One may call it a new weapon against file-sharers who are savvy enough to use a file-sharing website, but not savvy enough to install a pop-up killer (now pre-bundled in many web browsers) or anti-adware software to stop the ads – whoever they are. A report from The Guardian talks about this more recent push by the copyright industry that resides in the UK to toughen up copyright laws. From the report:

The UK film and television industry is calling on the government to introduce online “speed humps” that would slow down or restrict the broadband access of people who illegally share copyrighted material, and slap pop-up warnings on websites to stem the rising tide of internet piracy.

Rising tide indeed if the copyright industry statistics are to be believable (Canadians are probably even less likely now). The report now suggests that there are 6 million file-sharers in the UK engaged in file-sharing – a completely different number to that of the last guess of 1.3 Million on one network.

Additionally, this is suppose to be one of the tools the copyright industry would have – effectively getting ISPs to do their dirty work in the process – to supposedly eliminate piracy by 70% – 80%. That 70% – 80% targeted reduction is certainly in-line with last years leaked letter where the British government vowed to reduce file-sharing by 80%.

The idea behind getting ISPs to bring pop-ups to users who access file-sharing sites? From the Guardian:

“Making life difficult for people who persist in accessing and copying protected material, while not preventing them from shopping online, browsing, banking online or using the internet for other legitimate purposes, is surely preferable to court actions, except in the most flagrant cases of abuse,” said Lavinia Carey, chair of Respect For Film, a lobby group backed by the British Video Association, the Federation Against Copyright Theft, and studios including NBC Universal and Warner Bros.

“We see the use of technological measures as similar to creating road humps – they will make potential copyright infringers pause and think twice.”

Last year, British ISPs signed a memorandum of understanding (MOU) that said that ISPs agree that they need to take measures to fight online piracy. While UK ISPs did sign the MoU, they still expressed reluctance to disconnecting alleged copyright infringers.

Still, this latest demand seems to follow along a theme that was seen last year when Virgin Media sent out 800 warning letter to its customers – some of which have never used file-sharing clients before – in an effort to scare people away from file-sharing. These so-called “speed bumps” for file-sharing that is currently being pushed for by the UK copyright industry very likely won’t do a thing other than install nuisance-ware on the ISP level. After all, how hard could it be to block pop-up ads from ISPs anyway?

Have a tip? Want to contact the author? You can do so by sending a PM via the forums or via e-mail at drew@zeropaid.com.

ZeroPaid has learned that two entities have joined calls to make technologies like Phorm opt-in instead of opt-out. Phorm is an Internet Service Provider side technology that intercepts users data while surfing the internet and inserting advertisements over top of existing data. Many have criticized the software by breaking privacy laws because, among other things, the technology monitors users behavior through a unique identifying cookie that could be controlled by a person even though Phorm insists that the process is automated and wouldn’t in practice be monitored by a person.

In a press release earlier this month, the Information Commissioners Office (ICO) says that, “Even if Phorm is not processing personal data, the ISP undertaking the profiling may be to the extent that it uses IP addresses and is able to link its customers to an IP address within its own systems although this may not be its intention. Phorm assert that the ISPs cannot make any such link using the Phorm products or infrastructure. To the extent that personal data is processed that processing must be fair and lawful in order to comply with the First Principle of the DPA. When considering whether or not the processing in this context is fair the Commissioner takes into consideration the extent to which users are made aware that the processing will take place, any choice that they are able to exercise over whether or not the processing takes place, the ease with which they can object and the effect of the processing upon the individual.”

The ICO concludes, “Regulation 7 of PECR will require the ISP to get the consent of users to the use of their traffic data for any value added services. This strongly supports the view that Phorm products will have to operate on an opt in basis to use traffic data as part of the process of returning relevant targeted marketing to internet users.”

It seems that the ICO isn’t alone. The British Computer Society too joined calls to make Phorm an ‘opt-in’ system instead of an ‘opt-out’ system. The press release states, “The British Computer Society (BCS) is urging Phorm and other profile-based internet advertising systems, to adopt an ‘opt-in’ approach to help build consumer trust.”

The press release continues:

“For a long-term and beneficial model, it is vital that the public trust advertisers and their ISPs to protect them and their privacy,” says David Clarke, BCS chief executive. “Part of gaining that trust has to be using good practice on consent, and that means asking people to opt-in to use the system.”

“Phorm’s willingness to engage in open public debate on the impacts of their system is to be commended,” continues David Clarke. “Rather than retreating to the bunker, Phorm has faced their critics, and this has helped focus on the real issues rather than the imagined ones. This is an approach we would like to see companies take more regularly.”

In conclusion, David Clarke added, “BCS members involved in work of this kind should think very carefully about the implications of these systems and the BCS professional code of conduct they have agreed to. Failure to abide by that code could lead to expulsion. Members should always be mindful of current good practice such as opt-in, and their duty to the public, as they implement systems like this.”

