Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Alexander that is truly truly shocking. I am gobsmacked. I had to read it twice to make sure I hadnt misread it first time.

So the ICO is passing the buck back to the Home Office are they? Thats interesting. Curiously, just for information I have had no rejection yet of my third petition submitted to the downing street petition site. Thanks must go to others who have noted that the labour ex-minister Patricia Hewitt sits on the BT board. Would be interesting to hear what she has to say on the matter.

Now that we know that the ICO is not investigating Phorm or the secret BT trials its obvious that we need to ramp this up a few more levels if anything is to be done. Maybe it IS time to try find people involved in the BT trials and write letters to the computer crime unit of the Met Police afterall.

Still astounded here.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I can confirm it.

I can also confirm that BT claim they have done nothing wrong and they actually did two tests, not one. :mad:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

http://www.channel4.com/news/article...g+deal/1703547
Concerns over data pimping deal

Last Modified: 04 Mar 2008
By: Channel 4 News

---------- Post added at 13:46 ---------- Previous post was at 13:40 ----------

anyone found a video clip for that BBC "IC:a clear case of intercepting data" yet?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The thing that shocks me the most is that they have passed the buck unconditionally to the Home Office as opposed to doing their own investigation in parallel with the Home Office with regards the privacy and data protection issues surrounding this matter; issues, I must add, which most certainly do fall under the ICO umbrella:

"The ICO is the UK's independent public body set up to promote access to official information and protect personal information by promoting good practise, ruling on eligible complaints, providing information to individuals and organisations, and taking appropriate action when the law is broken."
(emphasis added)(Source: http://www.ico.gov.uk/about_us.aspx )

"What we do
We enforce the Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations and the Environmental Information Regulations
...
We influence thinking on privacy and access issues
...
We prosecute those who commit offences under the legislation"
(emphasis added) (source: http://www.ico.gov.uk/upload/documen...y/about_us.pdf )

I don't think I need to elaborate on any that now do I?

Privacy and Electronic Communications Regulations <- looks like I have some heavy reading to do tonight...

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'm stunned at the ICO's response here. And I mean stunned. What reasons could they have for passing the buck to the Home Office?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I can't believe this, the ICO are turning a blind eye to the whole thing? Someone has already mentioned that the government wanted to spy on our online activities, maybe using Phorm is the thin end of the wedge and using spin to say ohh it will make us all safer etc, they're hoping people will just accept it.

We HAVE to stop this

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Since when have public servants had the right to stop you quoting them? Dream on ICO you have no right to privacy, you exist to serve us. You are a public body funded by taxpayers.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Privacy and Electronic Communications (European Directive) Regulations 2003

Confidentiality of communications
6. - (1) Subject to paragraph (4), a person shall not use an electronic communications network to store information, or to gain access to information stored, in the terminal equipment of a subscriber or user unless the requirements of paragraph (2) are met.

(2) The requirements are that the subscriber or user of that terminal equipment -

(a) is provided with clear and comprehensive information about the purposes of the storage of, or access to, that information; and

(b) is given the opportunity to refuse the storage of or access to that information.


(on (a) clearly this requirement has not been met since BT did these trials in secret.)
(on (b) clearly this requirement has not been met since (yup you guessed it) BT didn't ask the subscriber/user for consent because they conducted the trials in secret.)
...

(4) Paragraph (1) shall not apply to the technical storage of, or access to, information -

(a) for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network; or

(b) where such storage or access is strictly necessary for the provision of an information society service requested by the subscriber or user.

...

(7)(3) Traffic data relating to a subscriber or user may be processed and stored by a provider of a public electronic communications service if -

(a) such processing and storage are for the purpose of marketing electronic communications services, or for the provision of value added services to that subscriber or user; and

(b) the subscriber or user to whom the traffic data relate has given his consent to such processing or storage; and

(c) such processing and storage are undertaken only for the duration necessary for the purposes specified in subparagraph (a).

(on (b) clearly this requirement has not been met as BT carried out these trials in secret and did not seek consent)
...

Further provisions relating to the processing of traffic data under regulation 7
8. - (1) Processing of traffic data in accordance with regulation 7(2) or (3) shall not be undertaken by a public communications provider unless the subscriber or user to whom the data relate has been provided with information regarding the types of traffic data which are to be processed and the duration of such processing and, in the case of processing in accordance with regulation 7(3), he has been provided with that information before his consent has been obtained.

(for fear of sounding like a broken record, these trials were carried out in secret; requirement of 8. above NOT MET!)
...

Modification of contracts
27. To the extent that any term in a contract between a subscriber to and the provider of a public electronic communications service or such a provider and the provider of an electronic communications network would be inconsistent with a requirement of these Regulations, that term shall be void.

(Could this possibly mean that simply changing terms and conditions would not work???)

...

Request that the Commissioner exercise his enforcement functions
32. Where it is alleged that there has been a contravention of any of the requirements of these Regulations either OFCOM or a person aggrieved by the alleged contravention may request the Commissioner to exercise his enforcement functions in respect of that contravention, but those functions shall be exercisable by the Commissioner whether or not he has been so requested.

(on 32 - so the IC is supposed to exercise his enforcement functions irrespective of whether an official complaint is made or not!)

Technical advice to the Commissioner
33. OFCOM shall comply with any reasonable request made by the Commissioner, in connection with his enforcement functions, for advice on technical and similar matters relating to electronic communications.
(Commissioner is referring to the Information Commissioner)

...

Amendment to the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
34. In regulation 3 of the Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000[16], for paragraph (3), there shall be substituted -

" (3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector so permits.".


In relation to the last point above re: Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000:

(a) monitoring or keeping a record of communications -

(i) in order to -

(aa) establish the existence of facts, or

(bb) ascertain compliance with regulatory or self-regulatory practices or procedures which are -

applicable to the system controller in the carrying on of his business or

applicable to another person in the carrying on of his business where that person is supervised by the system controller in respect of those practices or procedures, or

(cc) ascertain or demonstrate the standards which are achieved or ought to be achieved by persons using the system in the course of their duties, or

(ii) in the interests of national security, or

(iii) for the purpose of preventing or detecting crime, or

(iv) for the purpose of investigating or detecting the unauthorised use of that or any other telecommunication system, or

(v) where that is undertaken -

(aa) in order to secure, or

(bb) as an inherent part of,

the effective operation of the system (including any monitoring or keeping of a record which would be authorised by section 3(3) of the Act if the conditions in paragraphs (a) and (b) thereof were satisfied); or

(b) monitoring communications for the purpose of determining whether they are communications relevant to the system controller's business which fall within regulation 2(b)(i) above; or

(c) monitoring communications made to a confidential voice-telephony counselling or support service which is free of charge (other than the cost, if any, of making a telephone call) and operated in such a way that users may remain anonymous if they so choose.

(2) Conduct is authorised by paragraph (1) of this regulation only if -

(a) the interception in question is effected solely for the purpose of monitoring or (where appropriate) keeping a record of communications relevant to the system controller's business;

(b) the telecommunication system in question is provided for use wholly or partly in connection with that business;

(c) the system controller has made all reasonable efforts to inform every person who may use the telecommunication system in question that communications transmitted by means thereof may be intercepted; and

(d) in a case falling within -

(i) paragraph (1)(a)(ii) above, the person by or on whose behalf the interception is effected is a person specified in section 6(2)(a) to (i) of the Act;

(ii) paragraph (1)(b) above, the communication is one which is intended to be received (whether or not it has been actually received) by a person using the telecommunication system in question.

(3) Conduct falling within paragraph (1)(a)(i) above is authorised only to the extent that Article 5 of Directive 97/66/EC of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector[2] so permits.

---

Now what was that about ICO not being responsible for issues surrounding interception of communications again?

Alexander Hanff

---------- Post added at 14:33 ---------- Previous post was at 14:23 ----------

And here is Article 5 of Directive 97/66/EC:

Article 5

Confidentiality of the communications

1. Member States shall ensure the confidentiality of communications and the related traffic data by means of a public communications network and publicly available electronic communications services, through national legislation. In particular, they shall prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than users, without the consent of the users concerned, except when legally authorised to do so in accordance with Article 15(1). This paragraph shall not prevent technical storage which is necessary for the conveyance of a communication without prejudice to the principle of confidentiality.

2. Paragraph 1 shall not affect any legally authorised recording of communications and the related traffic data when carried out in the course of lawful business practice for the purpose of providing evidence of a commercial transaction or of any other business communication.

3. Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.

---

Maybe the ICO can explain to me again how unlawful interception is not covered by their office when the very regulations they claim to enforce on their web site create amendments to other legislation and regulations on interception specifically ?

Alexander Hanff

---------- Post added at 14:36 ---------- Previous post was at 14:33 ----------

*** Article 15(1) clearly doesn't state "For targetting customers with adverts":

Article 15

Application of certain provisions of Directive 95/46/EC

1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC. To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on European Union.

---------- Post added at 14:37 ---------- Previous post was at 14:36 ----------

oops sorry for the long post...

