FIPR: ICO gives BT 'green light for law breaking' with Phorm

Jobs for the boys

The ICO won't upset the apple cart. They have long been proven to be useless at their job and why should they start the development of a spinal cord on something as wide ranging and far reaching as this. It makes sense to bury your head and pretend it was someone else. Despite the remit of the company [Phorm] saying they are going to use financial information (from their data protection listing) and depiste the fact the ICO is the data police.

They won't risk annoying the govt, the home secretary (And we know she is useless) backed it so why shouldn't the ICO.

I am not surprised.

Can we have another government please... This ones broke, corrupt and defunct.

DPA is about more than storing personal data

The DPA also refers to processing personal data, not just storing it. In order to strip it out of their input stream, Phorm must process it even if they throw it away. Anyone using the DPA daily care to point out where my logic is wrong?

Privacy for all

Note that it's now emerged that any website operator can read the Phorm user ID cookie if he wishes.

So Phorm have inadvertentely/deliberately/incompetently (* delete as appropriate) introduced a global method of uniquely identifying evey user out there. It's like embedding your MAC address in every request...

Way to go, guys - nice to know that your technology is all about "enhancing privacy".

ICO=

Internet

Confuses

Overlord!

When will these phuckwits get the message.

Good;

"Surfer" - Internet

Bad;

"Surfer" - Phorm - Internet

Simple.

Phuck me!!

I'm getting my MAC code from BT today.

I wonder how many other customers BT are losing due to Phorm?

RIPA?

So what do we need to put on all our websites to make it clear to Phorm that we don't want them using OUR material to make money for them which is what it boils down to in the end.

I've seen "RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION" But is that enough.

Or do we all need to email Phorm and their scummy ISP associates with a formal notice informing them that they have NO rights to scrape websites that we run - and then list the websites that we own?

Failing that I'll just have to sign my own SSL cert and move all my sites to HTTPS!

I am Elvis Presley

""[Phorm] assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users. Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users.""

Hmm - if I tell the ICO that I'm actually Elvis Presley re-incarnated I'd hope they'd not just take my word for it.

The ICO should not just take Phorm's "assurance" that it doesn't do things. I'm sure the average psychopath assures people that they're perfectly safe.. just because they say something doesn't mean it actually is true.

Its the one with all the Rhinestones

Re: DDOS

A DDOS attack on webwise would not have any effect. The webwise site the ISP 307s to is sitting in the little black box within the ISP so is protected from high traffic volumes.

If they had not put webwise into the ISP, 10 million UK customers and a few more 10s of millions from around the world all being 307ed to the real webwise DNS would have been more effective than any DDOS attack at collapsing the system.

Big Telco in activity profile thieft?

I've been thinking about this:

My web browsing, is user generated content, thus it is a product created directly by my activity.

Think of it in the sense of "usage as a business" I'm using the model of a telemarketing company:

A telemarketing company buy their Telephone/Internet Service from Big Telco,

the telemarketing company then build up Profile Data ('target market information' as a result of Telephone/Internet Service activity.

The Big Telco then purchase the Profile Data produced by the telemarketing company. DATA COSTS MONEY. (any marketing company will tell you that)

Big Telco then use the Profile Data in whatever marketing application they have planned as they have bought typically LIMITED USAGE RIGHTS to that data

Big Telco would be unable to carry out their marketing application without buying the data as they wouldn't have the Profile Data.

Now my clickstream belongs to me, its my activity, it is certainly not the automatic property of Big Telco, what the Webwise/Phorm device proposes is the ILLEGAL DATA HARVESTING of my Click Stream thus robbing me of the ability to use or sell that Profile Data else where.

This is a DATA RIGHTS STING, Big Telco appear to be trying to get the jump on the population, to take ownership of a product of peoples activity, infringing on peoples human rights to privacy at the same time.

This is disgusting, this needs to be stopped.

Can this be brought to the European Commission?

it is astonishing, I read the ICO whitewash and couldn't believe what I was reading, what on earth is the Home Office doing green lighting illegal activity?!?

anybody know if this can get stamped on by the EU?

