A Broadband and ADSL forum. BroadbanterBanter

Welcome to BroadbanterBanter.

You are currently viewing as a guest which gives you limited access to view most discussions and other FREE features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today.

Go Back   Home » BroadbanterBanter forum » Newsgroup Discussions » uk.telecom.broadband (UK broadband)
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

uk.telecom.broadband (UK broadband) (uk.telecom.broadband) Discussion of broadband services, technology and equipment as provided in the UK. Discussions of specific services based on ADSL, cable modems or other broadband technology are also on-topic. Advertising is not allowed.

Covert trials last year - BT and Phorm's links



 
 
Thread Tools Display Modes
  #1  
Old March 17th 08, 01:13 PM posted to uk.telecom.broadband,bt.broadband.support
John
external usenet poster
 
Posts: 9
Default Covert trials last year - BT and Phorm's links

It is starting to look as if BT's involvement in this was greater that
it has been reported so far, possibly to the extent of being the primary
development partner.

Statis Scleparis, who was BT Retail's Chief Technology Officer between
2006 and 2007 is now the CTO in Phorm. Evidence here -
http://www.phorm.com/about/exec_scleparis.php

It appears that Scleparis may have been the Retail CTO during last
year's covert trials of the interception technology, on live customer
data. There was no customer permission obtained for these.

I have asked the official BT spokesman to confirm or deny this.
Answers - i hope - on the beta.bt groups.

A CTO, by definition, would have knowledge of such trials, and I would
expect that he would be the senior authoriser. In the event of a
criminal prosecution for last year's events, it looks possible that he
would be personally held to account.

(Thanks to The Register for pointing out the CTO connection)

John L
  #2  
Old March 17th 08, 04:16 PM posted to uk.telecom.broadband,bt.broadband.support
Robert M Jones
external usenet poster
 
Posts: 6
Default Covert trials last year - BT and Phorm's links

John wrote:
It is starting to look as if BT's involvement in this was greater that
it has been reported so far, possibly to the extent of being the primary
development partner.

Statis Scleparis, who was BT Retail's Chief Technology Officer between
2006 and 2007 is now the CTO in Phorm. Evidence here -
http://www.phorm.com/about/exec_scleparis.php

It appears that Scleparis may have been the Retail CTO during last
year's covert trials of the interception technology, on live customer
data. There was no customer permission obtained for these.

I have asked the official BT spokesman to confirm or deny this.
Answers - i hope - on the beta.bt groups.

A CTO, by definition, would have knowledge of such trials, and I would
expect that he would be the senior authoriser. In the event of a
criminal prosecution for last year's events, it looks possible that he
would be personally held to account.

(Thanks to The Register for pointing out the CTO connection)

John L


I was browsing Phorm's site the other day and noticed myself that
Scleparis had come over from BT.
It's developing into a very juicy story indeed - it's been quite
entertaining watching BT's PR guys running backwards at high speed.

--
Rev Robert M Jones, Wimborne Baptist Church, UK
Hub forums he http://hubbub.labs.bt.com/
Hub info & forum he http://www.frequencycast.co.uk/homehub.html
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420
  #3  
Old March 19th 08, 01:15 PM posted to uk.telecom.broadband,bt.broadband.support
Robert M Jones
external usenet poster
 
Posts: 6
Default Covert trials last year - BT and Phorm's links

John wrote:
It is starting to look as if BT's involvement in this was greater that
it has been reported so far, possibly to the extent of being the primary
development partner.

Statis Scleparis, who was BT Retail's Chief Technology Officer between
2006 and 2007 is now the CTO in Phorm. Evidence here -
http://www.phorm.com/about/exec_scleparis.php

It appears that Scleparis may have been the Retail CTO during last
year's covert trials of the interception technology, on live customer
data. There was no customer permission obtained for these.

I have asked the official BT spokesman to confirm or deny this.
Answers - i hope - on the beta.bt groups.

A CTO, by definition, would have knowledge of such trials, and I would
expect that he would be the senior authoriser. In the event of a
criminal prosecution for last year's events, it looks possible that he
would be personally held to account.