I have just edited the original post to put my own comments in italics so they don't get lost in all the legalise.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

read those yesterday i would read it that even if it some how went ahead if i refuse permision some cookie wouldnt be good enough as unless we agree they cant store or process the data and cant even sneak it it in as a section in "Terms & Conditions" as it says that would make any such condition null and void

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Yup that is certainly how I interpret the regulations. Without getting explicit consent to the change in terms (as opposed to implied which is what it would be if the terms were changed to opt people in by default) any Terms added would be void.

It is laughable though that the ICO claim to enforce legislation directly relating to this matter (see the first couple of points from the Privacy and Electronic Communications Regulations) in their official definition of themselves yet then go on to claim that the BT trials do not fall under their jurisdiction. It is blatantly clear that Privacy and Electronic Communications Regulations cover this issue directly as outlined in my previous post.

Of course the procedure for complaining about a public authority not doing there job is to first write to your MP and if a satisfactory solution is not obtained, to place a complaint with the Parliamentary Ombudsman. Looks like my MP is going to be busy with letters from me this month.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

C4's news coverage of BT/Phorm is now online.

http://www.channel4.com/news/article...tomers/1933047

Contains this very nice quote:

"The act of anonymising the surfing history of someone is in itself processing personal data. And someone is doing that, whether it's ISP or Phorm, so there's a good argument that that is a breach of the Data Protection Act." - Mike Conradi, Technology Lawyer

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Oooh - good old Channel 4 news: http://www.channel4.com/player/v2/pl...p?showId=11611

Would be nice if that made the evening one. A far better report than that BBC one earlier.

[EDIT: hehe, jinx!]

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Actually that opens up another albeit expensive possibility. If you write to the ICO and they reply in writing that they dont view it as being within their remit then it actually opens up the avenue of applying for a judicial review at the High Court. The problem with that is that it would most likely be prohibitively expensive.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Oooo some case law re: RIPA Crown vs C Stanford (Demon Internet). Stanford pleaded guilty judge says:

"It is essential people, in whatever walks of life, and, of course, those running important businesses, should know that the integrity of their confidential communication should be respected, and ... they will be protected from being hacked into by outsiders."

(Source: http://news.bbc.co.uk/1/hi/uk/4251264.stm )

That's the first piece of case law I have managed to find relating to RIPA and interception on a public telecommunications network which involved an individual as opposed to the police. I will try and dig up the paperwork for the case after I have had a sleep, but I suspect it is going to raise the same points we have been raising over Phorm for the past 6 weeks.

Alexander Hanff

---------- Post added at 16:13 ---------- Previous post was at 15:57 ----------

The Horizontal Effect of the Human Rights Act 1998

The protection of human rights in the private, as well as the public, sector is also supported by the Human Rights Act 1998 through its incorporation of the Convention into domestic law. The 1998 Act has a direct effect on public authorities and an indirect effect on private bodies. Public authorities are directly (vertically) bound since section 6(1) of the 1998 Act states that it is unlawful for a public authority to act incompatibly with Convention rights.(11) The 1998 Act also has a horizontal effect whereby Convention rights are indirectly enforceable against private bodies. This is achieved through sections 3 and 6 of the Act. Section 3(1) requires that the domestic courts interpret existing and future legislation (so far as it is possible to do so) in a way compatible with Convention rights (incompatible legislation remains valid). Section 3 is not worded to limit its effect only to legislation concerning public authorities, so it can apply to wholly private disputes.

Private bodies can also be indirectly bound by the 1998 Act since section 6(3)(a) defines a ‘public authority’ as including courts and tribunals. Therefore, in an action against a private body (for example, an employee suing for unfair dismissal) a human rights claim can be attached. The main cause of action is not the rights issue since these cannot be directly enforced against the private body (since section 6 only requires public authorities to act compatibly). Nevertheless, the court or tribunal is obliged to consider the human rights issue and must resolve it, through the application and interpretation of common law, equity or legislation, in a manner compatible with the Convention.(12)

The positive obligation imposed on states by the European Convention on Human Rights also lends weight to the argument that section 6 should have horizontal effect. Firstly, because the courts are part of the state they are subject to the Convention obligations, and these feed through into domestic law via section 6 and are imposed on the courts as public authorities (Davies 2000, p.839; Lester and Pannick 2000, p.381; Hunt 1998, pp.435-6). Secondly, section 2 of the 1998 Act requires that the courts must take Convention jurisprudence into account when interpreting Convention rights. Thus, the positive obligation will also come to form a part of domestic jurisprudence through this route (Bamforth 1999, pp.166-8).

The end result is that just as an individual or business can now claim privacy rights against public authorities in both international and domestic law, a private body (such as a business) may also find itself vulnerable to privacy claims from other private bodies (such as employees). However, just as the public authority may be able to show a legal justification for its interference with rights, equally a business may also be able to justify its interference. In particular, as a ‘legal person’ a business could monitor the communications of its employees in order to protect its own right to peaceful enjoyment of possessions (Article 1, First Protocol) against threats to its trade secrets or reputation (Bingley 2000, p.5). The restriction to an employee’s privacy could then be justified as falling within Article 8(2) ‘for the protection of the rights and freedoms of others.’

(Source: http://webjcli.ncl.ac.uk/2002/issue1/kb-rm1.html )

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

OK, so who to write to with this information? Any one influential minister or adviser in particular? This is an abject cop out and needs to be seriously challenged.

[Edited to include]

Looks like the Shadow Home Secretary, David Davis, would be a good bet after his comments as reported by the BBC: http://news.bbc.co.uk/1/hi/uk_politics/7327082.stm:

Mr Davis - a self-confessed "geek" who studied computer science in the late 1960s - said there needed to be a "shake-up in attitudes, strategy and the whole mindset of government on cyber-crime".

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Alexander, it sounds like you need to pass this info on to chris at Elreg, and even charles if you must, they are far better placed to get the official quotes you have been talking about.

perhaps even the BBC and C4 might be useful in this, but chris is the first port of call as he's done so much in all this already. send him an email, he will know you with your crime No. and injunction text im sure, if he's not already read your post here ;) .

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Has anyone contacted the Shadow Home Secretary, David Davis yet? This sounds like a good avenue to explore. I'm not very good with letters and stuff (although I have written a few), but would be happy to support Alexander/Popper/CaptJamie in any letters they write.

I must thank many people, especially Alexander/Popper/CaptJamie for the time they have spend, both here and elsewhere on the web in support of our cause. Your continued and tireless campaigning is VERY much appreciated.

Ali ((huggsss))

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

:blush: You're making me go all shy now... :blush:

Which is generally perceived as the best way to get in touch with an MP or MEP? Being a bit old fashioned I tend to go for letters but things move so quickly now it seems e-mail is the better way to go. Any thoughts?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I've found http://www.writetothem.com/ works quite well...

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

IPM on radeo 4 have PHORM in the posible line up for Saterdays show

http://www.bbc.co.uk/blogs/ipm/2008/...il_5th_1.shtml

the more people who contact them on this the better chance of it being included so please get contacting

thanks

col

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I would like to add my thanks and gratitude too.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

ditto... big :tu:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Same here. :nworthy:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Channel 4 news have just indicated at the start of the programme that they will be discussing BT during the programme.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

C4 (VM 104) is broadcasting the Phorm story right now, i dont have my DVB-T card pluged in so i cant capture it for you, sorry.

perhaps they may put the clip up at some point...later

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I've just watched the 2 clips from BBC Breakfast this morning - one was a "package" piece, and was embarrassingly simplistic, factually incorrect and pro-Phorm.
However, the other, an interview on the couch with the hapless woman from BT, was rather better: the female interviewer did not let her spout BT platitudes, and used the kind of language that we here has been using: she repeatedly accused BT of "spying on their customers" and pointed out that BT's customers would not be happy if they found out about this.
She (the interviewer) seemed genuinely irate that the country's national carrier could get away with doing this, so let's hope the BBC put out more items like that in the future.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

ohh the US credit crunch might over shadow the ISP/Phorm story...., OC :sick: perhaps thats the reason why Phorm came here first, to bank the UK cash to help them in their Upkeep of their slumping homes prices in the US

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Channel 4 "News at Noon" Link http://www.channel4.com/news/article...tomers/1933047

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

The one from C4 earlier today is worth a look if you've not seen it...

http://www.channel4.com/news/article...tomers/1933047

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

This is a draft e-mail to David Davis. I'm assuming that although he's a "self confessed geek" he might not be completely up to speed on the Phorm issue. Sorry for the length but as you probably noticed, I'm not very good at concise. Suggestions, enhancements and corrections appreciated.

From: Me
To: davisd@parliament.uk

Dear Mr Davis,

I should like to bring to your attention a number of worrying recent developments in the field of internet privacy and of the failure of the Office of the Information Commissioner to investigate what appear to be breaches of the Data Protection Act and Regulation of Investigatory Powers Act.

You may already be aware that three major internet service providers (ISPs) have signed agreements with a company known as Phorm to sell the internet browsing data of their users as part of a "targeted advertising" scheme.

Computer news site The Register has uncovered a number of disturbing facts about Phorm including its previous involvement in spyware under a different name. Phorm prefer to spin this fact saying they were involved in adware. A cursory look at http://blogs.zdnet.com/Spyware/index.php?p=820, http://www.f-secure.com/sw-desc/peopleonpage.shtml and http://www.f-secure.com/sw-desc/apropos.shtml suggests differently.

