back to article BT: 'We did not let anyone down over Phorm... it was not illegal'

BT Retail wheeled out Emma Sanderson, its "director of value added services", on BBC Breakfast today to account for its secret profiling and targeting of credit card advertising to 18,000 of its customers using Phorm technology in 2006. She parroted the same line we've been hearing from BT since the 2007 secret trial was …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    People say I'm wrong about BT...

    "Surely they can't be that bad?" they say to me.

    And then more stuff like this happens. Roll on someone taking their backsides to court and getting them kicked. Hard.

    BT are spewing the same bulldust Phorm do about this non-consensual wiretapping being legal and no personally identifiable data being processed. Phorm haven't come back with an open, honest answer to convince those who don't believe them and neither, I expect, will BT.

    The claim that "Customers absolutely can trust BT, " is absolute bollocks. BT are, in my professional view, the lowest of the low. This merely confirms it.

    Anyone with a BT provision needs to ask themselves a simple question: "Is BT really the kind of company I want to be associated with?"

    Needs a "taking names and kicking ass" icon - maybe Rowdy Roddy Piper from "They Live"?

  2. Simplepieman
    Flame

    Priceless opening line from Emma Sanderson...

    "We absolutely were not spying on our customers..."

    But they admit to a trial where they observed customers traffic without the customers knowing about it.

    CAN WE PLEASE BUY HER AND SEND TO HER A DICTIONARY!?

    From the Compact OED

    secret

    adjective

    1 not known or seen or not meant to be known or seen by others.

    2 fond of having or keeping secrets; secretive.

    spy

    noun

    1 a person employed to collect and report secret information on an enemy or competitor.

    2 a person or device that observes others secretly.

    A PERSON OR DEVICE THAT OBSERVES OTHERS SECRETLY

  3. Anonymous Coward
    Anonymous Coward

    Put the cat back in the bag

    I hope BT will be compensating everyone who is traced through the coding errors of the 2006 trials. I hope BT get to their customers before the customers get a phone call from a complete stranger asking them who they got their internet connection from.

    Anonymous - BT don't know the meaning of the word.

    If BT claim to not know who was in the trials, that does not say very much for the managerial control they have over the systems. If they don't know who was in the trials, how can they claim that no PII data was obtained?

  4. Dave

    Waste of time ....

    Having them on Breakfast, a 6 year old press packer from newsround could have done a better job.

    BBC stop calling them journalist's ...... and refer to them in their new true guise.....presenters.

  5. Anonymous Coward
    Stop

    BT - too powerful

    How about this scenario:

    Most people send some real post and receive post - both junk and non-junk. It's mainly delivered by the Royal Mail.

    So the Royal Mail decide to intercept outgoing and incoming mail. They scan it, understand the content etc. It's left unaltered, you don't know it's been analysed.

    They then offer to sell the information to marketing companies - in an anonymous form (i.e. they don't provide your name, just your postal address)... they don't get actual personal information, just profile information (e.g. you receive and send a lot of stuff to mail order catalogue companies). The companies buying the data can target the addresses with more appropriate junk mail - good for everyone all round!

    Who'd be comfortable with that? Phorm don't mention analysing email, just browsing hence the analogy is only valid for the commercial equivalent of browsing.

    Is the anything wrong with the analogy?

    I'm so annoyed that 70% (by market share) of the internet users are going to be subject to this and there is nothing anyone can do about it. The remaining players can't take on more customers and the big players have locked in users with binding contracts.

    Joe public has no idea what this means or the more implications. We need the equivalent of the EFF in the UK to lobby the government - no individual can afford to take BT court; their pockets will buy the best and most expensive lawyers in the country.

  6. R Callan
    Linux

    Telephone ads

    When will BT start inserting ads into private 'phone conversations to "improve your conversational experience?"

  7. Craig

    BT: "It wasn't illegal"

    So? Anyone who uses this defence probably doesn't have any scruples. Something being 'legal' doesn't automatically make it OK.

    I would have had a tiny bit more respect for BT if they 'fessed up to maybe making a mistake or 'error of judgement', some other bullshit.

  8. Matt Brigden
    Unhappy

    You can only trust BT to screw up

    Everytime I call them for anything to do with my phone its a bloody drama . Each person you talk to says something different and its a damn mess . And they wonder why when they offered me adsl after the rigmarole of getting a line activated I told them to get bent .

  9. Anonymous Coward
    Paris Hilton

    Everyone can benefit

    So let me get this straight. It was all done anonamously so they DO NOT know who they wired tapped.

    So surely then EVERY SINGLE BT customer should SUE them.

    Paris - Cos I've always wanted to....

  10. Chris Cheale

    bunch of cnuts

    That was the lamest most weak and watery piece of shite reporting I've ever seen on BBC brekky before work this morning - I was practically spitting blood by the time I left the house.

    It was more a concillatory whitewash than any kind of reporting - "but everyone is doing it and it's completely anonymous, what's the problem?" ... what a load of utter tosh; but because it was on Aunty people are going to believe it - bastards.

  11. Richie M
    Coat

    er...?

    so BT basically said "Yeah Phorm come on in, here's our network go knock yourself out, I'm off to the pub."

  12. Joe K

    Will someone just get arrested already, please

    Send the coppers in, this was a mass wiretap, end of story.

    I'd give anything to see BT execs marched out in handcuffs over all this.

    And well done to The Reg, and the anonymous whistleblower who's leaked all this, good on yers.

  13. JCL
    Stop

    Jesus

    They do all this and then let us know they can be trusted? They aren't even giving credible interviews. Do you think they are lying, speaking untruths, or are engaging in a bit of misspeak? The more this goes on the more depressing it gets.

    I'm really unimpressed with the whole thing, but at the end of the day they are taking a lead from the government who are just as free an easy with our private information from the introduction of ID cards and more importantly the joined up databases that will be accessible by all and sundry so they can get ya from the cradle to the grave, lost CDs, fingerprinting kids to take out library books, etc, ad nauseam.

    Finally, I've still not been able to work out how our surfing data going to a bunch of shady characters (or not?) increases our security. I'd be very grateful if someone could explain this to me without spin.

  14. April

    The dog ate their data?

    "BT doesn't know whether they were participating in the trial or not... it should reassure them."

    ...You mean if customers submitted a legal request for full, complete disclosure of the information the company holds about them under the Data Protection Act, they wouldn't be able to fulfil it? Oh, how shocking. Would Phorm? Shall we find out?

  15. Anonymous Coward
    Anonymous Coward

    What scary is...

    ...that most internet users haven't even heard of Phorm and when the ISP's go live with this, they will put enough spin on it to make it sound like a good deal and dupe the user into it.

  16. Chris Green
    Black Helicopters

    Well now we know it's legal to watch my webbing, how about...

    ...listening-in on my phone calls. Then when I mention a retailer, they could chip-in with the phone number and also suggest others that may suit, but who are obviously appropriate to me needs, just because those retailers pay BT to tell me so.

    How about extending that service by warning me when I'm straying onto subjects that the government would prefer I not discus?

    Then combine both to suggest a retailer for a book on a the subject and maybe recommend a title. 1984 perhaps?

    Could I then wonder why it wasn't titled 2014?

    We aren't quite there yet, but it's not so far now.

  17. Steven Freeman
    Gates Horns

    Big Brother has the ability to nick your details

    The scariest of all the stories shown on the register regarding this 'invasion of privacy' has to be that the software they used injected Javascript code into the html of the pages that were being viewed by the users.

    Now, if this actually happened, then it would be possible for users data (name/address etc. and even worse, their credit card details) to be sent to and from the PHORM software using Ajax, and the un-savy user would never know that it happened.

    Now, imagine someone less than savoury is working at BT; they could decide to inject their own code into the pages to grab this information with very little effort and no-one would really know. A database created on the fly (or even something like a csv file) could then hold all this data. As as it has been created without anyone else's knowledge there's a real good chance that it would never be detected.

    I think BT users have the right to be very worried about this possibility. And I'm now worried about Virgin's 'abilities' with regards to this matter.

    I just hope that in 2 months I wont be reading an article about how some little b*stard has stolen users details using this scam, sorry I mean Trial :S

  18. Lloyd
    Thumb Down

    Nick 'em

    Maybe they'll get pulled up by Ofcom? Oh no, that's right, it's full of BT's ex board members which is why they've never been pulled for any of their other violations since privatisation.

  19. Rob
    Boffin

    Improved browsing experience

    I'm not so naive as to think that the Web can do without ads, but as someone who has a "Niven's hyperspace blind spot" for web adverts, targeted ads would not improve the browsing experience.

    I wish somebody would go to prison. That would be hilarious, and also stop this whole debacle in its tracks.

  20. Ian

    Which BT?

    One thing I'm still not 100% sure on is which part of BT performed the trials?

    Was it the part in charge of the underlying infrastructure or BT the ISP?

    Could I as a PlusNet user have been tapped due to it being performed on the underlying phone network or was it simply those who subscribe to BT Internet?

    My interest is because I truly am willing to follow this up if there's potential I could've been a victim of this snooping but obviously as I don't use BT Internet and use PlusNet as my ISP it may not have effected me.

    Of course, BT owns PlusNet anyway which muddies the waters somewhat.

    Can anyone narrow down the set of affected users this far at least to the point we know if it was anyone attitude to BTs phone network or just people using BTs ISP?

    I still sympathise if I wasn't affected of course and it was just BT Internet users, don't get me wrong but I can't take action over something that doesn't affect me either unfortunately.

  21. Stephen Gray

    antiphorm.com and antiphorm.co.uk

    These domains are available for the princely sum of £28, I havnt got my credit card with me today, somebody buy them so we can fook BT and Phorm and then become internet squillionaires by reselling the user list.....LOL

  22. Anonymous Coward
    Paris Hilton

    Yep

    ""BT doesn't know whether they were participating in the trial or not... it should reassure them."

    ...You mean if customers submitted a legal request for full, complete disclosure of the information the company holds about them under the Data Protection Act, they wouldn't be able to fulfil it? Oh, how shocking. Would Phorm? Shall we find out?

    "

    Time to make a request methinks:

    "I would like to know everything you know about me, including whether I was involved in the October 2006 trial."

    What do you mean you don't know? Either I was or I wasn't, which is it??

    Paris knows when she is getting screwed unlike BT customers

  23. bobbles31

    Usual BBC Dross then

    No counter angle, no alternate interviewer to clarify the truth, just a whitewash interview allowing BT to promote their side of the story.

    I notice that Phorm have gone quiet now.

  24. Andy ORourke
    Thumb Down

    @ BT - Too Powerful

    "The remaining players can't take on more customers and the big players have locked in users with binding contracts."

    BT Have stated that they will need to change your contract T&C's once this is going operational. At that point I am going to tell them I dont agree with the T&C's and request my MAC.

    Also, anyone else angry about the BBC "Report" which made it seem that Phorm was only looking at your terms entered into search engines? not once did they tell the viewers that EVERY http packet would be profiled, opted in or out.

  25. Anonymous Coward
    Anonymous Coward

    @Steven Freeman

    "I just hope that in 2 months I wont be reading an article about how some little b*stard has stolen users details using this scam, sorry I mean Trial"

    Personally, I'm looking forward to that article...with all the news about data leaks recently, the public are beginning to give a damn, and such an article would probably be the final nail in the coffin for Phorm

  26. Mickey Porkpies
    Go

    Vote with your feet

    As an organisation we have many broadband circuits with BT which we will be migrating away from them over the next few months directly as a result of this action and loss of trust.

    The supplier we move to will provide a written undertaking not to do this type of interception without prior permission.

  27. The Other Steve
    Unhappy

    Reassure them how ?

    "We do not know whether they were participating in the trial or not... it should reassure them."

    How ? I mean seriously, how is that meant to be reassuring ? BT enrolled 18,000 customers in their covert trial and didn't know which ones. How did they chose them ? Why didn't they keep any records ? If they don't know who they were, how did they count them ?

