call +44 20 7096 1079
March 22, 2009 | Jim Killock

Open Letter - Call for major websites to opt out of Phorm

Open letter, sent to Chief Privacy Officers or equivalent at:

(i) Microsoft (ii) Google / Youtube (iii) Facebook (iv) AOL / Bebo (v) Yahoo (vi) Amazon (vii) Ebay

Dear Sir / Madam,

We are writing this open letter to you to ask you if you will act to protect your users' privacy.

We are asking you to exercise your ability to opt out of the Phorm system, that is planned to be rolled out in the near future under the "Webwise" brand by BT, Virgin and TalkTalk, the three largest UK ISPs.

You may already be aware of the very significant concerns being expressed by many of your UK Internet customers about the interception and processing of their data whenever it is viewed by customers whose ISPs deploy the Phorm/Webwise system.

This was recently highlighted in a widely reported meeting held in Parliament, hosted by Baroness Miller, at which Sir Tim Berners-Lee, the inventor of the World Wide Web, made a firm stand against technologies which 'snoop' on the Internet, because of the highly sensitive nature of those communications.

Further demonstrations of the worries about Phorm include over 21,000 members of the public signing a petition against Phorm’s deployment:

<http://petitions.number10.gov.uk/ispphorm/>

We believe that many of your customers will feel exactly the same way. They may be using other Internet providers, but the information they put on your website may well be viewed by them as personal, and they will not wish it to be read and stored by third party technologies.

Even where your customers are using Phorm / Webwise ISPs, we are entirely unconvinced that the information they are given will ensure that they give 'informed consent' to the processing of all the data they send to and receive from your website.

Additionally, you may have concerns of your own; that a third party will be processing the contents of your website, without asking your permission, in order to construct profiles of your customers.

You may already be aware of our view that the Phorm / Webwise system is illegal. Communications cannot be lawfully intercepted, as this system does, without the informed consent of both the sender and receiver. The system will make copies of copyright material without permission, a further unlawful activity. Also, by forging extra 'tracking' cookies in your name, it may well bring your own system into disrepute.

We strongly believe that it is clearly in your company's interest, it is in the interests of all of your customers, and it will serve to protect your brand's reputation, if you insist that the Phorm/Webwise system does not process any data that passes to or from your website.

You may well wish to reserve the right to take legal action on your own account. However, Phorm have announced an alternative and relatively simple way of taking action, in that it is possible to "opt out" of their system by simply sending an email to website-exclusion at webwise.com.

They provide full details at: <http://www2.bt.com/static/i/btretail/webwise/help.html#how-do-i-prevent-webwise-from-scanning-my-site>.

While we recognise that an "opt-out" is an entirely second-rate way of dealing with this problem, we would strongly urge you to take advantage of it, in order to immediately reduce the risk of harm to your company and to your customers.

Making your decision public will provide reassurance to your customers, and will help them retain confidence in your brand, as well as in the integrity of the Internet as a whole.

We therefore strongly urge you to exercise your ability to "opt out" as soon as possible, and declare publicly to us and to your customers that data sent to and from your website will not be snooped upon by the Phorm/Webwise system.

Yours faithfully

Jim Killock, Executive Director, Open Rights Group

Richard Clayton, Treasurer, Foundation for Information Policy Research

Alexander Hanff

Pete John

 

google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail


Comments (34)

  1. Pamela:
    Apr 16, 2009 at 12:49 PM

    We are constantly reminded that piracy causes the British industry millions each day.

    We are constantly reminded about Data protection each day, which incidentally I agree with, why then is this company allowed to proceed.!!!

    The public have expressed concerns around web technology lately and here I am thinking of the new Google offering which can show you the vision of your house allbeit with certain parts omitted. I use the same arguement here that in the wrong hands this technology can be very dangerous whether this is Google or Phorm.

    Piracy on software is rife how does anyone know whether Phorm hasnt already been pirated? How does anyone know this isnt already in use?? the answer is WE DONT!!

    Thats the issue and jerein lies the problem. If this goes ahead there will be public outcry and the paying public may decide that they can live without WWW .

