³ÉÈË¿ìÊÖ

You offer no justification whatsoever for your assertion that "A commercial company cannot provide good free content on the web without relying on advertising revenues".

I think that's bunkum, and so invite you to now do so.

Given that it is currently very unclear about how the opt out from Phorm and similar services will work for end users; but it is clear how websites can protext their user's privacy buy saying they wish to be excluded, what is the ³ÉÈË¿ìÊÖ's policy on opting out of Phorm?

Any chance of a sneak preview of the answer to the FoI request below?



"This means it is not appropriate for third parties to use the data profiles of the users of ³ÉÈË¿ìÊÖ services for commercial gain."

Is that a hint?

This comment has been referred for further consideration. Explain.

Are you - the ³ÉÈË¿ìÊÖ - aware that you can block the entire ³ÉÈË¿ìÊÖ network of websites from being intercepted by Phorm by adding a Disallowed to your sites' robot.txt file?

This is much more effective and proactive than telling the public to fiddle with cookie settings or try to work their way through the misleading approach of having ISPs like BT offer unnescessary but scare-mongering anti-phioshing software with these systems hidden inside.

Not everyone in the UK is computer literate so it's not unreasonable to ask that a public funded body like the ³ÉÈË¿ìÊÖ take positive steps to protect their owners rather than posting advice on a relatively low-traffic blog.

No company would leave security to the individual members of staff or the individual customer. This is an area where the ³ÉÈË¿ìÊÖ can look afeter all of their customers with one simple step rather than saying - "we told you".

I too am very surprised that the ³ÉÈË¿ìÊÖ is carrying a link to the StopPhoulPlay site.

In my opinion it is highly likely that ³ÉÈË¿ìÊÖ lawyers have had contact with the site owners over content regarding the ³ÉÈË¿ìÊÖ. Is it fair to link to a site that potentially libels those who cannot afford such a lawyer?

@pengipete

Using the robot.txt file would indeed allow the ³ÉÈË¿ìÊÖ to block Phorm, thus preventing "third parties [to] use the data profiles of the users of ³ÉÈË¿ìÊÖ services for commercial gain."

Unfortunately, Phorm have arranged things so that you also have to block Google as well in order to do this. Not a very good choice to have to make. It's almost as if it has been designed to be very difficult.

Fortunately there are other ways for the ³ÉÈË¿ìÊÖ to opt-out and protect the licence payer.

why has the ³ÉÈË¿ìÊÖ not taken action over phorms use of the name "WebWise"

as it confuses the educational bbc webwise brand used by my children which is safe, with a webwise brand based on profiling, data collection and advertising?

also does the ³ÉÈË¿ìÊÖ have any plans to opt-out the bbc wesites from being profiled by phorm?

peter

Amazon and Wikimedia (the wikipedia empire) have both used the alternative opt out route to protect their users and prevent the commercial exploitation of their content. There are many other sites following their lead.

Here is how wiki did it.

You say "Your ISP should always give you the choice of opting into their use of this type of behavioural targeted advertising." I think everyone agrees with you there.

It is a pity that the ISP don't also provide some way of asking customers to opt in before they do the interception through the DPI system that checks whether or not you have opted into the advertising and takes a copy of all your requests to the internet and what you see in response. As it is currently, only https traffic is not intercepted by the DPI system.

It seems rather meaningless for the ISP to be intercepting traffic without permission (RIPA anyone?) and then claiming to be so wonderful by offering people an opt in choice for targeted or default advertisements from the Webwise system. Who really want to give up all their privacy just so that a DPI system can record an opt in/out cookie? Other behaviour targeting networks use scripts to set these cookies and manage just fine without invading privacy by tracking you everywhere you surf.

Ever asked yourself why Phorm only invites sites to have their content removed from being used in profiles while the ISP fails to provide a similar mechanism for the sites to not have their content mirrored and analysed in the first place?

³ÉÈË¿ìÊÖ's commercial sites are trying to earn income by sharing visitor data with Audience Science. Every visitor coming to the site through a DPI infected connection will be passing through to Phorm the same data that Audience Science is collecting and it will be Phorm and the ISP earning an income from that visitor, too. It sounds like the ³ÉÈË¿ìÊÖ is not happy about that.

Does the ³ÉÈË¿ìÊÖ have Korean pages that will be sharing their visitor data and possible income with Phorm and their Korean ISP partners?

Why is it that no one in the media is writing "Your ISP should always give you **and the websites you visit** the choice of opting into their use of this type of behavioural targeted advertising. Without an opt in from both parties to the communication there should be no DPI system performing the interception, no mirror copy infringing copyright, no forged webwise cookie claiming to be from the domain of every website visited, no profiling and OIX partner sites should only be able to deliver adverts based on tracking that happens when you visit other OIX partner sites, if you accept their cookies."

Although, as most people won't understand that it is probably easier to ask why people complain about the Government wanting to have access to traffic data (not content) under the controls offered by RIPA and see that as a gross invasion of privacy but think that the same copying by the ISP of traffic data PLUS the content of pages viewed is OK and does not need any protection under RIPA because the interception and analysis and creation of a database for the profile kept by Phorm is only used to give the ISP a little more income.