    This is either serious incompetence, or BT knew they were in the wrong and sought to cover their tracks even at this early stage.

    It's getting harder and harder to believe the former.

  28. Dr. Mouse Silver badge

    @Simplepieman

    I have to agree, they WERE spying, simple as.

    Soooo glad I am not, and havent for a long time, with BT. My parents are though... wont be using their PCs except through a secure tunnel.

    Someone needs to sue the b******s, to let the world know they are bullshitting. And to stop this from happenning!

  29. Anonymous Coward
    Anonymous Coward

    Come on BBC you can do better than that

    Where is the investigative journalism. Why don't you hit BT with some of the good points raised here already.

    Do your research.

    Ask BT did they know that 121 media at the time of the 2006 trial was a well know spyware / rootkit company.

    Then watch them squirm when you hit them with the: How do you know their data wasn't compromised if you don't know who was involved in the trial. Why did you trust 121 media?

    These presenters let them off far too lightly!

  30. Anonymous Coward
    Anonymous Coward

    @Stephen Gray

    go to badphorm.co.uk instead..

  31. Tracy Dean

    Police investigation

    Perhaps el Reg should write to a Chief Constable and ask for a criminal investigation into this illegal activity - it works for MPs.

  32. HeyZuZe
    Alert

    Lets Go Shopping With Emma Sanderson

    Stand over her shoulder watching what she's shopping for.

    Then evry time she looks at an item we could try and sell her three other items of interest. throw three posters of the latest movie at her, ask is she happy with her current bank, mortgage, car insurance...... and is she sure that those prada shoes not for her. realy sure! go on you, want them, you do!

    how long before she get P!$$£& off

  33. Anonymous Coward
    Flame

    Where BT's argument fails

    BT's argument seems to be based on the misconception that it's ok to intercept telecommunications so long as "no information was divulged, and that people were completely anonymous."

    The problem of course is that under RIPA, it is the *act of intercepting telecommunications without consent* that is illegal. Whether any personal data is stored, processed or deleted immediately is utterly irrelevant.

    It is no different from eavesdropping on telephone calls and claiming it was ok because no notes were taken, or that the eavesdropper 'wasn't concentrating'.

  34. Anonymous Coward
    Boffin

    Track the Anonymous exchange

    Because of the unique way that the BT is funded we can trace the effects of the BT Phorm Trial in 2006 Serach Google for "http://ntp.sysip.net/tag/2.js"

    and hey presto you have now found forum posts with strange java script inserts .. ooo very annonymous now we have usernames...

    Like poor old dayglo jim here: http://www.bikegirl.co.uk/forum/forum_posts.asp?TID=2418&PN=1 now read that and say they weren't affected!

    or duffy666 or Delise The list goes on...

  35. Anonymous Coward
    Anonymous Coward

    What bothers me more than anything in this is that.....

    Not one of our legislators or, indeed, the police seems to be taking an interest. If it was - as asserted - a mass illegal wiretap then there should be a criminal investigation and, if appropriate, prosecutions in the public interest of those executives involved. BT will not reveal who the targets were just in case the list contains some Americans or Germans who would take a much more vigorous approach to having their confidentiality maintained.

    If it wasn't an illegal mass wiretap then the sooner the general public know it is quite legal for an ISP to pimp your internet usage the sooner they can start moving their accounts to the secure ISP of their choice.

    As another contributor said just 'cos it may be legal doesn't mean it has to be done - or are we in a race to the lowest common denominator of standards?

    If BT, Phorm and the rest get away with this continued fudge then eventually the momentum will build to let it pass and your browsing habits will be pimped by all ISP because they won't commercially - in the shareholders interest - be able to justify not doing it.

    In this case there is no honour amongst thieves!

  36. Bobby

    'WATERGATE'

    Hey this is better than 'Watergate'..

    Wonder if they'll turn this Bt scandal into a film one day..

    haaaaaa..

  37. Steven Freeman
    Alert

    @ Ian

    Taken from the Phorm website:

    ISP Partners

    Phorm enables ISPs to play a pivotal role in the online advertising market while offering a better and safer browsing experience for their customers and fully protecting their privacy.

    Current partners include BT, TalkTalk and Virgin Media - companies representing approximately 70% of the UK broadband ISP market.

    ---------------------------

    It doesnt mention however what encompasses 'BT' but it looks like you may be safe.

    This also answers my question about Virgin Media... dammit

  38. Ryan

    Hmmm

    And what about the option to not have adverts?

    I dont care if im looking up holidays i dont want a big advert shouting at me to go to spain.

  39. Anonymous Coward
    Flame

    ...possible Phorm thwart ?

    Since it seems a few websites are a little unhappy at this, how about an informal industry arrangement where every webpage is sent with some sort of MD5 hash in the headers ? The browser could run a comparison of the hash with one computed from the actual page.

    If any Phorm-injected javascript is present the hash will fail, and the browser could warn the user ....

  40. Tony Paulazzo
    Alert

    My letter going out to news channels, gov bodies and one MEP.

    Phorm and the profiteering of BT, Virgin Media and Carphone Warehouse.

    Or, how your online browsing habits are up for sale.

    I've just been left wondering why no decent investigation or coverage off the Phorm and BT/Virgin Media/Carphone warehouse association has not been carried out in any depth by any news media or unbiased governmental body, has investigative journalism truly died in the country? Are the laws of British citizens no longer applicable to big businesses?

    Phorm, an ex adware/spyware company (placing files unbeknownst onto a user’s computer without their knowledge) is run by a man called Kent Ertrugul who used to run a company, 121 media. This company would watch your browsing habits so that targeted ads could be delivered whilst you were surfing. Most antispyware programs would delete these cookies as spyware. As 121 Media they ran a series of secret trials with BT without their customer’s knowledge or consent in 2006 and 2007.

    Having changed their name they now intend that ad targeting be run by your internet service provider so antispyware will no longer have anything to delete. As Phorm they are being allowed to run their own proprietary software on two of the UKs largest broadband servers, BT & Virgin Media, who do not have access to their code, yet who can state with unequivocal assurance that it is safe, and that identifiable customer information cannot be seen.

    How one top man, Stratis Scleparis, from BT has moved across to Phorm after the secret and illegal profiling trials of ‘06, ‘07, and how over 9000 people have signed a government petition trying to stop it has caused little to no reaction in the countries news media.

    This is invasion of privacy on a massive scale yet the BBC seems hardly aware of it except for one little item where they appear to agree that the secret BT profiling trials of some 8000 customers last year may have been illegal - well, I've not seen anyone arrested yet, not even an investigation – what gives?

    The opt in/opt out measures (requiring a cookie?) are a joke as all your info still goes through the profiler, which, apparently never gets to Phorm, but seeing as how the code on the ISPs server belongs to Phorm, I’m unsure how exactly the ISP’s know, with such confidence, what information is (or will be when the code is updated) passed through.

    Labour MP Patricia Hewitt is on the BT Board which might explain somewhat why more fuss is not being made about this issue, and of course, Stratis Scleparis, the BT Retail CTO moved over to become Phorm CTO might explain why BT are desperately pushing this through.

    Thanks for reading - Tony F Paulazzo.

    If you're still reading, any thoughts of what I've missed, what else needs to be said, etc, Cheers.

  41. Stuart Catt

    Valued Added Services

    Emma Sanderson - Director of Valued added services.

    I don't know about IT but in finance value added services is a nice way of saying screwing more money out of our client

  42. Anonymous Coward
    Anonymous Coward

    No personally identifiable information was (...) disclosed

    Um, but it was, BT apparently allowed Phorm to install their own equipment in the middle of the network, thus BT disclosed everything transferred through the network to Phorm. Whether personally identifiable or not.

  43. Eponymous Cowherd
    Unhappy

    Re:Telephone ads

    ***"When will BT start inserting ads into private 'phone conversations to "improve your conversational experience?" "***

    Right after they start listening in to your private conversation in order that the inserted adverts are more appropriate. Of course the 'listening in' will be done by sophisticated speech recognition systems. All that will happen is that key phrases and words will be recognised in order to build up a profile of your likes and dislikes. No actual conversations will be recorded and your anonymity will be preserved.

    I'm *sure* everyone would be perfectly happy with BT doing that? Yes?

    No?

    Really?

    But that is exactly what they are doing to your private *web* conversations.

  44. Tony W

    Action or words?

    More hot air. Are you going to email the BBC complaining about their bad reporting? That might just possibly have some effect. Whinging here will have none.

    Anyway if you expect any of the national media to understand anything technical you will always be disappointed.

  45. Anonymous Coward
    Thumb Down

    What about the BBC's role in this...?

    Just seen something purporting to be a news item on the BBC website by one Julia Caesar. More BBC whitewash.

    "The technology works by monitoring your search engine activity?" DId I mishear that? What complete garbage. As is known already, the technology works by monitoring *all* your activity, not just your search engine searches.

    The "report" fails to mention the other company involved in this illegal wiretapping incident, Phorm. Why is this? Does the BBC have some hidden interest in or alliance with Phorm?

    Their so called "journalists" are to that profession as I am to an international standard batsman.

  46. Anonymous Coward
    Anonymous Coward

    @Stephen Gray

    £28? where are you buying your domains from?

    There's no reason to be paying more than £4 for a .com and you can get .uks at close to cost, which is £5...

  47. Anonymous John

    Friends tell us BT will get a grilling on Channel 4 News today.

    It did. And C4 interviewed one poor sod who queried the matter with BT and was toldl it must be a virus. As he couldn't remove it, he bought a new computer.

  48. Anonymous Coward
    Stop

    Time for the wookie defence?

    How long before we hear this in the British courts?

    Chewbacca is a Wookiee from the planet Kashyyyk. But Chewbacca lives on the planet Endor. Now think about it; that does not make sense!

    Why would a Wookiee, an eight-foot tall Wookiee, want to live on Endor, with a bunch of two-foot tall Ewoks? That does not make sense! But more important, you have to ask yourself: What does this have to do with this case? Nothing. Ladies and gentlemen, it has nothing to do with this case! It does not make sense!

    Look at me. I'm a lawyer defending a major communications company, and I'm talkin' about Chewbacca! Does that make sense? Ladies and gentlemen, I am not making any sense! None of this makes sense! And so you have to remember, when you're in that jury room deliberatin' and conjugatin' the legality of BT snooping on it's punters, does it make sense? No! Ladies and gentlemen of this supposed jury, it does not make sense! If Chewbacca lives on Endor, you must acquit! The defense rests

  49. David Bell
    IT Angle

    Good news for Pirates tho.

    BT said that while they recorded IP addresses, those can not be turned into a way of identifying an individual.

    So, as an ISP, who has full access to the DHCP lease logs and Customer Billing information, and (hopefully) the means to tie these together, they are claiming its impossible to say that IP address 1.2.3.4 was definately Joe Bloggs (as it could have been his wife, Jane Bloggs, or his son, Jimmy Bloggs) are they not also saying its impossible to say who is using the connection to download MP3's/DivX's ?

    Also does it not through all the Police IT enquiries into Grooming and Child Pornography Rings out of the window too?

  50. Schultz
    Flame

    How thick can you get

    So, the friendly friends at the Reg. think "that BT's statement does not answer our questions ". But if I read the BT statements, they answereed all your questions loud and clear with a resounding:

    BUGGER OFF, STOP PESTERING US!

    So, there you have it, glad to be of service, and if you need any further translation don't hesitate to ask.

  51. b
    Go

    I presume people aren't just complaining on here...

    I presume that everyone here wondering why there haven't been any arrests yet has written to their MP already..

    www.theyworkforyou.com

  52. Jonathan

    BT....

    Its amazing what people how desperate these people are for money.

