« Previous | Main | Next »

Interesting Stuff 2009-05-22: BBC & Phorm FOI Request

Post categories:

Nick Reynolds Nick Reynolds | 17:24 UK time, Friday, 22 May 2009

Last Friday we published Seetha's thoughts on BBC online and behavioural targeting.

If you read SevenOfMark's comment you'll know that a Freedom of Information request on the subject of the BBC and Phorm was working its way through the system.

The BBC's response to that request has now been published. You can read the letter and the supporting documentation at What Do They Know and I've also reproduced the main body of the letter on the extended entry on this post.

I know Seetha has read all the comments so far and wants to know what you think. So please do keep them coming.

Nick Reynolds is editor, BBC internet blog.

"Dear M. Veale

Freedom of Information request

Thank you for your request under the Freedom of Information Act 2000 ("the Act") dated 22 April 2009. The reference number for your request is RFI20090611.

You requested:

"Has the BBC followed the likes of Wikipedia and Amazon in opting out of allowing BT Webwise/Phorm to profile users of it's websites?

If not, does it plan to in the future?

Please disclose information on all meetings and correspondence regarding this subject, including dates, attendees and agendas."

In response:

We can confirm that the BBC is very aware of the debate around Phorm, and has been looking into the issues it raises. As such we refer you to the recent blog published by Seetha Kumar, Controller BBC Online and the BBC's Online Access Champion:
http://www.bbc.co.uk/blogs/bbcinternet/2009/05/bbc_online_and_behavioral_targ.html.

To answer your specific questions:

The BBC has not at this time opted out of allowing BT Webwise/Phorm to profile users of our websites.

As we understand the current position, the Phorm technology is not currently in use by any UK ISP. We are aware that complaints about the technology led to the Information Commissioner's Office (ICO) issuing a statement last year that users must be given the opportunity to opt in to the system, rather than opt out, and that the European Commission issued an action on 14 April 2009 against the UK Government referring to Phorm and querying whether the law here goes far enough to protect users from this kind of 'deep packet inspection' technology. As the UK Government is due to respond to the EC within two months, we are watching for further developments in this area.

As the privacy of our users is of primary concern to the BBC, we are continuing to keep the matter under active review and will take such steps as we believe are necessary to protect the privacy and interests of all users of our websites.

Please find attached copies of the documentation you requested.Please note that under section 40(2) of the Freedom of Information Act we have redacted the direct contact details of BBC staff and information which identifies some of the third parties. Personal information about living individuals is exempt if disclosure to a third party would breach one or more principles of the Data Protection Act 1998. As the individuals involved do not expect their direct contact details to be disclosed, to do so would be unfair. Likewise, the third parties whose details have been removed would not expect their involvement in
informal discussions to be made public. Therefore disclosure in these instances would breach the First Data Protection Principle, fairness.

You will also note that we have made some redactions where information was not relevant to your request.

We hope you find this information useful."

Comments

Page 1 of 2

  • Comment number 1.

    The FOI info is very interesting and quite encouraging.

    I would point out that some at the BBC seem to be living in the past - both some of the e-mails released and the title of this very blog are dated 2008! :)

  • Comment number 2.

    Apologies. Date corrected. Not so much living in the past, more simply brain too full.

  • Comment number 3.

    Thanks. Also, having read through the released emails more carefully, I think the 2008 ones were genuinely 2008. Apologies for that.

  • Comment number 4.

    The released documentation was interesting - well done to the BBC for the level of debate over the issues.

    One of the key things that strikes me is the concern over the public perception of Phorm and Audience Science. Will the public appreciate the difference between the two?

    Those of us who have followed the issue know that the key difference is the ISP based deep packet inspection that provides the behavioural data in the Phorm model. The AS cookie based approach has been around for years.

    So, concern over public perception? Why does the BBC not opt-out of phorm now and then inform and educate the public as to why?

    That is very much why it exists.

  • Comment number 5.


    Whilst I understand the BBC's reticence with regards to appearing to take sides in such an issue, it however is important for you to help protect the confidentiality of communications in general.

    The principle is simple if it is not this Company it would be another one.

    Two way communications rely of Personal & Business Data integrity & reasonable privacy & cannot be trusted if either intercepted or altered in transit.

    This argument & the reasons for requiring this go back to the birth of Telegraphy & before!

  • Comment number 6.

    1) Congratulations to the BBC for being aware of this topic and taking the time and trouble to think seriously about it.

    2) I'm sorry it has taken about a year for the BBC to become aware of the issue, and of course, it means that during the recent BT public trial of this technology your BBCUK content was profiled and exploited for commercial gain, even though the issue had been in the public domain since spring last year (that's 2008 by the way!! :-) )

    3) If the BBC have already acknowledged that it is inappropriate to use Audience Science BTA on the licence funded BBCUK pages, then there is no decision to make - it is also not appropriate for you to permit DPI based BTA to commercially exploit your licence funded BBCUK pages. Phorm are one company trialling this technology in the UK and Korea, Kindsight are another, NebuAd were another. You need a decision in principle - it appears you have actually already made that decision, so just implement it as appropriate, and make the announcement. You will be given credit for it, especially if at the same time you comply with best recommended ICO practice voluntarily with regard to prior informed consent for customers with regard to Audience Science tracking on BBCWW.

    4) Consider the actual privacy needs of your users rather than merely the cosmetic PR effect on the BBC. It is NOT merely a matter of public perception. There are real implications for users of BBC sites, for which the BBC has actual legal responsibility. For example, children, using the BBC WebWise pages (did you ever make a fuss about the misappropriation of that name?) and the way their interests need protecting. For example, the privacy of those posting sensitive personal data relating to religion, sexual orientation, political trade union membership, behind password protected pages, on Message Boards, that nevertheless the man in the middle DPI based technology WILL profile if it uses cookie based authentication, and the pages are visited by a user with a Phormed ISP.

    5) With regard to bandwidth issues, this is a bit of a diversion isn't it? Bandwidth is a commodity sold to users by ISPs. Presumably the BBC pays its own ISP for the bandwidth used by the iPlayer. Similarly, if consumer ISPs are finding bandwidth consumed by the iPlayer impacting their networks, they should try the revolutionary method of charging their customers according to bandwidth usage for downloading data via the iPlayer or any other method. Problem solved. It is the way we deal with electricity, gas, and increasingly, water. Why not ISP bandwidth? ISPs are meant to transmit internet packets, not open them and exploit the contents.

    6) It is inappropriate for the BBC to rely on ISP customers to pressure their ISPs on this matter and solve the BBC's problems for them. The ISPs for one, aren't listening and they aren't talking. BT has banned discussion of the issue on all its customer facing forums and has not responded to customer enquiries for months now.

    7) The BBC does not appear to be considering the importance of protecting its valuable website intellectual property against copyright abuse. Does the BBC intend to grant site visitors a licence to make copies of their content for commercial gain? Because if you do nothing about blocking Phorm/Webwise/Smartweb/QookSmartweb, that is what you will be effectively appearing to permit. Does the BBC feel sanguine about its domain and trademark being incorporated into a Webwise cookie which purports to come from the BBC domains?

    8) The FOI information reveals only a partial awareness of the implications of this technology amongst your staff. Unfortunately you cannot rely on the non-technical advice of the ICO who are only now just beginning to understand the technical implications and do not have the relevant technical expertise to advise you. And it is much more than a PR/perception issue. It is a major paradigm shift in the way the internet works. The BBC needs to respond and respond promptly.

    In conclusion - The time to act is now. Simply follow the principles of the decision you have already made with regard to Audience Science and announce that commercial exploitation of your content by means of DPI based BTA (or any other form of commercial exploitation of your licence funded content) will not be permitted, and that includes Phorm. Then take technical advice about ways in which you can protect your site and your users, from profiling, privacy invasion and commercial exploitation. Your users and the general public will give you credit for bold, decisive and prompt action.

  • Comment number 7.

    https://nodpi.org/2009/05/22/bbc-on-phorm-foi-response/comment-page-1/#comment-734

    "I know Seetha has read all the comments so far and wants to know what you think. So please do keep them coming.

    Nick Reynolds is editor, BBC internet blog."

    you and Seetha may be reading , but your hardly interacting, as one might expect for such high profile hosts, although i do respect your ongoing related topics, such as this very page story, thanks.


  • Comment number 8.

    The BBC should maintain the status quo. If Phorm and its 'invasive' technology is activated, the BBC should pro actively not let commercial exploitation of its content by means of behavioural targeting acquired by DPI. To do nothing would be tantamount to endorsing a private money making operation.

    There are areas on your website a signed in reader could visit, post and read. Should Phorms WebWise be activated, even after simply previewing this post already what I have written would have been profiled even if I eventually chose to not to post.

    I simply ask, is everything on your site https already protected for all these private posts? If the answer is no, then the answer should be clear. You should not endorse Phorm and you should not waste licence payers money making huge areas of the site Phorm free either.

  • Comment number 9.

    I think BTCustomer has covered most of what I wanted to say.

    Though a bit too quiet on the infringement of copyright for commercial purposes: I notice that every BBC page carries a copyright notice and the Terms of Use include the sentence "You may not copy, reproduce, republish, disassemble, decompile, reverse engineer, download, post, broadcast, transmit, make available to the public, or otherwise use bbc.co.uk content in any way except for your own personal, non-commercial use." which suggests that whichever way the BBC decide to go on this issue will need to be reconciled with that copyright notice. If the BBC allow Phorm to infringe copyright for commercial purposes, would that weaken the BBC's ability to defend its copyright if anyone else decided to make a copy for commercial purposes?

    Another point I wish to make arises from the email content in the FoI response. The issue of cookies.

    It is known that the DPI process removes the webwise cookie so that the website can not detect it. It is suspected that this cookie will leak and the emails mentioned the possibility of leaking during https sessions.

    What is not known is whether or not the DPI process will also strip out any webwise cookie which the website tries to send to the browser.

    The idea of sending an opt out cookie to protect the communication from interception would fail on the first content requested as the original webwise cookie is sitting in the memory within the DPI process and this is what will be used when determining whether or not to send the extract from the mirrored copy of the page to Phorm's profile database.

    As the BBC site will never be able to test that a webwise cookie is held by the browser, this cookie will need to be sent with every html response.

    Regardless of the content of the webwise cookie, opt in or opt out, the data stream between the user and the website will be intercepted. While the jury is still out on what happens to data streams accompanied by an opt out cookie the only thing which is claimed by Phorm is that the data will not be passed to the profiler.

    For clarification: the profiler would normally receive the search term used to find the page, the URL of the page, the 10 popular word (relevance) extract, and the timestamp which is created by the DPI process and saved against the UID in the profiler against advertising channels. As only https traffic does not pass through the DPI system, this opted out traffic and what happens to its data is currently an unknown. That it has market value is not in doubt.

    To protect BBC visitors, why not go the https route? Much easier than wondering if a cookie is working. And much appreciated by forum users.

    And, as mentioned by others, what about the next DPI process which may be using a stealth mode without cookies, i.e. KindSight or the others waiting in the sidelines.

    You can find an ongoing discussion about the FoI response at
    https://nodpi.org/forum/index.php/topic,1494.0.html

  • Comment number 10.

