just a reminder that the NoDPI BT Protest is happening this wednesday as reported. please make the time to inform and ask your friends to do their part to help in any way they can, to assist the fellow end users coming to potentially your part of the london woods to make this stand with you for Everyones privacy rights,and help make this a very productive day. and perhaps you might Even get to meet Baroness Miller (scheduled to speak at 1:15pm)and perhaps other members of the house of lords in person. and as a prelude to that ,you can also hear Alexander talking to Steve about the Phorm/Webwise Interception for profit, as he's taking part in Steve Gibson's Security Now! podcast Tonight (Tuesday,7pm our time). You can all watch the podcast on TWiT Live - Live Netcasts from TWiT with Leo Laporte and Friends as it is being recorded, and there is even a chat application embedded into the web page so you can engage the presenters as the show is being recorded. Hope to see many of you in there. Incidentally, Security Now! has 110 000 active listeners, so this is a good opportunity to increase your public awareness of how this wiretap on the other side of your Broadband wire potentially effects you and your familys online lives directly. https://nodpi.org/2008/05/30/protest-at-the-barbican/ "Protest at the Barbican! On July 16th 2008 outside the Barbican in London UK, a demonstration will be held to protest against the use of Deep Packet Inspection for the purpose of behavioural advertising (more specifically Phorm). The protest has been timed to coincide with BT’s annual general meeting and will be held outside that AGM. BT have announced an agreement with Phorm to deploy Deep Packet Inspection technology which has been reported as illegal by key privacy advocates, academics, peers in the House of Lords and Politicians in the UK and EU government. BT also carried out covert trials of this technology in 2006/2007 effecting over 120 000 of their customers, without first obtaining the consent required by law. It is planned that there will be several key speakers at the event and a website will be set up in the next week on www.nodpi.org with more information. Confirmed Guest Speakers Jason from UK Free Software Network will be giving a speech from the perspective of an ISP who have decided not to sign up with Phorm. More Information For more information please send an email to no2dpi at googlemail dot com or see the following links: Phorm opponents to picket BT shareholders | The Register The Phorm files | The Register "Home Office guidance misleading" says FIPR Author: Alexander Hanff

HI Alexander. yes, this place was great for the old Bank charges legal points and lots of small claims charges and Data Protection Act CRA actions were talked about and actioned thanks to BankFodder and the other great people here OC. However in the mean time, while we have learned a lot in regards using the SC courts and so on , it doesnt seem like the old Guard are reading this Board much these days. even though everyone taking part in that fight Obviously all have BT,VM.CPW Phorm signed ISPs, but nothing much even being mentioned here about the Interception for Profit othe rthan this one thread and i find that odd. it seem almost impossible to gather the same kind of CAG BC community collective when it comes to Phorm and DPI used for unlawful profit matters. and i cant seem to get BankFodder's attention the few times iv tryed Here to garner the legal minds to collect and work to every single Uk ISP users benefit as they did for the Bank charges and thats a shame. thanks to Cable forum for collecting the webs most informative Anti Phorm/DPI thread,all is not lost, but i feel there are masses of well informed bank charges end users here that are so far untapped for the Phorm fight we may have to take to the courts sometime soon.

the flyer is slighty revised with links now and heres the fact sheet. print a few of them off, and pass them to all your friends, tell them to do the same and help get the facts out. http://www.inphormationdesk.org/Phorm_Factsheet.pdf http://www.inphormationdesk.org/Phorm_Flyer.pdf remember that the Phorm blocker's are only a fig leaf... they will Not, and can Not stop this Data collection Once the DPI devices are active On the Other side Of your Broadband Wire. Always Remember That Any Personal Information which is passed in a non https way (adding your email to a form, adding a product to a cart, writing a web based email) could also be passed to the Phorm system and tie back to your cookie meaning your UID (Unique IDentifier for a specific User of a computer system ) now has a name, perhaps even a real address attached. It is then conceivable that if unscrupulous employees of BT/Phorm or other ISP installed DPI For Profit companies (the CRA Experian for Instance) wanted to, they could collate and extract that individual data and other sources for profit. This is something that no-one has the ability to opt out of if the Phorm system is implemented, because you can only opt out of the behavioral ad system, and so not see any ads, however YOUR data stream is still passing through the Deep Packet inspection/Interception Device and being collected and processed etc. Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] - Page 592 - Cable Forum Originally Posted by AlexanderHanff If anyone is interested I am currently writing a new article summarising the last 4 months. The first 5 pages are available as a pdf here: http://www.paladine.org.uk/phorm.pdf I am about to take a quick break from writing and setup a gallery page on NoDPI for all these anti Phorm images, please let me know if I miss any. Alexander Hanff. Say NO! to Deep Packet Inspection

heres an Esential guide to Phorm and how it effects you http://www.inphormationdesk.org/Phorm_Flyer_V0.pdf

