September 30, 2008 | Becky Hogge

4 good reasons not to take part in the BT Webwise trial

Today, BT will start trials of Webwise, a technology which analyses your web surfing habits in order to serve you targetted ads. If you're a BT Total Broadband customer, you might be asked to consent to being part of this trial. Here are four good reasons not to.

  1. You gain nothing. BT is looking to profit from its deployment of behavioural targetted advertising technology, but you stand to gain very little. Unless the offer of "more relevant advertising" is something that holds a special promise for you, what you are getting in return for allowing BT to analyse your web surfing habits is an "anti-fraud" feature which is unlikely to give you anything more than the features already built into web browsers Internet Explorer 7 (available for free upgrade to existing Internet Explorer users) or Firefox 3 (also free) - or Opera (thanks for the tip, Glyn!).

  2. BT has already trialled Webwise on its customers - without telling you. BT are only asking for your consent now because the authorities that regulate data protection have told it it has to. BT already trialled Webwise - without asking your permission - in 2006 and 2007. That doesn't sound like a company you should trust to protect you and your family's privacy.
  3. BT are making you responsible for getting everyone who uses your computer to consent to being profiled by Webwise. The Government have told BT that in order for Webwise to conform to UK data protection laws, BT must seek the consent of everyone who uses an internet connection where Webwise is enabled. To get around this, BT have devised new terms and conditions for people who agree to trial Webwise that transfer this burden onto you.
  4. BT Webwise turns the web inside out. Competitiveness, universal access, and the transformative effects of the world wide web are all underpinned by the internet’s structure as a so-called "network of ends", and by internet service providers, like BT, adopting the role of a "mere conduit" of information. By intercepting communications between you and the websites you visit and using this information to target advertising at you, BT is compromising that role - becoming more like a television broadcaster than an internet service provider.

Concerned digital rights campaigners have fought a long and hard battle over Phorm, the technology used in BT Webwise. During this battle, it has become clear that there is no protection for UK citizens from corporations who wish to illegally intercept private communications for financial gain. Today it might look like campaigners have lost the battle against Phorm, but without their hard work, BT may not have been forced to ask your permission to take part in this trial at all - it could have simply assumed it.

If you'd like to find out more about how Phorm works, read this technical overview. If you would like to know more about the legal ramifications of Phorm, read this legal analysis. If you would like to get active, visit and

Previous posts on Phorm:

[Read more] (13 comments)

September 29, 2008 | Becky Hogge

Capturing the database state: community photocall

Collage of imagesHappy-snappers unite! We need as many people as possible to take photos of stuff that embodies the database state, and the UK's world-famous surveillance society (wake up! You've just walked into it).

On 11 October, No2ID and the Open Rights Group will make a live collage of the images you've taken in a prominent location in London (to be confirmed), to celebrate Freedom Not Fear Day 2008.

Freedom not Fear is an international day of action for democracy, free speech, human rights and civil liberties, and events to celebrate these central tenets of a just society will be taking place all over the world.

Here's how you can help:

  1. Spot something that embodies the UK's wholesale transformation into the surveillance society/database state. Subjects might include your local CCTV camera(s), or fingerprinting equipment in your child's school library
  2. Snap it
  3. Upload it to Flickr and tag it "FNFBigPicture" - please use an Attribution Creative Commons license*
  4. That's it!

*We need you to license it this way because we want to give the image to newspapers to run on the day.

Watch this space for more news on the 11 October event, including how to come and help build the collage.

Click here and here for photo credits.

Freedom Not Fear Web Banner

[Read more] (21 comments)

September 24, 2008 | Becky Hogge

Home Office extend deadline for ORG FOI request on Intercept Modernisation

Back in August, we submitted a Freedom of Information request to the Home Office, asking them to shed light on the Intercept Modernisation Programme (IMP). Over the Summer, a number of news reports had claimed that as part of this programme a new national database would be created containing the electronic communications data of the entire population. You can read more about the IMP here.

The Home Office have now got in touch to say they are extending the 20 working day response period (which ended today) in order to consider whether our request meets the public interest test. They write:

We are considering your information request. Although the Freedom of Information Act carries a presumption in favour of disclosure, it provides exemptions which may be used to refuse to confirm whether or not we hold information, or where we do, to withhold that information in specified circumstances. Some of these exemptions are subject to a public interest test. These exemptions are known as qualified exemptions. The public interest test is used to balance the public interest in openness against the public interest in favour of applying exemptions. Section 10(3) of the Act allows us to exceed the 20 working day response target where reasonably necessary to consider the public interest test fully. This is subject to us telling applicants when we expect to conclude our deliberations and provide a full response.