(Thanks to The Register for pointing out the CTO connection)

John L


80/20 report on Phorm is now published
http://blogs.guardian.co.uk/technolo...20final%20.pdf

Phorm have been quoting this as supportive, although two of the members
of the group have come out elsewhere with concerns about illegality.

The report itself seems to raise a lot of questions both about the
system itself, AND the way ISP's are expected to be communicating with
their customers.

--
Rev Robert M Jones, Wimborne Baptist Church, UK
Hub forums he http://hubbub.labs.bt.com/
Hub info & forum he http://www.frequencycast.co.uk/homehub.html
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420
  #4  
Old March 19th 08, 04:20 PM posted to uk.telecom.broadband,bt.broadband.support
Robert M Jones
external usenet poster
 
Posts: 6
Default Covert trials last year - BT and Phorm's links

Robert M Jones wrote:

80/20 report on Phorm is now published
http://blogs.guardian.co.uk/technolo...20final%20.pdf

Phorm have been quoting this as supportive, although two of the members
of the group have come out elsewhere with concerns about illegality.

The report itself seems to raise a lot of questions both about the
system itself, AND the way ISP's are expected to be communicating with
their customers.


Here's some of the 80/20 report on Phorm published in the last day or so.

There is some interesting stuff here that ISP's in particular need to
take note of, in relation to keeping customers fully informed,
implementing "opt-IN" policies, and also having regular reminders and
regular repeated consent about opt-in/opt-out because of the number of
computers/users in households.
Questions asked about monitoring of less common, less secure email sites
(not using https.)
Some disagreement between Home Office and 80/20 about basic position
under RIPA!

A reminder - the 14 page report is available in full he
http://blogs.guardian.co.uk/technolo...20final%20.pdf


Some extracts:-

despite our positive findings regarding Phorm’s
approach to privacy protection we are disappointed that the
company has not benefited from an earlier implementation of a
PIA. While we are encouraged that Ernst & Young were engaged
to perform a privacy examination, the full scope and influence of
an “early intervention” PIA has not been possible. At this late stage
of product development it will not be possible to fully exploit the
value of a PIA.


We broadly agree with the positive findings of the 2007 Ernst &
Young privacy examination, but remain concerned that the scope
of that report was based almost exclusively on conditions applying
to the US privacy environment. Public sensitivities, regulatory
conditions and other factors vary substantially according to
geographical location.


We believe it will be crucial to devise a system based on both
transparency and embedded technological safeguards to provide
assurance that Phorm Technology does not fall victim to the level
of function creep evident in other technologies.


In our view, Phorm should ensure that ISPs clearly communicate
with their users about the issues involved in Phorm Technology
surveillance, and actively and regularly pursue users' consent. We
believe this approach may be crucial to mitigating potential
concerns about surveillance.

Communications surveillance laws at the very least require consent
to be re-affirmed at regular intervals, particularly as multiple users
may make use of a single Internet connection and machine.

Phorm's privacy policy responsibly notes that Phorm may disclose
information to third parties under 'legal requirements'. Considering
how legal protections vary by country, far more information is
required for users to ensure their confidence in the data processing.

Although the PIA process takes the Data Protection Act and other
relevant laws into account, it does not focus exclusively on them. A
complementary audit process is needed to ensure that the project is
legally compliant. That process can begin early, but cannot be finalised
until late in the project lifecycle, when the design is complete.

