Tag Archives: Dpi

Are Phorm Phull Of It? It Looks That Way

April 17, 2009 5:18 pm \

Phorm, the company behind the yet to be proven legal targeted advertising technology “Webwise” have had a rough week.

  1. The European Commission told them there is a legal case for them, BT and the UK “Government” to answer
  2. LiveJournal have told them where to go
  3. So have Amazon
  4. Wikimedia has gone further and issued a public statement saying that they consider Webwise to be “an infringement on their [users'] privacy“. Respect to Wikimedia for standing up where others have been reluctant to do so.

With these very heavy hits against them, Phorm did the one thing they felt they had to do.  Reassure their investors with some woefully inadequate spin disguised as facts.

I’ve played local club cricket.  And I’ve seen some pretty poor attempts at spin and some woefully dodgy actions.  Never mind Johan Botha (who I like and admire and am sure he’ll be back soon) or Muttiah Muralitharan, I’ve seen people throw like Steve Backley.  The latest batch of spin is, sadly, just the kind of thing I’ve come to expect from Phorm.

Phorm are claiming that the UK “government” Department for Business, Enterprise and Regulatory Reform has cleared their Webwise “product” as legal.

Now I and others have repeatedly challenged Kent Ertugrul and Phorm to make public the advice they have received confirming the legality of Webwise.  Phorm’s PR people know my e-mail address, they used it once.  I replied openly and honestly and have yet to receive any reply from Phorm.

To this day I have not seen anything, whether from “government” or legal counsel that confirms Webwise is legal.  Not one word of counter argument from people more qualified than me or Dr Richard Clayton or Alexander Hanff or anyone else on the various anti-Phorm forums to pass an objective opinion based on law.

Nothing.

So any such claims should be taken with a truckload of salt.  But if you do a little research, you find that the actual facts are a bit different from what Phorm would have you believe.

Freedom Of Information requests are a very useful tool.

Begs the question does Phorm actually have documented legal opinion confirming the legality of Webwise?  I’ve been repeating this like a broken record time and time and time again but still have yet to see any verifiable legal opinion from Phorm that confirms Webwise is in fact completely legal and above board.

I’m beginning to wonder if this ever existed.  There’s a very simple way to answer this question.

Publish this legal advice or opinion for everyone to see.

Read NoDPI’s take on this issue here.

The facts look plain to me: BERR and the Home Office have never provided legal opinion that Webwise is legal.  Isn’t Phorm saying something to the contrary lying?

There’s a phrase for someone telling untruths where I come from.  Well actually there are quite a few and most of them are not suitable for this blog.  “You’re full of it!” is the phrase which comes to mind.

So the question is, if this legal advice or opinion doesn’t actually exist, are Phorm phull of it?

It looks that way.

Can Kent prove Jamie and the anti-Phorm campaigners wrong?

Posted in: campaigning, government, Internet, privacy, Techie \ Tagged: , , , , , , , , , ,

Wikimedia Foundation opting out of Phorm

April 17, 2009 7:47 am \

First it was LiveJournal, then Amazon and now the Wikimedia Foundation has instructed Phorm that it is opting-out of the Webwise scheme.

Not only that, they have made a public statement about why they have done so.

Part of their opt-out e-mail states:

The Wikimedia Foundation requests that our web sites including Wikipedia.org and all related domains be excluded from scanning by the Phorm / BT Webwise system, as we consider the scanning and profiling of
our visitors’ behavior by a third party to be an infringement on their privacy.

Credit to the Wikimedia Foundation a) for opting-out of Webwise and b) for making a public statement confirming that they have done this and why they have done this.

It sets a precedent for other websites to follow.

Posted in: campaigning, Internet, privacy \ Tagged: , , , , , ,

EU Commission Starts Legal Action Against UK “Government” Over Phorm: Oh Yes!

April 14, 2009 8:06 pm \

We have been called luddites.

We have been slated.

We have been accused of making “emotive statements”.

We have been seen by some people as an irritant, a nuisance worthy only of being patronisingly and contemptuously dismissed.

We have been seen by others as a bunch of nerdy techies making a fuss over nothing who should get out, get a life, a girlfriend  and join the real world.

Some of us have been threatened for simply copying information which is already available online, publicly and for free.

Well now it’s time for those people to get their heads out of wherever they have them stuffed and start taking us seriously.  That includes Neil Berkett of Virgin Media, Charles Dunstone of Carphone Warehouse, the entire board of BT and everyone at the Information Commissioner’s Office.

Today the European Commission made the following announcement:

The Commission has opened an infringement proceeding against the United Kingdom after a series of complaints by UK internet users, and extensive communication of the Commission with UK authorities, about the use of a behavioural advertising technology known as ‘Phorm’ by internet service providers. The proceeding addresses several problems with the UK’s implementation of EU ePrivacy and personal data protection rules, under which EU countries must ensure, among other things, the confidentiality of communications by prohibiting interception and surveillance without the user’s consent. These problems emerged during the Commission’s inquiry into the UK authorities’ action in response to complaints from internet users concerning Phorm.

What that means in simple language is that the European Commission is taking legal action against the UK “government” for its failure to properly investigate the secret testing of Phorm’s technology by BT.

