Quote:
Originally Posted by Portly_Giraffe
Here's an initial draft of a flyer which could be sent to MPs to try to explain in non-technical terms what is happening and why it's wrong.
http://www.inphormationdesk.org/Phorm_Flyer_V1.pdf
Please everyone, review it for accuracy and effectiveness.
Thanks. PG.
|
Remember MPs have already recieved the brief from BT, that brief is a single page and much simpler. OK, here's my response to my MEP after he asked my opinion on the BT brief:
> What is BT’s involvement with Phorm? Earlier this year BT Retail, along with Virgin Media and Talk Talk, confirmed that it had entered into an agreement with Phorm,>a digital technology company.
Since I emailed you Virgin Media has stated it only agreed to look into the technology, they have not agreed to provide webwise:
http://www.theregister.co.uk/2008/05...rm_misleading/
>The agreement with Phorm enables BT Retail, and the other ISPs that have signed up, to offer customers a new free internet feature>called Webwise.
This concept of a "free internet feature" is a worrying way to "trick" their customers to agree to being profiled.
> What is BT Webwise and how does it work? BT Webwise checks for known fraudulent websites and warns customers if they visit one, with no need to download or>install any software.
This feature comes with Internet Explorer 7 and most anti-virus software including Norton who BT themselves provide to their customers already.
>It also replaces generic adverts on participating websites with adverts more relevant to customers’ interests, based on the web sites they visit and the things they>search for. Prior to the announcement, BT thoroughly researched Webwise and was encouraged by the very positive consumer response to the service.
So what webwise is is basically an advertising platform. This thorough research was a single third party survey. BT has not released any details of this survey.
> What does this mean for customers’ privacy? The privacy and security of our customers’ data is of the utmost importance to us. Any information on users’ browsing>is completely anonymous. The system does not store personally identifiable information, URLs, IP addresses or retain browsing histories.
This section comes down to trusting the people running the system, if you look at the history of Phorm(formerly 121Media) they're not inspiring much trust.
From the wiki page(
http://en.wikipedia.org/wiki/Phorm):
"121media, the former name of Phorm, has had its products described as spyware.[9] As 121Media it distributed a program called PeopleOnPage[10], which was classified as spyware by F-Secure.[11] PeopleOnPage was an application built around their advertising engine called ContextPlus. ContextPlus was also distributed as a root kit called Apropos[10][12], which used tricks to prevent the user from removing the application and sent information back to central servers regarding a user's browsing habits.[13]
In November 2005 the Center for Democracy and Technology in the US filed a complaint with the Federal Trade Commission over distribution of what it considered spyware, including ContextPlus. They stated that they had investigated and uncovered deceptive and unfair behaviour. This complaint was filed in concert with the Canadian Internet Policy and Public Internet Center, a group that was filing a similar complaint against Integrated Search Technologies with Canadian authorities"
Also note that Phorm deleted key factual parts of the wiki entry but were caught doing it:
http://www.theregister.co.uk/2008/04...ors_wikipedia/
> Search information is>deleted almost immediately and is not retrievable. Webwise does not scan webmail pages so emails on Gmail, Yahoo mail or Hotmail are>not scanned.
It does not scan these email sites because Phorm have added them to a block list. They will scan any webmail sites not on that block list, a quick search on google returns several thousand webmail sites. What are the chances that they will all apply to be put on the blocklist, and why should they have to?
>Secure pages>such as banking websites and web forms, such as online registration or sign-up forms, are not scanned. None of the personal>information often>contained in form>fields is, therefore, ever captured by the system. No data is passed outside BT's network.
Often sites will have a secure login, but after that the pages are unsecured, hotmail for example does this. So they will be profiling data from a secure site.
The profiling computer is inside the BT network, but it has been "gifted" to BT by Phorm and runs Phorms software and hardware.
> Webwise privacy standards have been verified by an external auditor Ernst & Young
This audit was based on US law which is far weaker that UK law.
> and leading privacy advocate Simon Davies, MD of 80/20 Thinking, has also>carried out a Privacy Impact Assessment on Webwise technology.
80/20 did an interim report back in mid March, the full Privacy Impact Assessment which was supposed to be released at the end of April has so far not been finished.
> Has BT tested this product previously? BT conducted two small scale technical tests of a prototype advertising platform in June 2007 and over 2 weeks in>September-October 2006. These tests were specifically conducted to evaluate the functional and technical performance of the platform. Absolutely no personally>identifiable information was processed, stored or disclosed during either trial. As with all Service Providers, it is important for BT to ensure that, before any>potential new technologies are employed, they are robust and fit for purpose.
As I previously mentioned these were not small scale with tens of thousands of people profiled secretly. When some of their customers complained about problems, BT denied any responsibility telling them they had spyware or viruses on their PC's.
This was from a few weeks ago, so we should come up with a tighter flyer.
(anyone wanting a copy of the full BT brief PM me)