I looked at Phorm in February and again in June, but not really wearing my consumer hat. Now I have an unwelcome opportunity to do just that.
You see, I'm a BT broadband subscriber with multiple users at home, some of whom may not be all that, ahem, technologically inclined. So I'm a bit paranoid that, while I'm not aware of having been asked or consented to using Phorm (branded "WebWise"), other users may have inadvertently switched it on in the course of a BT trial.
Why I am paranoid? Well the service is basically designed to track the browsing habits of all users of the broadband-connected PC or laptop and use this to send more targeted advertising, so that BT and Phorm can make money out of you. But I don't just "browse", I research stuff, work and look after my financial affairs. Other users in the house from time to time will do the same. I don't want this stuff tracked, scanned or whatever else Phorm or BT plan to do with it. And I don't want to be pestered by ads, especially ones that may have nothing do with my real interests. I don't consider that I have a relationship with BT when I use my broadband to access the internet. I permission or de-permission cookies or accept marketing bumph from each of the site I'm happy to deal with. And so on.
I've now done what any good consumer should do. I've looked at the BT WebWise site and even the audit report from Ernst & Young (the mere fact that an audit report is felt necessary chills me to the bone). While these purport to tell me what Phorm is or isn't doing, it doesn't explain BT's role or the data it has access to and retains, or what BT is getting out of using Phorm. The BT terms and conditions (clause 18) aren't exactly encouraging on this point. In fact they are so lacking in material information that they deserve further consideration in light of the Consumer Protection from Unfair Trading Regulations 2008 (which I perhaps rather hastily lampooned - but hey, if they're there, use them). The killer is that the mere presence of this unwelcome "service" casts on me an obligation to constantly police my own computer and all its users to ensure that we're opted-out and remain opted-out. It would be too much to hope that the anti-virus software providers will create a Phorm-killer.
Let's be clear. BT needs to persuade me, as its customer, to opt-in to taking this additional "service". It's not for BT to use my broadband connection to build relationships with people who aren't the accountholder, and get me to police their opt-in/opt-out. It must be BT's problem to ensure that if I don't opt-in (or if I do, but opt-out later) that the effective opt-out works for everybody on my connection all the time.
And to have any chance of persuading me to opt-in, BT must specify in more detail the nature of the data that will be obtained, all the proposed uses of that data, what I am going to receive in return (and don't say targeted ads - show me the reduction in the price of broadband to reflect your opportunity to gain ad revenue), and how I can opt-out and have that data deleted. From a personal standpoint, the "WebWise" service doesn't go far enough in this regard for me to trust it. Nor should the current level of disclosure be enought for BT to be able to claim they have my consent to thing under the Data Protection Act - I simply don't consent, anyway.
So, not trusting BT on the particular issue of how to stay opted out, I did a quick Google search hoping to learn how you would really know that you were not signed up, and how to switch it off completely. No luck.
The Register, which has done a lot of digging on Phorm in the past, and got a very concerning post from Chris Williams on 3 October. According to Chris' discussions with BT, they seem to track your usage whether you're opted in or out... so they can record whether you have opted in or out. You then simply have to trust that they won't sell or otherwise use your data to get extra ad revenue, fall victim to organised criminals, or allow the authorities to mash it with the Communications Database (you'll recall that the UK government has been particularly supportive of Phorm).
All the technical detail is in Richard Clayton's excellent piece on Phorm. His research suggests that you can add the Fraud Act, Computer Misuse Act and the Regulation of Investigatory Powers Act to your reading list before deciding whether or not to sign up to WebWise. And even intellectual property rights owners have a serious set of bones to pick, as Nicholas Bohm and Joel Harrison have fulsomely discussed in their excellent September article for the Society for Computers and Law. But none of that is going to occur to the average consumer, so why is the government not taking their corner instead of Phorm's..?
Who knows. For my money, it's time to switch broadband providers.