go and digg this protest event to help get the word out,and if your in London go to it and take your friends if you value your rights. make the effort and make a stand. Digg - "No DPI" web site launches with Phorm Protest Event "No DPI" web site launches with Phorm Protest Event nodpi.org — Alexander Hanff, fierce Phorm opponent, has launched a new web site to further the campaign against the use of Deep Packet Inspection for the purpose of behavioural profiling. The site launched today with the announcement of a Protest Rally at BT's annual shareholder's meeting on July 16th. Significant press and media coverage expected." Digg - ICO Rubber Stamp Corporate Law Breaking! " ICO Rubber Stamp Corporate Law Breaking! nodpi.org — In a letter from the Information Commissioner's Office sent to one of the victims of the 2007 covert trials of Phorm by BT, it has been admitted that the trials did breach Regulation 6 of Privacy and Electronic Communications (EC Directive) Regulations 2003. however, ICO have stated they will not be taking action against BT despite this breach."

dave its been a while since your 24th April 2008 post. did you send that letter to the Information Commissioners Office and what reply if any did you get?... i see there is still very little traffic on this ISP/Phorm thread, and thats a shame, seeing as it will be the legal aproach more than anything that may turn the tide on all this illegal interception. :wavey: :grin: at bluecar1

handy for getting out of your 12 month contract with this Phorm IP interception though do you have direct link for that price/timeline information? place it here please.

after many CF re-submitting of RIPA petitions on the downing street website, and being rejected every time with such replys as “duplication” were its clearly not,and this laughable latest one “Outside the remit or powers of the Prime Minister and Government” OF1979 had enough and posted at a new place http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-172.html#post34523181 heres the petition http://www.petitiononline.com/BTRipa/petition.html “To: UK Prime Minister We, the hereby undersigned, petition the United Kingdom Prime Minister to ask the Home Office to launch an investigation into British Telecom and Phorm criminal breach of section 1 of the Regulation of Investigatory Powers Act 2000 (RIPA) during secret trials in 2006 and 2007. BT have recently admitted to carrying out secret trials of Phorms technology in 2006 and 2007 without their users consent or permission. Many experts, including the Foundation for Information Policy Research and also the Open Rights Group, contend that these trials constituted illegal interception and as such were a criminal breach of RIPA. We ask that the Prime Minister require the Home Office and police to launch an investigation into these criminal breaches which constitute a large scale intrusion of online-privacy. Sincerely, The Undersigned ” pass the word please

people might be wise to keep track of this too, now were was that Data Protection Act for stopping the CRA's from collecting and procesing your data ?, need to update it perhaps. to reiterate surlyBonds thread first, we might be needing it real soon. http://www.consumeractiongroup.co.uk/forum/legalities/24013-defaults-proposed-method-removal.html Experian to track net users - Times Online " April 6, 2008 Experian to track net users James Ashton EXPERIAN, the credit checking company, is braving mounting concerns over internet privacy with plans to launch a service that will track broad-band users’ activity so they can be targeted with advertising. Through Hitwise, the web-site company it acquired for £120m a year ago, Experian has held talks with internet service providers to sell its monitoring technology. Observers expect it to compete in part with Phorm, an AIM-listed company that has stirred controversy after being recruited by BT, TalkTalk and Virgin Media to track their 10m customers’ behaviour so they can be sent advertising messages on the websites they are looking at. However, the key difference is that Hitwise, which describes itself as an “online competitive intelligence service...” incase your reading this later and the threads gone quiet, you can always hope the Cable forum users are still fighting your ISP data corner OC. Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] - Page 168 - Cable Forum is it just me or have all the CAG fighters gone home, surlyBonds , i salute you were did Bankfodder go ?, he was such a fighter once , and i thank you for that, and keeping this Message board going as a good reference archive at least.

Light Blue Touchpaper » Blog Archive » The Phorm “Webwise” System " Much of the information was already known, albeit perhaps not all minutiae. However, there were a number of new things that were disclosed. Phorm explained the process by which an initial web request is redirected three times (using HTTP 307 responses) within their system so that they can inspect cookies to determine if the user has opted out of their system, so that they can set a unique identifier for the user (or collect it if it already exists), and finally to add a cookie that they forge to appear to come from someone else’s website. A number of very well-informed people on the UKCrypto mailing list have suggested that the last of these actions may be illegal under the Fraud Act 2006 and/or the Computer Misuse Act 1990." " Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception as defined by s1 of the Regulation of Investigatory Powers Act 2000."

popper:for anyone that preferes to use a 3rd party player such as VLC directly on your other OS heres a working direct mms URL mms://wm-acl.bbc.co.uk/wms/news/media_acl/mps/fix/news/business/video/163000/bb/163377_16x9_bb.wmv lol, you were spying on your customers...... mms://wm-acl.bbc.co.uk/wms/news/media_acl/mps/fix/news/business/video/163000/bb/163376_16x9_bb.wmv from Elreg " Bootnote Friends tell us BT will get a grilling on Channel 4 News today." so keep your eyes open cant find the clips if they exist yet? Concerns over data pimping deal Last Modified: 04 Mar 2008 By: Channel 4 News http://www.channel4.com/news/article...g+deal/1703547 update and video clip Channel 4 - News - BT 'spies' on customers "Stephen Mainwaring from Weston Super Mare is one very angry BT customer. Last year, after noticing strange goings-on on his computer he contacted his internet service provider BT, who told him ....." ""Frankly that was disgraceful by BT to have done it, it would be huge diminution of our rights as individuals if this whole system is allowed to go ahead without us all being given the opportunity to opt in or out" - Don Foster, Lib Dem Culture Spokesman " " "The act of anonymising the surfing history of someone is in itself processing personal data. And someone is doing that, whether it's ISP or Phorm, so there's a good argument that that is a breach of the Data Protection Act." - Mike Conradi, Technology Lawyer " ....

Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] - Page 144 - Cable Forum CaptJamieHunter Dark Lord Of The Bork Join Date: Feb 2008 Posts: 65 Re: Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] OK, here is the final version. Please feel free to use as a base for letters to educate MPs, MEPs, regulatory bodies, businesspeople and anyone with influence about what Phorm really is and how they and BT have acted. Dear Mr Davis, I should like to bring to your attention a number of worrying recent developments in the field of internet privacy and of the failure of the Office of the Information Commissioner to investigate what appear to be two clear breaches of the Data Protection Act and Regulation of Investigatory Powers Act by a major communications provider working with an advertising company. You may already be aware that three major internet service providers (ISPs) have signed agreements with a company known as Phorm to sell to them the internet browsing data of their users as part of a "targeted advertising" scheme. Computer news site The Register has uncovered a number of disturbing facts about Phorm including its previous involvement in spyware under a different name. Phorm prefer to spin this fact saying they were involved in adware. A cursory look at http://blogs.zdnet.com/Spyware/index.php?p=820, http://www.f-secure.com/sw-desc/peopleonpage.shtml and http://www.f-secure.com/sw-desc/apropos.shtml suggests differently, however. Phorm make a number of claims about their "product" being "a gold standard in user privacy" but despite being present on The Register, CableForum and a number of weblogs they have failed to openly and honestly answer detailed technical questions and concerns put in the public domain. The technology which causes greatest concern is that of Deep Packet Inspection and its use by this advertising company. This unit is installed by Phorm - the ISP has no access to it so cannot test, check or verify anything about the unit - and it inspects every packet of data which passes through it. Everyone who works at home, be they home workers, members of Parliament, judges, would find their data being subjected to the kind of inspection only intended for law enforcement activities and which normally would only ever be available to a judge following due legal process but here will be available to a company with a very questionable history. Confidential Crown material worked on by yourself or your Right Honourable colleagues, critically confidential business, personal or even security information could well be tapped under such a scheme. A simple analogy is your daily post. Imagine if every piece of post was opened, read, its contents noted and then resealed before being given to you. But you don't know who the person reading your post is. You don't know where that information could reappear or how it could be used. You don't know how many confidences will be betrayed. Every piece of post. Letters from constituents, Parliamentary colleagues, business colleagues, friends, family, others raising issues with you as I am. That is what Phorm is about. Financial gain from your personal activities and information. You will understand now why I refer to the growing belief that Phorm is illegal under RIPA. Government advisors The Foundation for Information Policy Research has published an open letter to Richard Thomas, the Information Commissioner, stating this belief. This letter is at http://www.fipr.org/080317icoletter.html Soon after this open letter appeared The Guardian newspaper recently rejected Phorm, saying that their "decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." As polite yet devastating a put down as I have ever seen. More recently The Register obtained proof that BT not only secretly tested this "product" in June 2007 but lied to cover up this fact. Customers were given various excuses for their concerns, but no customer was told the truth. The report is at http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/ This issue took an even more serious turn when The Register revealed that it had seen documentary evidence confirming that "BT secretly intercepted and profiled the web browsing of 18,000 of its broadband customers in 2006 using advertising technology provided by 121Media, the alleged spyware company that changed its name to Phorm last year. BT Retail ran the "stealth" pilot without customer consent between 23 September and 6 October 2006." This in addition to the secret 2007 tests. The Regulation of Investigatory Powers Act 2000 makes intercepting internet traffic without a warrant or consent an offence. It seems to me that illegally intercepting 18,000 customers' internet traffic is in breach of that legislation. As was the first secret test. I contend that BT must also be in breach of the Data Protection Act as the data was collected without customers' consent. Please read the full report at http://www.theregister.co.uk/2008/04...rm_2006_trial/ BT claimed that there was nothing illegal about the trials but refused to answer a number of direct questions asked by The Register about Stratis Scleparis, the BT Retail CTO who became Phorm CTO after the first successful secret trial. BT preferred to hide behind a bland statement and refused to apologise to customers or acknowledge anything illegal took place. The report is at http://www.theregister.co.uk/2008/04...orm_interview/ A number of people have already complained to the ICO but had little back in response. Today I and others became aware that despite these facts coming to light, the ICO have said that there is definitely no official investigation by ICO with regards to Phorm. Neither is there any investigation with regards to the BT secret trials of 2006 and 2007. I am led to believe the ICO are claiming that RIPA falls under the remit of the Home Office. The ICO seem unwilling to accept there should be an investigation into the activities of BT and Phorm. I should also add that the ICO were also extremely reluctant to divulge this information to a colleague and refused permission to quote them. This cannot be acceptable from a public servant organisation. This cannot be acceptable from the organisation created to "protect personal information" "provide information to individuals and organisations" and "take appropriate action when the law is broken." If the ICO cannot or will not take responsibility for an investigation, why is this the case? Who has the legislative power to investigate this breach of 18,000 customers' privacy? A major telcommunications company in the UK has betrayed the trust placed in it by its users. It and its accomplice, Phorm, should surely be brought to book for this flagrant violation of privacy legislation. Is this really going to be allowed to pass by unchallenged? One cannot help but wonder if the lack of action by the government and ICO is influenced in any way by the presence of former Labour minister Patricia Hewitt on the board of BT. I am sure you appreciate that I and many others cannot understand why BT and Phorm are being allowed to breach internet users' privacy with complete disregard for their customers or the law. I urge you to take up this issue with your colleagues in both Houses, the House Of Commons Select Committee on Science and Technology and the House Of Lords Science and Technology Committee. Thank you for your time. If I may be of any further assistance to you please do not hesitate to get in touch. Yours sincerely ----------------------------- You need to mention ICO's obligation to enforce the Privacy and Electronic Communications Regulations with regards the BT secret trials. Whereas ICO might be able to say that RIPA falls under the remit of Home Office they cannot sidestep Privacy and Electronic Communications Regulations as I outlined in my previous post. Feel free to cite the relevant parts directly from the beginning of that very long post I made. Alexander Hanff -------------------- Deep packet inspection - Wikipedia, the free encyclopedia

Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] - Page 146 - Cable Forum " just browsing for legal ruling like you do and this turned up , the lost RIPA appeal of Stanford's http://www.lawdit.co.uk/reading_room...20Stanford.htm Stanford Loses Criminal Appeal 3 February 2006 Stanford Loses Criminal Appeal Cliff Stanford, the Internet pioneer has recently had his appeal to quash his criminal conviction for intercepting emails denied. Stanford pleaded guilty last year to intercepting emails from his former company Redbus Interhouse – he argued in his appeal that the trial judge had misunderstood the law. Stanford was the founder of the ISP Demon Internet in 1992 but sold it to Scottish Telecom for £66 million in 1998. It is reported that Stanford made £30 million from the acquisition. Shortly afterwards Stanford was a co-founder of the co-location and data centre company Redbus Interhouse. However, Stanford resigned from the company in 2002 after disagreeing with the Chairman Jonathan Porter. In 2003 allegation started to be made as to whether Stanford was involved in the interception of email between Porter and his month Dame Shirley Porter. Stanford and another man were later charged under the Computer Misuse Act and the Regulation of Investigatory Powers Act 2000 with a trial date set for September 2005. However, both men pleaded guilty to the offence shortly before the case went to trial. Peters & Peters solicitors for Stanford were reported to have released the following statement: "Mr Stanford pleaded guilty to this offence following what we regard as an erroneous interpretation of a very complex new statute. The Judge’s ruling gave Mr Stanford no option other than to change his plea to one of guilty." Apparently, the legal team for Stanford intended to establish his innocence on appeal. However, this has had a severe drawback. He lost. The Regulation of Investigatory Powers Act 2000 provides a defence to an individual who intercept a communication in the course of its transmission from a private telecommunication system, if they can establish: a) that they are entitled to control the operation of the system; or b) they have the express or implied consent of such a person to make the interception. Stanford relied on the position that he had gained access to the emails through a company employee. The employee apparently was given access to usernames and passwords on the email server. Therefore, Stanford argued, he was entitled to access the emails as “a person with a right to control the operation or the use of the system”. Geoffrey Rivlin QC, the trial judge had a different view. He pointed out that “right to control” did not mean that someone had a right to access or operate the system, but that the Act required that person to of had a right to authorise or to forbid the operation. [that mean YOU users as the owner of the data] Stanford appealed the judge’s decision. However, the Court of Appeal upheld Rivlin’s view. It pointed out that the purpose of the law was to protect privacy. Therefore Stanford’s sentence of 6 months imprisonment (suspended for two years) and a fine of £20,000 with £7000 prosecution costs were upheld. Daniel Doherty __________________ Share what you know. Learn what you don't. Data Protection Public Register http://www.ico.gov.uk/ESDWebPages/Search.asp?EC=1

Hi steve, thanks.