We are currently assessing the public interest in saying whether or not we hold the information you have requested, and should we do so, in providing the information you have requested. We are doing so under the exemptions contained in Sections 23(5) and 24(2) (national security), 35(3) (formulation of government policy, 31(3) (prevention and detection of crime) and 43(3) (prejudice to commercial interests) of the Freedom of Information Act. This letter should not be taken as conclusive evidence that the information you have requested exists or does not exist.

[Read more] (5 comments)

September 20, 2008 | Becky Hogge

To do this weekend: ask your MEPs to vote for Telecom package amendments 133 and 138

Update (24/09/08): The votes are in. The bad news is that amendment 133 was rejected (watch this space for a link to a list of the MEPs who rejected it). But the good news is that amendment 138 was passed, with a last minute oral amendment. The European Parliament voted to adopt it in this form:

"applying the principle that no restriction may be imposed on the rights and freedoms of end-users, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, without a prior ruling by the judicial authorities, save when public security is threatened"

According to IP Integrity, this amendment to the Directive means that ISPs ability to impose restrictions on users' access to content will be limited.

Update (22/09/08): Since the vote isn't until Wednesday 24 September, there's still time to write to your MEPs and ask them to support these amendments. So what are you waiting for?

Next Wednesday, MEPs will vote on the Telecoms package. Two amendments have been tabled which in particular will ensure the new telecoms regulations protect European citizens from unreasonable surveillance and censure. If you have half an hour this weekend, why not write to to your MEPs and ask them to support these amendments?

Amendment 133 is an anti-filtering amendment, and will add the following text to the Directive:

"Member States shall ensure that no technology may be mandated by competent authorities which would facilitate surveillance of internet users, such as technologies that mirror or monitor the user´s actions and/or interfere with operations of the user's network activity for the benefit of a third party (known as "filtering")."

Amendment 138 ensures that sanctions cannot be imposed on end-users without judicial oversight. It will add the following text to the Directive:

"applying the principle that no restriction may be imposed on the rights and freedoms of end-users, notably in accordance with Article 11 of the Charter of Fundamental Rights of the European Union on freedom of expression and information, without a prior ruling by the judicial authorities, except where dictated by force majeure or by the requirements of preserving network integrity and security, and subject to national provisions of criminal law imposed for reasons of public policy, public security or public morality."

La Quadrature du Net are maintaining a voting list, which gives MEPs interested in protecting the rights of European citizens advice on how to vote on all the amendments tabled to the Telecoms package. As the list demonstrates, many amendments have been tabled that reflect the criticisms of the Telecoms package made by the European Data Protection Supervisor last week.

[Read more] (15 comments)

September 19, 2008 | Becky Hogge

What BERR want from Phorm - and what we think they're missing

Phorm, the targeted behavioural advertising technology company, has been back in the headlines this week. The Department for Business, Enterprise and Regulatory Reform (BERR) have finally responded to the European Commission's demand for an explanation of how Phorm's technology conforms with EU data protection and privacy laws. Information Society Commissioner Viviane Reding had asked the UK Government to respond to her enquiries by the end of August.

The Register has published BERR's public statement in full. In it, BERR lay out the conditions they think Phorm needs to conform to in order for it to operate within the law:

After conducting its enquiries with Phorm the UK authorities consider that Phorm's products are capable of being operated in this fashion on the following basis:

  • The user profiling occurs with the knowledge and agreement of the customer.
  • The profile is based on a unique ID allocated at random which means that there is no need to know the identity of the individual users.
  • Phorm does not keep a record of the actual sites visited.
  • Search terms used by the user and the advertising categories exclude certain sensitive terms and have been widely drawn so as not to reveal the identity of the user.
  • Phorm does not have nor want information which would enable it to link a user ID and profile to a living individual.
  • Users will be presented with an unavoidable statement about the product and asked to exercise a choice about whether to be involved.
  • Users will be able to easily access information on how to change their mind at any point and are free to opt in or out of the scheme


The conditions either misunderstand or ignore a crucial stakeholder in the web-browsing process - website owners. As Nicholas Bohm (General Counsel to the Foundation for Information Policy Research and ORG Advisory Council member) made clear in his legal analysis [pdf], unless the ISPs employing Phorm's technology to intercept the communications between their customers and the owners of the websites their customers are visiting have the explicit consent of both parties , they are likely to be committing an offence under the Regulation of Investigatory Powers Act (RIPA), the legislation that governs interception of communications in the UK. As Mr Bohm states:

"The inevitable conclusion is that an ISP who operates the Phorm system will commit offences under RIPA s1 on a large scale. Phorm is inciting the commission of those offences, which is itself an offence at common law (and will be an offence under section 44 of the Serious Crime Act 2007 when it is brought into force to replace the common law offence)."