This makes me feel SICK.

DO. NOT. WANT.

Phuming Mad

So, I'm crazy enough to opt in to have my browsing habitually monitored for the benefit of advertising companies...

My wife pays the bill to BT. Is she opted in as well? And my son? Both use my computer.

It would be *THEIR* personal information that would be intercepted/processed, not just mine, and how the phuck would Phorm know the difference?

I still don't get it

Call me dense, but I still just don't get the fundamental business model here.

Marketers (whom are uber-data miners by nature these days) will accept from Phorm, that the advertisements are in fact reaching the targeted audience without proof ? Highly unlikely.

If I were paying for targeted ad placements (which I did in a former life), I would demand some proof that the ads could be linked to my actual sales. No ability to prove, no sale.

I'm not giving you (Phorm) good money to do something I could do myself (i.e. advertise my product on specific websites dedicated to the same genre) unless you (Phorm) can prove to me that my customer base increased as a result ... ergo, unless you can match your advertisement base to my customer base in a statistically sound manner, it's just a lot of "wouldn't it be great if" and "theoretical BS".

In order to actually prove some marketable results, they must, by definition be able to track individuals. This is, afterall, going beyond the basics of demographics.

I, as a business consumer, would require verifiable proof, which, by Phorm's explainations, can't possibly exist. I just don't understand how a thinking advertiser would opt in on this in the first place.

If I were in the business of managing your money, you'd expect for me to tell you and illustrate how much money I made for you ... and be able to separate out my actions from yours so that you could compare and contrast the two.

If I were in the business of selling you advertising space, you'd expect for me to illustrate, compare and contrast how that space I sold you resulted in an increase in sales/profits.

In neither case would you be content with "Well, your sales went up because of a reason we can't prove." Or worse, your sales went down for a reason we can't prove.

How the heck are they supposed to tweek these things (this is, in fact what I do for a living) if there's no front-end database of whom saw what ad, clicked on it ... whom saw what ad, clicked on it and made a purchase ?

According to Phorm, there is no way of being able to track and/or report on their success/failure (if you believe their press releases anyway). This business model just doesn't make sense.

Sorry this was so long. I'm just very confused at the seemingly self-voiding of their business proposition. Something just doesn't add up.

I guarantee you ... if this thing goes full-tilt, there will be a ruckas in the coming months about how they did, in fact, store and utilize the particular details of customers ... no responsible data mining could occur without it. Their advertising customers are going to demand proof and Phorm's gonna have to give it ... ergo, they'll have to have the data to back up their claims.

This just doesn't add up. "You want me to buy a service from you based upon your unverifiable word that it works ?" Hey, I've got a bridge in Brooklyn up for sale. Interested ?

Paris because I must be equally as confused.

orwellian dystopia?

sounds like the old "one law for the people, another for corporate raiders"

or

some doubleplus ungood double speak.

all data sharing/harvesting/rention done by individuals (pirates) is bad,

all data sharing/harvesting/rention done by corporates (paragons) is good economics and maintiaining the countries techonological edge.,

....Four legs good, two legs bad, unless....

"Comrades!" he cried. "You do not imagine, I hope, that we pigs are doing this in a spirit of selfishness and privilege? Many of us actually dislike milk and apples. Milk and apples (this has been proved by Science, comrades) contain substances absolutely necessary to the well-being of a pig. We pigs are brainworkers. The whole management and organization of this farm depend on us. Day and night we are watching over your welfare. It is for your sake that we drink that milk and eat those apples."

"Animal Farm" the Orwell version, not the "other" version ;oP

ICO statement

Apart from the fact that it isn't the *technology* that's the problem (so all statements from Phorm are irrelevant) it's how it's implemented, a point that the ICO seemed to have managed to avoid addressing.

Unless the system is *opt-in* (for all parties of the tcp connection) and when someone is 'opted-out' then their traffic bypasses the profilers then this is an unacceptable situation. I'm a network designer for a living (most recently for BT *hint*) and I fail to see a legal way of doing this.

"We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts."