    When I comment on the BBC News website I do not give the BBC permission to use or to provide my comments to third parties for them to use those comments foe advertising or profiling purposes.

    If the BBC do not take a proactive approach to this issue it means that licence payers like myself are not going to be allowed to comment unless we agree to our posts being used by Phorm and any other company that feels like it.

    It's really a very straight forward question. Does the BBC serve the British public or does it serve a few select companies?

  • Comment number 11.

    If a bit of advertising revenue from it's overseas sidelines is compromising the BBC public service remit, it's time to seriously rethink the licence fee.

    If it is also preventing the BBC from taking the safe route by opting out until the EC completes it's action, then the public service remit must also be called into question.

    Opt out and provoke a debate. Inform that debate with input from both sides - it's why you are here.

  • Comment number 12.

    Having read the details provided under the Freedom of Information Act I am extremely concerned at some of the discussions. Two points are particularly worrying.

    Firstly, there is the issue of how ISP's will react and whether they will take some sort of action that will make the BBC's iPlayer less accessible.

    This is unforgivable. That the BBC - the national broadcaster, funded by the TV licence - is seriously discussing the issue of being intimidated by private companies and is for one minute using this to justify not taking an action that they wuld otherwise take is disgusting. If the BBC has been or is going to bow to pressure from these commercial enterprises then the BBC is no longer fulfilling the most basic of its roles.

    Is the BBC being controlled by Britain's ISP and why should that even be mentioned in relation to the licence payers right to privacy when they visit the BBC.co.uk website?

    Secondly - and potentially more worrying - the much discussed point that the BBC Worldwide websites use Audience Science Behavioral Targetted advertising system. The concern - from the BBC - being that they will have to justify using such a system on their sites if they then preclude third parties such as Phorm from profiling the vistors to BBC.co.uk.

    Not only does this suggest that the BBC are unsure of their position having already announced the use of Audience Science's system but it also suggests veru strongly that the BBC are delaying making a decision regarding Phorm in case it affects the BBC's income from their own advertising.

    This is not acceptable.

    The BBC should not be saying that protecting privacy takes second place to making money. The BBC either serves the British public - who pay for the service through a compulsory licence - or it goes entirely private and puts income and profit before service.

    It is my hope that the BBC will act quickly to block Phorm and any similar companies from operating in their websites. If they don't then they are going to be in serious trouble when they try to explain why they allowed commercial interests to dictate policy.

  • Comment number 13.

    "Our vision - To be the most creative organisation in the world."

    This will also make you the biggest target in the world for DPI based behavioural advertising. You need to make some sort of a stand now if you expect the existing funding model to continue.

    The BBC is very important in this debate, by it's very nature it has to be.

    Crunch time. Do the right thing.

  • Comment number 14.

    I don't know whether it is technically feasible, but it would be a good idea to merge this blog with Seetha's, otherwise comments on the same subject are being split between the two.

  • Comment number 15.

    Most people would find what is proposed by Phorm and the ISPs very unpleasant. And as license payers our opinions must be very strongly considered and acted on.

    The idea that publicly funded content on bbc.co.uk should be used to support some ISPs (3? at present) is wrong. The idea that the same publicly paid for content should assist provide an income stream to Phorm or others is disgusting.

    I don't see why The Beeb are not acting NOW to make clear their position. It's morally the right thing to do. Do it, and inform and educate people as to why you have had to do it. You do not need to wait for action by the EU. You don't need to wait for instruction from anyone in government do you?

    I really don't see how The Trust could take issue with the BBC doing the right thing for their major stakeholder, the license fee payers.

    Hank

  • Comment number 16.

    I'm not sure why te BBC would feel it necessary to wait to see if Phorm are operating legally.

    There are a great many things that are perfectly legal that the BBC doesn't do simply because it's not their job.

    Providing data to Phorm - or any other company operating outside of and not covered by the BBC's privacy policy is not the BBC's job.

    Legal or otherwise it's such a simple thing to do and it has exactly no downside for the BBC - excpet maybe highlight the fact that the BBC are using their own behavioural targetting on some of their websites and are not totally sure that it is being done legally. (shown by Late Leece's email of 16th April 2009 at 10:07)

    When Phorm's illegal, secret testing conducting alomgside BT where first revealed over a year ago there were frequent comments posted on BT's (now deleted) forums asking why the BBC were ignoring the issues. I guess we know why now - they were afraid of BT and afraid of losing their own advertising revenue.

    Simple questions for the BBC...

    Did the BBC deliberately refuse to cover this issue until it became just too big to ignore without looking like idiots?

    These FOI documents only cover the last few weeks. When did the BBC first examine the issues and why have they continually avoided any mention of Phorm and DPUI beyond the bare minimum required over major storis?

    THe whole situation stinks of corruptiuon or cowardice.

  • Comment number 17.

    I really think the BBC should examine it's server logs for the past few days.

    Are there any visitors using the ISP Korea Telecom?

    If so, you probably need to update your cookie policy.

    http://www.bbc.co.uk/privacy/cookies.shtml

    I see nothing there to warn your users that various 3rd parties may set cookies pretending to come from the BBC. You know this is likely to happen as you have not opted out yet.

  • Comment number 18.

    its appears these officially released BT pictures outlining the dataflow of Phorm keep going missing, so grab them while you can ;)

    but upon inspectionm these make it very clear that without exception , all your dataflow belongs to Phorm and their ISP partners ;)

    lets be clear here, at no point can you stop any of your ISP data going through the Deep Packet Interception/Inspection Layer7 kit, regardless of any cookie "Opt in" or"Opt Out".

    a clear cut "wiretap" as seen in these official BT diagrams.

    and also the cookie point being, they clearly did ,do ,and will in the future need to place a cookie on your harddrive without your consent, and look for it every single session....

    i expect this is exactly the same way the current "Korea Telecom" is dong it now, perhaps someone in the BBC better inform the users there reading these BBC server pages news etc...

    http://bayimg.com/KaaKGAAcA
    bt2customer_choice_diagram70.JPG

    http://bayimg.com/kAAkKAACa
    phormslide_thumb.jpg

  • Comment number 19.

    First I would like to say thank you to the BBC to answering this FOI request within the spirit of the legislation (unlike government departments and regulators who seem to do their best to disclose nothing).

    I would like to make a point about the legality of this type of DPI based system. I note that on page 4 of the disclosures document that Bill Thompson in a memo to Tony Ageh (dated 8th April 2009) states:

    "...I think it's reprehensible but it is not illegal."...
    and later...
    "However the current legal position seems to be that it is permissible if sufficient privacy safeguards are in place, and that Phorm has satisfied the Information Commissioner's Office about their practices and technology."

    This may be true for PECR & DPA, (although like Bill Thompson I'm deeply suspicious given the ICO's own admission that they have no technical expertise to properly evaluate the technology) but the ICO has not considered the legality of this type of DPI in relation to RIPA because they have no responsibility for RIPA. Under RIPA the consent of both ends to to a communication must be obtained before an interception can be legal. BT/Phorm may have a mechanism in place to obtain the consent of the user but they appear to have no mechanism in place to obtain the consent of the websites that user is visiting. I think this casts doubt over whether this type of system can ever be operated legally.

    As others have said - please do the right thing to safeguard the privacy of your users.

  • Comment number 20.

    One serious point that the BBCC need to realise is that the sort of interception and redirection that is involved in Phorm's system can also be used to alter the actual content of the webpage as it is seen by the user.

    Phorm have said that they will not do this but are the BBC going to take that chance?

    Phorm have proven that they are willing to operate outside of the law and intercept communications in secret but even if Phorm were squeaky clean the BBC needs to understand that other companies can make use of the same type of system and could be even worse.

    The BBC should not be waiting for these situations to arise when they can quickly and easily ban all such use of their website.

    Please remember that it's only data to you but it's privacy and profiling to us. We come here for health advice, political comments, to check elections and budgets and to comment on news stories. Our children come here for advicve and information. The thought that Phorm will be allowed to look over our shoulders when we come here is going to put the BBC website off-limit to many of us. The BBC only has to send a letter to Phorm to tell them to exclude these sites - it's a no-brainer and there is no genuine excuse for not acting.

  • Comment number 21.

    "14. At 07:39am on 23 May 2009, Sir John Luke wrote:
    I don't know whether it is technically feasible, but it would be a good idea to merge this blog with Seetha's, otherwise comments on the same subject are being split between the two."


    Sir John Luke , to somewhat get around the many limitations of the current site software ,if you open another page and click the time of the poster comments, you can get a direct URL for that post,and paste it into any other posts you make, such as the one i just made on seetha's page

    its not great, and no way near as versatile as say a real messageboard software such as the vBulletin SW that Cable forum use, but we have no other choice but to use this BBC offering.

    i would be in favour of the BBC using some of the licence fee to buy a one time cost ,real message board such as vBulletin OC for everyones long term good, not least easy searchable arching etc, infact i propose they do exactly that that ASAP.

    http://www.bbc.co.uk/blogs/bbcinternet/2009/05/bbc_online_and_behavioral_targ.html#P80447919
    just a recap of the way the Phorm cookies work care of
    ......

  • Comment number 22.

    i dont want to take this OT but it is interstign stuff, but ill just mention this as just discovered.

    ohh be aware of one of those BBC BB board limitations

    it appears the board SW will show all the posts above the linked post ,But nothing below it and thats a shame as you will have to reload the original page to see any other later replys...

    see this very thread through the URL given by clicking the time of the post for example

    http://www.bbc.co.uk/blogs/bbcinternet/2009/05/interesting_stuff_20082105_bbc.html#P80441919

    back to the other interesting stuff

  • Comment number 23.

    hmm forgive me but apparently it may have been my end as now it sems it works, please remove this and my post 22 as not relevant.

    OC an edit and delete your own posts option would be a very good thing if that is possible in the future ;)

  • Comment number 24.

    after looking over the many old facts of the phorm DPI case it might be interesting to the readers and the BBC people involved in that FOI reply to consider these as a refresher of things long forgotten by many, but not all OC ;)

    As you browse, were able to categorize all of your Internet actions, said Virasb Vahidi, the chief operating officer of Phorm. We actually can see the entire Internet.

    and
    The UK Home Office has indicated that Phorms proposed service is only legal if users give explicit consent.[32]

    The Office itself became a subject of controversy when emails between it and Phorm were released. The emails showed that the company edited a draft legal interpretation by the Office, and that an official responded If we agree this, and this becomes our position do you think your clients and their prospective partners will be comforted.

    Liberal Democrat spokeswoman on Home Affairs, Baroness Sue Miller, considered it an act of collusion:

    The fact the Home Office asks the very company they are worried is actually falling outside the laws whether the draft interpretation of the law is correct is completely bizarre.[33]

  • Comment number 25.


    A simple choice really (but with ramifications either way!).

    If you believe this is unwarranted privacy & intellectual property invasion you, IMO have little choice other that to protect both UK Users & Korea counterparts currently part of a "trial"; many of which may not know the trial is taking place?

    If you believe otherwise then please let us know & explain why.


  • Comment number 26.

