I hope they don't get away with this...
I so hope that BT do not get away with this. Why should BT have powers the police need to request?
City of London police questioned BT earlier this week as part of a probe into the covert wiretapping and profiling of the internet use of tens of thousands of BT customers during tests of Phorm's adware system. City of London CID met BT representatives on Tuesday. Officers have been examining the dossier of evidence handed to …
I've been waiting for this, im not a BT customer and wasnt effected but the lack of legal response was really worring me, it would have set a dangours precident that would allow ISP's to intercept their customer's electronic comunications for what ever they want.
I really hope that who ever made the decision to deploy the phorm trial gets locked up, because they broke the law. If I take legal advice and they tell me killing someone is ok, it doesn't mean its ok it means you have bad legal advice and your still committing a crime if you do the act. Same with this BT broke the law and should damned well be strung up for it.
I was cynical anything would be done about this, yet outraged that it ever happened. I suspect the Police were given a kick up the bottie after the EU wrote to the government - they had to be seen to make some kind of effort. I suspect the govt's response to the EU will now be "The Fuzz are looking into it, we'll get back to you".
Bear in mind the caveats about whether it's "in the public interest" to prosecute, etc etc.
I can assure them it's bloody well in MY interest!
Horse porn. Made me chuckle. I had a fleeting idea that I was more into Ponies, then I thought oh oh ... horse peedo alert!!
I reckon Phorm will need to change their name. They've now got a bad reputation already. (I won't comment on BT)
Paris... because I wouldn't mind going there. Do you think she'll do French?
lock em up and throw away the key, they really need the book thrown at them , a precedent needs to be set to prevent those trusted with the responsibility of carrying our data from abusing both our trust and our privacy.
Lets hope the law stamps down hard on them.
Yesterday, Phorm's share price rose TWENTY PERCENT on news that the next batch of trials will be "soon". There was no financial info in this release whatsoever, but the market seemed to love it.
Then this news today and so far it has fallen 10%
Bloody annoying. I have a CFD shorting 1000 shares (opened at £12.50) and can't wait for the stock to plummet. Currently making about £5K profit on a £1K stake, but I am hoping I can make much more than that if the stock market would only wake up to what is going on.
Do your bit - SHORT PHORM!!
Scene the interview room at police central.
Good morning BT representative, I'm DI Plod and I'd like to talk to you about all this internet monitoring you're alleged to have done - especially the bit where you monitored people's web browsing habits.
Hello Di, pleased to meet you. Where would you like to start?
Can you give me some idea of the type and extent of the monitoring you were doing. please.
Certainly Di, take this example. It's from a Mr. D. Plod and it lists the "interesting" websites that you, sorry, he, visited over an extended period. As you can see, it would be very unfortunate if this sort of information made it's way to the subject's superiors ... Especially if they were employed in a sensitive public position.
Hmmm, yes I see what you mean. .... Do you have any other examples?
Let's see now, Di. Here's one for a Chief Inspector. It does look like he's been a very naughty boy. Here's another one - I believe this person is a judge, maybe you know her?
Harrrumph. <cough> well it looks to me as if everything's in order and I don't think we'll need to trouble you any more. Although, do you mind if I keep copies of these, as my promotion interview's coming up and , err, they'll be useful examples of the investigations I've been performing <cough>
Certainly, Di. And no doubt in years to come - when you've risen rapidly in the force we can talk about any other internet-related issues you may be able to help us with.
Interview closes with funny handshakes all round
"There's no indication as to whether formal proceedings will be brought. Considerations will include whether charges would be proportionate and in the public interest."
That statement doesn't have any bearing on public concern over the matter - it means if a prosecution is brought against BT what are the chances of winning and making them pay for the proceedings in damages as opposed to the tax payer footing the bill.
It's probably already dead in the ground but if charges are brought involving breaches of any privacy laws - it's all over for BT and Phorm, regardless of whether they are fined or imprisoned, neither they, nor any UK ISP will ever again contemplate using Deep Packet Inspection technologies to profile their customers in this way.
Then justice has been seen to be done and a multi-million pound corporation has been shown that even they are not above the law.
hoping and praying BT Directors face jail for this.