Bullshit. They [ICO] have only addressed the proposed trial which BT have clearly stated will intercept *all* traffic even if you opt-out (discarding info is irrelevant to RIPA).

BT have said that they are 'designing' the system to avoid this interception if you are opted-out for the *live* platform. The reason they have yet to give out any networking details around the proposed *live* platform (as they claimed they would do on the BT forums) is probably down to the fact that it can't be done without hitting the same issues they currently have. I know, I design networks for a living remember.

I also know that the BT Retail designers are not part of the general BT design team (which is why this platform probably came as a shock to a lot of internal BT people) and which is probably why it's so half-assed and unworkable. If BT Retail had followed the normal BT internal design procedures then this would have reached the e2e design team and all the things that have been said about this platform would have come to light a long time ago (btw this would have constituted the 'due diligence' which they [BT Retail] have obviously failed to perform).

"BT has also stated that the system does *not store* personally identifiable information, URLs, IP addresses or retain browsing histories and that search information is deleted almost immediately, and is not retrievable."

My emphasis. So it still intercepts it then? Yes? Probably Illegal? Yes.

“We will continue to maintain close contact with Phorm and BT throughout the trial. Clearly the trial should reveal whether this is a service that web users want, whether it is privacy friendly and that users are comfortable with the privacy safeguards put in place by Phorm.”

I'm less concerned about the privacy aspect (which even technical experts will agree they [Phorm] have actually addressed with a lot of diligence) than the *fact* that my data is intercepted and then *something* happens to it.

I don't want my data intercepted at all, not even so it can be discarded, because I believe that would be illegal without a warrant.

Having said all this, I don't think the ICO statement contains any concrete approval or disapproval at this point, although the tone does seem uncomfortably supporting.

If they [ICO] don't stop this then I will change ISP to one who does not allow it. If it should ever become law that all ISP's must run some sort of *filter* - after all pandora's box cannot be closed - then I will simply stop using the internet at any personal identifiable level.

Once they prove they can DPI all our traffic, the ISP's will cease to have any argument against the imposition of filters based on *filesharing/child-porn/<insert bad thing of the day here>*

Oh last thing, the ICO statement mentions 'web browsing' as if that's all the system does. Ho ho ho. I think the FIPR should be given the fangs and the ICO should be put out to pasture.

</rant - phew>

Phorm & BT just dont get it

I dont want my browsing intercepted, not because I'm a terrorist or a kiddie fiddler I just dont want anyone sitting on my shoulder as I surf. The whole idea behind the system is wrong, if you want to introduce WebWise, great, if it is so compelling then people will opt in to it but dont Assume that no one will be bothered by you intercepting all their data!

@ Peter

"This means that the ICO is correct (their domain is DPA), but Home Office should intervene as (AFAIK) RIPA is their animal. And it's not small beer either, a RIPA breach of this order is, if I recall correctly, a CRIMINAL offence."

With any luck, Kent will end up in Wormwood Scrubs where he will learn the true meaning of "invasion of privacy" when he first visits the showers.

Information On Space Travel = A Holiday to the Bahamas

“We will continue to maintain close contact with Phorm and BT throughout the trial. Clearly the trial should reveal whether this is a service that web users want, whether it is privacy friendly and that users are comfortable with the privacy safeguards put in place by Phorm.”

Of course, this does mean that the 10'000 user's targetted will be selected from computer numpties who click yes on everything ("Would you like to download this Virus", " oo, erm, yes please"), BT employees and Phorm Representitives... Nice one!!

Incidentally:

vi·rus

3. a corrupting influence on morals or the intellect; poison.

4. a segment of self-replicating code planted illegally in a computer program, often to damage or shut down a system or network.

who gives a f#k

dont just sit there thinking oh this is bad, get off your arse and send a f#king letter... Email just wont do, this is important people.. FFS more people want Leed's point back, whatever they are?! . this is fast becoming a non issue...

Gang rape is legal only if your properly registered corporate gang who do their tax returns...

Powerless Prime Minister

Just had another petition rejected on the Number 10 website. Response below, apparently the upholding of the law is outside the Prime Ministers powers or remit.

