A prominent IT thinktank has criticised the Information Commissioner's Office for apparently giving its approval to an internet-advertising system that may be illegal.
The Foundation for Information Policy Research (FIPR) said on Sunday that it hoped the Information Commissioner would "reconsider what appears to be a green light for lawbreaking". These words came after the Information Commissioner's Office (ICO) made a long-awaited statement about the system, which is called Phorm.
Phorm is a technology for tracking an internet user's browsing habits, then using the resulting information to present that individual with targeted advertising. Privacy campaigners, including those at the FIPR, have expressed concern that Phorm represents not only a breach of privacy, but a breach of the law. The controversy has also been heightened by the revelation that BT, the country's largest internet service provider, has conducted trials of Phorm on some customers without telling them.
The ICO reacted to the controversy on Friday by acknowledging that Phorm and its BT trials have "provoked considerable public concern", but it welcomed "the efforts [Phorm] are making to engage with sceptical technical experts".
"We have had detailed discussions with Phorm. They assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users," the ICO said. "Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users. They clearly recognise the need to address the concerns raised by a number of individuals and organisations including the Open Rights Group."
"The ICO strongly supports the use of technology in ways which enhance rather than intrude upon privacy, and plans to produce a report on 'Privacy by Design' later this year," the ICO's statement added.
Read this
Q&A: Facebook and the price of user privacy
Aaron Greenspan warns that Facebook is sacrificing user privacy on the altar of hyper growth
On Monday the FIPR said the ICO's statement "appeared to give the go-ahead for upcoming trials of [Phorm's] system by BT". Nicholas Bohm, FIPR's general counsel, said a letter, sent from the FIPR to the ICO in mid-March, remained unacknowledged and unanswered.
"We now know that BT have already conducted secret trials of this technology, testing the effectiveness of snooping on their customers' internet activities. They claim to have received extensive legal and other advice beforehand, but have failed to give the reasoning on which this advice is based," said Bohm. "As we pointed out in our letter, the illegality stems not from breaching the Data Protection Act directly, but arises from the fact that the system intercepts internet traffic. Interception is a serious offence, punishable by up to two years in prison. Almost incidentally, because the system is unlawful to operate, it cannot comply with data-protection principles."
Bohm added that BT's decision to, in future, get their customers' permission to "monitor their… browsing" appeared to "ignore the fact that they can only legalise their activity by getting express permission not just from their customers, but also from the web hosts whose pages they intercept, and from the third parties who communicate with their customers through web-based email, forums or social-networking sites".
Talkback
For the organisations which we have heard find Phorm technology acceptable, I say wake up and smell the coffee.
Firstly if the technique is not illegal, it ought to be, despite all the posturing. For any right minded person, it is clearly 'wrong'
Secondly, if the technique is adopted, it opens the door to other uses, legal, questionable or illegal. And that is before any kind of hacking or hijacking is considered, bearing in mind that perfect security does not exist.
Thirdly, if there is targeted advertising in Phorm there must be a clear link to identity otherwise how can the targeted advertisements be delivered. If you know my telephone number, MAC address, etc., etc., you know who I am
Fourthly, we are being given a bit of a snow job when we are told nothing is saved therefore the technique/technology is OK. Rubbish. Furthemore, it is beyond my comprehension that Phorm will increase my security and improve my experience of the internet. That is unless we are being threatened with a deliberate avalanch of unwanted 'stuff' as an alternative.
Finally, amplifying an earlier point, once this technology has been introduced and become (sort of) accepted, it can be extended to all sorts of covert (and intrusive) surveillance, and even control, activities, carried out by the state (or others) - in our interests ...... NOT. This is dangerous technology and I smell a rat. I'm reminded somewhat of all the guile surrounding the issue of Identity Cards.
Excuse me for thinking conspiracy!
How does the technology work?
If it identifies activity against ISP account, ISP connection, and or connection's MAC code and this is a router linked connection (as many are) does that mean the activity of one person will be visited upon all users of that connection? Boy does that open up a can of worms!
Without fuller details of the technology it is only speculation on how bad this bad technology is!
As I understand, it does. Just one of the many objections.
Read this
http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf