Can somebody please confirm that the following is correct (want to try a different tack with my MP)
BT (all ISP's) use a piece of hardware for Deep Packet Inspection which legally can only be used for maintaining an Internet Service (Traffic Shaping during peak / off peak times etc). It specifically by law cannot be used for commercial or advertising purposes.
This Deep Packet Inspection hardware can and does record details of every website you visit including times and dates, the law requires that this information is retained by BT for 12 months.
The only way this personal data can be lawfully accessed by any government agency is via a warrant issued by a court, it cannot be accessed under laws such as RIPA, it can only be legally accessed with a warrant.
Enter Phorm.
They add there own Deep Packet Inspection hardware which is identical to BT's with the exception that the personal data it collects isn't subject to the stringent laws restricting its use to non-commercial or advertising purposes nor who will have access to it. A government agency would not require a warrant to access any of the personal data running through this second Deep Packet Inspection hardware.
A computer program written by Phorm "strips personally identifiable material" from the data. This is what they present to every regulatory body to justify that their system complies with privacy laws.
So privacy is only guaranteed by Phorm's software program and as part of their contract with BT Phorm have complete control over the updating and servicing of their software.
The reality is our privacy is in the hands of a company who has a long history (under different names) of writing parasitic software including a rootkit virus, in each case to gain access to personal data.
Thanks
