Jump to content



style="text-align: center;">  

Thread Locked

because no one has posted on it for the last 4404 days.

If you need to add something to this thread then


Please click the "Report " link


at the bottom of one of the posts.


If you want to post a new story then


Start your own new thread

That way you will attract more attention to your story and get more visitors and more help 



Recommended Posts

Over the past week or so its come to light that 3 of the major ISP's have taken up arms with a company called Phorm, some info:


3 Internet Providers in Deal for Tailored Ads - New York


Other places like The Register have also latched onto the news. One thing I would like to know, and I am sure some others would as well, where do we stand now that our privacy and habits are being sold on to this advertising harvest farm, as I also understand Phorm has a terrible background for security. Some more info on Phorm:


BadPhorm - When good ISP's go bad!: Welcome


Anyone know where we stand, can this be stopped?






Link to post
Share on other sites

  • Replies 53
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic



You beat me to it, was going to highlight the Register's story too.


Anyway, not sure where we stand. I have drafted a letter to send to Talk Talk complaining about this invasion of privacy. I think this is a very scary turn of events. If any Law Enforcement agency wanted this sort of information I'm sure that it would be alot harder for them to get than this.


Will be writing to the Information Commissioner in a fortnight as I guess I will get a bog standard reply from the fabulous customer relations department at Talk Talk.

Barclays Bank Account - settled in full £800.:)

Barclaycard prelim sent 13 Jun 07

Barclaycard settled for full amount 26 Jun 07.

Link to post
Share on other sites

I can't agree with this at all. A lot of major and not so major program makers offer either a lite or last years version of their program for free if you accept advertisements. This is a fair enough offer, you can decide to accept adverts in return for a free program.


It don't seem to me that these ISPs will be offering money off or free increased bandwidth if you accept adverts, they are going to impose without choice advertising on a service which you are paying for.

If they did offer an incentive in return for accepting advert, then this would be ok as you had a choice of which way you wanted to go.


It looks like some popup blocker writers and MS are in for a busy and profitable period if should prove to be legal and is enforced on those ISPs subscribers.

Link to post
Share on other sites

Even you web emails and unsecured on-line activities will be targeted, your personal information will be hijacked and sent to the Phorm servers to be analysed for ads.



This has to be illegal, surly someone knows where we all stand........


Another post is on this site now, so people are getting worried.




Link to post
Share on other sites

Was just over on "the Reg" and there is now a link to a petition.


Will post on the other Phorm forum so that noone misses it.


Can the forums be merged please?


Petition to: Stop ISP's from breaching customers privacy via advertising technologies.

Barclays Bank Account - settled in full £800.:)

Barclaycard prelim sent 13 Jun 07

Barclaycard settled for full amount 26 Jun 07.

Link to post
Share on other sites

This seems to be a spreading problem. I got sent one of these Phorms by Skillstrain (see posts about this company). Like a pillock I completed it without reading the threads on CAG, no doubt I will be bombarded with more spam as a result. Mind you I am with BTYahoo and their spam cleaning software is pretty good.

We haven't got the money, so we've got to think!

Ernest Rutherford


A & L

Data Protection Act Letter sent 11/08/06

Data rec'd 14/09/06, Prelim letter sent 16/09/06

LBA sent 22/09/06, MCOL 6QZ68670 issued 2/10/06 - chq for £6,375.34 rec'd 04/11/06.

Link to post
Share on other sites

right, i really think nows the time for the CAG members to really put the effort in, and pull this thing apart, if CAG is to be a real force in consumer market and advocacy.


the lack of response to this UK ISP/Phorm intrusion as regards UK Data Protection Act/RIPA and other related UK/EU laws threat is really disapointing when measured against the bank charges threads on this very board....


were are YOU ALL, and why arnt you concerned about this massive change to you ISP guarded person data usage.


have you all sent your registered post data protection act notices to your ISPs data contoller removing their right to process your data or something, and so are not worryed?.


right to start things off again

the Techteam ( as far as its known, he is a real tech inside the Phorm company, as apposed to the 3rd party that they contracted PR team thats also posting under a like name)

Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] officially posted this the other day.


