UK.gov misses deadline on EU Phorm probe

Phuck Phorm, Bugger BT and Drown Brown

Sod the lot of you.

Hopefully the EU will force our government to get a clue in this instance and realise that they *must* enforce the provisions that they themselves signed into law. There's no point having any laws if nobody is responsible for investigating alleged breaches.

What happens if the EU parliament decides that the UK effectively has not implemented the statutory requirements since it has not included an investigatory body?

@Aristotles slow and dimwitted horse

I think you missed point E

E) Are personally making money on the deal from shares/jobs in BT/Phorm and or bribes

Cancelled

Just phoned to cancel my service with BT and was pleased to be asked why I was cancelling.

Phorm and traffic shaping? Would the last customer to leave please turn off the routers.

What a good letter.

It gets to the heart of the matter doen't it?

The disgraceful behaviour of the UK authorities moves one step closer to exposure.

BT moves one step closer to the courts.

There should be a public enquiry. Well done El Reg and well done The EU.

Response to questions?

Q1. What are the United Kingdom laws and other legal acts which govern activities falling within the scope of Articles 5(1) and 6 of Directive 2002/58/EC on privacy and electronic communications and Articles 6, 7 and 17(1) of Directive 95/46/EC?

A1. Data protection act probably.

Q2. Which United Kingdom authority(-ies) is (are) competent (i) to investigate whether there have been any breaches of the national law transposing each of the above-mentioned provisions of Community law arising from the past trials of Phorm technology carried out by BT and (ii) to impose any penalties for infringement of those provisions where appropriate?

A2. None.

Q3. Have there been any investigations about the past trials of Phorm technology by BT and what were their results and the conclusions of the competent authority(-ies)? Are there ongoing investigations about possible similar activities by other ISPs?

A3. Unlikely.

Q4. What remedies, liability and sanctions are provided for by United Kingdom law in accordance with Article 15(2) of the Directive on privacy and electronic communications, which may be sought by users affected by the past trials of the Phorm technology and may be imposed by the competent United Kingdom authority(-ies) including the courts?

A4. Maybe a little fine which can be recouped by upping customers charges.

Q5. According to the information available to the United Kingdom authorities, what exactly will be the methodology followed by the ISPs in order to obtain their customers' consent for the deployment of Phorm technology in accordance with the relevant legal requirements and what is the United Kingdom authorities' assessment of this methodology?

A5.There will be a generic disclaimer placed within a microdot within the customer's contract permitting ISPs to do whatever they like in future.

Maybe if they'd asked for a response in 48 hours they'd have got one - a month is easily enough time to forget...

Europe kicks the apple cart

now lets watch those rotten apples fall!

The relevant sentence - or fragment thereof

Which United Kingdom authority(-ies) is (are) competent?

Reding's Reading between the Lines .....and the Standard Phorm Riot Act Letter.

Dear Fab Fabio,

It's a Fair Cop. We wuz Robbin' the poor SAPs Blind. Wanna Piece of the Action? How Much of a Bung will it take for you to Look the other Way.

IT's amazing what Phorm can discover and the Private and Personal Leverage that ITs Technology can XXXXtraOrdinarily Render. It's like stealing Candy from a Baby.

Ps. Ever had a horse's head in the bed. Now run along to Viviane and tell her Thanks but no Thanks ..... in the nicest possible way, of course. Find your own Cash Cow to Milk Dry and give her a Good Seeing to.

Yours Most Sincerely, BT FCUK

@ Gordon Pyra...

I certainly wouldn't discount your point and it makes a humorous aside (as do mine) but I'm not sure there is actually any hard evidence to support it... at the moment at least.

Comprehension.

True.

Government ministers & the ICO may not 'fully understand' the implications of this technology.

But you can bet your sweet ass that there ARE people in the (un)Civil Service and security services who DO 'fully understand' not only the implications, but the possibilities of this technology.

Hence the large dose of official disregard being given to the subject.

Bravo!

Bravo TheRegister... keep up the astoundingly good work!

Excellent stuff

Hopefully the government's response will be made public too, though AC above seems to have the scoop on this already...

The fact that the (unelected) EU is taking action to protect its citizens - unlike our *democratically elected* government - is just TOO wierd.

