Personal web data to be stored for a year

This is a most disturbing development and yet I see no real sign of outcry from either of the opposition parties. Government has demonstrated it cannot be trusted and neither, for that matter, can any potential government for so long as they can accede to such intrusion.

The same old arguments are trotted out each time; national security, terrorist threats, public safety but it is the elasticity with which the reasons are interpreted that is the real threat.

The current situation is even worse than is represented in the article. In this instance an arguable case can be made that such data is needed to help fight terrorism or for national security purposes or for fighting crime.

How would you feel, for example, if the entirety of your internet browsing were to be snooped on just to provide targeted advertising? Is that something you would be happy with? I ask because that is exactly where we are heading.

A company called Phorm has done a deal with BT, Virgin Media and Carphone Warehouse to install Deep Packet Inspection technology at the heart of the network of these Internet Service Providers. It will build a profile on people, according to their browsing habits, purely to provide better targeted advertising. This is a huge invasion of online privacy. It sits at the heart of the ISP and cannot be evaded. Phorm claim that people will be able to opt-out but what Phorm don't say is that you will only be able to opt out of receiving the adverts . Even if you opt-out your online browsing still goes through the Deep Packet Inspection kit and is effectively illegally intercepted.

Its the only equivalent of the post office opening all your letters, reading them, building a profile on based on what you said and then using that information to better target junk mail at you.

Now, what if I were to tell you that Phorm has a history in spyware? Back when Phorm was known as 121 media, they were responsible for some software called people on page, context plus and the apropos rootkit. F-secure, a well respected computer security company categorised this software as spyware. Is this the kind of company you want to trust with your online privacy and you want to have equipment snooping on your every move online?

It gets worse. In 2006 and 2007 Phorm and BT ran secret trials of this technology on tens of thousands of customers without their knowledge or consent. These trials were potentially illegal and efforts are ongoing to have BT/Phorm prosecuted for these trials without customers consent. The Crown Prosecution Service is currently considering whether to allow a private prosecution.

Phorm counters that its system protects privacy and they never know who you are and that data is anonymised but they are wrong. I will leave others to explain Anonymity VS Pseudonymity. Phorm like to say that what google does is worse while ignoring the fact I have choice about using google services. I can easily choose to use a different search engine or different webmail provider. The Phorm DPI kit sits at the heart of the ISP network and cannot be evaded. Opting out will not stop the interception of your browsing traffic.

Phorm also claim that its critics are against behavioural advertising but we aren't. This is a very deliberate straw-man argument. Numerous times we have said it is the Deep Packet Inspection/snooping we object to but Phorm will not engage on this point. This is something they share with BT who consistently delete any threads about Phorm from the BT customer support forums. More transparency from the people who didn't think they needed to ask if they could spy on tens of thousands of their customers in 2006 and 2007.

Even Sir Tim Berners Lee, largely credited as the inventor of the World Wide Web while working at CERN said the following, at a House of Lords meeting discussing Internet Privacy on 11th march 2009, about Deep Packet Inspection; 'To allow someone to snoop on your Internet traffic is to allow them to put a television camera in your room, except it will tell them a whole lot more about you than the television camera...'

He also was quoted as saying 'Clearly we must not interfere with the Internet, and we must not snoop on the Internet. If we snoop on clicks and data, we can find out a lot more information about people than if we listen to their conversations.'

Of course Phorm disagree but who are you going to trust? The inventor of the World Wide Web or a company with a history in Spyware?

Phorm must be stopped. If you care about your privacy then do your own research and you will find many of us out there trying what we can to stop this insidious threat/technology. A good starting place would be the badphorm or nodpi websites.

@asonberg

Many thanks for your write up. I thought it would be a few years before the government started to sell off all this data to advertisers.

Have they started to sell licences already?

Why do we not here more about this in the UK? Are you Swedish?

I'm pretty much expecting to see that old chestnut "if you haven't got anything to hide, you haven't got anything to fear" on this comment thread by morning, so to those who take this view, I would like to pose a question:

Can you give me a guarantee that at no point in the future will a non-benign government come into power, take control of that data, and use it for non-benign purposes?

I have in fact written to the Identity & Passport department three times regarding ID cards and the supporting database infrastructure to ask the above question. Although they have written back (listing a huge number of "benefits" to the systems), they have not yet answered the question.

