Phorm: How it went down
For a company without customers, users or revenues it's pretty extraordinary that Phorm achieved the dubious distinction of being the biggest UK technology story of the past 18 months. It couldn't have done it on its own, of course. As it slinks away from the UK market this week, investors can thank BT executives, alongside the …
I believe that when a person thinks, acts and schemes with a trojan like mindset, he will be eventually identified for the person he really is and will reap the due rewards.
That the general public, mostly from the highly respected El Reg readership, mounted a fantastic offensive against this offensive product.
Congratulations to everyone who wrote to their MPs, MEPs, to the police, commented on blogs and generally spoke out against it.
and to Kent, good game sir, good game ;)
they could repackage their product as an application for users to install on their own computer, and which makes recommendations to that user. If it was useful, it might sell.
Do I need a semi-intelligent recommendation agent? Sort of a web version of http://www.remem.org/ ? Hmm...
Well done Chris, that's a useful summary of the whole thing for anyone who might not have heard about it and might be saying "So what?".
I'm ever so pleased that the whole thing has collapsed in on itself. It's a testament to the distributed regulatory power of Internet+Public and really does ensure that any organisations considering pulling a similar stunt in the future will hopefully think long and hard before doing anything.
Well done to everyone who took part. I like to think my two emails, one to my MP and one to the EU Commission, played their part in contributing to the gratifying result. Let's not forget to keep the collective eye on the ball - still plenty to be done.
Surely if Phorm create an "offline copy" (or mirror, call it what you want) it really blows a hole in their RIPA compliance argument? If processing is not done in real time then the offline copy surely has to include all content, doesn't it?
Blimey Charlie how has no-one ended up in court over this? Having said that just look what happened with the News of The World scandal - next to NOTHING.
At least the EU is on the case. Hopefully mere citizens may end up with some effective laws to protect our internet and our phones.
If only such an analysis could have been taken seriously earlier by those within whose power was the ability to shape the actions of the last 18 months then the many businesses involved could have been spending their energies on riding out the recession.
With neither BT nor VM severing the knot that holds them to Phorm it does raise serious questions about the relationship between ISPs and their customers. It will take me a long time before I trust either company with any of my business.
I have learned a lot about privacy policies and the DPA. I now recognise that there are many businesses that have similar policies to those of the ISPs that wanted to invite DPI for data harvesting into their networks, and I will also be refraining from doing business with them. My personal privacy is worth more to me than saving a few pence when choosing a supplier of goods or services.
Opt in has become the new opt out. Businesses that ignore the need for opt in will be left behind.
Phorm is only one of the DPI vendors. Not one has provision for opt in by both users and the other party to the communication.
Phorm has never become an ad network, despite its claims on the OIX site yet it has produced a public awareness of the workings of all the rest of the ad networks which is causing their business practices to be looked at anew.
Will the next chapter be about ad networks or will DPI threats to privacy continue to be the main theme?
We need everyone involved to be prosecuted under EU law. That means not only the board members of Phorm, and those board members of BT (that is, the ones not already counted by benefit of now working for Phorm), but also the senior civil servants in the ICO, and the relevant figures in the Home Office who lent it that tacit approval, and who failed to regulate.
Flames, because that is no more than they deserve.
As the article suggests, this isn't entirely over. Kurt and his cronies may resurface like perpetual Dr Who villains and those who care about online privacy will have to be vigilant.
It would be nice to get this sorted out in the law though, so that any similar technologies are explicitly banned. We may not be able to rely on poor technical implementation and inept marketing to scupper the next attempt at DPI advertising.
BTW - Is that his real name and is he related to Gag Halfrunt? A present for him anyway...
Presumably we can look forward to Phorm re-emerging as an ISP in the future so it's then their own customers that are getting shafted?
I'm surprised that no parallels are being drawn between the BT/Phorm trials phiasco and the News of the World phone hacking.
I'n both cases communications were intercepted under legally dubious circumstances, and in both cases the Police / Home office /ICO have done sod all about it.
Only difference is that John Prescott hasn't been on the news enraged over Phorm. Presumably the BT / Phorm trials didn't include any politicians or celebs.
Pint icon cause our government couldn't run a pissup in a brewery.
sorry guys ... the promise that Phorm held - intimate access to individial surfing habits - is too much of a Holy Grail to think big business will let it go. I will guarantee that somewhere out there is a consortium who has watched and learned and is quietly planning the next move.
The whole sorry story has only served to show how ignorant 99% of people are with regard to the web. As long as they know what happened in big brother last night, they will let ANYONE have their personal details.