    Don't really think the BBC should be getting involved in this at all. Would be letting themselves be used as a propaganda tool ("Amazon.com spokesman Craig Berman..... "All we're saying is we've chosen to opt out," he said. "I don't know if they've even implemented anything yet."") by the hard core "privacy" activists that seem to be fanning the flames of what is not that big a deal.
    Obvious that Amazon made their kneejerk decision to protect their own interests, they don't really want consumers being presented with better deals elsewhere do they? Nothing to do with Privacy.
    Phorm has to be an opt-in service.
    Therefore ISP customers who opt-in are happy for their data to be analysed/profiled and their own "privacy" is not an issue (if they read the small print).
    Again, if consumers don't opt-in to Phorm their privacy is not an issue irrespective of what the BBC do.
    Not for the BBC, or any website to assume the mantle of "privacy champions" on behalf of consumers just to keep the privacy zealots off their back.
    I don't want the BBC to be pandering to a small minority of vocal campaigners when many licence fee payers might be happy to accept inducements to sign up with Phorm.
    Very wise to stay silent until Phorm is rolled out by various ISPs. Analyse how consumers opt-in then you can say whether it's in the BBC's interests to get invoved.

  • Comment number 27.

    @starryjennyg


    And what about this Blog if only one Web User is on a phormed connection everyones data here gets "Profiled", so much for the confidentiality of communications then!

    And before you say anyone can read this page, yes they can but not to take a copy & use the information for an unintended purpose for example commercial purposes!

  • Comment number 28.

    I don't think the BBC - or indeed any site - should "opt out" of Phorm; at least, not yet.

    Doing so at this stage lends some impression of legitimacy to Phorm and its operating methods, and as of now there are some serious unanswered questions.

    While I have no problem with subscribers to an ISP, in full possession of the facts, allowing Phorm to behaviourally-target them in exchange for more accurate advertising targeting, this on holds true so long as (a) traffic from those subscribers who haven't opted in doesn't go anywhere near Phorm's data collection equipment (i.e., traffic is routed to it on a per-account basis), rather than all traffic being forwarded to it and a cookie-or similar-mechanism being used to opt out of the storage, but not the actual collection, and (b) the only incentive for users to opt in (or disincentive for users to not opt in) is directly related to the profiling itself-that is, the more targeted advertising which Phorm repeatedly claims is of great benefit to subscribers and is something people want.

    Then, of course, Phorm will probably discover that very few people want to opt in to its service, and as a consequence very few advertisers or ad-spots want to sign up either. But, there are no guarantees of that.

    Once it's launched in this way (assuming it goes that far), then the BBC should opt out. If it's launched and doesn't work this way, the BBC should launch legal action instead (illegal interception under the RIP Act).

  • Comment number 29.

    Sadly, Starryjennyg takes the usual Phorm line of attacking and smearing anyone who deoesn't see things their way.

    Apparently the entire management, staff and board at Amazon are incapable of making a rational decision - it was a "kneejerk decision" based on the fact that they want to prevent the whole world from shopping elsewhere.

    Anyone who objects to the use of DPI in this way is labelled - "hard core privacy activists" and "vocal minority" are terms regularly bandied about by Phorm in an effort to discredit them.

    Cleary, starryjennyg hasn't read the internal documents from the BBC. If you had you'd have seen what they think about Phorm...

    "...I don't see Phorm surviving long term..."

    "...I can't see this ending any other way than the ISPs capitulating and admitting that this was a poorly thought through idea. In other words, I believe that Phorm will fold anyway..."

    "From a commercial perspective I can understand why there's value created in having this information and therefore why ISPs want to do this. From a technical perspective it's evil!"

    Are you now going to say that the BBC is run by idiots because they see through Phorm's BS - sorry, PR.

    If you want to give Phorm YOUR details, write them a letter, send them a photo - do what you like with your own life. Nobody cares what you do as long as you don't offer to give them any of my information because it doesn't belong to you. If you opt-in to Phorm they will scrape every site you visit - including this one - and they will copy and use every single post on this page - not just yours.

    Other people here may not be customers of an ISP that uses Phorm so they will not be able to opt-out of having information that they post on BBC websites being abused by Phorm.

    The only way to protect users of the BBC's websites is for the BBC to block Phorm entirely.

  • Comment number 30.

    @Starryjennyg

    Do you really think that a retailer as big as Amazon has taken a kneejerk decision? I doubt it was that simple.

    Phorm tends to label people who oppose them as "hard core privacy activists" and the term "vocal minority" has been used by Phorm and their PR teams more than once in a poor effort to discredit them. On their "Truth" website the latest attempt to obfuscate the actual issue is to brand ordinary internet users who oppose their activities as "Privacy Pirates" (let's remember the issues are about interception of private communication and the theft of copyright material, serious issues actually)

    The BBC teams writing on this issue are not kneejerking. The FOI documents show considered opinion being formulated. Sadly, it seems that some people take the usual Phorm line and this does involve attacking and smearing those who deoesn't see things their way.

    The only way to protect users of the BBC's websites is for the BBC to block Phorm entirely. To repeat an earlier post above, BBC employees have said:

    "...I don't see Phorm surviving long term..."

    "...I can't see this ending any other way than the ISPs capitulating and admitting that this was a poorly thought through idea. In other words, I believe that Phorm will fold anyway..."

    "From a commercial perspective I can understand why there's value created in having this information and therefore why ISPs want to do this. From a technical perspective it's evil!"


    Does the above seem like we, Joe Public The Internet Users are fanning flames? I think we can see here that the BBC is having reasoned internal dialogue which comes to the same conclusions that some of us have drawn ourselves over the last 18 months (and some have experience of Phorm as 121media before that!). I am not a privacy activist, and I don't mind adverts on the internet either, but I don't like what Phorm wants to do because if you want to Opt In, that's fine, you go ahead and do it. But if you do opt-in to Phorm, why should MY text on this page be used by Phorm?

    I provide income for the BBC to run and I do not give my permission for Phorm to use this content or any BBC content funded by the license fee. Yet, if you opt in and visit this page, my content here is then used by Phorm. I'm with an ISP now who says they will never use Phorm - so how to I stop my text here being copied and used by Phorm if you Opt In and then you visit this page?

    The BBC has to block Phorm. It's got to happen and I could say it's just a matter of time and there's no hurry, but if Phorm is running its system in another country like Korea, then I would think that to fulfill their charter the BBC probably have to block Phorm now.

  • Comment number 31.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 32.

    @ starryjennyg 8:27pm on 24 May 2009 (comment 26)

    I'm what starryjennyg calls a "hardcore privacy activist" (rhetorical abuse)- a "vocal campaigner" (I accept that charge) - "privacy zealots" (rhetorical abuse). Or to put it another way, I'm a private citizen, with no vested commercial interest, who is horrified at what my ISP, in partnership with Phorm Inc. have already done to compromise my privacy, intercept my communications and censor my opinions by closing down discussion on the matter on their own ISP customer forums. And I have got used to the way Phorm's main form of attack seems to be to take such private citizens and abuse them publicly and privately, particularly in the corridors of Westminster. Their http://www.stopphoulplay.com site is a wonderful example of Phorm's idea of how to conduct rational argument and defend their technology. I've been tracking that site since it opened - for a site that purports to be giving the truth, it's amazing how many changes and takedowns they have had to make since publishing it - including some of the things they have said about the BBC.

    But to take starryjennyg's opening phrase "Don't really think the BBC should be getting involved in this at all." - I'm also a BBC licence payer and UK taxpayer, who takes the BBC Charter seriously. I'm afraid the BBC don't have a choice. They are ALREADY involved. Their licence funded pages have already been profiled, as Phormed customers of BT Broadband have browsed them. Their licence funded pages have already been exploited for commercial gain contrary to the BBC charter. The unique personal communications between the BBCUK and BBCWW website and their visitors has already been intercepted without the BBC's consent. The content provided on their pages by 3rd parties who do NOT use a Phormed ISP, has already been profiled by Webwise and PageSense trials, as Phormed ISP customers of BT browsed those pages and read that content. The same content may right now, be being profiled by QookSmartweb trials as the pages are visited by Korea Telecom triallists. The sensitive personal data (sexual orientation, trade union membership, health details) of 3rd parties who do NOT use a Phormed ISP, and who have not given their explicit informed consent, on certain password protected cookie-authenticated sections of the BBC network, has already been harvested during Webwise and PageSense trials in 2006, 2007 and 2008. The browsing habits of children who have not given their informed consent, has already been profiled as they use internet connections in households where an unidentified adult, unknown to either the ISP, Phorm or the BBC, has already signed them up to Webwise. The name WebWise, until recently, associated with the BBC's programme of educating children and others about safe internet use, has been hijacked for use in describing a commercial service designed to present behaviourally targeted advertising and has now become permanently compromised. Cookies, purporting to come from the BBC site, will already have been set on triallist machines, using the BBC trade name as part of their content without consent of the BBC, masquerading as 1st party cookies in contravention of internet RFC standards and allegedly, contravening both trademark law and the Fraud Act.

    What the BBC have to decide is how they respond to what has ALREADY happened. Covert trials in 2006 and 2007 "in probable breach" of DPA and PECR (ICO) and in clear breach of RIPA. Public trials in 2008 by BT where the Webwise invitation was held by the ICO to not constitute "informed" consent because of its inadequate description of the service. Public trials by Korea Telecom on the other side of the globe but impacting on the BBC site right now.

    Not "getting involved" starryjennyg? Sorry - too late. As Virasb Vahidi points out with his claim that Phorm can see the whole internet - the BBC webpages, the visitors to BBC webpages, the 3rd parties who neither use a Phorm ISP nor have been asked at any time for their consent for their intellectual property to be abused or their sensitive personal data to be profiled - they are ALREADY involved, whether they like it or not, whether they have consented or not. The question is NOT "should the BBC be involved". The question is "what are the BBC going to do about the fact that they, and all their visitors, and all who post content on their network, sensitive, public, private or otherwise, adults or children, ARE involved already"?

    With laws like the DPA, PECR, MCA, Fraud Act, Copyright legislation, and RIPA, all coming into play and no effective enforcement being provided by the state, the BBC cannot stand on the sidelines and simply wait. The charter is already compromised, the privacy of users already invaded, the intellectual property of contributors has already been exploited commercially, the privacy of children already compromised, the trademark of the BBC already misappropriated - and all for commercial gain. Not involved? The BBC is in it up to its neck, and has been for at least three years. It's time for action. There are plenty more Phorm's in the wings. Are you ready?

    It's already happened. And the BBC response is...?

  • Comment number 33.

    Seen much of the above regurgitated elsehwere, very little based on fact unforunately.
    Much of the missinformation seems to emanate from Richard Clayton's April 2008 report and even he says "until there is an operational trial, you cannot be sure what the deployed technology will exactly be".
    There have been trials and there has been no update by Clayton or anyone else for that matter, no info from BT, Vigin or Talktalk on how they will implement Phorm so what you tend to see is much guesswork and opinion based on schoolboy cookie hacking and amateur sleuthing.
    The BBC should also be mindful of who exactly they listen to, the anti-phorm lobby seems to be well armed with all the tricks of the trade.
    All the BBC have to go on is what the anti-phorm lobby wants them and others to believe.
    As for the legal side, we are forever hoping the courts would apply the spirit of the law as opposed to the letter of the law, what the anti-phorm lobby seem to be trying to influence is the exact opposite.
    I very much doubt if the various acts were originaly drawn up with suppressing ad networks on the internet.
    As for bringing children into the argument, being a parent of two young kids I wouldn't dream of letting them use the internet unsupervised. I feel reasonably confident that I best protect them that way from things far worse than whatever demons you imagine lurk within Phorm.

  • Comment number 34.

    starryjennyg said: "I very much doubt if the various acts were originaly drawn up with suppressing ad networks on the internet."

    Indeed, they were probably drawn up with the intention of preventing the unauthorised interception of communications (RIPA) and protecting privacy (DPA).

  • Comment number 35.

    @starryjennyg
    you say "we are forever hoping the courts would apply the spirit of the law as opposed to the letter of the law"

    the law is there to be interpreted and applied correctly by the relevant bodies

    i assume from the fact you use the word "WE" above, that you are associated with phorm or one of the ISP's involved either directly or via a contract (i.e. PR agency retained by phorm etc)

    as to no update from richard clayton etc, that is easy people are wary of being mis-quoted or selectively quoted out of context

    also phorm have said they wish to engage, so why are no comments allowed on their main site or even the "stopphoulplay" site

    i believe you will find several people have offered to look at the code of the phorm system but phorm have turned them down.

    i do not wish phorm or an isp (does not need to be mine) to intercept the isp's customers private communication with my website without MY permission, i have not delegated any authority to the isp's customer to give permission to anyone to intercept communications with my website and use them for the commercial gain of phorm,the isp, the advertiser or the channel creator

    end of

    peter
    the facts are out there

  • Comment number 36.

    starjennyg says 1:37pm 25th May
    "Seen much of the above regurgitated elsehwere, very little based on fact unforunately."

    Care to be more specific? Or are you disputing that the purpose of OIX is the serving of advertisements, and it is a commercial advertising service with a commercial revenue raising aim? Because that is at the core of the BBC's problem, and your comments don't affect that position one jot.

    "Much of the missinformation seems to emanate from Richard Clayton's April 2008 report and even he says "until there is an operational trial, you cannot be sure what the deployed technology will exactly be".

    If you care to make that a formal claim that Richard Clayton is guilty of misinformation and also quote any specific Phorm refutation of any sentence in his reports or blogs I'm sure his lawyers would be in contact. Note that the
    Phorm
    claims about Richard Clayton on the Stop Phoul Play site were withdrawn after initial publication.

    "There have been trials and there has been no update by Clayton or anyone else for that matter, no info from BT, Vigin or Talktalk on how they will implement Phorm so what you tend to see is much guesswork and opinion based on schoolboy cookie hacking and amateur sleuthing."

    More rhetorical comments without factual basis. None of the possible changes to the system alter the commercial basis on which BBCUK content is exploited.

    "The BBC should also be mindful of who exactly they listen to, the anti-phorm lobby seems to be well armed with all the tricks of the trade."

    I don't think the BBC actually need warning of that. I'm sure they are capable of making their own minds up. We note also your rhetorical comment "tricks of the trade". Kindly confine yourself to factual arguments.

    "All the BBC have to go on is what the anti-phorm lobby wants them and others to believe."

    Factually incorrect. There is a vast amount of published information available and a serious scarcity of detailed refutation from Phorm or the ISPs.

    "As for the legal side, we are forever hoping the courts would apply the spirit of the law as opposed to the letter of the law, what the anti-phorm lobby seem to be trying to influence is the exact opposite."

    Well - your comment about not wanting the letter of the law applied is most revealing? If Phorm and their partner ISPs have not broken the law they have nothing to worry about.

    "I very much doubt if the various acts were originaly drawn up with suppressing ad networks on the internet.
    As for bringing children into the argument, being a parent of two young kids I wouldn't dream of letting them use the internet unsupervised. I feel reasonably confident that I best protect them that way from things far worse than whatever demons you imagine lurk within Phorm. "

    I am so glad you take a responsible attitude to your children. But not all children are in homes where the adults take that attitude. Which is why we have laws to protect them against careless or maliciously inclined adults who seek either to exploit them, or fail to protect them. It's not YOUR kids I'm worried about actually.

  • Comment number 37.


    The use of Audience Science by the BBC is actually a decision by the BBC to trust a "third party" with some info (rightly or wrongly), but this obviously does not extend to any other "unknown third parties".


    This problem with this type of DPI equipment inside either an ISP or a proxy server is the total lack of choice extended to either the Web User or Website.

    To compound the potential problem such access by this type of DPI equipment can also "possibly" extend to the aquisition of information supplied by the Website to their third parties also.

    It's better not to accept the premise of "any type of interception" techniques in the first place!

    Would it be acceptable for a Telephone Company to profile Telephone calls via a "sophisticated Recording Machine" because I do not in all reality see any difference; both systems are raw electronic data until processed!



  • Comment number 38.

    I could choose never to use - or post on - the BBC's websites but that wouldn't help as I have posted on many areas of the various BBC.co.uk sites over the last few years and those posts would still remain and Phorm will have access to them.

    I posted to the BBC websites on the understanding that they would knowingly allow abuse of any information contained - including my intellectual copyright. Now that the BBC are aware that such infringements will take place unless they take a very simple step then thy need to keep up their end of the bargain.

    I don't know - yet - what the law says about a state funded organisation failing to prevent Phorm from abusing my posts for profit but you can bet that it's something that will be looked at.

    In case the BBC decide to ignore the issue until it's too late, can someone at the BBC tell us how to have everything we've ever had published on their BBC.co.uk websites removed to prevent this or any other spyware company from abusing it? Can we also have posts or other content removed that reference - especially ones that quote - content we have had published?

  • Comment number 39.

    Can I also point out that there is nothing to say that we will get any reaction or feedback to this thread - simply a comment that Seetha "has read all the comments so far and wants to know what you think".

    Is there a point to this article apart from diverting attention away from the orginal story or diluting the feedback by spreading it across multiple parts of the site?

    Will we be getting any response from the BBC and if so, when?

  • Comment number 40.

    StarryJenny, it's wrong of you to make such sweeping unspecific claims.

    You say, "the anti-phorm lobby seems to be well armed with all the tricks of the trade"

    What tricks are those please? Because I have never met these privacy campaigners you and Phorm regularly refer to. I have never even spoken with them, not discussed next steps or tactics etc. I have never been a campaigner for anything. Only since the Phorm Webwise trials by BT have I been vocal about the issues as I see them.

    Those of us who do not like what Phorm and BT have done, who believe that they have broken the law, are simply saying so and ensuring that what looks like a once cosey relationship with the Home Office does not lead way for them to covertly continue their activities. I think we just believe that what they want to do is morally wrong and wrong in law which we hope the EU will follow through on.

    I just work in a shop StarryJenny. I have a full time run of the mill job. No contacts in the PR trade, no special expertise or training in the "Tricks of the trade" (other than how to use a safety knife to open a case of beans!) I'm just doing my bit to ensure that the spin and promotion of the Webwise/SmartWeb/QookSmartweb system from Phorm is closely examined and challenged. We know that it doesn't stand up to this scrutiny because BT has banned discussion on their forums and deleted posts from customers who discussed it (some customers were actually banned for mentioning Webwise after being warned not to).

    Phorm and the ISP trialling their system on the other hand... they do seem to employ tricks of the trade, don't they? There are so many examples, like accusing me and others of being in the pockets of Phorm's advertising competitors. StopPhoulPlay is the best example though isn't it? The content and wording they have used is to try and diminish the respect that people have for individual British citizens who spotted what BT and Phorm were up to and have not let them get away with it unchallenged. That, and all the other history won't be lost on readers of this blog and the many comments on this page. There's a true record of the facts to do with Phorm on Wikipedia at present, including the time when Phorm's PR team tried to edit and remove facts from the Wikipedia page and they were spotted doing it.

    Sorry, that is a regurgitation as you say, but StopPhoulPlay is quite new isn't it? It was launched around 28th April wasn't it? And false and inaccurate content then started being removed about 24-48hrs after launch as I recall. Ticks of the trade StarryJenny? I think we all know where the trickery has been taking place.

    What the BBC have to go on is simply the facts. As you can see from what has been said following your post above, there are plenty of facts. The BBC does not need me or any of the "anti-phorm lobby" to try and get them to "believe" anything, I'm pretty sure after reading the internal BBC emails that they are astute enough to decide what the truth is and make up their minds what action they have to take. The charter and the facts will guide them.

  • Comment number 41.

    @DPIShredder
    "The use of Audience Science by the BBC is actually a decision by the BBC to trust a "third party" with some info (rightly or wrongly), but this obviously does not extend to any other "unknown third parties"."

    glad you brought up the issue of audience science (previously revenue science) they are one of the site / cookie based behavioural advertising system, it only collects data from websites who participate in the advertising network by hosting scripts,cookies or web beacons

    this type of advertising system can be blocked with host files, browser add-ons etc to protect your privacy if you wish

    compare this to the phorm type DPI systems

    they are in the ISP core and the website the customer of the ISP with the DPI advertising system will rarely know or be able to detect it

    this enables the ISP to use the data from the website regardless of the websites terms and conditions relating to commercial use of the content of the website and in many cases against the sites privacy policy

    for the customer there is unlikely to be any way of avoiding the mirroring or interception of their data stream used to gather the information for the advertising system

    there is normally some form of opt-out but usually just the advertising only, as the advertising system normally delegate the interception / data collection to the ISP (who uses kit and code supplied by the advertising system provider)

    bottom line is
    with site based systems the customer can block it and it does not collect data from websites who do not belong to the advertising network

    with DPI based the customer is rarely able to stop the interception / mirroring and all websites are scanned (unless there is some opt-out scheme ) but due to DPI technology being designed to be an invisible / stealth technology websites have trouble detecting it's use so as to protect visitors and interlectual property

    that is the main difference between site based and DPI based advertising systems

    i firmly believe that the BBC should opt-out all of their websites, forums and blogs with immediate effect, to protect the customers and website visitors privacy and i believe not to do so will be in conflict to the BBC charter

    peter

  • Comment number 42.

    given Nicks wish to split the content and feedback on this subject, i thought you might want a direct link and to see any future replys to this
    http://www.bbc.co.uk/blogs/bbcinternet/2009/05/bbc_online_and_behavioral_targ.html#comment37

  • Comment number 43.

    If the BBC do not prevent Phorm from forging BBC cookies, I can only assume that they will extend this arrangement equally to anyone else that wants to do the same thing for any reason?

    I want to use BBC cookies to sell my products. Will the BBC please confirm on this forum if this will not be acceptable to them and the trustees?

    I also want to copy the entire contents of the BBC.co.uk website as I can use this information to sell my products. Will the BBC please confirm on this forum if this will not be acceptable them and the trustees and that they have obtained the correct rights from their relevant owners and have the authority to allow this action?

    I especially want to be able to watch and copy any entries on the childrens' sections and the women's health sections of the website as I can make lots of money by selling some of the material from those pages to anyone with deep enough pockets. Will the BBC please confirm on this forum if this will not be acceptable to them and the trustees?

    All I am asking for is the same rights being afforded to Phorm.

  • Comment number 44.

    Comment 14 - SirJohnLuke.

    I'm not aware of an easy way top combine two comments threads on this blog. I could close comments on Seetha's previous post and diect people here but I'm reluctant to do that unless evryone thinks that's a good idea.