If you are a customer of BT Retail (or of any other BT divisions e.g. BT Business) , Virgin Media or Carphone Warehouse Talk Talk, or any other company that thinks to profile your data for advertising , then you might like to write to them quoting the very clear The Data Protection Act 1998 section 11: 11 Right to prevent processing for purposes of direct marketing (1) An individual is entitled at any time by notice in writing to a data controller to require the data controller at the end of such period as is reasonable in the circumstances to cease, or not to begin, processing for the purposes of direct marketing personal data in respect of which he is the data subject. (2) If the court is satisfied, on the application of any person who has given a notice under subsection (1), that the data controller has failed to comply with the notice, the court may order him to take such steps for complying with the notice as the court thinks fit. (3) In this section "direct marketing" means the communication (by whatever means) of any advertising or marketing material which is directed to particular individuals.

Open Letter to the Information Commissioner foundation for information policy research Open Letter to the Information Commissioner Richard Thomas Information Commissioner Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF 17 March 2008 Dear Sir, We understand that you are investigating the targeted advertising service offered by Phorm through co-operation agreements with BT, Talk Talk, Virgin Media and other Internet Service Providers. The provision of this service depends on classifying Internet users to enable advertising to be targeted on their interests. Their interests are to be ascertained for this purpose by scanning and analysing the content of traffic between users and the websites they visit. This activity involves the processing of personal data about Internet users. That data may include sensitive personal data, because it will include the search terms entered by users into search engines, and these can easily reveal information about such matters as political opinions, sexual proclivities, religious views, and health. Users are apparently to be allocated pseudonyms for some of the processing, but at various processing stages the personal data can be linked to the pseudonym, the pseudonym can be linked to the IP address used, and the IP address can be linked to the user. Although we understand that this linkage will not be standard operating practice, it can nevertheless be performed. Many users will also be identifiable from the content of the data scanned, since it will include email sent or retrieved by users of web-based email, and messages viewable by those authorised to gain access to individual pages of social networking sites. Although some web-based email systems operate using "https:" end-to-end encryption, which would prevent interception, this is far from ubiquitous. It might be possible for Phorm to configure the service to exclude a handful of the more high-profile web-mail and social networking systems. But there are no available methods of detecting the tens or perhaps hundreds of thousands of other, low usage, often semi-private systems which currently provide web-mail or social networking in chat rooms or similar environments. Classification by scanning in this way seems to us to be highly intrusive. We think that it should not be undertaken without explicit consent from users who have been given particularly clear information about what is liable to be scanned. Users should have to opt in to such a system, not merely be given an opportunity to opt out. We believe this is also required under European data protection law; failure to establish a clear and transparent "opt-in" system is likely to render the entire process illegal and open to challenge in UK and European courts. It would be specially objectionable if opting out were to depend on the maintenance by the user of a cookie, since many reasonable users regularly clear all cookies; nor should users be expected to opt out by blocking one or more websites, since many may not understand how to do this or may make errors in trying to do so. Classifying users by scanning the content of their communications involves interception in the sense of s1 and s2 of the Regulation of Investigatory Powers Act 2000. That is because classification cannot be done without the content being made available to the person doing the classifying. The fact that he does so by the application of machinery which avoids the need for him to read the content is irrelevant -- it is clear, for example, from ss16(1) that material is to be treated as intercepted even before classification or examination and despite the fact that it may not be lawful to examine it. Interception of communications without the consent of both sender and recipient is an offence under s1. (The exception under ss3(3) -- for things done for purposes connected with the provision or operation of a telecommunications service, which may well permit filtering for viruses and unsolicited bulk email in order to protect the operation of the service -- can have no application to filtering for the purposes of targeted advertising, which is not a telecommunications service offered by the ISPs.) The explicit consent of a properly-informed user (i.e. one who has been told explicitly that the search terms he uses, and the content of his email and of the social-networking sites he visits, will be among what is used to classify his interests for the purpose of targeted advertising) is necessary but not sufficient to make interception lawful. The consent of those who host the web pages visited by a user is also required, since they communicate their pages to the user, as is the consent of those who send email to the user, since those who host web-based email services have no authority to consent to interception on their users' behalf. The need for both parties to consent to interception in order for it to be lawful is an extremely basic principle under RIPA, and it cannot be lightly ignored or treated as a technicality. Even when the police are investigating as serious a crime as kidnapping, for example, and need to listen in to conversations between a family and the criminals, they must first obtain an authorisation under the Act: the consent of the family is not by itself sufficient to make their monitoring lawful. It has been suggested that web-hosts impliedly consent to the download of their pages, and that it follows that they consent to the interception involved in scanning them for the purposes of classifying the user for targeted advertising services. But even where a web-host does consent to the downloading of his page by a user, we do not accept that this entails any consent to the scanning of that page by a third party. Moreover, in many cases it is clear that any such consent is expressly or impliedly negatived. In the case of the many pages which are accessible only after registration of the user, access by an unregistered third party is plainly unauthorised (and sometimes expressly prohibited by the conditions under which access is permitted). In the case of the unlinked web (those pages to which links are not published generally, being provided to closed groups by their host) there is no implied general consent to download, and consent for third party scanning is impliedly negatived by the context. We therefore consider that even if third party scanning obtains the fully-informed and explicit consent of a user, it simply cannot hope to obtain all the consents necessary from others. It therefore involves unlawful interception; and it therefore cannot comply with either the first or the second of the data protection principles. Finally, we should mention a note on this subject published by the Home Office in January 2008, of which we assume the Information Commissioner is aware. A senior official of the Home Office has said of this note: "- the note is not advice, it doesn't claim to be advice, legal or otherwise, it's just a view -- the note wasn't, and doesn't purport to be, based upon a detailed technical examination of any particular technology." For the reasons explained above, it is our contention that the conclusions of the Home Office note are wrong so far as they may be thought to apply to Phorm. We hope that the Commissioner will not allow himself to be influenced by them. Nicholas Bohm, General Counsel Richard Clayton, Treasurer Foundation for Information Policy Research

