Thread: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
View Single Post
Old 30-06-2008, 00:27   #10491
madslug
Inactive
 
Join Date: Jun 2008
Posts: 161
madslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the roughmadslug is a jewel in the rough
Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
Quote:
Originally Posted by icsys View Post
I have just received a response from my MP regarding Phorm. My enquiry was forwarded to BERR and the response received was from Shriti Vadera of BERR.

The letter explained that ISP's have announced plans to track internet activity using phorm's Webwise and OIX products. It continued to explain that phorm replaces ads with ones relevant to the customer's web browsing meaning less irrelevant ads. (Standard info - nothing new).
If you read the HO report, it is confirmed there that where the ISP customer has opted in and the website being intercepted is displaying the javascript which allows the OIX adverts to be displayed, then RIPA does not apply as both sender and receiver are deemed to have agreed to the interception.

I don't think anyone reading this forum has any problem with that analysis. If you don't follow what I am on about - read the questions: they are very specific about what is being considered.

Quote:
Originally Posted by icsys View Post
She went on to say that she was aware that some ISP customers have voiced concerns about disclosure to third parties about their web browsing and said she understood those concerns. She also stated that the Government is committed to ensuring that peoples privacy is fully protected and that we have legislation in place for this purpose and consequently the ICO has been looking at the proposals to ensure that any use of phorm is compatible with the relevant privacy legislation.
I am so happy that she is aware of how unhappy people are. People are agreeing to having adverts delivered to them and to be warned about phishing sites.
Nowhere is anyone agreeing to having their visits to any other sites which do not display adverts intercepted. Nor are there any scripts on the non-OIX partner sites which can in any way be deemed to indicate that they have consented to the interception.

There is a very finely defined list of who may be intercepted: ISP customers (limited to individual identifiable users on the IP address) who have opted in and partner sites who are hosting the OIX scripts.

Even people who share the same IP address can not be deemed to have consented (so you had better not intercept their traffic looking for an opted in/out cookie). Likewise, all other sites must be excluded (if not there is RIPA [criminal] and Copyright [civil] to protect them).

Phorm need to have a list of opted in sites and users and need to ensure that those and only those communication streams are intercepted, else they fall foul of RIPA and PECR.

However, the ISP customers have not consented to the browser hijack nor the forged cookies that are being placed onto their computers (nor have the sites agreed to the use of the domain in this manner). The various Acts covering the legalities/crimes have already been discussed.

Quote:
Originally Posted by icsys View Post
She went on to say that the Home Office had advised Phorm on how the use of phorm might be affected by RIPA.
Phorm appear to be unable to understand the advice they have been given - no doubt trusting that their new cookie writing script will be successful in ensuring cookies are stripped and are invisible to all sites that can claim an illegal interception under RIPA.

Quote:
Originally Posted by icsys View Post
She also stated that both the ICO and herself had discussed details of the upcoming trial with BT and seems satisfied that BT's confirmation that customers' web browsing will only be monitored and ads delivered if they opt-in to the trial.
That is because BT have kept very quiet about the millions of sites they will be intercepting who are not/should not be considered part of the trial.

Quote:
Originally Posted by icsys View Post
In light of information that is appearing in the online press and the FoI documents, I wonder if she really does understand the concerns and if this Government really is committed to protecting privacy.
Phorm and BT don't understand it - what chance has anyone else of getting close to the truth?

Quote:
Originally Posted by icsys View Post
With reference to Phorm's document titled 'Phorm informed consent update', a sentence in the document reads: 'Since Phorm technology does not use IP addresses to target advertising there is a strong argument that section 7 of PECR does not apply'.
I can [sort of] agree with Phorm on this: the equipment that needs to be considered for PECR s7 is sitting within the ISP - the ICO should be asking this question of the ISP and not Phorm (although, as Phorm understand the technology, they should be answering on behalf of the ISP and not on behalf of Phorm/OIX). The ISP is using the IP address to deliver the advert back to the customer. Without IP address, the advert can not be delivered. The script delivering the advert will have access to the IP address and the UID (we only have Phorm's assurance that they won't use the display of the adverts to tie in the IP address and the UID).

Quote:
Originally Posted by icsys View Post
It is easy now to see why Phorm continually state that the Home Office and ICO are comfortable with webwise, they are both quoting different sets of legislation. A bit like madslug's arson versus theft analogy.
And ignoring any discussion about interceptions that fall outside the Webwise remit.

I just hope that the HO and ICO read my letters to them regarding there being no provision within the trial for sites to opt-in. Assuming that all sites are happy to be opted in by default and requiring 165 million sites to contact BT to ensure that they are treated as opted out is not practical under common law let alone any other legal requirement.

Websites are commercial businesses. No one may copy the confidential communications between a business and its customers and then use that information to sell advertising so that the competition can come along and poach the customers. For the government to allow that to happen is to put thousands if not millions of small internet based businesses out of business.

It is not only me saying this. Webmasters around the world are shouting on many forums that their sites may not be intercepted. Are you listening, HO, there is no implied consent to sites' content being copied, profiled, channeled and sold to advertisers. NONE. Commercial businesses do not consent to their customers being tracked around the internet. The relationship between a website and its customers is PI to the business so why should Phorm be allowed to use [sell] it to commercial advantage?

And, why does everyone want to destroy thousands of businesses? - so that thousands of blogs that host on free hosting using free scripts and only take a few hours a day to maintain can be monetised and earn the writers some money for their spammy articles.

Anyway, icsys, I hope the above gives you some ammo to include in your reply to your MP and Shriti Vadera of BERR. They both need educating.
madslug is offline