Phorm make a number of claims about their "product" being "a gold standard in user privacy" but despite being present on The Register, CableForum and a number of weblogs they have failed to openly and honestly answer detailed technical questions and concerns put in the public domain. You can find an example of such questions on http://www.theregister.co.uk/2008/03...ster/comments/

Particularly I refer to the growing belief that Phorm is illegal under RIPA. The Foundation for Information Policy Research has published an open letter to Richard Thomas, the Information Commissioner, stating this belief.

This letter is at http://www.fipr.org/080317icoletter.html

The Guardian newspaper recently rejected Phorm, saying that their "decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." As polite a devastating put down as I have ever seen.

More recently The Register obtained proof that BT not only secretly tested this "product" in June 2007 but lied to cover up this fact. Customers were given various excuses for their concerns, but no customer was told the truth. The report is at http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/

This issue took an even more serious turn when The Register revealed that it had seen documentary evidence confirming that "BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006."

This in addition to the secret 2007 tests. The Regulation of Investigatory Powers Act 2000 makes intercepting internet traffic without a warrant or consent an offence. It seems to me that illegally intercepting 18,000 customers' internet traffic is in breach of that legislation. As was the first secret test. I contend that BT must also be in breach of the Data Protection Act as the data was collected without customers' consent.

Please read the full report at http://www.theregister.co.uk/2008/04...rm_2006_trial/

BT claimed that there was nothing illegal about the trials but refused to answer a number of direct questions asked by The Register about Stratis Scleparis, the BT Retail CTO who became Phorm CTO after the first successful secret trial. BT preferred to hide behind a bland statement and refused to apologise to customers.

The report is at http://www.theregister.co.uk/2008/04...orm_interview/

I am also led to understand that the Metropolitan Police declined to record the first of BT's secret tests as a crime when a colleague tried to report it as such. Please read the report at http://denyphorm.blogspot.com/2008/0...ort-crime.html

A number of people have already complained to the ICO but had little back in response.

Today we became aware that despite these facts coming to light, the ICO have said that there is definitely no official investigation by ICO with regards to Phorm. Neither is there any investigation with regards the BT secret trials of 2006 and 2007.

I am led to believe the ICO are claiming that RIPA falls under the remit of the Home Office. The ICO seem unwilling to accept there should be an investigation into the activities of BT and Phorm. I should also add that the ICO were also extremely reluctant to divulge this information to a colleague and refused permission to quote them.

This cannot be acceptable from a public servant organisation.

This cannot be acceptable from the organisation created to "protect personal information" "provide information to individuals and organisations" and "take appropriate action when the law is broken."

A major telcommunications company in the UK has betrayed the trust placed in it by its users. It and its accomplice, Phorm, should surely be brought to book for this flagrant violation of privacy legislation.

One cannot help but wonder if the lack of action by the government and ICO is influenced in any way by the presence of former Labour minister Patricia Hewitt. I am not suggesting any impropriety but I am sure you appreciate that I and many others cannot understand why BT and Phorm are being allowed to breach internet users' privacy with complete disregard for their customers or the law.

I urge you to take up this issue with your colleagues in both Houses, the House Of Commons Science and Technology and Culture, Media and Sport Committees and the House Of Lords Science and Technology Committee.

Thank you for your time. If I may be of any further assistance to you please do not hesitate to get in touch.

Yours sincerely

The Parliamentary committees may be worth contacting: the House Of Lords committee at http://www.parliament.uk/parliamenta...ct_details.cfm and the House Of Commons Select Committee at http://www.parliament.uk/parliamenta..._committee.cfm
and the Commons Culture, Media and Sport committee at http://www.parliament.uk/parliamenta...rt_members.cfm

Each one has a number of members. More people to enlighten and educate.

Sorry for the length. I need a cup of tea now!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

ohh yes, the old blipverts....

i cant find the old video clip for that in 2 minutes but others might have fun looking
http://www.maxheadroom.com/mh_episode_11.html

Carter: "Edison Carter to Network 23... come on, guys, clear this link!"

https://www.cableforum.co.uk/images/...2008/04/28.gif Carter: "This is Edison Carter, answering the questions other people are afraid to ask. What I want to know is this: Who died today in apartment complex 1-4-2-zeta, and who is trying to suppress the story?"

https://www.cableforum.co.uk/images/...2008/04/28.gif Murray: "Have you looked at our ratings? The numbers are up three points in the first five minutes!"

https://www.cableforum.co.uk/images/...2008/04/28.gif Carter: "It's MY neck out there!"

https://www.cableforum.co.uk/images/...2008/04/28.gif Gene Ashwell: "Come on, Ben - the only people that inactive are pensioners, the sick or the unemployed... I mean, who really cares?"

https://www.cableforum.co.uk/images/...2008/04/28.gif Mrs. Formby: "We are the only channel with blipverts. We lose them, and we lose the Zik-Zak Corporation to our competitors."
....
"

http://search.virginmedia.com/result...&cr=&x=28&y=13

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Fantastic letter CaptJamieHunter

Can I also take this opportunity to thank everyone on the forum who has helped steer us all in the right direction.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

CaptJamie, you might want to work in part of this, we need to get more basic and explain this deep packet inspection unit and how they should be scared.

keep away from the fluffy its good advertising, and stops Phishing....

this kit VirginMedia and BT etc are being given for free by Phorm to install at the other end of your line is called a deep packet inspection unit,and its job is used to inspect every single bit of data that passes through it, its original intent was for the worlds govts to use in tracking illegal activitys and even then , only after a court judge has looked at the evidence and authorised its use.

this is not your usual new tech ,its been around for a very long time, but now your friendly US ex-spyware vendor is using it to collect your copyrighted personal data (all of it ,potentially) and profit from that data as they chose, they seem to think they are higher than the courts in this matter and dont need to bother, perhaps the Uk's judges have another opinion about that?.

how may UK Judges have BT,VM as their office and home broadband connections ?, VM do carry a lot of the countrys govt network after all, if your a judge thats not a tech head, consider that, do you want this deep packet inspection kit potentially looking at every single bit of data (key presses and mouse movements/clicks etc) that passes from your PC on the desk to your viewed web pages and back?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

:clap: :clap: :clap: for captjamiehunter.

Love the letter. One slight addition.. you need to add in that Patricia Hewitt sits on the BT board.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

i want a judge or two to give personal comment on this, i cant think they would be happy in any of it....

anyone been to the Uk judges blogs, i keep forgetting to look and comment.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thanks for the feedback. Patricia Hewitt is mentioned towards the bottom, along with a possible perception of impropriety.

I'll work on a deep packet element (which I hope I can keep short) after another cup of tea.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I have a few questions!

1. Is my browsing speeds going to be effected by what is going to be a proxy in disguise?

2. Also is their any law against targeting children with phorm as each logon would have their own cookie and the last thing I want is some company pedding adverts to my child?

Also here will be a way to get around the advertsing bans on TV before watershed. As the information will plainly show it's a child browsing if their visting websites like childrens bbc etc.

3. Also who will maintain these boxes and who will oversee any modification to what they can scan.

Will it Virgin or Phorm?

4. Will Virgin even have access to see what these boxes are doing?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Ooh I must have rattled a cage with my last reply to the Phorm team, they've been on my blog again :)

After a cuppa I'll start my response :)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

All good stuff, I'll make my coments in the body of it in some way.
At a high level you want to cover Illigal under RIPA / Passing the buck between ICO and Home Office, other companies backing away due to nature of tracking.
You might want to [1] annotate the links and put the hyperlinks themselves at the bottom of the letter.
You really want this to fit to a page of printed paper 1.5 spaced with the main information on the first half of the page. Thats about the attention he will be able to give it.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thanks for the link. I've just watched Channel 4 news (evening edition) and the piece on BT/Phorm was far better than anything the BBC has done to date. We need to keep this story on the boil and hopefully Channel 4 at least will run with it.

To CaptainJamieHunter:

Well done sir for a clear, concise letter to David Davis.

Other than the Patricia Hewiit/BT Board link and a line or two about deep packet inspection, the only possible addition I could think of was maybe reference to the fact that the offered opt-out will still result in a customer's data being routed through the deep packet inspection kit (the implication being that we only have their word for it that we're not still being profiled, and no means to verify or disprove that fact)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

One cup of tea later and we have a new amendment:

Dear Mr Davis,

I should like to bring to your attention a number of worrying recent developments in the field of internet privacy and of the failure of the Office of the Information Commissioner to investigate what appear to be breaches of the Data Protection Act and Regulation of Investigatory Powers Act.

You may already be aware that three major internet service providers (ISPs) have signed agreements with a company known as Phorm to sell the internet browsing data of their users as part of a "targeted advertising" scheme.

Computer news site The Register has uncovered a number of disturbing facts about Phorm including its previous involvement in spyware under a different name. Phorm prefer to spin this fact saying they were involved in adware. A cursory look at http://blogs.zdnet.com/Spyware/index.php?p=820,
http://www.f-secure.com/sw-desc/peopleonpage.shtml and
http://www.f-secure.com/sw-desc/apropos.shtml suggests differently/

Phorm make a number of claims about their "product" being "a gold standard in user privacy" but despite being present on The Register, CableForum and a number of weblogs they have failed to openly and honestly answer detailed technical questions and concerns put in the public domain.

