The Phorm "Webwise" System

Ian Batten ukcrypto at chiark.greenend.org.uk
Sat, 5 Apr 2008 08:19:24 +0100 

>
> You've lost me there, I'm afraid.  Who is it that you think is passing
> off or infringing your trade mark - the ISP or SomeoneElsesBooks.com?
> It doesn't seem to me that the ISP is either using your mark as a
> trade mark or passing off its products or services as yours.  And
> whilst your loss may be SomeoneElsesBooks.com's gain, that doesn't
> mean it is doing anything that amounts to passing off or trade mark
> infringement, either.


It's a target rich environment.  I suspect the ISP, but I'm not a  
lawyer.

There are six parties involved:

* Phorm, as a broker

* The website upon whose pages Phorm adverts are placed, who are paid  
by Phorm for that space.

* The ISP who provide the user's tracking data, who are paid by Phorm  
for this information.

* The company whose products or services are advertised, who pay Phorm.

* The user.

* The website to which the user navigated.

Suppose I navigate to the website of Ganges Books, looking to buy a  
book.  Nile Books, meanwhile, have bought advertising space from Phorm  
and are essentially looking for people who buy books.

I would argue that if Nile Books pay Phorm to place adverts, and the  
overall effect is that when I navigate to Ganges Books I am served  
adverts for Nile Books, or information is placed on my computer  
masquerading as the work of Ganges Books, but whose later effect is to  
serve me adverts for Nile Books, then the ISP's systems are passing  
themselves off as Ganges Books for the commercial benefit of Nile  
Books (ignore the brokers in this for a moment).

The ISP cannot possibly claim to be a mere conduit for all this  
because, because they are taking money in order to have their machines  
selectively masquerade as Ganges Books for the benefit of Nile Books,  
and, following the money, Nile paid Phorm who paid the ISP.

Phorm are using the fact that the equipment within the ISP's network  
is (nominally at leat) owned and operated by the ISP. If they for a  
moment accepted that the equipment was actually Phorm's, and therefore  
opaque to the ISP, their DPA position would become infinitely more  
complex.  That the anonymisation barrier is crossed before it leaves  
the ISP's network is the core of both Phorm's and the ISPs' reasoning  
for not being held to be processing personally identifiable  
information improperly.

So I'd argue that the ISP are masquerading as companies with whom they  
have absolutely no commercial relationship (and indeed, people who  
have every reason to object, as no-one wants to deliver free analytics  
for their competitors' benefit) for the benefit of others.  It may be  
that those others are also implicated, but (a) being paid to do things  
that are illegal doesn't make you innocent and (b) from a  
jurisdictional point of view, we know where the UK ISPs are and they  
have lots of physical assets and UK revenue streams.

So the obvious move would be for a UK based competitor to one of  
Phorm's advertising clients (not necessarily in the UK, as they  
wouldn't need to be a party to the action) to bring suit against one  
of the UK's ISP for passing off.  ``Whenever my client's customers  
navigate to my client's website, they are served adverts for a  
competitor.  This is done by systems owned by your client pretending  
to be those owned by my client, without my client's consent and (for  
bonus points) misappropriating my client's trademarks.''

ian