The Open Rights Group : Blog Archive » The Phorm storm stop the press: care of the US NY times and LadyMinion at http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated-page-102.html#post34510801 for first spoting it. http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?ref=business Quote: ” As you browse, we’re able to categorize all of your Internet actions ,” said Virasb Vahidi, the chief operating officer of Phorm. ” We actually can see the entire Internet .” The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person’s Internet service provider.” what do you make of that then, puts a while new meaning to official statments such as “Phorm technology is groundbreaking because it serves relevant advertising without storing data: no PII no IP address no browsing histories.” and all the rest, dont you think?. i wonder what the UK and EU data commissioners and the courts will make of it,to name but three, comments…. remember people, we have this: tell your friends, use it.

conniff, the head EU data commissioner has stated a few months ago that your IP address is personal data, so it does apply. heres a overview reminder of the Data Protection Act. ----------------------------------------------- remember people, we have this: tell your friends, use it. “UK consumers wake up to privacy” link: http://www.ico.gov.uk/upload/documents/pressreleases/2008/information_rights_press_release_final1.pdf For a copy of the ‘Data Protection Guide for Dummies’ please go to http://www.ico.gov.uk Our data protection rights • An organisation should tell you what it is going to do with your information before you provide any details unless this is obvious • Your information should only be used for the reason it was collected in the first place (unless you give your consent to your information being used in other ways) • An organisation should not collect any information which is unnecessary. You only need to provide the basic information which is required to deliver the service required • Your information should be kept accurate and up to date – if you ask any organisation to make changes to your details, it should do this • An organisation should not keep your details if they are no longer needed • An organisation must provide you with copies of all information held on you - if you ask. You can also ask an organisation to stop using your personal information if it is causing you damage or distress or if you wish to stop it being used for marketing purposes. • An organisation must keep your personal information secure at all times • An organisation should not transfer your personal details to another country unless adequate data protection arrangements are in place. and then it goes on to say…. David Smith said: “For any of us to have trust in an organisation we must be confident that our information is held securely and processed in line with data protection rules. If we all regularly start to ask the right questions then organisations will respond to public demand and take the protection of our personal information more seriously. If organisations fail to recognise the importance of data protection they not only risk losing business. They could also face action from the ICO.” -------------------------------------- theres also the copyright act POV, after all you own your personal (clickstream)data, its your property, to profit from or not as you please, its not your ISPs right to pirate your property is it. BTW,of all the current Phorm threads on the net this seems to try to collect information,storys and comment, to inform the readers, its by far the longest thread though, so you have your work cut out catching up now. Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] - Cable Forum

its really hard to beleave most of the 200+ readers of this thread havent bothered to post? is it that you dont fully grasp the importance of this interception, perhaps you just waiting for someone else to make the effort and write it all for you?. of all the places on the web i really thought this CAG would be a one place you might find some interesting thoughts on the legal side of all this but apparently not. were are the admins , legal council and law students and why arnt they helping this most important subject? id go as far as to say its even more important that the UK bank charges fight this site is so instromental in fighting. many old reders of those threads wil get the basic outline of sending a Data Protection Act, S.A.R - (Subject Access Request), dealing with the Data controllers and data comissioners office etc. can you the reader, now contribute and we can try and get a definative step by step outlined ,written and put in place to deal with the ISP and Phorm pimping and Piracy of your personal data as many posters in many places elsewere have called it. as a start, i think surlyBonds exellent step by step for dealing with and understanding the CRAs actions is a VERY good place to start understanding the Data Protection Act, S.A.R - (Subject Access Request) etc actions, and we should use that as our basic template for the ISP action group? changing the CRA etc references for our ISP needs. http://www.consumeractiongroup.co.uk/forum/legalities/24013-defaults-proposed-method-removal.html you can look up your ISPs data controller address here Information Commissioners - Data Protection Public Register

