|
|
News
Topic has 9 replies.
  
|
|
Sort Posts:
|
|
|
|
 01/05/2008, 5:27 PM
|
Stephen Mainwaring
Joined on 01/05/2008
Weston
Posts 2
|
|
|
A few weeks ago the Mercury ran a news item on myself with regards to BT and 'spying'. I would like to clarify a few points and give and update on what is happening now.
What did BT actually do?
BT intercepted my internet communications and processed the data in order to test out a new advertising system called 'Webwise'. They did this illegally because they did this without my consent.
Why did they choose you?
BT did not pick out individuals. They ran these tests on thousands of users at random times. The latest admission is that around 108,000 BT customers were part of the secret trials.
Isn't that more than the population of Weston?
Yes. So this proves that it was not just Weston who were part of the trials. Even though BT still state that 'only one exchange was involved in the tests' BT customers from Cardiff to Greater London to Brighton have contacted me to say that they were part of the trials too. This just goes to show the scale of the trials and how BT are trying to keep quiet about it.
What exactly happened during the trials?
In June 2007 my PCs were connecting to a rogue site called sysip.net. Every website I visited would first make a connection to sysip.net before displaying the page I wanted. This was scary as none of my security tools were informing me of this interception.
What is sysip.net?
sysip.net is a domain used by a company called Phorm who were once called 121media. This is a company fronted by a Russian entrepreneur which used to make software which has been described as 'spyware'.
What did you do about it?
As soon as I saw the problem I contacted BT Business Broadband support to ask what was going on. The support staff, and senior staff insisted that my PCs were infected with a virus and that the problem was mine to sort out. Worried about my business data I effectively shutdown my business for a few days, purchased new hardware, and had the administrative nightmare of changing dozens and dozens of passwords!
How long did the trials last?
The 2007 trials lasted for about two weeks. During this time BT still insisted that my PCs had viruses and that there were no tests with Phorm going on.
What happened next?
In the middle of July BT made a statement that 'there was an issue affecting a small number of users'. From this I concluded that they had actually had a virus themselves. I basically left it as I had trusted BT.
What is the connection between BT and Phorm?
Phorm are an advertising company trying to push their Webwise and OIX system onto ISPs with the expectation of generating hundreds of millions of pounds in advertising revenue. It is estimated that BT alone could rake in £85 million a year from running the Phorm / Webwise system.
What is the problem with advertising like this? I read the admag and like ads!
The problem is with the way information is gathered about you. This is effectively targetted advertising where if you are browsing websites for exotic holidays you will start to see adverts for exotic holidays but it is more intrusive than that.
Where it gets intrusive is that very webpage you visit, everything you read and write will be 'profiled' in order to make an assessment of your browsing habits. Think of it like visiting a shopping mall: every shop you go in is recorded by someone with a clipboard. Every item you look at, everything you say to the shop staff or your friends is recorded... As you walk around the shopping centre you will start to see adverts personalised to you.
Phorm will say that 'no personal information is processed' and there is no way that any individual can be identified. But in order to process the data they have to process everything you read and write. Think of it like the person with the clipboard recording all that you read and write and then cutting out the personal bits and discarding it.
Here is another analogy:
You write a letter to someone, put it in an envelope and post it. In the mail system your letter is opened, photocopied, sealed back up and delivered on it's way... The photocopy of your letter is examined and keywords extracted. So if you wrote to your aunty asking her if her bunions are well and if she is sleeping easy at night then soon you will start to receive junk mail for bunion cream and memory foam beds.
So it is just like a supermarket loyalty card?
No! With a supermarket loyalty card you have the choice to a) shop there using your card, b) shop there without using your card, c) shop somewhere else. With BT / Phorm / Webwise you do not have much choice.
At first Phorm wanted this to be an opt-out method where every customer will be profiled but has to ask to be opted out. This has changed recently due to clarification from the Information Commissioner's Office (the organisation set up to protect our data) in that such systems must be opt-in only.
Note too: With a supermarket loyalty card you get points rewards. With this internet advertising BT and Phorm get a load of money but customers get no financial reward.
So what if they read what I read. If you have nothing to hide online you have nothing to worry about!
I do have something to hide online - an online business where I don't want any russian programmers reading about my website, my business information or my customers information.