Please consider removing your link to the Stop Phoul Play site, which smears several of my fellow campaigners, and also publicly identifies individuals by linking their forum usernames and then speculating about their full names and identities. It has already been altered several times since it was first published. One page in particular was originally published with serious allegations about the ³ÉÈË¿ìÊÖ (all of which I have saved offline), now mysteriously disappeared. For a site which claims to be telling "the true story" it is strange that several of the claims originally made on Stop Phoul Play about the ³ÉÈË¿ìÊÖ, ORG, Dr. Richard Clayton, the ³ÉÈË¿ìÊÖ Office, the Secretary of State for Culture, Media and Sport, and the No. 10 Downing St. petition site managers, have had to be removed or toned down. Surely the "truth" shouldn't need adjusting in this way? The Telegraph sums up the Stop Phoul Play site quite nicely.

Actually, I'm in two minds about the link to Phorm's 'smear' site. On the one hand, the points made by previous posters about linking to a site where the ³ÉÈË¿ìÊÖ and other large organisations have already had to get claims removed or toned down are very valid. On the other hand, linking to this site rather the Phorm's main site does give a much more accurate impression of the type of company we are dealing with.

I agree that, as you say, it is not appropriate for third parties to use the data profiles of the users of ³ÉÈË¿ìÊÖ services for commercial gain. To ensure that Phorm cannot do so, the ³ÉÈË¿ìÊÖ should opt all its domains out of the Phorm system, just as Amazon and others have done.

I also suggest that all ³ÉÈË¿ìÊÖ sites that profile users should do better than offer them the chance to opt out: they should refrain from profiling unless the user decides to opt in.

I strongly urge the ³ÉÈË¿ìÊÖ to opt out of the Phorm program for all of their websites. Privacy is a serious issue, especially in times where almost on a daily basis, confidential information is leaked in some or the other way (CDs, USB sticks, laptops, in buses, on trains etc.). Privacy is a basic human right. You don't have to opt-in to human rights, do you?
Also there is the issue of the copyright on an individual's browsing history. As the creator of the Web, Sir Tim Berners-Lee said about his data and browsing history: "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return.".

@ John Horb. Actually maybe you are right. If want to be judged by the standards of that site, then maybe we shoud let them be judged by it.

seetha, when you say "Recently, there have been a lot of column inches on the use of so-called 'behavioural targeting' - the delivery of adverts to audiences based on their internet activity. Phorm's behavioural targeting service, for instance, has received particularly widespread coverage."

which part of 'behavioural targeting' and the real Phorm story of "Deep Packet inspection/Interception" for commercial profit
(apparently being willfully misreported by the ³ÉÈË¿ìÊÖ and other interested partys) dont you get ?

one is legal and valuble to some sections of the UK and the world.

one is totally illegal without a court order, and against several UK laws.

do you really feel happy openly and freely here advocateing "DPI for commercial profit" ? and in doing so, influence the mases of ³ÉÈË¿ìÊÖ readership to totally ignore the illegal act of "wire tapping/DPI interception of their payed for internet connections.

seetha, being in the position of high regard you are in today, would you kindly explain here and now in this thread...

why you have NOT linked in ANY professional persons anti "DPI interception" quotes, and there are many.

or for that matter given an interview or even just been in contact with and talked to such people as Mr Hanff of Privacy International ?


"Privacy International:we are pleased to announce a new addition to our team.

Alexander Hanff, a social scientist and technologist who has led a long campaign against the use of Deep Packet Inspection for behavioural advertising models in the UK, will be taking the lead for Privacy International on these issues"

its not hard, you can chat with him anytime on the open and https secure NoDPI website,

another direct lik you did not include for this very story.

Nick, how much clearer can we readers make it for your ³ÉÈË¿ìÊÖ news and management teams ?

YOU yourself STATE directly above "it's _important_ to _link_ to _different_ _sides_ of the argument"

and yet, seetha (tat these questions are directed at unless you are infact seetha by another name OC ;)
has seem fit to _NOT_ actually link to the different sides of the Deep Packet Inteception for commercial profit _story_ (rather than argument)

but rather seetha knowingly, directly linked to a Phorm owned and PR run website.

that on the face of it, appears to be setup purely to undermine the very same type of end users (admitedly people that have had no other choice but to inform themselves on this DPI subject due to lack of real indepth reporting) people they intend to DPI intecept and profit from, the so called other side of the story.

seetha linked only to ³ÉÈË¿ìÊÖ off the cuff story writers that dont seem to even understand the the VERY Important difference between "DPI for commercial profit" use, and the wider subject of benine 'behavioural targeting' without these wiretapping DPI devices watching and potentially reporting to private 3rd party companys, everything you and your kids go and do in the future.

seetha linked only to a very small under funded 'Open Rights Group' that virtually noone knows outside the informed phorm storm advocates, and finally

a finally seetha has seen fit to link to one single FT page that covers some, but by no mean all the controversy ove rthe last 18 months+

at no time so far did seetha, or yourself even reference Chris Williams

of , the LEADING news provider of true and accurate information to the end users in this phorm/DPI/wire tapping matter.

at no point so far, has any indepth mention in official ³ÉÈË¿ìÊÖ stories of sir bernard lee the inventor of the internet , or coverage of Mr Hanff's new high profile Privacy International position taking the lead for Privacy International on these DPI interception and related issues....

so a direct question for you Nick, Please explain Here And Now, In this Thread.

how EXACTLY is this story, and the wider ³ÉÈË¿ìÊÖ mandated of "fair and ballanced news coverage" , "showing both side of the story" etc.

showing the readership that "it's important to link to different sides of the argument"

when all the real informed "other side" links are placed in these stories talk back comments by the ordinary readership themselves (IF the Blog even has a pubic readers reply section activated, many dont OC), rather than inside the main stories copy where it NEEDS TO BE for all to see and judge on its merits.

how can you say or even imply you are FULLY informing people so they can judge for themselves, when your clearly NOT including even official quotes from the worlds professional Anti DPI people SBL etc.

never mind not bothering linking to these 3rd party indepth NODPI/PI and other sites covering these tech and legal points.

but you happily link to the new official Phorm PR firms site setup to allegadly under mine ordinary informed people and small under financed action groups such as Open Rights Group that cant affort to take them to court for Defirmation Of Character etc....

How exactly is that showing different sides of the argument?

Whoever is doing the intercepting whether it be Phorm or the ISP's it matters not a jot. The act is illegal.

In order to be legal the interception MUST have the consent of both parties, ie webbrowser ( in this case meaning the person browsing a site ) and the website owner or creator whose copyright the site content is.

The consent of the webbrowser must be gained by an OPT IN system. The consent of the website creator MUST be obtained PRIOR to the interception and not during or after. The attempts by Phorm to circumvent the law by asking websites to OPT OUT using a special list is purely that,an attempt to circumvent the law and is meaningless.

The breach of copyright that ensues by not following the law makes Phorm and the ISP's , regardless of who is in control of the system. liable as both are party to the illegal interception. Should a webbrowser be so ill informed as to actually opt in to this system the permission of the website visited is still required under the law. Copyright exists on the internet in the same manner as to printed and other material. Should the ISP's and Phorm use the connection of an opted in user to intercept a communication between the user and website they commit another illegal act by making the user party to the illegal interception.
Making the interception from another juristiction makes no difference to the offence.
The government departments so beloved of Phorm are now scuttling away into the dark places where they hide. They have been found wanting in their protection of the rights of users and are now distancing themselves at a rapid pace from the debacle that is Phorm. There will be no solice for Phorm ,no eleventh hour rescue,now that the collusion between the government and themselves has been brought into the open. They are to busy saving their own skins issuing denial after denial.
Phorm failed because they thought that with a compliant government in tow they could ride roughshod over the rights of others, with complete disregard for privacy and copyright. The ICO failed because they took Phorm's word for everything and neglected to do their own research. The ³ÉÈË¿ìÊÖ Office failed because it got to close to Phorm and its machinations for their own devious and underhand reasons. BERR failed because it denied and neglected it's responsibility at the whim of a corrupt self serving government. OFCOM failed because its chief touted the advertisers mantra of "moneytise the data stream", at every oppourtunity while completely failing to carry out his mandated responsibilities to protect the consumer. BT failed because they treated their customers as mere pawns in a scurrolous money making scheme they knew was a disgraceful betrayal of trust. The other ISP's involved failed because they too put greed before respect for their loyal customers. The City of London Police failed because they didnt understand the law and could not admit it. Instead they went to the very people who committed the act to ask if it was legal.
Copyright was the final nail in the coffin of Phorm. Not one government department gave any thought to the rights of copyright holders caught up in this mess, or if they did they either thought it would go away or they could ignore it. After all these website owners weren't like the record or film industries, they dont have the political clout to make a fuss.
No government department will admit to giving Phorm the all clear or will back them up in any statements of legality. The backing that Phorm thought it had gained from this shameful government has evaporated, there is nowhere for them to turn now. All that is left are bluster and the childish name calling of the playground.

"Some principles remain true. They are quite simple - the privacy of our user and the code we follow as a public service broadcaster. This means it is not appropriate for third parties to use the data profiles of the users of ³ÉÈË¿ìÊÖ services for commercial gain."

Given this statement, did the ³ÉÈË¿ìÊÖ opt-out before the 2008 BT trial? That trial was announced in advance, the ³ÉÈË¿ìÊÖ knew it would happen and it was part of a commercial process.

Were licence payers protected from profiling then? The serving of ads was not relevant, the profiling was.

The issues of "profiling" and Ad-serving whilst clearly linked, are hardly the same. The profiling is functionally neutral, that is to say it could just as well be used to allocate you to a "potential terrorist" or "Anarchist trouble-maker" 'bucket' as to a "potential lawn-mower purchaser" or "Car enthusiast" one. Phorm wil presumably be happy to sell the relevant data to anybody who wants it, and will be required to supply the 'Intelligence' services by law.
One major problem with these data is that if the information we are given about them is true, they can only be used inferentially: my interest in weedkiller or fertilizer may indicate that I am a gardener or Farmer, or that I am a terrorist. Of course if the data are indeed fully anonymised, then to be safe the worst assumption will be made. The more suspicious amongst us might suspect that there is anonymity and "anonymity", however.
Of course irrespective of anything else I categorically DON'T WANT any targeted advertising aimed at me, so I want a simple one-time guaranteed method of fully opting-out of the whole shebang. Pigs, as they say.....

Seetha - I'm not sure what more information you need before making a decision. If Audience Science can't be used on the UK ³ÉÈË¿ìÊÖ pages - stated reason being "...it is not appropriate for third parties to use the data profiles of the users of ³ÉÈË¿ìÊÖ services for commercial gain... " what is it that you need to know about Phorm/Webwise that you don't already know. Will this quote from their own website do?

"The OIX is a revolutionary new technology platform that allows, for the first time, online advertising to be targeted using behavioural keyword data gathered at the ISP network level. This data allows for the most accurate user targeting, while completely protecting user privacy. Campaigns created in the OIX are served to ad spots on OIX-partner publishers and networks via an open exchange."

Forget the complicated legal, technical and privacy debates for a moment. Just take hold of the fact that Webwise OIX is a commercial advertising network. It will gather data from ISP customer copies of your UK licence funded pages and use it for commercial gain. No one disputes that - not even Phorm. So on the basis of your own words there are no grounds for delaying a decision. You can come off the fence.

