back to article Information Commissioner: Phorm must be opt-in only

The Information Commissioner's Office (ICO) has issued a major revision to its statement on Phorm, insisting that the ad tracking system must be deployed on an opt-in basis to comply with the law. Of the three ISPs connected to the scheme, only Carphone Warehouse has committed to opt in when the system is finally rolled out. …


This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward


    Maybe just maybe phorm will vanish up their own ass.

  2. Steve


    The ICO's New Year's resolution seems to have been "grow a pair".

  3. Paul Buxton

    All well and good but

    The article makes no mention of the method of opt out. Will it require a cookie or won't it?

  4. Jonathan


    First step in beating Phorm.

    Next we need to make sure that the average consumer is as informed as possible, so when BT spouts their "Free phishing protection!" with Phorm in the smallprint, consumers will know what they are really getting.

    Cos, if people are forced to choose, hopefully enough them choose to opt out to make Phorm a useless service.

  5. Chris
    Thumb Up


    Excellent - good to hear the ICO actually deciding to do what they should be doing without a lot of prompting. Also very good to hear VM sound like they're trying to distance themselves from this bunch of crooks. I really can't be bothered having to move ISP/TV/Phone etc as I'm perfectly/reasonably happy with what I've got. The sooner VM announce they're not going ahead with it, the sooner I can stop pricing up alternatives...

  6. Paul Delaney

    Opt-In Basis Only!!

    YES! YES! YES!

    See how many muppets they get to opt-in, their "adverisment targeting system" won't be worth a fuckin light now!

    Thank you Jeezus (and El Reg)

    Yeah, I know...

  7. Sam


    That's a bit more like the right direction..

  8. dervheid

    Well, I'm available to comment...

    And the message stays the same here too.



    I forsee this being tested in the courts, re the RIPA implications, trouble is the damage will be done by then.

    I also forsee (yes, I do have a crystal ball. No, THEY'RE both normal and functional, thanks. Any more predictable 'ball' jokes? No? Good.) that sensible subscribers will depart said ISPs in droves (OK. That does not require a crystal ball, that's 'stating the bleedin' obvious')

    Am I rambling? (YES!!!!)

    Ah, but do I care? Not a jot!

    Much like BT et al.

  9. colin stone

    SHOCK ... THE ICO finds a tooth

    "BT and Phorm were unavailable for comment."

    Thats a first anyway.

    Now the ICO has found a tooth, what about an explanation regarding the report last week from the ICO.

    Also a question to Phorm, and phormPRteam.

    Proof you are lying scum.. The ICO did not endorce your product did they?.

    Please visit all the message bords and blogs you posted on with this lie, and say sorry.

  10. Kieron McCann
    Paris Hilton

    And about time too!

    So basically what this is telling us is that the original statement by the ICO was written by a drone who didn't bother to ask any searching questions or to give a nanosecond of thought about what Phorm would mean. It looks like all of the pressure brought by El Reg and it's readers is finally bearing fruit!

    Paris - because she's now reformed, just like the ICO

  11. Anonymous Coward

    Required Title..

    Only the first hurdle.. now the law verses BT trials...

  12. Mark
    Gates Horns

    Might just opt in..

    And be their only customer, just for a goof...

  13. Mark
    Gates Horns

    What will likely happen

    Is like spammers and other dubious internet scamsters, they just change their name, sell their product to the MD's brother, and startup a new company under a new name, and try the same shit again...

  14. Anonymous Coward
    Thumb Up

    No comment from Phorm?

    That's probably because they're in the toilet crapping themselves and realising that their shares will only be good as toilet paper after this

  15. Mike Crawshaw


    I wonder if:

    a. Changing T&Cs (as BT have already indicated they will do) will act as an "explicit opt-in".

    b. Phorm / BT / etc will appeal against this and have it overturned. The ICO has already changed its stance, it can change it again.

    I hope not, in both cases. Hopefully, there will be a requirement for a user to explicitly agree to a statement along the lines of

    "I agree to my ISP and Phorm analysing my browsing habits and storing data regards these, using this data to serve me targetted advertising and other services to be determined in the future. I agree to this being entirely at my own risk, and that my ISP / Phorm cannot be held in any way accountable for the content of said advertising, loss of personal data, installation of malicious software on my computer and / or personal loss."

    Let's see how many agree to that?!

    (And see whether Phorm's share price can actually go into the negative!!)

  16. Chris Simmons


    ...the Bristol to Bath cyclepath was saved from having a chunk of it turned into a bus route a few weeks back I thought that would be the last time the power of people protest did any good in my lifetime; how wrong I was.

    What a way to cheer up a dull Wednesday afternoon.

    Power to the Geeks!!!

  17. James Whale
    Thumb Up


    This is excellent news - thanks El Reg and everyone else who's kept this issue at the forefront! Let's keep the pressure on and the awareness up, and make sure this nasty little company dies on its arse.

  18. Aristotles slow and dimwitted horse

    This is...

    Very welcome news.

    IMHO though - we now need to keep an even more watchful eye on how Phorm/BT et al try to wriggle their way round this.

  19. Anonymous Coward
    Anonymous Coward

    Interception of Communications Commissioner

    20 March 2006

    The Prime Minister has approved the appointment of the Right Honourable Sir Paul Kennedy as Interception of Communications Commissioner under the terms of Section 57 of the Regulation of Investigatory Powers Act 2000. Sir Paul's appointment is from 11 April 2006 to 10 April 2009.

  20. A

    Only half the issue has been addressed

    What about website owners who don't what their content to be used in this way?

    It is their content and their property that is being monetized by Phorm and the ISPs to provide these adverts.

    No website I run would allow such use and I would never opt in to such a scheme. If a visitor that happened to be a victim/customer of a Phorm ISP viewed my content (whether they opted in or not) and it was intercepted for analysis then that interception would be unlawful IMHO.

    Will Phorm be obeying any form of robots.txt or other search-engine control mechanism?

  21. Parax

    Interception of Communications Commissioner

    So who does the "Interception of Communications Commissioner" actually work for? is it the ICO or the home office??? and who is it these days??

  22. Rog69

    Re - What will likely happen

    And we'll all be here waiting.

  23. Anonymous Coward
    Anonymous Coward

    More on Interception of Communications Commissioner

    See here for description of Interception of Communications Commissioner:

  24. Anonymous Coward
    Dead Vulture

    A good start

    It's about time the ICO realised that a considerable part of this falls under their remit, rather than play the ostrich. It does however mean that some of the questions asked earlier (that as yet remain unanswered) are still relevent.

    Going by the ICO's new statement surely this would mean that the only 'legal' way to do this is to split up the ISP's network into Phorm / No Phorm and have the Opt-In/Out on an account level. I'm going by the previous reports published on The Reg and elswhere which seems to point towards the fact (as it stands) that even if opted out of the Phorm system the data is still digested but not profiled.

    Surely under ICO's revised statement if you opt-out and your data is still 'digested' regardless surely this is illegal going by what they have said? or am I missing something?

    I'd also like the ICO's findings on BT's secret trials and the trials that are about to go ahead to be made public.

  25. Dam

    Illegal even with opt in

    Even if it's opt-in it remains illegal.

    A user can't give consent for *my* articles on a *private* section of *my* website to be intercepted.

    My own consent is still required, the lawsuits WILL roll.

  26. Pete Burgess


    I was under the impression that Phorm still profiled you even if you do opt out, it just discards that profiling and doesn't send it back to your browser...

    Surely this means that even an opt out doesn't satisfy the DPA?

    Or have I made this up?

    Skull & Cross Bones as that is all that will be left of Phorm...

  27. Graham Wood


    No comment about whether (without opt in) the data has to be kept away from the system.

    Probably too technical for an "open statement", but the issue for me has always been the data flow rather than the advertising.

    I did email the ICO a few days back about the earlier trial (from the point of view of a webhost accessed by BT, rather than as a BT customer) but haven't got an answer yet. I've got password protected (but not SSL'd) sections on the website, and U certainly didn't give BT permission to spy on people using it.

  28. Anonymous Coward

    I'm still worried

    This *should* be f**king fantastic news, but I'm still worried that the ISPs will see this statement as more justification for simply mangling their terms and conditions in such a way that the opt-in/opt-out choice basically becomes one of accepting their terms or not. Which means leaving them if you don't.

  29. AndyC
    Black Helicopters

    @Paul Buxton

    Doesn't matter about the opt-out cookies now, if it is strictly opt-in, then phorm/bt/vm etc will have to have something stored against your profile either on the isp end or your pc end to say that you opt-in.

    That is assuming that they follow the

    "humm, check cookie/profile, no opt in, must have opted out, ignore traffic route via unmonitored route"

    and not the

    "humm, check traffic, check key words, profile, humm, no opt in, better not send adverts to them, monitor traffic regardless"

  30. Jonathan

    Just sent this to Ian Livingstone

    Dear Mr Livingston,

    As I'm sure you are aware about the issue surrounding Phorm, I will be brief. Please note, before I begin, that I am not a BT customer, and thus was unaffected, but as a concerned member of the public, I am interested in the Phorm case because for me it represents the erosion of consumer rights to allow for greater corporate profits.