Judge for yourselves:

Hi,

I'm sorry to inform you that your petition has been rejected.

Your petition was classed as being in the following categories:

* Outside the remit or powers of the Prime Minister and

Government

If you wish to edit and resubmit your petition, please follow

the following link:

[Removed]

You have four weeks in which to do this, after which your

petition will appear in the list of rejected petitions.

Your petition reads:

We the undersigned petition the Prime Minister to: 'Request

that the home office investigate criminal behaviour by BT and

Phorm in 2006 and 2007.'

In 2006 and 2007 BT instigated trials of a system called

Webwise (then Pagewise) this system involves intercepting

Broadband Users web requests and response and processing them

to build up a profile of the end user.

The interception of the users web request without the user and

the websites explicit consent is on offence under the

Regulation of Investigatory Powers Act.

As the trial was conducted in secret by BT and BT are

"reluctant" to give further information about the trial it is

necessary for the Home Office to investigate what interceptions

took place and to bring about prosecutions on behalf of the

effected parties.

This is not a petition against the implementaion of Phorm by

BT, Virgin Media or Talk Talk. To register for that petition

use the following link:

http://petitions.pm.gov.uk/ispphorm/

-- the ePetitions team

I just had a thought........

If the BT & Phorm are looking for 10,000 volunteers to see how many people would be interested in using this technology there is a list of just over that many people here:

http://petitions.pm.gov.uk/ispphorm/

Maybe they could canvass these people to see just how popular the more relevant advertising feature would be........

@money will flow

the problem is how would the website owner know if the traffic was being profiled (intercepted) as any change to the data that is returned to the client is performed inside the ISP network?

the only thing a site onwer can do is check for the opt-in cookie and display an alternate page that says "pages not supplied to users that have opted into phorm !!" in big red letters

Peter White

@AC

I agree - write to your MP - or email them, get them sending questions to each other, point out to your MP that all their web mails will get diverted through Phorm.

letters and emails and constituents are the main interface between themselves and reality for a lot of them and a few letters can have a surprisingly large effect - so let them know their voters are angry.

You can mail them from here

http://www.theyworkforyou.com/

Legal Issues

My analysis of the secret trials in 2006/2007 is that multiple laws were broken as outlined below:

Regulation of Investigatory Powers Act 2000

Secret trials = no consent from either party to intercept.

Privacy and Electronic Communications (EC Directive) Regulations 2003

Secret trials = no consent from either party to intercept or process.

Data Protection Act 1998

Secret trials = no consent to process personal data, even anonymising is processing

European Convention on Human Rights

Right to privacy of correspondence

Human Rights Act 1998

Right to privacy of correspondence

Computer Misuse Act 1990

Knowledge and Intent to "Hinder" access and "Impair" operation

Fraud Act 2006

Masquerading as the intended destination (Phorm's "special machine") for the purpose of gain (revenue from advertising)

Torts (Interference with Goods) Act 1977

Trials inserted javascript programs into web pages which then took resources to process (see Ebay vs Bidders Edge) = trespass to goods/trespass to chattels

The Council of Europe's Convention on Cybercrime

Covers this issue very comprehensively

Copyright, Designs and Patents Act 1988

Copying a website for commercial purposes, see cases against Google and Archive.Org

I am in the process of writing my dissertation based around all of the above legal arguments, it will be publicly available under Creative Commons once it is finished.

Bottom Line?

BT trials in 2006/2007 can only be seen to have been criminal offences under multiple Acts as well as leaving BT liable for litigation under Tort law.

ICO?

They have a duty to investigate BT's secret trials for the unauthorised processing of personal data (irrespective of what was done with it "after the fact") under DPA and PETR

Home Office?

They have a duty to investigate BT's secret trials on multiple counts under RIPA, CMA, Fraud Act 2006.

Other stuff?

Any case which is initiated in a court of law (either criminal or civil) can also attach complaints under Human Rights Act 1998 irrespective of the fact that BT are not a public body. A judgement from a court -MUST- be compatible with ECHR and HRA as a court is a public body as explicitly defined in the Convention and the Act.

Possible EU Action?

