Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 10-04-2008, 10:05   #2816
jca111
Inactive
 
Join Date: Apr 2008
Posts: 58
jca111 is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Hi - I think we need to spread the profile of this story outside of Technical News sites (like The Register, BBC Technical section etc).

Today I have emailed Radio 4s Today Programmme, World at One, PM, Click and even Newsnight the following email. Please advise if there are other places we should be sending it.

Quote:
I'm writing to you to see if you would be interested in covering the Privacy storm that is brewing with a UK company called Phorm.

You may or may not be aware of the company, but I will aim to give a brief summary here, so see if you would be interested in compiling an article to raise awareness of this Company

Phorm, previously known as 121Media (a known computer spyware company), had created a system that can be installed at ISP (Internet Service Providers) that can intercept and monitor ALL your web browsing habits with the purpose of serving you related adverts on the internet. According to Phorm the system is completely anonymous, and there is no way of tracing the gathered information back to the user.

Phorm currently claim they are in advanced talks with Virgin Media and Carphone Warehouse, and are (and have) conducting trials with BT. This system could potentially affect over 70% of the UK ISP market.

However, over the last few months a rebellion has started to form on various internet blogs about the interception methods that Phorm use, and some people think that this interception is a breach of privacy etc.

A few issues that have been raised are this:

1. The system as it currently stands is Opt-Out. That means that if you do nothing your browsing habits will be profiled by the system. Indeed if you regularly "clean" your PC with many popular cleaning products then you will be automatically opted back in because the "cookie" (a small file held on your computer by your internet browser) will be removed

2. BT conducted a trail in 2006 and 2007, without informing the users, this is possibly illegal under the Data Protection Act and RIPA (Regulation of Investigatory Powers Act 2000), which makes it illegal to intercept communications without a warrant from the Home Office or consent of both parties (in this case consent would have to be given by the User and the Website Owner)

3. Is Internet Browsing information personal information? for example one may be able to glean information about your Health, Sexuality, Political Preferences etc.

4. Does the system break The Fraud Act 2006? Dr Richard Clayton white paper on how Phorm works states

"The Layer 7 switch will see that the request does not contain a Phorm "cookie" and will direct the request to a machine located within the ISP network that will pretend to be www.cnn.com and will return a "307" response which says, in effect, "you want that page over there". The page that will be directed to is webwise.net/bind/?<parameters>where the parameters record the original URL that was wanted."

The key is "will pretend to be www.cnn.com" (or obviously any other website you are surfing).

Without permission from the host website, it appears that you cannot pretend to be another company/person. Phishing is a prime example of impersonation of a company.

5. Does the system break PECR (Privacy and Electronic Communications Regulations)? Are both parties entitled to a private communication?

6. Other regulations that there are question marks about include:
Human Rights Act 1998
European Convention on Human Rights
Computer Misuse Act 1990
Torts (Interference with Goods) Act 1977
Copyright, Designs and Patents Act 1988
Council of Europe's Convention on Cybercrime

7. Phorm appear to have employed a massive PR team to post on internet blogs positive information about the company. They have also admitted to deleting negative information from their Wikipedia page (http://www.theregister.co.uk/2008/04...ors_wikipedia/).

8. Dr Richard Clayton a Cambridge University security researcher and member of the Open Rights Group and FIPR, attended an on-the-record meeting with Phorm, and has published his account of how their advertising system works, and has declared that he is unhappy with the system (http://www.lightbluetouchpaper.org/2...ebwise-system/) and believes it is illegal under RIPA 200.


I could go on, but the point of the email is to raise awareness of the issue. At the moment there is a "tecchie" groundswell against this system on blogs, and I feel that it needs a higher profile and debate as it could affect the privacy of most UK Internet Users.

An event is happening next week (http://www.8020thinking.com/events) to discuss this system. Could it be worth covering?

I've included some links for your reading if you want to take this story further.

http://www.phorm.com/
http://www.theregister.co.uk/2008/04...phorm_tougher/
http://www.theregister.co.uk/2008/04...orm_interview/
http://news.bbc.co.uk/1/hi/technology/7283333.stm
http://www.cableforum.co.uk/board/12...l#post34524506
http://www.iii.co.uk/investment/deta...scussion&it=le

I hope you decide to cover this story. Should you require any information, please do contact me
jca111 is offline