    I wish to ask you two questions.

    Firstly, why did you not inform those who participated in the trial last summer what the reason was for the various problems they encountered? I'm sure I'm not alone when I say I wish that BT had been more forthcoming about this technology, as a leader in the UK broadband industry. I think it sets a dangerous precedent, and am perhaps more concerned that you lied to your customers than the fact that the trial was conducted at all.

    The second question I wish to ask is, what is BT planning on doing for those affected customers? In case you are not aware, the Information Commissioners Office has recently declared that Phorm must be opt-in for it to be legal. Thus, last years trial as not legal, as it was not opt-in. I would like to hear your views on this. What plan of action will BT take to mitigate the risk of lawsuits and more negative publicity resulting from the trial being in danger of beign declared outright illegal?

    I would appreciate any correspondence.

    Thank you,


  31. Graham Wood

    RIPA rather than PECR or DPA

    Reading that statement, it appears that the ICO is distancing itself from the RIPA issues - and telling people to talk to the home office. Which makes the response I got from the home office quite interesting...

    The best source of information to guide you further on the issue you raise

    would be the Information Commissioners Office, whose website can be found at The site covers a wide range of matters on access to

    business information and the protection of personal information.

    In all respects , it is not for the Home Office to determine wether BT has

    acted illegally or not.

    (I've just emailed them again to ask them to explain the fact that they say talk to the ICO, and the ICO says talk to them...)

    (apologies for double comment, assuming both get through, I hadn't read all the statement before posting before)

  32. Kane

    Hold on, hold on....

    Yes, a small victory, I grant you. But the problem still remains with the nature of the opt-in arrangement. If Phorm and BT are so closely tied together (as I imagine they would be, as well as other ISP's that have a tight profit margin), wouldn't it seem advantageous for the ISP's to tie the opt-in with their Terms and Conditions? Like, maybe, if you don't want Phorm to monitor your online activities, then you can Phuck off to another ISP. You don't have to agree to use our service, but if you do, this is how it's gonna work. (might not work for current customers, as they would have to agree to a new contract with new T&C's, but for new customers...)

    Do we have any protection against something like that? I know that Phorm is a separate company in it's own right and it would be them who have to seek your permission to opt-in, but wouldn't they do it through the ISP to save themselves the time and effort?

  33. Kevin Johnston

    re: Only half the issue has been addressed

    Strangely enough I have had no response from the ICO about that very subject. I asked them to explain how BT/Phorm planned to ask permission to intercept communications between my website and my customers.

    Should I ever get a reply...

  34. Sceptical Bastard

    Premature jubilation

    Obviously I am pleased to read this story. It is, indeed, another step in the right direction. It's delightful to imagine the cussing and ranting coming from behind K(u)nt Etrugul's office door.

    What's more, Vulture Central deserves a night down the boozer for its campaigning journalism on this issue.

    But the battle is far from won. Even if Phorm's shares nosedive further or the firm simply gives up the ghost (neither likely) someone someday will step into the breach because too many vested interests - from ISPs and Telcos to security services and governments - will find mass "anonymised" interception and analysis of all port 80 traffic too tempting to resist.

    If, in the light of the Information Commissioner's statement, Phorm and its ISP partners have to make the product opt-in they will disguise it as an anti-phishing or anti-advertising feature (as, of course, they already are). That alone should entrap enough tech-illiterate non-Reg readers to make the scheme financially viable. Alternatively they will bury opt-in in their Service T&Cs - and who reads T&Cs carefully in every particular? So the need for widespread publicity is even greater than ever.

    We're on the right course to phuck the current Phorm scheme but we aint there yet.

    Let the fight continue, comrades - but with even greater vigour!

    Aux armes, citoyens!

  35. Ian Chard
    Thumb Up

    Share price...

    ...hit a low today of £14.25, and it looks like it's going to have its lowest closing price in 52 weeks... currently trading at £14.85, off 10%, with the FTSE up about 4%.

    Tragic really. No, really.

  36. Craig

    Is it worth anyone left with BT opting into the trial?

    Just a thought, but if everyone with technical nouse or half a clue opts out of the BT trial, all that will be left are those who believe BT are good and can do no wrong, the BT plants and those who wouldn't know the difference between dialup and ADSL2+

    What about some readers here, with that precious half a clue, recording genuine experiences such as failed redirects, pre and intra-trial latencies and speed, etc.

    Also, if you opt-out midway through the trial, what happens when your anti-spyware software deletes your Phorm cookie as part of a regular cleanup? Are you re-profiled and do you get any notice that you've been re-profiled?

    This is in regard to the ICO's statement's last para:

    "In the view of the Commissioner Phorm can operate Webwise and OIX in a way which is in compliance with the DPA and PECR but must be sensitive to the concerns of users. The Commissioner will keep the Phorm products under review as they are rolled out and his view will be strongly influenced by the experience of those users who choose to participate in any trials and the way in which they are able to make that decision. The Commissioner will also continue to be interested in the dialogue between technical experts and Phorm about the way in which the system operates."

    If all they get are Phorm/BT success stories from the trial, they'll probably lose their spine again and can legitimately ignore the techy responses from those who haven't any real experience of the nasty bit of stuff.

    just my 2p...

  37. Anonymous Coward
    Anonymous Coward

    Opt-in or .....

    I assume the next step for BT is to make the opt-in tick box a requirement in the contract to access the service (or maybe they will just put you a higher price if you don't opt-in). BT is just beyond shame.

  38. Paul Buxton


    "Which means leaving them if you don't."

    They need your custom more than we need their spyware and they damn well know it.

    They're not implementing Phorm to spy on you, that's just a side-effect. The reason for the implementation is the same reason they do anything and everything - profit. Hit them where it hurts - if the ISP does something you don't like then just find another ISP.

    With this in mind, can anybody who has more than a passing interest in law tell me: If BT change the T&Cs to something I can't or won't agree to can I simply end the contract? I'm tied into this contract for another 12 months and would like to know my legal standpoint if BT do decide to implement Phorm.

  39. Anonymous Coward
    Anonymous Coward

    @All well and good but...

    >>The article makes no mention of the method of opt out. Will it require a cookie or won't it?

    No, the fact the ICO has stated it is an opt-in, then by default you won't be included; you'll have to specifically 'ask' to be included in the scheme. It could well be that you'll now need a cookie to be included.

  40. Matt Hawkins

    What out for false endings ...

    I wouldn't call victory yet. They can still hassle you for your opt-in or your ISP could opt-in for you via small print.

    Phorm will be looking for ways to regroup and represent their technology.

    This is the bit in the movie where the heroes think the monster/robot is dead and drop their guard.

    It has just blinked. What are we going to do? Stand around cheering while it slowly gets up behind us or keep kicking, blogging, spreading the word and signing petitions?

    They have taken a blow and are on the floor but I don't want Phorm beaten ... I want it dead, sliced, diced, burnt and buried under a motorway bridge (or airport terminal).

  41. Anonymous Coward
    Anonymous Coward


    Datatheft is supposedly a criminal offence - but not yet something you could be put in jail for - so BT managers may only risk looking forward to a possibility to be fined.

    To me there appears to be quite obvious instances of datatheft when intercepting peoples communication data and trawling for data. Not all data in this communication is owned by the customer of a BT account even if it may be included in their communication praxis. As mentioned earlier some of this data belongs to third party. So I would expect that there is much more than meets the eye that might be coming up later. Not only privacy issues and interception as phenomena. Data theft as phenomena arising from Phorm practice has so far as I know not been targeted as a serious issue in this case.

  42. Anonymous Coward

    1st Strike for The People VS The Man... errr I mean... Phorm

    Still a long road ahead but first blood to us!

    Keeping this sucker on refresh too just for the shits and giggles:

  43. Jimbo Gunn


    I am not a lawyer and I don't have much of a phucking clue about this but...

    Hasn't the ICO totally missed the point about Phorm?

    "Even if Phorm is not processing personal data..."

    They're watching your whole internet connection. "We can see everything" is their sales pitch. I throw down a challenge - send me a month's worth of browsing history and I'll tell you:

    1.) Who you are

    2.) The town you live in

    3.) The type or pron you like

    4.) Which banks you use

    5.) The newspapers you read and your political persuasion

    6.) Your religious interests, if any

    7.) The names of your best online friends

    8.) Your best friends partners names

    9.) If you have any pets

    10.) Everything you buy online

    11.) Your employer

    12.) Your next employer

    13.) Your proficiany in spelling

    14.) The state of your physical and mental health

    15.) If you're over weight

    16.) What your foot size is

  44. sotar

    One small step.

    Well this seems like a good first step but there is some way to go yet.

    First in relation to Richard Buxton's comment about whether opt-out cookies will be required. Surely if the ICO declares that the system must be 'opt-in' then Phorm & ISPs must use 'opt-in' cookies (if using them at all).

    The ICO ruling is a complete reversal of how the opt-in/out should be managed and this needs to be reflected in the Phorm/ISP process so that it explicitly checks that someone has ticked a box to say "yes I opt in to Phorm", rather than imply it simply because they didn't opt-out.