Phorm liaised with the Home Office to assess whether its system could
infringe the UK law that regulates communications surveillance. The
Home Office concluded that Phorm's system is consistent with the
Regulation of Investigatory Powers Act and does not intercept
communications. While this conclusion is a fair interpretation of Phorm
and the system's capabilities, communications monitoring still takes
place. Even if the Home Office's conclusions were appropriate and
relevant, it would mean that if an ISP or any government wished to
conduct similar monitoring of communications for segmentation
purposes, albeit with consent of the user, then they may indeed do so and
yet still be compliant with UK law. This could indeed give rise to a
worrying situation.
In its assessment, the Home Office compares targeted online advertising
with email/spam filtering. This was a similar line of argument pursued
by Google in its Gmail advertising service: the content of messages are
already being processed by ISPs to assess whether they are spam,
therefore analysing content for advertising purposes is no different. The
key difference, as argued by many privacy experts, is that processing
communications to remove inconveniences (e.g. spam) is not invasive
because it is intentionally not passing judgment on the user. Processing
communications to categorise individuals, or to pass judgment on the
consumer, is a privacy interference.
Phorm must ensure that ISPs clearly communicate with their users about
the issues involved in this 'surveillance', and actively and regularly
pursue
users' consent. This is the only way to mitigate concerns about
surveillance.

Ideally some form of black-list of sites should be included, or a
white-list
with clear exclusion processing. For instance, even though Phorm's
system excludes forms, and therefore would exclude content from sites
where an individual is drafting an email, and also excludes https traffic
which therefore excludes many webmail service providers, users would
need strong assurance that the process through which they read emails
(on less-secure platforms) is not also being monitored.


Can user-sensitive URLs be excluded?
While Phorm is careful to note that HTTPs pages are processed this is
perhaps more a matter of an inability to gain access to the content of
these pages because they are encrypted. Are https-requests not logged at
all? That is, 1080-requests tend to be from servers where users have an
existing relationship, e.g. their banks, travel agents, mail providers, and
places where the user shops. If this information was to be logged by an
ISP this would make users feel spied upon because their ISP would know
which services he or she makes use of. Phorm must ensure that it is not
using information about these sites in any way, e.g. URL data.
We are aware that only widely-viewed pages will be used, possibly to
limit profiling to highly specific user data. This is certainly a positive
development. Phorm must communicate this fact to end-users.
Similarly, users need to be informed explicitly about the constitution of
channel information. If not carefully explained, users may worry that
channel information, depending on the level of data granularity, is in
itself personal or sensitive information. For instance, if a channel is
able
to discern that a user banks online, uses a non-online insurance company,
this could be seen as personal information particularly where the user's
bank and insurance company could be known to the profiler. Therefore
clearer information is required about how the profile is developed and
how this information is combined with the channels.

Consent and Participation
To adhere to the highest principles of data protection, any system that
processes personal information must require consent on an opt-in basis.
As Phorm's system involves a form of communications surveillance then
optimal protections would involve opting-in.
The market default for cookie-based consent systems is opt-out however.
Phorm's chosen implementation matches market practices. Phorm goes
some way to mitigate this concern by creating a website for opting-out
and encourages partners to remind users about opt-out rights.
We would like to hear more about this form of 'encouragement' to clarify
the role of Partners in ensuring privacy practices are pushed to the
highest
level possible. Communications surveillance laws at the very least
require consent to be re-affirmed at regular intervals particularly as
multiple users may make use of a single Internet connection and machine.

Further challenges exist and clarifications are required.
- If a user blocks all cookies (or manages cookies on an opt-in basis),
these users will have to be informed about how their traffic is managed
by the Phorm system. That is, if there is no cookie present does the
traffic still get processed? It is important to be clear to users that
if they
choose not to participate in the system at all then their traffic is not
being
processed.
- If a user regularly deletes cookies then this would result in that user
being monitored again. Ideally a user would be able to notify his or her
ISP that he or she is uninterested in participating in the advertising
scheme altogether and this would result in a permanent non-processing of
Internet traffic. Is such an implementation possible?
- With limited information about the channels and profiles, a user may be
concerned about seeing which 'channel' they have been linked to and the
means through which this decision was made. Phorm must develop
educational materials for users to understand this process. Similarly,
Phorm must explain how many possible channels there are in case users
are worried about being segmented in great detail.

