bedtime reading
Anybody read this?
http://www.wikileaks.org/leak/bt-phorm-report-2007.pdf
The European Commission is considering intervening over the failure of UK data watchdogs to punish BT for the way it secretly co-opted tens of thousands of customers into trials of Phorm's profiling system to serve them targeted advertising. At the end of May, the Information Commissioner's Office told Stephen Mainwaring, …
>The ICO's letter claims that because it would have been hard for BT to explain to
>customers what it was doing with their broadband connections, regulators should
>let the secret trials pass. "Taking into account the difficulties involved in providing
>meaningful and clear information to customers... in this case, this is not an issue
>we intend to pursue further with BT," the regulator wrote.
Wow! I never realised that "It's just too hard to obey the law" was a valid legal defence.
As in the film, not the people. Though they could probably help as well.
Pretty much, fine the hell out of BT and Phorm, all profits going to the gov't (UK or EU, whichever one acts first) to encourage them to keep enforcing these laws (sort of a litigious pavlovian response- Data laws broken in a big way, you sue, you get more money).
Then ban Phorm-like systems from operating in the UK (setting an example for other countries and giving leverage to their local campaigns to ban it).
Ban the founders/developers of Phorm from any computer forever. Right back to forcing them to use mechanical timers on their microwaves/washing machines.
And to enforce this we should have them tagged with a random number- so it's annonymised :P- and shocked any time they make a typing motion with their hands or enter an internet cafe (or Dixons).
> "Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT"
Then later
> "BT aims to explain to customers what the Phorm "Webwise" system does"
So what has changed that BT can now give sufficient information so that users can make an informed decision before opting in that they would have found impossible to have done before?
I think its more a case of impossible to justify to customers its actions rather than explain the intention.
Come on BT its pretty clear;
“Dear customer, we wish to sniff around in your browser and identify “things” you may be interested in so we can make heaps of money from the purveyors of “things”.
We do not intend to link your identity to the “things” but in such a large data gathering exercise it may be inevitable that some purveyors of “things” may contact you or use information about you to their advantage.
Rest assured dear customer we want to improve your web experience (and our bank balance.)"
This may be the first time that I believe something good came out of Europe !!
"Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT,"
This is the part of the quote which you relayed so I only have this to base my opinion on. At issue is the fact that they believe that if it is too difficult to explain to the masses then there is no need.
On this basis then the gov't could bring in a KGB/SS style organization to abduct people and not be held accountable for its' actions. Seem far fetched, so was Orwells 1984 when he wrote it, but look around now and see where society is headed.
then they should have no fear about publishing it. And, they should also Publish the question to the lawyers to which they recieved the positive reply. After all, if they have nothing to hide they should have nothing to fear?
Clearly, that is what the roll out of Phorm (or Webwise or whatever other name they want to give it) implies to their customers privacy. Commercial confidentiality isn't a defence for BT becasue it isn't a defence for their customers?
Paris, 'cos she can spot a toad.
"Taking into account the difficulties involved in providing meaningful and clear information to customers... in this case, this is not an issue we intend to pursue further with BT," the regulator wrote.
So the regulator is saying that BT customers are too stupid to understand what BT are doing, or that BT were too lazy to explain it properly, they should just let it go. This guy should be sacked.
"The ICO's letter claims that because it would have been hard for BT to explain to customers what it was doing.."
How about: A are going to let a company called B (who might have been in the business of stealing data under a different company name) look at everything you do on the Internet. They promise they will not look at your credit card details. If you do not give A permission, then A will probably be breaking the law.
There, what's hard about that?
"Taking into account the difficulties involved in providing meaningful and clear information to customers"
vs.
"having been told by BT he most likely had a spyware infection."
Seems like they might have provided meaningful and clear information at that very point instead of deliberately trying to cover up what they were doing - it wouldn't have been very difficult. It's about time BT had some proper scrutiny, anyway, being yet another private monopoly from the Thatcher/Major era that the country has been saddled with. Had the executives only been slightly less incompetent, I'm sure they'd have a virtual monopoly on mobile services, too, by now.
