back to article Prosecutors gather evidence on secret BT-Phorm trials

The Crown Prosecution Service (CPS) is gathering evidence on BT's covert trials of Phorm's ISP-level adware system to help it judge whether it is in the public interest to allow a private prosecution for breach of wiretapping laws. CPS lawyers have asked to see the file handed to City of London police in summer. After …

COMMENTS

This topic is closed for new posts.
  1. Jonathan

    So nothing will happen?

    Quote: "The file will then pass to the Director of Public Prosecutions Keir Starmer QC, who will have final say"

    So, he will do exactly what the police did - nothing. I'll be surprised if he brings the case against BT and Phorm - from what we have seen of the UK Gov, corruption is rife.

    Perhaps the EU will be our saving grace after all. But then again, perhaps there will be an "investigation", BT will be found guilty and pay a fine of 6 pints and two packets of crisps, and all will be forgiven. After all, we dont want precious BT to really be accountable, do we?

  2. Peter
    Pirate

    Catch 22

    If hell does freeze over and BT does cop a big fine what are the chances that the people they 'tapped' foot the bill either in higher broadband charges or line rental?

  3. Jim Coleman
    Unhappy

    Well...

    I'd quite like to see a senior BT exec do some porridge over this.

  4. The Fuzzy Wotnot
    Unhappy

    Useful but ultimately pointless

    I try hard to be optimistic and I do genuinely welcome this as it will hopefully raise the profile of this sordid affair, but as Jonathan has said you know this will come to nothing and the CPS will fold just like Plod did.

  5. Anonymous Coward
    Thumb Down

    Waste of time.

    Whilst we would all like to think that nobody is above the law, BT will never be held accountable for the secret Phorm trials and I think we all know it.

    Keir Starmer hasn't taken the DPP post for even a month, I don't think he'd like such a nightmare of a job so early in his post.

  6. Alex

    Due dilligence?

    I may be able to help on that, can somebody point me in the direction of who to talk to at the CPS or within the EU?

  7. Spider
    Thumb Up

    what a difference a year makes

    Ok, we all know that no-one is going to be punished appropriately for this, but at least cheer yourself up with the knowledge that Phorms share price has dropped from 2,300 to 235 in a year - that's got to make you smile!

  8. Steen Hive
    Thumb Up

    @Jim Coleman

    Quite right. To hell with BT paying a fine which will be passed onto the customers. Anyone and everyone who signed off on this farce should be in the slammer.

  9. David Viner Silver badge
    Thumb Down

    @Spider

    And, speaking as a Virgin Media customer and wondering whether to jump, when Phorm's share price drops to zero I'll really be laughing. Bring it on!

  10. Anonymous Coward
    Boffin

    Analysing

    "The Commission is currently analysing the response."

    Yes - I can just picture them peering at the pages of the response with a magnifying glass, looking to see if any of the words jump out at them and to make sure all the i's are dotted and the t's crossed.

    Analysing the response indeed; waffle.

  11. dephormation.org.uk
    Happy

    Future of Data Communication in the UK

    This can't go unpunished, for the simple reasons that if no one in BT is prosecuted, you can never transmit data over a BT owned infrastructure again without strong encryption.

    It would mean there is no legal protection in the UK from industrial espionage, and no one prepared to protect personal private communication.

    Effectively the end of all private unencrypted data communication services; because VOIP, email, SMS, even PSTN are all methods of unencrypted data communication over BT owned/operated infrastructure and BT would effectively be beyond the law.

    And lets suppose we adopt HTTP/email encryption? Then the IMP looks like an even more stupid idea. A £12bn database full of asdfas!"31lkjhas[p[p isn't going to be much use to the police.

  12. Anonymous Coward
    Alien

    ...took legal advice...

    Can the solicitors be held accountable for incorrect advice?

    I have to agree with NOT fining BT. Jail time and a criminal record please.

    Meanwhile, back on planet earth...