david, while that FF add-on might give some the false sense of security, its missing the point, that being the right to collect,process and control your personal data and ignoring the UK and EU laws etc. as a reminder of the above regarding Simon Davies and 80/20 Thinking . id like to point out simon Davies co-workers comment, one AKA Robin Zaker on The Register. although we dont know his real name so only The Register and he nows for sure.. Comments on ‘Data pimping: surveillance expert raises illegal wiretap worries’ | The Register " By Robin Zaker Posted Wednesday 5th March 2008 14:36 GMT With the Phorm thing, you are all wrong- if you bother to actually do your research then you'll get a different picture- Why not be more concerned about the secretive Ellacoya or even Google's 24month profile retention? Phorm doesn't even keep data- its trying to reverse the belief that you have to keep massive detailed profile to advertise or anything else (and I know that you hate advertising but be realistic- its not going away, especially with the 'free broadband' wars pushing profits down and out). As one of the PI employees sent to look at Phorm (though i'm not allowed to reveal my identity (NDA)- and we feel that 'endorsed' is a bit of a strong word) I had access to their proposed technology and I was impressed with what they are intending to do- it is in my view a step forward in what has been a downhill battle for privacy- not as private as i would want but definitely against the flow of all the other data squirrels. Obviously you have realised that porn and the 'sensitive' material will not be read- as the system only recognises pre-defined words/matches. i'm depressed that the rest of the tech community are attacking the one thing that I thought they would consider sensible, but they are too paranoid as ever. Ads will not be unlawfully changed-they'll just earn more for the website owner... if you opt out then they would not legally be able to even scan your data for wordmatches- that'd be suicide so as a commercial company they wouldn't. it's not infringing RIPA- they passed an investigation months ago.. In fact almost all the problems that you sheep worriers have are not even slightly founded- its all misinformed- go do proper research not wildly inaccurate speculation Oh and the whole CHINESE SERVER thing stems from a MUPPET searching for a trace on OXI.com, what a TOOL. The thing that depresses me most is that you probably won't even believe an analyst like me who has actually researched the system but that is the truly depressing thing about the 'true online community'- they spend so much time worrying where the next threat will come from they attack the wrong threats with the wrong information..." interesting that he as a anonymous 80/20 Thinking employee under the pay of Phorm would post such comments. and hes probably right, would YOU trust any of the so called official PIA report yet to be seen ,being under taken from such a person as this. his reg post reveals his contempt for the very UK users that he and his company are suposeadly looking out for in this PIA? if Phorm did in fact pass a RIPA- investigation months ago.. were is the report and its conclusions! could this so called investigation have been nothing more than calling up some back office clerk in the home office and laying out the Phorm proposal, much the same as we the end users have been sold it, I.E an anti fishing app and adds as a sideline?. Phorm fires privacy row for ISPs | Media | The Guardian " Phorm's approach, in trying to create a network from the ground up that involves ISPs, advertisers and publishers, is certainly audacious. But one former employee told the Guardian that this typifies its approach: "I'm used to the culture of smart people, long hours and overall complexity but this was exponentially more true of Phorm. It was a 'get a Ferrari and lose your sanity' kind of deal." Adding that Phorm was "very serious" about anonymising data, the former employee noted that the company has been in talks with the Home Office about whether its system would fall under the Regulation of Investigatory Powers Act (RIPA), which is used for surveillance and crime prevention. But there was also one unexplored possibility about the technology, the ex-employee noted: "The [Phorm] platform clearly has some edge-of-network technologies involved. It would be entirely feasible for an ISP to allow customers to opt out - and subsequently throttle their service." " its interesting that that former employee gives the impression that infact this so called complex ,secure and personal data removing and indexing app was written under extream presure and time restraints on the promise of some fancy expensive car or other bonus. hardly inspires the average users confidance that this Phorm codebase inside the profiler and outside, is in any way 100%secure while collecting/processing your data etc is it?

right, i really think nows the time for the CAG members to really put the effort in, and pull this thing apart, if CAG is to be a real force in consumer market and advocacy. the lack of response to this UK ISP/Phorm intrusion as regards UK Data Protection Act/RIPA and other related UK/EU laws threat is really disapointing when measured against the bank charges threads on this very board.... were are YOU ALL, and why arnt you concerned about this massive change to you ISP guarded person data usage. have you all sent your registered post data protection act notices to your ISPs data contoller removing their right to process your data or something, and so are not worryed?. right to start things off again the Techteam ( as far as its known, he is a real tech inside the Phorm company, as apposed to the 3rd party that they contracted PR team thats also posting under a like name) Cable Forum - View Single Post - Virgin Media Phorm Webwise Adverts [updated: See Post No. 1, 77, 102 & 797] officially posted this the other day. "We would be very happy to have our systems undergo a privacy audit by E&Y or another auditor in the UK. We are in the middle of a Privacy Impact Assessment (for info on PIA please see the Information Commissioner Office site: http://www.ico.gov.uk/upload/documen...l/1-intro.html which is being conducted by Simon Davies (80/20 Thinking / Privacy International) and we will work with him and his team throughout the year to ensure we adhere to the highest standards of privacy." didnt he or they read/understand the link and its requirements?. ICO - Privacy Impact Assessment " ... 2. Undertake a stakeholder analysis Those who may see themselves as 'having a stake' in the project should be identified at an early stage. This may include: the organisation conducting the project, and perhaps also various sub-organisations within it; other organisations directly involved in the project; organisations and individuals that are intended to benefit from it; organisations and individuals that may be affected by it, and possibly organisations that provide technology and services to enable it It is advisable to document the results of the stakeholder analysis in an appropriate form, most likely a one-page summary. .... " go and have a good read of that link and report back any factual points and errors as regards their use of a payed 3rd party in their employ and other points you may find werth bringing up....