    Interested to head anyone elses comments

  2. View From Planet Jamie » Blog Archive » A Few Facts About Phorm For Newcomers:
    Apr 28, 2009 at 12:32 PM

    [...] Despite the question marks over “Webwise’s” legal status, Phorm wants to press ahead with its implementation.  So the Open Rights Group wrote to some of the largest websites out there asking them to opt-out of the “Webwise” .... [...]

  3. Paul J. Lewis:
    Apr 14, 2009 at 06:52 PM

    Is it not obscenely fraudulent that these data pirates are needlessly coupling two entirely unrelated services (phishing protection vs. behavioural targetted advertising)? And that you are forced to accept one if you want the other? This side of the issue seems not to have been much commented on.

    The best analogy I can think of is that before a security firm will install a burglar alarm they mandate you give them of a copy of your front door key so they can see what stuff you have in your house when they feel like it in future. (Oh, and they fail to point out that you house already has an alarm system installed.)

    The UK government is not so much lacking in backbone as pre-chordate.

  4. The Open Rights Group : Blog Archive » EU Commission moves against UK Government and Phorm:
    Apr 14, 2009 at 02:47 PM

    [...] response to our recent open letter calling for leading websites to opt out of the system and protect both user privacy and their own [...]

  5. Cynical Chatter From The Underworld » Blocking Phorm and BT Webwise:
    Apr 15, 2009 at 01:41 PM

    [...] to Louise Bolotin for providing the link to The Open Rights Group They have advice on how to block [...]

  6. FIGHT BACK:
    Apr 07, 2009 at 04:58 PM

    This is to beneficial for comnpanies to boycott so it up to the publice to boycott the sites that use Phorm that will put a stop to it!

  7. Wikimedia Foundation opting out of Phorm « Wikimedia Technical Blog:
    Apr 16, 2009 at 10:38 PM

    [...] some internal discussion on whether opting out of the Phorm user-profiling system in the UK would legitimize it, we’re going ahead and requesting an opt-out for all the domains under [...]

  8. Jonathan:
    Apr 16, 2009 at 01:51 PM

    Thank you very much for your excellent work. I am one of those ginny pigs in the 2006 BT trials. I switched ISP providers and was charged over £200 for ending my contract with BT... it is sad we have to pay to be free, but it is even worse nobody seems to care...

  9. Reports provide a glimmer of hope in struggling PC market | Erik Bowman:
    Apr 16, 2009 at 03:14 PM

    [...] for Amazon’s opt-out from Phorm. The London-based Open Rights Group last month sent an open letter to many of the major technology companies, including Google, Yahoo, Microsoft, Amazon and eBay, [...]

  10. Open Letter - Call for major websites to opt out of Phorm | New Zealand Linux:
    Apr 17, 2009 at 11:08 AM

    [...] From http://www.openrightsgroup.org/2009/03/22/open-letter-call-for-major-websites-to-opt-out-of-phorm/ [...]

  11. Ade:
    Apr 17, 2009 at 11:23 AM

    This is not just a consumer privacy issue.
    It also steals ad revenues from websites by replacing them with its own ads
    and gives a third party the same retail data that major websites use to tailor pages to consumers and hence gain competitive advantage.

    Of course major website want to opt out, they would be daft not to, for them its theft.

  12. View From Planet Jamie » Blog Archive » Dotcom Companies Consider Phorm Boycott:
    Apr 02, 2009 at 11:01 PM

    [...] Google is understood to be considering boycotting Phorm; a spokesman said a response to the Open Rights Group’s letter is expected in [...]

  13. Haydn’s Blog » Blog Archive » Phorm / Webwise exclusion - My life on the web:
    Apr 17, 2009 at 09:50 PM

    [...] who run Wikipedia amongst other things) and Amazon have opted out, and the Open Rights Group has written to others like Yahoo, eBay and Microsoft, urging them to do the same. Even the Privacy Officer of [...]

  14. William Heath’s blog » Blog Archive » Dephormed:
    Apr 17, 2009 at 10:03 AM

    [...] setup. Phorm is a disgrace, the government/police response has been lame and shameful. But the FIPR/ORG campaign is winning. Our cause is just and must [...]

