Slashdot Mirror
UK ISP Admitted to Spying on Customers
esocid writes "BT, an ISP located in the UK, tested secret spyware on tens of thousands of its broadband customers without their knowledge, it admitted yesterday. The scandal came to light only after some customers stumbled across tell-tale signs of spying. At first, they were wrongly told a software virus was to blame. BT said it randomly chose 36,000 broadband users for a 'small-scale technical trial' in 2006 and 2007. The monitoring system, developed by U.S. software company Phorm, formerly known as 121Media, known for being deeply involved in spyware, accesses information from a computer. It then scans every website a customer visits, silently checking for keywords and building up a unique picture of their interests. Executives insisted they had not broken the law and said no 'personally identifiable information' had been shared or divulged."
BT is not "an ISP". British Telecom was for a very long time monopoly holder on telephone lines in the UK and still the gatekeeper for all ADSL access there. They have a market cap of 35 billion and their revenue just about puts them in the top ten telecoms companies in the world.
In my personal experience their service has been bad enough that they're almost as bad as their competitors. Given their history, it's not surprising if they've overstepped their bounds ... they're used to being in charge, after all.
Why on Earth wouldn't BT just do this on their side of the connection? EVERYTHING that the user gets goes through their pipes, their routers. Just install some monitoring hardware+software and be done with it. There doesn't seem to be any logical reason to do this on a users computer. That's just plain stupid.
The only difference is that you don't have access to encrypted data and "other applications" installed by the user. The stuff they claim to have logged and analyzed is more easily obtainable from their own side.
Not a dupe at all. The article you reference is about an ISP that tracks for the purposes of advertising and lets the customer know. This, on the other hand, is the ISP snooping on traffic without notifying anyone and lying to someone when they ask about it. It's the difference between consensual sodomy and what happens in prisons. It's also a dumb move on the ISP's side, because they're doing something to people that is rightly linked with illegal and shady practices.
The parent is correct. BT was the state-run telecom monopoly in the UK, and was converted into a private monopoly in 1984. Not much of an improvement, but at least it finally allowed for the possibility of competition arising, however slim.
.... that if you are online someone is watching you.
BT's ADSL internet service seems to be one of the worst in the UK. Unfortunately since they have a long history of providing landline connections in the UK, many people assume they must be a worthy internet provider also - not so. I'd recommend UK Slashdotters look at This ADSL ratings site for more personal citations of BT's (and other providers) service.
"I bless every day that I continue to live, for every day is pure profit."
This has been bubbling under for a few weeks, but really broke badly in the past couple of days.
Essentially they appear to have broken the Regulation of Investigatoy Powers Act (RIPA) by performing an unauthorised interception of a communication over telecommuncations infrastructure.
No word yet on legal action, although several MP's are kicking up a fuss about it.
BTW BT are the only ones who have confessedd to doing this so far, the other ISP's haveeither kept schtum, or muttered paltitudes like we will wait and see
BT is the equivalent of Bell/AT&T in the US. It's impossible to sue them into oblivion. The best you can hope for is that one of the sub-sub-sub-sub-sub-CEOs gets a slap on the wrist and won't be invited to the next golf tournament.
The summary of the story doesn't emphasise the point that the spying test was just a small trial, and that Phorm is actually coming directly to the UK.
3 of the major UK ISPs: Virgin Media, BT and Talk Talk are getting all ready to implement and bring in Phorm. More information and details are available at the useful website BadPhorm: http://www.badphorm.co.uk/
Thousands and thousands of UK users are going to be subject to this inescapable violation of their privacy with little to do about it. There is an opt-out cookie, but this does not prevent the fact that the users browsing still goes through the Phorm servers. Would you be happy with all your internet browsing going through a third party server, let alone one owned by an advertising company that wants to profile you and "see the whole internet" (Reference: http://www.badphorm.co.uk/news.php?item.30.3 ) through your browsing history.
There is lots of interesting discussion going on about this, particularly at Cable Forum by Virgin Media users, who are going to be thrown into this spying (Link: http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html )
A fast growing petition to the UK government on the governments website is nearing 10000 signatures, and just shows how many people do not want this to happen (Link: http://petitions.pm.gov.uk/ispphorm/ )
This may not concern many people in the US, or people on the smaller ISPs in the UK - but the worrying thing is, other ISPs are already saying that they are going to watch the results and see if the ISPs can get away with it - if they can, they will likely pick it up to. And your ISP might do too!
Why do you (and so many others) trust google?
1) I use Google to search, very often 2) I watch their tech talks, often 3) I am starting to use their free apps Google is offering great value gives me services that greatly enhance my life. Plus, I signed up for this. These other jokers are stealing that information without my permission and offering me nothing in return. If ISPs need more money they can ask me for it.
They have defended our rights where others have not.
They are also relatively honest and havent done anything immoral in regards to privacy to date.
IANAL but the UK law covering this is the Computer Misuse Act and more recently the European Convention on Cyber Crime.
As I read it BT are guilty under CMA 1(1) which relates to unauthorised access to any program or data held in a computer. Whether the information checking is done on the computer or the ADSL hub it is a violation. With regard to the Convention on Cybercrime they appear to be guilty under Articles 2, 3 and 6.
I hope someone sues their buttocks off.