"We would be very happy to have our systems undergo a privacy audit by E&Y or another auditor in the UK. We are in the middle of a Privacy Impact Assessment (for info on PIA please see the Information Commissioner Office site: http://www.ico.gov.uk/upload/documen...l/1-intro.html which is being conducted by Simon Davies (80/20 Thinking / Privacy International) and we will work with him and his team throughout the year to ensure we adhere to the highest standards of privacy."


didnt he or they read/understand the link and its requirements?.


ICO - Privacy Impact Assessment



2. Undertake a stakeholder analysis


Those who may see themselves as 'having a stake' in the project should be identified at an early stage. This may include:

  • the organisation conducting the project, and perhaps also various sub-organisations within it;
  • other organisations directly involved in the project;
  • organisations and individuals that are intended to benefit from it;
  • organisations and individuals that may be affected by it, and possibly
  • organisations that provide technology and services to enable it

It is advisable to document the results of the stakeholder analysis in an appropriate form, most likely a one-page summary.





go and have a good read of that link and report back any factual points and errors as regards their use of a payed 3rd party in their employ and other points you may find werth bringing up....

Link to post
Share on other sites

Firefox users can block phorm with the help of an addon available HERE


The addon can be forced to work on firefox 3b3 too

All my posts are made without prejudice and may not be reused or reproduced without my express permission (or the permission of the forums owners)!


17/10/2006 Recieve claim against me from lloyds TSB for £312.82

18/10/06 S.A.R - (Subject Access Request) sent

03/02/07 Claim allocated to small claims. Hearing set for 15/05/07. Lloyds ordered to file statement setting out how they calculate their charges

15/05/07 Lloyds do not attend. Judgement ordered for £192 approx, £3 travel costs and removal of default notice

29/05/07 4pm Lloyds deadline for payment of CCJ expires. Warrant of execution ready to go

19/06/07 Letter from court stating Lloyds have made a cheque payment to court

Link to post
Share on other sites

david, while that FF add-on might give some the false sense of security, its missing the point, that being the right to collect,process and control your personal data and ignoring the UK and EU laws etc.


as a reminder of the above regarding Simon Davies and 80/20 Thinking .


id like to point out simon Davies co-workers comment, one AKA Robin Zaker on The Register.


although we dont know his real name so only The Register and he nows for sure..


Comments on ‘Data pimping: surveillance expert raises illegal wiretap worries’ | The Register



By Robin Zaker

Posted Wednesday 5th March 2008 14:36 GMT

coat_48.png With the Phorm thing, you are all wrong- if you bother to actually do your research then you'll get a different picture-


Why not be more concerned about the secretive Ellacoya or even Google's 24month profile retention?


Phorm doesn't even keep data- its trying to reverse the belief that you have to keep massive detailed profile to advertise or anything else (and I know that you hate advertising but be realistic- its not going away, especially with the 'free broadband' wars pushing profits down and out).


As one of the PI employees sent to look at Phorm (though i'm not allowed to reveal my identity (NDA)- and we feel that 'endorsed' is a bit of a strong word)


I had access to their proposed technology and I was impressed with what they are intending to do- it is in my view a step forward in what has been a downhill battle for privacy- not as private as i would want but definitely against the flow of all the other data squirrels.


Obviously you have realised that porn and the 'sensitive' material will not be read- as the system only recognises pre-defined words/matches. i'm depressed that the rest of the tech community are attacking the one thing that I thought they would consider sensible, but they are too paranoid as ever.


Ads will not be unlawfully changed-they'll just earn more for the website owner...


if you opt out then they would not legally be able to even scan your data for wordmatches- that'd be suicide so as a commercial company they wouldn't.


it's not infringing RIPA- they passed an investigation months ago..