    The BBC's Charter has been mentioned a couple of times. Here's a link in case you want to read it.

  • Comment number 45.

    Just to clear up any doubt about the factual basis of the report from Dr Clayton. In a meeting between Phorm and Dr Clayton, Phorm explained how their system works in great detail. Dr Claytons report was written up based on the notes he took during this meeting.

    He passed the report to Phorm so they had a chance to correct any errors (which they did). The report is on it's third revision and Phorm said that the latest revision described their system accurately.

    So Dr Clayton's report is the most factual piece of information out there and it has been confirmed so by Phorm themselves.

  • Comment number 46.

    Whilst 'Dephormation Pete' is on a roll, perhaps it would be fair to debunk the myth that Phorm is somehow illegal under RIPA.

    Chapter 1, Paragraph 2, Sub-Paragraph 2 of RIPA states the following:
    For the purposes of this Act, but subject to the following provisions of this section, a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if, he

    (a)
    so modifies or interferes with the system, or its operation,

    (b)
    so monitors transmissions made by means of the system, or

    (c)
    so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system,

    as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication.

    What Richard Clayton, his friends at FIPR, the anti-Phorm brigade and others choose to ignore is that last bit. Phorm's system firstly annonymises all data with a UID that cannot be tracked back to individual users, secondly and perhaps more importantly, at no time does Phorm make "some or all of the contents of the communication available" to third parties. Looking at Phorm literature and the other information available, Phorm's partners design their own channels which use keywords to identify those annonymous UIDs that are going to be shown advert A or B, but the fact is that the browsing histories of those UIDs (which, remember are annonymised) never get shown to the advertisers or anyone else.

    So, as far as RIPA is concerned, its arguable that Phorm don't even conduct 'interception'.

  • Comment number 47.

    Strange... I would have thought that the redirects, prior to this so-called anonymising, would be interfering with or intercepting the transmission in order to redirect it?

    Seetha Kumar stated that the Beeb is waiting for the outcome of the EU investigation. I say that whatever the outcome of EU proceedings, whether Phorm's 'webwise' is somehow deemed to be legal or not is irrelevant. (that's Webwise the online behavioural profiling technology, not WebWise the BBC's guide to using the internet - I wouldn't want to cause any confusion over similar trading names)

    The BBC UK content is publicly funded and therefore Seetha is quite right, it is not appropriate for third parties to use the data profiles of the users of BBC services for commercial gain. In the same context it is also not right for a third party to use the BBC online content for commercial gain.

    But this isn't just about commercial gain. It is also about privacy. Privacy of users of the BBC websites.
    From the email exchanges in that FOI release it is clear that there are individuals at high levels within the BBC who fully understand how Phorms 'Webwise' works. They appear to have taken the time to read up on the published information that is available.

    I note that comments have been made regarding there having been no update by Clayton or anyone else regarding the webwise technology. Good point. Why is that? could it be because Phorm,or BT, are not releasing any detail? Strange how Dr Clayton had to rewrite his analysis THREE TIMES after Phorm apparently 'remembered' more of the detail of their own system!. And the analysis was then accepted by Phorm to be accurate.

    Let's not forget, the first two trials were stealth trials - no-one was supposed to know. (A thank you goes out to the whistleblower)

    The point about children has to be raised. Has the BBC considered children? what about CBBC and CBeebies websites? would the BBC be comfortable knowing that DPI technology was profiling children while they happily surf those areas?

    The BBC Charter may require impartiality but the BBC should remember, you are funded by the public and therefore protecting your own interests should not be considered as more important than protecting the interests of the general public.

    The BBC should simply do what it knows and believes is the right thing to do.
    This doen't have to be aimed specifically at any single company. Simply block the use of DPI profiling of BBC UK websites for the protection of users privacy and prevention of commercial gain. Enforce your copyright notice.

    The BBC would be letting themselves be used as a propaganda tool if they were to block Phorm? I very much doubt it.

    Lets consider the possible breaches of legislation:

    RIPA:
    States that BOTH ends of the communication must give informed consent for lawful interception of communication. Has the BBC given it's consent?

    PECR:
    Webwise is presented as a value added service (anti-fraut / anti-phishing) therefore PECR opt-in requirements are relevant.

    Data Protection Act:
    Section 2 of the DPA and Schedule 3 requires explicit consent before processing Sensitive Data.

    Violation of copyright:
    "You may not copy, reproduce, republish, disassemble, decompile, reverse engineer, download, post, broadcast, transmit, make available to the public, or otherwise use bbc.co.uk content in any way except for your own personal, non-commercial use." Has the BBC granted BT and phorm a license to use its content for commercial activity? I certainly hope not - that would appear to be against the BBC charter.

    As far as the courts are concerned, the sooner it gets before them the better. I constantly read that BT/Phorm 'sought legal advice' prior to any trials.
    Such legal advice would end speculation regarding legality wouldn't it? But despite people requesting details, it is never ever produced. Why is that? I have my own opinion!

  • Comment number 48.

    "secondly and perhaps more importantly, at no time does Phorm make "some or all of the contents of the communication available" to third parties."

    Excuse me, but Phorm IS a third party in this context. The communications in question are between the user and the web site.

  • Comment number 49.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 50.

    sorry, thats "real jail time", some mod please feel free to edit my post and correct the spelling then delete this post to keep it clear...

  • Comment number 51.

    The difference between what Phorm's system would do and the case law you have quoted above are so clear as to prove the point that Phorm proposed system is legal. It's disingenuous to suggest otherwise.

    The Stanford case concerned the covert interception of private emails, Marc Burgess has already made clear that Phorm will provide unmissable notice and a clear choice for consumers. But of course some of the anti-Phorm brigade just won't believe that. We should note here that the level of awareness Phorm would offer far outstrips anything offered by say Google Mail, where anyone who emails a Gmail account holder has their message intercepted without their permission so that Google can make money serving ads to the account holder.

  • Comment number 52.

    NO, the case law i have quoted above is so clear as to prove the point that Phorm proposed system is Illegal. It's disingenuous to suggest otherwise.

    the line
    "The Regulation of Investigatory Powers Act 2000 provides a defence to [b]an individual who intercept a communication in the course of its transmission [/b] from a private telecommunication system" is key , and you really need to comprehend its core meaning...

    clearly BT have already officially admitted they did NOT get permission form the interceted partys.

    as a convenience from wiki rather than the seperate sources
    "The Register reported that BT ran an earlier secret trial in 2006, in which it intercepted and profiled the web browsing of 18,000 of its broadband customers. The technical report states that customers who participated in the trial were not made aware of the profiling, as one of the aims of the validation was not to affect their experience.[55]

    On 4 June 2008, a copy of a 52 page report allegedly from inside BT, titled "PageSense External Technical Validation", was uploaded to Wikileaks, a site that hosts anonymously-submitted sensitive documents. The report angered many members of the public; there are questions regarding the involvement of charity ads for Oxfam, Make Trade Fair and SOS Children's Villages, and whether or not they were made aware that their ads were being used in what many feel were highly illegal technical trials. The report also has data which shows over 18 million web page requests from customers had JavaScript embedded into the responses, which has again raised questions about the legal standing of those trials.[56]"

    its clear, the problem isnt with RIPA, the problem is actually getting the CPS to bring the charges put to court, so we can have the judges take the existing case law such as the stanford case and give a ruling on this case in the public interest.

    if youe and the Phorm teams are so sure on this matter, then you have Nothing to fear do you, most average people would take a seasoned high court judges ruling as final, lets get this Deep Packet Interception for profit (commercial piracy by any other name) in a court and see if the intercepting executives are so clearly fine as they want people to beleave.

  • Comment number 53.

    Cutting and pasting from Wikipedia shows some lack of imagination doesn't it?

    As to your point, you are conflating two different situations and by doing so arriving at the conclusion that Phorm is somehow not compatible with RIPA.

    The Stanford case was about someone intercepting the private emails of an individual without their knowledge or consent. That is most certainly not analogous to what Phorm propose, which is a system of interest based adverts delivered to users in place of the current irrelevant advertising that they are shown when browsing with, and I mention this again, clear choice and unmissable notice.

    In fact, if we want to cut and paste anything, perhaps this snippet from DBERR will help:

    (from September 2008) "the UK authorities consider that Phorm's products are capable of being operated in this fashion on the following basis:

    The user profiling occurs with the knowledge and agreement of the customer.

    The profile is based on a unique ID allocated at random which means that there is no need to know the identity of the individual users.

    Phorm does not keep a record of the actual sites visited.

    Search terms used by the user and the advertising categories exclude certain sensitive terms and have been widely drawn so as not to reveal the identity of the user.

    Phorm does not have nor want information which would enable it to link a user ID and profile to a living individual.

    Users will be presented with an unavoidable statement about the product and asked to exercise a choice about whether to be involved.

    Users will be able to easily access information on how to change their mind at any point and are free to opt in or out of the scheme."

    Phorm know what it takes to comply with the legislation and have said as much. Of all those conditions listed above, the anti-Phorm brigade cannot provide any proof that Phorm doesn't meet one or another of them.

    It seems that some people are less interested in genuine engagement with the debate than they are with pushing their own vanity project (paranoid fears of surveillance) to provide a reason for their feavered beavering.

  • Comment number 54.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 55.

    PointOfOrder

    Answer please, what gave Phorm the right to intercept my browsing data during the trials of 2006 and 2007?

    What gives them the right to assume consent to intercept the data transmitted from my websites to end users?

    They cannot presume implied consent, I have a clear right under RIPA to expect to be contacted BEFORE they intercept any data from my sites to the end user. Also what makes them assume they can set cookies as if they were from my site, passing themselves off as if they were from me. That is basically fraud, I won't ever give them the right to do that.

    Copyright law also allows me to set the terms of usage of my content, not Phorm. They have to seek a licence BEFORE using my content, the excuse about it only being a digest of keywords is irrelevant, they cannot and WILL not use my works in that way, because if they try to, they will be facing lots of time in front of a judge.

    Before you say "they offer an opt-out for websites" I don't care, the law is not on their side with that one, I can guarantee it.
    Copyright law was designed to prevent abuse by forcing them to negotiate a licence before making any use, I don't have to opt out of their system, they have to ask me to opt in, and negotiate the appropriate fee for commercial use of content.

    Remember, there are ways to capture the forged cookies set by Phorm, so they won't be able to deny their actions either when those cookies are presented with server logs.

    It seems you are mistaken in your assessment, it would seem Phorm don't know how to comply with legislation, otherwise they would never have developed such a deeply flawed system.

    They look for loopholes within the legislation and hope that they can call the bluff of everybody involved.

  • Comment number 56.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 57.

    This comment has been referred for further consideration. Explain.

  • Comment number 58.

    The comment was only removed because House Rules don't permit linking directly to a pdf, my apologies. So I'll post this: http://www.stopphoulplay.com/this-is-who-they-are/ where any interested readers will find the link to the judgement made against the leader of the anti-Phorm brigade, Alexander Hanff.

  • Comment number 59.

    ...and I trust that this satisfies the Beeb's netrality requirements. After all these blog comments have so far made numerous allegations of copyright infringment (all unproven by the way) against Phorm. So I don't see why an actual court judgement against one of these people for that same offence should go unreported.

  • Comment number 60.