The point the ICO miss completely is this; while there may be little measurable economic damage... BT have no idea how much economic damage they inflicted... because they didn't care to measure it.
BT didn't care what privacy or security risks they exposed their customers to... because they didn't care to consult customers, offer an opt out, or even talk to the Home Office.
That's the problem if you rely on the assurances you get from someone with a criminal vested interest. They don't care about the consequences, because its not their problem.
BT are still, **still** leaking user names and security credentials to Phorm's webwise.bt.com server days after it was first reported. Anonymous my arse.
BT must be punished, without mercy.
And the Information Commission must be punished too. For being a berk. Get your coat.
Excellent news. It is time somone gave our own Information Commissioner a reminder about his duties to the citizen rather than large corporations. It is amazing that it appears to be so clear to so many that a prosecution is called for with regard to BT's actions over the secret trials, yet our privacy watch-chihuahua does nothing except a little bit of "informal" chatting. Bring on Mme Reding, and if possible bring on a new IC for the UK.
"Despite the ICO's view that it is impossible, BT aims to explain to customers what the Phorm "Webwise" system does when it begins a third trial, this time with permission, at some unspecified date soon."
It's not that impossible, just send customers to:
http://www.DoNotTrustWebwise.org
The information commissioner is a total waste of space. I made a complaint about a serious breach of the DPA 1998 by a Governmental organisation and yet insetad of the ICO investigating they made a unilateral agreement, without reference to myself at all, agreeing that the ICO would not investigate this organisation until the organisation told the ICO it was ok for them to investigate. Totally useless. Looks good on paper, as always,but in reality if you pull the curtain up there is nothing behind it .
Could everyone please put pen to paper (not fingers to keyboard) and write Commissioner Vivian Reding a letter applauding the news and reiterating your concerns over the Phorm issues (including the trials and future deployments of the technology). It is critical that we now make sure Commissioner Reding discovers just how much of a public issue this is, and that it is not just a few geeks complaining.
If everyone writes to her office, she will have no reason to doubt the seriousness of this case and will hopefully pursue the issue accordingly. This is a great opportunity to bypass the regulatory capture currently being demonstrated by ICO.
***"The ICO's letter claims that because it would have been hard for BT to explain to customers what it was doing with their broadband connections, regulators should let the secret trials pass."***
So I wander into PC World and make off with a shiny new laptop. When I'm stopped and asked what I'm doing I just have to say "I'm taking this laptop, but I'm afraid you are too stupid to understand why". At that point they let me go and let me keep the laptop, yes?
One law for us, a different law for them.
Jail the bastards, and lets hope they drop the soap.
... Err, they were right surely?
Made me chuckle(because I can't cry at work) that the ICO felt that because BT couldn't explain to them what phorm was actually doing, it seems to me that no-one who's supporting phorm have *actually seen it working*. If you read back through all the previous statments from ISP's, Home Office, ICO, 80/20 etc, they all say the same thing "phorm assure us" and "phorm tell us" and "phorm ensure this". Here's a news flash for you people, ... Dramatic pause... *Advertisers Lie!* It's their only reason for existing. That and to grab as much cash as possible with F**k all regard to the consequences. As if they're going to tell the truth about their own product.
This is an open call to BT. You may think we're ignorant and can't possibly understand the legal complexities of just *how* what you've done is legal, so what have you got to worry about putting *All* your internal documents relating to phorm (and I mean every letter, every memo, every email, since k*nt and his c*nts first got in contact with you) and let us judge for ourselves. If by some laughable chance you're worried about the privacy of your staff, assign them all a unique number to replace their names. I mean, apparently you can never figure out a persons name from a unique number
Read this from ICO.
http://www.ico.gov.uk/Home/about_us/news_and_views/current_topics/phorm_webwise_and_oie.aspx
In particular.