Think of it this way. If I came to you with a scheme for displaying adverts on the UK ³ÉÈË¿ìÊÖ website pages, but didn't actually reveal the technical details, what would you say to me - would you be able to give me a decision? Of course you would - you would show me the door, and if the press wanted your response, you would give it - NO you are NOT going to show adverts on the UK licence payer funded pages of the site. The decision on Webwise OIX is just as simple and it is time it was made, and made publicly. No commercial exploitation of UK licence funded ³ÉÈË¿ìÊÖ content. not welcome. Using esactly the same criteria as you use to reject Audience Science profiling of your UK licence funded pages. Not the illegality of the model. Not the privacy argument. Not the complicated details of the technology. Just because "...it is not appropriate for third parties to use the data profiles of the users of ³ÉÈË¿ìÊÖ services for commercial gain... "
Best wishes.

Seetha - don't forget that Phorm announced 'imminent' trials in Korea some weeks ago. They may be running now (Phorm have been known to operate covertly).

The ³ÉÈË¿ìÊÖ has a global audience so users of your web sites are possibly being profiled right now; all paid for by the licence payer.

You do not really have the luxury of time, but need to act now, particularly if you allowed UK users to be profiled during the 2008 trials.

To follow on from the above, Phorm have now announced that the Korean trials are in progress, so it IS time for the ³ÉÈË¿ìÊÖ to come off the fence on this, otherwise Korean 'phormed' visitors WILL have their interactions profiled.

@Seetha Kumar

Phorm have JUST announced commencement of a a Market Trial in Korea as such as a License Holder.
(link below)

I "request" that you protect "this post" & all other personal data belonging to your Organization & other "third parties" from this HIDDEN Profiling System!

The ³ÉÈË¿ìÊÖ appears to be about to default on it's statutory obligations under the Freedom of Information Act 2000.



I hope there is a night shift dealing with this.

".... the delivery of adverts to audiences based on their internet activity."

Cyberstalking for commercial gain!

Your funding model is supposed to allow you to rise above the commercial spin and uphold the public's interest.

Defend us or get off the battlefield!

Ah ... it's all about Audience Science and ³ÉÈË¿ìÊÖ Worldwide.

Can you block Phorm and then justify continuing to use Audience Science?

Well, they work in different ways. No black box in the ISP with AS for a start.

But in all honesty I don't care about your revenue from Audience Science. I pay my licence fee.

You should opt-out all your UK public service sites now.

You should care more about what licence payers think about you than what commercial organisations may say about you.

Quite apart from the ethics and legality of any company using the ³ÉÈË¿ìÊÖ's content for commercial gain without permission, why should Audience Science pay the ³ÉÈË¿ìÊÖ for using the ³ÉÈË¿ìÊÖ's content to profile (overseas) visitors, if you are going to permit other companies to do this for free? Also, having taken the decision NOT to allow Audience Science to profile UK visitors, it would be somewhat perverse to permit others to do so.

Re the unpleasant Phorm website 'Stop_phoul_play' you have linked to. You rightly allow comments here to assist any readers make up their own mind about the company and the product they want to launch in the UK.

The Phorm website is indeed very unpleasant, making nasty comments about individuals who oppose what Phorm are trying to do.

As another comment here says, the so called 'Truth' the site attempts to expose is the truth only according to Phorm, which appears to change depending on the context of events at the time.

Take this simple example. The Downing Street Petition Website shows a petition created 3 March 2008 which called for "the Prime Minister to investigate the Phorm technology and if found to breach UK or European privacy laws then ban all ISPs from adopting its use. Additionally the privacy laws should be reviewed to cover any future technologies such as Phorm."

On April 28th 2009 Phorm launched their new website to 'expose the truth'.

The site said this: "The website managers at 10 Downing Street recognised their mistake in allowing a misleading petition to appear on their site, and have since provided assurances to Phorm that they will not permit this to happen again"

A freedom of information request was published on the WhatDoTheyKnow website, asking the Downing Street team or their website managers about the communication to Phorm saying the above. The answer to that question will no doubt follow but only shortly after it was published, Phorm removed their "version of the truth" and replaced the text quoted with... Nothing.

My feelings are that Opt Out won't be enough if the system does go live in the UK. You will have to do more to repeatedly check and ensure the content is not used by Phorm. After what we have seen over the last few years, notwithstanding the crazy website issues (just one of many described above), can anyone actually TRUST Phorm?

I call upon the ³ÉÈË¿ìÊÖ to do the right thing. Opt OUT of deep packet inspection systems that are designed to snoop on the activity of individuals to generate advertising income. Start this week with Phorm. And if the EU and UK Gov do not take legislative action to prevent this activity by Phorm or others, Opt Out whenever a new company comes along to do it.

Do it now. I am a license payer and I ask that you do the right thing.

just a recap of the way the Phorm cookies work care of


April 7, 2008, 4:04 pm
Phorms All-Seeing Parasite Cookie
By Saul Hansell
"....
Phorm gets around these restrictions by piggybacking its cookies on the backs of those left by other sites.

Phorm installs equipment at the I.S.P. that intercepts the users browser when it visits a Web site for the first time.

It redirects the browser to Phorms own site. That way it can place and read its own cookie with a Phorm identification number.

It then appends this number onto the cookie of the other site, say Google or Yahoo. It does this without the permission of that other site.

The point of this odd exercise is to be able to monitor users but not slow them down. Once a users cookie from a given site, say Yahoo, is marked with Phorms own number, the next time the user visits Yahoo, Phorm can record that information without having to read its own cookie.