    It occurs to me that if a telecoms company were to routinely listen into calls made by/to their customers with a view to targeting those customers with ads, there would be a massive public outcry, however because internet technology is new and very few people understand it, the companies like BT feel comfortable to run roughshod over their customers civil rights - because they can !!
    I have already approched my ISP (Waitrose) and asked if they had plans to implement Phorm. I received the reply "I can confirm that Waitrose.com has no plans to implement PHORM."

    I may have missed someone else putting this point so if it turns into a duplicate, I apologise.

  • Comment number 61.

    Another analogy that doesn't bear up, with the greatest respect, no one inserts audible adverts into phone calls at the moment. Nor would they likely to do so because it would become impossible (or nigh on) to conduct a conversation.

    Whereas, currently the net runs on advertising, only a small minority of sites (like FT) make any cash from subscription services. Making these adverts more useful to both users and advertisers can only be a good thing. Even more so when these uses have unmissable notice that the system is in operation.

    Anyone who looks at their recommendations on Amazon or items that might be of interest to them on Tescos or Sainsbury's online shopping sites is already receiving targeted advertising in a crude form. Funny though that the more vitriolic campaigners aren't at all concerned with the Amazons and Googles of this world but instead are focused on a £50m AIM listed concern.

  • Comment number 62.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 63.

    PointOfOrder - my analogy bears up very well - you are making the assumption that I was suggesting audible adverts into phone calls. I was not. The company know your physical snail mail address and could easily add to the pile of junk mail that we all get on a regular basis or worse, sell the information to a cold calling company and result in phone lines being snowed under by sales calls or silence through poorly configured predictive dialers.

    Whether the economics of such an approach would work is another matter. The fact is it could happen

  • Comment number 64.

    POO #61

    "Another analogy that doesn't bear up, with the greatest respect, no one inserts audible adverts into phone calls at the moment. Nor would they likely to do so because it would become impossible (or nigh on) to conduct a conversation."

    Wrong again I'm afraid. Many organisations have advertising when you are in a queue or on hold. What they don't do is allow rival companies to use that space to advert their wares. They also don't allow other third-parties to record the content of their calls without a warrant as that would be illegal.

    Why do Phorm and their supporters always twist the discussion away from the subject at hand?

    This forum is not about advertising - especially as BBC.co.uk doesn't not show adverts and is not funded by advertising.

    This whole forum thread is about whether or not the websites at BBC.co.uk should be protected from the third-party commercial use of a system that takes information - including the posts we've all made here - without the BBC's or our consent.

    The subject here is whether or not the BBC should prevent this from happening.

  • Comment number 65.

    Your point rests on this frankly unproven idea that advertisers are like fatties let loose with a Mr Whippy machine i.e. there is not stopping them once they've got hold of you.

    Phorm isn't about increasing the number of adverts users see, it is about making them more relevant to those users and therefore more valuable to advertisers who know that rather than bombarding 2 million people in order to make 200 sales they might only need to target 20000 people to achieve the same result. Higher quality ads improves the browsing experience, increases the value of everyone's ad inventory (spaces on a web page) and would break the monopoly that at present sees crude volume of visitors determine who gets a share of the pie. Leaving the net strewn with a 5 - 10 top notch sites and millions of jobbing amateurs with little opportunity to make any money from their efforts.

  • Comment number 66.

    PointOfOrder, instead of smearing other individuals and companies, don't you think it would be better to actually address the questions raised and answer them honestly and clearly?

    Perhaps people don't have a problem with the other companies because they are open about what they do, and have no problems answering questions presented to them.

    Phorm, previously known as 121Media have a history in spyware, adware and rootkits, and seem too busy attacking others and diverting attention away from their own poor practices, maybe that is why people have such a problem with them and their many and varied representatives.

    So far, there has been little in the way of "unmissable notice that the system is in operation." Unless you count the javascript that was injected into other people's data of course.

    Phorm conducted trials without user consent, and lied to cover that fact. Phorm targeted numerous websites content without consent during those trials, and lied to cover that fact. Phorm have lied to the public again and again.

    If you cannot see how that would cause a problem, then there is nothing that anybody can say that will ever convince you why the system they want to put in place is bad.

    Phorm need to seek consent from end users, and each and every website those users visit for their system. Why is that hard to understand?

    So please, go back and read post number 55 and give answers to the questions and points I raised, rather than pointing at somebody else and screaming "they are evil I tell you."

  • Comment number 67.

    @PointOfOrder:

    Amazon may well target me for advertising, if I choose to visit it, based upon my past behaviour on Amazon itself.

    What Amazon can't do is target me for advertising based on my browsing habits on _other_ sites, including those I operate myself and don't carry any analytics, tracking, advertising, or similar.

    Unless, of course, Amazon were to use something along the lines of Phorm or NebuAd or similar, where a behavioural profile of a user is built in a broadly anonymised fashion on the basis of their communications data.

    That's the high-level issue.

    At the low-level, the only means by which Phorm (and others) can build that profile in the manner described by both them and BT is by 'scanning' traffic as it passes from subscribers to websites and vice-versa. I'm hesitant to use the word 'intercept', because it appears to cause an adverse reaction in some, but that's actually what's going on by any technical and legal definition that carries any weight.

    The fact is that Phorm and BT believe that by anonymising the data within BT's equipment before passing it on to Phorm/OIX as an anonymous behaviour profile they are not carrying out interception as defined by the RIP Act. The Information Commissioner clearly disagrees with this viewpoint, else there would be no consent required. Moreover, even if it were legal to the letter of Act, it would clearly violate the spirit of the law, which is to prevent third parties being privy to two other parties communications. The Act makes no provision whatsoever for exemptions based on anonymising data before it's passed on to third parties; similarly, it does not require that communications data be personally and individually identifiable in order to fall afoul of the anti-interception clauses in the Act.

    Beyond this, when a user visits an OIX-carrying site, adverts are served based on the collected behavioural profile. At this point, the software generating the advertising spots must by definition have access to *both* the behavioural profile and the contents of a normal, direct, HTTP request, which includes the user's IP address and browser platform, and so on. Therefore, while much is made of the fact that a user's IP is not stored against their behavioural profile, the two are still married up once your browser requests an advert.

    However, the copyright issue is quite possibly a red herring - it's entirely possible that Phorm just operates on the basis of categorising URLs using existing publicly-available data, rather than scanning the HTTP request and response bodies themselves for keywords. Even if it did, the case for copyright infringement would be weak, as no direct duplication or reproduction would be going on, and neither the site operator nor the user would be suffering material harm as a result of this. In any case, criminal illegality under the terms of the RIP Act is a far bigger (legal) problem than copyright infringement.

  • Comment number 68.

    Orignally posted as #54 - edited by pengipete inline with forum rules.

    Sorry POO #51...

    Phorm do not provide any notices - that would be the ISP. Phorm are just a contractor and have no say in how each of these ISP's will write or supply any such notices. Phorm's "assurances" are not binding on ISPs and form no part of our contracts with tohoe ISPs.

    Apart from that you need to understand how the internet really works.

    When you "visit" a website and read the information provided, you do not go anywhere or own anything. You are NOT READING the information ON THE WEBSITE or the website owner's server.

    It is wrong to propogate the myth that we TAKE information because then they can claim that it's the recipient's responsibility to ensure that no rights are breached. This is simply not true.

    In short...

    You send a REQUEST FOR DATA to the website then the website SENDS the information TO THE COMPUTER MAKING THE REQUEST.

    Once you understand this you'll understand that the website owner is SENDING information rather than the ISP's customer TAKING the data and the information being SENT is being intercepted without consent.

    You need to understand that the internet is a two way affair and both involve the SENDING of information and that intercepting SENT data without consent is an offence. At no point does anyone TAKE data which means that Phorm need to obtain explicit permission from every website owner. The ISP's customers can not give permission for anyone other than themselves.

    The concept of implicit consent has been used to get around this requirement. That is the idea that anyone putting information on the internet is allowing anyone to read or use that information. This makes no sense once you realise that the data from the website is not being read in the the way that you read a poster in the street - you are actually having the information delivered to you at your request. There is nothing implied in that relationship as the website owner retains the legal right to say - "You can not see this information".

    Implicit consent is a falacy evidenced very easily by the fact that entire websites can be blocked to certain people - non-UK residents being unable to see or download certain content on the BBC's websites for example.

    As to Gmail - or any other throwaway email account...

    Anyone can spot these account addresses - they are not hidden - and can chose not to contact anyone with such an address if they have issues with them. Many forums place restrictions on users who register with these accounts - including charging fees. (Digitalspy.co.uk for example - a forum dedicated to digital television)

    By contrast, there are no signs that a recipient using, for example, a BTInternet.com email address is or isn't using Webwise so sending any information to such an address - including responding to a request for data from my website - carries the hidden risk of having Phorm intercept the data we send.

    Are you suggesting that all addresses for BT, Virgin and TalkTalk be blocked if people don't want Phorm intercepting the transmissions?

    Far better for the website owner - the BBC in this specific case - to tell Phorm not to intercept than to ban 70% of the UK from using the site that they are paying for.

    If Phorm want to be compared to Google then they should operate in the open. They could set themselves up as an ISP and see how many people genuinely want "fewer irrelevant adverts" rather than working inside other ISP's networks and making claims about market research that they refuse to publish.

  • Comment number 69.

    PointOfOrder
    I understand the economics of marketing and the need to better target potential customers but this has to be done in a way that does not infringe civil liberties. Use of loyalty cards and shopping basket analysis in supermarkets are a great example of this but the end user always has the ability to opt out by not using their card. The use of technology like PHORM will make such an opt out impossible and as such infringes their rights.

  • Comment number 70.

    Can I just ask for people to:

    a) be civil - the conversation has been good so far but do think (and take a deep breath) before commenting

    b) stay on topic - the topic here is the FOI request and what if anything the BBC should do about Phorm

  • Comment number 71.

    In my opinion, due to the fact that a Phormed user would effectively be allowing the comments by everybody on any particular page to be scraped, with possible personal information therein, along with the BBC's valuable intellectual property, the BBC should block Phorm.

    To protect privacy and to prevent copyright abuse, just say no to Phorm.

  • Comment number 72.

    I have just been reading through the BBC Charter and notice that one of the first requirements is that what the BBC does must be legal. The issue of commercial services are allowed under the Charter. Independence is mentioned a number of times as is that the BBC Trust "discharges a public trust as guardian of the public interest".

    The legal issues are easily covered. Changes to privacy policies would be required and 3rd party content provided under original privacy policies should be treated ... how? Other posters have already raised this issue.
    Changes to copyright licences are also easily made, again the question of content provided under previous licences.

    It almost sounds like there would need to be a whole new site to allow for interception and the current site would need to be treated separately to honour original use terms and conditions.

    PoinyOfOrder in post #46 mentions RIPA and clarification of this would be necessary too, I suspect.

    "(a)
    so modifies or interferes with the system, or its operation,"

    Redirects to a webwise controlled domain and the writing of [forged] cookies before content is delivered to the user would fall within this section.

    "(b)
    so monitors transmissions made by means of the system, or"

    Sending both the URL and content to be analysed and the URL to Phorm's OIX system for use by advertising partners suggests monitoring.