it appears theres a few people actually looking at the UK laws and now posting in the Comments on ‘Data pimping: surveillance expert raises illegal wiretap worries’ | The Register thread. and so perhaps it might be a good thing if the CAG members were to also post there and link back to this ISP section to both inform the average users reading that massive read Thereg site, and grow the CAG ISP sections with new informed members?. its only a good thing if you put the UK law in plain sight and make the UK populus understand its not about adds, but something far more important. and they need to act and make the ISPs pay the price for trying to take away your rights, as the average CAG etc end users did with the Bank charges, go do your part please and help inform and advise the non tech/law readers.

indeed kabar, you did start this Phorm subject first, i didnt see it, i did look and it was missed, sorry. i too would prefer a mod merged this.

hmmm, its sad that im seeing far more legal points of view on several of the registers Phorm stories than here on the UKs premiere UK CAG site. not one single reply, and someone even started another phorm thread rather than take the time and post here and keep it all in one place,even though many people have read this thread in a very short time. the Data Protection Act,RIPA,EU IP (internet protocol) law and opt-in for advertising, are some posts mentioned on thereg threads. but not one CAG reader can be bothered to post a single legal point here in this thread, were i started off this general thread with the obvious Data Protection Act notice. were have all the Bank charges worriors once found on this site gone..., doesnt anyone care about your personal data being intercepted and sold off to the highest bidders when they have collected enough data. BTW,theres another new story Comments on ‘Data pimping: surveillance expert raises illegal wiretap worries’ | The Register

thanks to "By Someone Comments on ‘BT pimped customer web data to advertisers last summer’ | The Register Posted Wednesday 27th February 2008 18:00 GMT I’ve been wondering about the name ‘Phorm’. It’s only just hit me. I’m guessing it comes from: PHishing by web fORM That would make it an out-and-out in-your-face bad-taste joke. (I know it’s a bit rich for me to comment, given the name I chose to follow the word ‘By’.) " given all the news storys and threads of late regarding the BT, Virgin Media, and Talk Talk deal with Phorm, the company that will run the targeting system, will have access in all to more than 10 million streams of web browsing data. the ISPs basicly selling your personal information (identifiable or otherwise) to a 3rd party without your consent. BT pimped customer web data to advertisers last summer | The Register Virgin Media Ad Deal [updated: See Post No. 1, 77 & 102] - Cable Forum ISP data deal with former 'spyware' boss triggers privacy fears | The Register Broadband big boys waiting on data pimping | The Register i wonder if there are any members willing to write a generic yet clear Data Protection Act letter that you could print out and send to your ISP data protection controller? the main points are i think?, the need to remove the ISPs rights to Export,Process or in any way pass to a 3rd party , infact anything outside the basic supply and processing of billing for your services. but without removing their ability to export to the off shore customer services the ISP uses (unless the overall feeling here is thats a good thing and can be safely asked for without the removal of the Broadband provision) to save money. what about the thought put forward in the first thereg URL " Contact the police if you're a BT customer By Anonymous Coward Posted Wednesday 27th February 2008 15:26 GMT If BT have been intercepting details of your browsing habits then this may be a violation of RIPA Regulation of Investigatory Powers Act 2000 (c. 23) - Statute Law Database In particular sections 1(1) and 2(2): 1. Unlawful interception. — (1) It shall be an offence for a person intentionally and without lawful authority to intercept, at any place in the United Kingdom, any communication in the course of its transmission by means of— (a) a public postal service; or (b) a public telecommunication system. 2. (2) For the purposes of this Act, but subject to the following provisions of this section, a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if, he— (a) so modifies or interferes with the system, or its operation, (b) so monitors transmissions made by means of the system, or © so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system, as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication." is that relavent? what of the Patent application for this one... "By Anonymous Coward Posted Wednesday 27th February 2008 17:07 GMT I love the patents system. Could this be it? Names KENT THOMAS ERTUGRUL as inventor and 121Media as applicant. Published in Sep 2007. "TARGETED CONTENT DELIVERY FOR NETWORKS" esp@cenet document view " does that really apply as valid in the UK? reading the esp@cenet description view seems to set off several alarm bells about consent,legality,privacy,OFCOM,T&C and a whole lot more. lots of questions no real legal answers as yet, so i hope you take the time to use this thread to put your collective hats on and hopefully work out all the options available to the masses of end users other than the usual if you dont like it leave responses as there might not be anywere to go to if it carrys on unchecked. anyone willing to make them listen! can someone inform the legal team here, readers of this thread and subject might need their help too as theres currently lots of news and messageboard coverage, but no accurate legal advice to date.