(By the way, Phorm strips this extra number off of the cookie before it is sent back to Yahoo, so [b]sites dont know their cookies are being used this way.[/b] )

If you follow all this, it raises troubling and heretofore unexplored questions about who has rights to do what with cookies. Is it acceptable for Phorm to ride, almost like a parasite, on a cookie set by another company without its permission?

Kent Ertugrul, Phorms chief executive, says it is acceptable, because the users are notified about Phorms system and given the opportunity to opt out, and it is their computer on which these cookies reside.

There are a couple of other interesting aspects of Phorms system that Ill get to in another post.
"

/blogs/bbcinternet/2009/05/interesting_stuff_20082105_bbc.html

its appears these long time officially released BT pictures outlining the dataflow of Phorm keep going missing, so grab them while you can ;)

but upon inspection. these make it very clear that without exception , all your dataflow belongs to Phorm and their ISP partners ;)
.....

I find the discussion about Audience Science most interesting.

Has the ³ÉÈË¿ìÊÖ asked Audience Science what it is doing to protect the data it collects from the ³ÉÈË¿ìÊÖ sites from being intercepted and used by Phorm for Phorm's own revenue? It matters little whether AS use a cookie or URL to process their tracking and profiling data, it will all be visible to the DPI system.

Does AS expect the ³ÉÈË¿ìÊÖ to ensure that none of its sites are intercepted regardless of where the visitor comes from so that the investment AS is making in the ³ÉÈË¿ìÊÖ sites is protected? The question has been asked already: why should AS pay the ³ÉÈË¿ìÊÖ for the use of the ³ÉÈË¿ìÊÖ content if the ³ÉÈË¿ìÊÖ is giving it away to other ad networks?

While there is no Korean language site for the ³ÉÈË¿ìÊÖ it is well known that many Koreans are masters of the English language. Is there a difference between the way the ³ÉÈË¿ìÊÖ treats its visitors from one country to the next? Will Korean visitors be reminded that their ISP may be putting forged cookies into their browsers and tracking what they read? Will the ³ÉÈË¿ìÊÖ be the first to break news about the new Qook package being based on DPI interception of communications? With Koreans having to prove their identity for so many online processes there is a high likelyhood of their personal data being processed many times over by Phorm.

It is all down to the privacy policy: who else will be tracking visitors to any ³ÉÈË¿ìÊÖ website?

Seetha, you being "Controller, ³ÉÈË¿ìÊÖ Online and the ³ÉÈË¿ìÊÖ's Online Access Champion." plus the fact this update is Directly accociated with this very thread, pperhaps you can explain this update as reported here


"....
Update: Phorm tells paidContent:UK its upcoming product launch would also benefit all websites, even non commercial sites like the ³ÉÈË¿ìÊÖ:

In doing this, well also demonstrate how our system sets a higher standard for privacy online than existing interest-based advertising services, including those used by the ³ÉÈË¿ìÊÖ.

We look forward to upcoming meetings with the ³ÉÈË¿ìÊÖ to show them how consumers, publishers, ISPs and advertisers will all benefit from our technology one that will give users a clear choice over their participation.
"

"We look forward to upcoming meetings with the ³ÉÈË¿ìÊÖ" what meeting(s) are these exactly Seetha, when and were are these scheduled for, and who will be attending ,keeping notes and minutes of said meeting etc....

is it to be assumed that these proposed meetings as outlined by the Phorm PR with the ³ÉÈË¿ìÊÖ, to be in the same vain as the many house of commons personel meetings, were payed for PR firms and "shillings" lawyers and other payed associates are in attendance ?,using the so called special expertise or training in the "Tricks of the trade" as has been seen by these payed for Phorm professionas to date ?


have you in the past, or will you be personally attending any of these formal and informal meetings as regards Deep Packet Inteception For Profit Phorm type subject matter etc..

id welcome your,Nicks, and other high ranking ³ÉÈË¿ìÊÖ legal etc personels direct feedback here ASAP as a show of "good faith" on the part of the ³ÉÈË¿ìÊÖ.

Phorm:- "We look forward to upcoming meetings with the ³ÉÈË¿ìÊÖ to show them how consumers, publishers, ISPs and advertisers will all benefit from our technology one that will give users a clear choice over their participation."

I certainly hope that the ³ÉÈË¿ìÊÖ take detailed minutes of those meetings.

Not too sure if this is the correct place to make this comment.

Yesterday (Monday) I was listening to the ³ÉÈË¿ìÊÖ World Service and the Analysis soundbite about Phorm and monitoring internet use. This made me realise just why there is so much confusion about the whole process.

Monitoring internet use is performed by businesses like Experian/Hitwise, Nielsen Ratings and QuantCast. None of these businesses use deep packet inspection to monitor internet usage.

By mentioning Phorm in the same soundbite as monitoring services and failing to mention deep packet inspection systems using layer-7 routers hosted within the ISP you are making it sound like Phorm is (could be) as protective of personal data as these other businesses.

The layer-7 switch intercepts and makes a copy of the data stream. (In the majority of cases the content being copied is protected by copyright and making copies for commercial use is illegal in many countries.) It then processes this data which includes personal data and sensitive personal data. It includes the hidden web. It includes content which is protected behind logins.

I was pleased to hear a snippet from Google and their considering of opting out of having their content processed by Phorm. As Phorm's USP is making use of search terms and sending these 'in the raw' to the profiler there is a great deal of room for personal data being processed by the channel server.