    If a cookie is to be used then it must only be there if a person has opted in to Phorm. We can't have a situation where someone who hasn't opted-in finds that Phorm is tracking them because for-what-ever reason the webwise cookie has been deleted.

    This would also seem to be a legal failsafe from the point of view of Phorm and the ISPs: if an opt-in cookie is absent then they won't track a persons activity so no problem, but if an opt-out cookie is absent then they would be tracking activity and if that person hadn't explicitly opted-in then presumably it would be illegal.

    Second, as has been mentioned before, there are two parties involved in web-browsing; the person requesting the information and the website that serves it. The ICO is now saying:

    "This strongly supports the view that Phorm products will have to operate on an opt in basis to use traffic data as part of the process of returning relevant targeted marketing to internet users."

    it is websites that will be providing this 'traffic data'. There is very little mentioned about how 'opt-in' consent from website owners is going to be handled? I see no reason why my websites should be used to make money for somebody else.

  45. Alexander Hanff
    Thumb Down

    Haven't discussed PECR with ICO yet?

    Funny, I seem to recall statements from both Phorm and BT that they had fully investigated the law with regards this technology and after receiving professional advice (from a QC none the less) they were confident they were well within the bounds of the law.

    So we have an unnamed QC who doesn't understand what PECR is or what it means with regards Phorm. Furthermore it shows yet again that Phorm and BT have failed dramatically with regards to due diligence on this technology given they have not even discussed PECR (an EC Directive) with ICO.

    The sad thing is, I as an undergraduate and limited experience in law, not to mention even more limited resources; was able to interpret the implications under PECR almost an entire week before our well resourced IC picked up on the same arguments.

    Maybe I should apply for a job as IC as I clearly have more knowledge and understanding of the Directive the current IC is supposed to enforce. I would be happy to take up the role should Mr Brown wish to contact me with a proposal.

  46. Sam

    @Ian Chard

    What was the share high? I want to gloat at the difference, and you want to post it, admit it!

  47. Dangermouse

    PhormPRTechPRTeam here...

    Hi, PhormPRTechPRTeam here...

    We still believe that we conform to the highest possible data protection standards because we have still got our heads so far up our own arses that we have no comprehension of the real world anymore. I mean, the normal versions of the DPA and RIPA are for other people, surely?

    We wish that you would all stop being so mean to us - we had a really good idea to make shitloads of cash. OK, so it's illegal, unethical and underhanded but BT _really_ like the idea, presumably because they have the same ethics as us! And BT are a really caring, sharing company. No, honestly they are. You all know that.

    Now, about those BT trials that we haven't talked about yet.

    They were not illegal because at the time we didn't think anyone would mind that we were intercepting data transmissions without permission - and also, as we have stated many, many times, the versions of the DPA and RIPA that everyone else abides to do _not_ apply to either us or BT. (By the way, thanks for that, Patricia! Your new boat is on the way!)

    Now, lets address the issues from the ICO and opt-in.

    We will be working closely with BT's legal department to ensure that the changes to your Terms and Conditions will be clearly stated on page 935 of your updated Conditions and Terms. And, of course, there is the cookie.

    So no problem there.

    Any more questions, please feel free to email me at


  48. Jeff
    Thumb Up

    Phank phuck for phat

    This is great news for the technically literate. Unfortunately it's pretty obvious that BT will now market this to the other 99% of its customers as an anti-phishing device unless it is compelled by the ICO to make very clear that it works via data interception... and this is bloody unlikely.

    So it's probably up to the informed media (so that's the techno-illiterati at the BBC out) and competing ISPs to publicise this behaviour.

  49. Alexander Hanff

    Other relevations of PECR

    Section 6 is also relevant:

    "1. Subject to paragraph (4), a person shall not use an electronic communica-

    tions network to store information, or to gain access to information stored,

    in the terminal equipment of a subscriber or user unless the requirements of

    paragraph (2) are met.

    2. The requirements are that the subscriber or user of that terminal equipment


    (a) is provided with clear and comprehensive information about the purposes

    of the storage of, or access to, that information; and (emphasis added)

    (b) is given the opportunity to refuse the storage of or access to that infor-


    Also Section 8 adds weight to the requirements of consent:

    "Processing of traffic data in accordance with regulation 7(2) or (3)

    shall not be undertaken by a public communications provider unless the

    subscriber or user to whom the data relate has been provided with infor-

    mation regarding the types of traffic data which are to be processed and

    the duration of such processing and, in the case of processing in accor-

    dance with regulation 7(3), he has been provided with that information

    before his consent has been obtained."

    And Section 27 would seem to address the issue of whether or not BT can circumvent the requirement for explicit consent by simply changing their terms and conditions:

    "To the extent that any term in a contract between a subscriber to

    and the provider of a public electronic communications service or such

    a provider and the provider of an electronic communications network

    would be inconsistent with a requirement of these Regulations, that

    term shall be void."

    Looks like the BT Trials of 2006/2007 are going to get shafted by the PECR...

    I'll get my coat ;)

  50. Spleen


    June last year Phorm traded as high as £35.80.

    Google Finance is pretty good for share price charts, and Interactive Investor ( is pretty good if you want to laugh at the amateur traders who bought in not knowing a thing about the technology and assuming that tech + currently increasing share price = profit forever.

  51. Anonymous Coward


    'What was the share high? I want to gloat at the difference, and you want to post it, admit it!'


    You can keep track of Phorm's tanking shares here - it looks like the Matterhorn:

    It peaked £35.06 in mid-February, since then it's been downhill all the way with Phorm now trading at its lowest price in six months.

  52. Anonymous Coward

    Still no mention...

    Of getting the consent of the PUBLISHERS of the material.

    I have NO problems with Google scraping my websites because it goes into their search engine and increases my traffic. I have no problems with sites with Google Ads on them because they've been placed there by the site owner.

    Google DON'T access the "private" parts of my website (Private messages etc.).

    Phorm however will be using MY material (and potentially confidential material - in that stuff in private messages might contain information which can identify an individual) to make money WITHOUT my permission using material that I've provided and I own. Or can I send you a bill every month based on the number of visits I've had from contaminated ISPs?

    Come on Phorm - answer that one. Consent has to be give by BOTH sides. I DO NOT give consent. So how do you stop your stinking scraping software from even looking at my sites? Going to give us a robot ID so we can put it into our robots.txt file - and I don't mean you piggy back on Google's robot, and I can't imagine Google being happy about that.

    As a website owner I expect you to formally publish information so I can put an entry into my robots.txt files which will block Phorm scraping AND ONLY phorm scraping.

    Of course Hell will freeze over, and Bill Gates will become a Linux fanboy before you do that because you don't actually give a shit about anyone else do you - as long as you can line your pockets with cash which you've earned by basically ripping off other peoples content.....

  53. Anonymous Coward
    Anonymous Coward

    Alex @ Phorm ...

    ... has been spotted. I expect he will be here soon.

  54. Laurent Leconte
    Gates Halo

    @Only half the issue has been addressed

    I just had a thought that made me giggle out loud.

    Imagine that Phorm and BT lie and spin their way around the opt-in issue (as many commenters have suggested).

    Imagine that the "service" Phorm offers comes back insidiously, and that a substantial proportion of computer-illiterate users are opted in.

    So far, that would mean the little guy got shafted by the big corp; par for the course and not that unlikely.

    Now, imagine that the other shoe drops; i.e. website owners objects to *their* content being intercepted. And, at the top of your head, which big web companies, interested in keeping their lucrative online advertisement business, would be likely to step into the arena ?

    That's right, I had a dream of a massive legal struggle between BT, phorm, Google, Yahoo, Microsoft (they're bound to have a go at the thing, on one side or the other) and a few others probably... A corporate version of Alien vs Predator, with Godzilla and the Gremlins thrown in as well !

    Man, I almost hope Phorm makes it that far, just so that I can grab the popcorn, kick back, and enjoy the show (almost, but not quite).

  55. vincent himpe

    Yeah !

    Next step is to make it mandatory to put large banners ( kinda like the mandatory text on sigarettes ) Warning , by clicking below you consent to being profiled, your surfing habits catalogued, and as a result bombarded with ads for stuff you don't want/need.

    In very large print : NO thanks, and somewhere really at the bottom in very small print and hard to find 'yes i give up my privacy'

    That would really 'phlush' phorm down the drain.

    Love 'the Reg'

  56. Dangermouse

    @Alexander Hanff

    Can we not get the name and the advice of the "QC" whom Phorm employed under a Freedom of Information Act request from the ICO. Surely they would know who it was....

    I know that you cannot use the FIA against a private company, but the ICO must of seen this "advice" and made a judgement?

  57. Ian

    Material Change to Terms and Conditions

    ``I assume the next step for BT is to make the opt-in tick box a requirement in the contract to access the service (or maybe they will just put you a higher price if you don't opt-in). BT is just beyond shame.''

    They could try either of those things. They'd be hard-pushed to argue it's not a material change to the terms and conditions, though, which means that their hard-won long-term contracts for their customers are worthless. It's like cats in front of fires: hold their tail and they want to go somewhere else, irrespective of how happy they are where they are.

  58. hi_robb

    I think people are missing the point RE cookies

    Guys / Girls,

    While the news on el reg today is great, I think a fair few people are still missing the point with the opt in / out cookies.

