Quote:
Originally Posted by PhormUKPRteam
Re: MI Info, we have to say we are a little confused here when it comes to your endorsement.
|
Excuse me! Did I say that I
endorse MI Info?
No, I did not. I
pointed out that there is a competitor which claims that the intrusive and IMHO illegal approaches advocated by Phorm aren't needed. I approved nothing about the company, its approach nor its product.
Endorse: to approve openly <endorse an idea>; especially : to express support or approval of publicly and definitely <endorse a mayoral candidate> b: to recommend (as a product or service) usually for financial compensation <shoes endorsed by a pro basketball player>.
If I'm going to endorse anything I will
clearly and explicitly say so. I don't need you to twist what I write here. Please don't insult my intelligence and that of the other CF members.
If I were to point out the existence of an extremist organisation then following your logic I am endorsing them. What patent garbage!
For the record I
do endorse the following actions with regard to informing people and campaigning for action to be taken against BT and Phorm:
Writing to your ISP
Writing to your MP and MEP
Writing to your House Of Lords representative
Writing to every Commons Culture, Media and Sport Select Committee member
Writing to every Commons Science & Technology Committee member
Writing to every House Of Lords Science & Technology Committee member
Writing to the Shadow Home Secretary, the Right Honourable David Davis MP
Writing to the Office of the Information Commissioner demanding to know why they have not initiated investigations into the two secret BT trials which are now public knowledge
Writing letters to local and national newspapers
Writing about this issue in your weblogs
Telling friends, neighbours, work colleagues
Telling your superiors at work
Telling people with influence. We all know people with influence. Your local priest, vicar, rabbi or other religious leader, community leaders, councillors, local businessmen.
Here is the e-mail I sent to the Earl Of Northesk. You will see that it has been tweaked slightly. Again, feel free to use this as a base to educate and inform people.
"Dear Lord Northesk,
I understand that you have responded positively to an acquaintance who is concerned about an internet privacy issue.
As a member of the House of Lords Science and Technology Committee I should like to bring to your attention a number of worrying recent developments in the field of internet privacy and of the failure of the Office of the Information Commissioner to investigate what appear to be two clear breaches of the Data Protection Act and Regulation of Investigatory Powers Act by a major communications provider working with an advertising company.
You may already be aware that three major internet service providers (ISPs) have signed agreements with a company known as Phorm to sell to them the internet browsing data of their users as part of a "targeted advertising" scheme.
Computer news site The Register has uncovered a number of disturbing facts about Phorm including its previous involvement in spyware under a different name. Phorm prefer to spin this fact saying they were involved in adware. A cursory look at http://blogs.zdnet.com/Spyware/index.php?p=820,
http://www.f-secure.com/sw-desc/peopleonpage.shtml and http://www.f-secure.com/sw-desc/apropos.shtml suggests differently.
Phorm make a number of claims about their "product" being "a gold standard in user privacy" but despite being present on The Register, CableForum and a number of weblogs they have failed to openly and honestly answer detailed technical questions and concerns put in the public domain.
The technology which causes greatest concern is that of Deep Packet Inspection and its use by an advertising company. This unit is installed by Phorm - the ISP has no access to it so cannot test, check or verify anything about the unit - and it inspects every packet of data which passes through it.
Everyone who works at home, be they home workers, members of Parliament, judges, would find their data being subjected to the kind of inspection only intended for law enforcement activities and which would only ever be available to ajudge following due legal process but here will be available to a company with a very questionable history. Confidential Crown material worked on by yourself or your Right Honourable colleagues, critically confidential business, personal or even security information could well be tapped under such a scheme.
A simple analogy is your daily post. Imagine if every piece of your post was opened, read, its contents noted and then resealed before being given to you. But you don't know who the person reading your post is. You don't know where that information could reappear or how it could be used. You don't know how many confidences will be betrayed. Every piece of post. Letters from constituents, Parliamentary colleagues from both Houses, business colleagues, friends, family, others raising issues with you as I am.
That is what Phorm is about. Financial gain from your personal activities and information.
You will understand now why I refer to the growing belief that Phorm is illegal under RIPA. Government advisors The Foundation for Information Policy Research has published an open letter to Richard Thomas, the Information Commissioner, stating this belief. This letter is at http://www.fipr.org/080317icoletter.html
Soon after this open letter appeared The Guardian newspaper recently rejected Phorm, saying that their "decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." As polite and as devastating put down as I have ever seen.
