FIPR calls on Home Office to withdraw misleading advice on Phorm
The Foundation for Information Policy Research (FIPR) has today sent the Home Office in-depth legal analysis [pdf] of the Phorm behavioural advertising system. The analysis has been produced by FIPR’s General Counsel (and ORG Advisory Council member) Nicholas Bohm, and complements the technical analysis produced by Richard Clayton earlier this month [pdf]. The analysis shows that Phorm’s systems involve interception of communications contrary to the Regulation of Investigatory Powers Act, fraud, contrary to the Fraud Act, and therefore unlawful processing of personal data, contrary to the Data Protection Act. It states that individual directors and managers of the Internet Service Providers involved could be criminally liable for these offences, if roll out of Phorm goes ahead.
FIPR want the Home Office to withdraw informal advice they issued in February, which FIPR say wrongly concluded the system is lawful, creating “an obstacle to the just enforcement of the law”. At the public meeting attended by Phorm and their critics last week, Simon Davies of 80/20 Thinking Ltd identified the legality of Phorm under RIPA as a legitimate issue, but urged participants not to get bogged down in a question which, in the end, can only be decided in a court of law. Hopefully, FIPR’s legal analysis will bring UK citizens one step closer to an answer to the question “Is Phorm legal?”. As Richard Clayton observes:
“The Home Office’s superficial analysis said that the system would be lawful. Given their batting average at the High Court, relying upon their opinion was always unwise - this new paper spells
out the errors they have made, and makes it essential that their report is withdrawn.”
Previous posts on Phorm:
April 23rd, 2008 at 7:59 pm
[...] http://www.openrightsgroup.org/2008/04/23/fipr-calls-on-home-office-to-withdraw-misleading-advice-on... Posted in Uncategorized. [...]
April 24th, 2008 at 2:52 am
Nicholas Bohm and his colleagues deserve congratulation for the effort they have put into producing this paper to make their arguments clear, straightforward and comprehensible.
April 24th, 2008 at 5:41 pm
Another update to this Saga.
http://www.theregister.co.uk/2008/04/24/home_office_phorm_fipr_bt/
April 24th, 2008 at 6:24 pm
Just looking at the Graph for Phorm Share Dealing over the past year, given the Two Spikes, during the BT covert tests & just before the announcement of possible deals, gives me a strong sense of Insider Trading!
I could be wrong but given their apparent track record???
April 25th, 2008 at 10:12 am
The Hype!!
http://www.capmarkets.com/ViewFile.asp?ID1=236930&ID2=226023989&ssid=2&directory=9344&bm=0&filename=PHRM_230408.pdf
April 25th, 2008 at 5:33 pm
Analysis of the Phorm (Webwise) & Nebuad systems, are not as Rosy as may at first be assumed!
If these systems, despite the Severe Privacy, Data Protection & Fraud Issues, manage to get approval, they would appear to be a fairly short lived prospect.
I will elaborate.
First Commercial Websites, not wishing to be an OIX partner & who wish to protect their advertising space will SSL Certificate their Websites.
Social Websites will inevitably follow suit to also protect their clients confidentiality.
Private & Business Websites will also follow suit to protect Copyright & Trade Secret Issues.
Museums, Government Sites, Libraries, would also need to SSL in order to protect against Copyright Infringement.
Other Advertising Groups of course will not stand idly by & will lobby for more stringent regulation & at the same time alter their own systems to make them much more robust!
Security Groups will find ways to block or impede the gathering of such data, in the manner proposed!
As a result over a few years the ISP & Phorm would then once again be in a poor business model Scenario!
Society would be the Main Loser, due to the Loss of the necessary, Privacy, Data Protection & Fraud Laws which are at this time still in place!
April 27th, 2008 at 5:51 pm
According to Phorm & FIPR this system leaks UID details when connected to a HTTPS/SSL Website, this enables any unscrupulous Website owner to gather the UID & depending on the Website setup, link it to an individual IP or any E-mail Address which may have been provided.
This in itself makes the Whole System flawed from a Privacy, Data Protection Prospective 0r Fraud Prospective Angle!
This is irrespective of the Wire-tap imposed on the Customer, without due Consent of Law, where both parties need to consent or Proper Legal Process for any wrong-doing has been observed!
May 9th, 2008 at 2:19 pm
http://www.theregister.co.uk/2008/05/09/rowling_privacy_ruling/
If Private data is processed then such Data “does” become part of the D.P.A when it is published without express permission!
May 14th, 2008 at 4:47 pm
The Problem is if D.P.I Interception is deemed legal then it is also Open House for everyone else to use!
http://arstechnica.com/news.ars/post/20080513-hackers-used-packet-sniffers-to-filch-credit-card-data.html
June 5th, 2008 at 3:44 pm
[...] internal BT report on their trials of the controversial Phorm advertising system has been leaked. Alexander Hanff of the No DPI blog has the details: I recently acquired an [...]