OK in response to the information offered by BT today:
Quote:
1) Reply from EU Information, Society & Media Commissioner Viviane Reding. Any comments?
I have no further comment to what BT, Phorm and others have already stated publicly regarding privacy ie no personally identifiable information is stored. We have also commented previously that we are comfortable that Webwise complies with relevant laws.
|
Clearly not that confident or they would be willing to make comment justifying their actions and citing why they think they are not breaking any laws.
Quote:
3) Various other questions regarding the two previous small scale tests BT conducted...
I have nothing to add to our previous statements regarding the two previous small scall tests, which were completely anonymous.
|
Of course they have no comment here, they realise they are seriously neck deep as a result of the illegal trials and any public comment could be used against them in upcoming legal action.
Quote:
4) Re the issue of javascript injection ?
Javascript tags will not be inserted as part of the forthcoming Webwise trial.
|
This is a very worrying comment. Notice how they say javascript injection will not happen in the upcoming trial; they don't make any attempt to extend that to the final deployment. This to me seems odd and would appear to suggest they have not ruled out injected javascript into the system over the long term.
Quote:
6) Please note, as the account holder for my ADSL account, I do NOT give consent for Webwise trials to be conducted on either my primary account OR any logins using my BTY broadband email sub accounts.
Your choice to accept or decline the invitation to participate in the forthcoming Webwise trial will be managed via the Webwise system itself. When the trial commences, if your broadband connection is among the group invited to participate in the trial, then you will be presented with a webpage which will give you the choice to participate in the trial or not. After this time, and at any point during the trial, you can go to www.bt.com/webwise and click 'BT Webwise off' or BT Webwise on' to change your preference. Alternatively, as I believe you may done already, you can add www.webwise.net to your browser's blocked cookies list at any point to ensure your computer is not part of the trial.
|
Not good enough. This clearly shows that they still intend to use the model described by Dr Richard Clayton which requires the law to be broken in order for them to detect whether or not consent has been given. I would suggest they are also talking out of their unmentionables. BT have no jurisdiction to say how users may give their consent on how their data is processed. I would suggest that anyone who doesn't want to be included in the trial should write a formal Data Protection Act request and send it by registered post. If you then receive the tiral page when the trials go live, they will be in breach of the Data Protection Act. A Data Protection Act request to the data controller at the ISP is the process required by the Act, BT have no authority to ignore that process.
Quote:
7) Consent to present you or BT broadband customers trying to visit your websites with the Webwise trial invitation page.
Adding www.webwise.net to your browser's blocked cookies list means that you (and any other BT customers that do the same) will not be presented with the Webwise trial invitation page.
|
See previous point.
Quote:
8) The issue of informed consent from Webmasters and your confirmation that you do not provide such consent for your own websites. How can web sites opt-out?
The system doesn't handle any HTTPS connections as such traffic is, by its nature, private. For HTTP traffic, we assume that if a website wishes to be found by the public through being profiled by major search engines (Google), then the site is in the public domain and therefore as long as we have consent from the requester of the page, we are permitted to profile the site. However we note that you have specifically requested that wimborne-baptist.org.uk and leighparkinitiative.org.uk be excluded and we will honour your request to exclude your websites from profiling within the BT Webwise system. We believe this approach is reasonable and is supported by the advice we have received.
|
They can keep saying this until they are blue in the face and they will still be wrong. Under common law and the laws governing contracts in the UK as well as Copyright law, they are
required to behave in accordance to the terms and conditions of the content publisher. They have no authority to offset the process of opting out of the system to the content owners, if a content owner has explicitly denied the use of their content in such ways the ISP
must accept that. My suggestion therefore, as it has been from day one, is too explicitly deny consent in your terms and conditions and then if they breach those terms I would advise you to litigate.
Quote:
10) Redirection of browsing traffic up to 3 times before we get to the sites we originally asked for in the first place, is not explained by Phorm. Could you explain that clearly and transparently?
