. . . I got it wrong earlier. Subversion of your Internet Service Provider (ISP) is the real threat to data privacy.
In response to the excellent comments posted following my piece about browsers and spyware, I need to point out that the problem goes much deeper than browser technology. Internet Service providers (ISPs) have the direct ability to pinpoint, log and aggregate every site you visit, irrespective of your choice of browser or what type of spyware detection software you might employ to clean up your local computer files. They are (roughly) equivalent to the network exchanges of the internet, connecting your computer via servers to other computers or servers, each of whom has a unique identifier, whereas the search engines and browsers are (roughly) equivalent to telephone handsets. Every connection to and from a server is logged and can be traced. Phorm and others are advocating profiling using ISP data. This is not conspiracy theory. A leaked memo indicated that British Telecom, for example, tested out Phorm profiling in June 2008, in alleged violation of UK Privacy laws.
For the ISPs, operating in a cut throat market with wafer-thin margins, this could be seen as a lucrative lifeline, and therein lies the danger. So far, despite sporadic outbreaks of sanctimonious finger-wagging, mainly directed against Microsoft, the European Union has failed to legislate against what is increasingly becoming a threat to civil liberties and the free market. Cloud computing could take the problem beyond the tipping point.
I still think Google is getting away with large scale profiling that is slipping under the regulatory radar, and would like to hear more about it (try removing your search history, for example) but here’s a definitive paper on the legal istatus of adware such as Phorm’s Webwise from Nicholas Boem and Joel Harrison:
“Half the money I spend on advertising is wasted. The trouble is, I don’t know which half.” Can targeted online advertising reduce the waste identified in this pithy and much-quoted observation? Phorm, Inc’s Webwise system aims to do so by profiling web users on the basis of their online browsing, and by then selecting the advertisements they see on the basis of their individual profiles. Three of Britain’s largest Internet Service Providers (ISPs), BT, Talk Talk and Virgin Media, are reported to be considering whether to deploy the Webwise system, with BT known already to have conducted technical trials of the system on a number of its customers.
Dr Richard Clayton, of the Cambridge University Computer Laboratory, has published a detailed description of the Webwise system on the basis of information supplied by Phorm. That description repays careful reading, but for present purposes the following summary is sufficient. When an ISP runs the Webwise system, it makes a copy of certain of the web pages visited by those of its customers who it considers have consented to being included in the system. The ISP then carries out an analysis of each page. The fruit of that analysis is a list of up to ten of the most frequently used significant words, after disregarding words consisting only of digits, or containing an “@” symbol, or following a title such as “Mr” or “Mrs” – a sort of digest of the page. That digest is passed by the ISP to Phorm coupled with a pseudonym for the user (a UID), so that Phorm can build a profile for the user by matching the digest against a database of key words. Based on this analysis, the user (represented by the UID) is allocated to certain “channels” (travel, music, sports and so on). When the user later visits a website that is a member of Phorm’s Open Internet Exchange (OIX), the profile is used to select advertisements that match the channels to which the user is allocated.
This process raises a number of interesting legal issues. The Foundation for Information Policy Researchhas published an analysis of the criminal law and regulatory issues affecting ISPs who run the Webwise system.3 This article is directed instead to the legal position of the owners of intellectual property rights (IPR) in websites whose pages are used by ISPs in the course of profiling users. (The person who owns the IPR in a web page may or may not be the person who manages the website of which it forms part, but the distinction is immaterial for present purposes. In what follows the IPR owner is referred to for convenience as the site- owner; and references to ISPs are to those ISPs who run the Webwise system.)
For the full article, go to: http://www.fipr.org/0811SCLarticle.pdf
Thus welcomes further information and comment on this important topic, strictly on the grounds that you don’t hassle me too stridently for not knowing what the hell I’m talking about. John J Kelly
7 Comments
John
Well done for taking on board the comments and revisiting this issue.
Good journalism.
When people really understand what the likes of BT with their webwise system are up to, there does tend to be a universal disgust expressed regarding the idea.
Many thanks.
Thanks for updating the article. Well done. If only our legislators and regulators were so ready to listen. thanks again.
Thank you for taking the time to re-examine the issue and post your thoughts.
Hi John,
I just wanted to thank you for revisiting the issue and taking onboard the comments on your previous article. If you would like to discuss Phorm some more then please feel free to contact me.
Alexander Hanff
Dear Alexander
Thanks for your comment. THUS is more than sceptical about identity cards and all their derivatives. If you would like to contribute posts on this subject, I’d be delighted. I’m trying to stay non-partisan in tone, because I think this works better. It’s a vicious paradox that we are far from alone in worrying about the way that our liberties and options are becoming eroded in the name of ‘deregulation.’ The media long ago became the message – I trace it to Stalin’s Russia, Nazi Germany and Proctor and Gamble USA. Aldous Huxley predicted its effects long before Marshall McLuhan.
I’m going to write an essay on the need to understand the pernicious effects of ‘digital suggestion’ (my phrase), a highly pervasive form of auto-suggestion, enacted on a global scale by idiots who believe in Mammon but don’t understand that the ancients understood he was a false and dangerous ‘god’.
Meanwhile, send in your thoughts and criticisms. THUS has no other agenda than to try to present an unadorned view of the way things are and the way they might be if we stopped to listen to the sound of the wind in the trees and the murmur of the crowd from time to time. Technology is good – look, we’re having a laugh using it here – but Stanislav Lem and William Gibson merit re-reading from time to time.
Nice one John. If only ALL the writers in the blogosphere and the journo’s in the print world would do the right thing and revisit their first writings on this issue! On the face of it Phorm and Webwise seems no more of an issue than Google and whilst I agre with your point about what Google does do, it is indeed a very different beast; but the fact remains that most of us get something we like from Google. I have not met, nor read the views of, a single person who understands how Phorm and Webwise work and likes the idea of it. Come to think of it, not one person who would gift away to Phorm on the basis of some anti-phishing promise (a promise which we know is a little thin when one reads the updated Ts & Cs of BT Retail/British Telecom when a customer accepts ‘Invitation’ to be Phormed and have Webwise snoop on all their online activities). “We can see the entire internet,” I think is what Kent Ertugrul said… one of money wonderful strings of words Kent has spoken since he bumbled through the launch of his latest awful product.
D’oh – *Many wonderful things, not *money… Whilst the share price of Phorm has shed masses of its earlier value this year, money is still something Kent & Co seem to have plenty of.
2 Trackbacks
[...] Net reported that Delaware-registered adware company Phorm (THUS passim) has lost its UK CEO, Hugo Drayton, who leaves the company ‘by mutual agreement’ at the [...]
[...] is accessing content, when and for how long, and profiling can even determine precise demographics (Thus passim). While unsophisticated advertisers may buy page impressions in the same way as old timey direct [...]