People including the Open Rights Group concern over the technology last month – a move that was supported by the BCS.

ZDNet reports that Phorm said that the process was always going to be an opt-in system. Further reading on the report:

The telecoms giant has been investigating methods of recording opt-in or opt-out status that do not require a cookie to be linked to a user’s computer, said the spokesperson.

“We have been exploring a technical solution for opt-out which will not require a cookie to be placed on a customer’s machine,” said the spokesperson. “It will be recognised at a network level.”

Servers that mirror and profile traffic that has been opted-in will be configured so they will not mirror or profile traffic that has been opted-out, said the spokesperson, who declined to give any details before the trial of exactly how the user’s computer would be identified and added that BT had yet to implement the technology.

[Via Open Rights Group]

digg_url = ‘http://digg.com/tech_news/Britain_Growing_Calls_Emerge_to_Make_Phorm_Opt_In’;

A recent posting on the Canadian Internet Policy and Public Interest Clinic official website says that they passed along comments to the Federal Trade Commission regarding behavioral tracking advertisements which push targeted advertisements to various users.

The FTC had a proposal (PDF) on the issue saying, among other things:

In examining the practices, the FTC has applied a broad definition of online “behavioral advertising,” one meant to encompass the various tracking activities engaged in by diverse companies across the Web. Thus, for purposes of this discussion, online “behavioral advertising” means the tracking of a consumer’s activities online – including the searches the consumer has conducted, the web pages visited, and the content viewed – in order to deliver advertising targeted to the individual consumer’s interests.

First, while behavioral advertising provides benefits to consumers in the form of free web content and personalized ads that many consumers value, the practice itself is largely invisible and unknown to consumers. The benefits include, for example, access to newspapers and information from around the world, provided free because it is subsidized by online advertising; tailored ads that facilitate comparison shopping for the specific products that consumers want; and, potentially, a reduction in ads that are irrelevant to consumers’ interests and that may therefore be unwelcome. Although many consumers value these benefits, few appear to understand the role that data collection plays in providing them. Second, business and consumer groups alike cherish the values of transparency and consumer autonomy, and view them as critical to the development and maintenance of consumer trust in the online marketplace. Third, regardless of whether one views behavioral advertising as beneficial, benign, or harmful, there are reasonable concerns about the possibility of consumer data collected for this purpose falling into the wrong hands or being used for unanticipated purposes.

The FTC then proposed the following principles:

The FTC requested comments on the matter and CIPPIC seemed more than happy to comment on the issues.

CIPPIC commented (PDF),

The Canadian Internet Policy and Public Interest Clinic (“CIPPIC”) is a legal clinic based at the University of Ottawa, Faculty of Law. CIPPIC’s mandate is to provide a public interest voice in the policy-making process at the intersection of law and technology. We write to you today to offer our comments on the Federal Trade Commission’s (“FTC”) document, “Behavioral Advertising, Moving the Discussion Forward to Possible Self- Regulatory Principles” (the “Principles”).

CIPPIC has developed considerable expertise in privacy issues raised by technology. This expertise partially stems from the fact that we operate out of Canada, a jurisdiction with a well-developed privacy regulatory framework. This expertise, combined with the reality that any regulatory framework championed by the FTC will impact Canadians, provides the impetus for these comments.

CIPPIC then touched on the following topics:

• a. Scope of Application of the Principles
• b. The Principles Should be Legislated (Not Voluntary)
• c. The Principles Should be Fully Fleshed Out and Comprehensive (Not Vague)
• d. The Principles Should be Treated as Baseline Requirements, not Aspirational “Best Practices”
• e. The Principles Should Extend to Outsourcing
• f. The Principles Should be Properly Enforced so as to Ensure Industry-Wide, Uniform Compliance

• a. Principle 1: Transparency and Consumer Control
• b. Principle 2: Reasonable Security and Limited Data Retention
• (i) Reasonable Security
• (ii) Limited Data Retention
• c. Principle 3: Affirmative Express Consent for Material Changes to Existing Privacy Promises
• d. Principle 4: Affirmative Express Consent To (or Prohibition Against) Using Sensitive Data for Behavioural Advertising
• e. Call For Additional Information: Using Tracking Data for Purposes Other than Behavioural Advertising
• (i) Which secondary uses raise concerns?
• (ii) Are companies in fact using data for these secondary purposes?
• (iii) Are concerns about secondary uses limited to the use of personally identifiable
  data or also extend to non-personally identifiable data?
• (iv) Do secondary uses merit some form of heightened protection?

It’s an interesting development in the wake of the Phorm storm in Britain. We here at ZeroPaid covered the latest developments on the surrounding controversy where ISP level technology called Phorm would have the capability to monitor and track users to push targeted advertisements onto web surfers.

Looks like the battle between corporate interests an consumer privacy continues.