    "(c)
    so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system,"

    A level-7 router would see all data packets and data contained therein so would also be covered by this section

    "as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication."

    The URL is a unique identifier of content, plus an extract of that content, both are sent by the level-7 switch to the OIX system.

    Any website can advise its visitors that it is allowing this interception by hosting within its code the tags supplied by OIX. The patent shows that these scripts perform the same operation as the DPI system in terms of making content available to the profiler. This means that 100% of visitors would have their visit to the site added to their profiles, not only the visitors from an ISP installing Phorm's DPI system.

    It does rather raise the question of why Phorm needs any ISP to use the DPI system, but that is another debate.

    Which path of opt in/out by the BBC makes it possible for all the following to be ticked?

    "23.General dutiesIn exercising all its functions, the Trust must act in the public interest and, in particular,
    it must
    (a)represent the interests of licence fee payers;
    (b)secure that the independence of the BBC is maintained;
    (c)carefully and appropriately assess the views of licence fee payers;
    (d)exercise rigorous stewardship of public money;
    (e)have regard to the competitive impact of the BBCs activities on the wider market;
    and(f)ensure that the BBC observes high standards of openness and transparency.
    24.(2)(f)discharging the regulatory functions accorded to the Trust and holding the ExecutiveBoard to account for the BBCs compliance with applicable regulatory requirementsand the general law;"

    "Role of the Executive Board38.Functions of the Executive Board(1)The Executive Board is the executive body of the BBC and is responsible for
    (a)the delivery of the BBCs services in accordance with the priorities set by purposeremits and the framework set by service licences and any other strategies;
    (b)the direction of the BBCs editorial and creative output;
    (c)the operational management of the BBC (except the BBC Trust Unit);
    (d)ensuring compliance with all legal and regulatory requirements placed upon the BBC(including the initial handling of complaints about the BBC) except to the extent thatthey relate to the affairs of the Trust or the BBC Trust Unit;
    13


    (e)ensuring compliance with requirements placed upon the Executive Board by theTrust (for example, through Protocols or the Trusts statement of policy on fairtrading);
    (f)making proposals to the Trust for anything which is for the Trust to approve underarticle 24(2)(a), (d) or (e);"

    It rather looks like a decision to be made by the BBC Trust and followed by the Executive.

  • Comment number 73.

    From http://news.bbc.co.uk/1/hi/help/3281815.stm

    (News sources)

    "Any content specified as Reuters content is the intellectual property
    of Reuters. Any copying, republication or redistribution of such Reuters content, including by cacheing, framing or similar means, is expressly prohibited without the prior written consent of Reuters."

    One for the BBC lawyers. Is the BBC not acting to prevent 3rd parties making derivitive works of non-BBC copyright?

    Ditto Digital Look Ltd, The London Stock Exchange, The Frankfurt Stock
    Exchange and others.

    Has the BBC checked with these suppliers for their thoughts on the issue?

    Furthermore, Phorm should really be asking web sites to opt-IN to their service. It would remove, at a stroke, many of the problems being discussed here. Phorm could then reasonably imply consent for use of copyright and setting cookies in that site's domain etc. (Although it still would not allow that site to 'give away' copyright it does not own).

    However, they only provide an opt-OUT. If a site, such as the BBC, has to opt-OUT in order to maintain the status quo, and this results in bad publicity for phorm, then they only have themselves to blame.

    Failure of Amazon or Wikimedia or the BBC to opt-IN would not make much of a story.

    The fact that very few sites would opt-IN is again phorm's problem. They need to provide a product that people actually want, not one that has to wrap itself in promises of anti-phishing (redundant for most users) or "better adverts".

  • Comment number 74.

    On the subject of consent, BT have themselves acknowledged that the consent of both parties is required. Their argument was laid out as below:-

    "It is our position that there is no offence committed under Section 1 of RIPA because any interceptions carried out under the Webwise process are made with "lawful authority". In circumstances where a customer has opted-in to the service, that customer has consented to interception. We also consider that as a consequence of the manner in which the Internet operates, there is a general presumption that website owners have also consented. That presumption may be overturned in certain circumstances and we believe that Webwise takes that into account (see description of privacy features above). In addition, we have a published mechanism that allows website owners to expressly request that their websites are not profiled. Accordingly, where a website owner chooses not to utilise any of these features, we consider that we have reasonable grounds to believe that he has consented to interception."

    In other words, they regard web site T&Cs as worthless. Unless a web site 'opts out', either by using ROBOTS.TXT to deny google (they do not provide any means of using ROBOTS.TXT to explicitly deny Phorm), or via Phorm's un-proven exclusion mechanism, BT at least assume the web-site permits its use for commercial purposes.

    Unless the BBC is prepared to challenge this assumption in the courts, and assuming they do not want to ban search engines, their ONLY option is to request that Phorm opt them out.

  • Comment number 75.

    Oh, and BT's view on the validity of web-site copyright notices

    "Again, we do not consider that an express consent is required from website owners for copyright purposes. We consider that the Webwise mirroring process is generally covered by an implied licence and that putting a notice on a website is not sufficient to overturn that implied licence. In order to do so, it would be necessary for website owners to notify BT to tell them specifically that there is no consent and to identify the website or websites to which the notice applies."

  • Comment number 76.

    @Sir John Luke:

    on that front, BT is probably correct - Phorm is no more 'copyright infringment' than Google's spider is. In fact, it's possibly not infringement at all because no reproduction takes place. It's sleazy of them (well, Phorm, being the technical implementors) to only obey a robots.txt which blocks Google, et al, but it's not at all clear that it's illegal.

  • Comment number 77.

    Incidentally, do we actually know whether opting out websites from BT Webwise will also opt them out from other implementations of Phorm technology, in particular overseas implementations such as QookSmartWeb?

  • Comment number 78.

    @ nevali #76
    "on that front, BT is probably correct - Phorm is no more 'copyright infringment' than Google's spider is. In fact, it's possibly not infringement at all because no reproduction takes place."

    If you understood the mechanisms of the robots.txt and server header data you would not say such a thing about Google. Google and any other search engine can infringe copyright just like anyone else. Specific mechanisms are in place whereby a crawler requests a licence to make a copy to include in the index.

    Phorm behaves like all the other rogue bots that take an infringing copy for their own purposes and webmasters do what they can to block them.

    You are also incorrect in claiming that no reproduction takes place. Part of the process is for the ISP to take a mirror copy of the communication and it is that copy which is processed and passed to the channel server. The diagrams attached to the patent are very clean in showing a copy of content is made. Even Phorm's own little graphic shows a copy being made which then goes to the 'incinerator' after the content is matched to the advertising channels.

    Definitely a copy being taken and if they don't have a licence for the commercial use then it is an infringing copy for commercial use which has higher protection under UK law than an infringing copy.

  • Comment number 79.

    @nevali

    not too sure about that. Phorm actually make a full copy ('mirror') of the website page (as a semantic point, I'm not sure whether this is done by Phorm-owned equipment, or equipment 'gifted' by them to the ISP in order to avoid possible liability). It is this unauthorised copy (made for commercial gain) which is then analysed for keywords.

    Possibly getting a bit off-topic though. Whilst the legality of Phorm is certainly open to question on many fronts, this blog is more concerned about whether the BBC should opt out, even IF the technology is eventually found to be legal or is retrospectively made legal.

  • Comment number 80.

    nevali
    "on that front, BT is probably correct - Phorm is no more 'copyright infringment' than Google's spider is. In fact, it's possibly not infringement at all because no reproduction takes place. It's sleazy of them (well, Phorm, being the technical implementors) to only obey a robots.txt which blocks Google, et al, but it's not at all clear that it's illegal."

    big difference between googlebot and phorm

    the google spider (googlebot) makes a direct request to the website for the content and has it own unique robots.txt directive so you could block googlebot only with out affecting for instance MSN indexing you website. as googlebot makes the direct request it will leave entries on the website log files for the webmaster to check compliance and complain if it ignore the robots directives

    Phorm on the other hand do not make a direct request as the mirror / copy data in flight using DPI technology which is designed to be invisible and stealthy, leaving no entries in the logs of a website to check the compliance with the websites opt-out status (if it has opted out) phorm refuse to allocate a unique robots.txt directive so webmasters have the choice of allow phorm to scrape the website or block google or all indexing services there by denying them the ability to attract traffic

    added to that many personal websites do not have the ability to opt-out as they are not the domain holder or add robots.txt files as they do not have access to the root directory

    but back to the topic, the BBC has a limited license from many copyright holders to display content for personal use by website visitors, what they do not have is the right to delegate the license to a third party (like phorm) to use the content (or a derivative work) for commercial gain, and to make it clear phorm would have access to the full content of the page as they are passed the URL as part of the data digest so can visit the page

    so no brainer, the BBC should with immediate effect opt-out all BBC domains from webwise / phorm and any other DPI based systems


    peter

  • Comment number 81.

    How will the BBC handle a situation where they want to publish an extract from a Phorm excluded website as part of an article or news story?

    How will the BBC know which sites are excluded?

    The high profile domains such as Amazon and Wikimedia are on the tip of the iceberg - there will be many more that exclude Phorm.

    If I own a website and tell Phorm that they may not use any information it contains for commercial gain, is it acceptable for the BBC to then publish any part of my website knowing that they would be permitting Phorm to use my data against my wishes?

    Are the BBC going to shape their news stories around the use of Phorm on these sites or are they going to ignore the explicit wishes of the website's owner?

    Does this not constitute a threat to the BBC's ability to report and inform?

    Does the BBC nderstand that publishing even one line from a website and making available to Phorm is going to result in a potential lawsuit?

    The BBC can publish extracts from copyrighted works for specific reasons - news and educational purposes are covered - but they can not knowingly pass that material on to an advertising company.

    The BBC know that Phorm exists and they know that they can avoid the mis-use of copyrighted material. They have no defence if they don't act to protect the material they borow.

    How much time and money are the BBC willing to spend on defending potential lawsuits arising from something as simple as not telling an advertising company that they can not use the BBC.co.uk website for profit?

    It's a no-brainer. Say nothing and you will be defending that decision for a long time to come - and you'll very likely lose. Say "No!" to Phorm and there is no problem - things carry on as normal for everyone.

    This issue has been known about for months now and the BBC has managed to pretty well bury every related story for self-serving reasons which are now pretty clear thanks to the FOI documents.

    Sorry to say it but the BBC has to make a decision now. For all we know Phorm is operating right now without our knowledge - not an unreasonable suggestion given that they did just that in 2006 and again in 2007. The BBC websites will have already been subject to interception - 180,000 BT customers were targetted in 2006/2007 and that number has to have included people who use the BBC website.

    Are the BBC happy with this?

  • Comment number 82.

    Nevali, I am of the opinion that there is a big difference between the service provided by Google and the behaviour of Phorm, the two can't really be compared fairly, even though Phorm and their partners would like people to believe so.

    Google offer a service in the fact that if you allow them to spider your site, you will appear in the search rankings, the more optimised your site is, the further up the rankings you will be.

    With Phorm, they will exploit the content to drive the profiled customer away to competitor sites, unless you block Google.

    As much as Phorm would love to see Google as their arch-rival as far as advertising goes, the two companies are worlds apart.

    Google don't actually use a sites content to target their adverts, they use the search terms entered by the user.
    Phorm use your own sites content against you to drive your visitors away to OIX advertisers.