...for any number of reasons. But mostly because the people they were marketing it to --- industry insiders --- weren't the people whose consent they needed --- punters.
The reference to Google in the article highlights this: the people KE needed to convince were punters, but the only people who care about Google's dominance of the advertising market are industry insiders. I crossed swords with Peter Bazalgatte on the same topic at the Convention on Modern Liberty thing (he is, it has to be said, a really nice guy) and his main concern was about the paucity of money for content creation: again, that sells Phorm to media companies, not end users.
At no point did KE come up with a direct benefit for punters. Oh sure, there were some incredibly vague indirect ones --- this will make money for ISPs who will cut your bills, or this will make money for content providers who will make good programmes. But ISPs are hardly sympathetic poster-children, and content is not in short supply.
Speaking personally, if an ISP wants to make more money, it should charge me more and I'll see if I want to pay, and if content providers want to sell me premium content for more money, they should ask for my money. The idea that I will give my attention and, by implication, my money (advertising only makes money if the viewers buy the products) in preference to just paying my money is silly.
Still, it got me to leave BT as a customer after having been customer #2 in my exchange one of the architects of the Project Ascot trials of ADSL in Ealing in 1996, so they can't say that Phorm didn't have an impact.
Wasn't that product you mentioned called PeopleOnPage? I think Phorm may have wrote that nasty spyware when they were called 121Media
Might I suggest Phorm goes Stealthy Black and Underground. There it can do exactly as it pleases and can even deny it is doing anything. To paraphrase a well enough known political/anti-political statement .... "It hasn't gone away, you know."
Finding out what Joe Soap and Jane Doe want, and offering it to them for free at a price they can afford, is good for business and if truth be told, exactly what Governments should do .... but don't. I wonder what they do instead and who they are working for?
Quote: ... the promise that Phorm held - intimate access to individial surfing habits - is too much of a Holy Grail to think big business will let it go. I will guarantee that somewhere out there is a consortium who has watched and learned and is quietly planning the next move.
You may indeed be right, Mr. AC1411, but backing away from this mess and taking a broad view, one has to ask "why on earth would any sensible person want to sniff my web surfing habits?"
Targeted advertising is a red herring from start to finish. Thanks to the Adblock plug-in for Firefox I don't even see most ads, and before I reached the beulah land of ad-free browsing, I can only recall a single ad ever inspiring me to investigate further.
Businesses thinking about targeted advertising would make better use of their money reviewing usability websites (www.useit.com/alertbox/ and www.webpagesthatsuck.com/ for example) and get rid of the stupidties on their websites that discourage visitors from becoming customers.
The whole Phorm affair sounds to me like a bunch of shady, ethically challenged marketers (aka professional liars) exercising their talents at lying on their own behalf, spouting nonsense about some marketing voodoo that every sane person knows WILL NOT WORK. (One has a brief spasm of schadenfreude because the people they conned are also marketers.)
The only people who would benefit from Phorm-tech would be the police state enthusiasts in government, but even they are so far off the track as to be risible. Dear snoopy plods and Home Office consultants: you don't want to examine every online communication. You will drown in an ocean of irrelevant material. What you want is targeted snooping; the only communications you will benefit from snooping on are those you already associate with criminal types. Snoop on everything, and you are looking for a needle in a haystack.
Conclusion: the whole marketing "profession" should go to the wall and be liquidated.
Yes, this comment has ended as a rant. Sorry, folks.
Great stuff, El Reg.
Now can you get to work on destroying the US Patent Office please.
kthxbai.
Great News! Fantastic.
Just a shame. Virgin Media had loads of PR crap on their site claiming that Phorm was going to help customers by keeping them safe through filtering. I wonder what spin they'll put on it now. "Oh, we don't need that Phorm thing anymore, we're already the safest ISP in the universe!" Nudge Nudge..
For having the courage to report this story without fear or favour.
Last year I nominated you for the Orwell Prize for Journalism, and I firmly believe you deserved to win.
This story isn't yet finished; BT Directors must now be prosecuted and jailed and the board of BT must be purged.
The Police need to reinstate hi tech crime fighting, the ICO must be dissolved and replaced by people who understand IT, and Ofcom must be split into a telecommunication and media regulator.
And then, we need to strengthen our communication privacy laws because this scandal must never be repeated.
Quote= RW: " ... the promise that Phorm held - intimate access to individial surfing habits - is too much of a Holy Grail to think big business will let it go."
