Phorm.....

[stevehay]

Conniff, I don't disagree with you but using the same analogy as before, whether my house address is private or personal, I still don't think it is right to allow my postman to open up all my personal mail and have the opportunity of seeing all my bank details.

If I subsequently find out that this same postman has used 'dubious' methods in the past to do this (aka 121 Media), I certainly hope that some legal act or another protects me from this happening before, now and also in the future.

This is why people have to be educated about this now and fight this product.

The way this product is being put to market is using a well known spyware method of gaining access to your PC. You are promised something (aka Webwise) that will benefit you FOR FREE (anti phishing filters etc) and when download and run the application you could get a lot more potentially harmful things you were not expecting going on behind the scenes.

In the case of Phorm's Webwise you don't even have to download anything, although you can if you so wish! The method used is interception of all your private data with the aid of your ISP.

This is effectively a wire tap and very cleverly promoted by Phorm (aka 121 Media) to make it appear as a benefit to the consumer. I'm am sure Phorm would rather had slipped this in under the curtain. Now they want to be 'open and honest', I wonder why.

Was their nasty PeopleOnPage browser popup when they operated under 121 Media 'open and honest' as well?

[Curlyben]

Is the worm turning:
The Guardian ditches Phorm | The Register

[stevehay]

I just read the article and hats off to The Guardian.

Obviously when they looked into all the aspects of the system and took off the free rose tinted glasses that was handed to them by Phorm, they have subsequently seen the errors of their ways.

I will renew my subscription.

[stevehay]

check out: BBC NEWS | Technology | BT advert trials were 'illegal' roost, chickens and come home spring to mind!

[david.m]

Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] - Page 146 - Cable Forum
"
just browsing for legal ruling like you do and this turned up , the lost RIPA appeal of Stanford's
http://www.lawdit.co.uk/reading_room...20Stanford .htm

Stanford Loses Criminal Appeal

3 February 2006

Stanford Loses Criminal Appeal

Cliff Stanford, the Internet pioneer has recently had his appeal to quash his criminal conviction for intercepting emails denied. Stanford pleaded guilty last year to intercepting emails from his former company Redbus Interhouse – he argued in his appeal that the trial judge had misunderstood the law.

Stanford was the founder of the ISP Demon Internet in 1992 but sold it to Scottish Telecom for £66 million in 1998. It is reported that Stanford made £30 million from the acquisition.

Shortly afterwards Stanford was a co-founder of the co-location and data centre company Redbus Interhouse.

However, Stanford resigned from the company in 2002 after disagreeing with the Chairman Jonathan Porter.

In 2003 allegation started to be made as to whether Stanford was involved in the interception of email between Porter and his month Dame Shirley Porter. Stanford and another man were later charged under the Computer Misuse Act and the Regulation of Investigatory Powers Act 2000 with a trial date set for September 2005. However, both men pleaded guilty to the offence shortly before the case went to trial.

Peters & Peters solicitors for Stanford were reported to have released the following statement:

"Mr Stanford pleaded guilty to this offence following what we regard as an erroneous interpretation of a very complex new statute. The Judge’s ruling gave Mr Stanford no option other than to change his plea to one of guilty."

Apparently, the legal team for Stanford intended to establish his innocence on appeal. However, this has had a severe drawback. He lost.

The Regulation of Investigatory Powers Act 2000 provides a defence to an individual who intercept a communication in the course of its transmission from a private telecommunication system, if they can establish:

a) that they are entitled to control the operation of the system; or

b) they have the express or implied consent of such a person to make the interception.

Stanford relied on the position that he had gained access to the emails through a company employee. The employee apparently was given access to usernames and passwords on the email server.

Therefore, Stanford argued, he was entitled to access the emails as “a person with a right to control the operation or the use of the system”.

Geoffrey Rivlin QC, the trial judge had a different view. He pointed out that
“right to control”
did not mean that someone had a right to access or operate the system, but that the Act required that person to of had a right to authorise or to forbid the operation. [that mean YOU users as the owner of the data]

Stanford appealed the judge’s decision. However, the Court of Appeal upheld Rivlin’s view. It pointed out that the purpose of the law was to protect privacy. Therefore Stanford’s sentence of 6 months imprisonment (suspended for two years) and a fine of £20,000 with £7000 prosecution costs
were upheld.

Daniel Doherty
__________________
Share what you know. Learn what you don't.
Data Protection Public Register
http://www.ico.gov.uk/ESDWebPages/Search.asp?EC=1

[david.m]

Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] - Page 144 - Cable Forum
CaptJamieHunter Dark Lord Of The Bork

Join Date: Feb 2008
Posts: 65



Re: Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797]
OK, here is the final version. Please feel free to use as a base for letters to educate MPs, MEPs, regulatory bodies, businesspeople and anyone with influence about what Phorm really is and how they and BT have acted.

Dear Mr Davis,

I should like to bring to your attention a number of worrying recent developments in the field of internet privacy and of the failure of the Office of the Information Commissioner to investigate what appear to be two clear breaches of the Data Protection Act and Regulation of Investigatory Powers Act by a major communications provider working with an advertising company.

You may already be aware that three major internet service providers (ISPs) have signed agreements with a company known as Phorm to sell to them the internet browsing data of their users as part of a "targeted advertising" scheme.

Computer news site The Register has uncovered a number of disturbing facts about Phorm including its previous involvement in spyware under a different name. Phorm prefer to spin this fact saying they were involved in adware. A cursory look at http://blogs.zdnet.com/Spyware/index.php?p=820, http://www.f-secure.com/sw-desc/peopleonpage.shtml and http://www.f-secure.com/sw-desc/apropos.shtml suggests differently, however.

Phorm make a number of claims about their "product" being "a gold standard in user privacy" but despite being present on The Register, CableForum and a number of weblogs they have failed to openly and honestly answer detailed technical questions and concerns put in the public domain.

The technology which causes greatest concern is that of Deep Packet Inspection and its use by this advertising company. This unit is installed by Phorm - the ISP has no access to it so cannot test, check or verify anything about the unit - and it inspects every packet of data which passes through it.

Everyone who works at home, be they home workers, members of Parliament, judges, would find their data being subjected to the kind of inspection only intended for law enforcement activities and which normally would only ever be available to a judge following due legal process but here will be available to a company with a very questionable history. Confidential Crown material worked on by
yourself or your Right Honourable colleagues, critically confidential business, personal or even security information could well be tapped under such a scheme.

A simple analogy is your daily post. Imagine if every piece of post was opened, read, its contents noted and then resealed before being given to you. But you don't know who the person reading your post is. You don't know where that information could reappear or how it could be used. You don't know how many confidences will be betrayed. Every piece of post. Letters from constituents, Parliamentary colleagues, business colleagues, friends, family, others raising issues with you as I am.

That is what Phorm is about. Financial gain from your personal activities and information.

You will understand now why I refer to the growing belief that Phorm is illegal under RIPA. Government advisors The Foundation for Information Policy Research has published an open letter to Richard Thomas, the Information Commissioner, stating this belief. This letter is at http://www.fipr.org/080317icoletter.html

Soon after this open letter appeared The Guardian newspaper recently rejected Phorm, saying that their "decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." As polite yet devastating a put down as I have ever seen.

More recently The Register obtained proof that BT not only secretly tested this "product" in June 2007 but lied to cover up this fact. Customers were given various excuses for their concerns, but no customer was told the truth. The report is at http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/

This issue took an even more serious turn when The Register revealed that it had seen documentary evidence confirming that "BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006."

This in addition to the secret 2007 tests. The Regulation of Investigatory Powers Act 2000 makes intercepting internet traffic without a warrant or consent an offence. It seems to me that illegally intercepting 18,000 customers' internet traffic is in breach of that legislation. As was the first secret test. I contend that BT must also be in breach of the Data Protection Act as the data was collected without customers' consent.

Please read the full report at http://www.theregister.co.uk/2008/04...rm_2006_trial/

BT claimed that there was nothing illegal about the trials but refused to answer a number of direct questions asked by The Register about Stratis Scleparis, the BT Retail CTO who became Phorm CTO after the first successful secret trial. BT preferred to hide behind a bland statement and refused to apologise to customers or acknowledge anything illegal took place.

The report is at http://www.theregister.co.uk/2008/04...orm_interview/

A number of people have already complained to the Information Commissioners Office but had little back in response.

Today I and others became aware that despite these facts coming to light, the Information Commissioners Office have said that there is definitely no official investigation by Information Commissioners Office with regards to Phorm. Neither is there any investigation with regards to the BT secret trials of 2006 and 2007.

