Slashdot Mirror
EU Investigates Phorm's UK ISP Advertising System
MJackson writes "The European Commission has opened an infringement proceeding against the UK after a series of complaints by Internet users, and extensive communication with UK authorities, about the use of Phorm's behavioural advertising system, which uses Deep Packet Inspection (DPI) technology, by internet service providers. Phorm works with UK ISPs to monitor what websites you visit for use in targeted advertising campaigns, though its methods have raised more than a few fears about invasions of privacy. Similar services in the USA have caused an equal level of controversy."
Ah, the most common argument for Phorm.
Difference is that you can chose not to use Google. If your ISP decides to do this you'll be opted in by default, and every time you delete your cookies, you'll be opted in again. We're not even sure that by opting out makes your traffic bypass Phorm's servers.
What's even worse is that the tax payer will pay the fine, not BT & Phorm. As usual the Criminal Protection Service, ahem Crown Prosecution Service has fucked the general public in favour of keeping Ministers friends on-side.
Sad this is that Brussels is better at looking out for us than Westminster.
"Yes it's very similar to what Google does."
Businesses (like Google and Phorm) are mercilessly exploiting personal data on us all (for their own gain) to the point now its turning into a feeding frenzy and the law isn't changing fast enough to keep up and close down these relentless power grabs. (Also it is about power, as monitoring and profiling like this is a very powerful way to abuse so much information on so many people. Thats why governments also want to be part of this feeding frenzy for personal data, as they also gain by exploiting data on people for their own gain. Its also why they are very reluctant to make laws to ban such merciless exploitation. It takes time to force governments to listen to their people. In the mean time, businesses are showing they have utter contempt for peoples personal data.
There are 10 kinds of people in the world... those who understand binary and those who don't.
I'm still reading all the essays Canada's deep packet inspection education site, but this one seems very topical:
Objecting to Phorm
Bonus - Phorm's 'essay' submission (but more like marketing drivel):
Phorm: A New Paradigm in Internet Advertising
Allowing Phorm to do their thing has awful consequences. We're already in the process of having every phone call, text and email logged in a massive "just looking for terrorists, nothing to worry about" database.
Once a private company is able to execute DPI without your explicit consent, purely for profit, what's to stop the government from doing the same "for everyone's protection"? Surely that's a more worthy abuse of your right to privacy...?
Slippery slope? We're about to hit bottom, ladies & gentlemen.
Meta will eat itself
Google only records what information you give them when you use their services directly; when you search on google or use gmail or the like. The EULA for the service explains what is done with your data. This is explicitly allowed under the Data Protection Act (as it should be - otherwise apache logs would be illegal!) once you leave their site though, the logging ends.
Phorm collects detailed information on all your browsing traffic without your knowledge or consent, and then shares it with third parties, again without your knowledge or consent - take the BT trial, where people didn't even know it was running, let alone opt-in.
There's a good argument that Phorm breaches the Regulation of Investigatory Powers act here; as a non-governmental body (i.e. not specifically authorised to intercept traffic) they don't have the right to intercept and record the traffic of users without it being explicitly opt-in - it can even be argued that such recording requires the opt-in of both parties, i.e. the websites that people visit need to agree too.
Depending on what they do with the data specifically, and who it gets passed to, they may well be in breach of the Data Protection Act too.
ISPs have to record certain communications information under the Interception Modernisation Program, to be provided upon request to local and national governmental bodies. Phorm definitely doesn't qualify under that either.
Remember kids, it's all fun and games until someone commits wholesale galactic genocide.
Quite some time ago, i wrote to my local MP regarding this. Specifically, I asked him to back an early day motion opposing Phorm (The Register were running the details at the time).
He wrote back saying that many people didn't realise exactly how the system worked and that supporting this motion would do no real good, but that instead he would question the Cabinet directly. As a result, some time later I had a reply from the Cabinet Minister under whose remit this fell.
And that reply was awful.
Essentially it was Phorm's press release. Not even regurgitated - the documents were straight from Phorm. There was clearly no understanding from the Minister involved what was actually being proposed, and the whole attitude smacked of "there there little one, look - the nice company here has promised they're not doing anything wrong". They'd clearly never even really considered it properly. The Information Commission too was at that time pushing the notion nothing was wrong, a stance they've clearly had to back-pedal on in the face of the E.U. pressure.
Next time I think I'll cut out the middle man and go to the Commission directly. Says nothing good about the state of our democracy, does it? An unelected quango in the Commission does the investigative work, whereas the actual democratic representatives completely ignore voter's enquiries and fob them off with press releases.
Mind you, well done to my local MP for taking the correct action in getting me a response from literally the highest level available on the subject in the UK.
Cheers,
Ian
I'm extremely concerned by Phorm.
Effectively it gives the ISP the ability to remove the adverts that fund 60% of our costs and replace them with adverts for which they would receive the entire revenue stream.
My site is funded by adverts (60%) merchandise (30%) and donations (10%).
I'm fairly sure that the community would step up and purchase more stuff and donate more, but I don't think it's realistic that this could be sustained, whereas the advertising revenue is reasonably constant.
I believe that if Phorm becomes ubiquitous that I would have to question seriously how to find the website, and would probably have to remove all adverts and to seek to have the costs covered exclusively through other means. As I'm unsure of the feasibility of this, I would have to say that in my case the loss of that revenue would threaten my ability to continue running the site, especially under the risk of redundancy in the near/mid future.
I've already implemented the Phorm opt-out cookies, and written to my local MP (who couldn't care less from the generic response I got), so it's great to see the EU step up where the UK seems to have failed.
Someone should go to jail for this, but no-one will.
Someone should go to jail over the guy being shoved, beaten and eventually dying near the G20 protests, but no-one will.
Someone should go to jail over the Jean Charles De Menezes murder, but no-one will.
Someone should go to jail over the various rail crashes due to poor maintenance or negligence, but no-one will.
Someone should go to jail over the war started on the basis of a dossier compiled from plagiarised articles on the internet, but no-one will.
The list goes on, but somehow no-one in a position of responsibility is ever responsible.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC