call +44 20 7096 1079

Blog


March 31, 2008 | Michael Holloway

Supporters update - March 2008

Please use the link below to read our March 2008 supporters update. Headlines include the culmination of our Creative Business project and the Sound Copyright petition achieving over 10,000 signatories.

Supporters update - March 2008

[Read more]


March 28, 2008 | Becky Hogge

ORG and FIPR meet with Phorm

On Wednesday, at their invitation, I went to Phorm’s offices in Central London. I was accompanied by ORG Advisory Council member (and Foundation for Information Policy Research Treasurer) Richard Clayton. We were there, on Phorm’s invitation, to find out how the systems that they are selling to BT, Virgin and TalkTalk actually work. Over the last few weeks, the story that three of the UK’s major ISPs are signed up to trial Phorm, which tracks users’ online surfing habits in order to serve them targeted ads, has been met with significant public resistance.

We didn’t go to Phorm for “the layman’s view”. We wanted the real deal, and I’m delighted to say that that’s what we got. Over the coming days, Richard Clayton will be posting details of different aspects of the system on Light Blue Touchpaper, posts which I will report on here. Earlier this month, the Open Rights Group called on Phorm to publish full details of how the technology will work – Richard’s analysis will provide this information. Only when we know how Phorm actually works can we model exactly what the implications of the technology are for users’ privacy. Richard and I also encouraged Phorm representatives to join the UK-crypto mailing list, in order to engage further with the expert community.

In the meantime, I thought it would be useful if I noted one of the less technical discussions that took place at the meeting. Phorm remain convinced that their technology, in the words of Simon Davies "advance[s] the whole sector of protecting personal information by two to three steps". This assertion is based on the significant measures they have taken to obscure identifying and sensitive information as they track web activity in order to serve targeted ads.

However, what this assertion fails to take into account is that BT, Virgin and TalkTalk are proposing to apply the Phorm system to a layer of the web stack that has previously been free of any such tracking and targeting activity. It is this aspect of the story which has caused so much public disquiet. As Sir Tim Berners-Lee put it last week:

"I myself feel that it is very important that my ISP supplies internet to my house like the water company supplies water to my house. It supplies connectivity with no strings attached. My ISP doesn’t control which websites I go to, it doesn’t monitor which websites I go to."

If you don’t like the way a web application is protecting your privacy, you can use another one, and if you can’t find one you want to use then you can build your own. But you can’t build your own connectivity. If the UK’s major ISPs all sign up to Phorm, then UK citizens will find it increasingly difficult to find connectivity that doesn’t come with "strings attached". Internet users can opt out, as, it turns out, can server operators (but I’ll let Richard provide details of that). TalkTalk have even indicated that they will make their Phorm system opt in. But is this enough? How long until we are asked to pay a premium for connectivity which comes "snoop-free"?

Nothing Richard Clayton and I saw yesterday appeared to contradict the legal analysis issued by FIPR last week, analysis that raised questions as to Phorm’s legality under section 1 of the Regulation of Investigatory Powers Act. But the Phorm issue is far more likely to be decided upon in the court of public opinion than in a court of law.

At the meeting, I encouraged Phorm to engage further with its critics. They are now planning an open, public meeting to hear people’s concerns about their technology. As soon as I have details of this meeting I will publish them here. If you’ve seen expert comment on Phorm, or think that the debate would benefit if others (for example the ISPs themselves) were specifically invited, please leave your suggestions in the comments. Thanks to everyone who left comments to my previous two posts on Phorm, many of them were tremendously helpful in preparing for the meeting.

Earlier this month, ORG also called for 80/20 Thinking Ltd’s privacy impact assessment to be made public. An interim assessment [pdf], dated 10 February 2008, was published last week. It predicts the media and public backlash against Phorm, and leaves several questions unanswered, including "Can an external attacker gain access to the required information to re-link [an] individual [with their] unique identifier?" Phorm let us know yesterday that the full privacy impact assessment (which was due this month) has not yet been completed, and that they will publish it as soon as they can after it is complete.

[Read more] (39 comments)


March 17, 2008 | Becky Hogge

Phorm update

It's difficult to tell which of today's developments the UK's major ISPs should be more worried about - the fact that Sir Tim Berners-Lee has publicly stated that he would change his ISP if it started employing systems, like Phorm, which could track his activity on the internet, or the news that UK digital rights gurus the Foundation for Information Policy Research (FIPR) have today written an open letter to the Information Commissioner, urging him to look at the legality of Phorm.

Over the last few weeks, the story that BT, Virgin and TalkTalk are signed up to trial Phorm, a system which tracks users’ online surfing habits in order to target ads at them, has caused a storm all over the internet. As Sir Tim tells the BBC's Rory Cellan Jones today:

"I myself feel that it is very important that my ISP supplies internet to my house like the water company supplies water to my house. It supplies connectivity with no strings attached. My ISP doesn't control which websites I go to, it doesn't monitor which websites I go to."