In fact almost all the problems that you sheep worriers have are not even slightly founded- its all misinformed-


go do proper research not wildly inaccurate speculation


Oh and the whole CHINESE SERVER thing stems from a MUPPET searching for a trace on OXI.com, what a TOOL.


The thing that depresses me most is that you probably won't even believe an analyst like me who has actually researched the system but that is the truly depressing thing about the 'true online community'-


they spend so much time worrying where the next threat will come from they attack the wrong threats with the wrong information..."


interesting that he as a anonymous 80/20 Thinking employee under the pay of Phorm would post such comments.


and hes probably right, would YOU trust any of the so called official PIA report yet to be seen ,being under taken from such a person as this.


his reg post reveals his contempt for the very UK users that he and his company are suposeadly looking out for in this PIA?


if Phorm did in fact pass a RIPA- investigation months ago..


were is the report and its conclusions!


could this so called investigation have been nothing more than calling up some back office clerk in the home office and laying out the Phorm proposal, much the same as we the end users have been sold it, I.E an anti fishing app and adds as a sideline?.


Phorm fires privacy row for ISPs | Media | The Guardian



Phorm's approach, in trying to create a network from the ground up that involves ISPs, advertisers and publishers, is certainly audacious.


But one former employee told the Guardian that this typifies its approach: "I'm used to the culture of smart people, long hours and overall complexity but this was exponentially more true of Phorm.


It was a 'get a Ferrari and lose your sanity' kind of deal."


Adding that Phorm was "very serious" about anonymising data, the former employee noted that the company has been in talks with the Home Office about whether its system would fall under the Regulation of Investigatory Powers Act (RIPA), which is used for surveillance and crime prevention.


But there was also one unexplored possibility about the technology, the ex-employee noted: "The [Phorm] platform clearly has some edge-of-network technologies involved.


It would be entirely feasible for an ISP to allow customers to opt out - and subsequently throttle their service."


its interesting that that former employee gives the impression that infact this so called complex ,secure and personal data removing and indexing app was written under extream presure and time restraints on the promise of some fancy expensive car or other bonus.


hardly inspires the average users confidance that this Phorm codebase inside the profiler and outside, is in any way 100%secure while collecting/processing your data etc is it?

Link to post
Share on other sites

  • 2 weeks later...

its really hard to beleave most of the 200+ readers of this thread havent bothered to post?


is it that you dont fully grasp the importance of this interception, perhaps you just waiting for someone else to make the effort and write it all for you?.


of all the places on the web i really thought this CAG would be a one place you might find some interesting thoughts on the legal side of all this but apparently not.


were are the admins , legal council and law students and why arnt they helping this most important subject?


id go as far as to say its even more important that the UK bank charges fight this site is so instromental in fighting.


many old reders of those threads wil get the basic outline of sending a Data Protection Act, S.A.R - (Subject Access Request), dealing with the Data controllers and data comissioners office etc.


can you the reader, now contribute and we can try and get a definative step by step outlined ,written and put in place to deal with the ISP and Phorm pimping and Piracy of your personal data as many posters in many places elsewere have called it.


as a start, i think surlyBonds exellent step by step for dealing with and understanding the CRAs actions is a VERY good place to start understanding the Data Protection Act, S.A.R - (Subject Access Request) etc actions, and we should use that as our basic template for the ISP action group? changing the CRA etc references for our ISP needs.




you can look up your ISPs data controller address here

Information Commissioners - Data Protection Public Register

Link to post
Share on other sites

I have read as lot about Phorm and its potentially invasive techniques. ISP's who agree to use Phorm's 'webwise' application in my opinion are acting disgracefully.


Phorm's owners changed their name not too long ago. They used to be known as 21 Media. This company wrote items classified as spyware which used invasive techniques to lodge within a persons PC. It was a nightmare to remove from the PC and users who had this on their system likened it to a virus. It was written by some of the same people who are now involved with Phorm's webwise product as it is known.


