Republished: Second time I've contacted BT about Phorm

Originally published on on 8 Mar 2008

Well, I've just emailed BT for the second time about this Phorm debacle. I contacted them the first time outlinign my concerns, and included a Data Protection Act notice effectively barring them from passing my details outside the EU, to any third parties (except where required by law) or using any data other than that required to fulfil their contractual responsibilities.

Got a really, really crap reply telling me what BT WebWise is, how it's fantastic for the consumer etc. but not addressing a single one of my complaints or concerns, not aknowledging the DPA Notice. Simply put someone read the first line, typed WebWise into the PC and copy n pasted from the script without reading the rest of the letter.

So I've emailed them this;

Dear Sir/Madam,

I am writing to you today having not received a response to my previous correspondence. My previous correspondence stated that I feel that BT's reply does not even begin to accurately address my complaint, and quite frankly, has the appearance of being read from a script.

As my original correspondence contained a Data Protection Act Notice, I would strongly recommend that BT re-examine it and address the issues I have raised. I do not consent to BT passing my browsing traffic through hardware supplied by Phorm, and will therefore consider BT in violation of section 11 of the UK Data Protection Act 1998 if they do so. Whilst both Phorm and BT claim that users who have 'opted-out' will have their data discarded after the first stage of processing, the Data Protection Act does not allow for this. I have not, and do not consent to my data being processed in this manner, and should my data pass through even the first stage of the 'profiling' process, the operator will be in violation of the Data Protection Act.

Why BT believe that the service is so desirable to users is beyond me, but further than that I cannot begin to comprehend why such an allegedly desirable service is not 'opt-in' as opposed to 'opt-out'.

Quite aside from Phorms links to malware (and yes, many people consider adware to be malware) the proposed plans introduce an extra link into the routing chain, and simply serve to create the possibility for another vulnerability. A vulnerability that would be common across all ISP's utilising the hardware.

No matter what Phorm and BT claim the system will be doing, my issues lie with what the system is capable of, should a disgruntled employee or anyone else decide to adjust the way it works.

I will not be allowing my traffic to pass through this hardware, and if that means changing ISP then so be it.

As BT will be receiving revenue from this proposed system, will its users be seeing a fall in prices? I think this is highly unlikely, although BT may well see a drop in users. Especially amongst the more tech-savvy consumers.

Personally I believe that BT will fall foul of the Regulatory Powers of Investigation Act, and are likely to find themselves involved in a number of court cases over the next year or so. It is time this madness was stopped, if as many ISP's are claiming they are merely conduits for information (which is the defence against the proposed anti-piracy measures) why are they contradicting themselves by bringing in a system such as the proposed measures?

Finally I wish to express my grave concerns over BT's silence on this matter, surely if this service is as beneficial as BT have claimed, you should be trumpeting the service. I, and many others, want answers as to why our privacy is being put at risk. Why are we not being given the option to fully opt-out? Why are we required to opt-out rather than opt-in? Why are BT promoting the Anti-Phishing side of the 'service' and remaining relatively quiet about the Advertising side? Why are BT not being transparant about the tests that appear to have been run within the last 6 months? What if a Webmaster does not want the hardware to 'profile' his site? What happens on a multi-user computer?

The final question is a compelling one, my partner cannot legally consent to my data being shared with a third party on my behalf. So if she turns Webwise on when the service is first launched, where does BT stand legally? I have given no consent, informed or otherwise, and therefore BT would certainly be in violation of RIPA.

In conclusion, I do not want 'Webwise' active on my account in any shape or form, no targeted advertising, no anti-phising warnings (I already have that in my browser), and definitely no extra hardware between my computer and the sites I am connecting to. Furthermore I do not give permission for Phorm or BT to create a mirrored copy of my Website for 'profiling,' for BT (or Phorm) to do so would be a violation of the Copyright, Designs and Patents act 1988.

I pay BT to provide a service, I expect BT to fulfil their contractual obligations, and to respect my privacy. Whatever BT and Phorm may claim about the privacy of the system, it's very existance means that BT's network no longer achieves my expectations. BT must provide me with a way to bypass the system, or I shall search for an ISP who will provide me with a written convenant not to pursue any course of action similar to the course currently pursued by BT, Virgin Media and Talk Talk

Thank you for your time

Yours sincerely

Ben Tasker

No doubt I'll get a crappy reply again, but as this time I could tick 'yes' to have you complained to us about this before? Hopefully it'll get noticed by someone a little higher up. Sadly if I do change ISP this site could be offline during the changeover (and I'll have no connectivity) but if it keeps my data away from Phorm then it'll be worth it.