It might still be a big seller in China...
For a company without customers, users or revenues it's pretty extraordinary that Phorm achieved the dubious distinction of being the biggest UK technology story of the past 18 months. It couldn't have done it on its own, of course. As it slinks away from the UK market this week, investors can thank BT executives, alongside …
That the general public, mostly from the highly respected El Reg readership, mounted a fantastic offensive against this offensive product.
Congratulations to everyone who wrote to their MPs, MEPs, to the police, commented on blogs and generally spoke out against it.
and to Kent, good game sir, good game ;)
Well done Chris, that's a useful summary of the whole thing for anyone who might not have heard about it and might be saying "So what?".
I'm ever so pleased that the whole thing has collapsed in on itself. It's a testament to the distributed regulatory power of Internet+Public and really does ensure that any organisations considering pulling a similar stunt in the future will hopefully think long and hard before doing anything.
Well done to everyone who took part. I like to think my two emails, one to my MP and one to the EU Commission, played their part in contributing to the gratifying result. Let's not forget to keep the collective eye on the ball - still plenty to be done.
Surely if Phorm create an "offline copy" (or mirror, call it what you want) it really blows a hole in their RIPA compliance argument? If processing is not done in real time then the offline copy surely has to include all content, doesn't it?
Blimey Charlie how has no-one ended up in court over this? Having said that just look what happened with the News of The World scandal - next to NOTHING.
At least the EU is on the case. Hopefully mere citizens may end up with some effective laws to protect our internet and our phones.
If only such an analysis could have been taken seriously earlier by those within whose power was the ability to shape the actions of the last 18 months then the many businesses involved could have been spending their energies on riding out the recession.
With neither BT nor VM severing the knot that holds them to Phorm it does raise serious questions about the relationship between ISPs and their customers. It will take me a long time before I trust either company with any of my business.
I have learned a lot about privacy policies and the DPA. I now recognise that there are many businesses that have similar policies to those of the ISPs that wanted to invite DPI for data harvesting into their networks, and I will also be refraining from doing business with them. My personal privacy is worth more to me than saving a few pence when choosing a supplier of goods or services.
Opt in has become the new opt out. Businesses that ignore the need for opt in will be left behind.
Phorm is only one of the DPI vendors. Not one has provision for opt in by both users and the other party to the communication.
Phorm has never become an ad network, despite its claims on the OIX site yet it has produced a public awareness of the workings of all the rest of the ad networks which is causing their business practices to be looked at anew.
Will the next chapter be about ad networks or will DPI threats to privacy continue to be the main theme?
We need everyone involved to be prosecuted under EU law. That means not only the board members of Phorm, and those board members of BT (that is, the ones not already counted by benefit of now working for Phorm), but also the senior civil servants in the ICO, and the relevant figures in the Home Office who lent it that tacit approval, and who failed to regulate.
Flames, because that is no more than they deserve.
As the article suggests, this isn't entirely over. Kurt and his cronies may resurface like perpetual Dr Who villains and those who care about online privacy will have to be vigilant.
It would be nice to get this sorted out in the law though, so that any similar technologies are explicitly banned. We may not be able to rely on poor technical implementation and inept marketing to scupper the next attempt at DPI advertising.
BTW - Is that his real name and is he related to Gag Halfrunt? A present for him anyway...
I'm surprised that no parallels are being drawn between the BT/Phorm trials phiasco and the News of the World phone hacking.
I'n both cases communications were intercepted under legally dubious circumstances, and in both cases the Police / Home office /ICO have done sod all about it.
Only difference is that John Prescott hasn't been on the news enraged over Phorm. Presumably the BT / Phorm trials didn't include any politicians or celebs.
Pint icon cause our government couldn't run a pissup in a brewery.
sorry guys ... the promise that Phorm held - intimate access to individial surfing habits - is too much of a Holy Grail to think big business will let it go. I will guarantee that somewhere out there is a consortium who has watched and learned and is quietly planning the next move.
The whole sorry story has only served to show how ignorant 99% of people are with regard to the web. As long as they know what happened in big brother last night, they will let ANYONE have their personal details.
...for any number of reasons. But mostly because the people they were marketing it to --- industry insiders --- weren't the people whose consent they needed --- punters.
