FIPR-Bulletin: "Home Office guidance misleading" says FIPR
ukcrypto@chiark.greenend.org.uk
ukcrypto at chiark.greenend.org.uk
Thu, 24 Apr 2008 08:45:27 +0100
Sure, thanks=2E
Vanessa=20
-----Original Message-----
From: ukcrypto-admin@chiark=2Egreenend=2Eorg=2Euk
[mailto:ukcrypto-admin@chiark=2Egreenend=2Eorg=2Euk] On Behalf Of Richard=
Clayton
Sent: 23 April 2008 14:13
To: UKcrypto@chiark=2Egreenend=2Eorg=2Euk
Subject: FIPR-Bulletin: "Home Office guidance misleading" says FIPR
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
FYI (and please don't quote it all in any followups!)
- -=3D-=3D-=3D-=3D-
=20
FIPR Press Release
For Immediate Release: Wednesday 23rd April 2008
"Home Office guidance misleading" says FIPR
- -------------------------------------------
The Foundation for Information Policy Research (FIPR) has today released=
the
text of an open letter to Jacqui Smith, the Home Secretary, on the legality
of Phorm Inc's proposal to provide targeted advertising by snooping on
Internet users' web browsing=2E FIPR calls on the Home Secretary to=
withdraw
her department's previous statement because it has become incomplete and
misleading in the light of new technical and legal analysis of Phorm's
system, and is an obstacle to the just enforcement of the law=2E
The letter explains that a technical note by Dr Richard Clayton, FIPR's
Treasurer, and a legal analysis by Nicholas Bohm, its General Counsel, show
that the operation of Phorm's systems involves:
* interception of communications, an offence contrary to section 1 of
the Regulation of Investigatory Powers Act 2000
* fraud, an offence contrary to section 1 of the Fraud Act 2006
* unlawful processing of sensitive personal data, contrary to the Data
Protection Act 1998
Individual directors and managers of the Internet Service Providers=
involved
could be criminally liable for these offences=2E
The full text of the open letter can be viewed at:
http://www=2Efipr=2Eorg/080423holetter=2Epdf
and it is also set out in full below=2E
RELATED DOCUMENTS
Richard Clayton's technical analysis:
http://www=2Ecl=2Ecam=2Eac=2Euk/~rnc1/080404phorm=2Epdf
Nicholas Bohm's legal analysis:
http://www=2Efipr=2Eorg/080423phormlegal=2Epdf
The Home Office statement from February 2008:
http://cryptome=2Eorg/ho-phorm=2Ehtm
QUOTES
Said Nicholas Bohm, General Counsel, FIPR:
"My legal analysis shows that the operation of Phorm's system involves
illegal interception, fraud and breach of the data protection
principles=2E Our papers demolish the existing Home Office statement,
and it should be withdrawn=2E The Information Commissioner and the
police should carry out a proper investigation of the complaints which
have been made to them=2E"
Said Richard Clayton, Treasurer, FIPR:
"Phorm's system will illegally intercept and process private and
sensitive data, and we have now established that it will break other
laws as well=2E The Home Office's superficial analysis said that the
system would be lawful=2E Given their batting average at the High Court,
relying upon their opinion was always unwise -- this new paper spells
out the errors they have made, and makes it essential that their
report is withdrawn=2E
CONTACTS
Nicholas Bohm
General Counsel, FIPR
01279 871272
07715 419728
nbohm@ernest=2Enet
Richard Clayton
Treasurer, FIPR
01223 763570
07887 794090
treasurer@fipr=2Eorg
NOTES FOR EDITORS
1=2E The Foundation for Information Policy Research (http://www=2Efipr=
=2Eorg) is
an independent body that studies the interaction between information
technology and society=2E Its goal is to identify technical developments=
with
significant social impact, commission and undertaken research into public
policy alternatives, and promote public understanding and dialogue between
technologists and policy- makers in the UK and Europe=2E
2=2E Phorm (http://www=2Ephorm=2Ecom/) claims that their "proprietary,
patent-pending technology revolutionises both audience segmenting=
techniques
and online user data privacy" and has recently announced that it has signed
agreements with UK Internet service providers BT, TalkTalk and Virgin Media
to offer its new online advertising platform Open Internet Exchange (OIX)=
and
free consumer Internet feature Webwise=2E
3=2E In a statement released on 8th April the Information Commissioner's
Office said:
"A question has been raised by the some individuals about whether or
not the Phorm products entails an unlawful interception of
communications under the Regulation of Investigatory Powers Act 2000
(RIPA)=2E The Home Office is responsible for compliance with RIPA and
Phorm has approached the office directly and had a written response=2E
Some organisations have stressed an alternative view that the scanning
of the content of websites by the ISP on route to the user will entail
an interception of communication during transmission=2E This is a
matter that the Home Office takes the lead on and the Commissioner
will not be taking any further action=2E"
4=2E FIPR has written to the Home Secretary as follows:
The Rt Hon Jacqui Smith PC MP
Home Office
2 Marsham Street
London
SW1P 4DF 23rd April 2008
Dear Secretary of State,
The Phorm "Webwise" System
Interception of Communications