The technology which causes greatest concern is that of Deep Packet Inspection. This unit is installed by Phorm - the ISP has no access to it so cannot test, check or verify anything about the unit - and it inspects every packet of data which passes through it. Everyone who works at home, be they home workers, members of Parliament, judges, would find their data being subjected to the kind of inspection only intended for criminal activities and which would only ever be available to a judge following due legal process but here will be available to a company with a very questionable history. Confidential Crown material worked on by yourself or your Right Honourable colleagues could well be tapped under such a scheme.

There are unanswered questions about where this data will be stored. Phorm has offices in Moscow and New York. If this data is stored anywhere other than the UK then it is not subject to UK Data Protection legislation.

A simple analogy is your daily post. Imagine if every piece of post was opened, read, its contents noted and then resealed before being given to you. But you don't know who the person reading your post is. You don't know where that information could reappear. You don't know how many confidences will be betrayed. Every piece of post. Letters from constituents, Parliamentary colleagues, business colleagues, friends, family members, others raising issues with you as I am.

That is what Phorm is about.

You will understand now why I refer to the growing belief that Phorm is illegal under RIPA. Government advisors The Foundation for Information Policy Research has published an open letter to Richard Thomas, the Information Commissioner, stating this belief.

This letter is at http://www.fipr.org/080317icoletter.html

The Guardian newspaper recently rejected Phorm, saying that their "decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." As polite a devastating put down as I have ever seen.

More recently The Register obtained proof that BT not only secretly tested this "product" in June 2007 but lied to cover up this fact. Customers were given various excuses for their concerns, but no customer was told the truth.

The report is at http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/

This issue took an even more serious turn when The Register revealed that it had seen documentary evidence confirming that "BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006."

This in addition to the secret 2007 tests. The Regulation of Investigatory Powers Act 2000 makes intercepting internet traffic without a warrant or consent an offence. It seems to me that illegally intercepting 18,000 customers' internet traffic is in breach of that legislation. As was the first secret test. I contend that BT must also be in breach of the Data Protection Act as the data was collected without customers' consent.

Please read the full report at
http://www.theregister.co.uk/2008/04...rm_2006_trial/

BT claimed that there was nothing illegal about the trials but refused to answer a number of direct questions asked by The Register about Stratis Scleparis, the BT Retail CTO who became Phorm CTO after the first successful secret trial. BT preferred to hide behind a bland statement and refused to apologise to customers.

The report is at http://www.theregister.co.uk/2008/04...orm_interview/

I am also led to understand that the Metropolitan Police declined to record the first of BT's secret tests as a crime when a colleague tried to report it as such. Please read the report at http://denyphorm.blogspot.com/2008/0...ort-crime.html

A number of people have already complained to the ICO but had little back in response.

Today we became aware that despite these facts coming to light, the ICO have said that there is definitely no official investigation by ICO with regards to Phorm. Neither is there any investigation with regards the BT secret trials of 2006 and 2007.

I am led to believe the ICO are claiming that RIPA falls under the remit of the Home Office. The ICO seem unwilling to accept there should be an investigation into the activities of BT and Phorm. I should also add that the ICO were also extremely reluctant to divulge this information to a colleague
and refused permission to quote them.

This cannot be acceptable from a public servant organisation.

This cannot be acceptable from the organisation created to "protect personal information" "provide information to individuals and organisations" and "take appropriate action when the law is broken."

A major telcommunications company in the UK has betrayed the trust placed in it by its users. It and its accomplice, Phorm, should surely be brought to book for this flagrant violation of privacy legislation.

One cannot help but wonder if the lack of action by the government and ICO is influenced in any way by the presence of former Labour minister Patricia Hewitt. I am not suggesting any impropriety but I am sure you appreciate that I and many others cannot understand why BT and Phorm are being allowed to breach internet users' privacy with complete disregard for their customers or the law.

I urge you to take up this issue with your colleagues in both Houses, the House Of Commons Select Committee on Science and Technology and the House Of Lords Science and Technology Committee.

Thank you for your time. If I may be of any further assistance to you please do not hesitate to get in touch.

Yours sincerely

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

:clap:

Jamie, you are a star, thank you (and those who have contributed) so very much, it's a fab letter. I can't see anything that's been missed out. Do you mind if we use this to send to our own MPs/MEPs/ local councils etc?

Ali ((huggsss))

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Here's the latest comment I've received on my blog.

The comment also had an IP address on it. I've been busy with things for a meeting tomorrow so have yet to reply.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

:blush: You're making me shy again :blush:

The wording isn't quite fixed yet, I'm just working on a trimmed version that flows a little better. By all means, please feel free to use this as the basis for any letters you want to send.

I'll post my final version at 10:45 after I've had a drink and a chill out.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hello :)

I've been lurking for a while and i'm very interested in this subject.

I'm studying for my CCNA (Cisco Certified Network Associate) and this particular message prompted me to sign up and reply.

I've just read Poppers thread about "deep packet inspection" and you may wish to read about this.........

en.wikipedia.org/wiki/Deep_packet_inspection



From a network perspective DPI is a genuine and perfectly proper function to exist.

It's very appropriate from within an ISP because in fact they are obligated to use such technology for the purposes of copyright enforcement,unfair use of bandwidth and other factors.

What seems to be going awry here is the misuse of this technology for financial gain. Phorm are exploiting this technology purely for there own benefit and will use isp's to do so.

I hope that Virgin Media do the right thing and dis-associate themselves from Phorm asap.

I agree with many posters here that this whole debacle is extremely damaging to VM.

My wish is to stay with VM because it's been a very reliable internet service. However, I WILL have to cancel my service with them and just hope that this exploitation and blatant breach of the DPA does not pass over to other providers.

Thanks for reading my rant :)

Awra best

Andy


PS. A fantastic letter to David Davis MP Captain!!!:)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

As virgin are due to increase their prices in June does this give me an excuse to cancel my 12 month deal which started in Feb ?

The terms and conditions seem to indicate that I can cancel

I am not bothered about the price increase I just want to use the increase as a stick to beat vm with because of the phorm phiasco

Can anyone confirm if i can cancel ?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi

I don't think you can cancel because VM can change prices etc as per T&C's.

The cooling off period you had has since expired so to cancel now will cost you sorry to say.

I understand your reasoning :)

cheers

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

:welcome: Andy,

I'm glad you've decided to delurk :)

The whole Phorm debate is something that concerns us all, I was just watching a programme on BBC1 about identity theft, the experts are telling us to protect ourselves and our ISP's are teaming up with a 3rd party firm with a history in spyware adding another tier of risk to our online activity.

Like you I've had no problems with my internet from Telewest/VM and to have to drop down to a more unreliable dsl connection wouldn't be ideal.

Virgin have said in a letter replying to one of the forum members letters that they would distance themselves from anything that tarnished the Virgin brand.
Well Phorm certainly does that.

I find it amusing that the Virgin group promote themselves on the following page

http://www.virgin.com/AboutVirgin/Wh...vigateToPage=3

"Brilliant Customer Service" I'm sorry, but selling your customers privacy to a spyware company certainly isn't.

Good luck with your CCNA :)

Happy posting.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Here is an excerpt from there t & c's

Look at section 3 , this seems to say if they increase prices then you can cancel ?

J Ending this agreement

1. This agreement will continue until the end of the minimum period for each service you take. After the end of all relevant minimum periods, any party may end this agreement by giving the other 30 days' notice. You must pay any relevant usage charges and line rental up to the end of that 30-day notice period. You may also cancel a service after the end of its minimum period by giving us 30 days' notice.
2. If you end this agreement before the end of the minimum period for any of the services (other than in the circumstances outlined in section K or paragraph J3), you must immediately pay (to Virgin Media Payments) the balance of the line rental (if this applies) or the monthly charges (or both) that you would have paid for the rest of the minimum period for each separate service (based on the line rental and monthly charges that you are paying when your agreement ends). If you cancel any but not all of your services before the end of their minimum period, you must immediately pay (to Virgin Media Payments) the balance of the line rental (if this applies) or the monthly charges (or both) that you would have paid for the rest of the minimum period for those services (based on the line rental and monthly charges that you are paying when you cancel those services).

3. If:
1. we and/or Virgin Media Payments increase our charges under this agreement;
2. we make significant changes to the services so the services you are entitled to receive in return for the charges you pay are significantly altered or reduced; or
3. we and/or Virgin Media Payments make significant changes to the terms and conditions of this agreement (including the other legal stuff),
you may cancel those services affected without penalty by giving us at least 30 days' notice in writing. If you cancel any services in these circumstances, the increased charges will not apply to those services during the 30 day notice period and paragraph J2 will not apply if you cancel before the end of the minimum period. If you do not give us notice of cancellation within 30 days of any increase in charges or changes to the services or this agreement being notified to you or, if later, receipt of your first bill following such increase in charges, we and Virgin Media Payments will assume that you have accepted the increase in charges and the changes to the services and this agreement and you will no longer be able to cancel your services under this paragraph.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Aren't the broadband prices staying the same? I only have internet with Virgin - No TV or Telephone - and I've always had paperless billing (or, at least, they've never sent me a paper one!) so presumably my bill doesn't go up on June 1st? Or have I misunderstood?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thanks for the welcome Ravenheart :)

I've watched today's news with gusto.