...Or law enforcement. Don't forget they have a very big, publicly-stated interest in DPI technologies. Could something like Phorm could be 'reimagined' to suit the needs of the Overwatch? Nothing like a few fat government contracts to save an ailing softco.
Great article, btw.
Much as I hate Phorm they don't seem to be going away. Share prices have remained pretty stable since they took a two dives on the news of BT and then TalkTalk pulling out of trials. And they remain well above last year's low. While high volumes of shares are being traded it doesn't seem to be having any more impact on prices. So while there are people who want to sell all their shares there are as many people willing to buy them. So they're not going anywhere anytime soon.
This is deeply worrying. If a big kicking like this doesn't take them down then what will it take to kill them?
If they end up trialling their software with smaller more obscure ISPs overseas (yes I know the Korean operation is not small) then they could get a revenue stream that will sustain them. Once they have that sustenance it may only be a matter of time before they are back in our market.
Here's a question to consider: If an ISP routes all your traffic via a router outside the EU and profiles is there is there a damn thing the EU can do about it?
...smelled like victory.
For now, anyway.
We still have this on-line culture where it is assumed that moving or hosting data gives the mover or hoster of that data some kind of God-given right to treat it like their own personal property.
Beating Phorm is the first battle in a larger, wider reaching war. Imagine the Post Office having the right to read your mail so that it can make more money from junk mailers, or imagine your local community hall claiming it has copyright on a play you wrote and performed there. How would you feel if your house movers were required by the government to look through your CD collection in the search of copied albums?
That's the type of thinking we're fighting here. Maintaining privacy and holding copyright on your own creative output are two basic human rights - and no megacorp or government should be allowed take that away, no matter how much money they think they'll make, or how many crimes they think will be stopped.
"his agreement to conduct trials in secret with BT. "
We know who was in the picture at Phorm.
Do we know who was in the picture at BT Retail?
Was it the already-mentioned fall girl Emma Watson in BT Retail's "value added services"? Or was it someone else, perhaps someone who set the deal up but who wasn't actually still around to carry the can when the sh*t started flying?
By the way, has anybody noticed that the Chief Technology Officer at BT Retail at the time of the denied trials, Stratis Scleparis, was last seen being employed as CTO at Phorm?
http://www.phorm.com/about/exec_scleparis.php
of people who say good riddance, congratulations to the Reg, journalists and readership.
And also that this ain't over - the regulators who acquiesced with the phorm project must be held to account. The politicians who went along with phorm must be made to understand that the tech inductry understands these issues. In the end it wasn't arguments about the ethics of the technology that influenced the UK decision-makers.
If performance really was the issue, surely all they need is a decent technical architect. This looks like something that ought to be reasonably easy to parallelise given a suitable parallel architecture. How much more complicated than wireshark (times 512, with custom dissectors for every protocol under the Sun) can it be, after all?
What kind of architect designed the system in a way that it dectectably slowed down user traffic anyway, rather than just discarding stuff when it couldn't keep up. Every mass market ISP knows you have to discard stuff at peak times, that basing capacity calculations on peak traffic is just financial suicide.
That Scleparis chap sounds like a nice honest boss to work for too, as well as Kent.
Where do I apply?
Obviously there'd be no risk of me putting any logic bombs in any code I left behind.
Oh no.
None at all.
Same as there would be no risk of them abusing any data they gathered for purposes other than it was originally gathered.
Right? It's in the contract, right?
But as a few comments above suggest, it'll probably resurface under the Tories or some such with a new disguise and a fresh approach to its marketing bullshit.
I do hope not though.
The outcome isn't quite satisfactory, yet. To prevent a repeat of Phorm and to save numerous people a huge amount of time and effort in fighting such, we need to ensure that DPI is illegal under all circumstances (except perhaps with the expression permission of a court order).
Phone tapping isn't allowed, mail interception isn't allowed, DPI shouldn't be allowed. I wish simpleton politicians could see that they're all the same thing, it seems just because it's teh new fangled tinternet that existing rules and principles can be just thrown out of the window!
Goodbye, and thanks for all the phish.
(Sorry, OK, coat please)
Desani. Anyone remember that saga? And that was years ago and even the mighty Coca-Cola company haven't dared to bring it back to Blighty
As they are still breathing.
I think watching the VC's who bank rolled this buch might be an idea. They seem fairly ethically challenged (IE by having any) matched by a fat wad of cash and suscepibility to marketing BS.
They'll get in trouble again. I would not like to funding them.