  15. Frank Gunn:
    Mar 22, 2009 at 04:16 PM

    There is a new petition that seems very specific about the unacceptable part (to me) of Phorm. Aswell as showing how many people signed the old one would it not be worth publicising the new specific message "Keep out of our ISPs!"

  16. A mammoth undertaking › I blocked Phorm:
    Mar 27, 2009 at 07:20 PM

    [...] Open Rights Group today asked me to block Phorm from my website. As I hate the intrusion into people’s privacy that the Phorm system [...]

  17. A Very Worried Messenger:
    Mar 22, 2009 at 04:53 PM

    The Follow on Petition.

    http://petitions.number10.gov.uk/dataprofiling/

  18. patrik:
    Mar 28, 2009 at 08:09 PM

    I am unequivocal against Phorm

  19. Jamie Dowling:
    Apr 02, 2009 at 10:54 PM

    For those people new to this discussion or those who think Phorm does nothing to interfere with privacy, visit tobymeres.net where there is unedited footage of the public meeting about Phorm taken in April last year. You will see Dr Richard Clayton and Alexander Hanff explain exactly whhy Phorm's Webwise "product" is illegal. You will also see Kent Ertegrul fail to answer those points in any convincing way. You will also note that the "official" footage recorded by 80/20 Thinking has yet to appear.

    If Phorm is so wonderful and has nothing to hide then where is the legal opinion disproving the arguments about its legality? Why did Phorm use PR agencies to try and belittle those who discussed opposing Phorm in forums? Why does Phorm use its legal people to try and intimidate those who post publicly available information about the company?

  20. A Very Worried Messenger:
    Mar 24, 2009 at 12:58 PM

    http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9129640

  21. Geegie:
    Mar 22, 2009 at 09:42 PM

    In no way should you be asking people to opt out of Phorm by using the method they suggest. It is Phorm and BT who are in the wrong and legitimizing their process of opting out is IMHO wrong. The law states that this system must be opt in and the pressure should be put on Phorm / BT to make sure they comply with the law.

  22. Alison Wheeler:
    Mar 23, 2009 at 01:06 AM

    With the exception of the first of those sites, which doesn't carry advertising per se, I am surprised that this letter makes no mention of what will really impact these companies: the possible effect of Phorm on their bottom line. Not only will their sites and their users be getting profiled, but the advertisements which they place on their sites *in order to fund their activities* will be getting over-written (against their wishes) and replaced by adverts the income of which will benefit Phorm and the ISPs concerned.

    This letter appeals to the principles of data security, but the loss of display and click-through income from advertising will hit the finance base of many sites and is, in my opinion, a far more important reason for websites to want to see Phorm stopped before it fully starts.

  23. A Very Worried Messenger:
    Mar 24, 2009 at 12:55 PM

    @Mark Keenan

    It's funny how many Technical People who design & implement these devices to properly maintain a valid Communications System who actually disagree with you!

    (Once again the misuse of Luddite as a derogatory Term!)

    These devices are meant for Traffic Management, "not to trawl through & collect Personal or any other Private/Intellectual Data"!

    http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=Networking+and+Internet&articleId=9129640&taxonomyId=16&pageNumber=1

  24. Pete:
    Mar 23, 2009 at 03:00 PM

    I signed the letter.

    The need for opt-in consent doesn't necessarily preclude asking the operators of these sites to act to immediately protect their customers, using what few options Phorm make available.

    Yet Phorm should be opt-in for web site operators as much as it should for end users.

    It is essential to protect private personal/commercial communication, the integrity of communication data, the security of that information, and copyright.

    Only opt in for both parties is fair and legitimate.

    Phorm *must* be stopped.

  25. Francis Davey:
    Mar 24, 2009 at 05:28 PM

    @Mark Keenan. The difficulty with Phorm (and that which distinguishes it from the efforts of google and others) is that a private channel of communication between website and browser is being intercepted and the content stored. That represents a straightforward breach of privacy and should only be done with express consent.

    There are many ways to carry out useful and targeted behavioural advertising. Amazon does it all the time to me, but amazon does not feel the need to listen in to private communications to do that, it simply uses the information I freely give it on its website. I don't have to do that and can opt out in various transparent ways.