  13. Eponymous Cowherd
    Black Helicopters

    Re:Future of Data Communication in the UK

    ***"And lets suppose we adopt HTTP/email encryption? Then the IMP looks like an even more stupid idea. A £12bn database full of asdfas!"31lkjhas[p[p isn't going to be much use to the police."***

    Quite. I imagine the spooks are pretty upset with this wholesale spying on private comms (both by Phorm/BT and the Gov't). At the moment someone habitually downloading jpegs, pdfs or mpegs over https is worth a look, could be terroist bomb-making info or the sort of piccies Mr Glitter might be interested in. If we all become so worried about being spied on that we all (web sites and web users ) start using encryption by default, then they won't be able to see the wood for the trees.

  14. James Pickett
    Pirate

    Go to jail. Do not collect £200

    "Complex Casework Centre"

    Really? The case looks blindingly obvious to me, but then I don't work for the government.

  15. Anonymous Coward
    Thumb Up

    One comforting thought amidst the nightmares

    If someone is taking the time to look into this it can only be a good sign.

    All I ask is that everyone who is looking at the files considers how they would react if they discovered that they were either the person who was the BT customer during the trial or the website whose data was harvested (read stolen) so that a commercial company (in this case, BT Retail) could claim that they have access to all the content on the internet and the freedom to use that content for whatever purpose (including partnering with an advertising network which claims it will be able to make millions from the harvested data) without any liability for royalties or other licence fees.

    Background information for those who are not following this closely.

    BT Retail claim that all they are doing is:

    ".... two distinct actions carried out by the Webwise system which are relevant from a copyright perspective:

    "1) The mirroring of opted-in end-user traffic to the Webwise Profiler servers and

    "2) The creation of a temporary 'Data Digest' from web traffic which has been mirrored to the Profiler servers."

    BT Retail claim "we agree that mirroring/copying is a potentially infringing act unless it is done with the consent of the copyright owner or is otherwise allowed by law" and then counter that with:

    "However, irrespective of the above position, we consider that we have lawful authority to carry out the mirroring process required to operate Webwise. This arises from the combination of Article 2 and Article 5(1) of European Directive 2001/29/EC, which has been put into force in the UK by an amendment to the Copyright Designs and Patents Act 1988 which added section 28A. This legislation set out conditions in which an exception to the author's exclusive right of reproduction can exist. We consider that the mirroring process performed by Webwise meets these condition as:

    "A) It is "transient or incidental"

    "B) The sole purpose of the mirroring is to enable a lawful use of a copyright work (including process 2 above)

    "C) The temporary reproduction has no independent economic significance.

    "Given the above, it is our position that, whether or not we have an implied consent from a website owner for the mirroring process, this process is compatible with the relevant legislation."

    If the 'temporary reproduction has no independent economic significance' how do they explain that these 'temporary reproductions' are the basis of a new revenue stream?

    Since when has it been lawful to take a copy of what someone is looking at under a restricted licence which excludes commercial use, and use that copy to select an advertiser who is selling the same product. What gives BT Retail the right to a 'no liability for any licence fee payment nor recognition of copyright' commercial use licence just because it is their customer looking at the page?

    It is not the mirroring which is the issue here. ISPs make cache copies all the time as part of providing their Internet services. It is that the ISP does something to that mirrored copy which gives it an economic value to the ISP which is in no way connected to the original purpose of delivering web content from a server to a user's browser window. A conduit is all an ISP is allowed to be and to do anything else they require an additional licence from the copyright owner and to intercept the traffic without such consent/licence is not permitted under UK law.

  16. Anonymous Coward
    Anonymous Coward

    Let's Remember

    Neither BT nor Phorm have ever backed up their claims that they have taken legal advice with actual hard evidence, something like a QC's opinion. This despite being asked publicly on a number of occasions to do exactly that.

    Of course, Phorm didn't bother to answer the other questions put to it by Richard Clayton and Alex Hanff. http://tobymeres.net if you haven't been there already. Those concerns still remain.

  17. Anonymous Coward
    Anonymous Coward

    Another line of attack

    was opened up a while ago, see http://www.fipr.org/press/081125phorm.html. This hinges on the rights of website owners.

  18. Red Bren

    CPS Consent?

    "The Crown Prosecution Service (CPS) is gathering evidence...to help it judge whether it is in the public interest to allow a private prosecution"

    Why do the CPS have a veto on this? If a person or organisation wishes to bring a private prosecution and have the funds to do so, do they not have the right? Although any attempts to get plod to hand over any evidence from their investigations would probably result in a good tazering...

