Phorm
Encyclopedia
Phorm, formerly known as 121Media, is a Delaware
, United States-based digital technology company known for its advertising software. Founded in 2002, the company originally distributed programs that were considered spyware
, from which they made millions of dollars in revenue. It has since stopped distributing those programs after complaints from groups in the United States and Canada, and announced it was talking with several United Kingdom Internet service provider
s (ISPs) to deliver targeted advertising
based on the websites that users visit.
The company's proposed advertising system, called Webwise, is a behavioral targeting
service (similar to NebuAd
) that uses deep packet inspection
to examine traffic. Phorm says the data collected will be anonymous and will not be used to identify users, and that their service would even include protection against phishing
(fraudulent collection of users' personal information). Nonetheless, World Wide Web creator Sir Tim Berners-Lee
and others have spoken out against Phorm for tracking users' browsing habits, and the ISP BT Group
has been criticised for running secret trials of the service.
The UK Information Commissioner's Office has voiced legal concerns with Webwise as it is currently implemented, and has said it would only be legal as an "opt-in" service, not an opt-out
system. The European Commission
has called on the UK to protect Web users' privacy, and opened an infringement proceeding against the country in regard to ISPs' use of Phorm. Some groups, including Amazon.com
and the Wikimedia Foundation
(the non-profit organization that operates Wikipedia
and other collaborative wiki
projects), have already requested an opt-out of their websites from scans by the system.
. 121Media distributed a program called PeopleOnPage, which was classified as spyware by F-Secure
. PeopleOnPage was an application built around their advertising engine, called ContextPlus. ContextPlus was also distributed as a rootkit
called Apropos, which used tricks to prevent the user from removing the application and sent information back to central servers regarding a user's browsing habits.
The Center for Democracy and Technology
, a United States-based advocacy group, filed a complaint with the US Federal Trade Commission
in November 2005 over distribution of what it considered spyware, including ContextPlus. They stated that they had investigated and uncovered deceptive and unfair behaviour. This complaint was filed in concert with the Canadian Internet Policy and Public Internet Center, a group that was filing a similar complaint against Integrated Search Technologies with Canadian authorities.
ContextPlus shut down its operations in May 2006 and stated they were "no longer able to ensure the highest standards of quality and customer care". The shutdown came after several major lawsuits against adware vendors had been launched. By September 2007, 121Media became known as Phorm, and admitted a company history in adware and the closing down of a multi-million dollar revenue stream as people confused adware
with spyware
.
In early 2008 Phorm admitted editing its article on Wikipedia
. Phorm admitted removing a quotation from The Guardian
s commercial executives describing the opposition they have towards its tracking system, and deleting a passage explaining how BT admitted misleading customers over covert Phorm trials in 2007. The changes were quickly noticed and reversed by the online encyclopedia's editors.
In June 2009 a Wikileaks article raised suspicion about whether "Phorm is duping investors with misleading statements to the market" in a share sale via Astaire Securities.
(formerly British Telecom), Virgin Media
, and TalkTalk (at the time owned by The Carphone Warehouse
)—on a behavioral targeting
advertisement service to monitor browsing habits and serve relevant advertisements to the end user. Phorm say these deals would have given them access to the surfing habits of 70% of British households with broadband. The service, which uses deep packet inspection
to check the content of requested web pages, has been compared to those of NebuAd
and Front Porch
.
The service, which would have been marketed to end-users as "Webwise", would work by categorising user interests and matching them with advertisers who wish to target that type of user. "As you browse we're able to categorise all of your Internet actions", said Phorm COO Virasb Vahidi. "We actually can see the entire Internet."
The company says that data collected would be completely anonymous and that Phorm will never be aware of the identity of the user or what they have browsed, and adds that Phorm's advertising categories exclude certain sensitive terms and have been widely drawn so as not to reveal the identity of the user. By monitoring users' browsing, Phorm even says they are able to offer some protection against online fraud and phishing
.
It is said that users will be able to opt out
of Phorm's service. However, according to a spokesman for Phorm, the way the opt-out works means the contents of the websites visited will still be mirrored
to its system. All computers, all users, and all http applications used by each user of each computer will need to be configured (or supplemented with add ons) to opt out. It has since been declared by the Information Commissioner's Office that Phorm would only be legal under UK law if it were an opt-in service.
Phorm's system, like many websites, uses HTTP cookies (small pieces of text) to store user settings. The company said that an initial web request is redirected three times (using HTTP 307 responses) within their system, so that they can inspect cookies to determine if the user has opted out. The system then sets a unique Phorm tracking identifier (UID) for the user (or collects it if it already exists), and adds a cookie that is forged to appear to come from the requested website.
In an analysis titled "Stealing Phorm Cookies", Clayton wrote that Phorm's system stores a tracking cookie for each website visited on the user's PC, and that each contains an identical copy of the user's UID. Where possible, Phorm's system strips its tracking cookies from http requests before they are forwarded across the internet to a website's server, but it cannot prevent the UID from being sent to websites using https
. This would allow websites to associate the UID to any details the website collects about the visitor.
Phorm Senior Vice President of Technology Marc Burgess has said that the collected information also includes a timestamp. Burgess said, "This is enough information to accurately target an ad in [the] future, but cannot be used to find out a) who you are, or b) where you have browsed."
Following the decision by Wikimedia Foundation
and Amazon
to opt their websites out of being profiled by Phorm's Webwise system, and as an incentive for websites to remain opted IN to the phorm profiling, Phorm have launched Webwise Discover. The Korean launch of this web publisher incentive, was announced in a press conference in Covent Garden, London, UK, on 3 June 2009.http://www.bbc.co.uk/blogs/technology/2009/06/phorms_phlat_product_launch.html A poll conducted by Populus
http://www.populus.co.uk/phorm-webwise-discover-poll-310509.html on 2075 individuals revealed that 66% either liked the idea or liked it a lot, after being shown a demonstration video.
Website publishers are invited to upload a web widget which will provide a small frame to display recommended web links, based on the tracked interests of any Phorm-tracked website visitors (those whose ISP uses Phorm Deep Packet Inspection to intercept and profile web traffic). There would be no charge to the website, and Phorm do not stand to make any money from Webwise Discover, however there are plans to display targeted adverts in the future.http://www.sharecatalog.com/technology/phorm-woos-browsers-with-personalised-web/ The widget would only deliver link recommendations if the user was signed up for targeted advertising with a Phormed ISP, to everyone else the widget would be invisible. http://www.theregister.co.uk/2009/06/03/phorm_webwise_discover/ At the press launch Phorm spokespersons admitted that at present not a single UK ISP or website has yet signed up to Webwise Discover system, http://www.bbc.co.uk/blogs/technology/2009/06/phorms_phlat_product_launch.html although they emphasised it was part of the current Korea Telecom Webwise trials. Legal advice has been offered to websites considering signing up to the OIX system by Susan Singleton.http://www.marketingdirectmag.co.uk/news/907369/brands-follow-Amazons-lead-opt-Phorm/
(ORG) raised questions about Phorm's legality and asked for clarification of how the service would work. FIPR has argued that Phorm's online advert system is illegal in the UK. Nicholas Bohm, general counsel at FIPR, said: "The need for both parties to consent to interception in order for it to be lawful is an extremely basic principle within the legislation, and it cannot be lightly ignored or treated as a technicality." His open letter to the Information Commissioner has been published on the FIPR web site.
The Conservative
peer Lord Northesk
has questioned whether the UK government is taking any action on the targeted advertising service offered by Phorm in the light of the questions about its legality under the Data Protection and Regulation of Investigatory Powers Acts.
On 9 April 2008, the Information Commissioner's Office ruled that Phorm would only be legal under UK law if it were an opt-in service. The Office stated it will closely monitor the testing and implementation of Phorm, in order to ensure data protection laws are observed.