    If ISP / Phorm uses cookies for Opt in or out, this will still mean that your data is going to be intercepted and passed to their servers. It doesn't matter if they proceess that data or not depending on the cookie, the simple fact is THEY WOULD STILL BE INTERCEPTING YOUR DATA.

    Everyones posing hypothetical questions about cookies being deleted etc And while they are all fair questions, they are directing the gaze of everyone away from the real issue. "Cookie or no bloody cookie, I (as I'm sure you lot don't), do not want my data just not processed, I do not want it intercepted in and way shape or 'Phorm'."

    In some ways Phorm must be sitting there laughing. As things stand, it looks like a lot of people will be happy for Phorm to be installed at their ISP, and for their data to be intercepted, as long as Phorm can say "Yes your opt out cookie means we won't process that data". The cookies thing is fast becoming a smokescreen which Phorm are hoping spreads out obscuring the real issue.

    The only way that the Opt In / Out must work (as a few people have pointed out) is for the Opt-In / Out to be done at an account level at the ISP. When you then connect, your account is checked and if you have opted out, your data goes straight to internet and goes nowhere near the Phorm servers. For those that Opt in (and I bet it would not be many), they go a different route via the Phorm servers.

    For Opt out, your data is then never intercepted, and there's no bloody chance of it *accidentially being processed* when Phorm turn off the ignore Opt out Cookies option in their software.

    Great work people and El reg for getting things this far, but lets not forget what the real issue is here.


  59. Outsider


    It's quite interesting to go and have a look at RIPA.

    It's very very obvious that BT's actions constitute interception.

    That given reading the very short Section 3 detailing under what circumstances warrantless interception is legal makes BT/Phorm's insistence on the legality of their actions all the more interesting.

    Firstly the Act is most explicit that for warrantless interception outside the control of the state security apparatus the consent of BOTH sender and receiver should be obtained.

    Since this was not done we are left with a very very small loophole under Section 3 (3) (b) which states that telecommunications and postal operators may intercept communications for the provision and operation of that service.

    This is interesting for it states quite obviously that whatever is legal in electronic networks is also legal in postal ones which provides a whopping clue to any legal mind asked to define just what is allowable under this section.

    Incidentally...... there's no point in trying to go for BT under RIPA as the power to undertake action rests with the DPP alone. No private actions are allowable without the DPP's permission.

    It is interesting that if BT/Phorm believe they have acted legally they have effectively set a precedent allowing interception, analysis and distribution to third parties of private communications without consent if the interception is part of a trial of a system which MAY be implemented with some form of consent in the future....and this can be done to physical letters, phonecalls or IP data.

    Strangely it therefore appears that the State is more heavily regulated that communication carriers.

    The inactivity of the DPP in this matter is staggering...the precedent appalling.

    Truly the emperor BT has no clothes and, as usual, it is the laughing and jeering of the humble public that brings this to the attention of the intellectual and legal elite.


  60. Luther Blissett

    User's perception of the system - see link to Richard Clayton's technical description from a meeting with Phorm.

    Opt-in by itself is inadequate to the implementation as described, as that merely flags to the system whether the results of profiling web pages should or should not be retained. If the objection of contravening RIPA is to be avoided, the ISP must determine (not by a cookie, and not by a cookie "owned" by Phorm) whether Level 7 switching of user GETs is/is not to be performed into the Phorm system, i.e. opting out should really mean there is no interception of anything, and so no profiling by Phorm of opted out users. At present this is NOT how Phorm works.

    The compliance or otherwise of Phorm in any such manner MUST be determinable by the ICC or other independent competent authority on demand at any time (preferably without notice).

    Such a proposed modification would not compromise any "proprietary technology" of Phorm's, since the operation of the interception switch is always in the ISP's hardware. (Assuming no devious uneven handedness here - there is no doubt here to benefit Phorm). There cannot be any reasonable commercial objection to this technical mode of operating the system.

    The above is a necessary technical condition of acceptability of the Phorm intrusion. It is not a sufficient prudential one for various reasons. An important set of these revolve around the fact that the session user may not necessarily be the same person as determining the opt-in status, and may therefore expose personal data when browsing without knowing that it is happening.

    It may be time to print up lots of car window stickers like "BT 2 SPY ON U" or "Virgin could screw you".

  61. Joanne Connors

    @Sam Share high


    The Share high was 3505.00 on Feb 25th this year

    Today it's closed around 1675.00 (insert sample of the laughing policeman here)

  62. Anonymous Coward
    Anonymous Coward


    Nothing quite beats a good gloat.

  63. Bobby

    Scaring people off the internet...

    You know guys this whole bloody disgraceful scam Bt entered into with this 121Media has done absolutely no good for anyone. They're scaring people off the internet for christ sakes. All this talk about hacking users accounts and legalising spyware by these rogues has seriously damaged any respect Bt or this government may have had.. Let the government we elected into office lay down the law once and for all and end this bloody farce.. As for Kent Ertugrul send him back to Russia on his Mig 29 where he can get back to writing up some new rootkits he's so good at and when it's all over the Bt monopoly should be broken up into more competitive companies as punishment.

  64. Anonymous Coward

    Re: Interception of Communications Commissioner!

    @Parax: From the IPT's FAQ:

    "The Tribunal has no jurisdiction to investigate complaints about private individuals or companies unless you believe they are acting on behalf of an intelligence agency, law enforcement body or other public authority covered by RIPA.

    If for instance, you work in the private sector and you believe your employer has hired a private investigator to keep you under surveillance, this is not something the Tribunal can consider."

    So I don't see how they're going to be any use here. Not that we should need them. What BT and Phorm did is a straightforward crime under RIPA, it's an open-and-shut case, and the people we should be pressuring are the CPS, whose duty it is to bring prosecutions against criminals.

  65. Simon Davies

    Phorm meeting

    As highlighted in the Reg article, please do come along to the public meeting on Phorm next Tuesday (15th April). Details are at

    You will have a chance to hear Phorm and Richard Clayton going head-to-head, and get involved in the dialogue.

    Simon Davies

    80/20 Thinking Ltd

  66. Alexander Hanff

    Re: Interception of Communications Commissioner!

    No but the Tribunal can be used to issue a complaint against both the Information Commissioner and the Home Office for failing to enforce the law.

  67. Anonymous Coward
    Anonymous Coward

    opt in only come on people wake up

    If you read the update from PHORM correctly and read between the lines of what BT and PHORM have already stated BT will opt everyone in by changing their terms and conditions and you will not be able to do anything about it so rejoicing is premature.

  68. Anonymous Coward
    Anonymous Coward

    @Phorm Meeting

    Another chance to misquote, spin and drag verbal sentences out of context for the next 'Phorm Statement'.

    Also if it is a public meeting, shouldn't anybody who wants to go be allowed to. Or is this one where the attendee's are selected 'selectively' By Phorm.

    Oh and if the building is not big enough, perhaps get a bigger one. (Perhaps not - maybe a bigger pre-selection of attendees!)

    Hmm... I WONDER. How many people would honestly go to the meeting if they were Pro Phorm and had no other links with them apart from being employed by a PR company working for Phorm.

    Let me guess - Lets have a vote at the meeting.

    I can see the headlines now. 60% of attendees want Phorm. Its the best thing since rootkit's. Sorry - Slice bread!

  69. Andrew

    @ hi_robb

    "The only way that the Opt In / Out must work (as a few people have pointed out) is for the Opt-In / Out to be done at an account level at the ISP. When you then connect, your account is checked and if you have opted out, your data goes straight to internet and goes nowhere near the Phorm servers."

    At last, someone thinking along the same lines as me. I'm not with BT, but if I were I'd want my entire service opted-out at the connection level. After all, they know which pair of wires I came in on - it can't be difficult.

  70. Dangermouse

    To my MP, bless her...

    Dear Tessa Jowell,

    I note again that you have not responded to my last letter regarding Phorm and BT. The ICO has now concluded that the only way Phorms' illegal intrusion can be considered legal is by both parties consent; i.e. by the sender, me, and by the recipient, i.e. you, the receiver. If I had sent this message at the time under the trials, it would of been scanned by BT and Phorm.

    Bearing in mind that in Phorm's world, this entire message would have been scanned and profiled by Phorm without your permission, and that you would not have given permission to allow this to be scanned, how can you justify not seeking a criminal investigation against BT with regard to RIPA?

    BT conducted trial's in 2006 and 2007 and are doing exactly what I have highlighted and these trials are illegal.

    Can you start an investigation on my behalf against BT and Phorm, because of the rules of the Director of Public Prosecutions I cannot do this as a private individual.

    If I have interpreted these laws wrongly, please reply and correct me. If I haven't, why have you not raised this issue in the House as being illegal, under DPA and RIPA. Further to the issue, does not my correspondence to my MP come under the Wilson Doctorin? If I was suspected of nefarious intent by the Security Services, I would be expect to be and legally allowed to be subject to be monitored. Please explain to me the difference between the Security Services being allowed to monitor my activities by law under the Wilson Doctorin, and Phorm being allowed to monitor my activities for purely financial gain.