    And if they do decide it isn't in the public interest, will they also decide it isn't in the public interest to disclose how they came to their decision? Or will that not be in the public interest either? Because I'm one of the public and I'm interested.

    <-- Paris, because it's pubic interest

  19. I. Aproveofitspendingonspecificprojects
    Boffin

    @ James Pickett

    "I don't work for the government"

    Yes you do. It should be the other way around but what are they going to do when they lose power and there are no banks to float them in slush?

  20. Anonymous Coward
    Anonymous Coward

    @dephormation.org.uk

    I understood that the government's uber-base (IMP?) won't store content, just the fact that a communication occurred, along with the source and destination addresses/numbers.

    Don't get me wrong, I'm completely against it, but we don't want to be setting up straw-men that can easily be shot down by the government, undermining our credibility.

  21. Anonymous Coward
    Black Helicopters

    Nothing Will Happen

    Forget it. The only facts that the CPS will act on are

    1. Patricia Hewitt - Nu Lab MP and BT Board member (what IS she doing there, surely that's a conflict of interest)

    +

    2. Wacky Jacqui Smith - Nu Lab MP and rabid proponent of new uber snooping database (and anti-cannibis, and anti porn but obviously not anti 'all the pies'

    +

    3. BT - stalking horse for uber snooping database in sneaky back room deal with the home office to introduce de-facto snooping database

    +

    4. Everyone else (including home office, ofcom and police have backed off after quiet word in shell-like from home office about keeping the beak out . In return "more power than you could ever dream of")

    = Giant cover up and final touches to secret police state that would make the Stazi jealous.

    The CPS are not going to do anything

  22. Irate BT User
    Pirate

    Since the Legality of this is Questionable...

    Why are BT being allowed to Trial this Process again let alone, as they have stated follow it up with a FULL ROLLOUT of the system?

  23. Andy Livingstone

    Very Interesting

    Time for the old chestnut.

    What is "In the Public interest" is not the same as what is "of interest to the Public".

    Often stated but never explained.

    Any Philadelphia Lawyers game to try a "plain English" explanation?.

  24. kain preacher

    I'm suprised

    That they just didn't give BT Retro active immunity .

  25. Bobby
    Thumb Down

    Quite the contrary...

    Everyone’s missing the point and that point is we want our broadband providers to supply us broadband and not spyware. It’s not about huge fines or jail time but just give us what we paid for..

    Implicit consent? I don’t recall giving any consent to my private internet communications being opened by 3rd party spyware vendors who were under investigation by the FTC, quite the contrary in fact.

    If anyone wants an instant monopoly over all internet advertising then it is neither legal or morally correct to do it in such a bullish manner.

  26. Anonymous Coward
    Thumb Up

    Alexander Hanff

    Is there some means by which Alexander Hanff could be given an award for "Privacy Advocate of the Year" or something?

    I'd also like to suggest a new verb "to Hanff", which would mean "To persistently shove it to The Man when The Man is demonstably not giving a fuck about your privacy."

  27. Anonymous Coward
    Alert

    @E Cowherd

    >"At the moment someone habitually downloading jpegs, pdfs or mpegs over https is worth a look"

    Of course, the thing about https is, you can't tell what kind of files they're downloading. They could just be reading their webmail, no?

  28. Anonymous Coward
    Anonymous Coward

    @Catch22

    Of course BT's customers will pay the fine. This is always the problem with fining any business, and there's nothing you can do about it. However a big enough fine will hurt any business, if they increase their charges too much then they will lose custom. Of course this also hurts customers.

    The problem with fining a company with as wide a customer base as BT is that a 5p increase on every customer's monthly bill is a huge amount of money. As a result a company as large as BT could comfortable absorb even quite a large fine.

    The same problems exist with taxing oil companies. Were the government to tax large oil companies profits then we would also suffer in the prices we pay. Not just in terms of fuel, because fuel prices affect most other prices. The government may try to spin the tax as a punishment for the oil companies, but it would only punish consumers. However it would be yet another form of indirect taxation on an already over taxed population.

