BT 2006 trials of Phorm

[Richard Clayton]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


There is a newly arrived document on WikiLeaks (seems that crytome has
lost street cred now that Home Office use them!). It appears to be an
internal BT report assessing their 2006 trial of Phorm technology.

<URL:http://www.wikileaks.org/wiki/British_Telecom_Phorm_Page_Sense_Exte
rnal_Validation_report>

A key point to make is that this trial used slightly different
technology than the current Phorm system that I recently documented (it
apparently appended a JavaScript tag to web pages and redirected the
browser in such a way that the navigation bar in the browser "fluttered"
and tags ended up in some web postings).

It does seem to have been making use of cookies, but they were
apparently placed on people's systems in an "honest" manner prior to the
trial (viz: there was no forgery of other sites in order to trick the
browsers into accepting them).

An interesting sentence early on reads:

   Normally the PageSense system deploys cookies directly to user's
   machines. BT Broadband terms and conditions prevented this approach.

Looking at BT's current T&C's I find it hard to identify if they have
changed anything yet. The business conditions:

   http://www.btbroadbandoffice.com/broadband/terms_busi

don't seem changed in any relevant way from what I can locate on
www.archive.org for 2006.  The consumer T&C's are on the page

http://www.productsandservices.bt.com/consumerProducts/dynamicmodules/pa
gecontentfooter/pageContentFooterPopup.jsp?pagecontentfooter_popupid=134
08

(!) but seem to have been somewhere else prior to April 2007, so I
haven't managed to do a comparison to see if these are changed :(


Anyway --- back to the 2006 trial. The trial was secret, in that users
were experimented upon without their knowledge or consent (which is
generally felt to have been illegal [even with consent it is FIPR and
others view that is illegal -- without consent I can't see much doubt]).

Also, the trial involved the building of browsing histories and the
serving of ads on the basis of that history -- which seems to run
counter to earlier assurances by BT as to the nature of the trial:

http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/

   "Absolutely no personally identifiable information was processed,
   stored or disclosed during this trial"

The "disclosed" has already been shown to be dubious (because of the way
that the technology worked at that time), although the dates don't match
well, it seems to be much the same technology:

http://www.badphorm.co.uk/e107_plugins/forum/forum_viewtopic.php?2676.20

[of course the identifiers in the cookies can be leaked in the current
system as well, which is one of the (many) objections to it].

We can now see from the internal document that "processed" is also false
(the system used the data in order to build browsing histories):

Which makes the only thing left intact from BT's statement is the lack
of "storage" (the Phorm system records a distilled down profile against
your personal identifier).... hmmmmm

There's much more in the document, but this is a long enough message
already, so I shall just note that the document contains the throw-away
line "communications regarding advertisement systems and information
collection could lead to negative perception if not carefully handled".

<URL:http://www.urbandictionary.com/define.php?term=no+shit+sherlock>
- -- 
richard                                              Richard Clayton

They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety.         Benjamin Franklin

-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1

iQA/AwUBSEfQh5oAxkTY1oPiEQLjEQCgjp/IjSz0jyqZCtveeH/J0gWkh9QAnilH
mmS6PUjmgRnarzY6ipl1XCA9
=de0C
-----END PGP SIGNATURE-----