Its in my interest. I don't want my web sites scammed, I don't want my kids profiled.
And I don't want reckless criminal bandits at the helm of trusted blue chip companies like BT.
Its not in the national interest to have UK businesses scammed, and UK citizens subject to mass surveillance.
don't forget the Phuzz!
It will be a disgrace if a prosecution does not follow, but if BT are fined it's their customers who will actually pay the fine.
Remember the cash for honours - swept under the carpet although it was as plain as a pikestaff to us mere mortals.
Who's taking bets?
Spread it around. It's a shame to waste it on politics, British politics at that.
"Sadly they'll just fire the directors, rehire them and change branding again. Then you've got a whole new company that's not liable to the previous mistakes and so continue being arseholes."
There some incisive minds reading this rubbish, why don't you all come over to sci.geo.earthquakes and blow all those stupid bastards away with this clarity of mind?
I've always wondered about this from a copyright point of view. If I run a website whose pages are copyright and user requests a copy of those pages, I send the users a my copyrighted pages. And Phorm/BT alter my copyrighted materail without my consent and then send it to users. It sure sounds like a they taken my copyrighted material altered and presented it for profit.
I agree I want to see crimal charges filed but a massive copyright suit wouldn't hurt. As site owner I don't want some ISP stealing my content and selling it to other advertisors.
I imagine the interview was less rigorous than most of us would wish for; more a nice cosy chat about the impertinence of the public disagreeing with the decisions of business.
I'll start taking the official interest seriously when I see some greasy wanker from BT/phorm defending the indefensible in court.
Nothing less than some phucker getting banged up will do.
Paris, 'cos she's au fait with invaded privacy and getting banged up.
Anyone care to bet on plod trying to avoid actually doing anything because it's too complicated for them?
Have BT and Phorm ever published the supposed "legal advice" they claim to have received? No. Because that would leave them open to more public scrutiny and possibly be exposed as the lying shyters so many people believe them to be.
@Tim J - some people are happy to be apathetic and get walked all over. Not me.
Think you’ll find any police investigation into Bt’s wrong doings is to satisfy EU requirements only and as a result the whole thing will be laid to rest with the forthcoming secret Viviane Reding reply... Bt will then begin it’s trials and deploy this dpi system.
It’s ‘opt in’ and because of that Bt will have to blackmail it’s users into doing so by offering them substantial reductions and hiked up charges for those who refuse.
Like many I hope this is another nail in the coffin for that oft used and highly dubious phrase:
"enhancing the user experience"
now I for one run a mile when I see that 'cause it usually means the opposite and more likely means enhancing the profits of the provider at the users expense...
"Death to marketing bullshit!", I say.
Good on ya' Reg for keeping us informed on this.
I've said it before and I'll say it again - this whole issue is a S T O R M I N A T E A C U P .
"Officers have been examining the dossier of evidence handed to Wood Street police station by campaigners following the 16 June protest against BT's planned full deployment of Phorm's technology. It included the internal documents detailing the 2006 trial, which we reported here."
Wake up and smell the coffee people. The Police are only doing what they are obliged to do.
N O T H I N G W I L L E V E R C O M E O F T H I S .
"Its black and white. The law is not gray. If a crime has been committed. Some one should be prosecuted."
And other sentiments like "string 'em up" and "throw away the key".
First, they are innocent of any crime until proven guilty in a court of law. Isn't this something people in this forum like to shout about when it suits them? You can't have it both ways.
Secondly, if they are proven guilty, what would be a suitable punishment? As a libertarian I find their intruding on people's privacy disgusting, but it's hardly something to lock (or "string") them up for, is it?
It's hardly on the same scale as murder, rape, assault, robbery, arson or other crimes. Not all crimes are equally serious and don't all deserve equal punishment.
Keep a sense of proportion, please.
-- Jon
How come all the posts here are so vehmently anti-phorm? I'm no expert on the phorm thing but when it appears to have been specifically designed to be unrelatable to a specific IP address - so then whats the problem? I could care less if they profile me and send me 'targetted' ads - I still have the brains to ignore them! Also much better than the Google ad machine which I would think is much more likely to store IPs? Is this a case of monkey see monkey do? Media say phorm bad monkey gets knickers in a twist and posts angry missives to the Reg?
