FIPR-Bulletin: "Home Office guidance misleading" says FIPR
Richard Clayton
ukcrypto at chiark.greenend.org.uk
Wed, 23 Apr 2008 14:13:26 +0100
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI (and please don't quote it all in any followups!)
- -=-=-=-=-
FIPR Press Release
For Immediate Release: Wednesday 23rd April 2008
"Home Office guidance misleading" says FIPR
- -------------------------------------------
The Foundation for Information Policy Research (FIPR) has today released
the text of an open letter to Jacqui Smith, the Home Secretary, on the
legality of Phorm Inc's proposal to provide targeted advertising by
snooping on Internet users' web browsing. FIPR calls on the Home
Secretary to withdraw her department's previous statement because it has
become incomplete and misleading in the light of new technical and legal
analysis of Phorm's system, and is an obstacle to the just enforcement
of the law.
The letter explains that a technical note by Dr Richard Clayton, FIPR's
Treasurer, and a legal analysis by Nicholas Bohm, its General Counsel,
show that the operation of Phorm's systems involves:
* interception of communications, an offence contrary to section 1 of
the Regulation of Investigatory Powers Act 2000
* fraud, an offence contrary to section 1 of the Fraud Act 2006
* unlawful processing of sensitive personal data, contrary to the Data
Protection Act 1998
Individual directors and managers of the Internet Service Providers
involved could be criminally liable for these offences.
The full text of the open letter can be viewed at:
http://www.fipr.org/080423holetter.pdf
and it is also set out in full below.
RELATED DOCUMENTS
Richard Clayton's technical analysis:
http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf
Nicholas Bohm's legal analysis:
http://www.fipr.org/080423phormlegal.pdf
The Home Office statement from February 2008:
http://cryptome.org/ho-phorm.htm
QUOTES
Said Nicholas Bohm, General Counsel, FIPR:
"My legal analysis shows that the operation of Phorm's system involves
illegal interception, fraud and breach of the data protection
principles. Our papers demolish the existing Home Office statement,
and it should be withdrawn. The Information Commissioner and the
police should carry out a proper investigation of the complaints which
have been made to them."
Said Richard Clayton, Treasurer, FIPR:
"Phorm's system will illegally intercept and process private and
sensitive data, and we have now established that it will break other
laws as well. The Home Office's superficial analysis said that the
system would be lawful. Given their batting average at the High Court,
relying upon their opinion was always unwise -- this new paper spells
out the errors they have made, and makes it essential that their
report is withdrawn.
CONTACTS
Nicholas Bohm
General Counsel, FIPR
01279 871272
07715 419728
nbohm@ernest.net
Richard Clayton
Treasurer, FIPR
01223 763570
07887 794090
treasurer@fipr.org
NOTES FOR EDITORS
1. The Foundation for Information Policy Research (http://www.fipr.org)
is an independent body that studies the interaction between information
technology and society. Its goal is to identify technical developments
with significant social impact, commission and undertaken research into
public policy alternatives, and promote public understanding and
dialogue between technologists and policy- makers in the UK and Europe.
2. Phorm (http://www.phorm.com/) claims that their "proprietary,
patent-pending technology revolutionises both audience segmenting
techniques and online user data privacy" and has recently announced that
it has signed agreements with UK Internet service providers BT, TalkTalk
and Virgin Media to offer its new online advertising platform Open
Internet Exchange (OIX) and free consumer Internet feature Webwise.
3. In a statement released on 8th April the Information Commissioner's
Office said:
"A question has been raised by the some individuals about whether or
not the Phorm products entails an unlawful interception of
communications under the Regulation of Investigatory Powers Act 2000
(RIPA). The Home Office is responsible for compliance with RIPA and
Phorm has approached the office directly and had a written response.
Some organisations have stressed an alternative view that the scanning
of the content of websites by the ISP on route to the user will entail
an interception of communication during transmission. This is a
matter that the Home Office takes the lead on and the Commissioner
will not be taking any further action."
4. FIPR has written to the Home Secretary as follows:
The Rt Hon Jacqui Smith PC MP
Home Office
2 Marsham Street
London
SW1P 4DF 23rd April 2008
Dear Secretary of State,
The Phorm "Webwise" System
Interception of Communications
In February 2008 your department began to circulate to interested
parties a note addressing the question of whether the operations of
Internet Service Providers in scrutinising their customers' web
browsing for the purposes of targeted online advertising involved the
interception of communications, and whether it was lawful if it did.
On 11th March Mr Simon Watkin of your department helpfully published
that note on the ukcrypto mailing list. In response to questions
about the note, he made the point that the note was not, and did not
purport to be, based upon a detailed technical examination of any
particular technology. The purpose of this letter is to explain why
that note should be withdrawn.
Phorm Inc have announced that they treat the statement as confirming
the lawfulness of their proposed operations in the UK, and the
Information Commissioner has stated that in examining the data
protection aspects of Phorm's proposed operations he will not take
account of matters covered by the Home Office statement. And after it
emerged that BT had conducted secret trials of the service in 2006 and
2007, complaints to the Avon and Somerset police about illegal
interception were met with a refusal to investigate them, on the basis
that it was a matter for the Home Office.
A detailed technical analysis of the Phorm system by Dr Richard
Clayton is now available which sheds much new light on its proposed
operations. A detailed legal analysis by Nicholas Bohm has also now
been published.
These documents are at:
Technical analysis:
http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf
Legal analysis:
http://www.fipr.org/080423phormlegal.pdf
The documents show that the operation of Phorm's systems involve:
* interception of communications, an offence contrary to section 1 of
the Regulation of Investigatory Powers Act 2000
* fraud, an offence contrary to section 1 of the Fraud Act 2006, and
* unlawful processing of sensitive personal data, contrary to the Data
Protection Act 1998
The documents also highlight a number of technical errors as well as
some very significant oversights in the Home Office note that was
circulated in February.
We therefore urge you to make it clear to Phorm, to such ISPs as may
have consulted the Home Office, to the Information Commissioner, and
to chief officers of police:
* that the Home Office does not condone illegal interception for the
purposes of targeted online advertising,
* that the law is for the courts and not for the Home Office to
decide, and that it is for the police and prosecuting authorities to
investigate reports of crime and make decisions about prosecutions
without deferring to the views of the Home Office, and
* that where complaints under the Data Protection Act are concerned,
it is for the Information Commissioner and not the Home Office to
investigate whether the data processing involved in targeted online
advertising amounts to illegal interception.
Your department's note can now be seen to be significantly incomplete
and dangerously misleading. We call on you to withdraw it.
We have provided copies of this letter to Mr Simon Watkin in your
department and to the Information Commissioner.
Yours sincerely,
Nicholas Bohm
Richard Clayton
- --ends--
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBSA819poAxkTY1oPiEQJpFQCcCNDHfi3lNH4RCkmPRG4iabAoGJQAoJDa
24RnRbOOdjl+17RxIOTsaXo8
=U95v
-----END PGP SIGNATURE-----