Posts Tagged ‘UK IT Project’

UK Government misses EU Phorm Deadline

Not aware of Phorm, then go here to The Registers original exclusive.

BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year.

BT Retail ran the “stealth” pilot without customer consent between 23 September and 6 October 2006. The technology was approved, pending a further trial*.

Documents seen by The Register show that the companies used the secret profiles to target advertising at broadband customers when they visited certain popular websites.

Phorm had purchased commercial space on these websites, although their URLs are not included in the documents. The groups targeted included people interested in finance (for an Egg credit card campaign), weight loss (a Weight Watchers campaign), and jobs (a Monster.com campaign).

The technical report drawn up by BT in the wake of the 2006 trial states: “The validation was made within BT’s live broadband environment and involved a user base of approximately 18,000 customers, with a maximum of 10,000 online concurrently.

“The customers who participated in the trial were not made aware of this fact as one of the aims of the validation was not to affect their experience.”

The Regulation of Investigatory Powers Act 2000 (RIPA) makes intercepting internet traffic without a warrant or consent an offence.

BT did not even contact the Home Office to see if the trial was illegal under Regulation of Investigatory Powers Act 2000, until a month after the trial had finished.

More from The Register:

BT’s long-held claim that legal advice said its Phorm trials did not breach wiretapping laws came under renewed scrutiny today, as documents revealed the firm approached government experts after it had secretly co-opted 18,000 broadband customers into the advertising targeting system.

Papers obtained from the Home Office under the Freedom of Information Act show that the department was first contacted about Phorm on 15 November 2006. The first secret trial of the system conducted by BT Retail ran between 23 September and 6 October that year.

BT’s initial approach was followed by further emails to civil servants on 7 December 2006 and 23 January 2007. The content of the correspondence are being kept secret by officials, who cite confidentiality exemptions under FOIA. The Home Office is currently conducting an internal review of that embargo.

The sequence of events means that BT executives did not ask the Home Office whether Phorm’s technology might contravene the Regulation of Investigatory Powers Act 2000 (RIPA) until after their experiment to profile customers’ web browsing for advertisers without their consent had been judged a success.

And just as Phorm did not disclose the secret trials when it met Home Office officials in August 2007, BT did not mention them when it sought government legal opinion. Home Office spokesmen have said it was not aware that either the 2006 or 2007 trial had taken place until they were revealed by The Register.

On 3 April BT Retail’s head of value-added services Emma Sanderson said on television: “We don’t believe this is illegal. We have sought extensive advice, both internally and externally, and prior to conducting this trial… It’s not illegal.”

In response to this Fiasco, Fabio Colasanti, Director General of combative European Commissioner Viviane Reding’s Information Society and Media Directorate sent a letter to the Department for Business, Enterprise and Regulatory Reform, here are a few highlights:

In particular, Directive 2002/58/EC on privacy and electronic communications, which particularises and complements for the electronic communications sector the general personal data protection principles defined in the directive 94/45/EC (Data Protection Directive), obliges Member States to ensure the confidentiality of communications and related traffic through national legislation. They are required to prohibit listening, tapping, storage or other kinds of interception or surveillance of communications and the related traffic data by persons other than the users without their consent (Article 5(1)). The consent must be freely given, specific and an informed indication of the user’s wishes (Article 2(h) of Directive 95/46/EC). Traffic data may only be processed for certain defined purposes and for a limited period. The subscriber must be informed about the processing of traffic data and, depending on the purpose of processing, prior consent of the subscriber or user must be obtained (Article 6 of Directive 2002/58/EC).

And setting out specific questions to be answered by the Government…

I would therefore be grateful to receive the response of the United Kingdom authorities on the following questions:

1. What are the United Kingdom laws and other legal acts which govern activities falling within the scope of Articles 5(1) and 6 of Directive 2002/58/EC on privacy and electronic communications and Articles 6, 7 and 17(1) of Directive 95/46/EC?

2. Which United Kingdom authority(-ies) is (are) competent (i) to investigate whether there have been any breaches of the national law transposing each of the above-mentioned provisions of Community law arising from the past trials of Phorm technology carried out by BT and (ii) to impose any penalties for infringement of those provisions where appropriate?

3. Have there been any investigations about the past trials of Phorm technology by BT and what were their results and the conclusions of the competent authority(-ies)? Are there ongoing investigations about possible similar activities by other ISPs?

4. What remedies, liability and sanctions are provided for by United Kingdom law in accordance with Article 15(2) of the Directive on privacy and electronic communications, which may be sought by users affected by the past trials of the Phorm technology and may be imposed by the competent United Kingdom authority(-ies) including the courts?

5. According to the information available to the United Kingdom authorities, what exactly will be the methodology followed by the ISPs in order to obtain their customers’ consent for the deployment of Phorm technology in accordance with the relevant legal requirements and what is the United Kingdom authorities’ assessment of this methodology?

Given the urgency of this matter I would highly appreciate receiving your reply within one month of receipt of this letter.

The letter was dated the 30th June 2008; it seems we have yet to reply. This whole thing has got “stinks like a teenage boy’s trainers” written all over it. I’ll be checking back with The Register to follow progress.

Snoopers Charter

Why is it this Government is so interminably bent on prying into every corner of our lives? At first the excuse was always “terrorism” – now it seems, they just want to create a culture where everyone is constantly seen as a suspect, until they check your records and confirm you are not.

Ministers want to make it mandatory for telephone and internet companies to keep details of all personal internet traffic for at least 12 months so it can be accessed for investigations into crime or other threats to public safety.

The Home Office last night admitted that the measure will mean companies have to store “a billion incidents of data exchange a day”. As the measure is the result of an EU directive, the data will be made available to public investigators across Europe.

The consultation paper published yesterday estimates that it will cost the internet industry over £50m to store the mountain of data.

Apparently both the Libs and the Tories have branded it the “Snoopers Charter” – can’t say much for the Libs, but the Tories can fuck right off, they are just as much snooping busybodies as Labour. Again, I say, it feels like they are conspiring to create a culture of suspicion – where only the State may decide your “status” as an innocent.

They want to create a super-database containing all the local information. How that will work is anybody’s guess – the amount of data it would contain would be enormous. How would they even make the thing searchable in anything like an acceptable timescale?

This Government has had some MAJOR shortcomings when it comes to IT systems – it doesn’t exactly fill you with confidence.

Seven in 10 government IT projects in the United Kingdom have failed, according to the chief information officer of the Department for Work and Pensions.

Joe Harley called for projects to be completed at a lower cost to the taxpayer, and said the government wanted to reduce the number of project failures to just one in 10.

Speaking at the Government IT Summit this week, Harley said: “Today, only 30 percent of government IT projects and programs are successful. We want 90 percent by 2010/11. We want to achieve a 20 percent overall reduction on IT spend in government, including reducing the total cost of a government laptop by 40 percent [in the same timescale].”

Remember EDS and the Child Support Agency fiasco or Siemens and the Passport Agency, perhaps and lets not even get into The Spine. It’s not difficult to see this whole thing heading down the plughole and at what cost the taxpayer?

This Government seems determined to drive itself from Office, and these types of issues (and ID cards) are the very thing doing it. The People don’t want the damn thing; but we are forced by these authoritarian twats to not only have it, but to pay for it to boot. Bastards.