I urge everyone to educate themselves about this product and form an opinion. I think it contravenes the data protection act. Especially as BT have been performing trials of the product without its customers knowledge. As far as I am concerned this in itself is open to legal action.


When people opt in for this product (and perhaps even opt out), all broadband users data is routed to Phorm's servers located within your same ISP where every bit of the data could be analysed. Of course these ex spyware writers assure us that they will ignore everything we think could be invasive of our privacy in response to concerns.


It is equivalent to your postman opening up every letter you send, analyse the contents and selecting items he considers interesting for future marketing data. The postman (ex spyware master) promises to ignore or forget about sensitive information contained, credit card information etc. because he respects your privacy . Yeah.....

Link to post
Share on other sites

Not so sure the Data Protection Act will come into this at all. The act is in force to protect your privacy, but as we all know, there is no privacy on the internet, and all your communications are broadcast to every part of the world waiting for someone to pick it up.


Everytime you click on the internet your ip is broadcast and is not classed as private, so talking Data Protection Act must prove completely fruitless.


As regards to phorm not likeing the classification of spyware, If something is put onto someones pc without their permission or knowledge and transmits information back to a collection server, then it IS SPYWARE, by whatever name they wish to call it.

Link to post
Share on other sites

Conniff, I tend to agree in parts but I have already sending a letter to Virgin Media quoting Section 11 of the act and informing them of my objections. I certainly hope to find out a little more of their intentions.


The think tank Foundation for Information Policy Research (FIPR) gave a boost to people who think it is wrong by recently saying that intercepting web traffic in the way Phorm intends to, is illegal under the Regulation of Investigatory Powers Act 2000.


I also feel there is a difference between interception of all data at an ISP for marketing purposes (or for any reason good or bad) compared to the cookie driven tracking which I can easily clear from my browser. I hate all forms of on-line advertising. and if my ISP wants to get involved with a company whose past is so 'dubious' well I suppose I will have to vote with my feet.


I liken the proposed system to that of my postman opening all my mail and collating items which are of interest so that garbage junk mail fliers we all get sent, are specifically tailored to my 'perceived' interest. I hate them all anyway!


Of course the postman (ex spyware master) promised not to remember all my personal credit card numbers, bank details etc. ... Yeah

Link to post
Share on other sites

conniff, the head EU data commissioner has stated a few months ago that your IP address is personal data, so it does apply.


heres a overview reminder of the Data Protection Act.


remember people, we have this: tell your friends, use it.

“UK consumers wake up to privacy”

link: http://www.ico.gov.uk/upload/documents/pressreleases/2008/information_rights_press_release_final1.pdf

For a copy of the ‘Data Protection Guide for Dummies’ please go to http://www.ico.gov.uk

Our data protection rights

• An organisation should tell you what it is going to do with your information before you provide any details unless this is obvious


• Your information should only be used for the reason it was collected in the first place (unless you give your consent to your information being used in other ways)


• An organisation should not collect any information which is unnecessary. You only need to provide the basic information which is required to deliver the service required


• Your information should be kept accurate and up to date – if you ask any organisation to make changes to your details, it should do this


• An organisation should not keep your details if they are no longer needed


• An organisation must provide you with copies of all information held on you - if you ask. You can also ask an organisation to stop using your personal information if it is causing you damage or distress or if you wish to stop it being used for marketing purposes.


• An organisation must keep your personal information secure at all times


• An organisation should not transfer your personal details to another country unless adequate data protection arrangements are in place.

and then it goes on to say….


David Smith said: “For any of us to have trust in an organisation we must be confident that our information is held securely and processed in line with data protection rules.


If we all regularly start to ask the right questions then organisations will respond to public demand and take the protection of our personal information more seriously.


If organisations fail to recognise the importance of data protection they not only risk losing business. They could also face action from the ICO.”


theres also the copyright act POV, after all you own your personal (clickstream)data, its your property, to profit from or not as you please, its not your ISPs right to pirate your property is it.