"Regulation 7 of PECR will require the ISP to get the consent of users to the use of their traffic data for any value added services. This strongly supports the view that Phorm products will have to operate on an opt in basis to use traffic data as part of the process of returning relevant targeted marketing to internet users."
Interesting to see the spin BT puts on it.
As for the defence line saying you are too thick. BT could have tried.
"We are conducting trials in targeted advertising. We will watch what you type and record it for future use. Everything you type will be saved and stored by third parties and BT will be making money from this, that won't be passed onto yourselves.
The technology will sit on your machine and you will notice a slight lag in web browsing while we take this information, this will be noticeable on older machines, or shared internet connections. It will be in effect regardless of the web site you go onto."
Explains it in a nutshell and gets to the point. Or am I missing something?
"Could everyone please put pen to paper (not fingers to keyboard) and write Commissioner Vivian Reding..."
Absolutely correct. As a former bureaucrat, I am well aware that snail-mail letters provoke more response and carry more weight than emails. Someone can just press "delete" and plead "never saw it, must've been eaten by the network" but a paper document has to be logged in, date stamped, filed, and given a response.
Handwriting, if legible, is even better then machine printing.
Be sure to keep your letters very short and to the point. Ideally they should fit on one page of standard paper when printed out, with generous margins all round.
Historical note: The most shameful part of the UK Govt's failure to act on Phorm is that this is happening in the nation that established that even the monarch was not above the law. Shame! Shame! Shame! Shame on you, o worthless ICO! Shame on you, feckless Gordon Brown! Shame on you, clueless Jacqui Smith! And shame on the managers at BT!
Funnily enough, Richard Thomas has been one of the more robust regulators in a country that is awash with NuLabour's supine placemen who are only too happy to implement the government's system of light-touch regulation. The true benefits of this kind of oversight are now apparent to anyone who cares to look around the shambles that this country has descended into. A license to print money for the few and rip-off-Britain for the rest of us.
So, is Thomas coming under pressure from HMG and its corporate buddies? Go figure!
It's my data, and if these sticky fingered bastards want it they are gonna have to buy it on a pay per packet basis. We're all entrepreneurs now in NuLab's Brave New World.
Dear valued customer,
We will shortly be commencing the third secret trial of a brand new snooping system that monitors your browsing habits so that we can make lots of extra cash selling that information to any disreputable con artist who wants to sell you crap that you don't want using adverts that count towards your capped downloads. Please note that this will not affect the bill we send you for the dismal service that you have received of late.
We will also shortly be appearing in the European courts because the British legal system is so corrupt that they let us get away with it and to date not even the data protection act has caused us even one sleepless night. The system, inextricably linked to a former spyware producer, will be run from our own servers so that you won't have to install anything on your computer and should you wish to opt out of the scheme you will need to repeat this exercise every time you empty your "temporary internet files" (we advise this is performed regularly due to the risk of virus infection).
We have absolutely no intention of apologising for this blatant abuse of our powerful position as a monopoly organisation because of the vast sums involved and the fact that one of our senior employees has already taken up a new post with the company that masterminded this private scheme.
Yours,
BT
There - wasn't so difficult was it?
BT is not providing users a service out of the goodness of their hearts. Those users are PAYING for that service.
There is therefore absolutely NO QUESTION of there being any justifiable NEED for the users to have to be subjected to YET MORE ADVERTISING.
That's right, no need for advertising -- targeted or otherwise -- and because there is no need for the advertising, there is no need for the targeting.
In the full text of the ICO response on the cable forum, they say "BT’s view is that as the 2007 trial was small scale and technical in nature and no adverts were served, it would have been difficult to frame any advice for customers about the operation of cookies, and obtain any relevant consents for the processing of traffic data"
In other words, "we don't have to tell customers that we're sharing every detail of their browsing habits with a third party because we're not using it to generate adverts".
That bit of BT sophistry should have been given a good mauling by the ICO, instead, the toothless tiger didn't even attempt a gummy suck.
Paris, on the grounds that she'd appreciate the last comment.