Krishnan Guru Murthy from CH4 news really laid into the rep from BT. I really hope CH4 don't drop this subject!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'm finding all this a bit deep for my very basic knowledge.My concerns lie with online banking security.Would Phorm be able to snoop on such info?Is this why Nationwide are issuing card readers for online transactions?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

My apologies flashpaul. It would certainly seem that you can cancel.

I hope the BB prices stay the same. We just cancelled our tv service cos it's totally useless. Freeview is much more reliable :)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I don't have paperless billing so my prices will go up
and I think that gives me the right to cancel !

If vm state in writing that I can leave if phorm is intorduced then I will stay put , otherwise I will cancel all my services

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Bank websites use HTTPS pages which are encrypted, so even if the Phorm profiler reads the contents (and they claim that it doesn't even try to), it's virtually impossible that they'll be able to decrypt them to gain any information - it would take a long-term brute-force attack using colossal amounts of processor power to even attempt this...

Other banks are also currently issuing card readers, but I think this is more to do with defeating keyloggers and phishing sites.

However, what people are concerned about is the possibilty that the Phorm kit will at least know which bank you are with, by logging the fact that you are visiting the same banking URL regularly - and that's something I wouldn't want advertisers to know about me.

---------- Post added at 22:52 ---------- Previous post was at 22:46 ----------

I agree.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'm sure you could cancel because of.........

3. If:
1. we and/or Virgin Media Payments increase our charges under this agreement;
2. we make significant changes to the services so the services you are entitled to receive in return for the charges you pay are significantly altered or reduced; or
3. we and/or Virgin Media Payments make significant changes to the terms and conditions of this agreement (including the other legal stuff),

Who knows how long VM will prevaricate with this sordid mess?

Your 12 month agreement could have well passed and it won't cost you either way.

Hope it works out for you mate

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

OK, here is the final version. Please feel free to use as a base for letters to educate MPs, MEPs, regulatory bodies, businesspeople and anyone with influence about what Phorm really is and how they and BT have acted.

Dear Mr Davis,

I should like to bring to your attention a number of worrying recent developments in the field of internet privacy and of the failure of the Office of the Information Commissioner to investigate what appear to be two clear breaches of the Data Protection Act and Regulation of Investigatory Powers Act by a major communications provider working with an advertising company.

You may already be aware that three major internet service providers (ISPs) have signed agreements with a company known as Phorm to sell to them the internet browsing data of their users as part of a "targeted advertising" scheme.

Computer news site The Register has uncovered a number of disturbing facts about Phorm including its previous involvement in spyware under a different name. Phorm prefer to spin this fact saying they were involved in adware. A cursory look at http://blogs.zdnet.com/Spyware/index.php?p=820, http://www.f-secure.com/sw-desc/peopleonpage.shtml and http://www.f-secure.com/sw-desc/apropos.shtml suggests differently, however.

Phorm make a number of claims about their "product" being "a gold standard in user privacy" but despite being present on The Register, CableForum and a number of weblogs they have failed to openly and honestly answer detailed technical questions and concerns put in the public domain.

The technology which causes greatest concern is that of Deep Packet Inspection and its use by this advertising company. This unit is installed by Phorm - the ISP has no access to it so cannot test, check or verify anything about the unit - and it inspects every packet of data which passes through it.

Everyone who works at home, be they home workers, members of Parliament, judges, would find their data being subjected to the kind of inspection only intended for law enforcement activities and which normally would only ever be available to a judge following due legal process but here will be available to a company with a very questionable history. Confidential Crown material worked on by
yourself or your Right Honourable colleagues, critically confidential business, personal or even security information could well be tapped under such a scheme.

A simple analogy is your daily post. Imagine if every piece of post was opened, read, its contents noted and then resealed before being given to you. But you don't know who the person reading your post is. You don't know where that information could reappear or how it could be used. You don't know how many confidences will be betrayed. Every piece of post. Letters from constituents, Parliamentary colleagues, business colleagues, friends, family, others raising issues with you as I am.

That is what Phorm is about. Financial gain from your personal activities and information.

You will understand now why I refer to the growing belief that Phorm is illegal under RIPA. Government advisors The Foundation for Information Policy Research has published an open letter to Richard Thomas, the Information Commissioner, stating this belief. This letter is at http://www.fipr.org/080317icoletter.html

Soon after this open letter appeared The Guardian newspaper recently rejected Phorm, saying that their "decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." As polite yet devastating a put down as I have ever seen.

More recently The Register obtained proof that BT not only secretly tested this "product" in June 2007 but lied to cover up this fact. Customers were given various excuses for their concerns, but no customer was told the truth. The report is at http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/

This issue took an even more serious turn when The Register revealed that it had seen documentary evidence confirming that "BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006."

This in addition to the secret 2007 tests. The Regulation of Investigatory Powers Act 2000 makes intercepting internet traffic without a warrant or consent an offence. It seems to me that illegally intercepting 18,000 customers' internet traffic is in breach of that legislation. As was the first secret test. I contend that BT must also be in breach of the Data Protection Act as the data was collected without customers' consent.

Please read the full report at http://www.theregister.co.uk/2008/04...rm_2006_trial/

BT claimed that there was nothing illegal about the trials but refused to answer a number of direct questions asked by The Register about Stratis Scleparis, the BT Retail CTO who became Phorm CTO after the first successful secret trial. BT preferred to hide behind a bland statement and refused to apologise to customers or acknowledge anything illegal took place.

The report is at http://www.theregister.co.uk/2008/04...orm_interview/

A number of people have already complained to the ICO but had little back in response.

Today I and others became aware that despite these facts coming to light, the ICO have said that there is definitely no official investigation by ICO with regards to Phorm. Neither is there any investigation with regards to the BT secret trials of 2006 and 2007.

I am led to believe the ICO are claiming that RIPA falls under the remit of the Home Office. The ICO seem unwilling to accept there should be an investigation into the activities of BT and Phorm. I should also add that the ICO were also extremely reluctant to divulge this information to a colleague and refused permission to quote them.

This cannot be acceptable from a public servant organisation.

This cannot be acceptable from the organisation created to "protect personal information" "provide information to individuals and organisations" and "take appropriate action when the law is broken."

If the ICO cannot or will not take responsibility for an investigation, why is this the case? Who has the legislative power to investigate this breach of 18,000 customers' privacy?

A major telcommunications company in the UK has betrayed the trust placed in it by its users. It and its accomplice, Phorm, should surely be brought to book for this flagrant violation of privacy legislation.

Is this really going to be allowed to pass by unchallenged?

One cannot help but wonder if the lack of action by the government and ICO is influenced in any way by the presence of former Labour minister Patricia Hewitt on the board of BT.

I am sure you appreciate that I and many others cannot understand why BT and Phorm are being allowed to breach internet users' privacy with complete disregard for their customers or the law.

I urge you to take up this issue with your colleagues in both Houses, the House Of Commons Select Committee on Science and Technology and the House Of Lords Science and Technology Committee.

Thank you for your time. If I may be of any further assistance to you please do not hesitate to get in touch.

Yours sincerely

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

if they implement this some how with out it falling foul of the law it would still be enough of a change for us to leave the contract with out penalty anyway

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Great they post a dead link as evidence.

I work in IT support in a University and had a HUGE problem removing this from student systems.

Th eprocess was made more complicated by the strange folder and regestery names. The tool that 121 provided at the time could kill the PC to a point of needing a re-install. And if it did work it would leave reg keys and files behind,

So being easy for users to unintall the process went like this

work in safe mode
run a 3rd party fix tool
delete several regestery keys
delete 4 hidden and protected files from 4 directories all with scrambled names
uninstall 2 programs from add remove

Easy to remove - I spent so much time over this that I still get cold sweat ath the thought of it.

There are other removal ways but this is what I remember doing. I do remember the official tool was a bag of crap that was as bad as the infection.

They are lying b**te*ds

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

you really should try and make the time to read the T&C.

theres a section (i forget were now) that says any price change allows your exit from the contract without penalty,so yes you can.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'll just stick to reading my CCNA books and college notes!! Thats great bedtime reading! lol

Fair comment though. I'll try and brush up ;)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

just for information more that anything.

its rather common that people mix these up, but infact the Virgin group do not own the Vigin Media cable company.

ntl/tw/etc are still the same old companys rolled in to one, the ntl/tw US board infact licenced the Vigin brand name from the Virgin group for a 20 year lease , and someone inside ntl/tw slaped the Media on the end hence 'Virgin Media'

they also pay RB a seperate retainer for acting as their figurhead and call him out when the need arises.

so while RB and his the Virgin group are one of the largest shareholders in VM they dont have the seat on the board,or run the cable/uk mobile company.