BTW,of all the current Phorm threads on the net this seems to try to collect information,storys and comment, to inform the readers, its by far the longest thread though, so you have your work cut out catching up now.


Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] - Cable Forum

Link to post
Share on other sites

The Open Rights Group : Blog Archive » The Phorm storm

stop the press:

care of the US NY times and LadyMinion at

http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-102.html#post34510801 for first spoting it.



” As you browse, we’re able to categorize all of your Internet actions ,” said Virasb Vahidi, the chief operating officer of Phorm. ” We actually can see the entire Internet .”


The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person’s Internet service provider.”


what do you make of that then, puts a while new meaning to official statments such as


“Phorm technology is groundbreaking because it serves relevant advertising without storing data: no PII no IP address no browsing histories.”


and all the rest, dont you think?.


i wonder what the UK and EU data commissioners and the courts will make of it,to name but three, comments….


remember people, we have this: tell your friends, use it.

Link to post
Share on other sites

Open Letter to the Information Commissioner

foundation for information policy research Open Letter to the Information Commissioner


Richard Thomas

Information Commissioner

Wycliffe House

Water Lane


Cheshire SK9 5AF

17 March 2008

Dear Sir,

We understand that you are investigating the targeted advertising service offered by Phorm through co-operation agreements with BT, Talk Talk, Virgin Media and other Internet Service Providers.


The provision of this service depends on classifying Internet users to enable advertising to be targeted on their interests. Their interests are to be ascertained for this purpose by scanning and analysing the content of traffic between users and the websites they visit.


This activity involves the processing of personal data about Internet users. That data may include sensitive personal data, because it will include the search terms entered by users into search engines, and these can easily reveal information about such matters as political opinions, sexual proclivities, religious views, and health.


Users are apparently to be allocated pseudonyms for some of the processing, but at various processing stages the personal data can be linked to the pseudonym, the pseudonym can be linked to the IP address used, and the IP address can be linked to the user.


Although we understand that this linkage will not be standard operating practice, it can nevertheless be performed.

Many users will also be identifiable from the content of the data scanned, since it will include email sent or retrieved by users of web-based email, and messages viewable by those authorised to gain access to individual pages of social networking sites.


Although some web-based email systems operate using "https:" end-to-end encryption, which would prevent interception, this is far from ubiquitous.


It might be possible for Phorm to configure the service to exclude a handful of the more high-profile web-mail and social networking systems.


But there are no available methods of detecting the tens or perhaps hundreds of thousands of other, low usage, often semi-private systems which currently provide web-mail or social networking in chat rooms or similar environments.


Classification by scanning in this way seems to us to be highly intrusive. We think that it should not be undertaken without explicit consent from users who have been given particularly clear information about what is liable to be scanned.


Users should have to opt in to such a system, not merely be given an opportunity to opt out. We believe this is also required under European data protection law; failure to establish a clear and transparent "opt-in" system is likely to render the entire process illegal and open to challenge in UK and European courts.


It would be specially objectionable if opting out were to depend on the maintenance by the user of a cookie, since many reasonable users regularly clear all cookies; nor should users be expected to opt out by blocking one or more websites, since many may not understand how to do this or may make errors in trying to do so.


Classifying users by scanning the content of their communications involves interception in the sense of s1 and s2 of the Regulation of Investigatory Powers Act 2000.


That is because classification cannot be done without the content being made available to the person doing the classifying. The fact that he does so by the application of machinery which avoids the need for him to read the content is irrelevant -- it is clear, for example, from ss16(1) that material is to be treated as intercepted even before classification or examination and despite the fact that it may not be lawful to examine it.


Interception of communications without the consent of both sender and recipient is an offence under s1. (The exception under ss3(3) -- for things done for purposes connected with the provision or operation of a telecommunications service, which may well permit filtering for viruses and unsolicited bulk email in order to protect the operation of the service -- can have no application to filtering for the purposes of targeted advertising, which is not a telecommunications service offered by the ISPs.)