The reference to Google in the article highlights this: the people KE needed to convince were punters, but the only people who care about Google's dominance of the advertising market are industry insiders. I crossed swords with Peter Bazalgatte on the same topic at the Convention on Modern Liberty thing (he is, it has to be said, a really nice guy) and his main concern was about the paucity of money for content creation: again, that sells Phorm to media companies, not end users.
At no point did KE come up with a direct benefit for punters. Oh sure, there were some incredibly vague indirect ones --- this will make money for ISPs who will cut your bills, or this will make money for content providers who will make good programmes. But ISPs are hardly sympathetic poster-children, and content is not in short supply.
Speaking personally, if an ISP wants to make more money, it should charge me more and I'll see if I want to pay, and if content providers want to sell me premium content for more money, they should ask for my money. The idea that I will give my attention and, by implication, my money (advertising only makes money if the viewers buy the products) in preference to just paying my money is silly.
Still, it got me to leave BT as a customer after having been customer #2 in my exchange one of the architects of the Project Ascot trials of ADSL in Ealing in 1996, so they can't say that Phorm didn't have an impact.
Might I suggest Phorm goes Stealthy Black and Underground. There it can do exactly as it pleases and can even deny it is doing anything. To paraphrase a well enough known political/anti-political statement .... "It hasn't gone away, you know."
Finding out what Joe Soap and Jane Doe want, and offering it to them for free at a price they can afford, is good for business and if truth be told, exactly what Governments should do .... but don't. I wonder what they do instead and who they are working for?
Quote: ... the promise that Phorm held - intimate access to individial surfing habits - is too much of a Holy Grail to think big business will let it go. I will guarantee that somewhere out there is a consortium who has watched and learned and is quietly planning the next move.
You may indeed be right, Mr. AC1411, but backing away from this mess and taking a broad view, one has to ask "why on earth would any sensible person want to sniff my web surfing habits?"
Targeted advertising is a red herring from start to finish. Thanks to the Adblock plug-in for Firefox I don't even see most ads, and before I reached the beulah land of ad-free browsing, I can only recall a single ad ever inspiring me to investigate further.
Businesses thinking about targeted advertising would make better use of their money reviewing usability websites (www.useit.com/alertbox/ and www.webpagesthatsuck.com/ for example) and get rid of the stupidties on their websites that discourage visitors from becoming customers.
The whole Phorm affair sounds to me like a bunch of shady, ethically challenged marketers (aka professional liars) exercising their talents at lying on their own behalf, spouting nonsense about some marketing voodoo that every sane person knows WILL NOT WORK. (One has a brief spasm of schadenfreude because the people they conned are also marketers.)
The only people who would benefit from Phorm-tech would be the police state enthusiasts in government, but even they are so far off the track as to be risible. Dear snoopy plods and Home Office consultants: you don't want to examine every online communication. You will drown in an ocean of irrelevant material. What you want is targeted snooping; the only communications you will benefit from snooping on are those you already associate with criminal types. Snoop on everything, and you are looking for a needle in a haystack.
Conclusion: the whole marketing "profession" should go to the wall and be liquidated.
Yes, this comment has ended as a rant. Sorry, folks.
Great News! Fantastic.
Just a shame. Virgin Media had loads of PR crap on their site claiming that Phorm was going to help customers by keeping them safe through filtering. I wonder what spin they'll put on it now. "Oh, we don't need that Phorm thing anymore, we're already the safest ISP in the universe!" Nudge Nudge..
For having the courage to report this story without fear or favour.
Last year I nominated you for the Orwell Prize for Journalism, and I firmly believe you deserved to win.
This story isn't yet finished; BT Directors must now be prosecuted and jailed and the board of BT must be purged.
The Police need to reinstate hi tech crime fighting, the ICO must be dissolved and replaced by people who understand IT, and Ofcom must be split into a telecommunication and media regulator.
And then, we need to strengthen our communication privacy laws because this scandal must never be repeated.
Quote= RW: " ... the promise that Phorm held - intimate access to individial surfing habits - is too much of a Holy Grail to think big business will let it go."
...Or law enforcement. Don't forget they have a very big, publicly-stated interest in DPI technologies. Could something like Phorm could be 'reimagined' to suit the needs of the Overwatch? Nothing like a few fat government contracts to save an ailing softco.
Great article, btw.