    I mean, the government advisory board on privacy says its illegal in its current form. Nearly every single customer has said they hate it. Many customers have already left BT. Phorm's stock price has plummeted in the last month. And STILL, some muppet at BT insists its the way to make money, and that its not illegal. What part of unlawlful interception without consent dont you understand?

    First off, can someone please give me the email addresses and/or postal addresses of several BT execs. I want to tell them what I think of them.

    Second, why has no one started legal proceedings against them?

  53. Darren Winter
    Paris Hilton

    The BBC link has been changed!

    Either the link is wrong or the Beeb have changed it, because now it only points to a glossing-over piece by Julia Caesar with no interview, or indeed anything of substance. Obviously it must have worked at some point because people above have commented on the interview - but there's no sign of it now.

    Paris, because even she might ask more difficult questions than the BBC

  54. Anonymous Coward
    Unhappy

    These trials caused real people real damage

    Leaving aside all the Phorm stuff and focusing on the trials just for a minute, a lot of people, not all of them even BT customers, were inconvenienced by these trials. Suspicious entries were left in forums, and where there was other evidence of browsing being intercepted. When the owners of these websites queried BT, BT categorically denied that it was anything to do with them. Much time and money was spent trying to track down the source of the interceptions, and in some cases rebuilding servers, simply because BT were deliberately not telling their customers or anyone else that they were being spied on.

    As anyone who has been following these threads knows, to say that BT did not know at the time who was subject to the trials is simply a lie, and hopefully will be exposed as such on channel 4 news tonight. At any time anyone conducting the trial had full access to all the browsing details, the customers IP address, and of course all the account details that BT maintains on their customers. Of course the records of who was involved may have since decamped to Phorm along with their CTO...

  55. Wayland Sothcott Bronze badge
    Pirate

    Phorm Phizzy Drinks Company

    We at the Phorm Phizzy Drinks Co have conducted a small scale trial where some of our bottles contain a substance with calming health benefits that's completely harmeless. Durning the trial no one knew this was happening and there is no way to know who drank the special bottles.

    Those lucky few who did drink the health improved bottle would have noticed that they were less stressed and more relaxed.

    We are now in talks with the major water companys and health authorities to sell this as a benificial water treatment additive. We also have the backing of the police who feel that on a large enough scale the calming affect could reduce road rage and murder.

    Child wellfair groups are demanding that this should happen quickly because if it saves one childs life it will be worth it.

  56. Anonymous Coward
    Anonymous Coward

    Question Time

    People get onto the question time panel and ask them to put a question about Phorm to the Panel

    http://news.bbc.co.uk/1/hi/programmes/question_time/your_say/default.stm

  57. This post has been deleted by its author

  58. Kevin Johnston

    hmmm 18,000?

    If, as they claim, they cannot identify the people 'volunteered' into this trial then how did they come up with the number 18,000? Does this actually mean 18,000 temporary IDs when people logged in? Has the number actually been plucked out of the air?

    Also, why did it not like a pure number as the title of this comment?

  59. Darren Winter
    Jobs Horns

    You can find out whether you were part of the trials

    From http://denyphorm.blogspot.com/

    Do you want to know if you were part of the illegal BT trials last summer? If so you can send a Subject Access Request to BT's Data Controller under the Data Protection Act (DPA). You will need to send a £10 cheque or postal order but they are required by law to respond to the request within 40 days.

    You can read the Information Commissioner's Office Guidelines on your rights regarding SAR under the DPA by downloading the following PDF directly from their website:

    Make sure you send Subject Access Requests as "Registered Post" should you need to issue a complaint against BT for failing to adhere to the SAR within the 40 days.

    Phorm PR People revealing their true selves...

  60. Gavin McMenemy
    Stop

    re: Beeb

    If you are unhappy then bloody well complain. Posting up semi-anonymous comments here is not going to change the way the Beeb does anything. If you don't get involved then you are tacitly approving so get with it.

    As for BT & Phorm. I would suggest you vote with your feet Withdrawing revenue from BT is a sure way to get their attention.

  61. Mr Jolly
    Stop

    So they sought legal advice?

    Whose advice did they seek and when?

    The trials that have been admitted to so far were in 2006 and 2007.

    The advice from Simon Watkins in the home office was dated January 2008, and says that it would only be legal if both parties consented to having their communications intercepted.

    The 80/20 Thinking interim privacy impact report is dated 10 Feb 2008.

  62. This post has been deleted by its author

  63. Darren Winter

    Can phirephox phool phorm's phuture?

    Just read this comment on a blog:

    "A new tool to fight Phorm: http://www.dephormation.org.uk/

    This Firefox plug-in cannot stop Phorm from monitoring every web site you visit, reading your web mail (unless you use gmail via secure http) etc but it can at least mess up the tracking system. It’s a start.

    What is really needed is a program to randomly surf the net while your PC is idle, filling Phorm’s logs up with rubbish. If enough people did it, their data would become worthless and their ad click rate would drop. Hitting them in the wallet is the only language these asshats seem to understand :("

    Would this last work - is it possible to write a program that finds random content to mess up Phorm's data? I imagine it would have to function around a keyword, rather than be totally random - we don't want to be accidentally looking at sites covering kiddie porn, terrorist activity or Chelsea Football Club - so perhaps if you type in a phrase like "chocolate fireguard" or "cheese clogs" into your hypothetical Firefox add-on it would merrily go away and visit said sites whilst you do nothing.

    I'm not a tecchie, just someone interested in the issues, so can anyone say whether this would work?

  64. Luther Blissett

    Watch the hand

    I predicted when this story broke that the authorities would be in no hurry to protect its citizens. I am not surprised to find the borged Sanderson confusing black and white. As such she is indistinguishable from several tendentiously borged ministers the BBC put up on R4 1300 news for our edification. (It seems the female of the species is more easily borged, but that may be just my perception). We will not now be hearing a great deal from Phorm itself from now on I predict, despite their evident incitement to BT et al to commit criminal offences.

    Watch the hand. As the hyperreal demonstrates, lies are real if and only if truth is real. The phorm aphair will show what honest politicians, institutions, businesses are left in the UK. I suggest we do better at recognising them than they have in USA so far.

    In the meantime I have to devise a little symbolic ritual ceremony of leaving BT to enact at frequent intervals - you can only do the real thing once, and I did mine some time ago.

  65. 3x2

    Again

    just two questions for BT ..

    Did you intercept communications between the dates specified?

    Exactly which "safe harbour" RIPA provision do you believe covers your actions?

    That you did or didn't do XYZ with the results of an interception is completely irrelevant under RIPA.

  66. T.J.
    Black Helicopters

    Write to your ISP

    Anyone reading this and being concerned, regardless of their ISP, should write a good old-fashioned physical letter to the Managing Director of their ISP. In my case, as I'm with PlusNet who haven't yet decided to be Evil (but who haven't, as far as I can tell, clearly stated their intention of remaining in the Light), the letter reads, in effect, "The day I receive reliable, verifiable information that PlusNet has gotten involved with Phorm or a similar service or interception mechanism would be my last day as a PlusNet customer. Please reply stating your unequivocal intention not to go down that route and referring me to your public, published commitment on that score."

    These are for-profit enterprises. They think they see profit in this. Make it clear to them that they're wrong, and that's an end to it. If every ISP in the UK did it, well, then we'd have a different problem and we'd have to band together to form our own. I just don't think that's going tohappen.

  67. T.J.
    Alert

    Why the heck are there only 9,500 sigs on the petition?

    Why in heaven's name have only 9,500 people signed the No 10 petition?

    http://petitions.pm.gov.uk/ispphorm

    Go, read (cringing at the apostrophe abuse), and sign. The members of the government are your employees; give them direction. If you don't steer the ship, who will?

  68. Anonymous Coward
    Heart

    @ Gavin McMenemy

    Already have. Have you? My MP and various others, my MEP and the ICO, as well as my ISP's Data Protection Officer and Chief Executive have all heard from me. I am actively involved. Are you?

    I'm not a BT customer (thankfully) but I am a VM customer and doing everything I can to enlighten and educate people about what Phorm is, what it stands for and what it means for us.

    Heart - because you need heart, guts and balls (metaphorically if you're female) to stand up against this invasion of privacy.

  69. Anonymous Coward
    Anonymous Coward

    BT Leased Line customers can demand a written statement

    If you are leased line customer you should write to BT and demand a written assurance from their legal department that Phorm has not and will not be implemented on your connection. I have just ordered an upgraded leased line from BT which is yet to installed - threatening to take that order away seemed to be incentive enough for them to agree to provide me with such an assurance.

    At home I use Virgin - not for much longer :-(

  70. Waldo

    Improved browsing experience? .............my arse!

    "this is a service that is looking to provide them with an improved browsing experience"

    And just how does monitoring peoples habits and creatively dumping advertising on them improve our browsing experience?.....

    Pfffshhh, Marketing Claptrap, period!

  71. William Morton
    IT Angle

    Why the BBC is not allowing Watchdog to investigate?

    This is a very clear abuse of BT customers and yet the BBC unwilling to do any real reporting only free advertising for PHORM

    Could this be related to the BBC wanting to get the ISP's to accept I-Player, you scratch my back and I'll scratch yours sort of deal?

    Come on BBC do the job we are all paying you for, disseminate the real state of affairs to the technically ignorant. the rest of us already know all about PHORM and BT,

    Joe Public rely upon the likes of the BBC to advise them of the dangers, you are failling in your duty

    I presume the BBC have access to someone with a clue about technology, so far their "experts" have just mouthed PHORMS lies and have not investigated the truth for themselves.

    Because it sums up the BBC "expert" reporting so far

  72. alistair millington
    Thumb Up

    alleyluyah... erm, alleyluyah... (anyone help on the spelling)

    Result, Mainstram news finally gets in on the act and kicks it, if it was a little newsround like.

    Still its there to be heard now, BT have to fess up and now have to explain why they would proceed to role it out after fessing up. So Phorm and data pimping have a nice prickly road to go running along.

    I like this. :)

    Someone pass the handcuffs. Not a good day for BT, that and bandwidth arguments with the BBC.

  73. Alex
    Thumb Down

    a rose by any other name

    Christian names are randomly selected from a potentially infinite number of possibility (if multilingual options are considered).

    People are judged upon their actions.

    Thanks for the offer of a randomly made up name phorm, good to know that my new name will be linked to a profile of all my online activitys.

    DO NOT WANT.

    oh and Ms Emma Sanderson, will we be seeing you in court then? an apology would be the most decent solution, but my patience is wearing very thin.

  74. Conrad Longmore
    Joke

    Re: Telephone ads

    R Callan asked: When will BT start inserting ads into private 'phone conversations to "improve your conversational experience?"

    This has already been spoofed at http://www.telephore.com/ and http://www.mobilegazette.com/telephore-08x04x01.htm

    You might like to draw your own conclusions of the differences between the two..

  75. Law

    RE: I presume people aren't just complaining on here...

    Yup - already written to mine, but he's a waste of space - it's been well over 3 weeks now and I haven't heard anything from him.... not even comfirmation. grrrr... maybe he works for bt! They seem to be everywhere at the minute.

  76. phormwatch

    Programs to scramble Phorm

    >What is really needed is a program to randomly surf the net while your PC is idle, filling Phorm’s logs up with rubbish. If enough people did it, their data would become worthless and their ad click rate would drop. Hitting them in the wallet is the only language these asshats seem to understand :("

    Hi. I have written just such a program in Python and Java which will make HTTP GET requests to random websites. You don't have to have your browser open for it to work. It uses the following website: http://www.uroulette.com/visit

    If anyone would like to host these programs, I will link to them from phormwatch. Email me at phormwatch at fastmail dot net.

  77. Anonymous Coward
    Anonymous Coward

    Email address of Ben Verwaayen - head of BT

    BT CEO's email address, Ben Verwaayen:

    ben.verwaayen@bt.com

    If you're lucky, you'll get a response from his secretary.

