Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]

[Dephormation]

As some of you know, I've sent a couple of FoI requests to the ICO and Home Office to understand their relationship with Phorm, and the curious reluctance of regulators like Police, ICO, Home Office to prosecute BT.

I don't know whether this is significant or not; it may be one of life's curious but meaningless co-incidences.

In 2007 a terrorist attack occured at Glasgow Airport, on 30 June 2007.

The best information I have to date is that BT conducted the second secret trials of Phorm systems between the dates 17 June to 7 July 2007 (which obviously overlaps the date on which that attack occurred). During this trial, supposedly, no advertising messages were served to the public.

After the attack, the UK was placed on a critical security alert level (where critical means an attack is expected imminently). The threat level was not reduced until July 4 2007, when it was lowered to severe where it remains today (where severe means an attack is highly likely).

During the 6 months that followed the trials, despite the critical/severe alert level, the Home Office Covert Investigation Policy Team and Office for Security and Counter Terrorism were engaged in providing legal advice to Phorm (a supplier of rootkits and advertising systems, developed in Moscow).

For the avoidance of doubt, let me make very clear I've certainly never seen nothing in the information released to me to date that suggests a link between intelligence gathering and Phorm. And the Home Office have been keen to emphasise to me there is no link.

But I can't make sense of what I know at present.

Don't get me wrong, fighting terrorists is a laudible goal, and one I wholly support. But what were the Home Office thinking, when the UK was and remains in a state of critical/severe threat level? And when Phorm presents such a severe security and privacy risk to the UK?

Office for Security and Counter Terrorism
www.security.homeoffice.gov.uk
The OCST is the product of the recent government shake-up
to streamline who does what in the British counter-terrorism
structure. It takes the lead in the government’s “CONTEST”
counter-terrorism strategy and oversees much of the work that
NaCTSO, CPNI, MI5, JTAC, and others do to help business mitigate
the home-grown terrorist threat.You will also be able to find on
their website the “proscribed terror list” which will provide
a complete listing of all the organisations considered “terrorist”
by the UK government

[BetBlowWhistler]

Quote:

Originally Posted by madslug

{snip}..
Here is a question for the techies: if everyone used their computer's host file for the DNS lookups that it was designed for, would that help to avoid the redirects performed by the Layer 7 switch or any other hacker/malware?

In general, I would say yes (to this particular vulnerability). However it isn't the most practical approach. I suppose it would be worthwhile recording a few of your most sensitive sites in your hosts file (bank/paypal etc.).

You would, of course, have to manually update your hosts file should the site change it's IP address for whatever reason (not that often I would suspect).

Of course, this won't help the intercept that BT/Phorm will be doing. As far as I'm aware there is no tcp/ip flag that says 'do not source nat this packet' - this would actually be a very nice little feature (although the equipment doing the source nat is free to ignore the flag of course).

[OldBear]

Quote:

Originally Posted by Tarquin L-Smythe

OB the good Baroness was saved by the good guys see from post #8844 ,don't you love a happy ending.especialy as the good Lady Baroness is Guesting the meeting. No cred for Kenty boy in the Lords

Hi Tarquin,

I know all about the Baroness posting here, (I even gave the Lady some rep points )and that she's speaking next week; also agree that it's great news for us. Just thought it worth pointing out, as you've also stated above, that Phorm's lies are now officially on record in Hansard.

Seems to me that Kent thinks he has the ability to make people believe every word that comes out of his mouth; good for us and shame for him that some politicians aren't as easily fooled.

OB

[madslug]

Quote:

Originally Posted by Peter N

Not far off with that. Mobile phone profiling with word recognition has already been proposed and GPS tracking is already being trialled and it's been used to spot peoples shopping habits for a "study".

Location, location, location
BT have a long history of being interested in tracking services:
"Location-based services have been the next big thing for a long time. Way back in 2001, BT Cellnet, as it was then before it became O2, lured me to the Isle of Man to see trials of the world's first 3g network. One of the things that got them really excited was driving us in a taxi past some windswept pub on a lonely road so that a screen inside the cab could light up with a message inviting us in for a pint."

Now Yahoo are trying it: http://fireeagle.yahoo.net/

With everyone trying to get onto the 'added value' bandwagon, my big hope is that in a few years it will still be possible to buy a mobile phone which is a mobile phone.

[Tarquin L-Smythe]

OB it's hard to know what Kenty boy is losing the fastest his cred if he has any or his loot, what say you good people and of course you 43 Guests to the forum join in we love fresh input

Quote:

Originally Posted by Dephormation

But I can't make sense of what I know at present.

Don't get me wrong, fighting terrorists is a laudible goal, and one I wholly support. But what were the Home Office thinking, when the UK was and remains in a state of critical/severe threat level? And when Phorm presents such a severe security and privacy risk to the UK?

The conclusion that I would personally draw is that regardless of what they say to the contrary at the time the government immediately saw in Phorm the potential to be able to skirt existing privacy laws and see everywhere that everybody goes whilst online in real time!

