Posted: 25th Nov, 2010 By: MarkJ

Broadband ISP TalkTalk UK has announced that it is proceeding with plans to launch a controversial new internet
anti-malware security technology (
Virus Alerts Service) and expects to "
commence trials [with] a limited number of customers" within the next few weeks. The service first emerged in July (
here) after some of TalkTalk's customers spotted that their online
website browsing activity was being recorded without consent.
The system, which the
Information Commissioner's Office (ICO) recently likened to Phorm (
BT Webwise) (
here), follows customers around the internet and makes an anonymous record of the website addresses (
URLs) they visit.
TalkTalk Technology's Managing Director, Clive Dorsman, said:
"As we’ve outlined before, we want to deploy some new free internet security technology to help make the internet safer for our customers. These days homes have so many devices hooked up to the web, working across multiple platforms, that keeping them all secure is harder than ever. Our plan is to provide an additional level of security at a network level – in other words stopping the bad stuff before it gets into your home in the first place.
We’ve had lots of feedback on this topic in recent months. We would like you to know that we have welcomed the chance to review this feedback, and have had some useful discussions with the relevant public bodies. We now expect to be able to commence trials for a limited number of customers who have agreed to test our anti-malware system in the next few weeks."
At the time TalkTalk did not appear to recognise that the location of a URL and
the URL itself can also contain sensitive personal data, such as names and addresses. The UK
Regulation of Investigatory Powers Act 2000 (RIPA) clearly prohibits "
interception of a communication", a rule that is currently in the process of being tightened even further to match EU law (
here).
Clive Dorsman added:
"As a reminder, this system will warn customers who opt into the service about sites they try to access, which we know to be infected with viruses or other malicious software. The system also records all the website URLs to which our whole network has been asked to connect. The system simply records the destination website URLs; it does not record who sends the request or other personal data with the URL."
The final sentence of Dorsman's comment appears, without further information, to be contradictory and states that the service "
simply records the destination website URLs" but not "
personal data with the URL".
The suggestion above appears to be that TalkTalk will strip personal data from a URL, which is good news, although the language is unclear. In any case, accurately identifying personal information from the structure of a dynamic URL, via an automatic system no less, is unlikely to be very effective.
We are currently attempting to gain further information on this point and will report back once a reply has been recieved. In the meantime TalkTalk has uploaded a new
Virus Alerts Q&A page.
Related News:
26th July 2010 - UK ISP Talk Talk Monitoring its Customers Online Activity Without Consent
30th July 2010 - UK ISP Talk Talk Defends Customer Website Snooping System
16th August 2010 - ISP Talk Talk UK Responds to Privacy Concerns Over URL Monitoring Service
23rd August 2010 - UK ISP Talk Talk Defends Website URL Tracking System from Privacy Concerns
7th September 2010 - Trouble for UK ISP Talk Talk as ICO Criticises Website URL Snooping System
UPDATE 27th November 2010We have waited several days to get a reply and clarification from TalkTalk's chief PR agent about our question above, although so far nothing has been forthcoming.