Much as I hate Phorm they don't seem to be going away. Share prices have remained pretty stable since they took a two dives on the news of BT and then TalkTalk pulling out of trials. And they remain well above last year's low. While high volumes of shares are being traded it doesn't seem to be having any more impact on prices. So while there are people who want to sell all their shares there are as many people willing to buy them. So they're not going anywhere anytime soon.
This is deeply worrying. If a big kicking like this doesn't take them down then what will it take to kill them?
If they end up trialling their software with smaller more obscure ISPs overseas (yes I know the Korean operation is not small) then they could get a revenue stream that will sustain them. Once they have that sustenance it may only be a matter of time before they are back in our market.
Here's a question to consider: If an ISP routes all your traffic via a router outside the EU and profiles is there is there a damn thing the EU can do about it?
...smelled like victory.
For now, anyway.
We still have this on-line culture where it is assumed that moving or hosting data gives the mover or hoster of that data some kind of God-given right to treat it like their own personal property.
Beating Phorm is the first battle in a larger, wider reaching war. Imagine the Post Office having the right to read your mail so that it can make more money from junk mailers, or imagine your local community hall claiming it has copyright on a play you wrote and performed there. How would you feel if your house movers were required by the government to look through your CD collection in the search of copied albums?
That's the type of thinking we're fighting here. Maintaining privacy and holding copyright on your own creative output are two basic human rights - and no megacorp or government should be allowed take that away, no matter how much money they think they'll make, or how many crimes they think will be stopped.
"his agreement to conduct trials in secret with BT. "
We know who was in the picture at Phorm.
Do we know who was in the picture at BT Retail?
Was it the already-mentioned fall girl Emma Watson in BT Retail's "value added services"? Or was it someone else, perhaps someone who set the deal up but who wasn't actually still around to carry the can when the sh*t started flying?
By the way, has anybody noticed that the Chief Technology Officer at BT Retail at the time of the denied trials, Stratis Scleparis, was last seen being employed as CTO at Phorm?
of people who say good riddance, congratulations to the Reg, journalists and readership.
And also that this ain't over - the regulators who acquiesced with the phorm project must be held to account. The politicians who went along with phorm must be made to understand that the tech inductry understands these issues. In the end it wasn't arguments about the ethics of the technology that influenced the UK decision-makers.
If performance really was the issue, surely all they need is a decent technical architect. This looks like something that ought to be reasonably easy to parallelise given a suitable parallel architecture. How much more complicated than wireshark (times 512, with custom dissectors for every protocol under the Sun) can it be, after all?
What kind of architect designed the system in a way that it dectectably slowed down user traffic anyway, rather than just discarding stuff when it couldn't keep up. Every mass market ISP knows you have to discard stuff at peak times, that basing capacity calculations on peak traffic is just financial suicide.
That Scleparis chap sounds like a nice honest boss to work for too, as well as Kent.
Where do I apply?
Obviously there'd be no risk of me putting any logic bombs in any code I left behind.
None at all.
Same as there would be no risk of them abusing any data they gathered for purposes other than it was originally gathered.
Right? It's in the contract, right?
The outcome isn't quite satisfactory, yet. To prevent a repeat of Phorm and to save numerous people a huge amount of time and effort in fighting such, we need to ensure that DPI is illegal under all circumstances (except perhaps with the expression permission of a court order).
Phone tapping isn't allowed, mail interception isn't allowed, DPI shouldn't be allowed. I wish simpleton politicians could see that they're all the same thing, it seems just because it's teh new fangled tinternet that existing rules and principles can be just thrown out of the window!
As they are still breathing.
I think watching the VC's who bank rolled this buch might be an idea. They seem fairly ethically challenged (IE by having any) matched by a fat wad of cash and suscepibility to marketing BS.
They'll get in trouble again. I would not like to funding them.
My huge stock of coats, with "Phuck off Phorm" tastefully picked out on the back in Rhinestones, are now worth nothing. Nothing I tell you, I'm broke !! :-)
Nice story Chris, you've covered this well from the off. Thanks should definitely go to Alexander Hanff, who really was the architect of their, apparent, demise.
Sadly they are probably not dead, as there are too bloody many parasites in this world: PR, HR, Compliance & all the other assorted tossers, to whom making a living - off the sweat of another's brow, is their way of life. :-(
No icon, I've just burnt all my stock...