    Yours sincerely,

    Anthony XXXXXXXXXX

  71. DaveTheRave


    Statement by Talk Talk's Customer Relations team :

    I can confirm that as of June 2008 we will begin to offer our customers Phorm and Webwise services. This new service will help protect our customers from fraudulent websites and provides them with targeting advertising based on their web activity.

    For further information please go to

    Yours sincerely,

    Heather Lunt

    TalkTalk Customer Relations

  72. Will Godfrey Silver badge

    @Paul Buxton

    Advice from CAB (me V telewest)

    They can't change T&C without your consent. New T&C means new contract and THEY have voided the old one. They try to bluff but as soon as you point out you are aware of this, they instantly back down.

  73. Anonymous Coward
    Thumb Down

    Look I'm no expert

    I have always felt that discussions about adequate anonymisation of data or Opt-in, Opt-out were a waste of time. Any acceptance of this system is a loss, the like of which no western democracy has suffered in many decades.

    The current PR stance Phorm are taking appears to be honestly admitting to anything that they couldn't hide or has been publicly 'outed'. That leads me to believe that they probably will abide by the limitation to adhere to website's robots.txt.

    However I do not believe that they will provide the name of the useragent of their phone tap, sorry Internet tap, sorry website robot, I get confused.

    So basically I think that their position is that because as a website owner you are prepared to spread your legs for Google you will do the same for them. Despite the fact that Google provides the life-blood of websites and they provide nothing, in fact less than nothing, if that is possible - they make revenue solely from the content of your websites and contribute nothing back.

    That 'less than nothing' statement refers to the fact that if you are not a member of the OIX you are very likely to have traffic driven away from your website by adverts on other websites purely because those visitors previously visited your website.

    This is a point that I have not seen outlined elsewhere - the fact that phorm would not exist without your blog, or your website to provide content and the fact that phorm will almost certainly use your content to drive traffic away from your website.

  74. MYOFB

    @ Jimbo Gunn

    1.) Who you are. (I thought I knew already, thanks for the offer)

    2.) The town you live in. (My village is a town?!)

    3.) The type or pron you like. (There are different kinds?)

    4.) Which banks you use. (I must be poor, I've only got one)

    5.) The newspapers you read and your political persuasion. (Dyslexia is a bitch!! Isn't that a euphemism for an MP getting into his/hers secretary's knickers/underpants?)

    6.) Your religious interests, if any. (I was under the impression that 'Religious Interests' and 'Political Persuasions' are one and the same thing. Please correct me if I am wrong. Or was that a euphemistic statement you made?)

    7.) The names of your best online friends. (Please tell, I haven't any in the real world!!)

    8.) Your best friends partners names. (My best friend has a Wife . . . you Sinner!)

    9.) If you have any pets. (That's too easy, I have about 6 billion and they all live at the top of the food chain, apart from you)

    10.) Everything you buy online. (Do you work for Phorm?!)

    11.) Your employer. (That would be ME!!)

    12.) Your next employer. (That would be BEELZEBUB!!)

    13.) Your proficiany in spelling. (Better than your proficiency in spelling!)

    14.) The state of your physical and mental health. (Deteriorating by the second due to my urge to categorise you in the Phuckwit Department)

    15.) If you're over weight. (You mean 'Overweight', correct?!! I am lighter by at least one space bar you obese git and then some!!)

    16.) What your foot size is. (12 inches . . . but my shoe size is a broad fit 9 or a medium 10 but that depends on the brand)

    I apologise if I come across as being derogatory of your post but I am more interested in what you can tell me, from my last 'month's web browsing history' about my alien abduction experience, the voices that talk to me in my head, Area 51 and the Roswell Incident.

    If you can shed some light on any of them, then you will have convinced me of 2 things . . .

    1. I'm still on the planet called Earth . . . and

    2. You are not!!!

    Thank you for taking time to complete our survey . . . we will send you a copy of the results as soon as they become available.

  75. Alex

    This is all smoke and mirrors

    The ICO is still giving the green light, I'm highly skeptical of 80/20's proposed "village hall debate" as this all sounds far too contrived.

    Why pray tell, are they all side stepping the illegal trials, do you think?

    Actions were taken by individuals during these trials, I don't doubt that approvals were given, blind eyes were turned & job prospectuses were mooted.

    Who do you think was working on the BT Phorm project in those giddy live & illegal trials then?

    Time to join the dots people...

    "Hammers do fall and Heads do roll"

  76. Simon Davies

    Re: Phorm Meeting

    "Also if it is a public meeting, shouldn't anybody who wants to go be allowed to. Or is this one where the attendee's are selected 'selectively' By Phorm."

    It's always a good idea to read the background material before posting.

    This meeting is open to all. Just send an email to so we can make sure you have a seat.

    And for the record - yet again - this event is being organised by 80/20 Thinking, not Phorm.

  77. Anonymous Coward
    Thumb Down

    conflict of interest?

    Who's paying 80/20 Thinking Ltd to organise this disneyworld sounding 'town hall meeting'? Phorm? Privacy International? Little green men? Fipr? The ICO? Or whom?

  78. 3x2

    err yea but

    Phorm's entire business plan depends on their system being opt-out (no, honest). It cannot work if we have a genuine option. Perhaps that's the reason for their recent rapid share price decline - even short traders have their limits.

    I, the undersigned, have no problem allowing you, my ISP, to wire-tap all my activities on the net. I feel that the promise of of "a better, more relevant Internet experience" is worth you shafting me up the back passage and charging me for the experience.

    Signed - ???

  79. Anonymous Coward
    Anonymous Coward

    @Simon Davies Re: Phorm Meeting

    Sorry Simon, but please don't feel too offended, but since you seemingly (to me) did little initially to squash Phorm's tie in with yourself (80/20) and Privacy International who they wrongly (deliberately?) initially misquoted, I no longer see much difference between 80/20 and Phorm in terms of what side of the fence they sit.

    Please excuse me also if I didn't read your strong statement of anger after the initial press statements from Phorm quoting PI and not 80/20, but I must have missed them as well. Feel free to point me in the right direction.

    Anyhow, public meetings should be just that. I shouldn't need to email if I wish to attend. I may also wish to have some privacy!

  80. 3x2


    <...>They can't change T&C without your consent. New T&C means new contract and THEY have voided the old one. They try to bluff but as soon as you point out you are aware of this, they instantly back down.<...>

    And they are quite right. Consider the absolute bollocks that would be made of our economy if everyone could just change the terms of a contract whenever they felt like it. You signed contract A and without your consent contract B is just wishful thinking on the part of your ISP (in this case)

  81. 3x2


    <...>Incidentally...... there's no point in trying to go for BT under RIPA as the power to undertake action rests with the DPP alone. No private actions are allowable without the DPP's permission.<...>

    <...>The inactivity of the DPP in this matter is staggering...the precedent appalling<...>

    And that is everything. Minimum 18000 counts of breaching RIPA and still no action. One could almost believe these clowns were more worried about their share portfolios when considering legal action. Lets face it - caught tomorrow wire-tapping an ex-girlfriend - two years. 18000 wire-taps?

  82. Anonymous Coward
    Thumb Down

    did Ertugrul collect and _store_ that data, he said he has data you can disassociate from!

    "In a phone interview yesterday, Ertugrul said that in two weeks Phorm will start serving banner ads _that inform users their information_ _is_ _being collected_.

    The ads will enable them to opt out.

    To disassociate themselves from _whatever_ _data_ Phorm _has_ on them _now_, users can just clear their cookies, he said."

    BT still dont seem to get it,

    you cant break the RIPA to find out if your can have RIPA permission.

    and you cant ask for permission, get a feck off "NO", then go putting a data cookie on someones PC and so break the

    The Privacy and Electronic Communications (EC Directive) Regulations 2003

    Confidentiality of communications 6

  83. Anonymous Coward

    Re: PhormPRTechPRTeam here...

    You do not know how right you are.

    There was a boat around the time of the trials shipped on the A14. So big that it barely passed under the bridges and the transporter took both lanes.

    Funnily enough, besides the police escorts instead of a highway agency escorts it WAS ESCORTED BY VANS IN BT LIVERY!!!

    Nuff said. Me coat, the one with the BT ID

  84. Stephen Jenner

    There will be a reason why customers will WANT to opt in.

    I don't like Adobe Flash adverts rolling or snaking across my display, when I am trying to read The Register. So I look at Flash configuration and discover, that I can opt in, or opt out....

    So I opted out....

    Great , no silly, irritating ads.

    Also, some time later.... I discover... no Youtube either, so I have to opt back in.

    You see what I am getting at, if ISP/Phorm REALLY WANT you to opt in, they will find a way.

    The only way to really protect yourself from this sort of crap is to use an ISP that doesn't get into bed with the likes of Phorm.... I like Zen.

  85. Tony Paulazzo
    Paris Hilton

    Well, if you can believe BT...

    they say,

    >In the subsequent trial the ICO said: "We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts." <

    Which IS good news, because if it can be proved, after opting out, that any profiling is going on (not sure how easy that would be to find out - maybe an AC mole from within), then they could be hauled into court by private individuals.