@kw9751

Hosts files won't stop the snooping, not by the government or by BT and Virgin. I think it will only stop YOU seeing things, not them. They sit and monitor your one and only internet connection. All of it.

I think this phorm stuff is even worse than the government snooping. At least HMG. say they want to stop crime. Phorm and BT and Richard Branson's Virgin just want to shove ads in your face. And at least HMG. needs a warrant to look (I think).

I think it's wrong to spy on peoples internet communications. It's like opening their letters. HMG should only do it in rare circumstances under strict rules. Commercial companies should NEVER do it.

What is this country coming to? How did we get here?

WOW that is a story. just to let you know I am following this discussion as I am developing a data privacy & protection summit in October for privacy specialists from FT 300 corporates and your comments are very insightful to help me write the programme.
I think I need to get this "Home Office spokesman" to speak at this event. If you can think of anybody else I should invite then email me at rbryant@eng-nl.com
Kind regards
Rhiannon Bryant
E.N.G www.eng-nl.com

that nobody has spotted the business opportunity

I can understand the need to track those under suspicion, I can understand the need to monitor certain types of sensitive commnication traffic, but we seem now to have a society where we are all suspects, ALL the time - even our most innocent movements and communications tracked, and logged,our faces photographed everywhere we go. I object to being watched as a suspect, 24 hours a day, it has fundamentally altered my relationship to the state. If they state wish to have my loyalty, they must stop treating me like a criminal, 24 hours a day.

And just as the state shouldn't be tracking my every move, nor should business. We are sleepwalking into a surveillance internet, where not only the state, but advertisers are intercepting and monitoring our communications. One company in particular has a uniquely invasive form of behavioural tracking - inserted into the heart of your internet service - tracking equipment that stands between you and the internet. The company is called Phorm, the technology is called Webwise, and the ISPs considering using it are BT (who have already done 2 secret and one public trial), Virgin Media and TalkTalk.

There is NO way to avoid this technology except to leave your ISP for one that doesn't use it. You can't evade it with HOSTS files, you can't avoid it by deleting cookies or even blocking them, whatever action you take, all your traffic will be intercepted by Phorm supplied, Phorm programmed Deep Packet Inspection kit. The government have at least said they won't inspect the contents of our communications routinely, but Phorm's Webwise technology DOES. It is not possible at present, to opt out of this interception.

Phorm's method of tracking and behavioural targeting is unique. It is distinct from the sort of behaviourally targeted advertising carried out by search engines or website cookies on certain parts of the web. It is done AT SOURCE, in the heart of your ISP, and you can't escape. If hte postman opens all your mail at the sorting office there is no way to opt out, even if you block the resulting junk mail from being delivered. Your mail has been intercepted, it has been read, and someone somewhere knows the details.

Phorm's Webwise, as trialled by BT, is also unique in the way it seeks to divert trade from 3rd party websites, as it abuses their copyright, database and trademark rights, scraping their sites to use the data without consent to divert trade to its own advertising partners in the OIX partnership. Phorm is bad for individual privacy, and bad for commercial businesses too.

Just put "Phorm" into your search engine and chase a few links. You will find a story of dubious legality, interception, deception, PR spin, and regulatory intertia. Phorm, and its uniquely invasive ISP-based interception surveillance using DPI, must be stopped, before our privacy disappears completely. Search for "nodpi", "badphorm" and "inphormationdesk" for some solutions

Our government is there for us. It should not be a body that does what it wants but it should do what we want. Thus, if we do not want this (and are prepared to accept any concequences of not having it) then it should not happen. (By accept concequences I mean that we listen to gov. saying they have to stop terrorists and decide if risks are real and if they are if our freedom is worth any risks).

Unfortunately this government has treated the last election as them having been installed as dictators for 5 years. Even when they are very aware they are acting against the public desires they charge on ignoring their role in the running of society (their role being to serve us).

One day we might just get a government that recognises that they are there to serve us and we are not there to serve then i.e. in the UK we do not have the Napoleonic system of state as in e.g. France). If governments continue to ignore this I can see a lot of problems starting in the years to come. I hope I'm wrong or that governments change their attitudes (and given my age I will probably not be around anyway - alrady rather old !!). It does not take any changes to the system - just the nature of the people getting elected.