Massive thanks to Chris for breaking this story and then keeping it in the spotlight. Had you not given this story exposure then Phorm could now be snooping on us all and we would be none the wiser. If we ever cross paths then I'm buying you a drink.
There is still more work to do for us all but now we have the EU acting to ensure the law is properly enforced - UK.gov & ICO hang your heads in shame - spinshyster snoopers like Phorm will find they can't sneak in through the back door.
It matters not what Kent tries his hand at now; he is irreversibly associated with everything Phorm did that was wrong.
Thumbs up because Chris deserves a bloody great thumbs up. I salute you, sir.
Going into partnership with people who made their money infecting computers could only lead wholesale customer rebellion. Those who failed to see it coming should be fired. Supplying customer information to these people was repugnant to say the least. Illegal trials. Illegal government participation, and the illegal and very public derailing of a regulators ruling and a police enquiry was never going to win the hearts and souls of any idiots customer base. I hope the European Commissioner's enquiry into the criminals involved is both far reaching and very, very robust.
A lot of suspicious schemes to intrude on our privacy seem to depend on the assumption of affordable DPI.
If BT have found that it costs more than they expected, and it's not just a rumour, and decision makers believe BT, this could put the kibosh on quite a few schemes.
But wait a few years, and see what sort of processing power you can throw at the problem.
Of course, Phorm's object all sublime, to make the adverts fit the... Well, anyone who notices the adverts served up through Google and Yahoo will know how well page-content and advertising can be matched. If Phorm had a solution to that problem, they didn't need to sell DPI. Instead, they were playing with a twisted cue on a cloth untrue.
Maybe I've read too many Cold-War spy thrillers, but who really was in charge? It's almost two easy to imagine an American company, testing legally dodgy intercept systems in a foreign country, being owned by some three-letter-acronym or another. No, how would they keep the secret?
"Ah so. We read something of interest in El Reg. It says you might have a problem with delivery. We understand - that is your business. We have contracted for delivery, and expect it to be performed. But it also says you did trials with BT. Mista Kent, we have not only yin and yang here, but laws against fraudulent misrepresentation also. You must understand - we like capitalism, but we do not like operations which are merely personal get-rich-schemes for shysters. So. May we see the results of those BT trials Mista Kent?"
I'm sure there are hundreds or start-up companies with some really good (non-intrusive) ideas who would love to have even a small slice of the cash which Phorm has had thrown at it.
Then again, given recent events it's obvious that the last people who know what to do with cash are the banks!
How can a model which emphasises not storing data exist in an offline analysis mode (copy of customer data due to on the fly analysis speed issues)?
If the data could not be analysed quickly enough, how could the web page (already loaded) have the advert injected and the data discarded as claimed?
Mike Jarvis's comment "[Our decision has] nothing to do with cost or privacy" has raised hackles and will ensure that BT will remain under the closest scrutiny.
When questioned about its authenticity Ian Livingston's remark quoted on
" I do not believe he was misquoted. The privacy protection we have put in place with Webwise are set out on http://www2.bt.com/static/i/btretail/webwise/your-privacy.html " is utterly fatuous. Those pages fail to stand up to advertising and ICO standards of fully informing customers.
I think they would do the offline analysis on the everyday web traffic that is generated when you surf to the various sites you visit during the course of normal web-browsing. This still requires offline storing of web traffic which would be a whole world of legal pain.
The ad placement would only be required when you visit an OIX-enabled site. It's only then an immediate decision would need to be made about which ad to display, based on your pseudo-anonymous unique ID that is carried as a cookie (one of many placed by Webwise!) in your browsing session.
This whole sage just goes to show why the powers that be want control of the internet. People + Internet is like a tsunami that starts out at sea - it only looks small until it reaches the shallows and then it sweeps everything away.
Lots of great team work went into this, my personal thanks go to the person who leaked the original secret trials document - without which none of this could have been possible.
Power to the people :D
"How can a model which emphasises not storing data exist in an offline analysis mode (copy of customer data due to on the fly analysis speed issues)?"
That's an excellent question, if this was the normal world obeying normal rules.
However, Phormworld does not work like that. It relies, like David Blaine and his ilk, on misdirection, distraction, and even downright lies (no offence David). The magician, his "mark", the camera crew, etc are in on the game. Mere facts are not to be considered relevant if they are unhelpful to the ultimate goal. It's only the audience that are being fooled (and even that isn't working all that well here).