    Phorm and other deep packet inspection techniques are different. Referring to "luddites" does not really help forward the debate.

  26. Mark Keenan:
    Mar 24, 2009 at 11:46 AM

    Phorm does nothing to affect privacy in any way. It is simply behavioural targeting and allows the advertiser to set up a campaign based on generic preferences gained from the ISP data. It is no threat to an individual and the luddites should actually tell the truth about what this does and not try and scare the public with disimformation.

  27. A Very Worried Messenger:
    Mar 24, 2009 at 10:08 AM

    @HamsterWheel

    I do not condon any form of harassment, whether it be from over enthusiastic campaigners or "Eminent Legal Representives".

    For example Harassment of Website Owners with Takedown Orders, when it is clear that the information posted is available for all to see on other websites!

  28. Big websites urged to avoid Phorm | Security Hero:
    Mar 23, 2009 at 05:50 PM

    [...] Related - Open Rights Group letter [...]

  29. A Very Worried Messenger:
    Mar 24, 2009 at 10:00 AM

    One place to start is to follow the Links relating to Phorm/Webwise on thise Website & then follow the saga via maybe this link:

    http://www.inphormationdesk.org/

  30. Tim Starling:
    Mar 24, 2009 at 01:43 AM

    "You may already be aware of the very significant concerns being expressed by many of your UK Internet customers about the interception and processing of their data whenever it is viewed by customers whose ISPs deploy the Phorm/Webwise system."

    I for one haven't heard such concerns. Is there somewhere I can read about them? This open letter is a bit short on detail about the system in question, and I don't see any relevant links here on this page.

  31. HamsterWheel:
    Mar 24, 2009 at 09:58 AM

    Just shows how desperate all the antis now are - resorting to having to beg the likes of Google to help preserve privacy !! Might as well ask McDonalds to help ban the eating of meat !

    'tis good to see the antis stooping so low, they are in total disarray as shown on their website where they all now advocate personal vendettas on Phorm staff. They have turned back into a most unsavoury bunch.

  32. Privacy campaigners pressure web firms to boycott Phorm:
    Mar 23, 2009 at 11:48 PM

    [...] for Information Policy Research, and prominent privacy advocates Alexander Hanff and Pete John, have written to Microsoft, Google/YouTube, Facebook, AOL/Bebo, Yahoo, Amazon, and eBay to win support for a [...]

  33. Fred:
    Mar 25, 2009 at 10:52 AM

    Insstead of Phorm, perhaps we should all get a personal robot. It will be briliant, it willkeep the house clean, wash the car, do your work. It will follow us around, see what we buy, what films we watch, what we eat, when we exercise, when we sleep. It can then whisper little things in our ear, coca cola is cheap today, time to wake up HMV just opened. When the adverts come on the telly it will change the channel so you can't watch the ones that aren't being provided by the robot's supplier, and it will send all this information back - but hey it's ok, no one knows which robot is yours.

  34. Owen Blacker:
    Mar 25, 2009 at 10:14 AM

    Francis, you also miss an important point — we're not luddites. The board and the Advisory Council (of which I am a member) of the Open Rights Group include people like Richard Clayton, Tom Coates, Alan Cox, Cory Doctorow, Ben Hammersley, Desirée Miloshevic, Danny O'Brien and Jonathan Zittrain. To suggest we're one big bunch of luddites is simply ridiculous and suggests a complete lack of understanding.

    But Francis is right — the other problem is that this isn't good for the advertisers either. My day job is at an ad agency; I'm not some anti-advertising nut who thinks behavioural advertising is an evil invasion of my privacy. Au contraire: I think it's a concept that has the potential to benefit both advertisers and consumers.

    But Phorm are going about everything the wrong damn way. Advertising is all about building up trust between a brand and their customers. Deep packet inspection without consent — from either party involved in the communication — is not only completely the wrong way to build that trust, but is also likely to be illegal under the Regulation of Investigatory Powers Act.

    Openness, honesty and transparency are how to build your customers' trust in your brand. Intercepting their communications to futz with them really isn't. Advertisers should steer clear of Phorm like it were the plague.



This thread has been closed from taking new comments.