The UK Home Office
has indicated that Phorm's proposed service is only legal if users give explicit consent. The Office itself became a subject of controversy when emails between it and Phorm were released. The emails showed that the company edited a draft legal interpretation by the Office, and that an official responded "If we agree this, and this becomes our position do you think your clients and their prospective partners will be comforted." Liberal Democrat
spokeswoman on Home Affairs, Baroness Sue Miller, considered it an act of collusion
: "The fact the Home Office asks the very company they are worried is actually falling outside the laws whether the draft interpretation of the law is correct is completely bizarre."
The Register
reported in May 2008 that Phorm's logo strongly resembled that of an unrelated UK company called Phorm Design. They quoted the smaller company's owner, Simon Griffiths: "I've had solicitors look at it and they say we'd have to go to court. [Phorm are] obviously a big player with a lot of clout. I'm a small design agency in Sheffield
that employs three people."
Until 21 September 2010, Phorm's Webwise service also shared the same name as BBC WebWise
.
Monitoring of the Phorm website using a Website change detection service allerted interested parties to changes on 21 September 2010. Phorm's website had been edited to remove references to the word 'Webwise'. Phorm's Webwise product had become 'PhormDiscover'.
The Office for Harmonization in the Internal Market
(OHIM) Trade Marks and Designs Registration Office of the European Union website CTM-Online database lists Phorm's application for use of the 'Webwise' trade mark name. The British Broadcasting Corporation is listed as an opponent on grounds of 'Likelihood of confusion'. The City of London based legal firm Bristows wrote to the OHIM on 22 September 2010, withdrawing the BBC's opposition saying, "The British Broadcasting Corporation have instructed us to request the withdrawal of the above Opposition No. B11538985"
On 28 October 2010, BT removed the Webwise pages from their company website although it wast not until November 12, 2010 that all pages had finally been confirmed as removed by forum contributors at the campaign group 'NoDPI.org'
communications commissioner Viviane Reding
has said that the commission was concerned Phorm was breaching consumer privacy directives, and called on the UK Government to take action to protect consumers' privacy. The European Commission
wrote to the UK government on 30 June 2008 to set out the context of the EU's interest in the controversy, and asked detailed questions ahead of possible Commission intervention. It required the UK to respond to the letter one month after it was sent. A spokeswoman for the Department for Business, Enterprise and Regulatory Reform
(BERR) admitted on 16 August that the UK had not met the deadline.
On 16 September, BERR refused The Register request to release the full text of their reply to the European Commission, but released a statement to the effect that the UK authorities consider Phorm's products are capable of being operated in a lawful, appropriate and transparent fashion. Unsatisfied by the response, the European Commission wrote to the UK again on 6 October. Martin Selmayr, spokesman for Reding's Information Society and Media directorate-general said, "For us the matter is not finished. Quite the contrary."
The UK government responded again in November, but the Commission sent another letter to the government in January 2009. This third letter was sent because the Commission was not satisfied with explanations about implementation of European law in the context of the Phorm case. Selmayr was quoted in The Register as saying, "The European Commission's investigation with regard to the Phorm case is still ongoing," and he went on to say that the Commission may have to proceed to formal action if the UK authorities do not provide a satisfactory response to the Commission's concerns.
On 14 April, the European Commission said they have "opened an infringement proceeding against the United Kingdom" regarding ISPs' use of Phorm:
That day, in response to a news item by The Register regarding the European Commission's preparations to sue the UK government, Phorm said their technology "is fully compliant with UK legislation and relevant EU directives. This has been confirmed by BERR and by the UK regulatory authorities and we note that there is no suggestion to the contrary in the Commission's statement today." However, BERR denied such confirmation when they responded to a Freedom of Information
(FOI) request also made that day:
and property rights in data. Phorm has defended its technology in the face of what it called "misinformation" from bloggers claiming it threatens users' privacy.
Most security firms classify Phorm's targeting cookie
s as adware
. Kaspersky Lab
, whose anti-virus engine is licensed to many other security vendors, said it would detect the cookie as adware. Trend Micro said there was a "very high chance" that it would add detection for the tracking cookies as adware. PC Tools echoed Trend's concerns about privacy and security, urging Phorm to apply an opt-in approach. Specialist anti-spyware firm Sunbelt Software also expressed concerns, saying Phorm's tracking cookies were candidates for detection by its anti-spyware software.
Ross Anderson, professor of security engineering at Cambridge University, said: "The message has to be this: if you care about your privacy, do not use BT, Virgin or Talk-Talk as your internet provider." He added that, historically, anonymising technology had never worked. Even if it did, he stressed, it still posed huge privacy issues.
Phorm has engaged a number of public relations
advisers including Freuds, Citigate Dewe Rogerson and ex-House of Commons media adviser John Stonborough in an attempt to save its reputation, and has engaged with audiences via moderated online webchats.
The creator of the World Wide Web
, Sir Tim Berners-Lee
, has criticised the idea of tracking his browsing history saying that "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return." He also said that he would change his ISP if they introduced the Phorm system. As Director of the World Wide Web Consortium
, Berners-Lee also published a set of personal design notes titled "No Snooping", in which he explains his views on commercial use of packet inspection and references Phorm.
Simon Davies
, a privacy advocate and founding member of Privacy International
, said "Behavioural advertising is a rather spooky concept for many people." In a separate role at 80/20 Thinking, a consultancy start-up, he was engaged by Phorm to look at the system. He said: "We were impressed with the effort that had been put into minimising the collection of personal information." He was subsequently quoted as saying "[Privacy International] DOES NOT endorse Phorm, though we do applaud a number of developments in its process." "The system does appear to mitigate a number of core privacy problems in profiling, retention and tracking... [but] we won't as PI support any system that works on an opt-out basis." Kent Ertugrul later said he made a mistake when he suggested Privacy International
had endorsed Phorm: "This was my confusion I apologise. The endorsement was in fact from Simon Davies, the MD of 80 / 20 who is also a director of privacy international."
, and says Williamson is trying to disgrace Ertugrul and Phorm through "serial letter writing". Hanff believes the Stopphoulplay website's statements are "completely irrelevant" to his campaign and that they will backfire on Ertugrul, while Williamson laments that Phorm "has now stooped to personal smears".
When it launched on 28 April 2009, Stopphoulplay.com discussed a petition to the UK Prime Minister on the Downing Street website. When originally launched the web page claimed, "The website managers at 10 Downing Street recognised their mistake in allowing a misleading petition to appear on their site, and have since provided assurances to Phorm that they will not permit this to happen again". That same day, the Freedom of Information
(FOI) Act was used to request confirmation of the claim by Phorm and on 29 April Phorm removed the quoted text from the website and replaced it with nothing. The Prime Minister's Office replied to the FOI request on 28 May, stating they held no information in relation to the request concerning Phorm's claim.
A day after the site's launch, BBC correspondent Darren Waters wrote, "This is a battle with no sign of a ceasefire, with both sides[Phorm and anti-Phorm campaigners] settling down to a war of attrition, and with governments, both in the UK and the EU, drawn into the crossfire."
The site was closed down in September 2009 and now redirects to the main Phorm site.
confirmed they ran a small scale trial, at one exchange, of a "prototype advertising platform" in 2007. The trial involved tens of thousands of end users. BT customers will be able to opt out
of the trial—BT said they are developing an improved, non-cookie
based opt-out of Phorm—but no decision has been made as to their post-trial approach.
The Register reported that BT ran an earlier secret trial in 2006, in which it intercepted and profiled the web browsing of 18,000 of its broadband customers. The technical report states that customers who participated in the trial were not made aware of the profiling, as one of the aims of the validation was not to affect their experience.