The main reason Phorm phailed is because NuLab is their only buddy and enabler and is now a walking corpse. NuLab is even more of an epic fail than the US Republicans. I know the US political system is not perfect and all <cough>eight years of W</cough> but it seems the UK system is even more broken. TBH the UK system is very hard for an outsider to understand (backbench, MPs and all) but easy for anyone to see needs to join the 21st century. Maybe once it was ok to not have a constitution and have an implicit understanding from the royals but I am glad our system is not like that. Then again I guess that is the yank in me that thinks a long obsolete classist tradition and royalty is a big pile of crap. Regardless death to NuLab (the party not the people of course) and their nanny society.
been possible even since the Invention of Telegraph systems.
We all need to RE-impress on our Democratic Governments that it is not only unwise but thoroughly counter-productive to do this!
Individualism & the freedoms of "responsible thought" are the CORE driving forces for Science, Philosophy, Medicine etc without this Humans will stagnate!
This is NOT over yet!
"For El Reg, the positive thing to draw from this saga is not that Phorm lost business. Rather it's that the next party to try to monitor internet connections on behalf of commercial interests won't trial technology without consent, is unlikely to receive legal consultancy from government officials and might actually get into trouble if it breaks the law. " ahem a slight understatement there I think it will get its corporate head ripped off and shite poured down its throat.mills bomb cos well you know.
The business model as it stood would never have worked in a way that would produce massive revenue.
Web sites can opt out of being profiled.
Obviously if you're not a Webwise advertiser you wouldn't want visitors to your site being fed adverts for your competition. So anybody not advertising with Phorm would opt out of their customers visits being profiled.
If you're a content provider who is not selling anything then you probably make money through advertising on your site. The last thing you want is the power of that advertising being diluted by Webwise, so you'll opt out.
If you are a Webwise advertiser then you can't opt out. So what happens is your customers are fed adverts for your competition (not good) and you (pointless).
From the above it's pretty simple to see that big vendors, well known in their particular area won't be interested and will opt out. Content providers will opt out. So the only people who would not opt out would be the Webwise customers. And there would be no benefit to them.
The content providers may change their stance *if* Phorm were to pay them to allow their customers' traffic to be profiled. However this is not, as I understand it part of Kent's big plan. He wants to take money from advertisers, hand some of it to the ISPs and keep most of it. Giving more of it away would probably grate. In order for the service to have any value to the advertisers Phorm would have to pay content providers to allow their traffic to be profiled. And pay them more than they currently make from running ads from the likes of Google. The upshot of this being that Kent (and the ISPs) would make a lot less money, so it would be less attrative to ISPs. Which is of course where it fucks up.
Sold on the original business model revenues for the ISP look huge, so it would look attractive to ISPs who don't think too deeply. Sold on a more realistic business model potential revenues look much smaller and being in the leading echelon seems less attractive to an ISP. Could it be that even though privacy concerns did not worry BT they've finally thought it through properly and realised that the potential revenues are much lower than predicted by Phorm and so they've decided it just ain't worth the risk.
Expect Webwise to be back later based on the model suggested above.
Who else monitors where you are going? Google and Microsoft have anti-fishing filters in FireFox and IE respectively. How do you think they work? By asking Google and Microsoft if the places you are going are safe.
All BT and Phorm had to do was brand their product as a BT anti-fishing filter. They could have worked on the value-add later.
"it'll probably resurface under the Tories"
Why under the Tories? It's the Labour government that wants to control every aspect of our lives, and the Labour government who have been complicit in this particular farrago. Labour are the ones who have been pushing ID cards too, and the Tories are the ones that have pledged to ditch that scheme.
The Tories are the party most likely to reduce the size and power of government (though of course this is something governments of any stripe generally don't do), while Labour has continually done the opposite, to the point that Europe has now become the main guarantee of our privacy and freedom.
"they could repackage their product as an application for users to install on their own computer, and which makes recommendations to that user. If it was useful, it might sell."
Would that be similar to things like the Yahoo Toolbar, say. The Yahoo Toolbar is just so darn good and wanted by so many prople that it has to be distributed as a half (or fully?) hidden parasite application to be loaded with genuine applications?
Biting the hand that feeds IT © 1998–2020