When I use a search engine to research something I have no objection to the search engine processing that data (I am, after all, asking them to do so by using the service). What I don't expect is for the search engine to be allowing my searches to be identified to my actual browser and passed to a 3rd party who will now identify me and track all my surfing relative to that search. Even Google can't follow me once I leave their site.

There is nothing to suggest that Phorm will be using search engine results in this extract from bt.com/webwise/, just searching for Paris using a partner site (perhaps a price comparison site which everyone knows is only a site for displaying adverts)
"BT Webwise also personalises the online advertising you see when browsing on participating websites by linking ads to your interests. For example, if you search for a weekend trip to Paris or visit pages related to Paris, BT Webwise would replace the standard ads that would normally appear with advertising relating to travel or hotels information. You won't see any more adverts than you normally do - they'll simply be more relevant."

Nothing about 'the service' suggests interception and Layer-7 routers. Phorm just display themselves to be the same as any other ad network. While this is true for 100% of visitors to their network partner sites, it is not true for any user whose ISP is intercepting the data stream.

Just how much Phorm fail to get what the ³ÉÈË¿ìÊÖ debate is all about is reflected in the quote attributed to them at "Phorm tells paidContent:UK its upcoming product launch would also benefit all websites, even non commercial sites like the ³ÉÈË¿ìÊÖ". Is Phorm really offering to pay the ³ÉÈË¿ìÊÖ a royalty for being allowed to intercept the visits from partner ISPs? It is on record that BT will not pay any such royalty/licence requests for the tests run during 2006, 2007 and 2008.

actually "Experian" the credit reference agency DO infact use Deep Packet Interception layer7 hardware now.

ill see if i can find the references for you when i get some time unless some others happen to have the information handy

@ whydoi #40

An interesting comment re Experian and Level7. They would only be able to do that with the collusion of the ISP or backbone provider. Experian and other credit reference agencies do seem to have been given a number of 'rights' by the UK government and they could well be slipping under the radar while Phorm take all the negative press.

This issue has always been bigger than Phorm and there are lots of other players out there.

The principle is interception of communications for the harvesting of personal and private data for the commercial gain of a 3rd party without the permission of those whose communication is being intercepted.

I do hope that the ³ÉÈË¿ìÊÖ are looking at the wider picture too.

See section 3.3 which appears to be being "selectively" ignored?

The SafeGuards



Data can only be obtained by a public authority when the interference with privacy that it will cause is proportionate;

There is a statutory code of practice setting out how the legislation should be used and operated;

There is external independent oversight of the application of the law; provided by the Interception of Communications Commissioner (currently Sir Paul Kennedy a former High Court judge);

There is a right of complaint to the Investigatory Powers Tribunal if a member of the public believes that their data has been acquired unlawfully.

Independent oversight would also continue to be provided by the Information Commissioner to ensure data protection principles were being observed.

Furthermore, an additional safeguard is provided through the offences contained in the Data Protection Act 1998 and the Computer Misuse Act 1990. These would ensure that appropriate penalties would exist for anyone who sought to either gain unauthorised access to (hack) or modify any communications data held on a computer system, and that penalties also existed for those who tried to obtain or disclose, or procure the disclosure of, communications data in such a system without a lawful authorisation or notice under RIPA15 .

regarding Experian and their Hitwise DPI for profit in relation to this thread subject matter "behavioural targeting" OC ;)

it seems very clear after some little time researching it again, that the famous ³ÉÈË¿ìÊÖ in depth investigative reporting is perhaps called for ASAP, as the usual suspects and company names keep popping up in this very serious long term Deep Packet Interception for profit matter.

as a start thry these links





you might also note how the "Experian Real Time Marketing Bureau" part of Experian Marketing Services, seems to keep a VERY low online profile in anything related to DPI use , infact theres only one single PR PDF i can find with a cursory search


the old usual names from the now defunct US NebuAd DPI (AKA now InsightReady in the UK) personel links have been associated with Hitwise/"Experian 'Real Time Marketing Bureau'"

theres also an as yet uncomfirmed speculation that BT once again have yet more dealing with, and interact with the DPI for profit aspects of Hitwise/"Experian models.

thats were the ³ÉÈË¿ìÊÖ are best placing their investigative reporters on the case ASAP, as BT have a proven track record of favouring all things DPI for profit, going all the way back the the BT executive thats now associated with Phorm OC.

one has to wonder if theres also a direct (ex)executive link to the Hitwise/"Experian 'Real Time Marketing Bureau'" and other DPI vendors too?

but given the current FOI reqest replys talk , it seems any (covert?) serious investigation by the global ³ÉÈË¿ìÊÖ investigative reporters into this massive global credit reference agency and related business's might be a long time coming, ? what do you think Seetha ?

OC one might also think any Experian DPI operation and its executive might be welcoming all the focus on all things Phorm DPI for profit, so they can get on with the usual business of a private company ,collecting all YOUR data for their profit...

just as a side but directly related "behavioural targeting" and your personal data and streams matter, when you say "Experian and other credit reference agencies do seem to have been given a number of 'rights' by the UK government and they could well be slipping under the radar while Phorm take all the negative press."

that is what they want you to beleave, the reality is OC not true, take a read of this link i found

"surlyBonds CRA thread is ALWAYS a good read to understand your/their legal standing

remember its not just about "Defaults" its about their whole standing and your rights in law...




