[SimonHickling]

The name at the bottom of the BT PR sheet got back to me and was not in a position to answer technical questions, and so asked me to e-mail any queries. Below is the (redacted) e-mail I sent. If BT allow, I shall post the responses.

Quote:

Hi [redact],

Thanks for your time earlier, and the opportunity to send these questions through.

There are a number of things which concern me and which I'd like a bit of further information on please.

As I said, I contacted the Home Office and copied my MP ([redact]) regarding my concerns and was sent by the MP a copy of "BT Public Affairs Briefing Note: BT and Phorm"

This seems to be (and please correct me if I'm wrong) a standard hand-out to Parliament (based on the picture, top-right).

1. It mentions that Simon Davies from 80/20 Thinking has carried out a Privacy Impact Assessment on Webwise, and I was wondering if documentation of that assessment is available to the public and if it details the process taken and the stakeholders consulted?

2. Whilst the document talks about data protection, it does not mention the method of data gathering. I have read many articles and opinions regarding the technology provided by Phorm (including the report by Richard Clayton) and these suggest that Deep Packet Inspection is involved. Could you clarify the technologies used for data collection please?

3. You state that "Webwise does not scan webmail pages". I have a mail server at home which runs a webmail service to allow me to check my mails when I am away from home. If was to check my webmail from the home of a friend who had not opted out of the Webwise service, how would you ensure that my mail was not scanned? To take this a step further, as I have not agreed to *MY* communications being intercepted by Webwise, how would you ensure that *MY* browsing from my friends computer was not scanned?

4. From the diagram on the Webwise information site, it seems that you must intercept the traffic in order to establish the existence (or otherwise) of a Webwise related cookie (opt-in, opt-out or blocked). Does this initial interception not constitute an illegal interception if the customer has not consented to interception?

5. I am responsible for a number of web sites (1 commercial, 2 login based content sites), and would like to know how Webwise ensures that the password protected areas or private messages between members are not scanned when accessed by a user? Is it possible for me to block Webwise from scanning any of my sites? If so, how? If not, how can you claim to have consent from the sender of the information?

6. During the stated times of your previous trials my late father was a customer of BT Broadband services and used one of the aforementioned sites to keep our family and friends up to date as to the progress of his illness and treatments. I would like to know if this very personal information was scanned by Webwise during the trials.

I shall be posting a copy of this e-mail (with your details redacted) to the cableforum.co.uk thread regarding Webwise and Phorm. Although this is a thread predominantly focusing on the potential for Virgin Media to adopt Phorm technologies, it is read and contributed to by users of many other ISPs, including BT, and by posting these questions you may end up not being asked several times by different members of the forum. If you would not like your reply to be posted to the forum also, please let me know in your reply.

I look forward to your response