You may not be aware than in Siberia, there is a little girl called Svetlana. She has a baby rabbit. Sadly this baby rabbit is the runt of the litter, and may not live. It is weak, and only has one eye. It cannot even hop. It makes faint wheezing noises, and has diffuclty eating lettuce.
This rabbit is important because BT fears this nearly dead baby rabbit more than it does the information commissioner. There is no action no matter how appalling that any large outfit can do that will cause the ICO to act. Their sole objective is to collect fees to pay themselves. This will invoke prosecution, but I put more faith in Svetlana's rabbit than the ICO.
While I sympathize with those that want pubic floggings, I wonder how this would affect your nation's sovereignty. An outside organization going after your own (good, bad or other) regulators. Sounds like a slippery slope... Then again, we've got enough problems to worry about here in the US where we seem to whore ourselves out to the highest bidder and regulators are a dream...
Well done El Reg - pretty good coverage of this story! :)
Got to say that, to me at least, this Phorm trial stinks of unofficial wiretap - and therefore illegal. I'm pretty hacked off at my ISP (VM) at the moment, but I'll tell 'em now - if *they* introduce any variety of Phorm - or should that be "form of Phorm"? - then I'll be cancelling my contract with them very quickly indeed. And BT can whistle if they think they're getting the business instead!
I cannot see *any* benefit of Phorm to me - if I want adverts then I'm content to have them appear when I Google - and I strongly resent some "Big Brother" snooping on me when I'm just strolling in the information highway. Although maybe I'm at the level of one of those "stupid users" that BT feels they can't talk to? :P
Meanwhile, I've done what I can and signed the ePetition, and would encourage others to do similarly.
Parting shot - wonder if it's worth "dropping a dime" to Alan Duncan MP? As Tory spokesperson on "Business, Enterprise and Regulatory reform" doesn't this fit his remit - high time the goverment got asked some searching questions about this issue methinks.
If the people who have had their privacy invaded get the cash, then bring in the EU.
But, if the EU gets the cash, and Mr Asterix and Obelix spend it on fine boar, and Belgium Beer, then we get hit twice.
BT will pass on the cost of the fine to the network, or in lay offs, and we will have traded some of our rights to the EU. That's the problem here.
Beware white knights on chargers, didn't someone else use that idea the last time Western Europe was united and one little country was holding out against occupation.
The way the latest ICO comments read to me is that the ICO has been talking to BT and Phorm since before the 2006 trials. If they used the same text that 121 used to encourage people to join their 'relevant ads and safer browsing', then it is no wonder that the ICO could not see what he was being shown any more than the many thousands of people who were duped into downloading the adware / spyware to their computers.
Considering that KE had to make an amendment to the published version of how everything works, I find myself wondering if he even knows how it works or just the salesman. When the person doing the selling gets the methodology wrong is it any wonder that those he is selling the system to are unable to understand the implications.
The defence statements coming from BT show a lack of understanding by the person who initially wrote the statement and comes across as a bunch of lies which is proved inaccurate by the next revelation.
The thing that astonishes me the most is the naivety of the people at ISPs who first spoke with 121 et al. The whole of the rest of the world was trying to clear the spyware from their computers while management were having tea and biscuits with one of the main distributors of the spyware.
BT support must have had tech calls helping people clean their computers without knowing that the man in the boardroom was the cause of their grief. Meanwhile, those in power had no more computer knowledge than the 'click everything' brigade - a quick call to support was always able to clear those nasty pop-ups so where was the problem? Maybe they themselves were also annoyed by the pop-ups and welcomed anything that promised to remove them forever.
I wish I was still a BT shareholder so that I could go into the AGM and ask the board to explain themselves: to reveal the background to the meetings and the decision to inflict the parasite on their customers and the web sites they visit.
ICO - where is the informed consent from the web sites? If you won't investigate, at least get that part into the equation. It is costing web sites a lot of time and effort to protect their copyright and commercial interests / customers privacy. Web sites are not published so that a parasite can use them for commercial profit without paying royalties or buying a commercial use licence.