I run a messageboard where subscribers can discuss financial matters. The way Phorm works as-is, is that this private information will be read and profiled even though it is in a password protected area! This is not fair and not right.
Is this advertising system legal? What about our rights?
BT and Phorm insist it is legal and that they have taken legal advice but they will not produce the evidence to prove this.
The Home Office and ICO have made comments on the system and BT / Phorm are selectively taking extracts of those statements to use as a sort of endorsement. If anything, those statements are only re-affirming that systems like this must be opt-in only, and that consent has to be granted first.
Did BT break the law?
Some legal types such as the foundation for information policy research (FIPR - independent body which advises the government on IT and privacy matters) state that what BT want to do in the future is quite possibly illegal, and what they did with the secret tests was clearly illegal:
"...the operation of Phorm's systems involves:
* interception of communications, an offence contrary to section 1 of the Regulation of Investigatory Powers Act 2000
* fraud, an offence contrary to section 1 of the Fraud Act 2006
* unlawful processing of sensitive personal data, contrary to the Data Protection Act 1998
Individual directors and managers of the Internet Service Providers involved could be criminally liable for these offences."
What happens next with BT / Webwise?
BT want to perform a new trial on 10,000 customers. This trial has been delayed because they can not get the mechanism for opting-in right. But very soon BT will start to trial Webwise with the intention of rolling it out to every customer later in the year.
What are you doing about it now?
I have made an official complaint to the ICO stating that during the 2007 trials BT had intercepted my communications, had processed my data, continued to do so even after I had complained about it, and that they give me mis-information in stating that my PCs had a virus when they had not.
What about the Police?
The ICO investigation has to run it's course. Once they make an announcement on the 2007 trials I will then decide if I need to contact the Avon and Somerset Hi-Tech Crime Unit.
Where can I read more about what has gone on?
This story has been running since February this year. You can read more about it via the following sites:
Badphorm
Inphormationdesk
FIPR letter to ICO
FIPR on Legalities of Phorm
The Register on Phorm and ISP Advertising
The Register on BT Secret Trials 2007
Phorm
BT Webwise
|
|
|
|
|
Report
|
|
|
|
|
10/06/2008, 10:24 AM
|
lemoncakes
 
Joined on 09/06/2008
Weston-super-Mare
Posts 264
|
|
|
|
Hi Steve any updates since of how things are progressing ?- I remember about that time being invited to login to a selection of websites using phorm in connection with BT and I was nearly tempted to give it ago
- but the whole thing had a 'tang' of spyware in the method of asking my permission - it came accross as sneeky - which reminded me of how I first came accross 'gator' an adware program that was very popular in the early 2000's - that rapidly became unpopular within the business community as they placed pop up adverts over other companies websites - so - I think (although I can't be sure) I chose not to allow it to have access to my machine, I do remember that I got an invite to login somewhere using it though and I refused because of the similar method of trying to 'catch me out'.
- The problem is with these subtle, tick box optin sharing information services - is - that sometimes I felt like sharing things - and it was before social networks were so self defined - so it was the kind of program I might have joined in order to 'share' my websurfing experience - even if it was only with an information broker gathering my data in order to use it against me/sell it to other companies for marketing purposes - I don't have a problem with contextual advertsing if transparent marketing practices are used - and most marketing/ecommerce people are 'normal' and not out to rip people off -just make a living - like you get good ebay sellers and bad ones.
With the advent of social networks - sharing is quite open between smaller businesses and personal information through facebook/myspace groups - which is why BT use of an ex adware maker was rather unsubtle - stuck out like a sore thumb in terms of nettiquette savvy - and the fact they chose to use it in some cases without permission (like on yourself, maybe me, who knows ?) is illegal in some States in the USA - I've no idea in UK - data protection act ? - sharing of personal information about a third party without permission - their argument sounds bit like hyjacking a webcam stream without the persons knowledge - then saying - oh but we don't watch it...we just sell it on to the highest bidder.
I'm a Video blogger and an Internet Thingy too!
You can twitter me: @lemonknickers
|
|
|
|
|
Report
|
|
|
|
|
13/06/2008, 8:46 PM
|
Stephen Mainwaring
Joined on 01/05/2008
Weston
Posts 2
|
|
|
|
Hello. There was a lot of activity within the past two weeks.