I suspect you are a member of the Phorm PR team, but, for the benefit of anyone reading who might have similar questions, here are some brief answers.
Firstly, imagine that every phone call you made had someone listening in on the line, picking out topics of interest based on what you are saying for marketing purposes. They "promise" to only use information that is non-personal, although you have no way of guaranteeing they are not in fact doing whatever they fancy with anything they hear.
Does that make you feel comfortable? That is pretty much exactly what the Phorm system does with your web data.
Secondly, it would be reasonably easy to link a person with their so-called anonymous Phorm unique ID. Phorm works by stripping out your Phorm unique ID before any website gets to see it, but this stripping will not happen if you use a secure (HTTPS) connection. A website that is a Phorm (OIX) partner and that you have an account with will be able to read your Phorm cookie (unique ID) and cross-reference it to any details they have on you, e.g. name and address etc., simply by making just one of its pages an HTTPS page.
This gives lie to the claim that the Phorm system is completely anonymous.
Thirdly, Google is opt-in. If you have privacy concerns, you don't have to use Google. With Phorm, you have no choice in the matter. Phorm, as we have understood it so far, is a false opt-out. If you opt-out, your web data still goes through the Phorm system. The "listener on the phone line" man from the first example is *promising* that he won't be listening, even though his phone-tap will still be intercepting your conversation.
All in all, a rather large shipment of fail.
See the Phorm entry at Wikipedia for useful links.
While it's hard to come to any conclusion other than a breech of RIPA/DPA by BT/Phorm, the case might not get to court because the ‘cost-benefit’ definition of 'not in the public interest' is used by the Police/CPS.
I just love the term 'not in the public interest' - by it's own definition it's so poorly defined you can make it mean anything!
thingi
The problems are only half in connection with the up-front public intent of Phorm. What happens if - when - somebody inside the company identifies individuals on the quiet and starts selling on information?
The point is that this is a large body of information that will be collected and there is an associated risk that some of it walks - with identities attached...
If BT/Phorm is going to profit from a website's visitors, then perhaps the website should benefit too?
How about a notice that says something along the lines of:
By intercepting my visitors traffic you agree to be bound by my DPI Contract.
The contract stipulates that whosoever performs the interception of my visitor's traffic must pay me £100 per visitor per session, no later than 30 days following the date of visit.
Failure to send me the funds will result in prosecution.
I mean, as I see it, since websites have the right to not consent to interception, they also have the right to consent under certain conditions. Thus,BT would need to monitor every websites consent status, and requests (anyone want a glass full of brown M&Ms for their interception?).
Anyway, I recommend any readers visit nodpi.org and listen to the first conversation with DS Barry Murray. I'm so astounded by his incompetence and rudeness that I think I shall complain to the police - his behaviour is truly unbecoming of a police officer.
I am surprised that nobody has mentioned the fact that BT has a huge number of lawyers on the payroll working (?) on wayleaves, conveyancing, contracts (for both customers and suppliers), disputes with staff (unfair dismissal, discrimination etc), compliance with statutory regulation (Elf & Safety and OFCOM jokes for example) as well as security and spying (sorry, tracking users' surfing habits to offer them a better experience). I would be surprised if they felt that they needed to seek opinion on the Phorm trials outside the company. The answer they were given by their own lawyers might reflect the desire to please rather than a considered opinion on what was, probably, something a bit outside their normal remit. They, BT, might be now regretting that fact,
AC
Normally I post here using my real name but, as a former BT employee at their main London office for a quarter of a century (was it only that long?), I am adopting the AC nom-de-plume. Is PH a nom-de-plume or a bad parenting decision?
Since the advent of technology there has been a war going on. The war is between the the sensible use of technology and the abuse of technology. Is PHORM a sensible use of technology - if it really is anonomous as they state then it could be ok, however here is where the problem begins to lie, under various laws within the UK certain types of computer use are illegal. Intercepting data on a public network of computers is a crime unless the parties yes parties agree to it. There are however exceptions to this rule and PHORM is not one of them.
