Phorm: Civil liberties and trust

Speech given to a Westminster eForum about the rogue behavioural advertising system.

Speech delivered 19 May 2009

Phorm is asking for an extremely large amount of trust on the part of users. It is a system that has the ability to read, interpret and store information from all of our internet traffic. This immediately raises privacy and as we have heard, legal concerns.

These privacy concerns have been echoed in Canada and the USA, where companies offering similar technologies have created an enormous amount of controversy.

The reasons for this are plain: your ISP gets to see all of your internet traffic. You need to trust your ISP. Suddenly they are monitoring and logging parts of that information and building a business around that.

The system that is being trialled by Phorm appears to store very basic information about web habits.

They have in my view gone so far in the dumbing down of browsing information into key word channels as to make their future intentions very worrying.

Because there is much better information they could get, by the same process of logging. When they find their advertising model wanting, what sort of incremental ‘improvements’ to their monitoring will they implement?

The real value in our habits is to be found in topics we come back to, the sites we revisit, the social attitudes we display. The dangerous stuff, in other words.

As time goes on, there will be a clear commercial imperative to extend and deepen the information held on users towards the more valuable information. And to offer new services based on the data collected.

Where we will end up is really unlikely to be where we start: so we need to consider the civil liberties and political implications of the type of business model Phorm is promoting.

This model puts ISPs very much in the content delivery and user data business: right in competition with most of the services they are being paid to deliver.

And being right at the centre of the network, they are also in the most powerful position to collect and analyse that data.

More powerful than Google, Facebook, or Amazon, in terms of the potential they have for knowing about our habits.

One might say, that ISPs are in a position of power that is too great for it to be truly legitimate for them to take steps in this direction.

For citizens to trust ISPs we should require near complete privacy, both from our point of view, and from the point of view of offering level playing field for other services.

As we have heard there is also a clear civil liberties (as well as legal) implication in reading traffic from third parties, who did not give consent to interception of their traffic.

Websites may contain personal, although publicly available, data; or even data that is hidden from general public view.

Phorm does not ask for the consent of website owners to have their communications data examined, but instead treats websites as purely public ‘broadcast’ material, like a newspaper or television programme.

However, this is not always the case. Web content can be highly personalised to the individual user.

The owners of those websites should be able to protect their customers from having their data intercepted and examined. And if they agree to Phorm’s use of their websites, they should be obliged to inform their customers that they have agreed to allow Phorm to examine their data.

It can't be a good thing for users, in outside of Phorm-based networks, to feel monitored on the net.  This could have a detrimental effect on the way we act: it is contributing rapidly developing to the sense of a 'surveillance society'.

But most fundamentally, by breaking clear notions of privacy, by breaking our common sense notions of our right to avoid surveillance, Phorm is undermining our confidence in governments to uphold fundamental rights and laws in the face of commercial opportunities.

We urge parliamentarians to take action on Phorm both to preserve our basic human dignity and our confidence in our institutions.