I think the moment when I stopped accepting anything the government, or their agencies say, at face value was before the Iraq war when I returned home from work to find my wife in tears because she'd just heard the news that Iraq were capable of delivering a chemical warhead missile strike on targets in the UK within 45 minutes! They expected us to believe that a country under strict sanctions since the first gulf conflict (Iraqi invasion of Kuwait) had developed icbm capabilities! In that first war their scud missiles struck Tel Aviv from launchers on the Syrian / Iraqi border only because the warheads had been removed in order to achieve that extreme range! They consequently justified going to war with Iraq on the basis that they posed a direct threat to British Sovereign Territory - the only justification NATO would accept for such action.

Liars

[OldBear]

Quote:

Originally Posted by Tarquin L-Smythe

OB it's hard to know what Kenty boy is losing the fastest his cred if he has any or his loot, what say you good people and of course you 43 Guests to the forum join in we love fresh input

TLS, don't know if you (or anyone else) ever heard the interview Kent did with Charles Arthur (of The Guardian) back in March; if not, you can hear it here: http://www.guardian.co.uk/technology...s.arthur.phorm.

This guy is a master at losing credibility just by opening his own mouth.

Listen how he:

Panics when he realises that we know about the dodgy forged cookies (and about how they work)
Claims that 121Media/ContextPlus never ever done anything wrong
Shifts the responsibility for the so called customer polls supporting his scheme over to the ISPs
Claims he has the full backing of the Home Office and 'other relevant authorities'
Is clearly making up some bits up as he goes along

and lots more...

Give it a listen, you'll laugh, cry and get mad all at the same time.

I'd love to hear that interview done again today, considering all the new information that has been uncovered since back in March; it would make very interesting listening.

OB

[warescouse]

Off topic but latest ms auto update breaks zone alarm after reboot. Temp fix is to set internet zone to medium.

[bluecar1]

someone is desperate for phorm shares, two blocks of 5000 sold at 900 when the price range is 700-800, so why pay an 100 on top??

wheres hammy? he been following his own advice again and buying more shares???

peter

In post 34571690 I pasted a copy of a letter I wrote to West Yorkshire Police to report a crime.

I then had a reply from a Detective Inspector which told me they could not help and "All matters in respect of alleged breaches of communications are dealt with by The Interception of Communications Commissioner."

So I wrote to Sir Paul Kennedy (The Commissioner, c/o 2 Marsham Street, London SW1P 4DF). Now I did say I would share his reply, so I'll scan in and do that later. Suffice to say... (you guessed it!!), he does not agree with the Detective Inspector.

So I am writing back to the DI at West Yorkshire Police and I post below my letter reporting the crime again, this time backed up by Sir Paul's commentary:

Quote:

Detective Inspector xxxxxxxxxxx
West Yorkshire Police Headquarters
PO Box 9
Laburneum Road
Wakefield
WF1 3QP

9th July 2008


Dear Detective Inspector


Reporting a crime by BT plc - Interception of communications, contrary to RIPA 2000

Thank you for your letter dated 5th June 2008 in response to my reporting of a crime under the above act, RIPA 2000.

In your letter you explained that all matters in respect of alleged breaches of communications are dealt with by The Interception of Communications Commissioner (hereafter referred to as The Commissioner) care of 2 Marsham Street in London SW1.

The commissioner does not agree with you. In receipt of your letter I wrote to Sir Paul Kennedy (The Commissioner) and have now received a response from his office which states that The Commissioner's role is set out in RIPA section 57(2) and he goes on to explain the process in more detail:

The Commissioner advises me that if a person were to intercept a communication intentionally, and without lawful authority that would be an offence (see RIPA section 1(1)), but it would NOT be any part of the duty of The Commissioner to investigate the offence. Investigating 'would be a matter for the prosecuting authority, namely the police and the Crown Prosecution Service.'

So, I refer back to my original letter of 26th May 2008 and I would like to report a crime. I witnessed Ms Emma Sanderson, a director of BT plc, appear on British terrestrial television (*Channel 4, April 3rd 2008) saying that BT had intercepted communications of a number of customers, intentionally and without any legal order to do so, in 2006 and then again in 2007.

Since the admission on television and my letter to you, a BT internal paper was 'leaked' to the public on June 4th 2008 via the internet*. The paper details how BT sought to keep this communication interception activity from their customers (evidence that they did not obtain permission for the interceptions carried out). The paper makes no reference to a legal order for carrying out the interceptions so I believe that the extent of your investigation might be to check that no such authority was provided before passing this to the CPS.

* Video evidence from Emma Sanderson, the BT director interviewed by Channel 4 News is available on the internet:
http://www.channel4.com/player/v2/pl...p?showId=11622
* BT internal paper 'PageSense External Validation Report 15th January 2007� is available here:
http://wikileaks.org/wiki/British_Te...idation_report

It would be wrong of I to intercept my neighbours mail and open it. It would be wrong to try and tap into their phone calls. It would be wrong to tap into my neighbours wireless internet connection and review all their data. No communication company can be allowed to do this.