  78. Anonymous Coward
    Anonymous Coward

    The bottom line

    What they have done is illegal under RIPA. We only know about what they have done because it's been dragged into the open. Now they're in arse covering mode, but however they try and sweeten it, it remain illegal and ultimately somebody must cop for it.

    Please keep up the pressure El Reg - in cases like this, these large corporate sock puppets have a habit of repeating their mantra enough that it starts to stick and become accepted. We must not let that happen here, and we must get a clear, hard statement of fact, with full accountability, on what has been going on.

  79. Anonymous Coward
    Thumb Up

    @ Darren Winter

    ***"What is really needed is a program to randomly surf the net while your PC is idle, filling Phorm’s logs up with rubbish."***

    Like it!

    Even better would be a centralised effort so that everyone's "Phorm buster" searches for the same, probably ridiculous (bog snorkelling, shark wrestling, etc) subjects, with the subject changing every few hours.

  80. Matt
    Stop

    Medialens

    Here's a good pressure site that pulls the UK media up on their bad reporting. They tend to concentrate on political issues and the complicity of the media in the Iraq war debacle, but this may be up their street too.

    http://www.medialens.org/

  81. Conrad Longmore
    Stop

    Don't forget web site owners

    Don't forget the role that web site owners can play here - if you can identify the servers that the Phorm harvester is connecting from then you can either IP ban it or use cloaking to send it back garbage.

    Site owners could then perhaps have a "Phorm Phree" logo they can put on their site if they don't allow the Phorm scraper near it.

  82. Simplepieman
    Happy

    @loadsofyou

    Please don't be so hard on the BBC. The message I saw coming out of that was that BT were being accused of doing something illegal in order to send you advertising.

    No mention of "targeted" advertising and no mention of less advertising.

    And you know the public hate advertising.

    So the message the layman would have got is that BT were being accused of doing something they don't understand but is claimed is illegal - to send more advertising!

    Priceless! Even if you didn't care or didn't believe the spy claim, you may start to think Sheeet I don't want more advertising, be it pop-up, junk email whatever.

  83. Steven Freeman
    Go

    @Email address of Ben Verwaayen - head of BT

    Hi all,

    I have attached the email I sent to Ben Verwaayen (thanks to anonymous bloke above). I suggest we flood this email address with something similar to what I have written to let them know that we are not going to put up with this spying/hacking game that they were running.

    ---------------------------------------------------------------------------------

    Hi,

    With regards to BT using PHORM

    I would like to bring your attentions to the following website:

    http://www.theregister.co.uk/2008/04/03/bt_phorm_interview/comments/

    I will also be sending this email to Virgin media expressing my disgust with the entire scenario.

    And I am also sure that you will be receiving many more emails like this one.

    You may not understand the technical side of what PHORM is doing, but that is simply not good enough as I'm sure you have Information Technology experts within your company. My [our] main problems are the apparent breach of privacy, the lack of solid details on what BT and Phorm did in this trial and the possible implications of Javascript injections that the PHORM application is able to do. If you have time to read the comments you will notice my message with regards to possible data leakage that would be possible using the PHORM app.

    The javascript injections are readily available with a simple search on Google using the PHORM javscript variables as a search reference. Due to the way most blogs and boards work, javascript will not run on these sites from inside a users post, and so the post is appended with a cleat text version of the javascript code.

    Sincerely,

    Steven Freeman

    ---------------------------------------------------------------------------------

  84. Graham Dresch

    Scrambling Phorm

    How about trackmenot?

    https://addons.mozilla.org/en-US/firefox/addon/3173

    Protects users against search data profiling by issuing randomized queries to popular search-engines

    Can we replace Steve Devil with Ben Verwayen Devil ?

  85. Anonymous Coward
    Anonymous Coward

    And Virgin.........

    I wonder if Virgin are up to anything at the moment, my browser has been incredibly sluggish for the last couple of weeks, but downloads from the usenet, using an SSL connection are still running at max speed (for various values of max speed).

  86. Anonymous Coward
    Anonymous Coward

    improving your web experience & buggering theirs.

    @darren winter // You can find out whether you were part of the trials

    Thanks for pointing this out. Will do when they get their subject access request template sorted (this friday they say). I can add this to my own BT/ISPA/OTELO complaints. Will write to MP.

    @darren winter // Can phirephox phool phorm's phuture?

    I use TrackMeNot extension. It sits at the bottom of FF sending off random requests (*not* involving stupid, easily filterable things like bog snorkelling). It's queries mutate over time.

    If you want to go further, get proxomitron + a large list of block sites (I can provide it) and it kills loads of ads. Everything loads faster too. I'm trying to get the more grown-up privoxy working but it's not so well documented and I'm busy.

    @Gavin McMenemy: agreed totally. Whingeing alone does nothing except fill up this forum. If you haven't done anything, people, do something please!

  87. Anonymous Coward
    Anonymous Coward

    Forum people

    Can the people who used the forum and got js embedded not do something. After all we know for a fact that they are involved.

    Because they can identify themselves as involved in this trial, they should be able totake action against bt if this is illegal.

  88. Andrew

    just a thought.

    Perhaps the reason the authorities are not doing anything about this is that they want this technology in place at every ISP, just think what could happen with a small change to the system it could track everyone and what they are doing. Need to find all those sharing mp3`s so their internet connections can be stoped, need to find terrorists or those downloading kiddie porn, or anything else they decide to spy on. It could all be very very easy and best of all it wouldn`t be at the expense of the taxpayer (well not financially at least !) the technology would be in place they would just need to force the ISP`s & Phorm to make the changes and pass the details on. Just think how much we are all spied on allready, why would they want the online world to be any different ?

    So please nobody invent the technology that reads your thoughts, then again perhaps i should get phorm to send the ad for my new online shop www.tinfoilhats.co.uk to people.

  89. Anonymous Coward
    Joke

    Ben Verwaayen A word to the (Web)wise

    Why not send Ben Verwaayen some advertising as well, I'm sure he will find it enhances his web experience? We can start with some nicely targeted Duraglit, to help wipe the tarnish off his new gong...any more suggestions?

  90. Sam
    Happy

    @ alistair millington

    It's "Hallelujah".

    Yoors sinzerely, the spooling poliz.

  91. This post has been deleted by a moderator

  92. Jonathan

    @Ben Verwaayen

    I want to send him an email but I want to ask if I can get in trouble for calling BT bloated, corrupt, inefficient and illegal. Would that count as defamation or whatever, if its in private communication?

    I also want to express a negative opinion of Mr Verwaayen for allowing such a thing to occur - would that be illegal?

    I will not be using any profanities at all.

  93. Anonymous Coward
    Stop

    So... They only monitor search engine usage to provide ads

    What would Google think to someone selling ads that come back when you search for something on Google (and presumably undercutting Google)? I'm fairly sure that it would result in a major stop and desist lawsuit fairly quickly but thats exactly what they said they were doing this morning.

  94. Ros
    Stop

    @Andy ORourke, Darren Winter

    @Andy

    Your comment summed up exactly how I felt when I heard that crap about cookies. How many people will think they can just block cookies and stop using search engines, and then none of this will apply to them?

    It was just pathetic, lousy journalism.

    http://www.bbc.co.uk/complaints/make_complaint_step1.shtml

    @Darren Winter

    I'm not too keen on the idea of scripts to surf randomly. I get enough useless traffic from bots. If everyone took up this sort of thing for privacy reasons it would suck up a ton of bandwidth. And ultimately who would pay? Webmasters would suffer more excess bandwidth bills, and BT/VM customers would have to endure higher charges and slower speeds. It's not the answer. The only appropriate responses are to move to a better ISP, and make some noise about why.

  95. Shagrat
    Stop

    Question Time

    well i've submitted a question for tonights Question Time.

    British Telecom have now admitted to running secret trials on 18,000 of their broadband users to capture and analyze their internet browsing habits.

    Given that this is a clear breach of the law and is tantamount to wiretapping why has their been no legal/criminal action taken against British Telecom or 121Media (now Phorm)

    I'm sure it will be ignored and they will be asked about the health of gordon Browns dog instead, ho hum

  96. Anonymous Coward
    Anonymous Coward

    @ Andrew (a thought)

    You know I could understand an argument that snooping on my browsing for any of those purposes was a good thing. I would NOT like it, but I could understand it. But simply to change the adverts I see - not likely (In any case I use Safariblock so don't see many ads). To date the ISPs have always claimed that it would be impossible for them to monitor what their customers do, and therefore they could not be liable for anything illegal they get up to. Looks like this has now changed. Oops!

  97. Anonymous Coward
    Stop

    How could the trials be anonymous (for Dummies)

    At one end of a wire is my computer. Joined to it at the other end in BT's building is a box on which they are processing my data. How can that be anonymous? They installed the wire and every month they charge me for having it.

    Of course, as has been said many times, it doesn't matter in law whether or not they know or care who is at either end of the wire it is still an unlawful interception.

  98. system

    Completely anonymous?

    I wonder how BT can square their "completely anonymous" line with the fact that more than a few of those targetted by the trials were identifiable by the mess of javascript left on various forums and message boards.

    Those affected by the trials are identifiable by the whole world.

    Delise from http://www.microsoftdynamicsforums.com/forums/forum_posts.asp?TID=925

    PokerJR123 from https://www.bluffmagazine.com/forum/forum_posts.asp?TID=4108&PN=1&get=last

    dayglo jim from http://www.bikegirl.co.uk/forum/forum_posts.asp?TID=2418&PN=1

    That the javascript was even making it on to message boards in the first place speaks volumes about phorms security.

  99. Anonymous Coward
    Unhappy

    @What about the BBC's role in this

    Same as one reporter saying 'You can see the smoke coming out of the French Nuclear Power Station'

    oh s**t, I hope not!!

    It was steam, from the cooling towers

    and they pay these people a salary?

  100. Anonymous Coward
    Anonymous Coward

    @Jonathan

    It's not libel if you can show it's true. Shouldn't be too hard! Also it is not libel if it is Fair Comment. A good laymans guide here http://www.bbc.co.uk/dna/actionnetwork/A1183394

  101. TeeCee Gold badge
    Happy

    @Jonathan

    Just put "Without Prejudice" prominently at the top of your communication.

    Then you can call him an incompentant thieving greaseball overseeing a bunch of clueless twats in cahoots with a bunch of ad-peddling, scumware pushing rats without fear.

  102. Anonymous Coward
    Thumb Up

    @ Channel 4 Story

    Wow a great interview on channel 4 and an example to the BBC of how they should be doing their job.

  103. Anonymous Coward
    Thumb Up

    ££ $$ Compensation in the air?

    Based on the excellent Channel 4 interview linked above, if I ran a BBS and had evidence of javascript injections I'd be chasing compo right now too - sounds like they are trying to buy their way out of this one now.

  104. Anonymous Coward
    Anonymous Coward

    @Ben Verwaayen

    Put yourself in his position. See it as he will:

    "bloated" - [he's thinking, if he reads it at all] means what? What evidence is there of this? What do you expect me to do about it:

    "corrupt" - this is your opinion, if this word has any precise meaning anyway. What evidence do you have of this - what does it mean?

    "inefficient" - [he's thinking, assuming he cares] show me the sodding evidence

    "illegal" - that's yet to be formally determined. Never sling around heavy accusations without seriously solid backup. You might (though IANAL) say that some parties deem such a practice very likely illegal, then name those parties.

    If you ran a business, would you want to receive three pages, or three short paragraphs summing things up crisply? Get to the point, stick to the point, back up your point with evidence/useful observations/comments, then sign it and post it. Keep it short and sharp.

    Finally, what's the boss going to do? A business takes the line of least resistance so your letter will be filed in the bin under 'worthless punter' most of the time (and with BT it will I'm sure). He'd be glad of it - someone blows off steam with a long ranty letter, they think they've' done something so theyfeel better without doing anything to hurt the business, problem solved!