Or as ORG might paraphrase

"Keep your mitts off my bits"

Meanwhile, FIPR have written to the Information Commissioner's Office with a detailed analysis of the legality (or otherwise) of Phorm. FIPR spokesperson (and Open Rights Group Advisory Council member) Richard Clayton puts it like this:

"The Phorm system is highly intrusive -- it's like the Post Office opening all my letters to see what I'm interested in, merely so that I can be sent a better class of junk mail. Not surprisingly, when you look closely, this activity turns out to be illegal. We hope that the Information Commissioner will take careful note of our analysis when he expresses his opinion upon the scheme."

The ISPs which propose to use Phorm are yet to respond to ORG's call to publish the privacy impact assessment they commissioned from 80/20 Ltd (whose Director, Simon Davies, is also Director of Privacy International), as well as full details of how Phorm will work. Until we can all see for ourselves exactly how Phorm works – and across whose networks our data will flow – speculation about the privacy implications of Phorm will only continue.

[Read more] (17 comments)


March 17, 2008 | Becky Hogge

Musicians, fans and online copyright - free event this Wednesday!

Last weekend, international divisions over how to deal with those who illicitly share copyrighted material online began to appear. It was announced on Saturday that Japanese internet service providers (ISPs) have agreed to cut off the internet connection of anyone who illegally downloads files, in plans that mirror France's Olivennes Bill. Meanwhile Sweden's Minister of Justice and Minister of Culture have rejected similar plans to disconnect filesharers, stating in an article for the Svenska Dagbladet daily that such an approach is not practical in modern society where Internet access is a prerequisite for so much else. Instead, Sweden will favour a process where rightsholders must prosecute suspected filesharers in court.

The UK government will consult UK citizens on their plans to tackle illicit filesharing this Spring. If you need to brush up on the arguments ahead of time, there are still a few places left at Musicians, fans and online copyright. This event, which takes place on Wednesday, will gather representatives from the recording industry, ISPs and consumer welfare groups together with academic and legal experts to discuss whether ISPs should monitor customers to try and spot copyright infringement, and disconnect downloaders. It promises to be a lively and informed afternoon, so do come along if you can. The event is being held from 1400 at the London School of Economics. It is free to attend, but you must register here.

[Read more]


March 14, 2008 | Michael Holloway

Public sector information: officially better when shared

Following up on the stunning Power of Information Review (PoIR), comes the snappily-titled Models of Public Sector Information Provision via Trading Funds. This new research, published yesterday, looks at the way public sector bodies charge for commercial and non-commercial reuse of non-personal public sector information. It was commissioned after PoIR recommendations made by Messrs Steinberg (Director of mySociety) and Mayo (Director of the NCC), and was performed by a crack squad of Cambridge University academics, including Rufus Pollock (ORG Director). In all honesty we have not yet read all of the 100+ pages of dense economic theory, but this great piece of news jumps out:

"...in most cases, a marginal cost regime would be welfare improving – that is, the benefits to society of moving to a marginal cost regime outweighed the costs."

Amongst others, the Free our Data campaign has pushed Government to review its policy on restrictive licensing for public sector information provision. This new evidence adds great weight to their case that, rather than selling data for profit, trading funds should only charge data re-users the marginal cost of production. In practice, this means Government should give away data to boost private-sector enterprises because it will, as a direct result, bolster the public purse through increased taxation.

This new research should kick-start reform of the Crown Copyright regime and more liberal access to the data-treasure-troves collated by the Met Office, DVLA, Companies House and the Land Registry.

And if you get excited by material that's free to access, reuse or re-distribute, then please come down to tomorrow's OKCon, for a day of seminars and workshops around the theme of 'Applications, Tools and Services'. The event runs 10.30 - 18.30, Saturday 15 March 2008, at the LSE. For full details and to sign up, click through to the Open Knowledge Foundation.

[Read more] (1 comments)


March 12, 2008 | Becky Hogge

The Phorm storm

Update: An interim Privacy Impact Assessment (PIA) has now been published by Phorm. You can read it here [pdf]. The PIA, produced by 80/20 Thinking Ltd, predicts the media and public backlash against Phorm, and leaves several questions unanswered, including "Can an external attacker gain access to the required information to re-link [an] individual [with their] unique identifier?". This document, which is dated 10 February 2008, anticipates the publication of a full PIA "in March 2008". As yet none has been forthcoming.


Over the last few weeks, the story that BT, Virgin and TalkTalk are signed up to trial a new technology called Phorm, which tracks users' online surfing habits in order to target ads at them, has caused a storm all over the internet.

Here’s what we've been told about the workings of Phorm so far. Phorm assigns a user’s browser a unique identifying number, which, it is claimed, nobody can associate with your IP address, not even your ISP. It then uses information about your surfing habits, gathered by searching the URLs you request and the websites you visit for key words, to assign that unique number to various "channels" (for example "golf", "travel" or "handbags"). When you visit a website which has a "Phorm please put an ad in here" tag, Phorm serves an ad from a channel where your unique number appears.