I believe you mentioned you had read Richard Clayton's report - he covers this in some detail, I also understand that Phorm covered this at the event on Tuesday and confirmed that it should occur in fewer than 1% of web requests from the user, so to all intents and purposes, it will be unnoticeable from the user's point of view. We don't believe that this presents any risk and will obviously monitor this as part of the trial.
|
This is a ridiculous answer. What Kent said at the PIA was this would only effect 1% of customers. Of course this is blatantly untrue. 100% of customers will suffer this triple redirect the first day the system goes live. Their assertion at 1% is an illustration that they believe only 1% of their entire customer base will block all Phorm cookies, which they have no evidence to support. Neither did Kent have any evidence to support this at the PIA meeting, he merely stated it was so. Not good enough. Also Computer Misuse Act, Interference with Goods and Fraud Act all apply to this redirect situation.
Quote:
11) What will happen to the "browsing experience" of a BT customer who adds all the various oix/phorm/webwise domains to his/her HOSTS file, once Webwise/Phorm is in place? Will that "break" my browsing experience?
If a customer who is invited to participate in the trial adds www.webwise.net to their local HOSTS file with the resolved address of 127.0.0.1, they will not be able to browse the Internet on HTTP port 80 on that PC for the period of the trial. This is because access to www.webwise.net is required in order to process the consent status of the user during the trial. Instead, and as per the advice on the www.bt.com/webwise site, the recommended approach for excluding a PC from the Webwise service if the user regularly deletes cookies is to add www.webwise.net to the browser's blocked cookie list. As previously stated, in parallel with the forthcoming trial, we are developing a solution which will manage the choice of users without the use of cookies. We believe this approach is reasonable and is supported by the advice we have received.
|
This reply basically states that
anyone who uses one of the trial exchanges (as they will all be invited to joint the trial) who adds the webwise domain/IPs to their hosts file redirecting to localhost (127.0.0.1) will be unable to use the web. They believe that's ok, I suspect their customers won't and BT could be open to action for breach of contract with regards to the provision of an internet connection.
Quote:
13) What will happen to browsing (and the Phorm business model) when browsers like Firefox (and security software vendors) start to look at layer 7 redirection and treat it as suspicious activity?
It is not clear to me that they will do that. Phorm are talking to security software vendors etc about Webwise.
|
Completely evaded the question.
Quote:
14) When will BT openly reveal the consumer research (including the questions used) that gave them the idea we as customers, WANTED this stuff?
It is not common practise for us to release our market research. At this stage we have no plans to release the research conducted by BT but that is not to say we will not provide details in the future. I can confirm that it was conducted by a third party market research agency on behalf of BT and others. It explored both aspects of the Webwise service separately - less irrelevant advertising and the additional protection against online fraud. Furthermore we will of course also review how our up coming trial of the service goes. Ultimately what is important though is that our customers will have a clear choice.
|
Totally confirms my comments during the PIA meeting Q&A where I explained to Kent that no-one in the room was naive enough to believe that BT wouldn't have tainted the poll question in order to receive the response they wanted. Clearly they have admitted they mentioned Advertising and Phishing in the poll. There was no mention of their legal rights under DPA, RIPA, PECR, CMA, HRA, IWG, FA neither was there any mention that the Anti-phishing services they offer are already offered by client side technologies such as web browsers, web browser plugins, operating systems, anti-virus, anti-adware, anti-spyware etc. which do not require the use of intrusive Layer 7 interception and data mining technologies at the network level.
Quote:
15) In response to the ICO's latest statement - can we have an UNEQUIVOCAL statement that the final implementation of Webwise/Phorm will be opt-IN?
We have not finalised our plans beyond the up coming trial and it would be premature to do so. We have committed though that Webwise will be optional and that our customers will have a clear choice.
|
Not good enough, the law requires explicit opt-in, the law prevents modifying terms and conditions in order to get implied consent.
You cannot assume implied consent to breach a fundamental human right, it must be explicit.
Feel free to use any of my response in your reply to BT Management.
Alexander Hanff