    Unless you tell him or do something that directly affects his *bottom line*, it'll get ignored. So stuff the letter and complain to BT, then escalate it to ispa, otelo, your mp, whatever, and tell him he's losing/lost your business.

    That'll matter to him.

    And if you do write, at all times keep your cool and be scrupulously polite because 1) otherwise they can turn that against you and 2) you often will be dealing with people who are trying their best but have no control over the problem, and it's not fair on them to receive your abuse. Avoid even sarcasm if you can.

  105. Anonymous Coward
    Coat

    @all those planning to send emails to Ben

    You might want to try sending it to the BT Retail CEO (ian.livingston@bt.com) as well. Although from what I know of the internal workings, you'll be lucky to get past his PA.

    Coat icon because I have an interview for a new position tomorrow and if I get it, i'll be able to stop working for these phuckers (BT that is). Might even mention my disgust at what they are doing with Phorm in my resignation letter, although I have more than enough reasons to quit without that.

    Anonymous for obvious reasons (after all, I might not get the job =] )

  106. Martin Gunther
    Thumb Up

    C4 Interview

    The C4 interview was indeed fairly detailed, and they did give Emma a bit more of a grilling. It was the end I was wanting to comment on here. They are after 1,000 volunteers for this in the next month... Good luck on that one, but Im sure some marketing guru will fluff up the volunteer request e-mail on that one...

  107. Ian Critchley
    Happy

    Channel 4 Story

    It would a be wrong to compare a serious news programme with the BBC Breakfast programme which provides early morning easy listening news.The presenters today were let down by the producers in that they appeared to be poorly briefed and were not helped by having to rely on two "experts" who clearly did not know what they were talking about.

  108. Anonymous Coward
    Anonymous Coward

    Well call me thick but....

    exactly how is Phorm going to target adverts ? I mean, if I goto theregister.co.uk and then surf over to say www.download.com how does Phorm track that I was on theregister and am now on download.com and then decide that I want adverts about bandages (feeding the hand that bites....) ?

    If they intercept my DNS then they have to record my IP address. What if I goto an 'adult themed' site and my 5 year old (through the same router) is off visiting a kids site on their PC in their bedroom. Will they be asking me later what a "Russian wife" is and be demanding some of those 'blue smarties' ?

    If someone could answer without the rheotic about it being bad (thats a given isn't it) that would be fine and dandy.

  109. Anonymous Coward
    Flame

    If the trial was legal then....

    .... why are they changing the T&Cs when the fully deploy the system? Surely there's no need since it's already legal under the current T&Cs... hmmmm.. how odd.

    I hope everyone here has e-mailed their MP, use this site:

    http://www.theyworkforyou.com/

    I've e-mailed my MP three times now, I haven't had a reply or acknlowledgement for the third e-mail. Maybe he's getting a bit fed up with me ;-)

    If Phorm (or anything like it) is allowed to go ahead on any ISP (even with ammended T&Cs) it will be a huge failure of so-called British Values and a very sad day indeed. There must be around at least 10,000 people who are actively campaigning against Phorm - hopefully it will be enough. Don't give up!

  110. Mike Richards

    Just filed a DPA request...

    ...asking BT to disclose all information they have regarding my involvement (or otherwise) in the Phorm trials.

    The following paragraph mentions I won't be satisfied if they say they don't have that information, in which case I will make a formal complaint to the DP Registrar.

    The one after that tells them that if they confirm I was in the trial I will consider all legal options under RIPA 2000.

    So anyone else DPAing BT's ass?

  111. Bill Gould
    Stop

    It can't be truly anonymous

    The very fact that it (Phormware) attempts to apply targeted adverts to you - a specific user - means that it MUST have some way of telling you apart from the rest of the people. It knows what kind of sites you visit, because it assists in targeting ads about that subject matter directly to you.

    Presume I'm Phorm... before beating me over the head with a heavy and pointy object, realize that I "allegedly" know nothing about you. Just a cookie of some-such. This cookie allows me to check your browsing history - well, the cookies history, I don't know you - and send adverts your way based on that history. So somewhere, there's a table that references that cookie and relates it to a browsing history, etc. So... Phorm can very much identify you, but only as a cookie. However, that's still an identifiable item that is specific to ONE computer, and can be checked for online. A cookie is a marker. One that relates to tracking your online activity is a dangerous invasion of privacy.

  112. Anonymous Coward
    Anonymous Coward

    DPA

    ~Will be DPAing BT tonight.

    I am going to try hitting Phorm with a DPA notice as well and see what happens

  113. Phormisgreat
    Pirate

    An open letter to the bloke in charge at BT

    If I was not so lazy, I'd send this to the bloke in charge over at BT....

    Dear Mr Verwaayen,

    I'd like to propose this a new service just for you which we will offer you free of charge, and which you don't actually have to agree with, because we will just opt you in!

    It works like this. All the postal letters that come from you, the Mr Verwaayen's household, will be intercepted and the contents recorded in a profile. Then, we will give you a special badge that you wear all the time, but you won't even know you have it! The badge does not identify you personally, but all the profile information we build up on you will be linked to it.

    Then, every time you go near your letterbox, a special postman will detect your badge and associate it with everything we know about you and will instantly deliver lots of useful junk post, targeted at just your interests! I'm sure this will enhance your experience of the postal system and your letter box.

    Also, there is no need to worry, you can trust us, because all the information we gather won't be kept or used by us at all! The only people who will see it are our business partners, who since they re-branded themselves after an unfortunate incident involving spying on people and stealing their information, are now really, really nice people.

    And as a special extra, when we detect post to be delivered to the Verwaayen household that looks like it might be from bad people, we'll automatically warn you that it might not be good. I'm sure you agree that this will improve the safety of your postal delivery experience.

    And as another special extra, even if you lose your badge, or decide to clear out your you badge drawer, we'll issue you with a new one anyway, and even if you don't want the special badge, we'll still open all your post and record the contents, just in case you ever do!

    Best Regards

  114. Anonymous Coward
    Coat

    @Ian Critchley

    You are right it would be wrong to compare BBC Breakfast with a serious news programme...

  115. phormwatch
    Go

    Java and Python programs to scramble Phorm interception

    Here is the program I mentioned earlier which will make requests to random web pages at a random time interval (within a specified range).

    Python program:

    http://phormwatch.pastebin.com/f143224db

    Java program:

    http://phormwatch.pastebin.com/f1ba5bd43

    Feel free to use it, alter it, redistribute it, improve on it, or print it out and use it as toilet paper.

  116. Andy ORourke
    Joke

    @AC With the Job Interview

    You could always apply for this job at Phorm, bring them down from the inside :-)

    http://www.jobserve.com/E4ECDD80ACF7BD0A7.job

  117. Anonymous Coward
    Happy

    @AC if you insist - you are thick! but...

    ... all your points have been covered many times in Reg Passim but I guess new people are coming on all the time. If you believe Phorm the only changes you will see is that advertising on webpages that is already there will display updated ads based on keywords it has found on web pages you have been to recently. How this is set up is described at www.oix.com . They specifically exclude 'porn' and 'hate' words. FWIW I believe them as a starting point. However, there is nothing to stop them including additional advertising, popups, pop-unders, buzzing mosquito's, noisy smileys, etc etc at a later date or ads or even email offers for 'special' products fnar fnar. (The injected javascript from the original BT trial suggests they might have been looking at this). How long would it be before the ISPs decided that the time was right to 'further enhance your browsing experience' with these goodies? Not long IMHO.

  118. Anonymous Coward
    Anonymous Coward

    well

    from what I've seen just blaiming BT is a bit silly.

    It seems to me that the media, BT and elements of the Government are right behind the Phorm model.Why? Well because

    BT = Makes them more money claiming back on the expense of basically giving away a very expensive service (bandwidth is very expensive really)

    Media = Because revenue from traditional advertising is going down down down down and being able to guarantee that target people will see x type of ads because of their online presence means cash cash cash

    Government = Because it gives them a nice profile on people and sets easy to follow precedents for future more indepth snooping on the populace.

  119. Anonymous Coward
    Stop

    @wellcallmethickbut

    Well call me thick but....

    By Anonymous Coward

    Posted Thursday 3rd April 2008 15:59 GMT

    Phorm doesn't care what sites you've been visiting as such. It takes the page you are looking at and does an anlaysis of the text within the page. It then stores a given number of 'keywords' against the last X websites you've visited and bob yer uncle they know what you are supposedly about. Of course there is the possibility they may get fooled by phrases like the one you mention - but it will balance out in time.

    Phorm have said they won't work with pron - whether they live up to this remains to be seen - but they really will be bending over forwards and backwards to avoid more bad PR. There may be other sites you wouldn't want popping up though ;)

  120. Ben Benson

    BT the poor communicator

    Web traffic via all ISP's is monitored, one reason for this is high level useage which makes surfing for others slow. There is no such thing as a free lunch, trends are noticed as in SPAM & DOS attacks these things have to be tracked. Servers have logs which can be looked at. Hush hush Government agencies have the ability to view and review any email which is sent the same applies in the USA.

    BT also blocks many sites already just the same as other ISP's you just don't connect to them. Does BT know whose traffic was intercepted in the tests? Doubtful why would it need to? If I ran the test for the organisation I work for I would not care one iota whose traffic was invovled in the test. I would want to know the destination www.xxx.com etc and if they were involved in the ad scheme, bit of a bummer if they are not, because the viability of ad prioritising becomes less so. What other criteria would be affected, bandwidth, speed, equipment required, security of ISP network, return on investment...

    That is exactly what we did in a similar scenario of monitor and capture ISP traffic. It happens more freqently than we all think.

    If you don't like what BT does complain to the chairman Sir Michael Rake like we have, if thousands complain he has to reply. He will soon get the message. So have you complained... Do it now!

  121. Anonymous Coward
    Boffin

    A Possible excuse under RIPA - but we know spin when we see it!

    If the trial was small enough and urgent enough it could be argued by BT that it was something necessary to provide an integral part of their service. For example testing a new spam filter before putting it fully into production would be allowable under RIPA, and seems to be the way BT are spinning it. Snooping on and experimenting with your customers traffic is of course, illegal under RIPA and probably under DPA.

    Whether secretly experimenting on 18000 customers for three weeks to perfect an advertising targeting mechanism constitutes a 'small essential trial' would have to be determined in court. It is not necessary for one of the 'victims' of the trial to request that the police investigate, this could be done by anyone suspecting a crime. Date, time and location should suffice.

    The fact that BT's forthcoming trial requiring 'only' 10000 'volunteers' will allow a partial opt-out is not consistent with their assertion that the 18000 customer 2006 was small or essential.

  122. Anonymous Coward
    Paris Hilton

    @ Phormisgreat

    I dont think Mr Verwaayen would be impressed but this guy might: http://news.bbc.co.uk/1/hi/business/3115098.stm - and play your cards right you could end up as his CTO!

    (subscribing to the Paris school as an icon of irony)

  123. Ivan Headache

    Radio 4

    I've sent this entire comment list and a request that PM looks at it (Eddie Meir is a journo I respect. (i.e. he can spot a BSer at a 1000 paces)

  124. Anonymous Coward
    Happy

    @Andy ORourke

    Brilliant! Although, I have enough trouble getting the taste out of my mouth every night when I finish work as it is.

    I've got an even better idea, though. Why doesn't *everyone* make up a CV that fits that job spec exactly. Then we can all go along to the interview and have a right good nosey around their offices, and if they complain about that we can tell them they "opted in" by inviting us for an interview, it's right there in the small print in 0.001 point type at the bottom of page 1 of the CV.

    phuckers!

  125. Robin Weston
    Happy

    Phorm improved my web browsing!!

    No, really, it did.

    It made me leave Virgin Media with it's crawly along speed evenings and go to O2 - a rock solid adsl 2+ connection that so far seems to deliver 12Mb downstream and 1Mb upstream at all times of night and day.