Definitely. Council of Europe's Convention on Cybercrime is a mandatory convention, European Court of Human Rights may be applicable for breaches of ECHR and HRA. EU Copyright Directives and Data Protection Directives may also be relevant.

That's -my- opinion and it is such a strong opinion I have decided to study for a Masters in Law next year in order to help prevent this dogmatic attack on the fundamental rights of our society.

Phorm CEO (Kent) wants to talk to me on the telephone according to message I got from his PR team, but given the misquoting of Dr. Richard Clayton on their Blog this weekend, they can whistle.

So what we want is a website owner

to make official complaint to the fuzz. They will not usually investigate criminal offence without one.

How about it ElReg!!

Setting up an on-line petition

Those who had the good idea to set up an on-line petition to call for the government or various government bodies to investigate BT for breaching criminals laws could set up a petition here:

http://www.petitiononline.com/

At the very least, it would be highly embarrassing and a huge PR blow to have ten thousand signatures from the public asking for the directors of your company to be investigated from crimes and possibly locked up if found guilty!

About other ISP's using BT infrastructure

Just to clarify a little for people who aren't aware of how 'BT' is structured..

BT Retail is effectively a customer of BT Wholesale (the same as Tier-2 ISP's are customers of BT Wholesale).

As this sorry mess was put together by BT Retail, it is unlikely in the extreme that BT Wholesale would dare put this kit in line with their infrastructure (and thus in-line with Tier-2 ISP connectivity).

In fact, I don't even think BT customers using business products would be affected by this (so far). I may even just change my DSL to a business line and pay for it from my company (but with another ISP of course - it might be easier to obtain injunctions and pursue legal matters if from a business rather than an individual).

</2p>

Really...

.... is there anything these f**kers won't do?

And now the ICO has more or less said:

'Phorm has told us they'll be good boys and only use the illegally intercepted and analyzed packets for good things that everyone wants, so it's all ok'

I guess this is a slight step back - keep fighting!

@ StillNoCouch: Oxymoron Alert!

"a thinking advertiser"

I rest my case.

Wow, check the number of Webwise FAQ's now!

Has anyone seen the size the Webwise FAQ list has grown to?

Anyone would think they're getting the questions directly from the Reg.....

I notice they haven't got "What does BT think of Phorm previously being responsible for some really insipid rootkit crapware and being registered in virtual offices?"

Paris - Because there are some things even SHE won't do for money.

PS - Still waiting on a reply back from BT to my question about getting out of the contract early when they change their T&C's.

Alternative direction for pressure

As usual, this and most other schemes that impose on privacy is about money. The ISP gets paid to allow Phorm by Phorm, Phorm gets paid by advertisers who think direct targetting is better.

So as well as going against the ISPs and the Govt for a legal challenge, how about going after the advertisers? Without their money in Phorm, the whole house of cards collapses.

Id suggest a pre-emptive campaign, with a whole bunch of people [eg the petition signers] signing a pledge that any company advertising through Phorm will be boycotted by them until the company apologises and withdraw the paid adverts.

It's not the perfect answer, obviously law courts and very expensive suits will be, but it could be a way to slow things down until we can get rid of the whole kit and kaboodle.

RE: Alternative direction for pressure

>Id suggest a pre-emptive campaign, with a whole bunch of people [eg the petition signers] signing a pledge that any company advertising through Phorm will be boycotted by them until the company apologises and withdraw the paid adverts.

I think that's a genius idea!

Why don't you start one on:

http://www.petitiononline.com/

Or, if forum users want to help me think of a pledge, I can start one myself.

virgin media user agreement

This is a copy and paste

Terms and conditions for your residential customer service agreement

With your permission, we may monitor email and internet communications, including without limitation, any content or material transmitted over the services.

G Your details and how we look after them

1. You must give us promptly and accurately all the information which may be needed so that we and Virgin Media Payments can perform our respective obligations under this agreement. You must also tell us immediately if any of your details change.

