips are... just keep them hidden.
The correct balance is, I think: Privacy - officially absolute. Security Services - unofficially carte blanche... but a minimum of 5 years in choke for anyone who abuses the data... and his/her immediate boss, and so on till we reach at least director level somewhere (which means if I send a highly encrypted, Tor-routed email to an arab friend and find the plaintext in the papers we don't have to worry about which minion done it... just point in the general direction of any building with a hole in it)
It's Mr, Mrs or Ms average civil servant/industry worker, greed and laziness I don't trust... Mr Smith and Mr Brown are paranoid enough for me.
I'm Not Against Data Retention
I'm not. I think it's perfectly right that communications data is retained for a specified period for law enforcement purposes. What I get nervous about is that rather than the telecomms companies being responsible for storage, with that oh so inconvenient legal process of applying for a warrant to get access, the UK & US governments will be routing all the data into their own centralised databases. At least in this country we're getting public consultation & a vote in Parliament. In the US it just happened. I suspect we only know a little because someone told James Bamford off the record. It's what happens to this data once in the hands of the security services. I suspect normal legal niceties regarding privacy don't apply. The NSA will be looking for suspicious patterns to determine who is a potential terrorist. Since a few thousand personnel can't review every profile, it is largely automated using 'artificial intelligence'. The question is what are they looking for. Even though it is claimed that GCHQ will not look at the content of communications, deep packet inspection will allow them to do that with little difficulty. The security services in this country don't have an unblemished record either. I envision trouble along the lines of the no-fly lists in the US, where people for no known reason to them, are repeatedly stopped by the police & searched, due to some online faux pas online. It would also compromise things like journalistic sources (if all mobile phones are registered), business confidentiality (supposedly Echelon was used for industrial espionage), copyright enforcement, etc. Plus the huge expense: £12 billion (which I feel will grow exponentially as more & more devices become internet enabled). The amount of information collected maybe counter-productive. Weren't the security forces watching the July 7th & Omagh bombers, yet due to lack of resources or whatever, failed to follow up?