    Oh and customer support is now a freephone call to a UK call centre that doesn't follow scripts that never seem to cover my problem and I'm taken aat my word that I've rebooted equipment instead of being asked to do it again "just to be sure"

    Oh, and it's only £15pm (even less to o2 mobile users!)

    Finally, no I don't work for them, but I do value my privacy.

  126. Darren
    Flame

    sending these comments on

    Hey Reg,

    Any chance you can get the comments from all of the Phorm stories, compile them into one e-mail/letter, and send copies to Phorm, BT, Virgin and Talk Talk?

    I Can't speak for anybody else but if you want to add my full Name and Address to the comments then just say the word.

    It's time to start bombarding these companies, and the government, until something is done.

  127. Campbell

    'ere, hold on a minute

    Orignally by System

    "PokerJR123 from https://www.bluffmagazine.com/forum/forum_posts.asp?TID=4108&PN=1&get=last"

    I thought that they were NOT scanning encrypted (HTTPS) traffic?

  128. Anonymous Coward
    Anonymous Coward

    @Well call me thick but....

    This is not a system similar to cookie tracking. It is equivalent to every bit of data being passed through a black box at your ISP and every bit of data being analysed and scanned.

    If they wish they can use the results they see to target advertising. If they wish they can do virtually anything else!!!!!! (secretly of course)

    ITS NOT ABOUT COOKIES - It's a lot more sinister than that.

    Phorm and BT would like you to think that because you are already familiar with that terminology.

    The way this system works is not dissimilar to what the secret service could do if they applied via the courts to monitor your line. The difference is BT did not!

    Hence the illegality and the outrage. In my case the outrage is because BT has teamed up with a company known for writing root-kits and spyware Phorm. (They changed their name from 121 Media)

    Their handwritten parasites were still plaguing PC's (Due to their other software) during the same time they were cuddling up to BT and seemingly having a free hand during these 2006 tests on 18000 customers. BT seem to have no knowledge of what they were up to because it was so anonymous (NOT!!!!)

  129. Matt

    SHOCK NEWS!

    SHOCK NEWS!

    Reg Readers Unite On Issue! No dissent!

  130. Man Outraged
    Flame

    @Andy ORourke

    > You could always apply for this job at Phorm, bring them down from the inside :-)

    I amost did just that for the very reasons, then remembered that my real name had been plastered all over forums and the like with opinion on their data security measures and how Phorm could be hijacked if they weren't very careful.

    Interesting to know they use developers in Hampshire though...

  131. Anonymous Coward
    Pirate

    Does anyone notice a very disturbing trend developing here.....?

    The more outraged people seem to get, the more the ISP's are distancing themselves from contact with us peons who actually pay for their shitty, throttled, traffic-managed, scanned and analysed services.

    They've actually retreated to the point where they're hiding behind press releases and safe news interviews where the questions will have been gone over beforehand to secure the appearance. People e-mailing them are actually being ignored or palmed off with templates and pre-wrapped statements.

    I find it all very worrying that a company, regardless of how large or small, can do stuff like this and seemingly get away with it. No-one seems interested but I suspect that's more to do with assurances made in smoky rooms with fat blokes in suits.

    Skull and Crossbones - Because the customers are being Jolly Rogered!!!!

  132. Anonymous Coward
    Anonymous Coward

    @ Tony Paulazzo - letter to news channels

    I think the one aspect that has been missed out of your letter on all the [lack of] reporting is an explanation of what the techies are on about. Most people on this forum, after a few days, will have some understanding of the points you raise. I have talked to the people 'out there' and it means nothing to them.

    Basics is what is needed.

    A system is being sold as less advertising, targeted advertising, decreased phishing risk, improved privacy.

    What the system is ACTUALLY doing is hiding its real privacy invading identity behind the ISP as a 'service'.

    The system is hosted at (not under the control of) the ISP and is:

    intercepting traffic between computers and their ISP,

    hijacking the browser into revealing content on the hard drive which should not be available under all the security protocols under which cookies and their writing/reading is enabled,

    analysing the traffic send to/from your computer,

    making a second hijack of your browser to write to the hard drive a cookie file which contains data which identifies you personally as interested in an advertising channel (your profile),

    sharing your personal profile with a 3rd party who uses that information in their marketing to sell advertising space on 4th party websites.

    Even if you 'opt-out' of the system, the data stream from the ISP to your computer / hand held device [mobile, land and cable channels] will contain injected code to enable it to read files on your hard drive so that the logic knows whether or not to amend the file held on your hard drive.

    In exchange for hosting the software and hardware, the ISP will be sharing revenue from this venture with the 3rd party.

    Previously this same system of scripts hijacking users computers was rejected by the majority of computer users who have gone to great lengths buying anti-spyware, anti-malware, anti-adware, rootkit detectors, etc to ensure that their computers were free of any such hijacking script which was not under the control of the computer user.

    In an effort to protect their investment, the providers of the adware / spyware scripts have now approached the ISPs with regard to running the same system at the ISP level so that it is impossible for the computer user to escape the effects of the software. This is happening all around the world: America, Eurpoe, Asia, Africa and Australasia - no one is immune.

    One such provider of the software is Phorm Inc who has agreements with the 3 major ISPs in the UK to include the software within their systems and agreement with a number of publishers to act as 4th party publishers.

    [You can also mention that FrontPorch is making its systems available to the UK ISP suppliers also. And it may help to name some of the reporting media / newspapers who have contracted to host the adverts.]

    Only once you have explained the history of the software and its effects on computer users, then would I begin your discourse of the poor coverage by the media.

    We already know why the newspapers are not covering it - they have their advertising revenue to protect.

    And everyone I speak to has a far greater appreciation of why they run security software on the computer than why they suddenly need to worry about what their ISP may be downloading onto their computer without permission.

    I am thinking of sending something along the above lines to my MP so that she will have some information when she is fobbed off by whatever reply she gets from her questions to the government departments who should be looking over this.

  133. Anonymous Coward
    Thumb Up

    @ Campbell - Wooah! good spot!

    Just one more lie to add to the many that they have already been caught out by..

  134. Darren Winter
    Paris Hilton

    @ Trackmenot

    A word of caution to those using trackmenot - read this blog post first:

    http://www.schneier.com/blog/archives/2006/08/trackmenot_1.html

    Specifically:

    " ... every twelve seconds -- exactly -- the program picks a random pair of words and sends it to either AOL, Yahoo, MSN, or Google. My guess is that your searches contain more than two words, you don't send them out in precise twelve-second intervals, and you favor one search engine over the others.

    ... some of the program's searches are worse than yours. The dictionary includes:

    HIV, atomic, bomb, bible, bibles, bombing, bombs, boxes, choke, choked, chokes, choking, chain, crackers, empire, evil, erotics, erotices, fingers, knobs, kicking, harier, hamster, hairs, legal, letterbomb, letterbombs, mailbomb, mailbombing, mailbombs, rapes, raping, rape, raper, rapist, virgin, warez, warezes, whack, whacked, whacker, whacking, whackers, whacks, pistols"

    Apologies to the creators of trackmenot if this has been fixed - thought it best to mention it before we all install it.

    Yes, the comments above about it clogging up the web with extra traffic are founded, but without resorting to such lame clichés as "you can't make an omelette without breaking a few eggs" there's an element of truth in it. Imagine how much bandwidth would be freed if we could reduce the amount of adverts being delivered now? If the Phorm model worked, more people who don't currently host ads might be motivated to start doing so; or greedy companies/newspapers (Times, Telegraph, for shame!) might simply have more ads than before. Are we prepared to put up with some clogging now to perhaps free up some bandwidth for the future?

    As I said before I'm not a tecchie so if my interpretation of the facts is completely bogus, then I apologise now. We're all in this together, the anti-phorm army!

    Paris, because we've given her a hard time lately and she fell over the other day, cut her chin and her boyfriend just stepped straight over her...

  135. James Smith

    Weasels

    Ok, the facts as I understand it:

    BT have trialled Phorm on part of their network which has intercepted the telecommunications of some of its customers without their consent. This is illegal under RIPA and BT have commited an illegal act as a result.

    However, because the interception was done without determining the identities of the customers involved (and Phorm does not record this information anywhere) it is not possible for BT to determine who was a victim of this illegal act. It is therefore impossible to raise charges against BT because the victims cannot be identified. BT know this.

    I think that the only way that it is possible to charge BT would be if someone can prove that they were part of the trial, and therefore that their traffic was intercepted. Something which BT was hoping wouldn't happen because no-one was supposed to find out!

  136. Mike Richards

    Pro-forma to BT for anyone wanting to make a DPA request

    If any of you are BT customers, feel free to adapt this to your own purposes.

    I'm not a lawyer, I'm sure others could do better, but if you're wondering how to start a DPA request here's a start.

    It'll help if you have your BT account code. And don't forget you'll need to write a cheque for £10 to cover processing costs.

    I'm secretly hoping they say they can't tell me any of the information because then questions are raised how they recruited and kept track of those people in the trial and where that information has gone. All of which should interest the Information Commissioner greatly

    Data Protection Manager,

    Box 17,

    BT Centre,

    81 Newgate Street,

    London.

    EC1A 7AJ

    Dear Sir / Madam,

    I am a customer of BT Total Broadband and I am gravely concerned by the revelation that your company may have been illegally intercepting my communications. During 2006 and 2007, BT and a third party, Phorm, held secret trials of targeted advertising software involving many thousands of BT customers.

    Please send me the information which I am entitled to under section 7(1) of the Data Protection Act 1998, informing me:

    • if I have been unknowingly involved in any trials of Phorm software during 2006 and 2007

    • the dates of any trials to which I was subscribed without my permission;

    • what data was intercepted during those trials, and;

    • to whom this data was transmitted.

    Please would you also advise me of the logic involved in any automated decisions taken by you about me pursuant to section 7(1) (d) of the Data Protection Act 1998.

    If you are unable to provide the information requested above, I will refer this failure to the Office of the Information Commissioner, so that they may investigate further.

    As required under the Data Protection Act I have enclosed a cheque for £10 to cover any processing charges. This should enable you to complete this request within the stated period of 40 days.

    If you do not normally handle these requests for your organisation, please pass this letter to the Data Protection Officer for BT Total Broadband or another appropriate officer.

    Yours faithfully

    [YOUR NAME HERE]

  137. peter

    RE: 'ere, hold on a minute

    You can change the address to http and it serves up the same page, so SSL might not be involved.

  138. Ian
    Stop

    BT telling the truth...

    Seems we have BT all wrong. During Emma's interview on Channel 4, where she did get a grilling, it was stated that BT's helpdesk told a concerned customer who was part of the trial that he probably had spyware on his computer.

    No lies there.

  139. Humph
    Paris Hilton

    It's more a matter of courtesy

    Despite BT's claims that their trials were "legal" what annoys me most is that they did not have the courtesy to advise their support staff and customers (who fund their advertising, ultimately) that they were conducting a trial.

    The whole cloak and dagger, and denial of trials does not support their position as being trustworthy in any way. If I had been asked if I would be interested in participating in a trial I would have naturally declined, but at least they would have made the effort to engage their customer base in dialogue, and thus demonstrate some degree of interest in customers.

    As has been the case so often honesty, openness and a dialogue with interested parties goes much, much further than the underhanded practices that have been the subject of a lot of El Reg's recent coverage.

    Naming your server "bt-profiling-trial.com" instead of "sysip.com" would have, I feel, reassured customers that they were not being spied upon in quite the same way.

    Paris because she has more integrity.

  140. Fluffykins Silver badge

    If it quacks like a lying, two timing eavesdropping duck

    Lies like a lying, two timing eavesdropping duck

    Two-times like a lying, two timing eavesdropping duck

    Eavesdrops like a lying, two timing eavesdropping duck

    Then sure as hell it IS a lying, two timing eavesdropping duck

  141. Julian
    Thumb Down

    Trust me .....