This whole thing is quite scary..
I'm still shocked this once respected household service has started dealing with such notorious rogues like 121media. Even more shocked that their criminal activities are being permitted under UK laws.. Is this a break down of the UK legal system or what?
I forced BT to scrap my £300 penalty over this and have gone onto Zen broadband with a £7 a month saving and I'm really delighted with their service, absolutely wonderful people. Believe me it's so easy and you do not need BT or their hackers..
A Phormaceutical drug company wants to trial a new drug.
They approach Doctor Beatie, in private practice, who thinks it might just be a moneyspinner if it works.
Doctor Beatie mobilises a team to administer the drug to a sample of his patients but, cruciually, without the knowledge or permission of the patients; 'because it would be too difficult to explain.'"
Some of the patients are more knowledgeable than Doctor Beatie thinks. They notice subtle changes in their conditions and do a little research.
Concerned that they may have something unplanned and unwanted happening to them, they ask questions of Doctor Beatie's team. Doctor Beatie and his team flatly deny that they have administered any unusual treatment. They go so far as to suggest that the patients maybe have another infection.
On the strength of this information, some patients go on to pay for further investigation and treatment with other consultants.
At some point, the story of Dr Beatie's activities and his relationship with the Phormaceutical company comes out, backed up with reasonable proof.
Question: What would happen to the good doctor?
Follow-up question: What would happen to the Phormaceutical company?
I submit that "It was too complicated to explain so we just went ahead and did it" may just be enough for the odd director to get jailed.
I think Phorm is legalised spyware and that it should be treated as spyware.
It is worrying to think that this government along with Sweden and the USA are so into the idea of monitoring and controlling every aspect of our lives, it isn't to screen for terrorists though - it is more likely so that they can put all our information on CD's and lose them in the post again.
BBC published a story here:
http://news.bbc.co.uk/1/hi/technology/7438578.stm
In which they state:
"During the trials adverts were stripped out of web pages served up to BT customers and replaced with more targeted ads, if available.
If none was available, adverts for one of three charities were inserted."
This is the exact opposite of what actually happened according to the leaked document, which was that Phorm replaced the charity ads with targeted ads.
I reported the error to the BBC, but has been ignored. This is odd as I've reported corrections to stories in the past and they have been corrected.
I submitted an official complaint about it, and it's also been ignored (so far). Perhaps if a few more people complain they might take it seriously.
One wonders who is pulling strings there.
"If BT and the IC can treat the law with such contempt I think we should be able to totally ignore the UK crime and punishment statutes and for BT's obviously "special" case reinstate Trial By Ordeal:
Emma Sanderson vs Red Hot Poker
Mine's the black cape & executioner's ma""
I'm cool with that. Since the US dollar is falling I 'll just hop a plane, work in the UK for five years and then fly back home with loads GBP. Oh wait I have a tan I might get shot by the plods on the way in
Dear Mr. BT
I am cancelling my broadband contract as you are too thick to understand the concept of customer care and satisfaction, I will not be paying for the rest of my contract period either, you can pursue me through the courts if you wish, but I am assured it will be thrown out as my solicitor will use the now infamous THICKO defence.
Sincerely
Mr. A Thickophickulos
Be careful cancelling you BT broadband, ring their customer support first and explain your worries regard your online privacy then ask for a MAC code without penalty.
They can if they want hold you to your contract and either sting you for the remainder of the contract or lock up your broadband line forever more until you pay the full amount.
It's so easy once you get the MAC code and swapping to a spyware free ISP is fully automated with only 30 minutes downtime..
Chris,
from an article in The Sunday Times
Competition fears depress LSE shares
INSIDE THE CITY
June 15, 2008
"After a troubled beginning, Phorm’s time may finally have come. The firm tracks the websites that internet users visit and serves them relevant display advertising. So far Virgin Media, Talk Talk and BT – where the latest trial of the technology begins this week – have signed up, keen to get a slice of the online advertising pie."
is this comment for real or is it to 'pump up' their share value