"READ THIS BIT SLOWLY "

2. By having the services we provide installed in your home and/or by using them you are giving us your consent to use your personal information together with other information for the purposes of providing you with our services, service information and updates, administration, credit scoring, customer services, training, tracking use of our services (including processing call, usage, billing, viewing and interactive data), profiling your usage and purchasing preferences for so long as you are a customer and for as long as is necessary for these specified purposes after you terminate your services. We may occasionally use third parties to process your personal information in the ways outlined above. These third parties are permitted to use the data only in accordance with our instructions.

3. We may also, subject to your consent, use your personal information to contact you with information about special offers and rewards. We and other Virgin companies (e.g. Virgin Atlantic) may also, subject to your consent, use your personal information to contact you with information about their products and services including special offers from them, and we may disclose your personal information to other Virgin companies and sub-contractors and agents for these purposes. But don't worry, we won't share your details with companies outside the Virgin group for marketing purposes without your consent.

This is hidden 3/4 of the way down the page .

So VM can phorm you already

Is this why they have been so quiet on the subject ?

also VM had a lot of network problem's LAST SUMMER with slow connections etc .WERE they trying phorm on the sly?

Crime suits me fine..

To think I gave up crime 40 years ago because big brother told me it was wrong and now that same big brother is promoting crime. ..

I'm going back to selling dope and I'll be pushing it on you through Webwise.....

Hehehe...

The robots.txt file

One point in Richard Clayton's report that puzzled me was the revelation that Phorm intend to use the robots.txt file from each web site to decide which pages they should avoid scanning. This has never been mentioned before (despite it being obviously relevant to the question of whether permission to intercept the data has been given) and RC makes a point of saying that Phorm offered no explanation for not mentioning it earlier.

That's decidedly strange.

My interpretation is that the use of robots.txt is a recent addition. It reveals that Phorm (quite rightly) sees itself as very vulnerable on this issue of permission to intercept and is attempting to head off the attack.

However, the robots.txt file is a poor choice and it won't win the argument. Web sites are interested in allowing spidering of their (non-confidential) pages because it gets them a good ranking on search sites. They're much less interested in being scanned by Phorm because that's only good for their competitors (and Phorm). So the robots.txt file isn't fit for Phorm's purpose and any judge worth his salt will see why.

It's also interesting that Phorm won't say what user agent string they use to interpret the robots.txt file. The obvious interpretation is that they don't want to hand you a way of excluding them from your site. But unless they allow you this possibility, any argument that the robots.txt file grants them permission to intercept your data immediately evaporates. What's the point of a file that excludes Phorm from your site if they won't tell you what to put in the file to do that?

Of course, another interpretation is that they don't want to give a user agent string because we'd then all go looking for it in our logs. When we don't find it, we'll conclude that they weren't using the robots.txt file during their earlier trials with BT. And that will remove the only possible defence they might have when this goes to court.

@ Jaowon - What's privacy?

Have you been sleeping? - this has gone way beyond privacy. This is into premeditated criminal activity territory.

The ISPs are spoofing that they are webwise.com for the purposes of reading / writing content to the webwise opt-in / opt-out cookie on YOUR computer.

When a user requests MY website, the ISP is spoofing MY website and setting a cookie in the name of MY website. They then strip out this cookie from the header data sent to MY server so that I am not able to detect the illegal writing onto YOUR computer.

MY privacy statement says that MY website does not set cookies. YOUR browser reports that MY website is trying to / already has written a cookie to YOUR computer. I do not like FRAUD being committed in the name of MY website.

This is against all the security rules set by the developers of cookies. The possibilities that this opens up are too many to put into a short post.

In simple language, what you have at the ISP is:

Spyware: reading content on YOUR computer which they should not have access to.

Malware: writing content to YOUR computer and impersonating another website.

Rootkit: sitting at the ISP over which you have no control but which has control over your hard disk and is able to intercept DNS requests and mislead your browser into believing that the content at the ISP is the server requested.

If the above does not bother you then you really need to educate yourself about your responsibility for security on YOUR computer and the duty of trust that is expected from an ISP.

You may notice that this is before any reference to DPA or RIPA. The processing of your data and the unauthorised interception takes place later in the process which is why the new argument is that DPA does not apply because the data collected was collected illegally so can not be approved under any interpretation of the DPA.