HOWEVER given the Virgin group own the V brand name, the ntl/tw US board of directors are infact bringing the virgin brand into disrepute(sp) and it seems reasonable that there will be clauses in the signed contract forbiding this, so the Virgin group must be interested in anything such as this VM ISP Phorm deal....

---------- Post added at 23:28 ---------- Previous post was at 23:24 ----------

lol, i didnt mean to put you off, just the first reply i clicked on, thanks for pointing the readers to DPI BTW, they may be enlightened as to how powerful this isp/phorm kit is and as an end user you have no control over that....without a dpa notice being sent etc.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

No probs popper and thanks for highlighting it in the first place.

We occasionally have to use packet sniffers on our private network for bandwidth monitoring purposes. It's a very useful technology but god only knows it's wide open for exploitation in the wrong hands. :erm:

Cheers

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi Popper,

Thanks for clarifying that, I did know that Virgin put their names to things without having a direct input, as IIRC when they sold the Virgin Megastores to a French company there was some sort of deal for them to keep the Virgin name for a period of time. After seeing the VM link on that Virgin site I thought they had more input than they seem to have. :)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

This is why I don't understand why there hasn't been some kind of statement by Sir Beardy. I've had a generic letter from VM Customer Service saying "we'll get back to you" but I don't know whether it's in response to my letter to Neil Berkett or to Sir Beardy.

My response to Ian Woodham went out yesterday and it emphasises how much of a hammering the Virgin Media brand is taking. It's now associated with Phorm and BT and illegal wiretapping of customers' data. With every passing days' silence that perception becomes more and more embedded in peoples' minds.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

You need to metion ICO's obligation to enforce the Privacy and Electronic Communications Regulations with regards the BT secret trials. Whereas ICO might be able to say that RIPA falls under the remit of Home Office they cannot sidestep Privacy and Electronic Communications Regulations as I outlined in my previous post.

Feel free to cite the relevant parts directly from the beginning of that very long post I made.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi All,

Apologies if this has been asked before but the thread has been going for some time now and although I have read it all it has been over the past few days so I may have missed this if it was asked before.

Firstly my thanks go to all those (Alexander/Popper/CaptJamie et al) who have been posting about this and more, been emailing MPs etc. They insipred me to email my MP, MEP and sign the petition.

As a personal user of Virgin I am seriously ticked off about this but due to my location am unable to swap to ADSL so will sign up with Relakks or similar.

However more importantly is this spyware going to be implemented on all BT lines or solely on residential/home use. I ask this as I work for a company who use BT for all our non head office broadband. Moreover we provide the ability for our clients to connect to us for payroll and hr purposes. Although our client connections to the payroll/hr systems are via a minimum of SSL and preferably via L2TP/IPsec our staff still access the internet over clear channels. They access Inland Revenue for the UK and elsewhere as well as other payroll related sites.
BT also provide the leased line that links our head office - is there reason for concern there?
Maybe I am being paranoid but BS7799 seems to be fairly strict and we have this certification and dont want to lose it.
Thanks

WinstonS

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Well, here's my contribution to Suggest a Story for April 5th pm. And I do mention Sir Richard Branson.

Phorm - some questions for the Government, BT and others

As a consumer who uses the Internet a lot I am very concerned about the current proposals for BT, Virgin Media and Carphone Warehouse (Talk Talk) to partner with Phorm to use deep packet inspection to monitor subscribers' web activity, in order to present targeted advertising to them on sites which are also signed up to the Phorm service.

... ... ...

It's time the BBC was asking the government a difficult question. Why has BT not yet been prosecuted for their Phorm trials which were in clear and unequivocal breach of the law?

You might also want to try to get a straight answer from BT on why they think the interceptions they carried out in the trials were not illegal.

You might want to ask BT whether they propose to make Phorm "opt-in" or "opt-out". You might want to ask whether those who opt-out will have to take action – e.g. maintain a cookie on their PC. You might want to ask BT whether those opted-out will still have their web traffic inspected anyway, just not acted upon.

You might want to ask how Phorm can be legal even if the user is misled into giving consent – for a wiretap to be legal, both parties have to give their consent, and it is unlikely that all websites would agree to traffic to their websites being intercepted.

You might want to ask BT why they are partnering with a company who as 121media was notorious as a source of rootkit malware. See:
http://www.f-secure.com/sw-desc/peopleonpage.shtml
http://www.f-secure.com/sw-desc/apropos.shtml
This was some of the most intractable malware on the Internet. Phorm may say it was easy to remove, but the process was: work in safe mode - run a 3rd party fix tool - delete several registry keys - delete 4 hidden and protected files from 4 directories all with scrambled names - uninstall 2 programs from add/remove. Easy to remove? I don't think so.

You might want to ask Sir Richard Branson what damage he thinks Virgin Media's proposal to use Phorm is doing to the Virgin brand.

The ISPs, led by BT, appear to be hell-bent on proceeding with the Phorm rollout. Their excuses range from the ridiculous ("it will increase privacy" (how?)) to the disingenuous ("Phorm includes anti-phishing features" - well maybe it will, but these are equally available for free in the latest Web Browsers, and since when did bundling a useful utility with malware stop the malware from being malware?). They have to be stopped, and stopped now, or one area of consumer rights will be lost for ever.

And by consumers, I include MPs, Judges, Journalists, indeed anyone who uses their computers from home and whose every interaction with the Internet, whether searching, home shopping, viewing documents and sending or receiving webmail-based communications will be read and processed by Phorm.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thanks for those points :)

Credit to Alexander, Ravenheart, Popper and others who've posted at length on the legal aspects.

Think I'll be e-mailing the individual members of the Committees I mentioned tomorrow...

Sleep well y'all!

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

As far as I am aware it is unlawful to charge customers more for paper billing the same as it is unlawful to charge customers more for not using Direct Debit. It falls under the Unfair Terms in Consumers Contract Regulations and companies have been slapped for this so many times now it beggars belief that they are still trying it on.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Interesting hypothetical Phorm-related insecurities:

http://yorkshire-ranter.blogspot.com...hack-thee.html

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

yes,i too recall that....cant find the part now as im busy elsewere.

"And by consumers, I include MPs, Judges, Journalists, indeed anyone who uses their computers from home and whose every interaction with the Internet, whether searching, home shopping, viewing documents and sending or receiving webmail-based communications will be read and processed by Phorm."

it brings a :cry: to the eyes seeing all this unpayed mass PR, who needs 5 payed PR firms :ghugs: :D

hit them were its going to have real impact :angel:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Later tonight I will be writing an academic paper on Phorm (not as part of my degree but as an academic). I will make the paper available in PDF and would appreciate it if as many people possible can publicise it.

It is going to be quite a heavy paper and will focus on the legal issues. I hope to finish it before the markets open tomorrow, depends how long my 2yr old stays asleep.

Alexander Hanff

---------- Post added at 01:07 ---------- Previous post was at 00:51 ----------

Here is another story:

http://news.bbc.co.uk/1/hi/england/london/3561909.stm

The reason I have posted this link is because it illustrates concerns I raised several weeks ago about how this Phorm technology could lead to very serious consequences.

Many of you may recall that I mentioned the targeted advertising could lead to a situation where a spouse is searching for a woman's shelter online to escape domestic abuse and as a result gets profiled by Phorm and ads relating to women's shelters and support groups for domestic violence are targeted at her browser which the abusive husband then sees and kills his wife in a rage.

Granted, the above article is not a direct example of this but it does highlight the dangers given that the man involved was spying on her internet communications and then killed her as a result.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

:welcome: Winston.
your the first to mention it here so thats good, more questions, more avenues of discovery....

its a very good question, and while im not totally up on this part, so others can jump in at any time ;) given what the girl on TV said today, that the BT customer base could be from all over the map,and we are not sure who they might be!:rolleyes: .

it appears they might have used the equivalent of a cable super head end to plug that DPA kit into, for DSL so thats one of the RAS.

http://www.kitz.co.uk/adsl/RAS.htm
"...
When having problems, or it may just be curiosity, you may wish to know which RAS you connect via.

There are currently 11 RAS's in the UK which you may be routed through,
Birmingham, Bletchley, Ealing, Edinburgh, Ilford, Kingston, Manchester, Reading Sheffield, Milton Keynes, Faraday.

Don't assume that you will be routed through the RAS nearest your home town, it doesnt work like that and its very possible that different DSLAMS in the same exchange will be routed to different RAS.

...
"
that being the case , its looking far werse for BT as everything including stuff like your companies are pluged into that i think.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I know that an established secure connection between a browser and a server would be hard to crack but I have a question regarding SSL and interception, could anyone help?

What I was wondering is this; browser A requests a secure connection with server B though the connection is through a transparent interceptor C. Then instead (and unbeknown to A & B) a secure connection is made between A & C and also between C & B. So A thinks it has a secure connection with B and B with A but they both have a secure connections with C which is then able to see everything unencrypted. Is this clear and is this technically possible?

I'm no expert on this stuff but I don't see why it's not possible (and scary). Now I don't think that at this present time Phorm have this type of system but, if it's possible, they could and would just run some spin BS about making it more secure and the suits with pound signs would believe it I'm sure (like they already have).

I actually think that packet inspection equipment should be tightly regulated as it could be very dangerous in the wrong hands (like Phorm's).