    As for the other end of the equation, ads being shown on websites, wouldn't they only be shown on those websites that took payment for advertising anyway, ergo, none would be shown if someone visited my website as there is no advertising on my site, or like, Google sponsored ads wouldn't be replaced by OIX ads, only OIX sponsored web sites would show targeted ads. Or am I being totally stupid?

    Paris, just in case I am.

  86. Peter White

    don't rejoice to quick

    phorm have published their results for 2007, it is at

    a couple of bits out of it make interesting reading

    "Phorm, Inc. ("Phorm" or the "Company")

    Preliminary Results

    Phorm (AIM: PHRM and PHRX), the advertising technology company, today announces

    its preliminary results for the year ended 31 December 2007.

    Operational Highlights:

    Year to 31 December 2007

    * Reorganisation of the Company from 121Media, Inc. to Phorm, Inc


    * Focus on preparation of OIX and Webwise technology and development

    of relationships with ISPs, publishers and advertisers

    * Successful $30 million equity fundraising completed

    * Several senior appointments made

    Q1 2008

    * OIX and Webwise successfully launched in February 2008

    * Exclusive agreements announced with ISPs BT, Talk Talk and Virgin

    Media, representing nearly 70% of the UK broadband user base

    * Consumer trials are expected to begin in the near term, followed by

    roll-out across these networks

    * Significant progress made with the advertising and publishing community

    * Advanced talks with other ISPs both in the UK and internationally

    * Independent report by Ernst & Young published, supporting Phorm's

    commitment to privacy protection

    * Positive initial feedback received from a number of regulatory bodies

    * Successful $65 million equity fundraising completed

    Executive Chairman's statement


    During the year under review, Phorm made significant progress, both in terms of

    its corporate development and in executing the Company's Internet Service

    Provider (ISP) relationship strategy, providing a solid foundation on which to

    take the business forward to the next stage of its development. As a result of

    our hard work, I am extremely happy to report that on 14 February 2008, we

    announced exclusive agreements with BT, Talk Talk and Virgin Media, further

    details of which I have provided below."

    "Furthermore, we continue to be in advanced discussions with a number of other

    ISPs, both in the UK and internationally, and following extensive due diligence

    we have moved into the trial phase with a number of them. It is worth noting

    that we believe we are selected as the preferred partner by leading ISPs over

    our competitors based on the capabilities of our technology, our team and our

    approach to privacy. We will provide an update on these discussions in due

    course, when appropriate."

    "A key differentiator of Phorm's technology is our ability to dispel the myth

    that in order to provide relevant advertising on the internet you need to store

    data. The fundamental principles behind our platform support the highest

    standards in user privacy and anonymity:

    * Phorm will not and cannot ever store any personal information which can

    identify a user

    * Users will have a clear choice whether to turn Webwise on or off

    * Our technology complies with all relevant data protection and privacy laws

    including RIPA (Regulation of Investigatory Powers Act) and the

    Data Protection Act

    It is very pleasing to see that our commitment to these principles, and to open

    and transparent disclosure, has been recognised by leading privacy advocate

    Simon Davies, Managing Director of privacy consultancy 80/20 Thinking and

    director of Privacy International. Mr Davies and 80/20 Thinking recently

    conducted an interim Privacy Impact Assessment of our technology.

    Also, as part of our commitment to the privacy of internet users, we

    commissioned Ernst & Young to conduct an independent examination of our systems

    and assertions. The following components of our privacy programme were examined:

    * Phorm's privacy policy, controls and procedures

    * Phorm's compliance with its stated privacy policy

    * Phorm employees' privacy policy training and compliance

    * Data retention, integrity and security policies and procedures.

    The resulting attestation report we received from Ernst & Young confirmed that

    our systems have been designed specifically to protect the identity and other

    sensitive information of consumers - a great validation of our offering.

    Furthermore, we have initiated a dialogue with the Information Commissioner's

    Office who are pleased with the way that we have engaged with technical experts

    and concerned individuals following the announcement of the service. We have

    also met with many other leading stakeholders in the area of online privacy, to

    share details of our technology and the response to date has been very


    Finally, during the course of 2007, we appointed leading global professional

    services firm Deloitte & Touche LLP as auditor to Phorm."

  87. Anonymous Coward
    Black Helicopters

    BT guilty of interception??

    Hmmm, I seem to remember driving past the BT Microwave repeater site at Hunters Stones, which court documents revealed passes *everything* over to the "We are Not Here" Agency. (which has a token RAF person present) see <> but at least the NSA don't (yet) hit us with targeted Adverts. BT is a Government organisation!

  88. Andy ORourke
    Thumb Up

    Democracy works!

    I just checked the early day motion and found my MP has signed (although rather dissapointed to see only 16 signatures) after I wrote to my MP I got a reply telling me he would look into this and it looks like he did what he said, Phuck Me, I might even vote this time round! <-JOKE!!

    Maybe, just maybe, the start of the end for a badly thought out system. Now if someone where to offer a system that eradicated all internet advertising (Espescially the F**king intrusive spinning CD on El Reg's pages) then I would sign up to that one.

    Now if only we could get Phorm to just understand that the system is wrong, just plain wrong?

  89. SilverWave
    Paris Hilton

    Opt-in is the killer blow.


    Phorm's business model is broken!

    Opt-in is the killer blow.

    90% of projected revenues just went south.


    Paris icon - as its not rocket science :)

  90. Anonymous Coward

    Virgin Media's Silence

    Well, VM must be panicking. I just called to pay my extortionate bill and asked to speak to someone concerning Phorm. I was met with an unshakeable "I am not authorised to discuss this matter" response; and she was the Customer Services Manager. Schmarmy bitch more like.

    I'm warning you Virgin - you're pissing me right fucking off with this and you WILL lose my custom if you proceed with the pathetic and frustrating brick-wall approach of 'no comment'.


    And opt-in seems to me like a smoke-screen. I believe the profiling/mirroring still takes place and it's just the accumulative cookie that's not written to. And as a webmaster/publisher it's still a total breach of my/my clients copyright and privacy if they intend to continue with their current model.


  91. Chris Simmons

    Forbes story 09:30(ish) this morning

    Phorm are really trying to spin now:

  92. Anonymous Coward

    COME ON!

    Hopefully this is the beginning of the end for Phorm and any other system like it!

  93. Anonymous Coward

    RE: Phorm Meeting

    LISTEN - there's nothing to discuss. The system is a pile of shit that *MUST* be stopped. Why don't you go and do something productive instead?!

  94. Anonymous Coward
    Anonymous Coward

    New business model?

    Maybe BT will offer it's ill informed customers a new advert driven service?

    £6.99 a month unlimited broadband as long as you allow Phorm to give you irrelevant ads and sell your details to any spammers that are willing to pay?

    Or they could block BBC iPlayer streams unless you "opt in" to Phorm to help them pay for the bandwidth!

  95. David

    Lies, Damn Lies and Phorm PR

    Just read K(u)nt's response to the ICO's report

    "We now have a statement from the Home Office and the Information Commissioner saying not only is there no privacy issue but there is no interception issue either." ...

    ..."The more people understand what we are doing the more comfortable they get with it,"

    Now I know I don't do doublespeak as well as him, but to my untrained eye it says nothing of the sort, at best it says that there could be privacy issues and interception issues. As for people getting more comfortable with the idea, surely the ICO growing a spine and coming out against phorm, as well as Richard Clayton's comments, are proof that people are getting LESS comfortable with phorm's disgusting plan's. I always hoped the advertising industry would destroy itself, I never thought I'd get to see it happen!

  96. alistair millington

    I like this, more fodder for the circling sharks

    But... People writing letters to MP's and expecting a reply.... Tessa Jowel... As if...

    LOL, as if they care about normal people.... As if they care about people breaking laws anymore...

    Oh, wait... What do you mean there's a vote coming up.

    Ahhhh... Mines the one with the "How to postal vote" guide in the pocket. (as if not having time is the reason for people not voting)

  97. Chris Simmons


    ...have just told me (poor little customer service girlie) that if I go to I can OPT-OUT of the service. What a phucking pile of crap.

    First of all that page was just the PR shit about webwise with no opt-out or opt-in options and secondly I guess no-one has bothered to tell the call-centre monkeys that it should be opt-in only; I spent more time on hold than I did talking to anyone with any knowledge (maybe that should be a 1:0 ratio).

  98. Anonymous Coward


    ...should be nationalised.

    Hmmm... Could be tied in with the Post Office. Post Office Telephones? How does that sound?

    @Stephen Jenner --- Flashblock is my very favourite Firefox ad-in, even more than adblock. Avoid those horrible animations, let alone the ads :)

    Public meeting.... So who's going, then? And where on that agenda is the time allowed for public participation?

  99. Anonymous Coward
    Anonymous Coward

    @Virgin Media's Silence

    It appears that VM are still perched on the fence, waiting to see how this goes. I spent about 30 mins yesterday talking to one of the VM guys attached to the CEO's office, and his bottom line was that VM are waiting to see the results of their own internal discussions on Phorm/Webwise, and it appears that this is very much influenced by the public backlash on this matter. They can see there are privacy concerns, but seemed to also believe that Phorm's history was the main issue here, rather that having ANY unknown 3rd-party server and software in the VM datacentre means that they cannot guarantee anything about what happens to customer data.