    The idea of fining BT would work the same way. A moral and PR victory against BT, but in reality a penalty for consumers. Not a BT customer? What if your ISP uses BT lines? What if you are the customer of any company that is itself a BT customer. I think that covers the whole UK population.

    To my mind the best penalty would not be a fine, but a ban on their signing up any new customers for a given period. How much would it cost BT as an ISP to be barred from taking any new customers for a couple of months?

  29. blue
    Unhappy

    There's One Explaination ...

    ... for the lack of a firm and decisive snuffing out of this aggregious assault on people's privacy by Phorm-BT.

    The Establishment in the UK are fundementally sympathetic to the idea of monitoring and spying on everything that British people do, and therfore can't bring themselves to take action against such snooping even when they don't (immediately) benefit from it - without undermining their own objectives in this area.

    Phorm will lower the expectation of privacy and allow the government to more easily implement its future plans in this area.

    Who knew that modern China was going to be the model society for Western democracies?

    Not me!

  30. Anonymous Coward
    Anonymous Coward

    And the rest

    I hear tell that other ISPs have been trialling similar technologies. If this is true then I bet those companies are busy deleting emails and shredding paper.

    Of course if the CPS decide there is a case to answer what does this do to Wacky Jacqui's plans to snoop on us all? Don't suppose that her simply passing a law would mean much, English Law is a complex beast and precedent can be a dangerous thing.

  31. Alexander Hanff
    Thumb Up

    Anyone who has further evidence (re: Due Dilligence)

    Anyone who has further evidence or would like to write a letter supporting the call for a prosecution please see the following article on my blog:

    https://nodpi.org/2008/11/27/letter-writing-campaign/

    Thanks again to Chris for his exemplary work on this issue.

    Alexander Hanff

  32. The Other Steve

    Anonymous Coward Posted Thursday 27th November 2008 14:09 GMT

    "Don't get me wrong, I'm completely against it, but we don't want to be setting up straw-men that can easily be shot down by the government, undermining our credibility."

    Well said. It is the traffic data, not the content that (it is claimed) will be of interest, and even end to end SSL has to have IP addresses and port numbers in the clear, otherwise the intertubes won't work.

    Neither constant encryption or massive random noise will prevent you from being profiled by the proposed government interception system, despite the many idiotic comments to the contrary, and indeed both would most likely see you on the Persons Of Interest list pretty damn quickly because your behaviour clearly telegraphs the fact that you have something to hide.

    That's why it's called behavioural profiling, y'know ?

  33. Luther Blissett

    Devil's advocate - why so sceptical?

    I think CPS will do it, on the basis they would rather have control of the case than hand it to a private prosecution. (Judges love to see indivduals "have a go" in court as long as they conduct themselves sensibly). If the CPS doesn't, and also disallows a private prosecution, it risks HMG being prosecuted by the EU, either over Phorm itself or over a failure of due legal process.

    Because the Phorm technology operates on the retail side, and not the infrastructure side, and BT does not have a retail monopoly, and other ISPs have declined to deal with Phorm, there is no particular incentive for the CPS (and/or HMG) save BT from prosecution, from the technical angle of security snooping technology.

    Also on the technical side, the substantive issue is the Phorm cookie that will not die, and which means not only that a user opt-out is no opt-out at all, but also that the cookie that will not die is continuing prima facie evidence of legal transgression. We know (as does BT) that this technical issue can be addressed by a redesign of the system in which mirroring is restricted only to those users who have given consent. BT may not like the expense of the redesign, as it defers their profit from Phorm, but that is of no legal import. What is of legal importance, is that there is a technical fix to the legal problem.

    So a CPS solution requires that BT/Phorm be found illegal, and required to implement a technical system change for subsequent operation. The only remaining issue is what to do about BT's past illegalities. A fine evidently, but what would be a politic amount? £20k would be derisory. £200k may be thought excessive in relation to the actual harm caused (unless there is evidence to the contrary). (I don't make these rules, and it's not a libel trial). £100k would be my guess. Though my preference would be to put the Directors of BT Retail and their pal Kent in the stocks for a week as well.

