Home » ISPreview UK News Archives »
Leaked BT Phorm Trial Report Draws Strong Criticism
By: MarkJ - 06 June, 2008 (9:20 AM)

WikiLeaks has published a leaked 52 page internal report from British Telecom (BT), which regards the operators secret 2006 trials of Phorm (leaked report). The report is alleged to contain evidence that BT "committed at least 18,875,324 illegal acts of interception and modification during its controversial covert "Phorm" trials.".

Firstly we would like to apologise for not covering this sooner, readers have been discussing it for a few days now but serious real-life problems have not allowed adequate time to examine the full extent of this documentation. Meanwhile, Wiki summarises the report as follows:

The report also indicates that personal identifying IP addresses were likely used, despite BT previously assuring the public and ICO that no personally identifiable data was used. IP addresses are recognised by the Data Protection Act.

In addition to the 18 million regular advertising injections or hijackings, it appears charity advertisements were hijacked and replaced with Phorm advertisements.

The advertisements were used to replaced [sic] a ‘default’ charity advertisement (one of Oxfam, Make Trade Fair or SOS Children’s Villages) when a suitable contextual or behavioural match could be made by the PageSense system.

A "cookie" was covertly "dropped" onto 7,000 unsuspecting BT customers computers in collaboration with Phorm (Media121).

"Estimations were that approximately 7,000 had received a cookie"

The report concludes that the "opt-out" system would not work, since BT customers find themselves opted back in every time they changed computers or wiped their cookies:

"The latter issue regarding opt-out could not be specifically trialled either since [BT] conducted this test as a stealth trial".

It should first be noted that the remark pertaining to Phorm's system replacing charity adverts is not completely in context. BT's Emma Sanderson claims that Phorm had already purchased the charity ads used during the trial. Whether or not the charities were aware of this usage is another matter.

Naturally the report has been greeted with anger by those in the wider community, including Alexander Hanff, a much respected Anti-Phorm campaigner who has given a few scalding opinions of his own here:

"It is made obvious throughout the report that one of the highest priorities was finding a way to hide this from customers, and to a certain extent they were successful on this front. The only problem is of course that consent is required by law, so going into stealth mode was perhaps not the best way to run the trials. The whole issue of Cookie Dropping leaves me puzzled too.

If BT were convinced that Cookie Dropping was a legal issue in 2007, what has changed to make it a non issue in 2008; furthermore, what of the safeguards BT stated needed to be met with regards to consent. This was clearly an issue which concerned BT including the problems with using a cookie opt out method which still required traffic to go through Phorm’s system and opted customers back in if they cleared their cookie folder in their browser.

It's understood that BT has been less than pleased with some of Hanff's remarks, calling in the solicitors to exert a little pressure on the busy campaigner. Unfortunately for BT, such pressure is unlikely to stop the planned protest outside the operators forthcoming July 16th general meeting (news).

BT itself has been somewhat reluctant to comment on the report, preferring instead to regurgitate the same old PR spin that we’ve heard for the post couple of months, something which may only add to peoples growing distrust of the technology and its usage:

A BT spokesman said: "The trial was completely anonymous and no personal information was stored or processed. BT sought expert legal advice before commencing the trial."

Meanwhile Dr Richard Clayton, a computer security researcher from the University of Cambridge, has joined the criticism. Speaking to BBC News Online, Clayton said that BT's report "clearly shows that back in 2006 BT illegally intercepted their customers' web traffic, and illegally processed their personal data":

He continued: "The BT author seems delighted that only 15-20 people noticed this was happening and looks forward to a new system that will be completely invisible. This isn't how we expect ISPs to treat their customers' private communications and since, not surprisingly, it's against the law of the land, we must now expect to see a prosecution."

History - [News Archives]


Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved (Terms, Privacy Policy, Links (.), Website Rules).