@ Aristotle's steed & point 'e'

Well the CTO of BT Retail who introduced phorm to BT and supervised the illegal trials is now the CTO of phorm .....

One thing apparently overlooked

by the EU is that it appears that interception of our internet traffic by Phorm will still take place even with an opt-out and that this is still illegal and objectionable.

Phorm's response to date is, a la Blair, 'trust us'. Not bloody likely.

The problem is who do we now trust. Answers on a postcard please!

Er...

"no evidence to suggest significant detriment to the individuals involved"

IIRC, at least one individual replaced his computer because of suspected infection that BT itself confirmed, because their support staff hadn't been told of the trials. That would be detrimental enough for me.

@Phuck Phorm, Bugger BT and Drown Brown, @Excellent Stuff

"What happens if the EU parliament decides that the UK effectively has not implemented the statutory requirements since it has not included an investigatory body?"

AFAIK they have the powers to impose a daily fine on the UK for each day that goes by and they dont comply with the law. This amounts to little more than a joke with a bad punchline, there's one EU country (it may even be UK. Or Greece. Let's be honest, I don't know) that is constantly being fined for something (again, I don't know what for) and they just pay the fine and keep doing whatever it was.

"The fact that the (unelected) EU is taking action to protect its citizens - unlike our *democratically elected* government - is just TOO wierd."

I know, like a Tory MP taking steps to draw attention to the erosion of our liberties, and the (Equally unelected) house of lords stepping in to protect the common man from 42 days.

Alien, because I feel like I'm living in a virtual reality while I'm being probed

I asked BT a couple of weeks ago....

If they could tell me if they still planned on implementing Phorm at any point, as they tried to sell me broadband.

Of course the salesman had never heard of Phorm, nor was he aware that BT had been trialling it, so I decided to have a chat with his manager.

Of course, the manager had never heard of Phorm either.

Do BT think we're stupid, like the government who allow all this to take place, while ruining the economy (no national debt when NuLabour came to power, how many trillion now? 19 is it?), eroding civil liberties (no freedom to protest anymore, not without a permit!), ignoring all of their own scientific advisors (on global warming, on carbon offsetting, on the dangers of 'lethal' cannabis) while treating the population as an enemy that need to be controlled. Oooh, I mustn't forget the 10,000 odd NEW LAWS that they've introduced since 1998... (anyone else think that in 1998 we probably had the basics and most other stuff covered?).

Get a clue BT, get a clue Nulabour. The joyous part of this is how labour are sunk and havent a chance of staying in power, unless they buy some vote counting machines from a well known company in the states which is owned by the cousin of good old dubya.

I mean, sheeeyat! What does it take!?

Black helicopters as they're clearly going to be watching anyone who doesnt trust the government.

Mine's the one with the letter to the EU saying 'Get 'em Boys' in the pocket.

Oh Happy Dayz

Another great bit of work from Mr Williams.

Getting on for a month ago I sent my MP a letter asking WTF uk.gov was doing about Phorm and whether I should just refer my complaint to the EU. There has been no response since.

Perhaps the rather pointed letter from the gentleman from the EU is the cause of the non reply.

Wouldn't it be nice to see BT and Phorm get a MSFT style reaming from the EU - a wild fantasy I know!

No reply from the UK Gov? This is no accident.

OK, so we all know that the UK government is shit and that their business model is to employ the dross that couldn't make it in the private sector, but this goes beyond incompetence. I would be prepared to bet a lot of money that there is a UK Gov back door in to the Phorm system.

We live in a country where privacy watchdogs ENCOURAGE the use of interception laws by local councils to gather even more information. Over 500,000 'legal' intercepts last year alone (not counting the many illegal intercepts that are routinely made by our police and security services that cannot be entered in to evidence).

UK Gov will not investigate, no prosecutions will be taken and BT will get away with it.

@ Piloti &co re the B in BT

The protagonist in this case is called BT ('Bee-Tee'). It is no longer called British.. anything.

For a company to be called British not only must it be British owned, it must be 'pre-eminent in its field', something BT might find hard to be these days....

How long does it take ...

"It requests answers on how and why the UK government has acted over both the secret trials of Phorm in 2006 and 2007, and planned future deployments of the technology."

... to reply "We haven't." ?