How rapidly access to this information will be extended to every municipal busybody and town-hall nosey-parker, not to mention "health professionals" and "stress councillors". You can expect your preferences to be displayed on the computer link on every police car, your doctor's and dentists practice, your children's school office, your MP, your lawyer, Uncle Tom Cobley and all. Your children will be taunted about it in the playground. Your spouse will be misinformed about it by their would-be paramour, your mother by the local gossip. The only person who will not be able to access it will be yourself.

All this will be done "for your own good", to protect you from terrorism, to improve your mind.

The cost will hugely outweigh the benefit.

Roll on The Revolution!

Won't using a foreign hosted secure VPN tunnel bypass both the government and local ISP monitoring? There were a number of providers based in Sweden used by prolific file sharers to preseve their annonymity, but I think there's been a change in Swedish law recently so that might no longer be the case.

"It is the Government's priority to protect public safety and national security."

It's a great ruse - if you disagree with this sentiment then automatically you become a dissident; clearly you can't have the safety of the nation in mind! It's an enabler that allows any law to be passed.

As for Phorm, if anyone thinks this is a good thing, you deserve everything you get. I'll be ditching BT the moment it goes live under unfair changes to T&Cs.

so now the percived threat of terrisom is being turned into the justification for the goverment and its agencys to spy on are communications.the fear now outways any percived threat yet the fear is used against the very people there supposed to be protecting.this is indeed the thin edge of the wedge over the last twenty years or so almost every goverment agency has enforced more and more regulations upon are lives more often than not unpublisized,hidden,in the small print,who is to blame for all this ? we are yes we are, we simply dont question whats going on, there are many avenues to question the powers that be write to your MPs/AMs demand reasons behind policy,look into policy your self look at the wider implications and who and what is effected.times have changed policy makers are rushing ahead with lligistration with no proper consultation with the people, your rights and freedoms are being erroded from a ever decreasing circle fueled by a ever suspicious control crazy state,the most disturbing part of the "personal web data to be stored for a year"is the fact that you have a conversation with mr x six months down the line mr x commits a crime because you are now a associate of mr x you will have to prove you had nothing at all to do with mr Xs crime after all the date,time ip addy have all been logged,of your contact with mr x but because the content of your conversation with mr x has not been logged [the crux of the matter] and you may not of recorded this information yourself [and why should you] you could find yourself in the impossible position of trying to defend your self against guilty by associaion. after all you dont have a log and neither do the powers that be, this is just one example of why this new law/regulation is flawed

Why?How are they going to distinguish between people who accidentally go to a so called terrorist website and those who purposely visit one?Impossible.What is the point?This is a case of Government completely misunderstanding web technology.Pathetic is the only word that describes this measure.Not only is UK the most watched country through cctv in the world ,it will now become the most watched country through the internet in the world,more so than China.

I have been reading this from Florida, U.S.A. I like thousands of others e-mail the UK every day. My communications travel through UK ISP's to get to the person(s) I am writing to. It makes my spine crawl to think that because I enter UK ISPs that my U.S sent e-mail will have fallen into the hands of those controlling this "spy" system. If that is the case, and I assume it is, is it not logical that my sending sytem is now open to, and connected to them as well. "For every action there is an equal and opposite reaction".

Just think...anyone sending an off colored joke could be followed as a possible sex offender. Anyone sending a political funny could be followed as a possible terrorist. And the list goes on and on. Scary!

We're inching toward having to receive a mark on our hands = 666. Wake up, people!

Nevermind eh

I think Jade Goody's funeral is far more important than all this paranoia.

I think I just slope off to watch the footy now. I am after all, a bovine moron, enslaved in unrepayable debt, spied upon constantly, robbed by the corporate kleptocracy at every opportunity.

Liberty, freedom, self determination self responsibility, sound money, fairness and ethics in politics?

PAH

The Third Way - A boot stamping on a face......FOREVER

Direct opposition would result in false accusations of terrorism against us, so we have to choose an indirect method. I suggest that we overwhelm the internet Gestapo with useless information by frequently visiting sites that have no interest for us. Indeed an automatic random browsing program could easily be developed for this purpose. When the initial fishing expeditions proved useless, the government would be forced to retreat to a proper position of only monitoring people for whom there was a genuine suspicion that they were committing crimes.