Phorm says that it does not write data about the content you are viewing to disc in "the production system", getting rid of it as soon as the operation to assign your unique number to a channel is complete. In a separate system (used for "research and debugging") that data is stored for 14 days, then deleted.

Despite some significant investigative work, in particular from The Register and the Political Penguin blog, several technical questions remain unanswered. The confusion is compounded by a Privacy Impact Assessment of Phorm that was conducted by 80/20 Thinking Ltd, whose core staff includes the director of Privacy International, Simon Davies. Davies has gone on record stating that "Phorm does advance the whole sector of protecting personal information by two to three steps". Yet despite the focus on Davies’ involvement, the privacy impact assessment conducted by 80/20 is yet to be published.

On top of this, question marks are beginning to appear over Phorm’s compliance with the law. Can ISPs’ employment of Phorm comply with the Data Protection Act? Is intercepting traffic in this manner an offence under section 1 of RIPA (the Regulation of Investigatory Powers Act)? The Information Commissioner has issued a statement (pdf) saying his office is making inquiries – but is this enough?

A petition asking the Government “to stop ISPs from breaching customers’ privacy via advertising technologies” has now collected over 2,500 signatures. Phorm could, as Simon Davies has claimed, represent an advance in online privacy. But because it is being applied to target ads at us, based on activity we have not asked and may not want to be tracked – the websites we visit – it is not surprising that people are shouting “keep your mitts off my bits!”.

Until we know exactly how Phorm works – and across whose networks our data will flow – speculation about the privacy implications of Phorm will only continue. The ISPs involved with Phorm, as well as the company itself, should take their lead from the Government, who last week published the controversial and critical Crosby Review of ID cards after much delay. They should publish 80/20’s impact assessment and full details of how Phorm will work now and let us see for ourselves the real privacy implications of Phorm.

Some resources:

 

 

 

 

 

 

 

 

 

 

 

  • 80/20 Privacy Impact Assessment of Phorm - forthcoming?

 

 

 

[Read more] (46 comments)


March 07, 2008 | Becky Hogge

Term extension Private Members Bill stopped in tracks

Thanks to everyone who wrote to their MPs over the last few weeks to ask them to object to Pete Wishart's Private Members Bill to extend copyright term.

I'm pleased to report that an honourable member did indeed object to the Bill when it came round. He is as yet unidentified (although Hansard will hopefully reveal all over the weekend). You can spot him on the far left of the screen, sitting in the front row of the Labour benches at exactly 04:56:57 in this video of the day's proceedings in the Commons. Look closely - is that your elected representative standing up for your rights?

Because there was no time debate the Bill, the second reading will happen again next Friday. So there's still time to write to your MP and ask him or her to represent you on this issue. And if you haven't already, please do sign our petition against copyright term extension in Europe.

[Read more] (4 comments)


February 29, 2008 | Becky Hogge

Open Rights Group and EFF launch Europe-wide anti-term extension petition

Sound Copyright banner
I'm pleased to announce today the launch of a Europe-wide campaign against the extension of copyright term. Thanks to ORG volunteers, and some very nice people I met at FOSDEM, the new campaign site - soundcopyright.eu - is available in English, French and German.

Please visit the site, and sign the petition.

The recording industry has been lobbying for copyright term extension in sound recordings for many years. In the UK, the Government commissioned an independent study to examine whether term extension was a good idea for the UK creative economy. The review found that all the evidence pointed against extending term, and based on this, the UK government rejected the recording industry's call for an extension.

Now the recording industry has taken its fight to Europe, and it looks like they're winning - Commissioner Charlie McCreevy announced in February that he intends to extend the copyright term in sound recordings from 50 to 95 years. This is surprising, since the Commissioner's own Internal Market Directorate have also published evidence that shows that the arguments in favour of extending term lacked substance, especially compared to the reasons for maintaining the status quo.

If you care about this issue, please sign our petition, which states simply:

The following individuals state their opposition to a copyright term extension for sound recordings.

We ask the European Commission, the European Parliament and the Council of Ministers to ensure that policy in this area reflects all concerned stakeholders, including consumer and public interest organisations, and not just the commercial rights-holders who advocate for extended copyright term.

It's time for European citizens to get their voices heard in this debate. Back in 2006, over 1,000 people signed ORG's petition asking the UK government to reject term extension - and it worked. We want ten times that many to sign this new Europe-wide petition. So please, tell as many people as you can about our campaign to stop copyright term extension in Europe. We'll use your support to lobby individual Commissioners, and to ensure that this misguided policy is rejected.

Together, we will stop copyright term extension.

[Read more] (9 comments)


google plusdeliciousdiggfacebookgooglelinkedinstumbleupontwitteremail