BERR and co are probably scrabbling around for someone to take the fall before they reply. Hopefully it will be Richard Thomas, who thoroughly deserves to be publicly horse whipped for his efforts in this, and other, matters.

"Help me with my ignorance"

There's no reason to worry about that particular aspect of matters. Your voice traffic gets routed over one set of logical connections and your data (broadband) traffic gets routed over a different set. They may use the same copper wires and the same optical fibres, but, in all probability, they are technically independent operations. Allegedly.

"I look to those who do know and do enforce the law to protect me."

I'd worry about that, given the picture to date. The ones who know the law are seeing the law being ignored, and no authority enforcing the law, and no UK authority protecting UK citizens.

It's like pulling teeth isn't it?

Never one to be a pro-EU person, I have to admit some delight in the letter from the EU to our government. It's been like pulling teeth trying to get the BT trial investigated properly and Im not finished trying to get it to happen yet.

So the EU wants to know who should be investigating it properly? We all want to know that!!!

The government did in fact reply

I would like to inform all reg readers that the department responsible for this cock up did reply to the EU

All of the correspondence and a covering letter was placed in a brown envelope and posted 2 weeks ago.

Unfortunately the data was lost in the post and the laptop with a copy of the correspondence was left by mistake on the 8.00am from London to Manchester.

The laptop and the CD was password protected, so no worries..

Err sorry a password reminder was also included just in case, The reminder was written by the GMTV phone in quiz setters.

The PM is called.

a) Gordon Prat

b) Gordon Brown

c) Not a clue,

Just enter A, B or C into the password box and you will be fine

Always a good laugh..

.. asking which UK Authority is competent. Haven't come across one yet since New Labour took over..

I like this one too {debate over opt-in versus opt-out is a "huge red herring"} - it is if you give absolutely squat about users's rights. Otherwise it's about the biggest thing going against being spammed out of your mailbox. As soon as you are forced to hand over your email address in order to register or otherwise be on the receiviong end of what is laughingly referred to as a "service" you are guaranteed to get it spammed by all sorts of guff, and worse, they are sold on.

If you then get someone emailing you from the UK (i.e. where you can at least scare them a bit with the DPA) you get all sorts of nonsense back as to where they got your email address. I think we should be entitled to KNOW who they bought the data of so we can go after them.

Now, back to Phorm. One of the problems with losing Phorm is that there appears to be a Secret Service angle to this (IMHO a very clever ploy from Phorm), and they're unlikely to let go of such an easy tool to ignore your privacy. I thus expect a lot of talk and little if none action to lose it. The only thing that may change is its name, because that causes the EU circus to have to start from scratch..

I don't think BT is alone in deserving to be beaten up - those who failed to recognise the illegality of this should have their rear ends birched as well. But I've always been for more direct means..

Only BT?

I seem to recall that there were two other noxious articles involved with it. One of them Luxembourg based or some such nether-end.

PH) PECR heads.

Glad that I am not involved, NO WAY!

HA! I am with eeeugh wait... WTF?

TALKTALK??

What was I thinking? Seriously though, how did Google know what sort of spam to send me to really upset me? Or am I paranoid?

and in the words of Elzar....Bam!

In particular, Directive 2002/58/EC on privacy and electronic communications, which particularises and complements for the electronic communications sector the general personal data protection principles defined in the directive 94/45/EC (Data Protection Directive), obliges Member States to ensure the confidentiality of communications and related traffic through national legislation. They are required to prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than the users without their consent (Article 5(1)). The consent must be freely given, specific and an informed indication of the user's wishes (Article 2(h) of Directive 95/46/EC). Traffic data may only be processed for certain defined purposes and for a limited period. The subscriber must be informed about the processing of traffic data and, depending on the purpose of processing, prior consent of the subscriber or user must be obtained (Article 6 of Directive 2002/58/EC).

That has Knocked it up a notch!!

Wheres the spice weasel Icon?

"transparent meaningful user notice".

Reminds me of the scene in Guys and Dolls where the gangster insists on playing with his favourite dice. The are so old the spots are worn off but "Luckily I remember where they were, snakes eyes bad luck"

MP contacted

via http://www.writetothem.com

Another government dpepartment....

.. that is entirely unfit for purpose.