Python coder | PyQt Applications | Writer
Google at least gives you a reach around. Gmail has some nice features and I now have over 6.5 GiB of storage and counting. I use iGoogle to organize my most viewed sites with access to all the other Google features/tools/apps. Am I worried abut personal my personal info, shit, the IRS has it all from the late 50's, the FBI has it from the 60's (military secret clearance), the Veterans Administration from the 70's, employers, banks, the post office, state licensing agencies, mortgage companies, title companies, utilities you name it. Sure, I try to guard it as best I can but...
I linked this in another post in this thread.
The Home Office made available their views on whether phorm's user-profile-based tracking is legal w.r.t. the interception of communication legislation.
" Targeted online advertising services should be provided with the explicit consent of ISPs' users or by the acceptance of the ISP terms and conditions. The providers of targeted online advertising services, and ISPs contracting those services and making them available to their users, should then - to the extent interception is at issue - be able to argue that the end user has consented to the interception (or that there are reasonable grounds for so believing)."
And:
" Targeted online advertising can be regarded as being provided in connection with the telecommunication service provided by the ISP in the same way as the provision of services that examine e-mails for the purposes of filtering or blocking spam or filtering web pages to provide a specifically tailored content service."
Finally:
" Targeted online advertising undertaken with the highest regard to the respect for the privacy of ISPs' users and the protection of their personal data, and with the ISPs' users consent, expressed appropriately, is a legitimate business activity. The purpose of Chapter 1 of Part 1 of RIPA is not to inhibit legitimate business practice particularly in the telecommunications sector. "
If the ISP has put the tracking details into the TERMS and CONDITIONS and the user has OK'd the tracking, then the tracking is legal.
Here is the original article of the Home Office on Phorm.
What i don't know at this time, is whether BT does list the tracking in the T&C....
Cheers.
Yet Socrates himself is particularly missed.
A lovely little thinker but a bugger when he's pissed.
BT phone home.
1) because i get something back, in exchange for tracking me, they get more data about what i want and their searches are more tailored.
2) because they dont charge me, in exchange for good search results they track me and give me non intrusive ads.
3) because its very easy to switch, if they change their privacy policy im not tied to searching with them for another 6-12 months
4) because they do good stuff with the money ( FF, SOC, etc)
5) because theyre geeks, the main way the information is mis used is if somebody hacks in and steals it, i doubt this will happen with google, but after BT pushed out insecure linux routers to thousands of homes, i cant say id have faith.
5) be
IranAir Flight 655 never forget!
>Cable customers get phone and internet without even going near BT.
Not every area has cable. Until last year I lived in deepest, darkest Glasgow (a small hamlet in Scotland). We couldn't get cable in our area (another part of Glasgow I lived in previously got NTL cable). Interestingly, Cable & Wireless had a call-centre just down the road from us; a friend of mine worked there and said that neither C+W or NTL had any intention to roll out more cable to "old" areas; they were consolidating and the only new connections would be to newbuild apartments.
>they're not cheap and has been mentioned service is fucking gash (yes I dialled 13 different numbers in one day just to get me away from them).
Pah, that's nothing! I spent 2 hours in a queue once when I was moving to a new house with cable (in the NTL area mentioned above) and wanted to be rid of BT forever. Eventually I got to the top of the queue, and they dropped me back to the start. Long after I'd moved - having settled my bill completely - they sent me a final demand for line-rental for the 3 months *after* I'd moved; I sent them a shitty letter back, and bizarrely they sent *me* a cheque... I have no idea why they suddenly decided they owed me money.
This is where the serious fun begins.
BT as an ISP failed it's customers at just about every level imaginable. Not only they infringed on privacy of it's customers, but it was apparently done deliberately and on a grand scale. I haven't found direct reasoning behind these actions, but spying on customers and citizens is nowadays "covered" by the omnypotent argument, that there's a ongoing "war on terror". I just wonder what happends next in the name of the fight against terrorism?
Google can't be trusted....I think it's stupid to store your most sensitive emails, conversations, and documents, on someone elses property. Use scroogle over an SSH tunnel, tor, or freenet. Any centralized organization that collects even the most unimportant data in mass amounts can turn that data into established paterns, habits, etc. Information they do NOT need to know about you. Augementation > Algorithm.
Trying to install linux on my microwave, but keep getting a kernel panic...
There was nominal breakup of BT, though not into regional "baby bells". BT Broadband, the ISP in TFA, could be sued (or more likely regulated) out of existence and the rest of the telecoms network (most importantly - BT Openreach (last mile), BT Retail (telecoms), BT Wholesale (bulk services, including ADSL provision)) would carry on. Openreach and Wholesale are the bits with a near-monopoly on the last mile and national network and are heavily regulated to provide open access to other providers. BT Broadband is a customer of Openreach and Wholesale and receive no preferential treatment over other providers like Tiscali or Carphone Warehouse. Thus it's not impractical for them to be shut down and their customer base moved to other providers. Tiscali are of similar size to BT Broadband and are currently looking to sell their customer base and Carphone Warehouse bought AOL's substantial subscriber base not too long ago, so it would be far from unprecedented. I doubt it'll happen, but not because it's not possible.
Chernobyl 'not a wildlife haven' - BBC News
Actually they didn't lie when asked. The help desk told that guy he had spyware. This is true. They just didn't mention it was theirs.