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

just browsing for legal ruling like you do ;) and this turned up , the lost RIPA appeal of Stanford's
http://www.lawdit.co.uk/reading_room...20Stanford.htm

Stanford Loses Criminal Appeal

3 February 2006

Stanford Loses Criminal Appeal

Cliff Stanford, the Internet pioneer has recently had his appeal to quash his criminal conviction for intercepting emails denied. Stanford pleaded guilty last year to intercepting emails from his former company Redbus Interhouse – he argued in his appeal that the trial judge had misunderstood the law.

Stanford was the founder of the ISP Demon Internet in 1992 but sold it to Scottish Telecom for £66 million in 1998. It is reported that Stanford made £30 million from the acquisition.

Shortly afterwards Stanford was a co-founder of the co-location and data centre company Redbus Interhouse.

However, Stanford resigned from the company in 2002 after disagreeing with the Chairman Jonathan Porter.

In 2003 allegation started to be made as to whether Stanford was involved in the interception of email between Porter and his month Dame Shirley Porter. Stanford and another man were later charged under the Computer Misuse Act and the Regulation of Investigatory Powers Act 2000 with a trial date set for September 2005. However, both men pleaded guilty to the offence shortly before the case went to trial.

Peters & Peters solicitors for Stanford were reported to have released the following statement:

"Mr Stanford pleaded guilty to this offence following what we regard as an erroneous interpretation of a very complex new statute. The Judge’s ruling gave Mr Stanford no option other than to change his plea to one of guilty."

Apparently, the legal team for Stanford intended to establish his innocence on appeal. However, this has had a severe drawback. He lost.

The Regulation of Investigatory Powers Act 2000 provides a defence to an individual who intercept a communication in the course of its transmission from a private telecommunication system, if they can establish:

a) that they are entitled to control the operation of the system; or

b) they have the express or implied consent of such a person to make the interception.

Stanford relied on the position that he had gained access to the emails through a company employee. The employee apparently was given access to usernames and passwords on the email server.

Therefore, Stanford argued, he was entitled to access the emails as “a person with a right to control the operation or the use of the system”.

Geoffrey Rivlin QC, the trial judge had a different view. He pointed out that
“right to control”
did not mean that someone had a right to access or operate the system, but that the Act required that person to of had a right to authorise or to forbid the operation. [that mean YOU users as the owner of the data]

Stanford appealed the judge’s decision. However, the Court of Appeal upheld Rivlin’s view. It pointed out that the purpose of the law was to protect privacy. Therefore Stanford’s sentence of 6 months imprisonment (suspended for two years) and a fine of £20,000 with £7000 prosecution costs
were upheld.

Daniel Doherty

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

At this point, your web browser will warn you that an invalid certificate is being used. C will not be able to use a certificate issued to B. Some very clever people have thought very hard about this. If there was an easy way to compromise the security at any point between A and B, TLS/SSL wouldn’t be used. That’s not to say it’s impossible. People are always looking for potential weaknesses and looking to make improvements should any be found. What we can say is that it’s believed to be very strong, certainly strong enough to stop Phorm intercepting anything.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Oh yes the certification system, that makes things more secure for SSL.

I've done a bit of looking up on this and they call it a 'Man in the Middle attack (MITM)' apparently which is exactly what Phorm are doing.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

it would seem your key entrys and clickstream data are clearly 'being a thing in action' and 'which is transmissible by assignment or by operation of law as personal or moveable property' wouldnt you say!

and the ISP's and profilers want to be assigned title to your property! for their commercial profit, wouldnt you say,Hmmm.

http://www.lawdit.co.uk/reading_room...-Copyright.htm
Do I Own The Copyright

3 January 2008
By Ben Evans
In many circumstances it will be important to know who is the owner of the copyright.

This involves asking the question who is the first owner of the legal title to the work and, secondly, whether that title has since devolved on some other person.

Legal title may vest in more than one person.
The general rule is that the first legal owner of the copyright in a work whose making was commissioned will be the author, i.e. the person who creates it.

This means that I go to a webdesigner and ask it to build me a website.

Who owns it? Well the designer.
It should nevertheless be borne in mind that in many cases where a work is made pursuant to a contract of commission, it will be a term of the contract, express or implied, that the commissioner will be entitled to the copyright.

Provided that I am entitled to enforce the contract, I will be the equitable owner of the copyright.

Copyright is a statutory property right, [CDPA 1988, s.1(1).] being a thing in action, [Orwin v Attorney-General [1998] F.S.R. 415 at 421.] which is transmissible by assignment or by operation of law as personal or moveable property [CDPA 1988, s.90.]

Lawyers refer to the Copyright Designs and Patents Act 1988. An assignment of the legal title to copyright is not effective unless it is in writing signed by or on behalf of the assignor.

---------- Post added at 04:42 ---------- Previous post was at 04:35 ----------

http://www.lawdit.co.uk/reading_room...fringement.htm
Copyright Infringement

7 December 2007
By Ben Evans
There are two types of copyright infringement: Primary and Secondary, both of which are governed by the Copyright, Designs and Patents Act 1988.
Primary Infringement
To show this the claimant must prove on the balance of probabalities that:

1. the defendant carried out one of the activities which falls within the copyright owner's control;
2. the defendant's work was derived from the copyright work ('casual connection'): and
3. the restricted act was carried out in relation to the work or a substantial part thereof

Secondary Infringement
Secondary infringement can be divided into two categories firstly those who distribute or deal with infringing copies once they have been made and secondly those who facilitate the copying.
Sections 22 and 23 of the act provide that copyright in a work is infringed by a person who without the permission of the rights holder:

1. imports an infringing copy in the course of business,
2. possesses an infringing copy in the course of business,
3. sells or lets for hire, or offers or exposes for sale or hire an infringing copy,
4. in the course of business exhibits in public or distributes an infringing copy, or
5. distributes an infringing copy, otherwise than in the course of a business, to such an extent as to affect prejudially the copyright owner.

Section 24 of the act is concerned with those who facilitate copying.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

OK I have started work on my article, you can watch it develop here http://www.paladine.org.uk/phorm_paper.pdf

Please feel free to comment on the article as it is being written and to remind me of any details I may miss as this will help to create a more comprehensive and complete piece when it is finished.

I dedicate this article to all the people on these forums and elsewhere who have helped to raise awareness of this issue and taken steps to attempt to prevent this technology from being deployed. It gives me great pride to see the public finally waking up to issues surrounding privacy and liberty in a time where more often than not these rights have been devolved in the years following the World Trade Center attacks on 9th September 2001.

I sincerely hope this is a sign of better things to come, with more people engaging politicians and law with regards to enforcing and protecting rights which exist in order to make the world a more civil place to live.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

ill read it through later alexander, you know my thoughts so no worrys there, im gone for a while as works catching up etc,inabit.

btw, i emailed and invited a few legal people ,so if they pop over and register,say hello ;)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

This is a huge thread that I've only just come in on. A search and a quick scan by me hasn't brought up reference to this interview in The Register. Apologies if it has already been highlighted. Perhaps worth a read to see what is said in defence of Phorm.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Interesting comment from Virgin that Batchain posted a link to in the 3 strikes thread..

http://www.computeractive.co.uk/comp...s-itself-three

Raised privacy and legal issues... hmmm now that sounds familiar for some reason..

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

OK I have finished the Abstract and Introduction. The main part of the paper will outline legal concerns in order based on the list of regulations/legislation:

Regulation of Investigatory Powers Act 2000 (RIPA)
Privacy and Electronic Communications Regulations 2003
European Convention on Human Rights
Human Rights Act 1998
Computer Misuse Act 1990
Trespass to Chattels
Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

Since BT have now admitted to the 2006/2007 trials which have been shown to have included altering the data in the stream and inserting javascript, I will be providing information on Computer Misuse Act 1990 and the tort Trespass to Chattels as it is my belief that these additional issues are relevant to the secret trials.

It should be noted that these 2 additional laws are probably not relevant for the revised technology due to be tested next month, although that remains to be seen.

I will update the live pdf after I complete each section and hope to finish it sometime this afternoon.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hey Alex

Im confused as to the legal ramifications towards communications providers when they clearly state in their terms and conditions of service that this type of action they can justify.

For example....

Virgin Media T&C's

Section B, Category 3, Sub Section ii

"We reserve the right to monitor and control data volume and/or types of traffic transmitted via the interactive services on your Virgin TV and/or Internet access."

Now its to early in the morning to go trawling through BT's T&C's ;) but I'm sure they will have a similair outlook.

Does this stance within their highlighted T&C's provide adequate privelages to trial products and services without notice over their own network where they deem them to have a beneficial advantage to their customers?

Now dont get me wrong, I'm no Phorm fanboy by a long shot, but I am worried that any sort of action being raised against any ISP will lead to the same outcome... "It's part of our T&C's"

Thoughts?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

No definitely not. RIPA has provisions in it covering the principle of those terms which is specifically with regards to them being essential procedures for providing the service (ie your broadband). Note how the terms explicitly state data volume and type of traffic as opposed to the actual contents of the traffic/data. This is acceptable as it falls under reasonable network management, but to actually look at the data itself or intercept that data for the purpose of an advertising business is not covered.