More recently The Register obtained proof that BT not only secretly tested this "product" in June 2007 but lied to cover up this fact. Customers were given various excuses for their concerns, but no customer was told the truth. The report is at http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/
This issue took an even more serious turn when The Register revealed that it had seen documentary evidence confirming that "BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006."
Please read the full report at http://www.theregister.co.uk/2008/04...rm_2006_trial/
This in addition to the secret 2007 tests. The Regulation of Investigatory Powers Act 2000 makes intercepting internet traffic without a warrant or consent an offence. It seems to me that illegally intercepting 18,000 customers' internet traffic is in breach of that legislation. As was the first secret test. I contend that BT must also be in breach of the Data Protection Act as the data was collected without customers' consent and that it is also in breach of the Privacy and Electronic Communications (European Directive) Regulations 2003.
If I quote the full text of the relevant legislation this e-mail would be huge. I will, however, quote Article 15 of said Regulations, you will see that the Article clearly does not state "For targeting customers with adverts":
"Article 15
Application of certain provisions of Directive 95/46/EC
1. Member States may adopt legislative measures to restrict the scope of the rights and obligations provided for in Article 5, Article 6, Article 8(1), (2), (3) and (4), and Article 9 of this Directive when such restriction constitutes a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system, as referred to in Article 13(1) of Directive 95/46/EC.
To this end, Member States may, inter alia, adopt legislative measures providing for the retention of data for a limited period justified on the grounds laid down in this paragraph. All the measures referred to in this paragraph shall be in accordance with the general principles of Community law, including those referred to in Article 6(1) and (2) of the Treaty on European Union."
BT then claimed that there was nothing illegal about the trials but refused to answer a number of direct questions asked by The Register about Stratis Scleparis, the BT Retail CTO who became Phorm CTO after the first successful secret trial. BT preferred to hide behind a bland statement and refused to apologise to customers.
The report is at http://www.theregister.co.uk/2008/04...orm_interview/
A number of people have already complained to the ICO but had little back in response.
Today I and others became aware that despite these facts coming to light, the ICO have said that there is definitely no official investigation by ICO with regards to Phorm. Neither is there any investigation with regards to the BT secret trials of 2006 and 2007.
I am led to believe the ICO are claiming that RIPA falls under the remit of the Home Office. The ICO seem unwilling to accept there should be an investigation into the activities of BT and Phorm. I should also add that the ICO were also extremely reluctant to divulge this information to a colleague
and refused permission to quote them.
This cannot be acceptable from a public servant organisation.
This cannot be acceptable from the organisation created to "protect personal information" "provide information to individuals and organisations" and "take appropriate action when the law is broken."
If the ICO cannot or will not take responsibility for an investigation, why is this the case? Who has the legislative power to investigate this breach of 18,000 customers' privacy?
On its website the ICO claims that "We enforce the Data Protection Act, the Freedom of Information Act, the Privacy and Electronic Communications Regulations and the Environmental Information Regulations".
Why are the ICO flagrantly ignoring their obligation to enforce the Privacy and Electronic Communications (European Directive) Regulations 2003 with regards the BT secret trials?
Can the ICO publicly and satisfactorily explain how unlawful interception is not covered by their office when the very regulations they claim to enforce on their website specifically relate to interception?
A major telcommunications company in the UK has betrayed the trust placed in it by its users. Both BT and Phorm should surely be brought to book for this flagrant violation of privacy legislation. Is this really going to be allowed to pass by unchallenged?
One cannot help but wonder if the lack of action by the government and ICO is influenced in any way by the presence of former Labour minister Patricia Hewitt on the board of BT.
I am sure you appreciate that I and many others cannot understand why BT and Phorm are being allowed to breach internet users' privacy with complete disregard for their customers or the law.
Please take the ICO to task for its failure to fulfil its remit and protect customers' privacy and take appropriate action in the face of the law being broken.
Thank you for your time. I apologise for the length of this e-mail. You will see that it is an issue which can become very technical very quickly. Regardless of this I contend most strongly that laws have been broken and those responsible must be taken to task before more customers' privacy is lost.
If I may be of any further assistance to you please do not hesitate to get in touch."
THAT is what I endorse. I reject Phorm completely. I do not need it nor do I want it.
Is that clear enough?