Doodle on your friends with facebook http://apps.facebook.com/doodlefb/

Three years ago, My home was searched under Operation Ore.

It seems my details were used in an ATTEMPT to sign up to a site associated with child pornography. No money changed hands, the confirmation email which was known to have been sent out was never replied to. All this was known BEFORE a warrant was issued, and no discreet investigations were undertaken to find any more compelling evidence prior to obtaining a warrant. Put simply, there was no cause to issue that warrant.

This "evidence", which spoke at least as much of my innocence as any possible guilt did not stop the state sanctioned invasion of my home and the complete disruption of my work and private life. Fortunately my family is made of sterner stuff. Ironically, the actions of the powers that be, in riding roughshod over our rights, have left my family and I in better shape than ever - no mortgage, no debt, no rent to pay - no worries; well very few. Even the recession hasn't bitten us yet.

I see in these new invasive laws and the tendency of HMG to ignore the invasion of our privacy and the erosion of our rights by corporate entities, a logical progression from the trials of Operation ORE - the trial of novel methods to abuse ordinary people - by the state.

This will end in tears and almost certainly violence, as marginalised individuals and groups find what little stake they have in society squeezed beyond value. We've seen it already on a VERY small scale. What's to lose if your culture, your religion, your beliefs, your family, your identity are devalued to nothing? Downtrodden people get bigger boots or they go under. Question is, how many will go for military issue and how many of them will be smart enough to do a lot of damage with minimal resources?

Incidentally, this latest invasion of our privacy will do absolutely NOTHING to stop or capture any self respecting terrorist or criminal. Those in the corridors of power have practically ZERO knowledge of the technical realities of what they are attempting and are equally in ignorance of the blindingly easy methods of circumventing their surveillance. Furthermore, the martyrdom syndrome that afflicts the most dedicated terrorist leaves no room for the consideration of capture and arrest. They need only avoid detection until after the event. This law is a waste of time, resources and taxpayer's money.

Don't mind me, I'm just passing through - the fringe has its compensations....

Vital part of crime detection... rubbish, that can be covered by a simple court warrant.

What we are here, is the point where all it takes is one single, simple stroke of legislation and suddenly the government has access to everything you do online, CONTENT and who to and from.

Are we not under the ECHR charter entitled to a basic right to a private life? This is in direct violation of that simple tenet.

Always the "security" word, this f***ing government is obsessed with that word, yet it manages to lose a lot of data every year although I have theory that people are paid/instructed to lose that information so it gets into the hands of those willing to pay or using it as an excuse to transfer information to America and Israel who both have a very unhealthy interest in our private data.

At a time when England needs to be looking after it's money it's absolutely ridiculous that the Home Office is going to be giving taxpayers money to internet and phone companies. Seriously ? I understand that there is valuable information on people's computers about terrorist activities and child pornography, so put money behind that. After all, the police have done stellar work in the recent past in tracking people down and seizing their PC's to find this. So why on earth throw money away on mindlessly investigating the entire country's data when probably 90% or more will be completely innocent. What a complete waste of time, money and resources.
You may as well say let's take a turn following around every person in Britain for a day or a week to the police. That's a great idea. Or how about steaming open everyone's post and then re-gluing it before it actually gets sent. That's not a waste of effort.
Come on you English, where's your defence of personal space and liberty now, you didn't have the saying an Englishman's home is his castle for nothing you know ?

OMGosh dude no way!

RT
www.anon-tools.cz.tc

The connections between people are more useful to the security services that the actual contents of email. This is why Facebook is a goldmine because it all about contacts.

If you want to secure the contents of any email (or any text at all) ClipSecure is a simple tool that lets you encrypt it. Just highlight the text and hit the button. Share a password with whoever will receive the email. Obviously don't send the password by email! Swap it in person.

http://www.snapfiles.com/get/clipsecure.html

i used to vote labour, when it meant something. now it's just a beaurocratic (sp?) juggernaut with the humanity of the stasi and the morals of pol pot.

and as for paying the isps for the information, at least pay us, the public!!! cheeky so and so's.

when the politicians get their own house in order, then they can start on the rest of us. the political class must be the most useless, self serving bunch of ingrates and degenerates in the country. do any of them actually know what it's like to live in the real world?

at least muggers do it to your face!!