dentity, Traceability, and Security
Phorm is very careful in the design of its system and in its public
information avoid processing personally identifiable information.
Phorm's system itself does not process IP addresses and promises that it
does not link back to ISP's subscriber databases.
Concerns remain, however:
- Can cookies lead back to users in any way? Of course it is merely a
unique identifier but a unique identifier can still be linked to
individuals.
Can an external attacker gain access to the required information to re-link
the individual and the UID? Even if this was possible, what potential
gain could there be for an attacker?
- Phorm's privacy policy responsibly notes that Phorm may disclose
information to third parties under 'legal requirements'. Considering how
legal protections vary by country, far more information is required for
users to ensure their confidence in the data processing. We would be
interested to know what kind of information Phorm and its system
actually holds that may be of interest to third parties. This of course
refers
back to the linkability issue: if the profile nor the advertising
information
not linkable to the individual then of what use would such data serve to
third parties such as law enforcement authorities?
- Linked to the above two point, if there was a malicious insider, with
complete access to all the traffic and transactions, could
re-identification
take place? Or could any level of traffic analysis generate persona data
about the user, the types of advertisements served, and the user's IP
address?
Although the security statement in the privacy policy is a responsible
statement, Phorm's security policy and security processes should be
audited regularly.


--
Rev Robert M Jones, Wimborne Baptist Church, UK
Hub forums he http://hubbub.labs.bt.com/
Hub info & forum he http://www.frequencycast.co.uk/homehub.html
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420
  #5  
Old March 26th 08, 05:58 PM posted to uk.telecom.broadband,bt.broadband.support
Robert M Jones
external usenet poster
 
Posts: 6
Default Covert trials last year - BT and Phorm's links

John wrote:
It is starting to look as if BT's involvement in this was greater that
it has been reported so far, possibly to the extent of being the primary
development partner.

Statis Scleparis, who was BT Retail's Chief Technology Officer between
2006 and 2007 is now the CTO in Phorm. Evidence here -
http://www.phorm.com/about/exec_scleparis.php

It appears that Scleparis may have been the Retail CTO during last
year's covert trials of the interception technology, on live customer
data. There was no customer permission obtained for these.

I have asked the official BT spokesman to confirm or deny this.
Answers - i hope - on the beta.bt groups.

A CTO, by definition, would have knowledge of such trials, and I would
expect that he would be the senior authoriser. In the event of a
criminal prosecution for last year's events, it looks possible that he
would be personally held to account.

(Thanks to The Register for pointing out the CTO connection)

John L


More bad news for Phorm

The Guardian, with the largest newspaper online site in the UK, has just
pulled the plug on their relationship with Phorm.
http://www.theregister.co.uk/2008/03...n_phorm_uturn/

Quote from Register article:

...advertising manager Simon Kilby revealed the retreat:
It is true that we have had conversations with them [Phorm]
regarding their services but we have concluded at this time that we do
not want to be part of the network. Our decision was in no small part
down to the conversations we had internally about how this product sits
with the values of our company.
I hope you appreciate that the quality of the Guardian's editorial
is funded by our advertising sales operation and it is our duty to keep
abreast of all developments in this sector. In this instance, however, I
agree with you that this is not something that we should be partnering.

--
Rev Robert M Jones, Wimborne Baptist Church, UK
Hub forums he http://hubbub.labs.bt.com/
Hub info & forum he http://www.frequencycast.co.uk/homehub.html
http://www.wimborne-baptist.org.uk
Free trial of Mailwasher Pro - effective email spam filter - (commission
goes to our partners in Bulgaria)
http://fta.firetrust.com/index.cgi?id=420
 




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SIP links Herman uk.telecom.voip (UK VOIP) 0 June 8th 07 12:06 AM
1800HG wireless router - some links / buttons don't work, others do! [email protected] uk.telecom.broadband (UK broadband) 4 May 8th 07 05:54 AM
Opening links in Word [email protected] uk.telecom.broadband (UK broadband) 1 October 11th 06 08:14 PM
Using two broadband links fredbloggstwo uk.comp.home-networking (UK home networking) 3 May 1st 05 11:44 PM


All times are GMT +1. The time now is 03:44 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Content Relevant URLs by vBSEO 2.4.0
Copyright ©2004-2019 BroadbanterBanter.
The comments are property of their posters.