The explicit consent of a properly-informed user (i.e. one who has been told explicitly that the search terms he uses, and the content of his email and of the social-networking sites he visits, will be among what is used to classify his interests for the purpose of targeted advertising) is necessary but not sufficient to make interception lawful.


The consent of those who host the web pages visited by a user is also required, since they communicate their pages to the user, as is the consent of those who send email to the user, since those who host web-based email services have no authority to consent to interception on their users' behalf.


The need for both parties to consent to interception in order for it to be lawful is an extremely basic principle under RIPA, and it cannot be lightly ignored or treated as a technicality. Even when the police are investigating as serious a crime as kidnapping, for example, and need to listen in to conversations between a family and the criminals, they must first obtain an authorisation under the Act: the consent of the family is not by itself sufficient to make their monitoring lawful.


It has been suggested that web-hosts impliedly consent to the download of their pages, and that it follows that they consent to the interception involved in scanning them for the purposes of classifying the user for targeted advertising services. But even where a web-host does consent to the downloading of his page by a user, we do not accept that this entails any consent to the scanning of that page by a third party.


Moreover, in many cases it is clear that any such consent is expressly or impliedly negatived. In the case of the many pages which are accessible only after registration of the user, access by an unregistered third party is plainly unauthorised (and sometimes expressly prohibited by the conditions under which access is permitted).


In the case of the unlinked web (those pages to which links are not published generally, being provided to closed groups by their host) there is no implied general consent to download, and consent for third party scanning is impliedly negatived by the context.


We therefore consider that even if third party scanning obtains the fully-informed and explicit consent of a user, it simply cannot hope to obtain all the consents necessary from others. It therefore involves unlawful interception; and it therefore cannot comply with either the first or the second of the data protection principles.


Finally, we should mention a note on this subject published by the Home Office in January 2008, of which we assume the Information Commissioner is aware. A senior official of the Home Office has said of this note:

"- the note is not advice, it doesn't claim to be advice, legal or otherwise, it's just a view

-- the note wasn't, and doesn't purport to be, based upon a detailed technical examination of any particular technology."

For the reasons explained above, it is our contention that the conclusions of the Home Office note are wrong so far as they may be thought to apply to Phorm. We hope that the Commissioner will not allow himself to be influenced by them.

Nicholas Bohm, General Counsel

Richard Clayton, Treasurer


Foundation for Information Policy Research

Link to post
Share on other sites

  1. If you are a customer of BT Retail (or of any other BT divisions e.g. BT Business) , Virgin Media or Carphone Warehouse Talk Talk, or any other company that thinks to profile your data for advertising , then you might like to write to them quoting the very clear The Data Protection Act 1998 section 11:

    1. 11 Right to prevent processing for purposes of direct marketing
    2. (1) An individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which he is the data subject.
    3. (2) If the court is satisfied, on the application of any person who has given a notice under subsection (1), that the data controller has failed to comply with the notice, the court may order him to take such steps for complying with the notice as the court thinks fit.
    4. (3) In this section "direct marketing" means the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals.
Link to post
Share on other sites

conniff, the head EU data commissioner has stated a few months ago that your IP address is personal data, so it does apply.


We need to make the distinction between 'personal' and 'private'.


Your IP is indeed personal in that no one else has that IP address, but it is not 'private'. You are given that IP by your provider and every time you go on the net, you tell the site you are visiting what your IP address is, just as your IP is logged by this site.


It can be compared with the address given to you by the Post Office, that is personal to you, and no one else has that address, but you give that address away every time you write to someone.

And it is, of course, published in the electoral register available for inspection at every public library.

Link to post
Share on other sites

Conniff, I don't disagree with you but using the same analogy as before, whether my house address is private or personal, I still don't think it is right to allow my postman to open up all my personal mail and have the opportunity of seeing all my bank details.


If I subsequently find out that this same postman has used 'dubious' methods in the past to do this (aka 121 Media), I certainly hope that some legal act or another protects me from this happening before, now and also in the future.


