Republished: No Phoul Play Involved - Good Phorm by BadPhorm

Originally published on 5 May 2009

A question posed on the StopPhoulPlay blog;

The more interesting question is this: if the Home Office and the many expert legal advisors we consulted are wrong, how is it that a system such as GMail - which scans emails from non-account holders without their consent to GMail users - is not also an ?interception? and as such not also a prime target of their campaign?

Unlike Gmail?s webmail service, which is perfectly legal, Phorm?s system is fully anonymous, does not look at email and does not store personal information such as IP addresses. Surely if FIPR/ORG is genuinely interested in a fair debate and the application of law as it sees it, the question merits a response?

The simple answer is, I choose to use Gmail. Those people are e-mailing me with information that they clearly want me to see. That's the difference, I don't have a choice where WebWise is concerned, the packets are still going to hit Phorms system, even if only long enough to check my cookies. That in itself is assuming that Phorm are being upfront and honest about the systems behaviour.

The article in question also mentions Five points, they claim that criticism of Phorm follows a familiar pathway;

1. Make a sensational claim (Phorm ?colludes? with Home Office)
2. Induce someone with some stature into associating themselves with it (in this case Baroness Miller to whom we re-extend our invitation to explain how the system actually works, since we are best qualified to explain our own technology)
3. Take every opportuniy to criticise Phorm when the media (the BBC) cover the story.
4. Move on to the next claim once this claim, like all others, is discredited.

So lets take a look at it;

1. Phorm did collude with the Home Office. Maybe consult or co-operate would have been a better word, but the fact remains that Phorm did speak to the Home Office. If they told HMG about the secret trials, then they colluded. If Phorm didn't tell them about the trials then Phorm lied to the Home Office.

2. It seems very easy to claim that someone has been induced. The problem is, outside of Phorm and BT, there seem to be very few people pushing the benefits of Phorm. It appears a good number of BT employees are against the system, so I'd suggest the only people truly interested in seeing this system are those that stand to profit.

3. This is a reversal of logic, the news story does not prompt the criticism. The investigation leading to the story takes place because of the vocal criticism, and look at some of the things that have been uncovered. Without the media stories we probably would not have an admission on just how wide ranging the trials were.
Potentially the EU would not have become involved in the whole sorry mess.

4. I haven't yet noticed any substantial claims being discredited. We know Phorm claim their system does not store personal information, but prove it. Prove that it doesn't and never will. Prove that there is absolutely no way to track a UID back to an IP or a person. Prove that your system isn't in breach of RIPA, Prove that you are not violating the copyright of websites such as this one.

That same article also contains the following snippet

Phorm?s system is fully capable of being deployed in accordance with UK and EU law. This is a matter of record as far as the EU and UK authorities (BERR) are concerned, as well as the UK regulator (ICO). Phorm?s system has, furthermore, developed a privacy-protecting technology that actively anticipates future changes in the law ? and not just in the UK/EU, but on a global basis.

Now, the ICO may have passed the buck. They may even have given the system a thumbs up so long as certain conditions are met, but the EU have done no such thing. The UK taxpayer potentially faces a huge fine because of this system, or more the failure of our Government to intervene. Claiming that the EU is ok about the system is clearly unsubstantiated.

The website also contains an article about the claims that Phorm stores and sells your personal data. The claims they refute, on the face of it are incorrect. At least as far as Phorms statements allow us to believe. The problem is, all this is still based on trust. And 121Media I do not trust.

The points raised are also not really the focus of the article on p2pnet News. The story is more about the discussions between the Home Office and Phorm, and the facts raised there are consistent with many of the points raised.
Realistically, use of the phrase 'lifts personal data' was probably just a poor choice of words, and does very little to bring the entire article into disrepute.

Directly from their front page, there is a link to a specific section of this thread. I suspect it is intended to give a negative view of Anti-Phorm campaigners, but the thread (read it all) does read well. It is an honest and open discussion for the most part, and does begin to address some of the concerns about links between Phorm and Privacy International.

And finally we have the link explaining how the Anti-Phorm brigade Operate. Indeed it is a page dedicated to Phorms view of their critcs modus operandi. So lets take a quick look at their claims, and then just maybe turn the spyglass onto Phorm themselves.

The blog raises the question of why a smear campaign is being run against them. Or more to the point, why most opposition is voiced through the media, and used to try and effect their share prices. The answer to this is simple.

We need to make everyone aware of this system, it is also the only way to make your voice heard in a world where money rules. Objections have been made to the government, and various agencies. Look where that went, it's lead to the UK being threatened with a fine by the EU.

The poster then moves onto mention the wish of Anti-Phorm Activists to remain anonymous. Can you really blame them? And there's plenty of anecdotal evidence to show that Phorm have done a little bit of research in order to ascertain who the activists are. It may have been a simple WHOIS request, it may have been something more, but the creator of Dephormation is no longer known purely as Dephormation.

I also suspect that asking MP's, MEP's, peers of the realm and technical experts about the system has very little to do with hiding ones own identity. I think it is more about raising the issue with people who have the power to do something about it.

Now let's take a brief look at some of the tricks that Phorm has pulled. We'll give them the benefit of the doubt, and assume that the anonymity of the Anti-Phorm groups was not broken by Phorm. But;

  • Phorm did edit a Wikipedia article about itself to remove elements it deemed unfavourable. This is deceptive and in violation of Wikipedia's TOS.
  • Phorm did (in combination with BT) run secret trials of it's system without the consent of BT's customers. And it  was noticed, but denied (what does that say about both the effects of the system and the honesty of the two companies?)
  • None of the companies focus on the issues being raised, originally Webwise was promoted as helping web safety (with it's anti-phishing add-on).
  • Most of it's defences seem to involve raising the subject of Google's systems. This is comparing Apples and Pears, unless I use G-Mails web interface the Ad system shouldn't read my mail. I can block Adsense with firefox add ons, or avoid using Google. Changing e-mail provider and search engine (and installing an add-on) is far less hassle than changing ISP. Plus, Google have not been involved in Malware (as far as we know at least).
  • Phorm supports the 'legality' of it's systems by saying it consulted legal experts, but it never says who these experts are. We know they spoke to the Home Office, but can get no information on the other experts. Phorm can not even tell us on what basis their other experts believed the trials could be legal.
  • Phorm focuses on the purported benefits of the system, but will not consider making the system a network level opt-in. Why? Probably because they know almost no-one will opt-in. They are relying on the fact that the average user may not even know the system is in place, and so will not know to opt-out.

Phorm's creation of the StopPhoulPlay blog has been described as unprofessional by the Guardian, and does seem to consist of a lot of logic reversal (definitely one of their hallmarks). The strange thing about the whole situation though is how Phorm continues onwards, they must truly believe that some UK Consumers want them. Either that or the fees from Advertisers are likely to be very lucrative, either way, if the system is truly of benefit to people, they will probably Opt-in.

But they should have to Opt-in, it shouldn't be done on their behalf. And it should be network level, it may mean that BT have to look at their Routing Tables, but traffic from people that want Phorm should travel down a completely different cable. It'll probably never happen, but it's looking more like the alternative is that BT will lose a substantial proportion of their installed consumer base, or Phorm will be banned by the Government.