The first thing to report is that the ICO sent me a letter stating that BT probably did contravene their regulations during the trials but as those trials were "small scale" and "technical in nature" they are not going to do anything about it.
It's a complete farce. If I hacked into random users accounts claiming
it was only a 'small scale technical test' I'm sure I would not get
away with it like BT has!
You can read an analysis on the ICO reply here:
https://nodpi.org/2008/05/
A few days after that someone had leaked a BT internal report on the 2006 trials (my story is for the 2007 trials but this is relevant). The leaked report is quite revealing in that it shows exactly what BT did during those trials. You can find out more about this leaked document here:
https://nodpi.org/2008/06/04/bt-covert-trials-in-2006-the-facts-about-pagesense/
I think there is now no doubt that BT did wrong as the leaked document clearly shows that BT contravened at least two Regulations covered by the ICO. But even after this leaked document was revealed the ICO are still refusing to take action which is quite unbelievable.
This has now got to go to the European Commission. Commissioner Viviane Reding's team will be looking at this and hopefully they will be banging a few heads together - the Police, the Home Office, the ICO as each of them seem to be passing the buck.
There is to be a demonstration at the BT AGM on the 16th July (at The Barbican, London). We hope to engage with BT shareholders and the general public to inform them of what BT did and why this type of targetted advertising is obtrusive and is a part of the slippery slope of a surveillance society. Later in the afternoon a case file is being presented to the City of London Police with evidence collected from various sources.
More info on the demo / protest here:
https://nodpi.org/2008/06/page/2/
-----
On the point about social sites yes there can be a problem here.
Say you had an account on a social networking site and you are concerned about your privacy. You could set your profile to be viewed by your friends only so that no-one else on the internet can view your information.
That will work as it will keep out search engines, guest visitors and other social networking site users - only your friends will be able to view your profile and information.
But if one of your friends has been 'phormed' then they will leak your information to BT / Phorm. Everything your friend reads will be processed and analysed in order to build up a profile. All the words on your page which your friend is reading will be read by BT / Phorm.
Now they do say that they don't know who you are, and that they do not process personal info, but your details are still being read by them even though you specifically request that only your friends can read your information.
|
|
|
|
|
Report
|
|
|
|
|
25/06/2008, 7:48 PM
|
lemoncakes
Joined on 09/06/2008
Weston-super-Mare
Posts 264
|
|
|
|
Hi Stephen a legal bloke on a network I use said that phorm are going to be required to sort out an optin policy - is this the same piece of information you are talking about above ? - he also points to a ICO document, I'm sure he's saying that their current policy has been deemed not good enough http://www.ecademy.com/node.php?id=107084
If I haven't misinterpreted it, then this is good news that they have been told to sort it out ?
I'm a Video blogger and an Internet Thingy too!
You can twitter me: @lemonknickers
|
|
|
|
|
Report
|
|
|
|
|
13/08/2008, 8:14 PM
|
MJR
Joined on 13/08/2008
Kewstoke
Posts 134
|
|
|
|
Have you left BT, though? There's only one thing these companies understand and that's loss of business. If you're not happy with them, move everything away as soon as your contract permits: move your broadband away, move your calls away, move your line rental away.
If you're looking for suggestions... well, I'm agent AG471 for The Phone Co-op, as well as a customer and member, and the Phone Co-op published a statement that they will not use Phorm or Phorm-like systems in their June newsletter.
|
|
|
|
|
Report
|
|
|
|
|
14/08/2008, 11:18 AM
|
lemoncakes
Joined on 09/06/2008
Weston-super-Mare
Posts 264
|
|
|
|
yeah but, the other options for broadband aren't any better & BT are going to be the leader in Broadband communications with the faster speeds - it would be easier to show mass disaproval for a spyware company they wish to employ (and earn commissions on) than mess about with another service like talk talk or whoever else is out there.
I have no problem with BT - their service is fine - it's their choice of partner which is the issue.
I'm a Video blogger and an Internet Thingy too!
You can twitter me: @lemonknickers
|
|
|
|
|
Report
|
|
|
|
|
19/08/2008, 12:04 PM
|
MJR
Joined on 13/08/2008
Kewstoke
Posts 134
|
|
|
|
BT shouldn't be the leader with faster speeds - if that did happen, then BT OpenReach would be favouring BT Broadband, which would be illegal anti-competitive behaviour.