    I got put through to the CEO office after raising a complaint about the paucity of information in the standard letter VM sent me about Phorm, which was nothing more than a rehash of Phorm's PR release. The first lady I spoke to, who had sent me the letter in the first place, obviously didn't know a thing about the whole debate, and thus shouldn't have put her name on the letter. Her attitude seemed to be "Well, what do you want? I want rid of you", before she quickly folded and put me on to her manager.

    Her manager was more useful, and mentioned that Webwise was supposed to be in place by now, but wasn't because of media and public backlash. This didn't square with the CEO office guy, who said that they are still very much in the initial stages of exploring the technology, so something doesn't quite add up there.

    Anyway, you too can speak to the CEO's office. Just log a call with the helpdesk and ask to be put through to a manager, then ask to be put through to the CEO's office.

    (I had a sudden thought during the conversation that Phorm could still be viewed as actually still being in the spyware business, but have almost pulled off a massive coup: Having failed to profit from installing spyware on individual users' machines, they've managed to install spyware in the ISP's datacentre, thus ensuring a huge coverage! Wow! Instead of tricking users into installing spyware, they're tricking ISPs!)

  100. Anonymous Coward

    If you think this will make any difference...

    How many Phorm techies does it take to change a light bulb?

    None. They just get their PR agency to issue a press release stating that black is light. Then there's no need to change the light bulb. Job done.

    (Actually, they send the statement to the BBC, who publish it verbatim cos light bulbs are a bit too technical for their reporters to investigate for themselves.)

  101. Anonymous Coward
    Anonymous Coward


    If I read some Scientoloigy documents online and Phorm reads it, are they breaking the laws of copyright for looking at these "Advanced technology" documents and could the CoS then try to sue Phorm/BT?

  102. Dangermouse

    Virgin Media's stance....?

    Just had a nice chat with a woman at Virgin Media to was decent enough to send me the following statement via email. It should be mentioned that she was not on the hell desk, but if you choose to talk to someone in the disconnections department, you might get Sarah (like me) who was knowledgeable, helpful and fully aware that there are lots of customers concerned about Phorm.

    The email....

    10th April 2008

    We're still currently focused on understanding better the Webwise technology and the many complicated technical questions around how it could be integrated into our network architecture. We can therefore say at this stage that a) there are absolutely no foregone conclusions; and b) consumer concerns around privacy and data protection, not to mention any adverse impact on Virgin Media's reputation, are (and will remain) an important element in our deliberations.

    In the event Virgin Media does roll out this solution, all customers will be notified and will not be forced to use the system. However, to reiterate, no solution has yet been implemented and will not be until we are confident that it is compliant to do so.

    Best Regards,

    Virgin Media

    Interesting. Note that customers will "not be forced to use the system", suggesting that if they go ahead, it will be opt-in only.

  103. Alex

    two wrongs don't make a right

    This is astonishing, Phorms current argument about privacy is "well Gmail scans your emails for adverts, so that must be illegal"

    The point that they seem to be missing is that Google are providing a service (email) and that their Terms & Conditions have to be agreed and you have to log in every time you want to use it. Whats more, Google Inc are hardly a company that its worth aligning yourself to if you're trying to assure the public that their personal data won't be identifiable!

    Perhaps Phorm should not be "opt in" rather "log in" with a username and password or provide a proxy route should you wish to allow a third party company generate a revenue stream.

    Perhaps someone could draw up a list of the "less attractive" but "non-invasive" methods of entering Phorms system. Quite obviously their auto-profiling at an ISP level is wrong and using cookies is easily open to abuse.

  104. Werner McGoole

    Well we must be thankful for small mercies...

    ...but as well as sticking its head in the sand over the illegal interception issue, the ICO has also overlooked an important DPA issue.

    ***The personally identifiable information (PII) the ISPs will be processing includes third parties and is not limited to the person who opts in***

    Anyone using the web to (legally and privately) exchange PII on any third party will have that information snooped on and processed by the ISP. As a trivial example, if I publish a contact list on the private section of a club web site, then that PII will be scanned by the ISP. The web is used to (legally and privately) transfer a great deal of PII about third parties and much of it - in emails for example - is highly sensitive.

    Now you really would think that the ICO (the UK "experts" on data protection) would have spotted something as simple as that wouldn't you?

  105. Matt Sims

    Opting in

    They should go back to their old idea of using client side software (adware) for this. If you want to opt-in then you have to download Webwise from the BT/Phorm website which routes the traffic via a Phorm proxy. A little icon in the task tray can show that it is active. Opting out is as simple as uninstalling the software. Of course noone in their right minds would actually download and install the software but thats their problem because they have a shitty business model which noone wants.

  106. Anonymous Coward
    Anonymous Coward

    Attention Virgin Media

    The moment you do any of your illegal interceptions, whether by Phorm or anybody else I will be off. My DPA notice means None of my data should be intercepted, whether profiled or not!

    But before I go you will be seen in court.

    Phorm a known spyware company are not my only reasons for the DPA. Interception without a court order is illegal!

  107. Dennis Armstrong

    Target the other end

    At the moment all the effort is going into the RIPA, ICO area. It would be just as good to target those companies which intend to use OIX for their advertising. This is where Phorm is getting its money from, cut of the money and Phorm will die. Telling the advertisers who use OIX that their product will not be bought should have some effect.

  108. DM
    Paris Hilton


    I think an interesting question is how the ICO views the opt in, as the DPA applies to individuals one would assume that the opt-in has to be on an individual basis; this would indicate that a cookie is NOT fit for purpose when it can be shown multiple users may use a single system.

    I know this has been asked multiple times, but now we know opt-in is required, am I as an account holder able to give consent for information to be collected about other people who use my connection?

    Surely the opt-in is on a system level, which is entirely separate to an individual giving consent under the DPA?

    Answer's on a postcard please(it's just as private...)

    /I'm as confused as Paris

  109. Alan

    Virgin Media and phorm

    This is a reply I received from VM , the good news is I "won't be forced to use the system" and" I will be given the choice to keep my internet experience exactly as it is now" (hints of opt in?).The bad news, vm are to go ahead with implementing webwise and once they decide upon the opt in/out issue they will let me know.

    Virgin Media says

    "We will soon be working with a company, Phorm, to provide some new online

    protection and enhancement features for our broadband customers.

    Phorm is the company behind an innovative new system called Webwise. Webwise helps give you a safer online experience by helping you avoid scam emails or websites, as well as making your online experience more relevant through advertising that matches your areas of interest.

    Webwise has been designed from the ground up to protect our customers' privacy and anonymity. As the system only learns about topics of interest, it does this anonymously, ensuring their privacy is completely protected.

    • Neither the web addresses, nor search terms they use are stored. They are purely matched to an advertising topic and then discarded.

    • Webwise doesn't store their internet (IP) address or keep track of their browsing. The system or advertisers won't know who you are or the websites they've visited.

    • No personally identifiable information such as email addresses, surnames, street addresses, or phone numbers are ever gathered.

    • No sensitive or personal financial information, such as credit card numbers, login IDs, passwords or bank account numbers are ever gathered.

    To reiterate, you won't be forced to use the system, and you will be given the choice to keep your internet experience exactly as it is now. As we get closer to launch we'll explain how this will work.

    Webwise only replaces ads with more relevant ads, customers do not receive any more ads and certainly do not receive pop ups.

    The customer’s privacy is totally protected, again to reiterate no personal information is collected and what we will track are search terms and URL`s visited, this information is not traceable back to the individual and is not kept or stored as unlike some other ad targeting technologies that already exist and utilise customer data. In addition, whole rafts of industry bodies and privacy experts have been engaged with regard to the implementation of ‘Webwise’.

    We will be as transparent and upfront with customers as we can; giving them every opportunity of not participating if that is what they want to do.

    We are of course aware there are a number of `stories` being circulated, a lot of what is being touted is ill informed.

    I hope this reassures over any concerns you may have and clarifies our position regarding this issue.

  110. Anonymous Coward

    Surely Opt In/Out has to be at account level?

    Not just someone who happens to be using one of the PCs on my home network at the time. I am the account holder, I pay the bills, and I signed up to the T&Cs. So surely they must make certain I am the one opting in or out? Hard for VM now they no longer monitor MAC addresses. (and I know, don't call me Shirley...)

  111. Anonymous Coward
    Black Helicopters


    That response you got from virgin is some boilerplate text provided by Phorm and probably doesn't reflect what really is happening inside VM.

  112. Anonymous Coward

    Translation of Virgin Media letter to Alan

    Phorm are going to intercept EVERY request you make to any web site in order to profile YOU and YOUR interests so they can serve advertisements on participating web sites.

    WebWise consists of Phorm buying some ropey Phishing site info and letting you know that you are about to visit a dodgy site. This might even be up to date, we just don’t know

    Phorm have assured us that no personally identifiable information is stored, no bank account details or log-in information either, of course we can’t verify that because they write their own software and we haven’t had it audited for security risks. They are quite good though, some of the top programmers in Russia are working on this for them.

    You won’t be forced to use the system, if you choose to opt out Phorm will still intercept EVERY web request you make but they promise us they won’t do anything with the information they gather.