"Defaults - a proposed method for removal and the full template letter

--------------------------------------------------------------------------------

Basic things to remember about this whole process:

...
a) Remember that the three Credit Reference Agencies (CRAs), Experian, Equifax and CallCredit were not constituted by an Act of Parliament. They hold no official Govt. power even though they like to think they do.

b) The CRAs are corporations who simply have the technology to store vast amounts of data and have been doing so for years.

c) The banks and lenders supply them with information about your accounts not because they are legally allowed to, but simply because YOU agreed to it via your contract.

d) CRAs are allowed to hold any data about you that is deemed in the public interest or in the public domain. Things like Bankruptcy Orders and Discharges, CCJs, IVAs, etc. are public information, and you cannot stop CRAs holding this information. You can ask them to mark them as settled, but they do have legal right to hold JUST these on their records because there are actual Laws that allow them to do so, and judges have signed the Orders in all these types of cases. However, agreement 'defaults' do NOT come under those Laws, unless they have been progressed to a CCJ, etc.

e) Civil contract details cannot be stored unless you agree in writing. The Data Protection Act states clearly that your account information is personal data and only you have the right to determine who may collate, process and disclose it.

f) When CRAs reply with its our legal right they are talking nonsense.
You can see more about this in the copy of the Experian letter also here The legal to which they refer is simply the lawful right because you gave permission. That permission can be withdrawn at any time according to your rights under the Data Protection Act.in the sticky section, where thay actually admit that they have no legal authority and that there is no six year 'rule'.

g) You are also allowed to tell any Data Controller (a company that processes or stores your data) to cease to process your data in any fully-automated process. The Data Protection Act states quite clearly that this includes processes that e.g. affect your creditworthiness. The actual clause is in the template letter.

h) If you decide to opt-out of auto-processing, then you may opt back in again later.

i) To ask a Data Controller to do anything you want them to do, including
....."
lots more good stuff... " ;) read it.

Seetha said:"We are watching this space closely and waiting for details of the Government's response, which is due around mid June."


"Deep packet inspection is a big issue in Europe. So is the allied topic of users being in the driving seat and being able to give informed consent. The European Commission issued an action about a month ago against the UK Government querying whether the law here goes far enough to protect users.

We are watching this space closely and waiting for details of the Government's response, which is due around mid June.
"


WhyDoI said:"why you have NOT linked in ANY professional persons anti "DPI interception" quotes, and there are many.

or for that matter given an interview or even just been in contact with and talked to such people as Mr Hanff of Privacy International ?
"

i note you still have not replyed on this question Seetha ?
or apparently been in contact with Mr Hanff since my post#18 enquireing why not etc.

this is just a small update to inform you, the ³ÉÈË¿ìÊÖ executive reading, and the users interested in this that :

Mr Hanff of Privacy International has updated his site giving an overview of the last 18 months

and informed readers that "he,and Jim Killock from the Open Rights Group will be meeting with Commissioner Vivian Reding about our ongoing problems for the last 15 months with regards to seeking enforcement action against Phorm and BT for thir covert trials in 2006/2007 (among other things)." tomorrow.

A couple of quotes from ³ÉÈË¿ìÊÖ partners Audience Science about DPI and Phorm technology, and how it is fundamentally different, in scale and concept, as well as the detail, from website and cookie based BTA.


No major ISP currently uses DPI in order to serve up more targeted ads, nor does Audience Science, Hirsch said.
"We do not do any deep packet inspection because we don't believe that gives consumers the appropriate opportunity for disclosure or opt out," he said. "We don't track all consumer behavior across the Web just [that collected from] certain publishers that we work with."



Do you think companies and technologies such as Nebuad and Phorm have any greater ability to abuse personal privacy rights than the large search companies?
We believe that the disconnect between content and technology creates a potential gap in a consumers ability to know what they are opting in or out of in terms of data collection.

And even Audience Science aren't allowed to collect data on the ³ÉÈË¿ìÊÖUK licence funded pages - right now. So allowing Phorm to do so would be inexplicable, and I imagine Audience Science would be wondering why they paid for the privelige of access to the ³ÉÈË¿ìÊÖWorldwide pages, when Phorm can get access to the whole site for nothing.

I wonder what the Audience Science contract with ³ÉÈË¿ìÊÖWW says about exclusivity? You see - it is a commercial issue, a Charter issue, a privacy issue, a copyright issue, a contractual issue, a fraud issue, a child protetion issue, a DPA issue, a PECR issue, a RIPA issue - and this is a difficult decision for the ³ÉÈË¿ìÊÖ to make? Seetha - I hope you return from your holidays refreshed, full of energy, and with a clear head - ready to take this very straightforward decision.

Information you may wish to take into consideration.

A report on a meeting between campaigners and the EU Commissioner Redings staff in Brussels. It may help ³ÉÈË¿ìÊÖ to reflect on the Phorm debate a little further. Note that the EU would appear to be supportive of all the key arguments that campaigners have presented

Informed versus Implied consent
Web page serving as communication not broadcast
What constitutes Personally Identifiable Data

and finally the comment that "Mr Rudolf Strohmeier stated that in all his years working at the Commission there had only been 1 or 2 other issues which had generated such a high volume of written complaints from the public so they were taking the matter very seriously, which is why they initiated infringement action against the UK Government last month."

Just think about all that public concern coming the ³ÉÈË¿ìÊÖ's way soon?

It rather looks like there might be more than just a few campaigners on this issue. Phorm's claims about a tinfoil hatwearing minority of angry activists are wearing a little thin in the face of the evidence.

@BTC

Of course, if you believe Phorm, all these people who wrote to the EU, the 21,000+ who signed the Downing Street petition, the ones who have written to MPs, taken part in numerous Internet polls, etc are actually all the same 6 people using different pseudonyms (and presumably different e-mail addresses, IP addresses, etc in order to multi-post/vote).