The flames - because the title text says it better than I ever could. A volcano would say it better.

Fighting the Phorm zombie hordes

Is there any technical info out there on the Phorm cookie and how I can prevent my sites being viewed by Phorm zombie users?

After a suggestion from a Reg reader I registered this :

http://www.antiphorm.co.uk/

Where in Inspecter Knacker of the yard?

In light of the ICO following the BBC lead in cut and paste of Phorm PR for there publications. The question that I want an answer to is:-

"As Intercepting communications is illegal the bigger question is why is the ICS allowing BT to do yet another trial.

By letting BT test the system, the ICO are aiding and abetting a criminal act. "

I also want to know where is Inspector Knacker in all this.

The BBC and others have reported several times that BT has committed a criminal act.

If a crime is suspected of taking place then Knacker has a duty to investigate.

Yet Knacker who is more then happy to shoot and kill an innocent traveller on the underground, is totally ignoring this matter.

A final question where is PhormPRteam. Have the skumbubbles given up, or are they just re-grouping

@ Alexander Hanff

Thanks for that list of various Acts and Statutes. I have included it in my latest communication with my MP.

This is all getting very technical. It is almost worth going out to buy a few shares in the ISPs just to go along to the AGM and ask some embarrassing questions.

Avoid the rush

Divulge ALL your personal details now, avoid the rush.

@Jaowon

Ohh you started so well

*"Have you been sleeping? - this has gone way beyond privacy. This is into premeditated criminal activity territory."

and then went down hill and turned into one of the sheeple, shame, such potential, lacking in real conviction ;)

YOU could be the person that makes a diference, if only you tryed my friend, perhaps you might give it a go and suprise yourself..... please do..

@AC Have you been sleeping

sorry AC didnt mean to attribute that to Jaowon , my bad.

well said AC.

anyone here a layer, people need to learn about UK Tort law and Injunctions on the cheap as had been talked about for a while now ,you know were A ;)

make a difference, make a friend , and make the effort, it's in everyones best interests surely.

Re: @AC @Me

Just because it "happens all the time" doesn't mean we should all bend over and give up without a fight. Street muggings "happen all the time", that doesn't make them right and doesn't mean that the muggers shouldn't be punished.

And, while *you* may be "powerless to stop it", a lot of us are not. At the very least you can give your Phormed ISP (BT, Virgin, Talk-Talk) the finger. I'm moving to Zen, who assured me that they won't use Phorm and believe it to be illegal.

Get the police involved

Given that BT Retail haven't said which customers were trialled; doesn't this mean that any BT Retail customer can now make a formal complaint to their local police on the grounds that they suspect that they may have been the victim of a breach of the relevent section of RIPA?

If enough people complain to the police then it may force a criminal investigation of BT's activities.

Time to go to a higher power...

Since our beloved leaders feel that BRT are in the right, and IMO are not going to act perhaps it is time to step this action up a notch and head straight to the EC as Alexander Hanff outlined so well above it is not just UK law being infrringed.

Phorm Emma Sanderson emailed me

http://www.sothcott.co.uk/phormletter.html

I have placed this on my website for you to read rather than waste space here. We need a spin Icon.

When you're a big organisation you learn to lie in a smart way. I am also in a battle with United Biscuits because the last packet of penguins I bought tested foul. I asked various people to try them and they spat them out. UB wrote back "The samples you forwarded to us have been tasted by several colleagues in our office and also by our taste panel, and it has been confirmed that product was to specification and nothing wrong with the sample could be found".

I know perfectly well that this is ab blatent lie. But note the wording, she did not say she enjoyed them. What's that plausable deniability or something?

Have you noticed that recently the powerful men always get the powerful woman to tell the lies?

Toxic symbol.

Virgin Media and Phorm

Morning all,

-

VM

I've got a Virgin Media business account, and sort out PCs for several neighbours with Virgin residential lines.

I actually spoke to VM's lawyers about Phorm last Friday. After the public drubbing BT got, they seem very anxious to be seen to be doing the right thing.