There are many legitimate reasons I can think of for legally intercepting communications and I will always fully support our security need to be able to do so in Britain. However, if BT, a company with offices in our region, has done this on a grand scale to thousands of customers, without permission and with no legal order or authority, then our police service need to investigate and pass their findings onto the CPS.

I trust that you are now in a position to be able to register that an alleged crime has taken place and take the necessary steps to ensure that those responsible are brought to justice.

Please note that there are now a large number of people interested in seeing that this issue is tackled and the law applied. I have published this letter (minus your name and mine) on a public forum. Unless you specifically request that I do not do so, I will share the response from West Yorkshire Police with interested parties on the same forum.

Yours sincerely


xxxxxxxxxxxx

I wonder what the next letter will say...

Hank

[isf]

Quote:

Originally Posted by OldBear

Give it a listen, you'll laugh, cry and get mad all at the same time.

I'd love to hear that interview done again today, considering all the new information that has been uncovered since back in March; it would make very interesting listening.

Surely, even with a few months to get the story straight it'd be the same nonsensical rubbish if it were done again today? An executive summary for those who haven't heard it or lack the time etc...

He (Kent) says they don't store any data before going on to describe how they store product categories and timestamps linked to the cookie UID. "When it's off it's off, there's no data collection", this after repeatedly insisting they don't collect any data

He says that the ISP administer the Phorm gear and a network level opt-out would defeat the anonymity of their system because then Phorm would know who you are

He talks about tracking cookies already on our computers, I can and do block these (actually all 3rd party cookies). Users couldn't block a cookie based opt-out Phorm since they'd still intercept all web traffic (something that doubleclick cannot do).

He talks about spoofing cookies and mentions being proud of "proprietary dimensions to the system"; "the cookie never leaves the system in any way"!

121 media rebranded because consumers couldn't differentiate between spyware and "legitimate adware"? What difference?

Love the repeated appeal to authority, the executives previously worked for all these supposedly reputable companies that Kent name-drops, the inference being that you should therefore trust Phorm!

"It's an opportunity for consumers", "make yourself completely anonymous"

He also talks about the phishing stuff, which as we all know is complete junk too.

Did I miss anything?

[SelfProtection]

Quote:

Originally Posted by warescouse

Off topic but latest ms auto update breaks zone alarm after reboot. Temp fix is to set internet zone to medium.

Or put Port 80,443 & any other port you require in the Outgoing TCP High Security ZA section.

[jelv]

I interpret all these refusals to investigate as an acknowledgement by the authorities that a crime has probably been committed.

If a crime has been committed, to investigate and prosecute is probably going to be messy and expensive for whoever takes it on. If they were pretty sure that the conclusion of an investigation would be that no crime had been committed - which would not be as expensive or messy - they would be more prepared to take the case on.

Note that they have all without fail said that it is not their responsibility to investigate - not that they believe there is no case to investigate.

So much for justice!

[OldBear]

Quote:

Originally Posted by isf

<mega snip>
Did I miss anything?

No, I would say you just about covered it.

Quote:

Originally Posted by jelv

I interpret all these refusals to investigate as an acknowledgement by the authorities that a crime has probably been committed.

Yep. That's why I'll just keep following the trail until I get to the top. (Or until I go round and around in circles finally ending up my own.... whatever - and I copy the Earl Of Northesk in so he sees it's still going on - good to see he raised it again, this is what we need)

Here's that letter from Sir Paul Kennedy's Office (the office of The Interception of Communications Commissioner). I told them I would publish it if they did not ask me to do different:

Quote:

From: The Assistant Private Secretary to
The Interception of Communications Commissioner
c/o Room P.S.Sl,
2 Marsham Stnet
London SW1P 4DF

Dear xxxxxxxxxxxxxxxx

The Commissioner has asked me to thank you for your letter of 18th June. He has not seen the letter from West Yorkshire Police to which you refer, but if it says that it is the role of the Commissioner to investigate all matters in respect of alleged breaches of the Regulation of Investigatory Powers Act 2000 (RIPA), that is not correct. His role is set out in RIPA section 57(2). It is not an investigatory role, it is a requirement to keep under review the exercise and performance by the Secretary of State and others of powers and duties imposed upon them by the Act. If, for example, a person were to intercept a telephone communication intentionally, and without lawful authority, that would be an offence (see RIPA section 1(1)), but it would not be any part of the duty of the Commissioner to investigate the offence. That would be a matter for the prosecuting authority, namely the police and the Crown Prosecution Service. Accordingly the Commissioner is not in a position to assist you in relation to your concems about the alleged activities of BT.


Yours sincerely



Assistant Private Secretary
to the Commissioner

SO... my take on this is: If the Police don't act then I can go back to him and say:
Please can you review the exercise and performance by the Secretary of State and the Police of powers and duties imposed upon them by the Act because a person(s) has intercepted thousands of communications intentionally, and without lawful authority, which is an offence according to RIPA section 1(1).

Of ocurse, the file being handed over to the police in London next week during the protest can only help get some traction behind this too!!

Hank