Dear Lady Miller of Chilthorne Domer,
I notice that you have recently spoken about the company 'Phorm' and their new 'Webwise' system in a debate about the issue of data privacy. In this debate, you state that Phorm is 'a company on the cutting edge of what can protect the public.' - in fact, nothing could be further from the truth.
Phorm as a company was until a couple of years ago known as '121Media', and they developed a system called 'peopleonpage'. This system covered up a rootkit (a rootkit being a program designed to achieve access and control of a third party computer, without the permission of the computer's owner).
The new 'webwise' system takes it a step further, by placing their system at the internet service provider point. I have reviewed the patent information for their system, and it terrifies me.
The use that Phorm tout for their webwise system is the protection of online privacy, as it uses a filtering system to block pages associated with phishing. However, the two widest used internet browsers in the world (Microsoft's Internet Explorer and Mozilla's Firefox) already come with built-in phishing protection, rendering this system completely unnecessary.
Despite the phishing protection so often touted by Phorm, the main use of this system is purely commercial - it is designed to spy on everything that passes between the ISP and their customer, essentially to allow Phorm to sell this information to advertisers. A fitting analogy would be a company in agreements with the post office that workers at the post office will open and read every letter sent, and make a profile for each individual receiving letters. This profile would then be sold to companies who could target the end recipient with junk mail.
In addition, from the patent information, it is revealed that the system also has the ability to add and remove parts of the website before it's sent to the end user - imagine trying to surf the internet and finding adverts displayed in pages which would not normally display adverts, and in which the owner of the website has not actually included adverts. This leads on to more sinister potential abuses, including the complete blocking of websites or even the injection of viruses into websites. To continue the post office analogy, this would be the equivalent of the letters opened at the post office having advertisements literally glued onto them, and possibly certain areas of the letter excised.
As for 'privacy', leaked documents from a previous BT trial of the system stored the IP addresses of everybody involved in the trial. The upgraded system still creates a profile of each user, and the only way to do this is to store information that can be linked to an IP address - despite Phorm's repeated assertions that no data is stored.
There is also an issue with copyright protection in this debate. The Webwise system creates a copy of any website requested by the user, without the permission of the website owner. It then stores this on the system for analysis - this is a clear-cut case of creating an unauthorised derivative work for profit.
Viviane Reding, the European Commissioner for Information Society and Media, has stated in correspondance with me and with several others that this system potentially breaches articles 7 and 8 of the EU charter of Fundamental Rights, and also the ECHR.
The Information Commissioner's Office is required to investigate this matter. However, having received assurances from Phorm and BT that everything done so far is legal, they have ceased all investigation and refuse to discuss the matter further.
In summary, this system is not a 'cutting edge' method of protecting the privacy of UK broadband users. It is a malicious method of commercial gain through the exploitation of personal data and the breaching of copyright, relying on fraudulent misrepresentation and illegal wiretapping. At the time of writing, over 14 thousand people have signed a petition on petitions.pm.gov.uk calling for this system to be investigated and banned.
Further information about this issue can be found at
https://nodpi.org
Yours sincerely,
XXXXXX XXXXXXXX