On 4 June 2008, a copy of a 52 page report allegedly from inside BT, titled "PageSense External Technical Validation", was uploaded to Wikileaks
, a site that hosts anonymously-submitted sensitive documents. The report angered many members of the public; there are questions regarding the involvement of charity ads for Oxfam, Make Trade Fair and SOS Children's Villages, and whether or not they were made aware that their ads were being used in what many feel were highly illegal technical trials. The report also has data which shows over 18 million web page requests from customers had JavaScript embedded into the responses, which has again raised questions about the legal standing of those trials.
FIPR's Nicholas Bohm has said that trials of an online ad system carried out by BT involving more than 30,000 of its customers were potentially illegal. Channel 4
's Krishnan Guru-Murthy
interviewed BT's head of value added services, Emma Sanderson, about their trials.
BT's third trial of Phorm's Webwise system repeatedly slipped. The trial was to last for approximately two weeks on 10,000 subscribers, and was originally due to start in March 2008, then pushed to April and again to the end of May; it has yet to occur. The company is facing legal action over trials of Phorm that were carried out without user consent.
On 2 September 2008, while investigating a complaint made by anti-Phorm protestors, the City of London Police met with BT representatives to informally question them about the secret Phorm trials. On 25 September the Police announced that there will be no formal investigation of BT over its secret trials of Phorm in 2006 and 2007. According to Alex Hanff, the police said there was no criminal intent on behalf of BT and there was implied consent because the service was going to benefit customers. Bohm said of that police response:
On 29 September 2008, it was announced in BT's support forum that their trial of Phorm's Webwise system would commence the following day. BT press officer Adam Liversage stated that BT is still working on a network-level opt-out, but that it will not be offered during the trial. Opted-out traffic will pass through the Webwise system but will not be mirrored or profiled. The final full roll-out of Webwise across BT's national network will not necessarily depend the completion of the work either.
Civil liberties campaigners The Open Rights Group
urged BT's customers not to participate in the BT Webwise trials, saying their "anti-fraud" feature is unlikely to have advantages over features already built into web browsers.
Subscribers to BT forums had used the Beta forums to criticise and raise concerns about BT's implementation of Phorm, but BT responded with a statement:
According to Kent Ertugrul
, BT would have completed the rollout of its software by the end of 2009. The Wall Street Journal
, however, reported in July 2009 that BT had no plans to do so by then, and was concentrating on "other opportunities". Phorm's share price fell 40% on the news.
On July 6, 2009 BT's former chief press officer, Adam Liversage, described his thoughts using Twitter
: "A year of the most intensive, personal-reputation-destroying PR trench warfare all comes to nothing...". He ended his comment with "Phantastic" Adam Liversage is now the Director of Communications for the British Phonographic Industry
(BPI - British Recorded Music Industry) and he has now made his tweets 'protected' (unpublic).
On 25 February 2010, the Crown Prosecution Service
(CPS) continued to work on a potential criminal case against BT over its secret trials of Phorm's system. Prosecutors considered whether or not to press criminal charges against unnamed individuals under Part I of the Regulation of Investigatory Powers Act. In April 2011 the CPS decided not to prosecute as this would not be in the public interest, as neither Phorm or BT had acted in bad faith and any penalty imposed would be nominal.
ft.com
, The Guardian
, Universal McCann, MySpace
, iVillage
, MGM OMD, Virgin Media
and Unanimis. The Guardian
has withdrawn from its targeted advertising deal with Phorm; in an email to a reader, advertising manager Simon Kilby stated "It is true that we have had conversations with them [Phorm] regarding their services but we have concluded at this time that we do not want to be part of the network. Our decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." In response to an article published in The Register on 26 March 2008, Phorm has stated that MySpace has not joined OIX as a Publisher. The Financial Times has decided not to participate in Phorm's impending trial.
Concerns have been raised about the financial impact Phorm's system could have on businesses such as online shops: since Phorm uses the content viewed by visitors to build their profiles, competing stores can target advertisements at them based on products they have seen, and divert sales from shops the users previously visited. The ORG
's Jim Killock said that many businesses "will think [commercial] data and relationships should simply be private until they and their customers decide," and might even believe "having their data spied upon is a form of industrial espionage". David Evans of the British Computer Society
has questioned whether the act of publishing a website on the net is the same as giving consent for advertisers to make use of the site's content or to monitor the site's interactions with its customers.
Pete John created an add on, called Dephormation, for servers and web users to opt out and remain opted-out of the system; however, John ultimately recommends that users switch from Phorm-equipped Internet providers: "Dephormation is not a solution. Its a fig leaf
for your privacy. Do not rely on Dephormation to protect your privacy and security. You need to find a new ISP."
In April 2009, Amazon.com
announced that it would not allow Phorm to scan any of its domains. The Wikimedia Foundation
has also requested an opt-out from scans, and took the necessary steps to block all Wikimedia and Wikipedia domains from being processed by the Phorm system on the 16th of that month.
In July 2009 the Nationwide Building Society
confirmed that it would prevent Phorm from scanning its website, in order to protect the privacy of its customers.
, boss of its parent company, told the Times "We were only going to do it [Phorm] if BT did it and if the whole industry was doing it. We were not interested enough to do it on our own.”
Business news magazine New Media Age
reported on 23 April that Virgin Media moved away from Phorm and was expected to sign a deal with another company named Audience Science, while BT would meet with other advertising companies to gain what the ISP calls "general market intelligence" about Phorm.
NMA had called the moves "a shift in strategy by the two media companies". A day later, the magazine said both companies' relationships with Phorm actually remain unchanged.
Although Virgin Media were reported to have 'moved away from Phorm', in November 2010 they were the only UK based ISP to still carry information about Phorm's Webwise system on their website.
Delaware
Delaware is a U.S. state located on the Atlantic Coast in the Mid-Atlantic region of the United States. It is bordered to the south and west by Maryland, and to the north by Pennsylvania...
, United States-based digital technology company known for its advertising software. Founded in 2002, the company originally distributed programs that were considered spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
, from which they made millions of dollars in revenue. It has since stopped distributing those programs after complaints from groups in the United States and Canada, and announced it was talking with several United Kingdom Internet service provider
Internet service provider
An Internet service provider is a company that provides access to the Internet. Access ISPs directly connect customers to the Internet using copper wires, wireless or fiber-optic connections. Hosting ISPs lease server space for smaller businesses and host other people servers...
s (ISPs) to deliver targeted advertising
Targeted advertising
Targeted advertising is a type of advertising whereby advertisements are placed so as to reach consumers based on various traits such as demographics, purchase history, or observed behavior....
based on the websites that users visit.
The company's proposed advertising system, called Webwise, is a behavioral targeting
Behavioral targeting
Behavioral targeting is a technique used by online publishers and advertisers to increase the effectiveness of their campaigns.Behavioral targeting uses information collected on an individual's web-browsing behavior, such as the pages they have visited or the searches they have made, to select...
service (similar to NebuAd
NebuAd
NebuAd was an American online advertising company based in Redwood City, California, with offices in New York and London and was funded by the investment companies Sierra Ventures and Menlo Ventures....
) that uses deep packet inspection
Deep packet inspection
Deep Packet Inspection is a form of computer network packet filtering that examines the data part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can...
to examine traffic. Phorm says the data collected will be anonymous and will not be used to identify users, and that their service would even include protection against phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
(fraudulent collection of users' personal information). Nonetheless, World Wide Web creator Sir Tim Berners-Lee
Tim Berners-Lee
Sir Timothy John "Tim" Berners-Lee, , also known as "TimBL", is a British computer scientist, MIT professor and the inventor of the World Wide Web...
and others have spoken out against Phorm for tracking users' browsing habits, and the ISP BT Group
BT Group
BT Group plc is a global telecommunications services company headquartered in London, United Kingdom. It is one of the largest telecommunications services companies in the world and has operations in more than 170 countries. Through its BT Global Services division it is a major supplier of...
has been criticised for running secret trials of the service.
