An interesting technical analysis of the controversial Phorm technology has been released recently. It offers an informative look into the technology that is currently being rolled out for ISPs.Imagine every bit of information you receive being analyzed before it even reached it's intended destination. It's a thought that helped caused an uproar in the United States with the debates over telecom warrentless wiretapping. Mix advertising from the Internet Service Provider and you may be moving towards the debates the British are having to deal with. The Open Rights Group points us to new information being released. Various groups including ORG and the foundation for information policy research were invited by Phorm and the Information Commissioner's Office to take a look at the system that has caused an uproar in Britain. Clayton then blogged about his findings, offering an introduction to what he found: Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system, so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website. A number of very well-informed people on the UKCrypto mailing list have suggested that the last of these actions may be illegal under the Fraud Act 2006 and/or the Computer Misuse Act 1990. The full analysis of the controversial technology can be found here (PDF) "We now know that BT have already conducted secret trials of this technology, testing the effectiveness of snooping on their customers' Internet activities. They claim to have received extensive legal and other advice beforehand, but have failed to give the reasoning on which this advice is based." Nicholas Bohm, General Counsel for the Foundation for Information Policy Research, said in a FIPR press release, "As we pointed out in our letter, the illegality stems not from breaching the Data Protection Act directly, but arises from the fact that the system intercepts Internet traffic. Interception is a serious offence, punishable by up to two years in prison. Almost incidentally, because the system is unlawful to operate, it cannot comply with Data Protection principles." Meanwhile, Open Rights Group points out, "By coincidence, the Information Commisioner has released an updated statement on Phorm. From the looks of things, they have declined FIPR’s invitation to consider the lawfulness of Phorm’s data processing under legislation other than the Data Protection Act (such as RIPA). They have also failed to address the news that BT trialled Phorm without seeking consent from its users in 2006." In spite of the concerns surrounding the technology, the Information Commissioner issued the following statement (PDF) The ICO has received a number of queries concerning the recent announcement by Phorm that 3 major UK Internet Service Providers have agreed to allow them to use technology, developed by Phorm, to present adverts to their customers based on the nature of the websites they visit. It may lead one to wonder if the opposition to this technology is currently falling onto regulatory deaf ears. |
 
|
members that voted for this story
|
