BT, Webwise and Phorm: what you need to know
phormwatch | 02.08.2008 15:20 | Culture | Other Press | Technology
Summary of BT and Webwise - how BT has joined up with a former spyware company to eavesdrop on your browsing habits to serve you 'targeted' ads.
BT, Webwise and Phorm: what you need to know
Would you allow your phone to be tapped or your post opened?
That’s the kind of thing BT want to do with your Internet connection. They are
partnering with a company called Phorm to monitor your web browsing and profile
you so that they can use that information to choose which advertisements to show
you. Phorm were formerly known as 121media, and their products were blacklisted
by at least three anti-virus companies. BT are calling this scheme “Webwise”.
BT wouldn’t do that, would they?
They already have. In 2006 and again in 2007, BT intercepted and read Internet
activity from tens of thousands of their Internet customers in trials of Phorm.
At no time did they ask these customers for their consent. In some instances
they changed data sent by customers to the websites they were visiting.
Surely it must be against the law?
BT say it isn’t, but they have yet to disclose the basis of this claim. The
Regulation of Investigatory Powers Act 2000 makes many unauthorised
interceptions illegal. Under the Privacy and Electronic Communications (EC
Directive) Regulations 2003 users must give informed consent before a third
party has access to their information. Under the Data Protection Act 1998 users’
personal data has to be kept private and not misused. And the Copyright, Designs
and Patents Act 1988 may protect web content creators since it makes it an
offence to copy other people’s work.
How can they get away with it?
They won’t if you make it clear that they shouldn’t. BT’s trials of Phorm may
have taken place on computers, yet they are little different from unauthorised
opening of post or tapping telephones. The Information Commissioner agrees that
the European Privacy and Electronic Communications Regulations 2003 would be
likely to apply to BT’s 2007 trials. But he won’t act, despite the loss of
privacy suffered by tens of thousands of Internet users whose web browsing was
intercepted. The European Commission has been asked to review this. Complaints
have also been made to several police forces about BT’s Phorm trials. All the
evidence from around the country has now been presented to the City of London
Police who are investigating.
Who is affected?
Everyone is at risk. If you are an MP, lawyer, doctor, journalist, business
executive, housewife, mother, teenager, child, office worker or manual worker
using BT home broadband then you are in danger of having your Internet activity
intercepted and used to produce a profile of you.
Can I avoid it?
Maybe not. When BT deploy Phorm, they say they will interrupt your browsing to
ask whoever is using your computer whether they want to be part of it. On their
main Webwise web page, they do not tell you that if you say “yes” then almost
everything you do on the Internet from then on will be intercepted and read. Nor
do they say on any of their Webwise pages whether they plan to check if it’s
you, one of your children, or a visitor to your house who has given consent. And
once it’s switched on, if they do not have a separate login, even your
children’s Internet research for their homework will be profiled.
What can I do?
Write to your MP and ask them to make their opposition to BT’s proposed
Webwise/Phorm scheme public and unequivocal. Specifically, ask them to: Call for
the Information Commissioner to act on breaches of the European Privacy and
Electronic Communications Regulations 2003. Urge the Home Office to direct the
Police to investigate BT’s 2006 and 2007 trials of Phorm. Make it clear that
existing laws on privacy and intellectual property must be enforced fully – and
not watered down – if BT deploy Phorm. And please sign the 10 Downing Street
petition at http://petitions.pm.gov.uk/ispphorm/
Phorm takes consumer privacy protection to a new low
Any interception of your Internet connection, no matter how carefully the data
is handled, increases the risk of your data being stolen and misused. And the
added complexity of the Phorm systems raises the threat from hackers and
fraudsters. Such monitoring may be appropriate for criminal or terrorist
investigations. Using it for commercial gain is entirely unnecessary. Following
intervention by Congress in the USA, similar schemes have been shelved. Isn’t it
now time for the UK to act?
V9 – 16 July 2008
Issued on behalf of NoDPI on 16th July 2008: Web: www.nodpi.org - Email:
no2dpi@googlemail.com
Useful Addresses
Letters to your MP can be addressed to them at House of Commons, London, SW1A
0AA. If you are a BT Home Broadband customer, please also write to them: BT
Chief Executive Mr Ian Livingston BT Group 81 Newgate Street London EC1A 7AJ BT
Complaints Mrs Jillian G Lewis Customer Service Director BT plc Correspondence
Centre Durham DH98 1BT
Contact BT online:
http://bt.custhelp.com/cgi-bin/bt.cfg/php/enduser/cci/bt_contact.php
Would you allow your phone to be tapped or your post opened?
That’s the kind of thing BT want to do with your Internet connection. They are
partnering with a company called Phorm to monitor your web browsing and profile
you so that they can use that information to choose which advertisements to show
you. Phorm were formerly known as 121media, and their products were blacklisted
by at least three anti-virus companies. BT are calling this scheme “Webwise”.
BT wouldn’t do that, would they?
They already have. In 2006 and again in 2007, BT intercepted and read Internet
activity from tens of thousands of their Internet customers in trials of Phorm.
At no time did they ask these customers for their consent. In some instances
they changed data sent by customers to the websites they were visiting.
Surely it must be against the law?
BT say it isn’t, but they have yet to disclose the basis of this claim. The
Regulation of Investigatory Powers Act 2000 makes many unauthorised
interceptions illegal. Under the Privacy and Electronic Communications (EC
Directive) Regulations 2003 users must give informed consent before a third
party has access to their information. Under the Data Protection Act 1998 users’
personal data has to be kept private and not misused. And the Copyright, Designs
and Patents Act 1988 may protect web content creators since it makes it an
offence to copy other people’s work.