    Said Tony.

    Anyone spot the similarity?

  142. Anonymous Coward
    Anonymous Coward

    ssl

    well seen as phorm is positioned between you and any site you ever visit they can happily intercept ssl.

    How, well a classic man in the middle move.

    I can't remember exaclty how it works but our security guy told us about a similar thing, with a laptop and a hub.

    Remember phorm will be in the exchange.

    You can't do nothing to escape them.

    How long till it's mandatory monitoring of all your internet communications, all for the good of either a: society or b: consumerism. Depending on who is sending out the spin.

    Also - face it - the English population are sheep, the media need advertising and the politicians are fascist control freaks.

  143. Anonymous Coward
    Anonymous Coward

    bah

    they wont get a grilling till Jeremy Paxman gets his hands on them.

    And that'll never happen because the BBC are getting it on with Phorm.

  144. Anonymous Coward
    Paris Hilton

    DPA requests

    I had 2 accounts with BT, both now closed and migrated to a principled ISP (Aquiss) with Phorm as the stated reason for phucking off.

    Can I lump them both into one DPA request for £10?

    Or would there be more mileage to be had by sending them as separate requests (double the work for them, though double the cost for me)?

    Great work El Reg! Let's keep up the pressure people and remember to vote with you feet and wallets.

    Paris 'cause, well, being phucked and a lack of privacy are subjects close to her heart.

  145. Quirkafleeg
    Black Helicopters

    Re: Question Time

    “well i've submitted a question for tonights Question Time. … I'm sure it will be ignored and they will be asked about the health of gordon Browns dog instead, ho hum”

    Yes, it got ignored (or at least not used), and the metaphorical question about Brownjob's dog was indeed asked.

  146. Ivan Headache
    Thumb Up

    Radio 4 again - looks like a Hurray!

    Just heard a trailer for Radio 4's iPM programme - it's the saturday version of PM where listeners get to guide the content of the programme.

    Eddie Meir just said they were going to look at BT intercepting people's web-browsing habits.

    I'm not sure if it's as a result of my post earlier today to them (as I've not had a reply) or due to something else.

    Annoyingly, I won't be able to hear it as I'll be on a plane to the middle of nowhere.

  147. kempsy
    Pirate

    Are BT so proud about Phorm

    Just had a look on the BT website (www.bt.com) and found no mention of Phorm at all. If BT were so proud of their relationship with this company and the 'benefits' it brings why isn't this on their website.

    A bit of news from BT about this supposed new 'trial' for the 10,000 selected victims, sorry, customers, would not go amiss either.

  148. dek

    @T.J re petition

    Maybe because most of us have realised that it is a complete waste of time? Last one I signed was to get rid of the e-petition site and save the tax payer some money.

  149. Anonymous Coward
    Alert

    Phorm Phorn Porn

    "Phorm" just always reads as "Porn" to me.

    And we all know how nasty THAT is!

  150. Anonymous Coward
    Anonymous Coward

    2006 RIPA LEGAL RULING

    the lost RIPA appeal of Stanford's

    http://www.lawdit.co.uk/reading_room...20Stanford.htm

    Stanford Loses Criminal Appeal

    3 February 2006

    Stanford Loses Criminal Appeal

    Cliff Stanford, the Internet pioneer has recently had his appeal to quash his criminal conviction for intercepting emails denied. Stanford pleaded guilty last year to intercepting emails from his former company Redbus Interhouse – he argued in his appeal that the trial judge had misunderstood the law.

    Stanford was the founder of the ISP Demon Internet in 1992 but sold it to Scottish Telecom for £66 million in 1998. It is reported that Stanford made £30 million from the acquisition.

    Shortly afterwards Stanford was a co-founder of the co-location and data centre company Redbus Interhouse.

    However, Stanford resigned from the company in 2002 after disagreeing with the Chairman Jonathan Porter.

    In 2003 allegation started to be made as to whether Stanford was involved in the interception of email between Porter and his month Dame Shirley Porter. Stanford and another man were later charged under the Computer Misuse Act and the Regulation of Investigatory Powers Act 2000 with a trial date set for September 2005. However, both men pleaded guilty to the offence shortly before the case went to trial.

    Peters & Peters solicitors for Stanford were reported to have released the following statement:

    "Mr Stanford pleaded guilty to this offence following what we regard as an erroneous interpretation of a very complex new statute. The Judge’s ruling gave Mr Stanford no option other than to change his plea to one of guilty."

    Apparently, the legal team for Stanford intended to establish his innocence on appeal. However, this has had a severe drawback. He lost.

    The Regulation of Investigatory Powers Act 2000 provides a defence to an individual who intercept a communication in the course of its transmission from a private telecommunication system, if they can establish:

    a) that they are entitled to control the operation of the system; or

    b) they have the express or implied consent of such a person to make the interception.

    Stanford relied on the position that he had gained access to the emails through a company employee. The employee apparently was given access to usernames and passwords on the email server.

    Therefore, Stanford argued, he was entitled to access the emails as “a person with a right to control the operation or the use of the system”.

    Geoffrey Rivlin QC, the trial judge had a different view. He pointed out that

    “right to control”

    did not mean that someone had a right to access or operate the system, but that the Act required that person to of had a right to authorise or to forbid the operation. [that mean YOU users as the owner of the data]

    Stanford appealed the judge’s decision. However, the Court of Appeal upheld Rivlin’s view. It pointed out that the purpose of the law was to protect privacy. Therefore Stanford’s sentence of 6 months imprisonment (suspended for two years) and a fine of £20,000 with £7000 prosecution costs

    were upheld.

  151. Anonymous Coward
    Flame

    Talk talk

    It seems Talk Talk are happy to tell the BPI to o sod off.

    "Policing internet 'not ISP's job'

    The music industry has been unable to stop internet music pirates

    The head of one of Britain's biggest internet providers has criticised the music industry for demanding that he act against pirates.

    The trade body for UK music, the BPI, asked internet service providers to disconnect people who ignore requests to stop sharing music.

    But Charles Dunstone of Carphone Warehouse, which runs the TalkTalk broadband service, is refusing.

    He said it is not his job to be an internet policeman.

    Mr Dunstone, whose TalkTalk broadband is Britain's third biggest internet provider, said the demands are unreasonable and unworkable.

    He also said his firm will refuse to cooperate with the BPI, despite threats of legal action. "

    But is more than happy to phorm all your Data WTF ?????

  152. hi_robb

    Re: Talk Talk

    I seen that on BBc this morning and thought exactly the same thing. My imediate thoughts were that the comments were smokescreen to shroud the fact they are also in bed with Phorm.

  153. Darren Winter
    Paris Hilton

    @ kempsy

    Phorm are mentioned on bt.com - you have to find the section on Webwise (and enable scripts if you're running Firefix/NoScript).

    They appear briefly in a FAQ about webwise, which seem to be touted as something akin to McAfee Site Advisor with the added advantage of "better" advertising - if that's not an oxymoron like fresh-frozen, friendly fire or military intelligence.

    There is a curious entry in the FAQ. One of the questions says 'What have Phorm got to do with Russia and China?' and basically the answer is that they have a team of cheap developers in Moscow, but nothing to do China. I don't recall them being linked with China.

    Does this mean we're slow on picking up on something? Are Phorm linked with communism and censorship?

    Paris, because for her and Phorm's records aren't very good

  154. Andy ORourke
    Joke

    Talk Talk missed opportunity?

    I think since they are going to be doing packet inspection of all users data they would be in an ideal situation to "police" your traffic and give you your three strikes fairly easily if they discover copyright material?

  155. Philip Skinner
    Gates Halo

    Copyright worries

    Is it just me or will they need to get permission from the owners of the websites, whose content they will be modifying?

    From those forum posts it appears as though Phorm is also modifying data being sent back to the servers.

    Will the website owners get a share of the revenues as they will only be seeing adverts if browsing the web, and they will only be browsing the web out of choice.

    I don't think this will ever get out of the door, there will be law suits not only from users about their data being intercepted, but from companies who have their websites modified on the fly by Phorm.

    BG cause he would never stoop to this.

  156. Anonymous Coward
    Boffin

    Radio 4 / Phorm aka Webwise

    Re coverage on PM - you will be able to listen to a replay of the programme at http://www.bbc.co.uk/radio4/progs/listenagain.shtml

    There is no mention of Phorm on the BT website because UK ISPs will be branding it as Webwise, an 'anti-phishing security feature'.

  157. Anonymous Coward
    Anonymous Coward

    A new avenue of attack....

    So..after watching C4 News last night it seems that we have a new avenue of attack. Mr Steven Mainwaring can prove that he was part of the BT trial, and that BT did not tell him about it at all. That, to me, is a clear breach of RIPA. He seems to be contemplating contacting the Police over the issue.

    I propose this.

    If he doesn't get anywhere with the Police, how about we get ourselves properly organised and bring about a civil prosecution under breaking the DPA and RIPA using Mr Mainwaring's evidence to date? We have enough experts around here to be able to explain what has happened in clear english, and I am sure that we can find a technical lawyer to convey this in court.

    I, for one, am willing to donate £100 to fund the legal costs. If enough of us do it, we can win this. Letters to ISP's, MP's and various executives are OK, but nothing gets the attention like a good court case. THAT cannot be ignored.

    Kudos, by the way, to Miss Francesca Martinez for dropping out of the Olympic Torch Bearing shite. Shows courage and integrity on her part, something sadly lacking in BT and Phorm.

    Anthony

  158. kempsy
    Thumb Up

    @ kempsy

    Hi Darren

    Thanks for that, I still maintain that it is interesting that you have to dig through that many webpages to find a mention of Phorm and you certainly can't find it on a search of the website - especally of BT's recent press releases.

  159. Anonymous Coward
    Pirate

    It's bad Phorm, BT

    Certainly C4 gave the BT girl something of a tough time yesterday.

    "It's not illegal"!!!!

    They would say that wouldn't they! They could not say anything else as the (utterly toothless) Data Commisioner and thousands of ordinary customers would be off to the lawyers toute suite!

    This has to be one of the most arrogant, cynical and frightening developments of recent times. BT have already seriously messed up the email system (now being "rolled back", probably because of serious pressure from other ISP's whose channels were affected), now they have the brass neck to try this kind of stunt.

    Not once but twice!

    What I want to know is:

    Is there likely to be a development by some good-hearted person which will block any Phorm-filling (and prefereably send a nasty cookie to the originators)???

  160. Anonymous Coward
    Anonymous Coward

    @ Philip Skinner

    Web site owners will be paid per clickthru if they sign up with OIX - just like any similar ad service. In theory if the targeting is successful they will make more money because there will be more hits. On the other hand if consumers become wary of OIX they may just block the ads, then you will get nothing.

  161. Craig
    Thumb Up

    Reply from my MP

    My MP, a very senior Conservative MP*, has replied to me today saying that he is formally raising the issue with the Secretary of State for Business Enterprise and Regulatory Reform. He promised to write again when he receives a reply.

    It'll be interesting to see how that works out...

    * and a nice guy, despite him being a Tory...

  162. john loader

    Try this new BT product - you must be kidding.

    BT now wants me to have their cedit card - the sales pitch came from India where Data Protection is less secure than here and I guess BT would watch what I spent and where in order to sell that information on. I take only services that I have to from BT as I just don't trust them anymore (and I worked for them for 20years!).

  163. FoolD
    Unhappy

    C4 Coverage

    Whilst the channel 4 news coverage did raise some "spyware" points imo it failed in that it severely played down the severity of BT's law breaking;

    The 'reporter' only cited that BT may have broken data protection laws - which after the recent gov blunders most normal people will just think "not again" and dismiss it. The reporter didn't state the more important fact that BT may have breached peoples basic human rights - the right to privacy, protected in law by RIPA.