That spyware was part of BT's service and they're not really going to care about customer disapproval as long as those customers keep paying them. If you don't like it, switch to a Phorm-free ISP - it's a far easier way of getting away from Phorm than turning BT or persuading the Information Commissioner to stop it.
I know talk talk haven't been great, which is why I think it's time for consumers take control of the telephone companies through moves like The Phone Co-op. Switching between two profit-maximising ISPs is merely choosing which psychopath is going to attack you.
|
|
|
|
|
Report
|
|
|
|
|
19/08/2008, 3:30 PM
|
lemoncakes
Joined on 09/06/2008
Weston-super-Mare
Posts 264
|
|
|
|
Interesting what you say about "anti-competitive behaviour" maybe BT are on the border of such trouble aready ? as apaprently BT are planning on upgrading all their BT cabling (not sure on time frame) to enable download speeds of 40MB & "near wireless speeds" to make it easier to download & stream video faster speeds are already in use commercially but BT is aiming this newer technology ultimately at home users - this information has peed off alot of the other big companies that have already invested in the current 'domestic' broadband speeds of around 8MB (my old copper wire can manage about 4-6MB max) - talktalk and all the other lot are thus already using old hat equipment.
I think some good legal people could get phorm to amend /create an optin & optout policy - a similar thing is going on the the States with their big phone company ISP providers, but to be honest phorm has had such bad publicity they will no doubt go under cover, rebrand, rename, maybe add their software very discreetly, and it will be popped into a BT terms of service agreement without most of us realising it.
Their mistake was advertsing it as something it wasn't i.e a webwise security enchancer, when it was clearly mainly an adware vehicle to collect surfing habits then sell the customer data without their permission to the highest bidder. and using a well known adware developer to make it.
Another reason for not switching from BT is these other suppliers actually mess with how you get your broadband at the exchange centre - they but some kind of digital redirection or lock on it - that is a real pain in the bum I am told to get reversed - bit like a 'digital vasectomy' ! - the idea it to make you less likey to change your mind and change providers - say you wished to switch from talk talk to orange (or whoever else does broadband) even to go back to BT - involves additional delays as the new company you switch to has to get the block changed at the exchange. It reminded me of all the hoops some web hosting providers make you jump through if you want to transfer a website or change your servers/provider - thus enough to put me off.
I want a good quality supply, if bT is the best out of a bad bunch I'll stick with them spyware or not, I don't have a problem with being spied on, as long as I know about it!
I'm a Video blogger and an Internet Thingy too!
You can twitter me: @lemonknickers
|
|
|
|
|
Report
|
|
|
|
|
19/08/2008, 10:04 PM
|
MJR
Joined on 13/08/2008
Kewstoke
Posts 134
|
|
|
|
I've not heard of 40Mbbps yet, but I think you're talking about the 21CN ("21st Century Network") upgrade. Non-BT ISPs can sell that on the same terms as BT Retail (else the regulator will probably get involved again), so there's no advantage in being with BT. Indeed, going non-BT means you may get a real email server instead of Yahoo's spambucket... but that's another discussion
I wonder who said switching broadband providers was like a 'digital vasectomy' - did they work for BT? Some ISPs have their own equipment in some exchanges, called Local Loop Unbundling - in Weston-super-Mare exchange, AOL, Be, Talk Talk, Orange, Sky and Tiscali have LLU equipment. Many of those are using kit that's no better than BT's but some LLU ISPs started offering 24Mbps before BT did.
I switched from Pipex to the Phone Co-op a couple of years ago and broadband was off for less than a couple of hours. These days it should be off for less than an hour, according to Ofcom's website. There should be no "block" or "tag" on the line - it should just be a case of telling the exchange you're now served by a different ISP and things just get switched over. There probably are some ISPs who mess you about, but that's why it's good to read reviews. (BT don't usually mess transfers about, else they'd probably get in trouble with the regulators yet again.)
|
|
|
|
|
Report
|
|
|
|
|
29/09/2008, 7:17 PM
|
MJR
Joined on 13/08/2008
Kewstoke
Posts 134
|
|
|
|
Do you like being spied on for advertising, or have you changed Internet Service Provider yet?
|
|
|
|
|
Report
|
|
|
|
|
The Weston Merc... » General » News » BT and 'Spying'
|
|
|
|