Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 11-06-2008, 18:40   #8651
Phormic Acid
Inactive
 
Join Date: Mar 2008
Services: Still to decide on Aquiss or Be
Posts: 62
Phormic Acid is an unknown quantity at this point
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by Frank Rizzo View Post
According to this even the EU Commissioner doesn't really want to get involved.

http://news.zdnet.co.uk/security/0,1...9432962,00.htm
It could be seen that the ICO’s statement that “we’ve worked with BT and Phorm and we are not going to take any punitive action at this stage” is a way of trying to ward off BT and any other company from similar behaviour in future, without the ICO needing to make the effort of taking action now. However, as time passes, companies who provide communication services in the UK are likely to see this inaction increasingly as a green light that lets them start dipping into their customers’ communications.

I believe that we’ve seen the BT Webwise trials delayed due to an interplay of legal and technical issues. BT have been sufficiently concerned over correctly obtaining informed consent prior to any interception that they said they would develop an opt-out mechanism that is not based on cookies, for use after the latest trial. If they feel this would be necessary for a mass role out, they must have concerns that it needs to be in place before any further trials. It has been suggested that this alternative mechanism represents a huge technical hurdle. But, BT may not have felt legally confident to press ahead without it.

A second technical issue, first highlighted by EtherDreams, is that Phorm’s cookie mechanism is based on either a failure to understand, or a complete disregard for, the current cookie specification – RFC 2965. The only reason the mechanism works at all is that currently the major web browsers adhere poorly to this specification. Where a browser does provide a valid implementation, not only does this stop Webwise from working, but Webwise introduces a flaw into web browsing.

My worry is that BT will take the lack of an ICO investigation to mean that they no longer need to worry so much about the issues of opt-out and consent. This would remove the need for all of the complexity that I believe has been holding up the show. Some ISPs in the USA successfully implemented NebuAd’s passive-tap system long ago. With a completely passive system, there can never be any possibility of interfering with your customers’ web browsing. Similarly, if a UK mobile network were to decide they’d like to profile their customers, could they introduce automatic processing of their customers’ text messages, without the need to give an opt-out, change their service terms or even tell their customers that this level of monitoring were taking place?
Phormic Acid is offline