UK Government ignores the European Commission regarding Phorm

By EDRi · February 25, 2009

This article is also available in:
Deutsch: [Britische Regierung ignoriert bei Phorm die Europäische Kommission |]

This article is also available in:
Macedonian: [Британската влада го игнорира предупредувањето на ЕК за Phorm |,mk/]

On 12 February 2009, the European Commission warned it would take formal
action against the UK Government for not providing the requested information
on the past trials of the Phorm ad-serving technology.

The Commission has sent three letters until now requesting information on
the secret trials by BT of Phorm, the latest having been sent at the end of
January 2009. No satisfactory answers have been received so far, the
response having focused only on future deployments without addressing the
question of the past trials.

The trials, conducted in 2006 and 2007, tracking the browsing behaviour of
BT customers without their consent, resulted in complaints from privacy
campaigners, peers, and politicians who argued that the actions were in
breach of UK interception and data-protection laws. In July 2008, technology
campaigner Alexander Hanff made a complaint to the police force considering
the BT trials were not in compliance with RIPA and the Data Protection Act
as the customers’ consent had not been required.

However, the City of London police informed Hanff in September 2008 that
they would not continue the investigation for “lack of criminal intent”.

“One of the main reasons for this decision is the lack of criminal intent on
behalf of BT and Phorm in relation to the tests. It is also believed that
there would have been a level of implied consent from BT’s customers in
relation to the tests, as the aim was to enhance their products,” wrote
detective sergeant Barry Murray.

Although UK regulators have provided rules for the future deployments of
Phorm which require the company to not retain website history data, exclude
sensitive search topics and obtain the customer’s agreement also providing
information of the respective technology, according to UK’s EDRi-member Open
Rights Group, it is not yet clear whether the consent of both the users and
the visited websites is required.

“Unless the ISPs employing Phorm’s technology to intercept the
communications between their customers and the owners of the websites their
customers are visiting have the explicit consent of both parties, they are
likely to be committing an offence under the Regulation of Investigatory
Powers Act (RIPA), the legislation that governs interception of
communications in the UK,” stated the group.

In spite of the repeated questions and investigations and disregarding the
European Commission’s warning, Phorm goes on. The company’s CEO stated
during an interview on 9 February that the system would be active in the UK
by the end of 2009. The company has also signed deals with another two big
UK ISPs, Carphone Warehouse and Virgin Media.

EC warns gov’t over Phorm foot-dragging (12.02.2009),1000000189,39615480,00.htm

BT finishes trial, expects to use Phorm (15.12.2008),1000000085,39578006,00.htm

Police drop investigation into BT’s Phorm trials (23.09.2008),1000000189,39492793,00.htm

Phorm: damn the EU, full speed ahead! (11.02.2009)

EU calls phoul over ad company Phorm’s invasive snooping (15.08.2008)

EDRIgram: UK: Phorm threat (28.01.2009)