This is why people have to be educated about this now and fight this product.


The way this product is being put to market is using a well known spyware method of gaining access to your PC. You are promised something (aka Webwise) that will benefit you FOR FREE (anti phishing filters etc) and when download and run the application you could get a lot more potentially harmful things you were not expecting going on behind the scenes.


In the case of Phorm's Webwise you don't even have to download anything, although you can if you so wish! The method used is interception of all your private data with the aid of your ISP.


This is effectively a wire tap and very cleverly promoted by Phorm (aka 121 Media) to make it appear as a benefit to the consumer. I'm am sure Phorm would rather had slipped this in under the curtain. Now they want to be 'open and honest', I wonder why.


Was their nasty PeopleOnPage browser popup when they operated under 121 Media 'open and honest' as well?

Link to post
Share on other sites

I just read the article and hats off to The Guardian.


Obviously when they looked into all the aspects of the system and took off the free rose tinted glasses that was handed to them by Phorm, they have subsequently seen the errors of their ways.


I will renew my subscription.

Link to post
Share on other sites

Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] - Page 146 - Cable Forum


just browsing for legal ruling like you do wink.gif and this turned up , the lost RIPA appeal of Stanford's



Stanford Loses Criminal Appeal


3 February 2006


Stanford Loses Criminal Appeal


Cliff Stanford, the Internet pioneer has recently had his appeal to quash his criminal conviction for intercepting emails denied. Stanford pleaded guilty last year to intercepting emails from his former company Redbus Interhouse – he argued in his appeal that the trial judge had misunderstood the law.


Stanford was the founder of the ISP Demon Internet in 1992 but sold it to Scottish Telecom for £66 million in 1998. It is reported that Stanford made £30 million from the acquisition.


Shortly afterwards Stanford was a co-founder of the co-location and data centre company Redbus Interhouse.


However, Stanford resigned from the company in 2002 after disagreeing with the Chairman Jonathan Porter.


In 2003 allegation started to be made as to whether Stanford was involved in the interception of email between Porter and his month Dame Shirley Porter. Stanford and another man were later charged under the Computer Misuse Act and the Regulation of Investigatory Powers Act 2000 with a trial date set for September 2005. However, both men pleaded guilty to the offence shortly before the case went to trial.


Peters & Peters solicitors for Stanford were reported to have released the following statement:


"Mr Stanford pleaded guilty to this offence following what we regard as an erroneous interpretation of a very complex new statute. The Judge’s ruling gave Mr Stanford no option other than to change his plea to one of guilty."


Apparently, the legal team for Stanford intended to establish his innocence on appeal. However, this has had a severe drawback. He lost.


The Regulation of Investigatory Powers Act 2000 provides a defence to an individual who intercept a communication in the course of its transmission from a private telecommunication system, if they can establish:


a) that they are entitled to control the operation of the system; or


b) they have the express or implied consent of such a person to make the interception.


Stanford relied on the position that he had gained access to the emails through a company employee. The employee apparently was given access to usernames and passwords on the email server.


Therefore, Stanford argued, he was entitled to access the emails as “a person with a right to control the operation or the use of the system”.


Geoffrey Rivlin QC, the trial judge had a different view. He pointed out that

“right to control”

did not mean that someone had a right to access or operate the system, but that the Act required that person to of had a right to authorise or to forbid the operation. [that mean YOU users as the owner of the data]


Stanford appealed the judge’s decision. However, the Court of Appeal upheld Rivlin’s view. It pointed out that the purpose of the law was to protect privacy. Therefore Stanford’s sentence of 6 months imprisonment (suspended for two years) and a fine of £20,000 with £7000 prosecution costs

were upheld.


Daniel Doherty


Share what you know. Learn what you don't.wink.gif

Data Protection Public Register


Link to post
Share on other sites


  • Recently Browsing   0 Caggers

    No registered users viewing this page.

  • Have we helped you ...?

  • Create New...