Disgusted, but ofcourse not at all surprised.

The governmental machine is now completely and utterly broken.

Should that be?

'It requests answers on how and why the UK government has acted over both the secret trials of Phorm in 2006 and 2007'

Or more importantly, how and why the UK government HASN'T acted over both the secret trials.

@ @RIPA

Q - 'Quite why the ISPs want to annoy and alienate their customers by changing their role from passive data conduit to active data interceptor is something only the ISPs can answer.'

A - Cash.

They don't want it stopped

Once this data has been collected by Phorm it is no longer personal, rather the property of a company. UK.gov can then request it in ways they could never get away with if they were taking it directly from you. It won't even cost them to collect it. No wonder they don't want to stop it.

Even if the data is "anonymous" it would be trivial for any agency to ask Phorm "The next time you see Phorm ID 123456 tell us the IP address and the time (BTW you owe us for not closing you down in 2008)"... 1.2.3.4 at 6pm "Hello BT Internet, who had IP address 1.2.3.4 at 6pm last night?" Your deviant/subversive/politically incorrect/suspicious ass is grass.

its your data property to profit from , Not their.

"Once this data has been collected by Phorm it is no longer personal, rather the property of a company."

No it isnt, its still the property of the owner,that is you the end user and your *unique datastream, and the website owner and their ^unique datastream being the two partys involved in the webpage transaction, the ISP is just a conduit according to them, any unlawful act of commercial piracy is werth £50000 a time now ;) or will be soon.

they collect the data without consent, make a derivative work and sell that data, its commercial piracy end of story.

they dont own it,they dont have a licence to make a derivative work from it, its not theirs to sell...

*its pritty clear cut

unique:

existing as the only one or as the sole example; single; solitary in type or characteristics

. the embodiment of unique characteristics; the only specimen of a given kind

re AC Anyone fancy a FOI

"Anyone fancy a FOI

By Anonymous CowardPosted Wednesday 13th August 2008 09:43 GMT The next big question is does anyone fancy making a Freedom of Information request for questions put to, and questions selected for answering, by Patricia Hewitt in various recent webcasts? Im sure the selective nature of answers would be pretty informative..."

its not exactly hard to do, in the time you took to post here you could have posted that FOI on the web site here, it just seems people dot know about this site yet, go tell your friends etc ;)

http://www.whatdotheyknow.com/search/phorm

and for a bit of fun, you might want to bump talk talk up the charts a bit, their currently lagging the other 4.

http://www.kindlyfoxtrotoscar.com/?action=toplists

TEST CASE NEEDED NOW

Dear Chris, El Reg,

Once again I am not so outraged - this is great work from you.

One thing has started to appear on forums is a call for a test case to decide if Phorm breaches RIPA, Computer Misuse Act, PECR, DPA, Copyright, Designs and Patents act, etc.

Would El Reg consider making this a campaign, to call on the government for a test case into data pimping by ISPs (Phorm)?

After all, it would be hard for governments, ISPs and Phorm to say they don't want a test case. If Phorm is legal, then go ahead, lets have a case. If it's illegal, then surely for the ISPs and govt. POV best to find out NOW!

A TEST CASE - LETS HAVE A TEST CASE!

@AC RE: I asked BT a couple of weeks ago....

Word on the blogs and newsgroups is that BT customer service and sales employees have been specifically told to deny they know anything about Phorm if asked.

@ Piloti

" - 1 : Hate Phorm. Think BT were [if not wrong] very VERY cheeky.

- 2 : What the "£$%££$%£W"$E%$!" has it got to do with a bunch of jacked up europeans. The B in BT is BRITISH telecom. "

--

1) Well, the BT trials were ILLEGAL under PECR and RIPA. The key issue there is consent, and no customers were informed. IMO (call me naive?), corporations should not be allowed to wiretap people just for profit.

2) The EC are the people making the laws (directives) which the UK Govt translate into RIPA, PECR and so on. ICO and the Home Office have been passing the hot potato, BT are saying it took 'legal advice' at the time, and noone from the UK Govt wants to deal with this problematic issue.

The EC are the ONLY people pushing for accountability here. What's the point of signing in laws if you're going to f****** ignore them when the UK's most powerful comms monopoly craps all over them?