I am led to believe the Information Commissioners Office are claiming that RIPA falls under the remit of the Home Office. The Information Commissioners Office seem unwilling to accept there should be an investigation into the activities of BT and Phorm. I should also add that the Information Commissioners Office were also extremely reluctant to divulge this information to a colleague and refused permission to quote them.

This cannot be acceptable from a public servant organisation.

This cannot be acceptable from the organisation created to "protect personal information" "provide information to individuals and organisations" and "take appropriate action when the law is broken."

If the Information Commissioners Office cannot or will not take responsibility for an investigation, why is this the case? Who has the legislative power to investigate this breach of 18,000 customers' privacy?

A major telcommunications company in the UK has betrayed the trust placed in it by its users. It and its accomplice, Phorm, should surely be brought to book for this flagrant violation of privacy legislation.

Is this really going to be allowed to pass by unchallenged?

One cannot help but wonder if the lack of action by the government and Information Commissioners Office is influenced in any way by the presence of former Labour minister Patricia Hewitt on the board of BT.

I am sure you appreciate that I and many others cannot understand why BT and Phorm are being allowed to breach internet users' privacy with complete disregard for their customers or the law.

I urge you to take up this issue with your colleagues in both Houses, the House Of Commons Select Committee on Science and Technology and the House Of Lords Science and Technology Committee.

Thank you for your time. If I may be of any further assistance to you please do not hesitate to get in touch.

Yours sincerely

-----------------------------
You need to mention Information Commissioners Office's obligation to enforce the Privacy and Electronic Communications Regulations with regards the BT secret trials. Whereas Information Commissioners Office might be able to say that RIPA falls under the remit of Home Office they cannot sidestep Privacy and Electronic Communications Regulations as I outlined in my previous post.

Feel free to cite the relevant parts directly from the beginning of that very long post I made.

Alexander Hanff
--------------------
Deep packet inspection - Wikipedia, the free encyclopedia

[david.m]

Quote:

Quote:

Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] - Page 140 - Cable Forum
Quote:
Originally Posted by Ravenheart
For anyone who missed it

http://www.bbc.co.uk/mediaselector/c...bbram=1&asb=1l

http://news.bbc.co.uk/player/nol/new...news=1&bbcws=1

And just in...

http://www.theregister.co.uk/2008/04...orm_interview/

popper:for anyone that preferes to use a 3rd party player such as VLC directly on your other OS heres a working direct mms URL
mms://wm-acl.bbc.co.uk/wms/news/media_acl/mps/fix/news/business/video/163000/bb/163377_16x9_bb.wmv

lol, you were spying on your customers......
mms://wm-acl.bbc.co.uk/wms/news/media_acl/mps/fix/news/business/video/163000/bb/163376_16x9_bb.wmv

from Elreg "
Bootnote

Friends tell us BT will get a grilling on Channel 4 News today."
so keep your eyes open

cant find the clips if they exist yet?

Concerns over data pimping deal
Last Modified: 04 Mar 2008
By: Channel 4 News

http://www.channel4.com/news/article...g+deal/1703547

update and video clip
Channel 4 - News - BT 'spies' on customers

"Stephen Mainwaring from Weston Super Mare is one very angry BT customer. Last year, after noticing strange goings-on on his computer he contacted his internet service provider BT, who told him ....."

""Frankly that was disgraceful by BT to have done it, it would be huge diminution of our rights as individuals if this whole system is allowed to go ahead without us all being given the opportunity to opt in or out" - Don Foster, Lib Dem Culture Spokesman
"

"
"The act of anonymising the surfing history of someone is in itself processing personal data. And someone is doing that, whether it's ISP or Phorm, so there's a good argument that that is a breach of the Data Protection Act." - Mike Conradi, Technology Lawyer
"
....

[Wheredoigonow]

The other thing to think about guys, is how many other ISPs have done this? With their record do you think 121/Phorm have stopped at BT?

[david.m]

Light Blue Touchpaper » Blog Archive » The Phorm “Webwise” System
"
Much of the information was already known, albeit perhaps not all minutiae. However, there were a number of new things that were disclosed.

Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system,
so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website.

A number of very well-informed people on the UKCrypto mailing list have suggested that the last of these actions may be illegal under the Fraud Act 2006 and/or the Computer Misuse Act 1990."

"
Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception as defined by s1 of the Regulation of Investigatory Powers Act 2000."

[Conniff]

The main fault with this is that it is an 'opt out' system which is illegal under European legislation. It must be an 'opt in' system.