My huge stock of coats, with "Phuck off Phorm" tastefully picked out on the back in Rhinestones, are now worth nothing. Nothing I tell you, I'm broke !! :-)
Nice story Chris, you've covered this well from the off. Thanks should definitely go to Alexander Hanff, who really was the architect of their, apparent, demise.
Sadly they are probably not dead, as there are too bloody many parasites in this world: PR, HR, Compliance & all the other assorted tossers, to whom making a living - off the sweat of another's brow, is their way of life. :-(
No icon, I've just burnt all my stock...
Massive thanks to Chris for breaking this story and then keeping it in the spotlight. Had you not given this story exposure then Phorm could now be snooping on us all and we would be none the wiser. If we ever cross paths then I'm buying you a drink.
There is still more work to do for us all but now we have the EU acting to ensure the law is properly enforced - UK.gov & ICO hang your heads in shame - spinshyster snoopers like Phorm will find they can't sneak in through the back door.
It matters not what Kent tries his hand at now; he is irreversibly associated with everything Phorm did that was wrong.
Thumbs up because Chris deserves a bloody great thumbs up. I salute you, sir.
I wonder how much money BT sunk into this mess?
I also wonder how many employees they have had to “let go” because of it.
I’ll bet the BT execs that brought into this rubbish were not among those who lost their jobs.
It was in B/W, but the theme was "Smart people smoke Kent"
Yep.
... and missed recent news on El Reg.
Am I to take it that K*nt Ertugral is phucked?
While it's nice to see such an agressive arsehole with such a nasty idea get dumped but let's not forget BT's shameful role in this sorry tale.
Yay for El Rogister - defender of the common Internub user, purveyor of dubious knob jokes, and tireless seeker of the angle that is IT.
Going into partnership with people who made their money infecting computers could only lead wholesale customer rebellion. Those who failed to see it coming should be fired. Supplying customer information to these people was repugnant to say the least. Illegal trials. Illegal government participation, and the illegal and very public derailing of a regulators ruling and a police enquiry was never going to win the hearts and souls of any idiots customer base. I hope the European Commissioner's enquiry into the criminals involved is both far reaching and very, very robust.
..and let's not forget that Vermin Media are still to dump Phorm.
A lot of suspicious schemes to intrude on our privacy seem to depend on the assumption of affordable DPI.
If BT have found that it costs more than they expected, and it's not just a rumour, and decision makers believe BT, this could put the kibosh on quite a few schemes.
But wait a few years, and see what sort of processing power you can throw at the problem.
Of course, Phorm's object all sublime, to make the adverts fit the... Well, anyone who notices the adverts served up through Google and Yahoo will know how well page-content and advertising can be matched. If Phorm had a solution to that problem, they didn't need to sell DPI. Instead, they were playing with a twisted cue on a cloth untrue.
Maybe I've read too many Cold-War spy thrillers, but who really was in charge? It's almost two easy to imagine an American company, testing legally dodgy intercept systems in a foreign country, being owned by some three-letter-acronym or another. No, how would they keep the secret?
"Ah so. We read something of interest in El Reg. It says you might have a problem with delivery. We understand - that is your business. We have contracted for delivery, and expect it to be performed. But it also says you did trials with BT. Mista Kent, we have not only yin and yang here, but laws against fraudulent misrepresentation also. You must understand - we like capitalism, but we do not like operations which are merely personal get-rich-schemes for shysters. So. May we see the results of those BT trials Mista Kent?"
I'm sure there are hundreds or start-up companies with some really good (non-intrusive) ideas who would love to have even a small slice of the cash which Phorm has had thrown at it.
Then again, given recent events it's obvious that the last people who know what to do with cash are the banks!
This is just the first step. Another one will likely "pop-up" and we will need to be ever vigilant with the big mallet.
Keep up the good work!
How can a model which emphasises not storing data exist in an offline analysis mode (copy of customer data due to on the fly analysis speed issues)?
If the data could not be analysed quickly enough, how could the web page (already loaded) have the advert injected and the data discarded as claimed?
Mike Jarvis's comment "[Our decision has] nothing to do with cost or privacy" has raised hackles and will ensure that BT will remain under the closest scrutiny.
When questioned about its authenticity Ian Livingston's remark quoted on
https://nodpi.org/forum/index.php/topic,141.msg20217/topicseen.html#msg20217:
" I do not believe he was misquoted. The privacy protection we have put in place with Webwise are set out on http://www2.bt.com/static/i/btretail/webwise/your-privacy.html " is utterly fatuous. Those pages fail to stand up to advertising and ICO standards of fully informing customers.
Sign up, sign up for The Register's weekly mobile & wireless newsletter - click here
