EU Investigates Phorm's UK ISP Advertising System

MJackson writes "The European Commission has opened an infringement proceeding against the UK after a series of complaints by Internet users, and extensive communication with UK authorities, about the use of Phorm's behavioural advertising system, which uses Deep Packet Inspection (DPI) technology, by internet service providers. Phorm works with UK ISPs to monitor what websites you visit for use in targeted advertising campaigns, though its methods have raised more than a few fears about invasions of privacy. Similar services in the USA have caused an equal level of controversy."

Re:Google

[oobayly]

Ah, the most common argument for Phorm.
Difference is that you can chose not to use Google. If your ISP decides to do this you'll be opted in by default, and every time you delete your cookies, you'll be opted in again. We're not even sure that by opting out makes your traffic bypass Phorm's servers.

What's even worse is that the tax payer will pay the fine, not BT & Phorm. As usual the Criminal Protection Service, ahem Crown Prosecution Service has fucked the general public in favour of keeping Ministers friends on-side.

Sad this is that Brussels is better at looking out for us than Westminster.

Re:Google

[arkhan_jg]

Google only records what information you give them when you use their services directly; when you search on google or use gmail or the like. The EULA for the service explains what is done with your data. This is explicitly allowed under the Data Protection Act (as it should be - otherwise apache logs would be illegal!) once you leave their site though, the logging ends.

Phorm collects detailed information on all your browsing traffic without your knowledge or consent, and then shares it with third parties, again without your knowledge or consent - take the BT trial, where people didn't even know it was running, let alone opt-in.

There's a good argument that Phorm breaches the Regulation of Investigatory Powers act here; as a non-governmental body (i.e. not specifically authorised to intercept traffic) they don't have the right to intercept and record the traffic of users without it being explicitly opt-in - it can even be argued that such recording requires the opt-in of both parties, i.e. the websites that people visit need to agree too.

Depending on what they do with the data specifically, and who it gets passed to, they may well be in breach of the Data Protection Act too.

ISPs have to record certain communications information under the Interception Modernisation Program, to be provided upon request to local and national governmental bodies. Phorm definitely doesn't qualify under that either.

Re:Google

[AmiMoJo]

Someone should go to jail for this, but no-one will.

Someone should go to jail over the guy being shoved, beaten and eventually dying near the G20 protests, but no-one will.

Someone should go to jail over the Jean Charles De Menezes murder, but no-one will.

Someone should go to jail over the various rail crashes due to poor maintenance or negligence, but no-one will.

Someone should go to jail over the war started on the basis of a dossier compiled from plagiarised articles on the internet, but no-one will.

The list goes on, but somehow no-one in a position of responsibility is ever responsible.