The UK Information Commissioner's Office has voiced legal concerns with Webwise as it is currently implemented, and has said it would only be legal as an "opt-in" service, not an opt-out
Opt-out
The term opt-out refers to several methods by which individuals can avoid receiving unsolicited product or service information. This ability is usually associated with direct marketing campaigns such as telemarketing, e-mail marketing, or direct mail. A list of those who have opted-out is called a...
system. The European Commission
European Commission
The European Commission is the executive body of the European Union. The body is responsible for proposing legislation, implementing decisions, upholding the Union's treaties and the general day-to-day running of the Union....
has called on the UK to protect Web users' privacy, and opened an infringement proceeding against the country in regard to ISPs' use of Phorm. Some groups, including Amazon.com
Amazon.com
Amazon.com, Inc. is a multinational electronic commerce company headquartered in Seattle, Washington, United States. It is the world's largest online retailer. Amazon has separate websites for the following countries: United States, Canada, United Kingdom, Germany, France, Italy, Spain, Japan, and...
and the Wikimedia Foundation
Wikimedia Foundation
Wikimedia Foundation, Inc. is an American non-profit charitable organization headquartered in San Francisco, California, United States, and organized under the laws of the state of Florida, where it was initially based...
(the non-profit organization that operates Wikipedia
Wikipedia
Wikipedia is a free, web-based, collaborative, multilingual encyclopedia project supported by the non-profit Wikimedia Foundation. Its 20 million articles have been written collaboratively by volunteers around the world. Almost all of its articles can be edited by anyone with access to the site,...
and other collaborative wiki
Wiki
A wiki is a website that allows the creation and editing of any number of interlinked web pages via a web browser using a simplified markup language or a WYSIWYG text editor. Wikis are typically powered by wiki software and are often used collaboratively by multiple users. Examples include...
projects), have already requested an opt-out of their websites from scans by the system.
Company history
In its previous incarnation as 121Media, the company's products were described as spywareSpyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
. 121Media distributed a program called PeopleOnPage, which was classified as spyware by F-Secure
F-Secure
F-Secure Corporation is an anti-virus and computer security software company based in Helsinki, Finland. The company has 18 country offices and a presence in more than 100 countries, with Security Lab operations in Helsinki, Finland and in Kuala Lumpur, Malaysia...
. PeopleOnPage was an application built around their advertising engine, called ContextPlus. ContextPlus was also distributed as a rootkit
Rootkit
A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators by subverting standard operating system functionality or other applications...
called Apropos, which used tricks to prevent the user from removing the application and sent information back to central servers regarding a user's browsing habits.
The Center for Democracy and Technology
Center for Democracy and Technology
The Center for Democracy & Technology is a Washington, D.C. based 501 non-profit public-interest group that works to promote an open, innovative and free Internet....
, a United States-based advocacy group, filed a complaint with the US Federal Trade Commission
Federal Trade Commission
The Federal Trade Commission is an independent agency of the United States government, established in 1914 by the Federal Trade Commission Act...
in November 2005 over distribution of what it considered spyware, including ContextPlus. They stated that they had investigated and uncovered deceptive and unfair behaviour. This complaint was filed in concert with the Canadian Internet Policy and Public Internet Center, a group that was filing a similar complaint against Integrated Search Technologies with Canadian authorities.
ContextPlus shut down its operations in May 2006 and stated they were "no longer able to ensure the highest standards of quality and customer care". The shutdown came after several major lawsuits against adware vendors had been launched. By September 2007, 121Media became known as Phorm, and admitted a company history in adware and the closing down of a multi-million dollar revenue stream as people confused adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
with spyware
Spyware
Spyware is a type of malware that can be installed on computers, and which collects small pieces of information about users without their knowledge. The presence of spyware is typically hidden from the user, and can be difficult to detect. Typically, spyware is secretly installed on the user's...
.
In early 2008 Phorm admitted editing its article on Wikipedia
Wikipedia
Wikipedia is a free, web-based, collaborative, multilingual encyclopedia project supported by the non-profit Wikimedia Foundation. Its 20 million articles have been written collaboratively by volunteers around the world. Almost all of its articles can be edited by anyone with access to the site,...
. Phorm admitted removing a quotation from The Guardian
The Guardian
The Guardian, formerly known as The Manchester Guardian , is a British national daily newspaper in the Berliner format...
s commercial executives describing the opposition they have towards its tracking system, and deleting a passage explaining how BT admitted misleading customers over covert Phorm trials in 2007. The changes were quickly noticed and reversed by the online encyclopedia's editors.
In June 2009 a Wikileaks article raised suspicion about whether "Phorm is duping investors with misleading statements to the market" in a share sale via Astaire Securities.
Financial losses
The company made a loss of $32.1 million in 2007, a loss of $49.8 million in 2008 and a loss of $29.7 million in 2009. By the end of 2009 the company had lost more than $100 million, with no perceivable revenue stream.Proposed advertisement service
Phorm had worked with major US and British ISPs—including BT GroupBT Group
BT Group plc is a global telecommunications services company headquartered in London, United Kingdom. It is one of the largest telecommunications services companies in the world and has operations in more than 170 countries. Through its BT Global Services division it is a major supplier of...
(formerly British Telecom), Virgin Media
Virgin Media
Virgin Media Inc. is a company which provides fixed and mobile telephone, television and broadband internet services to businesses and consumers in the United Kingdom...
, and TalkTalk (at the time owned by The Carphone Warehouse
The Carphone Warehouse
Carphone Warehouse Group PLC , known as The Carphone Warehouse, is Europe's largest independent mobile phone retailer, with over 1,700 stores across Europe. It is based in the United Kingdom and is a 50% subsidiary of Best Buy...
)—on a behavioral targeting
Behavioral targeting
Behavioral targeting is a technique used by online publishers and advertisers to increase the effectiveness of their campaigns.Behavioral targeting uses information collected on an individual's web-browsing behavior, such as the pages they have visited or the searches they have made, to select...
advertisement service to monitor browsing habits and serve relevant advertisements to the end user. Phorm say these deals would have given them access to the surfing habits of 70% of British households with broadband. The service, which uses deep packet inspection
Deep packet inspection
Deep Packet Inspection is a form of computer network packet filtering that examines the data part of a packet as it passes an inspection point, searching for protocol non-compliance, viruses, spam, intrusions or predefined criteria to decide if the packet can...
to check the content of requested web pages, has been compared to those of NebuAd
NebuAd
NebuAd was an American online advertising company based in Redwood City, California, with offices in New York and London and was funded by the investment companies Sierra Ventures and Menlo Ventures....
and Front Porch
Front Porch
Front Porch, Inc. provides services to Internet Service Providers. Front Porch technology enables an Internet Service Provider to insert its own messages to be presented to users as they use their web browsers, such as customer service notices or online advertising...
.
The service, which would have been marketed to end-users as "Webwise", would work by categorising user interests and matching them with advertisers who wish to target that type of user. "As you browse we're able to categorise all of your Internet actions", said Phorm COO Virasb Vahidi. "We actually can see the entire Internet."
The company says that data collected would be completely anonymous and that Phorm will never be aware of the identity of the user or what they have browsed, and adds that Phorm's advertising categories exclude certain sensitive terms and have been widely drawn so as not to reveal the identity of the user. By monitoring users' browsing, Phorm even says they are able to offer some protection against online fraud and phishing
Phishing
Phishing is a way of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT...
.