    After all the fuss over eaves dropping one conversion between a prisoner and an MP (do I hear cries of "oh the humanity") I thought the press might make more of a fuss over 10,000 people's basic rights being violated with no consent or recourse - not even an apology.

  164. Michael
    Thumb Up

    We spied on 36,000 customers using the internet, admits BT

    http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id=556068&in_page_id=1770

  165. sotar
    Happy

    BT on C4 news (didn't say it was legal)

    Just want to correct some comments above on C4 news item that suggest Emma Sanderson, the BT spokesperson, said their actions were legal. What she actually said was that they had sought both external and internal legal advice; there was no mention of what that advice actually was.

  166. Alex

    @Sotar

    Maybe I'm reading too much into this but I found it very interesting when Sanderson said,

    "We obtained [hurried correction] SOUGHT internal and external legal advice".

    A suspicious person might think that "sought internal and external legal advice" was the carefully crafted, damage-limiting line that BT did not want to deviate from. As I am that person, I suspect that they didn't even obtain advice, rubbish or not.

  167. Anonymous Coward
    Stop

    Jobserve job

    Read it carefully: It's NOT phorm, they're IMPLEMENTING phorm.

    http://www.jobserve.com/E4ECDD80ACF7BD0A7.job

    Someone give ARM a call and find out who it is, must be a Hampshire based ISP.

    Blacklist the phuckers!

  168. Tony Paulazzo

    Cheers ac

    taken some of your comments on board, but in the meantime I've snailmailed the letter to Gordon Brown, my mp, mep, dailies, local and national, got it put up in the local community meeting point and library, but now I'm thinking...

    If the people at the top aren't prepared to do something about this then we need to generate a grass roots national signing. The points would need to be concise and easy to understand and managed from a central location (hint hint El Reg), then post the lot to No 10 Downing St.

    I think the number 1 point is that optin or out, all that priceless user info goes through Phorm software.

  169. Anonymous Coward
    Coat

    Here are a few contact addresses

    Non-Labour Members Of The Commons Select Committee on Culture, Media and Sport:

    John Whittingdale MP: jwhittingdale.mp@tory.org.uk

    Profile at http://biographies.parliament.uk/parliament/default.asp?id=25239

    Nigel Evans MP: ribblevalley@tory.org (nigel@nigelmp.com bounced)

    Profile at http://biographies.parliament.uk/parliament/default.asp?id=25719

    Phil Willis MP: willisp@parliament.uk

    Profile at http://biographies.parliament.uk/parliament/default.asp?id=25250

    Adam Price MP: pricea@parliament.uk

    Profile at http://biographies.parliament.uk/parliament/default.asp?id=25332

    Philip Davies: daviesp@parliament.uk

    Profile at http://biographies.parliament.uk/parliament/default.asp?id=35440

    The House of Lords Science and Technology Committee

    hlscience@parliament.uk

    The Earl of Northesk: northeskdjm@parliament.uk

    Profile at: http://biographies.parliament.uk/parliament/default.asp?id=26583

    Not many of their Lordships have e-mail addresses but the Earl Of Northesk has responded positively to other enquiries about Phorm.

  170. Anonymous Coward
    Anonymous Coward

    ICO Latest

    Hi. It's Alex @ Phorm

    The ICO has posted its latest statement on Phorm, which includes the following:

    "They assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users. Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users."

    The full statement is here: http://www.ico.gov.uk/about_us/news_and_views/press_releases.aspx

  171. Peter White

    more coverage on bbc website

    http://news.bbc.co.uk/1/hi/technology/7331493.stm

    Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal".

    The analysis was done by Dr Richard Clayton, a computer security researcher at the University of Cambridge.

  172. Alex

    BBC are continuing to cover this...

    ...although with something of a diluted manner

    http://news.bbc.co.uk/1/hi/technology/7331493.stm

    more interesting: http://www.lightbluetouchpaper.org/

  173. Anonymous Coward
    Boffin

    The full tech skinny on Phorm - Here it is!

    Excellent description of a meeting with Phorm and the full gory technical details

    http://www.lightbluetouchpaper.org/2008/04/04/the-phorm-webwise-system/

    and we find another crime being committed, as the system sets cookies while misrepresenting the originating website. Also misuse of robots.txt (did they just make this up in response to needing consent from website owner?)

    IMHO final confirmation (as if we needed it) that this system is illegal in the UK without explicit opt-in from user and website owner.

    Credit to Richard Clayton the OP.

  174. Pete Hunt
    Paris Hilton

    BT website

    From http://www.bt.com - you can't miss the link to Webwise at bottom left !

    I heard that BT have tested this before, is this true?

    BT conducted two small scale technical tests of a prototype advertising platform in June 2007 and over 2 weeks in September-October 2006. These tests were specifically conducted to evaluate the functional and technical performance of the platform. It was completely anonymous, no personally identifiable information was processed, stored or disclosed during either trial. As with all Service Providers, it is important for BT to ensure that, before any potential new technologies are employed, they are robust and fit for purpose.

    Can I find out if I've been on a BT Webwise trial through the Data Protection Act?

    No. A small number of customers were randomly selected for the two previous tests, of a prototype advertising platform, and each was completely anonymous. Absolutely no personally-identifiable information was processed, stored or disclosed during this test, so BT has no way of knowing which customers were part of the test.

    Paris - 'cos even she can smell the BS!

  175. Anonymous Coward
    Coat

    Reg seems a bit sluggish today...

    ... not been upsetting any Russian hackers have you by any chance?

  176. James Smith

    Doomed!

    I was having a chat to my about this yesterday and she thinks it's great. She loves the way that Google puts targetted adverts on her web pages, and just sees Phorm doing the same thing. I tried pointing out that Phorm will read all of her web traffic, but she doesn't see that being any different from what Google does.

    Oh dear, we're all doomed!

  177. Ken

    So, my data is safe... is it?

    As all data is being scanned and can be viewed by a company (Phorm) that has a background of being dishonest, assisted by BT that lie through their back teeth about the whole scam, how can any of us be be certain that our private data (credit card numbers etc) will not fall into the wrong hands?

    I wonder if the banks are aware that they have customers being monitored?

  178. Wayland Sothcott Bronze badge
    Paris Hilton

    ICO statement

    I just followed the link posted earlier to the Information Commissioners Office.

    http://www.ico.gov.uk/about_us/news_and_views/press_releases.aspx

    They have picked up on a couple of our points but seem fixated by the Phorm ideas;

    1. that it enhances the users experience

    2. that not posting adverts on opt-out is the same as not spying on traffic

    3. that not holding personal data on their server is the same as not identifying the user from their Phorm cookie

    I tend to find that women love it when a big firm take charge like BT or Phorm and yield to it.

    Paris because she likes a big firm take charge kinda guy.

  179. Anonymous Coward
    Unhappy

    Re: Doomed

    "I tried pointing out that Phorm will read all of her web traffic, but she doesn't see that being any different from what Google does."

    Sounds like a quick edit of the hosts file is in order: no more google targeted ads on her web pages.

    The way I explain it is:

    Phorm will have a look at your computer to see what cookies are written there. And if it sees that your computer is not up-to-date it will write to your hard drive. It works like a rootkit, this is worse than spyware and malware, you don't know it is there, you can't stop it reading and / or writing to your computer.

    Once it is on at the ISP, it is always on. Even if you opt out, each time you request a web page, it looks at your computer to see what is written there.

    Once it is on, you will never again be able to trust that what you see on your screen is the same as what the webmaster wanted you to see. This is how the anonymous trials were spotted: the webmasters where seeing code on their pages that they had not put there.

  180. Kevin Jeal
    Thumb Down

    Pfft wot a cop out!

    Wtf was that interview about, lame indeed. Me thinks they need a few new researchers at the BBC, no mention at all regarding the fact that this so called customer improvement (malware) has nothing to do with BT and is a third party spy-ware peddling company. And that BT and Phorm have differing views on the way the software actually works.

    Have e-mailed my thoughts on the matter to the BBC regarding their so called reporting.

  181. Anonymous Coward
    Pirate

    Bye Bye BT, BT Bye Bye

    I was taking great delight in requesting my MAC code from BT over the weekend. Forget the fact that it took 20 minutes to speak to someone, who then kept me on the line for another 10 minutes before telling me that their entire MAC code generator system was down - I was itching for them to ask me the question. Go on, I thought, you know you want to. Go on, ask me why I'm leaving after 7 years. Go on.

    They did. I regaled them with a potted history of Phorm and their involvement in it. I explained that I wasn't interested in having my net traffic monitored, and that there were a number of other providers out there who were actively saying they weren't ever considering Phorm (or Phorm-like technology) and who were charging less than BT for a better service. I described how this issue had finally overcome my natural lethargy and inertia against switching to someone cheaper.

    They said they were completely unaware of any press relating to anything called Phorm, or traffic monitoring. I directed them, in the first instance, to The Reg. They said would I reconsider if they gave me a discounted rate. I laughed.

    They gave me a special number to ring 'in a few days' to get my MAC code. I thanked them, and hung up. Then I immediately dialled the special number, got my MAC code (yes, the MAC code generator system at this other office was, amazingly, working - how interesting) and gave it to Be, who even now are sending me stuff and setting-up payment details.

    Bye Bye BT.

  182. Chris Collins
    Alert

    corrupt BBC but thumbs up to C4

    The bbc interview was poor but it didnt surprise me they are in bed with the government and it turns out my MP who is a ex cabinet member is on the BT board so it was probably soft deliberatly, channel4 were much better but BT stood firm.

    This just proves to me BT is arrogant and feel they invincible they have millions of customers and probably will only lose a few thousand at the most which is nothing for them, they wont care as long as the profits from phorm exceed losses from customers leaving, all BT care about is profits and they are one of the worst corporates for it with vey low morals.

    I tracerouted sysip.net and ntp.sysip.net interestingly they ended up on servers using godaddys domain name 64.124.113.62.godaddy.com [64.124.113.62] and gw.godaddy.com [64.124.147.30]. But since its in america the impact on customers should be noticeable. In addition to the implications already posted such as modifying websites, forum posts, and loss of privacy, accessing a website now has potentially an extra 200ms added to it in response time as its customer to isp to phorm (in usa) to the website back to phorm (in usa) back to customer in fact it could well hit 400ms extra if its a uk or eu site. I remember been on ntl which had proxy servers and things got slow at times web browsing and all they were doing is basic proxying whilst this actually does more processing and modifies pages.

    Its illegal but BT wont care they will not be prosecuted for it, corporates the size of BT are genuinly immune to breaking the law and its also probably aiding the government since I think after this phorm has been running a few years they will crank it up to start web censorship etc.

    I also curious at the figures they say 36000, if it means 36000 at any time and they had rotating dynamic ips that means its a lot more than 36000, if its total 36000 it then means BT are lying about they dont know who was affected as they had the ability to tally it up.

  183. Anonymous Coward
    Anonymous Coward

    @ Tony F Paulazzo

    as CTO within BT, Stratis was a bit of a champion of the BT Abuse team. They were a bit besieged at one time by lunatic local managers with "ideas" He and another director intervened to prevent those "ideas" from causing damage. In actual fact he flew to Thurso (in his personal jet) to see the team, which pleased us immensely. Really pissed off the local loonie management, too, when he pretty much snubbed them to talk to the folk on the ground. hehe. Anyway...

    Meanwhile, he was overseeing one of the biggest abuses of the network imaginable, and to cap it all he's now CTO of Phorm??? I mean, come on! You couldn't make this stuff up! Phorm, and presumably the CEO of said company was directly involved, must have been grooming him to take over the CTO position at that time, but before they slipped on the golden handcuffs he oversaw them getting unfettered access to the network and customer data!

    He did this while at the same time pioneering Streamshield to enable the Abuse team to prevent abuse more efficiently.

    The irony is killing me!

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019