How can they get away with it?
They won’t if you make it clear that they shouldn’t. BT’s trials of Phorm may
have taken place on computers, yet they are little different from unauthorised
opening of post or tapping telephones. The Information Commissioner agrees that
the European Privacy and Electronic Communications Regulations 2003 would be
likely to apply to BT’s 2007 trials. But he won’t act, despite the loss of
privacy suffered by tens of thousands of Internet users whose web browsing was
intercepted. The European Commission has been asked to review this. Complaints
have also been made to several police forces about BT’s Phorm trials. All the
evidence from around the country has now been presented to the City of London
Police who are investigating.
Who is affected?
Everyone is at risk. If you are an MP, lawyer, doctor, journalist, business
executive, housewife, mother, teenager, child, office worker or manual worker
using BT home broadband then you are in danger of having your Internet activity
intercepted and used to produce a profile of you.
Can I avoid it?
Maybe not. When BT deploy Phorm, they say they will interrupt your browsing to
ask whoever is using your computer whether they want to be part of it. On their
main Webwise web page, they do not tell you that if you say “yes” then almost
everything you do on the Internet from then on will be intercepted and read. Nor
do they say on any of their Webwise pages whether they plan to check if it’s
you, one of your children, or a visitor to your house who has given consent. And
once it’s switched on, if they do not have a separate login, even your
children’s Internet research for their homework will be profiled.
What can I do?
Write to your MP and ask them to make their opposition to BT’s proposed
Webwise/Phorm scheme public and unequivocal. Specifically, ask them to: Call for
the Information Commissioner to act on breaches of the European Privacy and
Electronic Communications Regulations 2003. Urge the Home Office to direct the
Police to investigate BT’s 2006 and 2007 trials of Phorm. Make it clear that
existing laws on privacy and intellectual property must be enforced fully – and
not watered down – if BT deploy Phorm. And please sign the 10 Downing Street
petition at http://petitions.pm.gov.uk/ispphorm/
Phorm takes consumer privacy protection to a new low
Any interception of your Internet connection, no matter how carefully the data
is handled, increases the risk of your data being stolen and misused. And the
added complexity of the Phorm systems raises the threat from hackers and
fraudsters. Such monitoring may be appropriate for criminal or terrorist
investigations. Using it for commercial gain is entirely unnecessary. Following
intervention by Congress in the USA, similar schemes have been shelved. Isn’t it
now time for the UK to act?
V9 – 16 July 2008
Issued on behalf of NoDPI on 16th July 2008: Web: www.nodpi.org - Email:
no2dpi@googlemail.com
Useful Addresses
Letters to your MP can be addressed to them at House of Commons, London, SW1A
0AA. If you are a BT Home Broadband customer, please also write to them: BT
Chief Executive Mr Ian Livingston BT Group 81 Newgate Street London EC1A 7AJ BT
Complaints Mrs Jillian G Lewis Customer Service Director BT plc Correspondence
Centre Durham DH98 1BT
Contact BT online:
http://bt.custhelp.com/cgi-bin/bt.cfg/php/enduser/cci/bt_contact.php
phormwatch
Homepage:
http://phormwatch.blogspot.com/
Comments
Hide the following 4 comments
BT not hte only one
02.08.2008 16:21
Ambrose Chapell
If you run Mozilla Firefox you can use a browser extension called "track me not"
02.08.2008 17:21
Read about it & perhaps install it here http://mrl.nyu.edu/~dhowe/trackmenot/
the 2 NYU academics who invented it, say they were responding to pretty similar privacy issues in the USA. I believe them too.
One other thing, this piece is excellent, it really is - but I don't understand why the writer has bundled "enforcing not watering down" existing intellectual property law with privacy. That seems to be a confusion of two very seperate issues.
http://mrl.nyu.edu/~dhowe/trackmenot/#why
track me not
In response to track me not
03.08.2008 11:34
>>>>One other thing, this piece is excellent, it really is - but I don't understand why the writer has bundled "enforcing not watering down" existing intellectual property law with privacy. That seems to be a confusion of two very seperate issues.<<<
Privacy and Intellectual Property are not separate issues. If I tell you that a particular person has some cheap and desirable goods, in limited supply, that information is valuable. If BT tell a third party that I have something cheap and desirable in limited supply (my disposable income) that too is valuable. If they tell that piece of information to a third party with goods I might desire then the information is even more valuable.
You can argue that BT did the market research to find that out. But they intend to do the market research with my own personal private copyright intellectual property. In the UK, once you write something down, it is your copyrighted work. You have a right to licence that to anybody and to profit from that licence. To permit BT to simply use the datastream I generate on the Internet in order to make profits ignores my Intellectual Property Rights. In order to do this they are substantially watered down.
The issue of privacy is also the issue of intellectual property: to be secure in your personal and private papers is also to be able to profit from your personal and private papers. To separate the two issues is to suppose that individuals have no interest in benefiting from their own intellectual property and that they will willingly make it a gift for those whose sole objective is maximising profit by all means available.
My Privacy is worth something
Re: Can I avoid it?
03.08.2008 14:49
They also don't tell you that, even if you do opt out, your clickstream data will still be "anonymised" and passed to Phorm's systems. Phorm claim that they won't do anything with the information, but in that case the DPA says that they shouldn't even collect it. The ISP would also be breaking the DPA by processing your information without consent - anonymising counts as processing.
As it happens, Phorm used to be called 121Media up until last year and manufactured spyware. Computer security companies are already classifying phorm as malware.
MonkeyBot 5000