    Isn't it strange though, regardless of the constant rhetoric from Phorm supporters and PR people about how evil Google are because of the Gmail service, and how they are trying to monopolise the ad serving industry, and whatever other complaint they need to use on any given day to turn attention away from themselves, they want to use the exact same user-agent as Google in the spiders.txt?

    Surely if Google are *insert insult of choice here* Phorm would want their own agent?

    It's also worth noting that Google won't try to take a copy of anything if you use the noarchive meta tag, they will merely index and rank things if you allow them to.

    There is a big difference in the way indexing and archiving/caching are done.

  • Comment number 83.

    There is no benefit to the BBC (or any website operator) in allowing Phorm to profile visitors to it's website(s). The only organisations that benefit from this are Phorm and the ISP's (and that benefit is financial).

    The BBC choose to partner with Audience Science for their Worldwide sites and I presume are rewarded financially which is a perfectly acceptable arrangement. There is no partnership between the BBC and Phorm yet Phorm would still gain financially regardless.

    Opt-out for website operators is unacceptable and the BBC (or any website operator) should not have to be in a position to make this decision in the first place. However, in my view the decision the BBC should make is an easy one and that is to opt-out all domains that contain publicly funded content from Phorm/Webwise.

    Although it's an easy decision in my eyes, I do understand why the BBC need to ensure they give proper consideration, they must be seen to be impartial. That being said, there is no justification in allowing a third party to use the interaction of visitors to the BBC website(s) for commercial gain.

  • Comment number 84.

    surely the best and probably the safest thing for the BBC to do is with immediate effect OPT-OUT all of the BBC domains from phorm, then monitor the situation

    IF phorm is then shown to be legal (by a court case) or it gets a favourable result after the EU investigation then the BBC could then contact phorm and "remove" the opt-out

    that way the BBC has procected their customers data until the the position over phorm is clear, but at the same time have kept their options open

    peter

  • Comment number 85.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 86.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 87.

    ""It is the unlawful interception of data which is the offence under RIPA (unless that interception has lawful authority), not how the interceptor uses or intends to use that data." - Simon Watkin, Home Office.
    "
    as simon watkins clearly points out in a FOI request, clearly the act of "screen scraping" the BBC pages with DPI kit for profit of every single phorm type DPI ISP user page request without consent or "lawful authority" is an offence under RIPA, all

    thats at least 18,875,354 unique page hits as covered by the 8 days of the internal BT report regarding their covert trials of Phorm (then called PageSense) in September 2006http://www.wikileaks.org/wiki/British_Telecom_Phorm_Page_Sense_External_Validation_report


  • Comment number 88.

    PointOfOrder, as much as it might thrill you to think you scored a point, the very nature of a lot of the subjects discussed on these pages leads to personal information being posted.

    Subjects such as religion and political leanings for instance, not to mention discussions about an area that a person lives.

    By their very nature, a lot of topics discussed will be personal, and with enough information of that type, it is too easy to build a profile that can be linked to an individual.

    Not to mention that a UID is personal, regardless of claims that because they only know you as a number. That number still links to a specific individual, as much as Phorm would like the whole world to believe otherwise.

    If Phorm were absolutely sure about their ability to remove all personal information, they would have no problem submitting their data to testers to see if it can be linked to an individual.

    That seems to be something they don't even want to comment on, let alone allow.

    You seem to be confusing the Phorm and Google business methods, Phorm are parasitic in nature, Google give people something of intrinsic value. Phorm have yet to offer anything worthwhile. As they say; go figure.

    The BBC wouldn't be interfering in the legitimate commercial interests of a UK listed company at all if they stop Phorm profiling THEIR pages, they would be preventing abuse of their intellectual property and ensuring the privacy of users who haven't signed up to be profiled by Phorm.

    You can't deny that Phorm would gladly scan every page that a user of their service views, regardless of who may have commented, and regardless of what the article on the page is about, it's what their business model is based on.

    It's not interference to protect your own interests and users. It's called being morally responsible.

    If the BBC don't deny access to Phorm, that's interfering with the rights of the people who pay their bills.
    Unless of course Phorm would like to fund the BBC and remove the onus from the licence payers, then you could at least argue there is a case for Phorm being allowed a free for all on all BBC content.

  • Comment number 89.

    It is unfortunate that attempts have been made to hijack this blog for irrelevant personal attacks. Hopefully those who have to resort to regurgitating the smears on the StopPhaulPlay web site will not be allowed to divert attention from the discussion which this blog is intended to provoke.

  • Comment number 90.

    Now: On TV, On Radio and Online.

    When the BBC comes to renew it's charter in 2016: Online, On TV and On Radio?

    If all online content is then subject to man-in-the-middle profiling for
    advertising purposes, you may get your charter, but you won't get a licence fee.

    If your content is being used for advertising purposes anyway, you will be told
    to obtain more value from it.

    We are about to cross the Rubicon. Do we allow snoop-boxes onto our future,
    primary means of communication? In a few years TV, Radio and Telephones will all
    be 'Online'.

    I believe the BBC would be serving the public good by opposing this interception. It will
    also be safeguarding it's own future at the same time.

  • Comment number 91.

    Poo #86.

    If you are going to "quote" the BBC's rules, at least include a full quote and links.

    On that basis, how about this? http://www.bbc.co.uk/terms/


    4. All copyright, trade marks, design rights, patents and other intellectual property rights (registered and unregistered) in and on bbc.co.uk and all content (including all applications) located on the site shall remain vested in the BBC or its licensors (which includes other users). You may not copy, reproduce, republish, disassemble, decompile, reverse engineer, download, post, broadcast, transmit, make available to the public, or otherwise use bbc.co.uk content in any way except for your own personal, non-commercial use. You also agree not to adapt, alter or create a derivative work from any bbc.co.uk content except for your own personal, non-commercial use. Any other use of bbc.co.uk content requires the prior written permission of the BBC.

    ...or this http://www.bbc.co.uk/terms/#4

    7. Copyright in your contribution will remain with you and this permission is not exclusive, so you can continue to use the material in any way including allowing others to use it.

    Which part of the BBC's rules don't apply to Phorm?

    Which part of the BBC's rules says that they will knowingly allow a breach of copyright?

    +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


    For the readers at the BBC...

    If we turn the whole situation around it may make things easier for to understand...

    Would the BBC specifically opt-in to Phorm if it was switched off by default?

    If the answer is "NO" then you should opt-out.

    Many people already regard the forced "opt-in" default for website owners to be offensive amd unacceptable and it is likely to lead to legal problems for Phorm and the ISPs.

    The BBC's situation is a prime example of why - the enforced opt-in muddies the water and makes the decisions seem much more complicated than they really are.

    If you wouldn't use Phorm because of the potential harm it could do then you must take the nearest option available and opt-out.

  • Comment number 92.

    I'm posting this seperately so that it doesn't get buried amongst other comments.

    FAO Nick Reynolds...

    Do we get any feedback from the BBC on this forum and when can we expect to see this?

  • Comment number 93.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • Comment number 94.

    @ 82

    "It's also worth noting that Google won't try to take a copy of anything if you use the noarchive meta tag, they will merely index and rank things if you allow them to."

    Ah ha - so in order for a website to escape scraping by Google the website owner/master has to do something...funny that once again this is OK for Google but not for others.

  • Comment number 95.

    @ 94

    Well it's not ideal, but we are also urging the BBC to do something. Opt-OUT.

  • Comment number 96.

    @pointoforder

    "'Dephormation Pete' the only reason the "best and probably the safest thing for the BBC to do" "

    thankyou for confirming you are a phorm employee or a phorm PR person

    phorm had to withdraw that claimed link between the nick of dephormation and bluecar from its stopptoulplay website as it is totally incorrect, it was actually in one of the first batches of changes to phorms "truth about smears"

    let me confirm for the record, i am not the user you have claimed i am, nor never have used the nick dephormation on this or any other forum

    now if you will stop the diversionary tactics and attempts at smears lets get back on topic, which is about the BBC and whether phorm / smartweb / qooksmartweb / webwise is against the bbc charter and whether the BBC should opt-out all of their domain names from profiling and the potential issues of copyright claims by allowing there content and third party content licensed to them for non commercial gain

    as i said before

    ******************
    surely the best and probably the safest thing for the BBC to do is with immediate effect OPT-OUT all of the BBC domains from phorm, then monitor the situation

    IF phorm is then shown to be legal (by a court case) or it gets a favourable result after the EU investigation then the BBC could then contact phorm and "remove" the opt-out

    that way the BBC has procected their customers data until the the position over phorm is clear, but at the same time have kept their options open

    ****************

    the only issue with the above is phorm need to provide a way for websites to verify that phorm is acting as requested and not processing pages from websites who have opted out!!

    only problem is due to DPI being a stealth type technology that is difficult as the system is designed to be invisble, and if you read the BT pagesense trials paper on wikileaks you will see the sucess was measure by BT customer not being able to detect the system was in use

    ball is firmly in phorm's court on that one

    peter


  • Comment number 97.

    @ POO # 93

    Why do you keep referencing that man Alex. I've got no interest in him or what he has done in the past or present. It's not the subject of this discussion which is about the BBC's internal discussions as per the Freedom Of Information released emails. The subject is what the BBC should do about Phorm - and several reasons have been presented as to why people believe they must opt out.

    Whilst you continue to be drifting off civil discussion of the real issues, I have not seen you tackle the specifics of the key points POO.

    By that, I mean you should respond to post number 91 above where one invidual points out very clearly the matters detailed within the BBC website terms which are ignored and infringed by the way the Webwise/Qookweb/Smartweb system works (according to the information from Phorm and BT about Webwise over the last 18 months)

    Don't divert, don't dodge. Just respond to the facts and with relvant facts. Then, and only then, will you command a respect which intelligent debate can achieve.

    No more smearing of other individuals here; deal with the issue which leads the BBC team to be in this difficult situation where they clearly have concerns about the system Phorm wants to get our ISPs to use.

    Let's hear why you think post 91 is wrong, invalid and not reason for the BBC to take Opt Out action.

  • Comment number 98.

    PointOfOrder,

    as has already been stated, people will accept it from Google because they offer both end users and webmasters something of intrinsic value.
    Phorm offer nothing of value.

    The only sensible option for the BBC is to protect their intellectual property and their users by telling Phorm no.

  • Comment number 99.

    Poo #94

    Not so funny when you realise that BT are blocking Google from their beta.bt.com forums which means that Phorm will also be blocked.

    When even Phorm's business partners are banning the use of Phorm's systems from their own websites there's clearly no reason for the BBC to worry about doing the same thing. Any possible problems raised by the BBC's guidelines are covered by this single example.

  • Comment number 100.

    @pointoforder

    one thing i have noticed is the you have attracted virtually all the moderator edits and removals on this site

    that should speak volumes for readers of this blog

    this has also been a pattern i have seen on other forums and blogs, along with thread diversionary tactics where phorm and or their associated PR compaines etc post

    so lets keep it on topic, THE BBC and PHORM / WEBWISE OPT-OUT and COMPATIBILTY WITH THE BBC CHARTER

    peter

 

Page 1 of 2

More from this blog...

BBC iD

Sign in

BBC navigation

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.