Republished: No Phoul Play Involved - Good Phorm by BadPhorm
Originally published on Benscomputer.no-ip.org 5 May 2009
A question posed on the StopPhoulPlay blog;
The more interesting question is this: if the Home Office and the many expert legal advisors we consulted are wrong, how is it that a system such as GMail - which scans emails from non-account holders without their consent to GMail users - is not also an ?interception? and as such not also a prime target of their campaign?
Unlike
Gmail?s webmail service, which is perfectly legal, Phorm?s
system is fully anonymous, does not look at email and does not store
personal information such as IP addresses. Surely if FIPR/ORG is
genuinely interested in a fair debate and the application of law as it
sees it, the question merits a response?
The simple answer is, I choose to use Gmail. Those people are e-mailing me with information that they clearly want me to see. That's the difference, I don't have a choice where WebWise is concerned, the packets are still going to hit Phorms system, even if only long enough to check my cookies. That in itself is assuming that Phorm are being upfront and honest about the systems behaviour.
The article in question also mentions Five points, they claim that
criticism of Phorm follows a familiar pathway;
1. Make
a sensational claim (Phorm ?colludes? with Home Office)
2. Induce
someone with some stature into associating themselves with it
(in this case Baroness Miller to whom we re-extend our invitation to
explain how the system actually works, since we are best qualified to
explain our own technology)
3. Take
every opportuniy to criticise Phorm when the media (the BBC) cover the
story.
4. Move on
to the next claim once this claim, like all others, is discredited.
So lets take a look at it;
1. Phorm did collude with the Home Office. Maybe consult or
co-operate would have been a better word, but the fact remains that
Phorm did speak to the Home Office. If they told HMG about the secret
trials, then they colluded. If Phorm didn't tell them about the trials
then Phorm lied to the Home Office.
2. It seems very easy to claim that someone has been induced. The
problem is, outside of Phorm and BT, there seem to be very few people
pushing the benefits of Phorm. It appears a good number of BT employees
are against the system, so I'd suggest the only people truly interested
in seeing this system are those that stand to profit.
3. This is a reversal of logic, the news story does not prompt the
criticism. The investigation leading to the story takes place because
of the vocal criticism, and look at some of the things that have been
uncovered. Without the media stories we probably would not have an
admission on just how wide ranging the trials were.
Potentially the EU would not have become involved in the whole sorry
mess.
4. I haven't yet noticed any substantial claims being discredited.
We know Phorm claim their system does not store personal information,
but prove it. Prove that it doesn't and never will. Prove that there is
absolutely no way to track a UID back to an IP or a person. Prove that
your system isn't in breach of RIPA, Prove that you are not violating
the copyright of websites such as this one.
That same article also contains the following snippet
Phorm?s
system is fully capable of being deployed in accordance with UK
and EU law. This is a matter of record as far as the EU and UK
authorities (BERR)
are concerned, as well as the UK regulator (ICO). Phorm?s system has,
furthermore, developed a privacy-protecting technology that actively
anticipates future changes in the law ? and not just in the UK/EU, but
on a global basis.
Now, the ICO may have passed the buck. They may even have given the system a thumbs up so long as certain conditions are met, but the EU have done no such thing. The UK taxpayer potentially faces a huge fine because of this system, or more the failure of our Government to intervene. Claiming that the EU is ok about the system is clearly unsubstantiated.
The website also contains an article about the claims that Phorm stores and sells your personal data. The claims they refute, on the face of it are incorrect. At least as far as Phorms statements allow us to believe. The problem is, all this is still based on trust. And 121Media I do not trust.
The points raised are also not really the focus of the article on p2pnet News.
The story is more about the discussions between the Home Office and
Phorm, and the facts raised there are consistent with many of the
points raised.
Realistically, use of the phrase 'lifts personal data' was probably
just a poor choice of words, and does very little to bring the entire
article into disrepute.
Directly from their front page, there is a link to a specific
section of this
thread. I suspect it is intended to give a negative view of
Anti-Phorm campaigners, but the thread (read it all) does read well. It
is an honest and open discussion for the most part, and does begin to
address some of the concerns about links between Phorm and Privacy
International.
And finally we have the link explaining how the Anti-Phorm brigade
Operate. Indeed it is a page dedicated to Phorms view of their critcs
modus operandi. So lets take a quick look at their claims, and then
just maybe turn the spyglass onto Phorm themselves.
The blog raises the question of why a smear campaign is being run
against them. Or more to the point, why most opposition is voiced
through the media, and used to try and effect their share prices. The
answer to this is simple.
We need to make everyone aware of this system, it is also the only
way to make your voice heard in a world where money rules. Objections
have been made to the government, and various agencies. Look where that
went, it's lead to the UK being threatened with a fine by the EU.
The poster then moves onto mention the wish of Anti-Phorm Activists
to remain anonymous. Can you really blame them? And there's plenty of
anecdotal evidence to show that Phorm have done a little bit of
research in order to ascertain who the activists are. It may have been
a simple WHOIS request, it may have been something more, but the
creator of Dephormation is no longer known purely as Dephormation.
I also suspect that asking MP's, MEP's, peers of the realm and
technical experts about the system has very little to do with hiding
ones own identity. I think it is more about raising the issue with
people who have the power to do something about it.
Now let's take a brief look at some of the tricks that Phorm has
pulled. We'll give them the benefit of the doubt, and assume that the
anonymity of the Anti-Phorm groups was not broken by Phorm. But;
- Phorm did edit a Wikipedia article about itself to remove elements it deemed unfavourable. This is deceptive and in violation of Wikipedia's TOS.
- Phorm did (in combination with BT) run secret trials of it's system without the consent of BT's customers. And it was noticed, but denied (what does that say about both the effects of the system and the honesty of the two companies?)
- None of the companies focus on the issues being raised, originally Webwise was promoted as helping web safety (with it's anti-phishing add-on).
- Most of it's defences seem to involve raising the subject of Google's systems. This is comparing Apples and Pears, unless I use G-Mails web interface the Ad system shouldn't read my mail. I can block Adsense with firefox add ons, or avoid using Google. Changing e-mail provider and search engine (and installing an add-on) is far less hassle than changing ISP. Plus, Google have not been involved in Malware (as far as we know at least).
- Phorm supports the 'legality' of it's systems by saying it consulted legal experts, but it never says who these experts are. We know they spoke to the Home Office, but can get no information on the other experts. Phorm can not even tell us on what basis their other experts believed the trials could be legal.
- Phorm focuses on the purported benefits of the system, but will
not consider making the system a network level opt-in. Why? Probably
because they know almost no-one will opt-in. They are relying on the
fact that the average user may not even know the system is in place,
and so will not know to opt-out.
Phorm's creation of the StopPhoulPlay blog has been described as
unprofessional by the Guardian, and does seem to consist of a lot of
logic reversal (definitely one of their hallmarks). The strange thing
about the whole situation though is how Phorm continues onwards, they
must truly believe that some UK Consumers want them. Either that or the
fees from Advertisers are likely to be very lucrative, either way, if
the system is truly of benefit to people, they will probably Opt-in.
But they should have to Opt-in, it shouldn't be done on their
behalf. And it should be network level, it may mean that BT have to
look at their Routing Tables, but traffic from people that want Phorm
should travel down a completely different cable. It'll probably never
happen, but it's looking more like the alternative is that BT will lose
a substantial proportion of their installed consumer base, or Phorm
will be banned by the Government.