Imagine every bit of information you receive being analyzed before it even reached it’s intended destination. It’s a thought that helped caused an uproar in the United States with the debates over telecom warrentless wiretapping. Mix advertising from the Internet Service Provider and you may be moving towards the debates the British are having to deal with.

The Open Rights Group points us to new information being released. Various groups including ORG and the foundation for information policy research were invited by Phorm and the Information Commissioner’s Office to take a look at the system that has caused an uproar in Britain.

Clayton then blogged about his findings, offering an introduction to what he found:

Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system, so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website. A number of very well-informed people on the UKCrypto mailing list have suggested that the last of these actions may be illegal under the Fraud Act 2006 and/or the Computer Misuse Act 1990.

Phorm also explained that they inspect a website’s “robots.txt” file to determine whether the website owner has specified that search engine “spiders” and other automated processing systems should not examine the site. This goes a little way towards obtaining the permission of the website owner for intercepting their traffic — however, in my view, failing to prohibit the GoogleBot from indexing your page is rather different from permitting your page contents to be snooped upon, so that Phorm can turn a profit from profiling your visitors.

Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception as defined by s1 of the Regulation of Investigatory Powers Act 2000.

The full analysis of the controversial technology can be found here (PDF)

“We now know that BT have already conducted secret trials of this technology, testing the effectiveness of snooping on their customers’ Internet activities. They claim to have received extensive legal and other advice beforehand, but have failed to give the reasoning on which this advice is based.” Nicholas Bohm, General Counsel for the Foundation for Information Policy Research, said in a FIPR press release, “As we pointed out in our letter, the illegality stems not from breaching the Data Protection Act directly, but arises from the fact that the system intercepts Internet traffic. Interception is a serious offence, punishable by up to two years in prison. Almost incidentally, because the system is unlawful to operate, it cannot comply with Data Protection principles.”

Meanwhile, Open Rights Group points out, “By coincidence, the Information Commisioner has released an updated statement on Phorm. From the looks of things, they have declined FIPR’s invitation to consider the lawfulness of Phorm’s data processing under legislation other than the Data Protection Act (such as RIPA). They have also failed to address the news that BT trialled Phorm without seeking consent from its users in 2006.”

In spite of the concerns surrounding the technology, the Information Commissioner issued the following statement (PDF)

The ICO has received a number of queries concerning the recent announcement by Phorm that 3 major UK Internet Service Providers have agreed to allow them to use technology, developed by Phorm, to present adverts to their customers based on the nature of the websites they visit.

Understandably, this has provoked considerable public concern. We have had detailed discussions with Phorm. They assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users. Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users. They clearly recognise the need to address the concerns raised by a number of individuals and organisations including the Open Rights Group. We welcome the efforts they are making to engage with sceptical technical experts
and believe that it is only by allowing their technology to be subject to detailed scrutiny by independent technical experts that they will be able to prove their assertions regarding privacy. The ICO strongly supports the use of technology in ways which enhance rather than intrude upon privacy, and plans to produce a report on “Privacy by Design” later this year.

It may lead one to wonder if the opposition to this technology is currently falling onto regulatory deaf ears.

digg_url = ‘http://digg.com/tech_news/Phorm_Analysis_by_Richard_Clayton_Released_Trials_Continue’;

Using Internet Explorer as its basis, Browzar is a shell program that looks and feels similar to many web browsers, only one cannot change the default home page which is the Browzar search engine.

Mr. Ajaz Ahmed, founder and creator of Browzar, counters that it is not adware at all, that much like Google it’s sponsored by advertising. That and he feels that it’s default homepage setting for the Browzar search engine is simply similar to that of the Firefox open source browser.

However, unlike Google where sponsored links in the search results are segregated from those that aren’t, they show up as being part of the regular search results with no way to discern a difference between the two.

As for developers web surfing, the devleopers say that is done “…automatically by deleting all files associated with websites when the application is shut down or by not storing them in the first place.” Yet, Scott Hanselman, writing on his blog Computer Zen, “…claims to have been able to find records of websites he had visited with the program installed. ‘Browzar, at least this version, is totally not doing what it says it does.’”

Whether the BBC or Mr. Ahmed is right about Browzar’s true anonymity is anybody’s guess, but there is certainly something to it’s “doctored” search results.

Notice below where I used the search query “sports” in both browsers.

First is the Browzar internet browser. Look at how there’s not even anything remotely related to sports in the top 10 results. In fact the top result is a half-price deal for SkyTv.

(click image to enlarge)

Now look at the results for sports in the Firefox browser, where search queries are powered by Google. The very first result is ESPN. Case closed.

(click image to enlarge)

So what’s the moral of the story? Steer clear of this Browzar internet browser, and if you haven’t already I’d switch over to Mozillla’s Firefox. The fact that it’s open source and not ad-revenue supported speaks volumes about the quality and integrity of it’s product.

Digg It!!