It is said that users will be able to opt out
Opt-out
The term opt-out refers to several methods by which individuals can avoid receiving unsolicited product or service information. This ability is usually associated with direct marketing campaigns such as telemarketing, e-mail marketing, or direct mail. A list of those who have opted-out is called a...
of Phorm's service. However, according to a spokesman for Phorm, the way the opt-out works means the contents of the websites visited will still be mirrored
Mirror (computing)
In computing, a mirror is an exact copy of a data set. On the Internet, a mirror site is an exact copy of another Internet site.Mirror sites are most commonly used to provide multiple sources of the same information, and are of particular value as a way of providing reliable access to large downloads...
to its system. All computers, all users, and all http applications used by each user of each computer will need to be configured (or supplemented with add ons) to opt out. It has since been declared by the Information Commissioner's Office that Phorm would only be legal under UK law if it were an opt-in service.
Implementation
Richard Clayton, a Cambridge University security researcher, attended an on-the-record meeting with Phorm, and published his account of how their advertising system is implemented.Phorm's system, like many websites, uses HTTP cookies (small pieces of text) to store user settings. The company said that an initial web request is redirected three times (using HTTP 307 responses) within their system, so that they can inspect cookies to determine if the user has opted out. The system then sets a unique Phorm tracking identifier (UID) for the user (or collects it if it already exists), and adds a cookie that is forged to appear to come from the requested website.
In an analysis titled "Stealing Phorm Cookies", Clayton wrote that Phorm's system stores a tracking cookie for each website visited on the user's PC, and that each contains an identical copy of the user's UID. Where possible, Phorm's system strips its tracking cookies from http requests before they are forwarded across the internet to a website's server, but it cannot prevent the UID from being sent to websites using https
Https
Hypertext Transfer Protocol Secure is a combination of the Hypertext Transfer Protocol with SSL/TLS protocol to provide encrypted communication and secure identification of a network web server...
. This would allow websites to associate the UID to any details the website collects about the visitor.
Phorm Senior Vice President of Technology Marc Burgess has said that the collected information also includes a timestamp. Burgess said, "This is enough information to accurately target an ad in [the] future, but cannot be used to find out a) who you are, or b) where you have browsed."
Incentives
Phorm is considering offering an incentive, in addition to the phishing protection it originally planned, as a means to convince end-users to opt-in to its Webwise system. The alternate incentives, suggested in a Toluna.com market research survey carried out on behalf of Phorm, included further phishing protection, a donation to charity, a free technical support line, or one pound off opted-in users' monthly broadband subscription.Following the decision by Wikimedia Foundation
Wikimedia Foundation
Wikimedia Foundation, Inc. is an American non-profit charitable organization headquartered in San Francisco, California, United States, and organized under the laws of the state of Florida, where it was initially based...
and Amazon
Amazon.com
Amazon.com, Inc. is a multinational electronic commerce company headquartered in Seattle, Washington, United States. It is the world's largest online retailer. Amazon has separate websites for the following countries: United States, Canada, United Kingdom, Germany, France, Italy, Spain, Japan, and...
to opt their websites out of being profiled by Phorm's Webwise system, and as an incentive for websites to remain opted IN to the phorm profiling, Phorm have launched Webwise Discover. The Korean launch of this web publisher incentive, was announced in a press conference in Covent Garden, London, UK, on 3 June 2009.http://www.bbc.co.uk/blogs/technology/2009/06/phorms_phlat_product_launch.html A poll conducted by Populus
Populus Ltd
Populus is a market research company in the United Kingdom formed in 2003. Populus co-founded the British Polling Council in 2004 and regularly publishes opinion polls on voting intention and as well as other political and commercial issues. Clients have included national brands such as the AA and...
http://www.populus.co.uk/phorm-webwise-discover-poll-310509.html on 2075 individuals revealed that 66% either liked the idea or liked it a lot, after being shown a demonstration video.
Website publishers are invited to upload a web widget which will provide a small frame to display recommended web links, based on the tracked interests of any Phorm-tracked website visitors (those whose ISP uses Phorm Deep Packet Inspection to intercept and profile web traffic). There would be no charge to the website, and Phorm do not stand to make any money from Webwise Discover, however there are plans to display targeted adverts in the future.http://www.sharecatalog.com/technology/phorm-woos-browsers-with-personalised-web/ The widget would only deliver link recommendations if the user was signed up for targeted advertising with a Phormed ISP, to everyone else the widget would be invisible. http://www.theregister.co.uk/2009/06/03/phorm_webwise_discover/ At the press launch Phorm spokespersons admitted that at present not a single UK ISP or website has yet signed up to Webwise Discover system, http://www.bbc.co.uk/blogs/technology/2009/06/phorms_phlat_product_launch.html although they emphasised it was part of the current Korea Telecom Webwise trials. Legal advice has been offered to websites considering signing up to the OIX system by Susan Singleton.http://www.marketingdirectmag.co.uk/news/907369/brands-follow-Amazons-lead-opt-Phorm/
Legality
The Open Rights GroupOpen Rights Group
The Open Rights Group is a UK-based organisation that works to preserve digital rights and freedoms by campaigning on digital rights issues, acting as a media clearinghouse service putting journalists in touch with experts, and by fostering a community of grassroots activists...
(ORG) raised questions about Phorm's legality and asked for clarification of how the service would work. FIPR has argued that Phorm's online advert system is illegal in the UK. Nicholas Bohm, general counsel at FIPR, said: "The need for both parties to consent to interception in order for it to be lawful is an extremely basic principle within the legislation, and it cannot be lightly ignored or treated as a technicality." His open letter to the Information Commissioner has been published on the FIPR web site.
The Conservative
Conservative Party (UK)
The Conservative Party, formally the Conservative and Unionist Party, is a centre-right political party in the United Kingdom that adheres to the philosophies of conservatism and British unionism. It is the largest political party in the UK, and is currently the largest single party in the House...
peer Lord Northesk
David Carnegie, 14th Earl of Northesk
David John MacRae Carnegie, 14th Earl of Northesk was a British hereditary peer, landowner and member of the House of Lords.David Carnegie was the son of Robert, the 13th Earl , and Jean Margaret MacRae...
has questioned whether the UK government is taking any action on the targeted advertising service offered by Phorm in the light of the questions about its legality under the Data Protection and Regulation of Investigatory Powers Acts.
On 9 April 2008, the Information Commissioner's Office ruled that Phorm would only be legal under UK law if it were an opt-in service. The Office stated it will closely monitor the testing and implementation of Phorm, in order to ensure data protection laws are observed.
The UK Home Office
Home Office
The Home Office is the United Kingdom government department responsible for immigration control, security, and order. As such it is responsible for the police, UK Border Agency, and the Security Service . It is also in charge of government policy on security-related issues such as drugs,...
has indicated that Phorm's proposed service is only legal if users give explicit consent. The Office itself became a subject of controversy when emails between it and Phorm were released. The emails showed that the company edited a draft legal interpretation by the Office, and that an official responded "If we agree this, and this becomes our position do you think your clients and their prospective partners will be comforted." Liberal Democrat
Liberal Democrats
The Liberal Democrats are a social liberal political party in the United Kingdom which supports constitutional and electoral reform, progressive taxation, wealth taxation, human rights laws, cultural liberalism, banking reform and civil liberties .The party was formed in 1988 by a merger of the...
spokeswoman on Home Affairs, Baroness Sue Miller, considered it an act of collusion
Collusion
Collusion is an agreement between two or more persons, sometimes illegal and therefore secretive, to limit open competition by deceiving, misleading, or defrauding others of their legal rights, or to obtain an objective forbidden by law typically by defrauding or gaining an unfair advantage...
: "The fact the Home Office asks the very company they are worried is actually falling outside the laws whether the draft interpretation of the law is correct is completely bizarre."
The Register
The Register
The Register is a British technology news and opinion website. It was founded by John Lettice, Mike Magee and Ross Alderson in 1994 as a newsletter called "Chip Connection", initially as an email service...
reported in May 2008 that Phorm's logo strongly resembled that of an unrelated UK company called Phorm Design. They quoted the smaller company's owner, Simon Griffiths: "I've had solicitors look at it and they say we'd have to go to court. [Phorm are] obviously a big player with a lot of clout. I'm a small design agency in Sheffield
Sheffield
Sheffield is a city and metropolitan borough of South Yorkshire, England. Its name derives from the River Sheaf, which runs through the city. Historically a part of the West Riding of Yorkshire, and with some of its southern suburbs annexed from Derbyshire, the city has grown from its largely...
that employs three people."
Until 21 September 2010, Phorm's Webwise service also shared the same name as BBC WebWise
BBC WebWise
BBC WebWise is the BBC's guide to the internet for computer novices. Created in 1998, it consists of a series of articles and videos as well as a computing course accredited by examining body OCR. It also incorporates elements of another BBC website, BBC raw computers...
.
Monitoring of the Phorm website using a Website change detection service allerted interested parties to changes on 21 September 2010. Phorm's website had been edited to remove references to the word 'Webwise'. Phorm's Webwise product had become 'PhormDiscover'.
The Office for Harmonization in the Internal Market
Office for Harmonization in the Internal Market
The Office for Harmonization in the Internal Market , or OHIM is the trademark and designs registry for the internal market of the European Union. It is based in Alicante, Spain, and its president is António Campinos.- Task :...
(OHIM) Trade Marks and Designs Registration Office of the European Union website CTM-Online database lists Phorm's application for use of the 'Webwise' trade mark name. The British Broadcasting Corporation is listed as an opponent on grounds of 'Likelihood of confusion'. The City of London based legal firm Bristows wrote to the OHIM on 22 September 2010, withdrawing the BBC's opposition saying, "The British Broadcasting Corporation have instructed us to request the withdrawal of the above Opposition No. B11538985"
On 28 October 2010, BT removed the Webwise pages from their company website although it wast not until November 12, 2010 that all pages had finally been confirmed as removed by forum contributors at the campaign group 'NoDPI.org'
European Commission case against UK over Phorm
European UnionEuropean Union
The European Union is an economic and political union of 27 independent member states which are located primarily in Europe. The EU traces its origins from the European Coal and Steel Community and the European Economic Community , formed by six countries in 1958...
communications commissioner Viviane Reding
Viviane Reding
Viviane Reding is a Luxembourgian politician, currently serving as European Commissioner for Justice, Fundamental Rights and Citizenship. Before starting a professional career as a journalist for the leading newspaper in Luxembourg, the Luxemburger Wort, she obtained a doctorate in human sciences...
has said that the commission was concerned Phorm was breaching consumer privacy directives, and called on the UK Government to take action to protect consumers' privacy. The European Commission
European Commission
The European Commission is the executive body of the European Union. The body is responsible for proposing legislation, implementing decisions, upholding the Union's treaties and the general day-to-day running of the Union....
wrote to the UK government on 30 June 2008 to set out the context of the EU's interest in the controversy, and asked detailed questions ahead of possible Commission intervention. It required the UK to respond to the letter one month after it was sent. A spokeswoman for the Department for Business, Enterprise and Regulatory Reform
Department for Business, Enterprise and Regulatory Reform
The Department for Business, Enterprise and Regulatory Reform was a United Kingdom government department. The department was created on 28 June 2007 on the disbanding of the Department of Trade and Industry , and was itself disbanded on 6 June 2009 on the creation of the Department for Business,...
(BERR) admitted on 16 August that the UK had not met the deadline.
On 16 September, BERR refused The Register request to release the full text of their reply to the European Commission, but released a statement to the effect that the UK authorities consider Phorm's products are capable of being operated in a lawful, appropriate and transparent fashion. Unsatisfied by the response, the European Commission wrote to the UK again on 6 October. Martin Selmayr, spokesman for Reding's Information Society and Media directorate-general said, "For us the matter is not finished. Quite the contrary."
The UK government responded again in November, but the Commission sent another letter to the government in January 2009. This third letter was sent because the Commission was not satisfied with explanations about implementation of European law in the context of the Phorm case. Selmayr was quoted in The Register as saying, "The European Commission's investigation with regard to the Phorm case is still ongoing," and he went on to say that the Commission may have to proceed to formal action if the UK authorities do not provide a satisfactory response to the Commission's concerns.
On 14 April, the European Commission said they have "opened an infringement proceeding against the United Kingdom" regarding ISPs' use of Phorm:
That day, in response to a news item by The Register regarding the European Commission's preparations to sue the UK government, Phorm said their technology "is fully compliant with UK legislation and relevant EU directives. This has been confirmed by BERR and by the UK regulatory authorities and we note that there is no suggestion to the contrary in the Commission's statement today." However, BERR denied such confirmation when they responded to a Freedom of Information
Freedom of Information Act 2000
The Freedom of Information Act 2000 is an Act of Parliament of the Parliament of the United Kingdom that creates a public "right of access" to information held by public authorities. It is the implementation of freedom of information legislation in the United Kingdom on a national level...
(FOI) request also made that day:
Reaction
Initial reaction to the proposed service highlighted deep concerns with regards to individual privacyPrivacy
Privacy is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively...
and property rights in data. Phorm has defended its technology in the face of what it called "misinformation" from bloggers claiming it threatens users' privacy.
Most security firms classify Phorm's targeting cookie
HTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
s as adware
Adware
Adware, or advertising-supported software, is any software package which automatically plays, displays, or downloads advertisements to a computer. These advertisements can be in the form of a pop-up. They may also be in the user interface of the software or on a screen presented to the user during...
. Kaspersky Lab
Kaspersky Lab
Kaspersky Lab is a Russian computer security company, co-founded by Natalia Kaspersky and Eugene Kaspersky in 1997, offering anti-virus, anti-spyware, anti-spam, and anti-intrusion products...
, whose anti-virus engine is licensed to many other security vendors, said it would detect the cookie as adware. Trend Micro said there was a "very high chance" that it would add detection for the tracking cookies as adware. PC Tools echoed Trend's concerns about privacy and security, urging Phorm to apply an opt-in approach. Specialist anti-spyware firm Sunbelt Software also expressed concerns, saying Phorm's tracking cookies were candidates for detection by its anti-spyware software.
Ross Anderson, professor of security engineering at Cambridge University, said: "The message has to be this: if you care about your privacy, do not use BT, Virgin or Talk-Talk as your internet provider." He added that, historically, anonymising technology had never worked. Even if it did, he stressed, it still posed huge privacy issues.
Phorm has engaged a number of public relations
Public relations
Public relations is the actions of a corporation, store, government, individual, etc., in promoting goodwill between itself and the public, the community, employees, customers, etc....
advisers including Freuds, Citigate Dewe Rogerson and ex-House of Commons media adviser John Stonborough in an attempt to save its reputation, and has engaged with audiences via moderated online webchats.
The creator of the World Wide Web
World Wide Web
The World Wide Web is a system of interlinked hypertext documents accessed via the Internet...
, Sir Tim Berners-Lee
Tim Berners-Lee
Sir Timothy John "Tim" Berners-Lee, , also known as "TimBL", is a British computer scientist, MIT professor and the inventor of the World Wide Web...
, has criticised the idea of tracking his browsing history saying that "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return." He also said that he would change his ISP if they introduced the Phorm system. As Director of the World Wide Web Consortium
World Wide Web Consortium
The World Wide Web Consortium is the main international standards organization for the World Wide Web .Founded and headed by Tim Berners-Lee, the consortium is made up of member organizations which maintain full-time staff for the purpose of working together in the development of standards for the...
