Security expert: BT should be prosecuted over its use of Phorm

By on

Cambridge University security researcher Dr Richard Clayton argues that BT should be prosecuted because it monitored internet users' websurfing habits without their permission, while the telco declines to say its activities were legal.

BT should face prosecution over its use of Phorm, a controversial technology which monitors users' internet activity, according to one of the UK top computing experts.

Dr Richard Clayton, a veteran security researcher at Cambridge University's Computer Laboratory, said that the telco was breaking UK law and should face the consequences.

"The system they're proposing to roll out this year is illegal because of the interception of people's traffic on the internet," Clayton told SC Magazine on Monday.

"We don't prosecute everyone for everything because we expect large companies to respect the law. When we catch large companies out, as a matter of public policy we should prosecute them because that will encourage others to know the law and obey it."

BT has carried out two trials of Phorm technology - one in 2006 and one in 2007. It plans another trial starting in the next few weeks. The technology monitors all the sites a user visits and serves adverts according to what they view. In both trials, users were unaware their browsing habits were being monitored.

Clayton said there are two reasons why the Phorm technology is illegal. He said that, under the Regulation of Investigatory Powers Act, which came into force in 2000, both the user and the website concerned have to give permission if web traffic is to be intercepted. Clayton argued this did not happen.

He said the second infringement is in the way users' data has been handled.

"In the secret trials, they didn't get anyone's permission. For that reason, I can't see that anything they did was legal," said Clayton.

Even BT would not say the technology is legal. "We sought extensive internal and external legal advice before commencing the trial," said a spokesperson for the telco. "We were reassured sufficiently."

Asked whether BT would describe the technology as legal, the spokesperson would not answer the question. Instead, he responded: "I don't wish to get embroiled in a media row with Dr Clayton."

BT said that users' permission would be sought for the next trial. Ten thousand users would be selected at random from its retail customer base, and they would be able to decline, the spokesperson said.

"They will receive an invitation in their web browser and can decline if they so want," he said. "Of all the behavioural advertising technologies out there, we have taken the view that we wish to be open about what the technology involves and the benefits of it.

"Targeted advertising systems are in widespread use. We believe that Phorm offers a level of privacy which surpasses any of these systems. It certainly surpasses that of search engines like Google."

Google declined to comment on Phorm, and on BT's views.

In a comment published on his company's website in May, Struan Robertson, a technology lawyer with Pinsent Masons said that BT's trial most likely did breach the Regulation of Investigatory Powers Act.

He wrote: "Did it breach RIPA? Personally, I think it probably did. But I doubt the question will ever come before a court. The Home Office has already indicated that it does not intend to take action. I expect that is because it views the trial as an isolated incident. It would only take action if it believed that Phorm would normally operate without consent."

The Foundation for Information Policy Research (FIPR), a leading advisory group on internet issues, has already written to the Information Commissioner arguing that the use of Phorm is illegal. Clayton is closely associated with FIPR.

Clayton's demands that BT face prosecution come just days after an internal BT report on its first trial of Phorm was leaked. The document said that Phorm, then referred to as 121Media, would invoke public relations in order to convince users that the technology had positive benefits.

The document noted that, out of 18,000 users in the trial, just 15-20 users had noted its existence on their PC and reacted negatively. BT outlined several measures to try to ensure that the technology in future offered "100% transparency".

The document said that a trial of around 350,000 users would be needed, and that the telco was investigating re-designing its £10bn network upgrade to accommodate the necessary infrastructure to support it. The proposed trial was later vastly downsized.

See original article on
Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition

Most Read Articles

Log In

  |  Forgot your password?