They have no grounds for the interception with regards to their existing terms and conditions.

Furthermore, Privacy and Electronic Communications Regulations 2003 (section 8 I think) states that Terms and Conditions which do not adhere to the regulations (as in must have customer consent first, which implies this must be explicit (informed) consent as opposed to implied consent (not objecting to the terms)) are void under the regulations. So even if they had Terms and Conditions giving themselves permission to intercept, those terms would be invalid and void.

Furthermore, even if they managed to get a "sympathetic" judge, the activity still contravenes the European Convention on Human Rights and the Human Rights Act 1998 and as such the judge would have to rule that the case is incompatible with the Convention.

Hopefully it will all become clear when people read my interpretation of the law in the article I am currently working on.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Just read an article on the BBC news website about the proposed threes strikes on p2p, under the 'See Also' was this http://news.bbc.co.uk/1/hi/technology/7246403.stm. What was interesting was the following quote:

"A spokesman for the Internet Service Providers Association (ISPA) said the 2002 E-Commerce Regulations defined net firms as "mere conduits" and not responsible for the contents of the traffic flowing across their networks.

He added that other laws on surveillance explicitly prohibited ISPs from inspecting the contents of data packets unless forced to do so by a warrant."

The obvious question then is what has changed since the 15th February to make this now legal?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Just to make it clear, if they were only using the system to provide extra security features to prevent Phishing (inspecting the packets to look for blacklisted destinations) then it would be a harder argument (although would still need to adhere to the consent aspects as it is not an essential procedure for providing broadband). But the second they use that data for anything else (ie profiling for advertising purposes) then it violates the law.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi Alex,

I was going through these last night and my reading of that section was that data volumes and/or data types could be examined - but not the data itself... This is implicitly linked with the traffic management section although, I suspect, it is therefore not limited to it, and so the inference i'm getting is that this is to enable to do packet type profiling and say "oh - you've received 823MB of x-binary data today" rather than examine the packet contents.

It does not seem to me to be allowing examination, storage or manipulation of the data sent between me and another party... however IANAL:)

Any knowledgable insight into the Ts & Cs would be well received by all here I suspect.

Cheers
Tim

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

To be honest it doesn't really matter, any terms which effect your statutory rights are unlawful (Unfair Terms in Consumer Contracts Regulations) and since this is a clear violation of RIPA and Privacy and Electronic Communications Regulations 2003 they would be void.

I am not a lawyer either, but the bods at FIPR are lawyers and furthermore government policy advisers. I share the same interpretation (the logical one) of the law as they do on this issue and I am reasonably confident that they know what they are talking about.

Furthermore if BT thought their terms and conditions covered them already then why did the Home Office advice mention new terms and conditions and why have BT stated they intend to try to circumvent this law by changing their current terms?

Let us also not forget that the ISP need the consent of the web site/content owners as well as the consent of their customers. The Home Office statement claimed that implied consent (having a publicly accessible web site) -might- give the ISP an escape route but also stated it was not a definitive legal article and that it would be up to the courts to decide. FIPR (and myself) believe that implied consent is -not- valid and that consent must be given explicitly (informed consent) under RIPA. Given that it also falls under Human Rights law it is fair to assume that explicit consent is required.

However, even if (and it is a big if) a Judge allows the implied consent angle, there are -many- very popular websites which have explicit terms already in place which deny consent for such activity, so they cannot be seen to be giving implied consent. Furthermore, many webpages are -not- publicly accessible (not linked to from anywhere in the public domain) but do not use HTTPS either. As they are not published in the public domain they are not relevant under the implied consent argument either.

Alexander Hanff

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I'd say they're on dodgy ground if they try to use that: "data volume and/or types of traffic transmitted" does not equate to reading the full content of every single webpage viewed by a user.

To me, the most telling thing is that BT (and, I think, Virgin, although I can't find the statement right now) have already said that they would have to change their T&C in order to comply with the law. If they have to change this, then that says to me that their current ones are not enough. As far as I can see, BT have committed a clear criminal breach of RIPA, and have not provided any clear reasons why they believe this not to be the case. Just stating "we don't think it's illegal" over and over is not good enough - they need to point out exactly where in the provisions of the RIPA they think covers their actions.


Just to recap the RIPA thing as far as I see it:

There are a few things which are clear, taking into account all of the advice we've seen from the Home Office, FIPR and others:

1. The Phorm system does legally constitute an interception under RIPA. There are no dissenting legal opinions to this that I've seen.
2. This interception is not necessary to provide the contracted service of providing an internet connection, so the ISPs cannot claim immunity under RIPA due to necessity. I haven't seen anyone arguing against this either.
3. That being the case, in order for the ISPs to legally implement this system, they require "explicit consent" from both the customers and the website owners. Even the Home Office advice makes the point that consent from both parties is absolutely required under the act.


As far as I see it, the above 3 points are not in dispute (although if anyone thinks otherwise, please reply pointing out where I've gone wrong). The only argument is around what exactly constitutes "explicit consent". I can see that a properly worded set of Terms and Conditions would provide this on behalf of the customer (although note that in my opinion, and inferring from their actions, also BT's opinion, their current Terms and Conditions do not give sufficient consent under the law). So the question remains whether this concept of "implied consent" for webpages is worth anything or not. Personally, I don't think the Act allows you to assume consent - BT/Phorm obviously feel differently.

Even if you can assume a general consent, I think BT/Phorm would have a very hard time in court when coming up against some of the Terms of Service for many websites (Amazon and the BBC site have been mentioned), which would appear to explicity deny the right for third parties to use their content for commercial exploitation without further agreement: I can't see that they can argue that an assumed implied consent can trump an explicit statement denying that consent on the part of website owners.

I'd be very interested to hear a detailed explanation of how they expect to be able to comply with the RIPA given all of the above. Unfortunately we don't hear any detail, just blanket statements of "we disagree". I think they need to do a lot better than this in public statements, as all the PR is doing is winding people up, and they definitely would need to do a lot better than this in court.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi

Thanks for the info Ravenheart. Very interesting reading.

I hope VM realise what raised privacy and legal issues means.........hmmm indeed!

---------- Post added at 10:24 ---------- Previous post was at 10:10 ----------

Really good article. Thanks for posting it Winston. Cheers

It really strikes me that Phorm must be very ignorant to peoples concerns and according to the above quote are in blatant breach of the law.

They clearly don't give a monkeys about anyone's privacy or rights. Now where is that petition???;)

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

That worries me, Alexander. Phorm think they've covered themselves by offering an "opt-out" which, if chosen, (allegedly) means that they "won't use that data for anything else."
We suspect that our data will still pass through the profiler even if we've opted-out, but they promise not to record that profile information anywhere, transmit it to anyone, or use or for anything (remember people, this is an ex-spyware company...) so they haven't breached the law as you've outlined it above. :(

I think we need to concentrate on the consent aspect, as this is necessary before they can even pass any data through the profiler. I personally don't want any data of mine to go anywhere near a profiler, whether I'm opted in or out.

---------- Post added at 11:01 ---------- Previous post was at 10:56 ----------

I'm afraid I'm rather more cyncial about Phorm than you, ciscokid. I don't think they're ignorant to our concerns; I believe they know exactly why we're worried, and they're utterly indifferent. As far as they're concerned we're just units to be utilized in the generation of profit. The only thing that will make them care is if the "units" look like they're going to "malfunction" and cause a drop in revenue (i.e. mass opt-out).

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

I think you may be confusing RIPA and DPA here: DPA has the provisos about using the data. Under RIPA the simple act of interception without warrant or explicit consent is illegal. We could be sending a random stream of 1s and 0s, as soon as they send this to the profiler, even if they instantly discard everything from memory, without consent, constitutes an illegal interception - the use they are putting this data to (unless is is required to operate the communications system, which is not the case) is irrelevant.

Under DPA they may have a get-out under "no personally identifiable material" is recorded, transmitted or used. However one of the lawyers on the Channel 4 piece yesterday pointed out that the very act of "anonymising" the datastream was processing personal information. You can't remove personal information from a stream without looking at it and ignoring it, which can be (and will be) argued as processing.

It's important to keep the distinctions between the DPA and the RIPA in mind. As far as I can see, Phorm is illegal under RIPA, and only arguably legal under DPA.

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Good Morning to the PhormUKPRteam.

What news have you for us today, or are you simply browsing?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Thanks for the clarification Barkotron.:tu:

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Welcome back to the forums PhormUKPRTeam

While you are here care to answer a question I asked you about over a week ago? What precisely is stored in the "research and debug logs" that are stored for 14 days? As I said last time I asked this question, it is the word "research" which has me most concerned. What data will be stored in these logs and precisely what type of "research" will be done with that data? This is important because you often claim that no data is stored.

Care to answer the question?

Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
 

Hi PhormUKPRteam,

Could you pleas comment on the news yesterday about BT and the secret trial of your bosses illegal interception of data.

What has been done with the data?

what was the criteria of the trials?

can you publish an assessment of the outcome?

I am also a little worried about your lack of posting around the web. Is the stress making you ill.

thank you and looking forward to your next cut and paste non-reply