    A lot of privacy experts have been consulted and we can even probably find a couple who say this might possibly not be illegal.

    There are many stories that you should just ignore because the people making all the fuss are all just nerdy geeks who need to get a life and stop trying to spoil our nice little earner.

    "Don’t Panic, Don’t Panic"

  113. Anonymous Coward

    ICO permits illegal trial?

    If you go to:

    you can find a link to a diagram showing how BT plan to implement their forthcoming Phorm trial. It appears that this trial probably won't meet DPA legal requirements either, not least because it will still depend on an "opt-out" cookie (or the user taking some other action to block cookies). In other words, doing nothing won't leave you opted out.

    The ICO have said that they will be influenced by users' experience of the trial and how acceptable they find the options presented to them. This exposes BT to a clear line of attack: complain like mad to the ICO that the trial isn't legal because the "opt-in" isn't really an opt-in. Don't stop until the opt-in is satisfactory.

    In my view, since the opt-in can clearly be seen as inadequate before the BT trial even begins, the ICO should be issuing an enforcement notice on BT requiring it to meet legal standards before the trial starts. I guess you could mention that when you contact the ICO as well.

  114. Anonymous Coward
    Anonymous Coward


    Yeah, that's the letter I got too. It's inaccurate as they "haven't made a decision yet" to go for Phorm or not. Apparently.

    It was when I received that letter that I raised a problem ticket with the VM helpdesk and spoke to the CEO's office, as per "@Virgin Media's Silence" above. One of the issues I mentioned was the disparity between the "We've not decided yet" and the "We will soon be working with" messages. The former statement appears to be more correct, according to the chap I spoke to. The letter looks like a slightly edited press release from Phorm.

    I love the "In addition, whole rafts of industry bodies and privacy experts have been engaged with regard to the implementation of ‘Webwise’." sentence. It doesn't go on to say that a lot of the experts have responded with "Phuck off"!

  115. Anonymous Coward

    Phorm's Blog - not approving comments they have problems with

    A friend of mine posted the following on their blog entry about the ICO decision :

    "You still haven’t covered the issue that BOTH parties need to consent to having the data scraped. As a website owner who DOES NOT consent to you using MY material to make money for your company I’d like you to state publicly that you will honour the contents of robots.txt and that you will also publicly state the information we need to put into the robots.txt to exclude Phorm and Phorm alone from scraping websites.

    Many sites using PHPBB and other such applications will have areas containing “private” information (such as private messages, account profiles etc) that are NOT protected by HTTPS but you intend to scrape this private information and use it to feed adverts - do you really think this is acceptable?"

    As you'd expect from a bunch of lying scum they've ignored it so far.

    Why do they refuse to answer this very major point about consent having to be mutual?

  116. Anonymous Coward
    Gates Halo

    VirginMedia lying again

    "The customer’s privacy is totally protected, again to reiterate no personal information is collected and what we will track are search terms and URL`s visited, this information is not traceable back to the individual and is not kept or stored as unlike some other ad targeting technologies that already exist and utilise customer data. In addition, whole rafts of industry bodies and privacy experts have been engaged with regard to the implementation of ‘Webwise’."

    Search terms and URLS is a blatant lie. Each and every page will be scanned.

    Bill because even he has more integrity than Phorm.

  117. Alexander Hanff

    What about the risk to search engines?

  118. oldfartuk


    Please can someone summarise why Virgins statement is wrong. (for the benefit of the technically deformed like me)

  119. Anonymous Coward
    Anonymous Coward

    @By oldfartuk

    Which Virgin statement? The; We're not sure if we are going to do this.... OR The; Everything is OK, this is magic, your security and privacy ain't compromised.

    Both are B***s*it BUT WHICH ONE?



    and follow all the comments around the web and it's not too difficult to separate fact from Kent's (Phorm's CEO) fiction, BT's and also any other signed up parties including Phorm PR representatives to the system. Remember also that BT don't want a big fine for illegal interception so they are not going to backtrack too easily at this late stage.

    Your not technically deformed. Your being smothered with Phorm's PR and the unfortunate fact that unless you know whose comments are unbiased, its difficult to take it all in.

    If your not too sure who to believe, listen to people who have nothing to financially gain from the system and then decide after listening to the other arguments and the associated Spin.

    Unless you are an unfortunate investor in Phorm there can be only one conclusion.

    This is Illegal!

  120. Gnasher


    "Can we not get the name and the advice of the "QC" whom Phorm employed under a Freedom of Information Act request from the ICO."

    The QC is a phigment of the imagination, I suspect.

    But in any case, it's what the ISPs would be doing that have the RIPA, copyright, confidentiality, DPA implications. And nobody knows yet how that part of it will really work - they are all making it up as they go along. Until they have an exact, settled system specification, they can't get an opinion from any lawyer, QC or otherwise.

  121. Gnasher

    Material Change to Terms and Conditions

    It's not just a material change, it's an unfair contract term. That's unenforceable in a consumer contract under the Unfair Contract Terms Act.

  122. Gnasher
    Jobs Horns

    Public meeting

    "And for the record - yet again - this event is being organised by 80/20 Thinking, not Phorm."

    The trouble is that 80/20 Thinking has now become identified with Phorm - you have lost the appearance of independence.

    And you are jauntily promoting this meeting as some sort of gladiatoral contest between Phorm and Richard Clayton, not a measured consultation exercise. Your work on this issue should not be presented as entertainment - a lot of people take the issue of interception very seriously. You should be looking for the objective truth.

  123. TeeCee Gold badge

    What happens next.

    1) Phorm make a large "donation" to NuLab.

    2) The Attorney General walks over to the Information Commissioner's office to advise him that his interpretation of the regulations in this case is "unsound" and needs to be "reevaluated".

    3) The ICO issues a statement apologising for their terrible cockup, telling the world that Phorm are, in fact, indistinguishable from loveable fluffy kittens and that their service is so valuable that they should consider denying an opt-out to ensure that everyone gets the benefit.

    4) Phorm's share price doubles overnight.

  124. Anonymous Coward

    But what about?

    The BBC article in February?

    'A spokesman for the Internet Service Providers Association (ISPA) said the 2002 E-Commerce Regulations defined net firms as "mere conduits" and not responsible for the contents of the traffic flowing across their networks.

    He added that other laws on surveillance explicitly prohibited ISPs from inspecting the contents of data packets unless forced to do so by a warrant. '

    Anyone heard anything from ISPA about phorm or have they been bought off? Will they throw BT, Talk Talk and Virgin out of ISPA if they do implement phorm?

  125. Alex
    Thumb Up

    meanwhile in the other media

    followed by...


  126. Anonymous Coward
    Anonymous Coward

    Does Safari browser really kick Phorm's ass?

    Charles Arthur writing in the Guardian's Technology section points to some interesting research that suggests the Safari browser is more Phorm-proof than either IE7 or Firefox.

    Read more:

    The claim is based on the way that Safari implements cookie handling in its prvacy settings. Or could this just be another case of security through obscurity?

    Is my beloved Firefox about to be outPHoxed by Safari?

  127. oldfartuk
    Thumb Down

    on Safari

    yea but Safari sux donkey balls, better sticking with Tor/Vidalia/Privoxy as a last resort if we have to put up defences against it.

  128. popper

    Expanding the 80/20 Thinking Phorm PIA, make your views Known

    Given Simon Davies quote just hours ago on charles's blog

    MD, 80/20 Thinking Ltd said:

    "After all, this is clearly the most important privacy issue of recent decades."

    and the Independent Cable Forum's proposal in Expanding the 80/20 Thinking Phorm PIA. to all those effected in the UK, by dragging it into 21 century live Net meeting

    it might be a good time to make your views Known before tuesday.



    perhaps chris at ElReg or charles at the guardian blog can talk to the Brunei Gallery - SOAS campus tech department and help Simon out?, if he cant arrange this simple and effective Cable Forum proposed plan to include the 70% plus of the UK individual stakeholders effected ?

  129. Anonymous Coward
    Anonymous Coward

    If you lie down with a dog, you wake up with Phleas.

    Browser willy-waving is just a diversion, a skirmish on the battlefield. There is a full scale nuclear war being waged on us by a ruthless enemy who wants to sell us into slavery. The click-counters and data-miners who were Phormerly outside the tent, pissing in, are now inside the server room laughing in our faces. With their 'bought and paid for' collaborators such as BT, VM and possibly CCW, they can act with total impunity when it comes to plundering OUR FUCKING INFORMATION.

    Thank you, BT.

    Thank you, VIRGIN MEDIA


    Thank you, NuLABOUR

    If comments like this damage your expensively polished brand-image you can put it down to 100% self-inflicted injuries. In the army self-inflicted injuries are considered to be a court martial offence which if proven, results in an early morning rendezvous with a firing squad. Any last requests, scumbags?

  130. Jimmy

    @ on Safari.

    Actually Firefox, being the ultimate in configurable browsers, has already inspired someone in the development community to create an add-on that addresses the Phorm problem in a more specific way than Safari. Still in development and not yet a perfect solution, the add-on at least provides a first line of defence against the covert spying being implemented by the telcos.

This topic is closed for new posts.

Other stories you might like