In February 2008 your department began to circulate to interested
parties a note addressing the question of whether the operations of
Internet Service Providers in scrutinising their customers' web
browsing for the purposes of targeted online advertising involved the
interception of communications, and whether it was lawful if it did=2E
On 11th March Mr Simon Watkin of your department helpfully published
that note on the ukcrypto mailing list=2E In response to questions
about the note, he made the point that the note was not, and did not
purport to be, based upon a detailed technical examination of any
particular technology=2E The purpose of this letter is to explain why
that note should be withdrawn=2E
Phorm Inc have announced that they treat the statement as confirming
the lawfulness of their proposed operations in the UK, and the
Information Commissioner has stated that in examining the data
protection aspects of Phorm's proposed operations he will not take
account of matters covered by the Home Office statement=2E And after it
emerged that BT had conducted secret trials of the service in 2006 and
2007, complaints to the Avon and Somerset police about illegal
interception were met with a refusal to investigate them, on the basis
that it was a matter for the Home Office=2E
A detailed technical analysis of the Phorm system by Dr Richard
Clayton is now available which sheds much new light on its proposed
operations=2E A detailed legal analysis by Nicholas Bohm has also now
been published=2E
These documents are at:
Technical analysis:
http://www=2Ecl=2Ecam=2Eac=2Euk/~rnc1/080404phorm=2Epdf
Legal analysis:
http://www=2Efipr=2Eorg/080423phormlegal=2Epdf
The documents show that the operation of Phorm's systems involve:
* interception of communications, an offence contrary to section 1 of
the Regulation of Investigatory Powers Act 2000
* fraud, an offence contrary to section 1 of the Fraud Act 2006, and
* unlawful processing of sensitive personal data, contrary to the Data
Protection Act 1998
The documents also highlight a number of technical errors as well as
some very significant oversights in the Home Office note that was
circulated in February=2E
We therefore urge you to make it clear to Phorm, to such ISPs as may
have consulted the Home Office, to the Information Commissioner, and
to chief officers of police:
* that the Home Office does not condone illegal interception for the
purposes of targeted online advertising,
* that the law is for the courts and not for the Home Office to
decide, and that it is for the police and prosecuting authorities to
investigate reports of crime and make decisions about prosecutions
without deferring to the views of the Home Office, and
* that where complaints under the Data Protection Act are concerned,
it is for the Information Commissioner and not the Home Office to
investigate whether the data processing involved in targeted online
advertising amounts to illegal interception=2E
Your department's note can now be seen to be significantly incomplete
and dangerously misleading=2E We call on you to withdraw it=2E
We have provided copies of this letter to Mr Simon Watkin in your
department and to the Information Commissioner=2E
Yours sincerely,
Nicholas Bohm
Richard Clayton
- --ends--
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1=2E7=2E1
iQA/AwUBSA819poAxkTY1oPiEQJpFQCcCNDHfi3lNH4RCkmPRG4iabAoGJQAoJDa
24RnRbOOdjl+17RxIOTsaXo8
=3DU95v
-----END PGP SIGNATURE-----
***************************************************************************=
***********
This e-mail (including any attachments) is intended for the above-named =
person(s)=2E It is confidential and may contain legally privileged=
information=2E Any opinions expressed are not necessarily those of the=
company=2E If you receive it in error please delete it, inform the sender=
and do not copy, distribute or take any action in reliance upon it=2E=20
We may monitor all incoming and outgoing emails in line with current =
legislation=2E We have taken steps to ensure that this email and =
attachments are free from any virus, but it remains your responsibility to=
ensure that viruses do not adversely affect you=2E=20
Orange Personal Communications Services Limited is an English company =
(registered no=2E 2178917) with its address at St James Court, Great Park=
Road, Almondsbury Park, Bradley Stoke, Bristol BS32 4QJ=2E=20
Orange Retail Limited is an English company (registered no=2E 2439104) =
with its address as above=2E=20
Orange Home UK plc is an English company (registered no=2E 3014367) with=
its address at Verulam Point, Station Way, St Albans, Hertfordshire AL1=
5HE=2E
=20
***************************************************************************=
***********
*********************************
This message and any attachments (the "message") are confidential and=
intended solely for the addressees=2E=20
Any unauthorised use or dissemination is prohibited=2E
Messages are susceptible to alteration=2E=20
France Telecom Group shall not be liable for the message if altered,=
changed or falsified=2E
If you are not the intended addressee of this message, please cancel it=
immediately and inform the sender=2E
********************************