What's more, although Phorm may not have "information which would enable it to link a user ID and profile to a living individual", website owners might. Bohm again:

"If parts of the visited site use the HTTPS protocol for secure browsing, the cookie containing the Phorm UID will be sent to the site, where the UID can be read; and if a webmaster wishes to do so, he can read the UID in any case using Javascript. The result is that any site which holds any personally identifying information about a user, and many do, can associate that information with the Phorm UID and indeed also with the user's IP address visible to the site. In view of this, Phorm's claims for the anonymity of its processes are, to put it no higher, a considerable exaggeration."

Are the UK authorities under the misguided impression that ISPs provide the internet, the way that broadcasters provide television? Or do they understand that communications between internet users and website owners during web browsing are as legally private as communications between me and my grandmother when I write her a letter and post it using Royal Mail?

BERR have declined to publish the full text of the letter to Viviane Reding, which is also expected to contain an explanation of any action UK authorities propose to take over BT's trials of the Phorm technology in 2006 and 2007, trials which did not seek the consent of users. These trials are the subject of an ongoing investigation by City of London police.

A variety of Freedom of Information requests have now been made to BERR which ask them to reveal details of meetings with BT, Phorm and other ISPs, and disclose the full text of the letter to the Commission.

Previous posts on Phorm:

[Read more] (3 comments)

September 16, 2008 | Michael Holloway

Join ORG today for a signed copy of JZ's new title

Continuing our summer blockbuster of a supporter drive, we are delighted to offer five signed copies of Jonathan Zittrain's The Future of the Internet, and How to Stop It. As you can see from the widget-ometer, so far we've reached 947 monthly fivers - well on the way to our target of 1,500 by the year's end. We attribute the recent boost to our 24 October event with Neil Gaiman - for which there are still a few tickets left - and the release of the Who's Watching Who video.

Professor Zittrain is one of the wise owls on our Advisory Council and his latest book "explains the engine that has catapulted the Internet from backwater to ubiquity—and reveals that it is sputtering precisely because of its runaway success." The next five people who sign up to support our work and include "JZ floats my boat" in the "How did you hear about" field will receive, along with the usual benefits and warm glow, a signed copy of this epoch-shattering work.

[Read more] (1 comments)

September 15, 2008 | Becky Hogge

European Data Protection Supervisor comments on the Telecoms package

Back in July, we asked you to write to your MEP about worrying last minute amendments to the EU Telecoms Package. Now, the European Data Protection Supervisor (EDPS), an independent supervisory authority devoted to protecting personal data and privacy, has commented in depth on the amendments in a 13-page report.

In reviewing the amendments, the EDPS underlines the concerns raised earlier in the Summer that they could bring in a "3 strikes" style copyright enforcement regime through the backdoor. He states that:

" seems fair to say that the amendments do not set up unequivocally a "3 strikes approach" system. They do not spell out thoroughly the details of such a system. However, in the EDPS' view, these amendments provide for a "slippery slope", and can be interpreted as erecting the foundations for such a system and even favouring its emergence, to be further developed either at national or EU levels"

Thanks to the letters sent by the ORG community MEPs were alerted to the ambiguities in the proposed amendments and are now seeking to clarify what effects the law will have. The EDPS recommends that

" light of the points above, this should be clarified in a recital, which could read as follows: "Cooperation procedures created pursuant to this Directive should not allow for systematic and proactive surveillance of Internet usage""

Voting on the amendments will take place next week. You can download the EDPS report here [pdf]. For more commentary, try:

[Read more] (2 comments)

September 09, 2008 | Michael Holloway

Sign up this instant to get Remix, Lessig's next book

Larry is the Daddy If you've still not signed up to make regular donations to Open Rights Group then this may be the prod you've needed. Lawrence Lessig, pre-eminent cyberlaw scholar and the grand wizard of Creative Commons, releases his new book this Autumn and we have five signed copies to give away. The book is called Remix: Making Art and Commerce Thrive in the Hybrid Economy and will be his last on intellectual property in the digital age. It pursues three key themes:

"(1) that this war on our kids has got to stop, (2) that we need to celebrate (and support) the rebirth of a remix culture, and (3) that a new form of business (what I call the "hybrid") will flourish as we better enable this remix creativity."

The next five people who sign up to support our work and include "Larry's the Daddy" in the 'how did you hear about' field will receive, along with our growing list of supporter benefits, a signed copy of Remix.

[Read more] (2 comments)