Speaking of which, I see that Orange is attempting to make a virtue out of not using Phorm.
You see, I'm a BT broadband subscriber with multiple users at home, some of whom may not be all that, ahem, technologically inclined. So I'm a bit paranoid that, while I'm not aware of having been asked or consented to using Phorm (branded "WebWise"), other users may have inadvertently switched it on in the course of a BT trial.
Why I am paranoid? Well the service is basically designed to track the browsing habits of all users of the broadband-connected PC or laptop and use this to send more targeted advertising, so that BT and Phorm can make money out of you. But I don't just "browse", I research stuff, work and look after my financial affairs. Other users in the house from time to time will do the same. I don't want this stuff tracked, scanned or whatever else Phorm or BT plan to do with it. And I don't want to be pestered by ads, especially ones that may have nothing do with my real interests. I don't consider that I have a relationship with BT when I use my broadband to access the internet. I permission or de-permission cookies or accept marketing bumph from each of the site I'm happy to deal with. And so on.
I've now done what any good consumer should do. I've looked at the BT WebWise site and even the audit report from Ernst & Young (the mere fact that an audit report is felt necessary chills me to the bone). While these purport to tell me what Phorm is or isn't doing, it doesn't explain BT's role or the data it has access to and retains, or what BT is getting out of using Phorm. The BT terms and conditions (clause 18) aren't exactly encouraging on this point. In fact they are so lacking in material information that they deserve further consideration in light of the Consumer Protection from Unfair Trading Regulations 2008 (which I perhaps rather hastily lampooned - but hey, if they're there, use them). The killer is that the mere presence of this unwelcome "service" casts on me an obligation to constantly police my own computer and all its users to ensure that we're opted-out and remain opted-out. It would be too much to hope that the anti-virus software providers will create a Phorm-killer.
Let's be clear. BT needs to persuade me, as its customer, to opt-in to taking this additional "service". It's not for BT to use my broadband connection to build relationships with people who aren't the accountholder, and get me to police their opt-in/opt-out. It must be BT's problem to ensure that if I don't opt-in (or if I do, but opt-out later) that the effective opt-out works for everybody on my connection all the time.
And to have any chance of persuading me to opt-in, BT must specify in more detail the nature of the data that will be obtained, all the proposed uses of that data, what I am going to receive in return (and don't say targeted ads - show me the reduction in the price of broadband to reflect your opportunity to gain ad revenue), and how I can opt-out and have that data deleted. From a personal standpoint, the "WebWise" service doesn't go far enough in this regard for me to trust it. Nor should the current level of disclosure be enought for BT to be able to claim they have my consent to thing under the Data Protection Act - I simply don't consent, anyway.
So, not trusting BT on the particular issue of how to stay opted out, I did a quick Google search hoping to learn how you would really know that you were not signed up, and how to switch it off completely. No luck.
The Register, which has done a lot of digging on Phorm in the past, and got a very concerning post from Chris Williams on 3 October. According to Chris' discussions with BT, they seem to track your usage whether you're opted in or out... so they can record whether you have opted in or out. You then simply have to trust that they won't sell or otherwise use your data to get extra ad revenue, fall victim to organised criminals, or allow the authorities to mash it with the Communications Database (you'll recall that the UK government has been particularly supportive of Phorm).
All the technical detail is in Richard Clayton's excellent piece on Phorm. His research suggests that you can add the Fraud Act, Computer Misuse Act and the Regulation of Investigatory Powers Act to your reading list before deciding whether or not to sign up to WebWise. And even intellectual property rights owners have a serious set of bones to pick, as Nicholas Bohm and Joel Harrison have fulsomely discussed in their excellent September article for the Society for Computers and Law. But none of that is going to occur to the average consumer, so why is the government not taking their corner instead of Phorm's..?
Who knows. For my money, it's time to switch broadband providers.
Speaking of which, I see that Orange is attempting to make a virtue out of not using Phorm.