Hi all,
I have read the details regarding the recent meeting in Brussels. Here are a few of my choice quotes:

The Commission stated that EU Law does not recognise implied consent and that consent must be explicit and informed and that all such services must be Opt-In.

Am I to take it that the ³ÉÈË¿ìÊÖ has given explicit informed consent for the ³ÉÈË¿ìÊÖUK websites to be scraped and its users profiled (whilst waiting for the outcome of the EU action)? I'm sure that you haven't impliedly given it. Either way it is against the ³ÉÈË¿ìÊÖ Charter. Trials are underway in Korea you know.

Mr Rudolf Strohmeier stated that in all his years working at the Commission there had only been 1 or 2 other issues which had generated such a high volume of written complaints from the public so they were taking the matter very seriously, which is why they initiated infringement action against the UK Government last month.

High volumes... hardly a minority of tin-foil-hat wearers then?

EU Commission asked how things were going with the Crown Prosecution Service and were very interested to discover that the CPS have had the case since November but have not been seen to take any action.

It would seem that all 'relevant authorities' in the UK are lethargic when it comes to taking action.

The Commission also agreed that Privacy is one of the keystones of democracy and a failure to enforce privacy regulations is not only a danger to democracy itself but also begins to normalise the view that privacy doesnt matter to the current and future generations.

Is that what the ³ÉÈË¿ìÊÖ is saying? privacy doesn't matter?

Phoul Play by Phorm - Confimed by Downing Street?



The above Freedom Of Information Request was sent following the launch of Phorm's Stop Phoul Play website where they "decided to expose the smears and set out the true story".

As if anyone needed more evidence... Well, you can now "judge the facts for yourself" as recommended on the StopPhoulPlay website homepage itself.

Do take the time to read the detail on WhatDoTheyKnow and consider who has the moral high ground, Phorm or the private individuals such as I?

Come on ³ÉÈË¿ìÊÖ. You really should not be sitting on a fence. Opt out and do the right thing for the license payer.

From what I can gather at the moment 3/6/2009 the just announced "webwisediscover" system enables Phorm to "monitor" the victim sorry Web Surfer via the Websites now as well as via the ISP.

So if any Web Surfer happens onto a webdiscover hosted Website or multiples of such then they are cross-profiled by Phorm & any ISP DPI equipment enabled at the time (KOREA!)

If the Victim sorry Web Surfer happen to be on an ISP using Phorm they are not only profiled by the ISP but more than likely a total round robin of Phorm & enlisted Advertisers.

I once again ask you to OPT-OUT from the Phorm Profiling System, to ensure your content is only used by people you intend(as far as possible) & to help protect Web Users who use you Websites from unwanted data profiling.

A correction to my Earlier Post #53

It appears from other sources that "Web Discover" only works if the Web User is already on a Phorm/Webwise ISP.

While launching the new "Webwise Discover" product yesterday, Kent Ertugrul of indicated that he would be meeting with the ³ÉÈË¿ìÊÖ - "We are going to be engaging shortly with the ³ÉÈË¿ìÊÖ, we look forward to explaining to them how our system works, and maybe dispelling some myths that have been propagated about what it does and doesn't do." (transcribed from an interview with Patrick Smith on the PaidContent site). Can I ask that if Mr Ertugrul gains access to the ³ÉÈË¿ìÊÖ to discuss the Phorm system, that the ³ÉÈË¿ìÊÖ also arrange to meet representatives of campaigners concerned about the use of Deep Packet Inspection as a method for delivering Behaviourally Targeted Advertising, to ensure a level playing field? We have been engaging with a number of bodies recently, including staff from the ICO, EU Commissioner Reding's office and various parliamentary bodies, and would value the opportunity of meeting with representatives of the ³ÉÈË¿ìÊÖ, to also add our understanding of how the Phorm "system" works, particularly the part installed in the heart of partner ISPs, as we too would like to dispel some of the myths that have been propagated about what it does and doesn't do.

Hi Seetha,

It's now almost one month since you wrote this blog. (Friday, 15 May 2009).
Your last paragraph stated "I am keen to hear your thoughts."

Well, many thoughts have been posted. When can we expect a response from you on these thoughts?

I look forward to reading your responses and views soon.

Well Seetha,

It's been another week and still no response from yourself or the ³ÉÈË¿ìÊÖ et-al.
Can we expect some dialogue soon?

I am sure that all these people that have expressed their thoughts, as requested, are eagerly awaiting your thoughts.

I still look forward to reading your responses and views should you decide to offer everyone the courtesy of a reply.

Does this affect the ³ÉÈË¿ìÊÖ's Policy, since Phorm are still using their DPI equipment in Korea?

I respectfully ask that you Opt out of the Phorm Profiling System (in the absence of a proper court ruling), thereby protecting my data & all the other posters data from this profiler.

Especially with regard to this information.

Take a look at the latest revelation published this morning in the Guardian:


So BT have decided to shelve the rollout of the controversial online technology.

Perhaps it is time that the ³ÉÈË¿ìÊÖ climbed down off the fence (Virgin Media have been sat on it for many months and would like the legroom back) and blocked Phorm, especially as it will now be foreign ISP's doing all the data harvesting.

Unfortunately all the "tiny individuals" who have been involved or concerned about the Phorm/Webwise saga will have noted the ³ÉÈË¿ìÊÖ's apparent inability to come to any kind of a decision.

This comment was removed because the moderators found it broke the house rules. Explain.