, Berners-Lee also published a set of personal design notes titled "No Snooping", in which he explains his views on commercial use of packet inspection and references Phorm.
Simon Davies
Simon Davies (privacy advocate)
Simon Davies is a privacy advocate and academic based in London UK. He was one of the first campaigners in the field of international privacy advocacy, founding the watchdog organization Privacy International in 1990 and subsequently working in emerging areas of privacy such as electronic visual...
, a privacy advocate and founding member of Privacy International
Privacy International
Privacy International is a UK-based non-profit organisation formed in 1990, "as a watchdog on surveillance and privacy invasions by governments and corporations." PI has organised campaigns and initiatives in more than fifty countries and is based in London, UK.-Formation, background and...
, said "Behavioural advertising is a rather spooky concept for many people." In a separate role at 80/20 Thinking, a consultancy start-up, he was engaged by Phorm to look at the system. He said: "We were impressed with the effort that had been put into minimising the collection of personal information." He was subsequently quoted as saying "[Privacy International] DOES NOT endorse Phorm, though we do applaud a number of developments in its process." "The system does appear to mitigate a number of core privacy problems in profiling, retention and tracking... [but] we won't as PI support any system that works on an opt-out basis." Kent Ertugrul later said he made a mistake when he suggested Privacy International
Privacy International
Privacy International is a UK-based non-profit organisation formed in 1990, "as a watchdog on surveillance and privacy invasions by governments and corporations." PI has organised campaigns and initiatives in more than fifty countries and is based in London, UK.-Formation, background and...
had endorsed Phorm: "This was my confusion I apologise. The endorsement was in fact from Simon Davies, the MD of 80 / 20 who is also a director of privacy international."
Stopphoulplay.com
Ertugrul has set up a website called "Stopphoulplay.com", in reaction to Phorm critics Alexander Hanff and Marcus Williamson. Ertugrul called Hanff a "serial agitator" who has run campaigns against both Phorm and other companies such as Procter & GambleProcter & Gamble
Procter & Gamble is a Fortune 500 American multinational corporation headquartered in downtown Cincinnati, Ohio and manufactures a wide range of consumer goods....
, and says Williamson is trying to disgrace Ertugrul and Phorm through "serial letter writing". Hanff believes the Stopphoulplay website's statements are "completely irrelevant" to his campaign and that they will backfire on Ertugrul, while Williamson laments that Phorm "has now stooped to personal smears".
When it launched on 28 April 2009, Stopphoulplay.com discussed a petition to the UK Prime Minister on the Downing Street website. When originally launched the web page claimed, "The website managers at 10 Downing Street recognised their mistake in allowing a misleading petition to appear on their site, and have since provided assurances to Phorm that they will not permit this to happen again". That same day, the Freedom of Information
Freedom of Information Act 2000
The Freedom of Information Act 2000 is an Act of Parliament of the Parliament of the United Kingdom that creates a public "right of access" to information held by public authorities. It is the implementation of freedom of information legislation in the United Kingdom on a national level...
(FOI) Act was used to request confirmation of the claim by Phorm and on 29 April Phorm removed the quoted text from the website and replaced it with nothing. The Prime Minister's Office replied to the FOI request on 28 May, stating they held no information in relation to the request concerning Phorm's claim.
A day after the site's launch, BBC correspondent Darren Waters wrote, "This is a battle with no sign of a ceasefire, with both sides
The site was closed down in September 2009 and now redirects to the main Phorm site.
BT trials
After initial denials, BT GroupBT Group
BT Group plc is a global telecommunications services company headquartered in London, United Kingdom. It is one of the largest telecommunications services companies in the world and has operations in more than 170 countries. Through its BT Global Services division it is a major supplier of...
confirmed they ran a small scale trial, at one exchange, of a "prototype advertising platform" in 2007. The trial involved tens of thousands of end users. BT customers will be able to opt out
Opt-out
The term opt-out refers to several methods by which individuals can avoid receiving unsolicited product or service information. This ability is usually associated with direct marketing campaigns such as telemarketing, e-mail marketing, or direct mail. A list of those who have opted-out is called a...
of the trial—BT said they are developing an improved, non-cookie
HTTP cookie
A cookie, also known as an HTTP cookie, web cookie, or browser cookie, is used for an origin website to send state information to a user's browser and for the browser to return the state information to the origin site...
based opt-out of Phorm—but no decision has been made as to their post-trial approach.
The Register reported that BT ran an earlier secret trial in 2006, in which it intercepted and profiled the web browsing of 18,000 of its broadband customers. The technical report states that customers who participated in the trial were not made aware of the profiling, as one of the aims of the validation was not to affect their experience.
On 4 June 2008, a copy of a 52 page report allegedly from inside BT, titled "PageSense External Technical Validation", was uploaded to Wikileaks
Wikileaks
WikiLeaks is an international self-described not-for-profit organisation that publishes submissions of private, secret, and classified media from anonymous news sources, news leaks, and whistleblowers. Its website, launched in 2006 under The Sunshine Press organisation, claimed a database of more...
, a site that hosts anonymously-submitted sensitive documents. The report angered many members of the public; there are questions regarding the involvement of charity ads for Oxfam, Make Trade Fair and SOS Children's Villages, and whether or not they were made aware that their ads were being used in what many feel were highly illegal technical trials. The report also has data which shows over 18 million web page requests from customers had JavaScript embedded into the responses, which has again raised questions about the legal standing of those trials.
FIPR's Nicholas Bohm has said that trials of an online ad system carried out by BT involving more than 30,000 of its customers were potentially illegal. Channel 4
Channel 4
Channel 4 is a British public-service television broadcaster which began working on 2 November 1982. Although largely commercially self-funded, it is ultimately publicly owned; originally a subsidiary of the Independent Broadcasting Authority , the station is now owned and operated by the Channel...
's Krishnan Guru-Murthy
Krishnan Guru-Murthy
Krishnan Guru-Murthy , is a British television presenter and journalist employed by Channel 4. He presents the Channel 4 Evening News and the foreign affairs programme Unreported World.-Education:...
interviewed BT's head of value added services, Emma Sanderson, about their trials.
BT's third trial of Phorm's Webwise system repeatedly slipped. The trial was to last for approximately two weeks on 10,000 subscribers, and was originally due to start in March 2008, then pushed to April and again to the end of May; it has yet to occur. The company is facing legal action over trials of Phorm that were carried out without user consent.
On 2 September 2008, while investigating a complaint made by anti-Phorm protestors, the City of London Police met with BT representatives to informally question them about the secret Phorm trials. On 25 September the Police announced that there will be no formal investigation of BT over its secret trials of Phorm in 2006 and 2007. According to Alex Hanff, the police said there was no criminal intent on behalf of BT and there was implied consent because the service was going to benefit customers. Bohm said of that police response:
On 29 September 2008, it was announced in BT's support forum that their trial of Phorm's Webwise system would commence the following day. BT press officer Adam Liversage stated that BT is still working on a network-level opt-out, but that it will not be offered during the trial. Opted-out traffic will pass through the Webwise system but will not be mirrored or profiled. The final full roll-out of Webwise across BT's national network will not necessarily depend the completion of the work either.
Civil liberties campaigners The Open Rights Group
Open Rights Group
The Open Rights Group is a UK-based organisation that works to preserve digital rights and freedoms by campaigning on digital rights issues, acting as a media clearinghouse service putting journalists in touch with experts, and by fostering a community of grassroots activists...
urged BT's customers not to participate in the BT Webwise trials, saying their "anti-fraud" feature is unlikely to have advantages over features already built into web browsers.
Subscribers to BT forums had used the Beta forums to criticise and raise concerns about BT's implementation of Phorm, but BT responded with a statement:
According to Kent Ertugrul
Kent Ertugrul
Kent Ertugrul is the current chief executive of Phorm. He is paid an annual salary of £150,000 for this role.He was previously CEO of 121Media, which changed its name to Phorm in 2007....
, BT would have completed the rollout of its software by the end of 2009. The Wall Street Journal
The Wall Street Journal
The Wall Street Journal is an American English-language international daily newspaper. It is published in New York City by Dow Jones & Company, a division of News Corporation, along with the Asian and European editions of the Journal....
, however, reported in July 2009 that BT had no plans to do so by then, and was concentrating on "other opportunities". Phorm's share price fell 40% on the news.
On July 6, 2009 BT's former chief press officer, Adam Liversage, described his thoughts using Twitter
Twitter
Twitter is an online social networking and microblogging service that enables its users to send and read text-based posts of up to 140 characters, informally known as "tweets".Twitter was created in March 2006 by Jack Dorsey and launched that July...
: "A year of the most intensive, personal-reputation-destroying PR trench warfare all comes to nothing...". He ended his comment with "Phantastic" Adam Liversage is now the Director of Communications for the British Phonographic Industry
British Phonographic Industry
The British Phonographic Industry is the British record industry's trade association.-Structure:Its membership comprises hundreds of music companies including all four "major" record companies , associate members such as manufacturers and distributors, and hundreds of independent music companies...
(BPI - British Recorded Music Industry) and he has now made his tweets 'protected' (unpublic).
On 25 February 2010, the Crown Prosecution Service
Crown Prosecution Service
The Crown Prosecution Service, or CPS, is a non-ministerial department of the Government of the United Kingdom responsible for public prosecutions of people charged with criminal offences in England and Wales. Its role is similar to that of the longer-established Crown Office in Scotland, and the...
(CPS) continued to work on a potential criminal case against BT over its secret trials of Phorm's system. Prosecutors considered whether or not to press criminal charges against unnamed individuals under Part I of the Regulation of Investigatory Powers Act. In April 2011 the CPS decided not to prosecute as this would not be in the public interest, as neither Phorm or BT had acted in bad faith and any penalty imposed would be nominal.
Advertisers and websites
Advertisers which had initially expressed an interest about Phorm include:ft.com
Financial Times
The Financial Times is an international business newspaper. It is a morning daily newspaper published in London and printed in 24 cities around the world. Its primary rival is the Wall Street Journal, published in New York City....
, The Guardian
The Guardian
The Guardian, formerly known as The Manchester Guardian , is a British national daily newspaper in the Berliner format...
, Universal McCann, MySpace
MySpace
Myspace is a social networking service owned by Specific Media LLC and pop star Justin Timberlake. Myspace launched in August 2003 and is headquartered in Beverly Hills, California. In August 2011, Myspace had 33.1 million unique U.S. visitors....
, iVillage
IVillage
iVillage, Inc. is a media company that is owned by NBCUniversal. The site focuses on categories targeted at women, including Food, Health, Entertainment, Family, Beauty & Style. Additional businesses and brand extensions within iVillage Networks include iVillage UK, NBC Digital Health Network,...
, MGM OMD, Virgin Media
Virgin Media
Virgin Media Inc. is a company which provides fixed and mobile telephone, television and broadband internet services to businesses and consumers in the United Kingdom...
and Unanimis. The Guardian
The Guardian
The Guardian, formerly known as The Manchester Guardian , is a British national daily newspaper in the Berliner format...
has withdrawn from its targeted advertising deal with Phorm; in an email to a reader, advertising manager Simon Kilby stated "It is true that we have had conversations with them [Phorm] regarding their services but we have concluded at this time that we do not want to be part of the network. Our decision was in no small part down to the conversations we had internally about how this product sits with the values of our company." In response to an article published in The Register on 26 March 2008, Phorm has stated that MySpace has not joined OIX as a Publisher. The Financial Times has decided not to participate in Phorm's impending trial.
Concerns have been raised about the financial impact Phorm's system could have on businesses such as online shops: since Phorm uses the content viewed by visitors to build their profiles, competing stores can target advertisements at them based on products they have seen, and divert sales from shops the users previously visited. The ORG
Open Rights Group
The Open Rights Group is a UK-based organisation that works to preserve digital rights and freedoms by campaigning on digital rights issues, acting as a media clearinghouse service putting journalists in touch with experts, and by fostering a community of grassroots activists...
's Jim Killock said that many businesses "will think [commercial] data and relationships should simply be private until they and their customers decide," and might even believe "having their data spied upon is a form of industrial espionage". David Evans of the British Computer Society
British Computer Society
The British Computer Society, is a professional body and a learned society that represents those working in Information Technology in the United Kingdom and internationally...
has questioned whether the act of publishing a website on the net is the same as giving consent for advertisers to make use of the site's content or to monitor the site's interactions with its customers.
Pete John created an add on, called Dephormation, for servers and web users to opt out and remain opted-out of the system; however, John ultimately recommends that users switch from Phorm-equipped Internet providers: "Dephormation is not a solution. Its a fig leaf
Fig leaf
A fig leaf is the covering up of an act or an object that is embarrassing or disagreeable. The term is a metaphorical reference to the Biblical Book of Genesis, in which Adam and Eve used fig leaves to cover "their nakedness" after eating the fruit from the Tree of Knowledge of Good and...
for your privacy. Do not rely on Dephormation to protect your privacy and security. You need to find a new ISP."
In April 2009, Amazon.com
Amazon.com
Amazon.com, Inc. is a multinational electronic commerce company headquartered in Seattle, Washington, United States. It is the world's largest online retailer. Amazon has separate websites for the following countries: United States, Canada, United Kingdom, Germany, France, Italy, Spain, Japan, and...
announced that it would not allow Phorm to scan any of its domains. The Wikimedia Foundation
Wikimedia Foundation
Wikimedia Foundation, Inc. is an American non-profit charitable organization headquartered in San Francisco, California, United States, and organized under the laws of the state of Florida, where it was initially based...
has also requested an opt-out from scans, and took the necessary steps to block all Wikimedia and Wikipedia domains from being processed by the Phorm system on the 16th of that month.
In July 2009 the Nationwide Building Society
Nationwide Building Society
Nationwide Building Society is a British building society, and is the largest in the world. It has its headquarters in Swindon, England, and maintains significant administration centres in Bournemouth and Northampton...
confirmed that it would prevent Phorm from scanning its website, in order to protect the privacy of its customers.
Internet service providers
The three ISPs linked to Phorm have all changed or clarified their plans since first signing on with the company. In response to customer concerns, TalkTalk said that its implementation would have been "opt-in" only (as opposed to BT's "opt-out") and those that don't "opt in" will have their traffic split to avoid contact with a WebWise (Phorm) server. In July 2009, the company confirmed it would not implement Phorm; Charles DunstoneCharles Dunstone
Charles Dunstone is the CEO and co-founder, in 1989, of mobile phone retailer The Carphone Warehouse.-Education:...
, boss of its parent company, told the Times "We were only going to do it [Phorm] if BT did it and if the whole industry was doing it. We were not interested enough to do it on our own.”
Business news magazine New Media Age
New Media Age
New Media Age is a weekly news magazine, covering business use of interactive media in the UK.New Media Age is owned by Centaur Media plc. It was launched as a newsletter in May 1995 under editor Phil Dwyer with reporters Nick Jones and Catherine Stewart...
reported on 23 April that Virgin Media moved away from Phorm and was expected to sign a deal with another company named Audience Science, while BT would meet with other advertising companies to gain what the ISP calls "general market intelligence" about Phorm.
NMA had called the moves "a shift in strategy by the two media companies". A day later, the magazine said both companies' relationships with Phorm actually remain unchanged.
Although Virgin Media were reported to have 'moved away from Phorm', in November 2010 they were the only UK based ISP to still carry information about Phorm's Webwise system on their website.