You can read the full text of the Commission’s announcement at The Register’s report.  Then head on over to NoDPI to read Alexander Hanff’s reaction to this news.  For those of you who don’t know, Alex has been at the forefront of the campaign against the use of DPI technology.  Here’s a snippet of Alex’s post, the whole of which I agree with wholeheartedly:

This is fantastic news and after 14 months of campaigning it is rewarding to see that at last the public lobby has come through.  It was done without millions of pounds of budget; it was done without expensive PR teams and legal hammers; and it was done with a level of determination by the general public which is hard to match.

I have written at some length about Phorm here on VFPJ.  After my initial response to Phorm’s PR on April 11th 2008 I have not heard any further response from them.  I have challenged Phorm openly to publish whatever legal opinion they have confirming Webwise’s legality.  It can’t be that difficult if Phorm do have such opinion from an eminent legal professional.  Nothing has been forthcoming from them.

Even today, in responding to The Register’s report

Phorm returned our call via email just after 4pm. It sought to soothe investors, saying it does not expect the Commission’s action to have any impact on its plans. It did not address the legal status of its previous secret trials.

So, to Kent Ertugrul, Phorm Chairman I offer this message:

I and others have been writing about Phorm for over a year.  I was there at the Open Meeting in 2008 where you completely failed to offer any counter argument to the contentions of Dr Richard Clayton and Alexander Hanff.  There is video footage online showing those presentations.  Which does make me wonder where the “official footage” is, almost a year on from that meeting.

I’ve asked you here and in other forums to make public the legal opinion you have which argues against Dr Clayton and Alexander Hanff.  This isn’t about emotive language, it is about legality. Legality is fact.  Not an emotive issue.

Legality is not an issue you can think “Oh well, it doesn’t matter” and ignore it.  Any law student will tell you that ignorance is no excuse in the eyes of the law.  It is one of the first things you learn in a law class!  Until I see a verifiable legal opinion to the contrary (a QC opinion will do, with full name, address and references so I can verify it) I will consider Phorm’s Webwise product as it stands an illegal invasion of privacy.

The European Commission has considered our arguments and is convinced that there is a case to answer.  This is only the beginning.  We will continue to campaign, to inform the European Commission, MPs, MEPs and everyone we know with some degree of influence that we believe what Phorm and Webwise stand for is illegal.

It’s a bit sad that the European Commission should have to take the UK “government” to task for its failure to address this issue properly.  As ever, the comments page following The Register’s reports makes interesting reading.  I would draw your attention to the comment “I dispute Mr. Kent Ertugrul’s assertion that BERR approved Phorm because..” in particular.  It rather points back to my original challenge.

Commissioner Vivian Reding clearly believes there is a case to investigate and hard questions to answer.  It is a savage indictment of the UK “government” that they have not already acted to protect the privacy rights of UK citizens.  Take note Stephen Pound MP – your “government” has failed and is now being held accountable by Europe.

Posted in: campaigning, Internet, Politics, privacy, Techie \ Tagged: , , , , , , , , , , , , , ,

Your Online Identity Is Not As Anonymous As You Think!

March 27, 2009 12:31 pm \

In their paper “De-Anonymising Social Networks“, Arvind Narayanan and Dr Vitaly Shmatikov from the University Of Texas at Austin present a method by which supposedly “anonymous” data can be turned back into identifiable names and addresses.  This is a very disturbing development.

The BBC carries a report on the paper here.  If you want to look at the whole paper then you can find it here.

Do you still believe that the claims of companies like Phorm when they say nothing identifiable is recorded by their (still to be proven legal) DPI product “Webwise” ?  I never have.  This confirms my beliefs and affirms my position as an opponent of Phorm and any peddler of DPI technology to snoop on ISP customers.

The paper’s conclusion is quite scary.  I’ve tried to snip a few bits out for brevity.

The main lesson of this paper is that anonymity is not sufficient for privacy when dealing with social networks. We developed a generic re-identification algorithm and showed that it can successfully de-anonymize several thousand users in the anonymous graph of a popular microblogging service (Twitter), using a completely different social network (Flickr) as the source of auxiliary information.

Our experiments underestimate the extent of the privacy risks of anonymized social networks…  we expect that our algorithm can achieve an even greater re-identification rate on larger networks.

We demonstrated feasibility of successful re-identification based solely on the network topology… In reality, anonymized graphs are usually released with at least some attributes in their nodes and edges, making de-anonymization even easier.

Furthermore, any of the thousands of third-party application developers, the dozens of advertising companies, governments who have access to telephone call logs have access to auxiliary information which is much richer than what we used in our experiments. At the same time, an ever growing number of third parties get access to sensitive social-network data in anonymized form.

These two trends appear to be headed for a collision resulting in major privacy breaches, and any potential solution would appear to necessitate a fundamental shift in business models and practices and clearer privacy laws on the subject of Personally Identifiable Information.

Posted in: Internet, privacy \ Tagged: , , , ,

Joseph H. Malley prepares for possible litigation against Phorm in the US

March 17, 2009 12:10 pm \

From NoDpi comes news that

The lawyer responsible for bringing a class action suit against NebuAd, for their trials with ISPs of Deep Packet Inspection as a mechanism for behavioural advertising – has issued a statement calling for US victims of the Phorm trials to come forward.  His intent is to gather evidence sufficient to initiate litigation against Phorm Inc. in the USA.

If you are a BT Internet customer who has had any contact over the internet with anyone in the United States for any reason, please go to NoDPI and read the release because this affects you and the person(s) you had contact with.  Their privacy is believed to have been illegally intercepted.

Posted in: Internet, privacy, surveillance state \ Tagged: , , , ,