ISP Data- Who Owns That Data Anyway? 

Fifteen of the nation’s leading privacy and public interest groups  released a letter urging Congress to hold hearings on the growing practice of Internet Service Providers targeting ads to subscribers based on their personal Web activities.

The letter urges the House Telecommunications Subcommittee leadership to investigate the plan of Charter Communications to capture all of the messages and activities of its Internet subscribers and share that data with a third-party firm, which plans to use the data to target those consumers with specific ads. The plan raises serious privacy and legal issues, the letter says.

PHORM- Oh My Get the Guns

This one  had my colleague Timeless Prototype up in arms, hell they are even picketing BP shareholders over in the U.K. where people still value privacy (even though there are more surveillance cameras in the UK than I care to think about)…I found some good reading at the CDT blog.

Last week, the European Commission issued an answer to several queries regarding Phorm, a U.K. company that uses Internet traffic data to serve targeted advertisements. Phorm has proposed partnerships with some of the United Kingdom’s largest ISPs that allow Phorm to use deep packet inspection (DPI) to create profiles of individual consumers’ Web habits. Several members of the European Parliament asked the European Commission whether Phorm’s actions constitute an invasion of privacy contrary to European Union privacy protections.

European Commission & ePrivacy Directive

In its response to these questions (Joint answer given by Mrs Reding on behalf of the Commission Written questions : E-1884/08 , E-2227/08 , E-2576/08 ), the European Commission explained how the Phorm system intersects with the EU ePrivacy Directive. The Commission declared that, under the directive, the Web traffic information collected by Phorm is “traffic data” and the content of search queries intercepted by Phorm constitutes “communication,” both of which are protected from interception or surveillance without consumer consent.

The Commission noted that the U.K. Information Commissioner’s Office (ICO) — which enforces U.K. data privacy laws — is responsible for monitoring Phorm’s actions. In a review of Phorm’s DPI plans, the ICO said that Phorm’s system “does not appear to be” harming consumers. The ICO will be scrutinizing Phorm’s actions, however, to ensure that the company delivers on its promises to not violate consumer privacy rights.

The Commission itself is also taking ICO’s wait-and-see attitude, promising to remain vigilant in continuing to observe the situation and to “take appropriate action, should the need arise.”

 Here is Timeless Prototype’s Take:

Phorm’s Webwise system is a fascinating exploration of technology that is not fit for a commercially-sensitive Internet because if consumers lose trust in the Internet service they receive, it will harm the economy that is built around the Internet.

Even if that loss of trust has no factual basis! If this is not the case, it will simply be that the Internet ‘heals’ itself as consumers migrate to more trusted ISPs. The latter is already taking place regardless of cost and inconvenience to the consumer.

Many people in the UK have written to their MPs requesting an answer to the question: “If BT’s trials of the Webwise system were ‘illegal’ due to non-informed consent of the customers, then why has no criminal investigation begun?”

If it does go to court, it will be very important for each of the parties involved in the trials to show consistency in their actions at all times if they are to potentially get off lightly by showing that their intentions were pure. However, it may not go down so well if they are asked the question: “when issues were pointed out with the proposed solution, why was no action taken to remedy them?” But, this would really only apply if further trials of the system were to actually take place.

Currently it appears to be in a state of limbo. A grace period if you like where Phorm have the opportunity to hold off further public trials in order to implement changes that fix all the issues that have been highlighted. To deploy it now without making the changes whilst knowing about the issues opens them up to further litigation.

On the flip side, will this mean Phorm might try to make it completely stealthy and undetectable to the users and the web site owners? I’d like to hear a public statement from Phorm with regards to this question.

I will be following the progress of this very closely, as I’m sure many others are too.

You Bet I Will

NO time like the present to rattle the famous paperghost cage and my other Security MVP pals.

Popularity: 2% [?]

Share This