So why should people be worried - PHORM collects information about surfers by intercepting HTTP or Port 80 traffic. This in itself is against parts of the law, more akin to a man in the middle attack, even if they do try to lose the IP address of the user surfing the internet we only have their word that they don't store this information in a way that it can later be tracked. If you have dynamically assigned network address this then you have slightly less to be worried about than those with a fixed address - a fixed address doesn't change and will always be traceable back to the user. However this does not mean that a slight alteration to PHORMS code could not be made to start tracking this information in a way where can no longer be described as anonomous.
It is time the poeple of the UK started to stick up for their privacy, a supermarket knows more about an individual in this country (if the individual subscribes to a loyalty scheme) than the government does and thats only through what you like to buy. If you have a child the supermarket knows so - why because you start buying baby food and nappies. Think about your sufing habits - they say they don't track secure addresses, but how many of the sites that you use for internet banking/email etc connect first to a normal port website. The government as already ordered ISP's to retain identifiable information about there sibscribers, with the PHORM database this potentially infringes on your privacy and human rights siginificantly. You betcha if you have an offshore bank account the government is interested.
Any hows, consider this, if you value your privacy then PHORM is a bad idea in any shape. Do you like SPAM email or JUNK post? Guess what - this could open the flood gates, not to mention the damage that this could do to legitimate websites advertising in the more conventional way. I for one will consider changing to a more private ISP and if I can't find one, then I may consider alternatives.
Drive through a Gatso at 35 in a 30 limit and you get a fine and points - no argument.
Drink drive and you get a ban, a fine and points.
But a crime like this and the authorities have to decide "whether charges would be proportionate and in the public interest"...
Anyone else spot the discrepancy here?
Using Google is a choice; you can surf the internet for your whole life and Google need know nothing about it; the ISPs using Phorm control your connection to the internet, they can monitor everything you do (in this case without asking permission) so it's not a choice.
As for the IP address, it's a red herring - Phorm's technology can link your internet account to your internet usage in order to determine what advertisements to put in front of you (or the rest your family who share the same connection).
Also worth remembering, many people use web-mail systems that don't encrypt content after the login page (makes it easier to serve the advertisements up) so Phorm will be able to monitor e-mails.
Phorm's whole business model is to use gross invasion of privacy to deliver targeted advertising; any takers for that?
"[0022]In one example, the ISP initiates launching of a context reader into HTTP stream that flows through to the client device. In particular, a script may be embedded into web pages requested by the client. The script executes within the client browser and reads information off of the displayed webpage, such as keywords or other information. The observed/monitored information may be stored locally or otherwise for later use, such as in influencing delivery of a targeted advertisement to the user. In other examples, monitoring and observation processes run within the ISP infrastructure, for example on a server that observes requests and responses of a particular client connecting through the ISP."
from http://www.faqs.org/patents/app/20080201733
There you have it. Not only planning to look at your web stream but to alter it.
The fundernemtal principle of comunications is to faithfully carry the message to the recipient without it being intercepted on the way. Obviously with http traffic it's pretty easy to meddle with since it's in human readable format, that being the whole reason for the success of HTML web pages.
When you trust everyone you don't lock your front door. When people start abusing this then you lock your door. It's time to lock our web traffic since we can't trust the ISP. https: is what we now need to do. Then we know that only us and the web site are party to the communication.
Nobody appears to Champion Alternative Phorm .... which discovers what you Want, and Gives IT to you, ...... all done Virtually with an Electronic Record of Traffic to Trace/Reward Source.
The Wise Respondents are the One who Realise Easy Come/Easy Go ....and they will always Endeavour to Ensure Quality of Supply Wants with Quality of Needs 42 Feed with Benefits Applied to All to Encourage Further Feeds for Mutual Needs
Looks like Phorm is now trading at around 1/6 of their market peak back when they announced their tie-up with the big three ISPs. It's getting tempting to take out a ruler, draw a straight line through a plot of their share price and work out when their share price will reach zero:
http://www.iii.co.uk/investment/detail%3Fcode%3Dcotn:PHRM.L&it%3Dle