What I got from the call was:

1) They are still looking at whether or not to implement

2) No trial would be carried out without prior notification

3) They're watching with interest what is happening with regard BT and Phorm

4) They're aware (and concerned) about Phorm's history

5) They aren't planning to implement it on business accounts (though as these pass in part over domestic network I can't see that makes any difference).

Try calling them, voice your opinions... if nothing else it's their time and call cost!

-

General stuff

That the ICO can see no breach of the DPA isn't a shock, but we should probably be writing en masse to the home secretary to ask them to investigate the breach of law vis-a-vis RIPA.

Do it by pen and paper and cc it to your local MP. If you don't get a reply, push it up the scale with a few newspapers, watchdog etc. "Home Secretary fails to look into illegal interception" is just one conceivable headline.

I'm typing my letter this morning. Anyone else joining in?

-

Paris - because even she can understand what's going on

What about the people with static IPs

They are unidentifiable? I think not.

It has to be an opt in system if allowed at all, there are plenty of people who wouldn't know how to opt out.

Re: @AC @Me

Jaowon,

You have done an excellent impersonation of the Sheeple.

I know exactly what you are saying and how it feels. We are all Sheeple about something. Afterall we can't care about everyting, it gets too stressful and we have to get on with our lives. One of the problems is that with not enough people making a fuss about this then those that do have to work harder.

In the big scheme of things Phorm is just some illegal spying supported by big communications companys and our government. I am sure the people who don't want to be spied on will encrypt and the people who do like it will just love the extra security it brings them.

I am not really that bothered about Tibet. It's just a peaceful country run by monks who have been invaded by the worlds biggest nation. Putting out the Olympic Torch looks like a laugh and I am glad the hypocrits who carry the thing are having problems. But do I look bovered?

Now back to Phorm. This is our fight, one we are winning morally but losing in practice. It's gonna take some people dressed as spiderman to get this really noticed.

By the way, remember that other major battle that we the sheeple one a few years ago? They one where they had to paint the speed cameras bright yellow? Guess what, they don't have to do that any more.

This will be the same. Fight them on a legal basis and win, then they just change the law so you lose later. The house of lords has been hollowed out so they can do this.

Don't dispare, fighting is good. Enjoy the fight and feel angry about losing.

@Sceptical Bastard

"It is no surprise, either, that pro-Phorm entries are traced to an IP address range assigned to BT."

Actually, you're right ... it's not that surprising. I can't recall offhand what proportion of UK residential broadband users BT has, but it's not insignificant.

Since anyone who had done the tiniest investigation (i.e. clearly not el Reg hack [no surprise there :D]) would be able to see clearly from the whois info that the IP address in question is from the ISP range, this particular conspiracy theory will just have to go by the wayside.

@Chris - I know this sort of story gets you all excited, but try to get at least some facts correct. I'm no fanboy of Phorm's tactics (death's too good for them, IMHO). Nonetheless it would help if you dropped the tabloid urge to throw in as much "damning evidence" as you can (when it clearly doesn't hold water). Just makes this reader think what else you've got wrong (probably quite a lot) ....

Analogy

I just love Phorm/BT's line about not needing to bother about the legal niceties of the DPA or RIPA because they don't keep any personally identifiable information, and they are doing it "for our benefit".

So, if I ignore the law and smuggle a gun on board a plane, but I don't use it to do any wrong, and I claim that my having a gun makes the other passengers more safe, that must also be fine?

Phorm et all... a more personal discussion

There's the infosec exhibition at Earls Ct later this month. Anyone else here going to that? If so, and I realise this may be a scary suggestion, who's for meeting up for a jar and a chin wag? Get to know your fellow posters and all that nonsense.

If nothing else, a few drinks and the world's wrong seem to be more easily sortable :)

some answers to question in this forum

@can anyone tell me

block cookies from www.webwise.com and it is a permanant opt-out (if you beleive them )

@ DPA and RIPA

DPA does apply as DPA applies to processing of personal data as well as storage and by default you have to process the personal information to remove it, so DPA does apply

peter white