[david.m]

people might be wise to keep track of this too, now were was that Data Protection Act for stopping the CRA's from collecting and procesing your data ?, need to update it perhaps.

to reiterate surlyBonds thread first, we might be needing it real soon.
http://www.consumeractiongroup.co.uk...d-removal.html

Experian to track net users - Times Online
"
April 6, 2008


Experian to track net users



James Ashton


EXPERIAN, the credit checking company, is braving mounting concerns over internet privacy with plans to launch a service that will track broad-band users’ activity so they can be targeted with advertising.

Through Hitwise, the web-site company it acquired for £120m a year ago, Experian has held talks with internet service providers to sell its monitoring technology.

Observers expect it to compete in part with Phorm, an AIM-listed company that has stirred controversy after being recruited by BT, TalkTalk and Virgin Media to track their 10m customers’ behaviour so they can be sent advertising messages on the websites they are looking at.

However, the key difference is that Hitwise, which describes itself as an “online competitive intelligence service...”

incase your reading this later and the threads gone quiet, you can always hope the Cable forum users are still fighting your ISP data corner OC.
Virgin Media Phorm Webwise Adverts [Updated: See Post No. 1, 77, 102 & 797] - Page 168 - Cable Forum

is it just me or have all the CAG fighters gone home, surlyBonds , i salute you

were did Bankfodder go ?, he was such a fighter once , and i thank you for that, and keeping this Message board going as a good reference archive at least.

[funhat]

I don't feel comfortable with this at all. I work a lot from home on a VM connection, mainly email/web based applications but I'm going to have to consider who I actually use as an ISP from now on if I want to keep this perk.

[david.m]

after many CF re-submitting of RIPA petitions on the downing street website, and being rejected every time with such replys as “duplication” were its clearly not,and this laughable latest one “Outside the remit or powers of the Prime Minister and Government”

OF1979 had enough and posted at a new place http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-172.html#post34523181

heres the petition
http://www.petitiononline.com/BTRipa/petition.html
“To: UK Prime Minister
We, the hereby undersigned, petition the United Kingdom Prime Minister to ask the Home Office to launch an investigation into British Telecom and Phorm criminal breach of section 1 of the Regulation of Investigatory Powers Act 2000 (RIPA) during secret trials in 2006 and 2007.

BT have recently admitted to carrying out secret trials of Phorms technology in 2006 and 2007 without their users consent or permission.

Many experts, including the Foundation for Information Policy Research and also the Open Rights Group, contend that these trials constituted illegal interception and as such were a criminal breach of RIPA.

We ask that the Prime Minister require the Home Office and police to launch an investigation into these criminal breaches which constitute a large scale intrusion of online-privacy.

Sincerely,
The Undersigned
”
pass the word please

[2Grumpy]

I obviously don't understand how phorm works. When I read the explanations, they say that they wait for the browser to resend the request - is this some kind of timeout or do they send a message back asking for a resend?

Either way, I don't see this speeding up my internet connection, especially with an old pc that's already doing too much without having to resend requests, especially where there's a lot of data involved. Imagine resending a fair sized document in google docs or uploading a photo etc because phorm is in the way?

As for the privacy angle - well, they would say that there is no problem. They said that the information commissioner had checked out their system, but the Information Commissioner's website says they are looking. Advertisers pull out and phorm say that they haven't. Phorm is obviously a well respected company that can be believed in everything that they say. I too have absolute faith in their Russian ex spyware coders. I am also totally convinced that they if I opt out they won't look at any of my internet traffic or be delayed just because they are there.

Also, why do they say they would be happy to be audited - but only by one company? Or did I get that wrong as well?

Grumpy

[funhat]

The main issues are:

1) Opting out just means you won't receive targetted adverts as built up on your profile they hold by IP address of your machine. You will receive adverts as normal, however, Phorm will still record your browsing.

2) What is going to happen to your speeds/connection if Phorm's hardware suffers problems or they do not have the capacity to handle it all, will your ISP have immediate fallback?

3) Phorm will not (only because they cannot realistically) look at HTTPS requests, secure ones that you see a padlock for in your browser. What about other sites which require details but are not SSL, ie webforums like this one?

I find it beggars belief that they have got the ok from the Information Commissioners Office because you cannot be identified. People get sued for filesharing after being identified by IP address alone, so I'm failing to