Industry TrendsInternet

Phorm Whips Up Privacy Storm

By May 5, 20095 Comments

The new online technology used by Phorm has created quite a stir and has upset advocates of user privacy. All the negative publicity has the company up in arms and representative for Phorm (who has requested not to be named!) has replied to our original post. His feedback has been shared here.

This new technology ‘keeps track of’ the websites that users visit, if their ISP has signed up with this service.

Feedback: The representative says, “Phorm does not view or store the sites users visit. Phorm uses technology that has been built from the ground up to avoid any information that might identify a customer personally. Phorm’s system stands out from other online advertising systems in that it does not store your browsing history, IP address, or any personally identifiable information. The unique design of Phorm’s technology ensures that consumer privacy is protected and that, even under compulsion, no personally-identifying data or detailed browsing data can be retroactively provided to anyone.”

While it is a good thing that Phorm does not, at present, identify users individually, that does not change the fact that it tracks user activity, which many would consider to be spying.

But this is being done without the express consent of the users. BT admitted to using this technology without asking for its users’ consent initially. The BT trial, called Webwise, ended in 2008.

Feedback: According to them, “Phorm offers a clear consumer choice. Before any ISP launches Phorm’s service they will evaluate several different approaches to opt in and opt out and decide what best suits their customers. Whatever the format, users will be provided with clear details on what the service offers, and how it works, so that they can make an informed choice as to whether to participate. The most recent BT trial was conducted on a completely opt in basis.”

Tracking user interests helps the service provider to serve better targeted and more relevant ads to the customer in future, thus keeping the customer happy and helping the service provider to generate more revenue.

Phorm’s service is not very different from Google’s own ad and organic search results delivery service. Google can track a lot more sensitive information, including content not found directly through a Google search. However, Google is a much loved brand and hence gets away with a lot more “evil”.

According to the BBC, the UK Home Office has been accused of ‘colluding’ with Phorm.

A spate of messages have been exchanged between the Home Office and Phorm since August 2007, in which Phorm asked the Home Office if they have no objection to this technology, while the Home Office asked for more information about it, ostensibly to better understand public safety considerations and legal obligations. They have denied giving any advice to Phorm about possible criminal liability.

Baroness Sue Miller, Liberal Democrat Spokeswoman on Home Affairs however, says, the Home Office was interested in this technology to help with their agenda of counter terrorism.

Phorm’s Chief Executive, Kent Ertugrul however, says, the Home Office has only given an ‘informed opinion’ on the matter.

In the meantime, the BBC reports that the European Commission has started legal action against Britain, for allowing the use of this technology, following complaints about this service being used on BT, without user consent.

Feedback: Their spokesperson points out, “Phorm’s technology can be operated in a manner that is legally compliant with UK legislation and relevant EU directives. This has been confirmed by BERR and by the UK regulatory authorities. Consistent with UK and EU legislation, and in anticipation of any changes that may be made to the law in the future, our system offers unmissable notice and clear and persistent choice to consumers, a choice that is head and shoulders above current internet standards. The EU Commission announced infringement proceedings against the UK Government concerning the alleged failure of UK legislation to conform in certain respects with EU e-privacy and personal data protection rules. This is a matter for the Commission and the UK Government to discuss.”

The results of this matter, of course, remain to be seen.

British officials had said, last year, that Phorm conformed to European data laws. As can be seen in their feedback above, Phorm says its technology is “fully compliant with U.K. legislation and relevant E.U. directives.”

EU’s Telecom Commissioner, Viviane Reding however said, “Britain needs to change its laws to ensure proper sanctions to enforce E.U. confidentiality rules.”

If the UK does not voluntarily do so, Reding could take matters to the European Court of Justice, which would then have the final say in the matter.

Several individuals and organisations that advocate user privacy have approved of the European Commission taking an active interest in the matter.

To tell their side of the story, Phorm has created a website that attempts to rebuild its reputation, demistify the technology and clarify rumours that are currently being spread against the company.

Stop Phoul Play

5 Comments

  • big mistake says:

    whahahahah! stopphoulplay is a joke – it’s done nothing but further wreck phorms already dodgy reputation! the tweets are hilarious: http://twitter.com/#search?q=stopphoulplay

  • HamsterWheel says:

    Alex – shouldn’t you be paying that $45,000 fine for copyright infringement instead of pretending to care about privacy ?

  • Policywatcher says:

    “HamsterWheel Says:
    Alex – shouldn’t you be paying that $45,000 fine for copyright infringement instead of pretending to care about privacy ?”

    I see that the snide pro-Phorm campaign against those pointing out the way that Phorm and the UK government failed to protect our privacy, for profit, is in high gear.

    I note also that the somewhat mendacious claim that Phorm is no worse than Google, is still being trotted out.

    Google tracks only where you visit sites that are using google tracking, or reached by using google search. And google’s server spiders clearly identify themselves to site owners, and can be blocked using the ROBOTS.TXT file or equivalent tags.

    Phorm tracks your entire internet access, and refuses to identify their spider to site owners.

    Phorm is not, as some claim, equivalent to standing outside the shops in the high street handing out leaflets… it is the equivalent of following you all day into and out of every shop you enter, listening to your conversation with the shop-keepers (whose consent has not been obtained), and then handing out leaflets based on the results of that snooping.

    Interestingly, even under RIPA, IOCA and all the other mistaken recent legislation, the government obtain data on your web access beyond the basic of which sites you access

    Phorm’s system also spiders the websites – their failure to provide (and honour) a unique identifier for their spider means that there is no way for the shop-keeper to prevent them scraping the site’s content short of blocking all search engines – a clear refusal by Phorm to allow a simple and informed opt-out by the shop-keeper.

    Finally, when the accusations of dishonest behaviour by Phorm’s opponents are noised about, let’s remember the background of Phorm’s originators, in 121Media – their previous attempt at performing user tracking… by installing products classed as SPYWARE (http://www.f-secure.com/sw-desc/peopleonpage.shtml) and ROOTKITS (http://www.f-secure.com/sw-desc/apropos.shtml) on users’ machines with deliberate mechanisms to prevent users from removing them.

    Finding that these mechanisms were increasingly coming under legal pressure, they’ve changed tack (slightly) and are now trying to perform the same kind of abusive tracking, but bypassing the need to install spyware directly in the user’s machine.

    But since the intended effect – snooping on a conversation between two people, with no informed consent by one of them – remains the same, their nasty little operation remains just as abusive and intrusive as ever.

    Oh – and when it comes to snidey comments in copyright, it may be that http://www.phormdesign.co.uk/
    may feel that phorm has a case to answer….

    My final thought is this – the “stopphoulplay” site does indeed “rebuild phorm’s reputation” – but it doesn’t change it.

    It merely builds up the fact that we are dealing here with a company that thinks that it has the God-Given right to monitor other people for profit, and which turns dowright nasty when other people question the morality and legality of that business model.

  • phormaverse says:

    One hardly needs to say anything about phorm – just let people go to their newest website Stop Phoul Play and judge for themselves, by following the various links, and actually checking out the stories behind each “truth” claim. At least – the ones that havent’ had to be taken down – like the ones about BBC, ORG, the No.10 Petition site managers, the Department of Culture, Media and Sport, and Dr Richard Clayton of Cambridge University. Presumably those organisations can brief the appropriate lawyers, and bring Phorm to heel. Not so the private individuals who are still smeared on the site.