  34. Sillyfellow
    Stop

    heroes of the public

    Alexander Hanff and Chris.

    your tenacity and dedication towards championing our privacy is truly outstanding. you are true heroes of the public.

    let me share some things with you (El Reg mods permitting, of course).

    our rotten greedy self interested UK Government, under instruction from their secret overlords (yes, the very ones who have monopoly of global control via controlling all currencies though rotten central banks), are really really wanting to monitor everything we do. why? so that we can be controlled more 'effectively'.

    this is not just about making money, it's about OWNING YOU completely.

    ask yourself one simple question.

    what exactly is 'national debt'?

    if you know the answer to that, then you know what is really going on with our planet earth.

    a bit off topic, but closely related... if i recall correctly the central banking system was allegedly put into place after the first economic crash (in USA) under the pretense of ensuring that such a thing cannot ever happen again.... BUT, what is happening now? the same thing. orchestrated by the same people to remove our wealth (and hence remove our power also).

    if you want to find the real criminals, then look for who controls the money. be careful though, because they won't hesitate to 'eliminate' anyone or anything they see as a potential threat to their oh-so-precious power base.

    nuff said.

    to Gvt and their "non terrestrial commanders": i am no AC, so come and get me. we will see what happens then won't we?

  35. Anonymous Coward
    Coat

    whitepaper

    How appropriate that underneath the headline should be a link for a free whitepaper on "Disaster Recovery Planning."

    Maybe El Reg should forward the link to Phorm and BTs PR people?

  36. Claire Rand

    reality check

    this case will be looked at until europe closes its books, then quietly dropped.

    there is too much at stake to allow the idea of this sort of spying to be killed, this way the gov can have all web traffic spied on (and with a few rule tweaks on the quiet stored) without the cost. the ISPs getting to use the data as they see fit as the carrot.

    amazing to see all this government & BT backed effort to push people towards encryption. law of unintended consequencies strikes again?

  37. Steve

    Hit them where it hurts

    The only way to make an impact is to make sure fines are levied against directors' bonuses and/or shareholder dividends.

    They're the people that have the power to change the way the company acts.

  38. Anonymous Coward
    Black Helicopters

    The truly powerful don't lose

    Not ever.

    Losing is only designed for the small and weak.

  39. Anonymous Coward
    Anonymous Coward

    Legal Advice?

    We had claims from the BT/Phorm camp that they took legal advice. I'm sure I recall them saying at some point that they had actually consulted UK.gov.

    Could it be that reluctance to prosecute has something to do with the fact that BT/Phorm may produce as evidence in court communication from UK.gov giving them the go ahead? Maybe I'm being overly suspicious, or maybe not. Maybe I'm just being affected by some of the tin foil hats posting comments on here.

  40. Tom Chiverton

    @The Other Stev

    "massive random noise will [not] prevent you from being profiled by the proposed government interception system, despite the many idiotic comments to the contrary"

    Not if everyone/large numbers of otherwise not 'persons of interest' produces random noise ... It's like the poll tax or ID cards, if more than some relatively small number of people need to be prosecuted or flagged for further investigation, the whole system screws up because we run out of court/police time.

  41. Anonymous Coward
    Alert

    @anon 'legal advice?'

    And yet both BT and phorm have failed to produce any evidence or results of this 'legal advice' despite numerous opportunities.

    Reason: it doesn't exist.

  42. Midnight_Voice
    Paris Hilton

    @Luther - Phorm will never be both legal and viable

    Luther, I think you may be making the common mistake of forgetting that RIPA requires consent from both sides - (a) the user browsing a website, and (b) the website being browsed.

    While there are feasible technical changes that might satisfy (a), as long as it was drop-to-wire around all the Phorm equipment for users who declined to opt in, it will always be quite impracticable for Phorm to assume the consents required under (b).

    The Home Office advice suggesting that there existed some kind of implied consent for this was demonstrably wrong on all levels.

    So (b) also must require explicit opt-in, which very few websites outside of Phorm's advertising partners would want to give.

    The bottom line is that any legal way of operating Phorm would be so restricted in scope that it would lose all purpose, and would simply not be viable.

    Paris, because her consent could not be implied either

This topic is closed for new posts.

Other stories you might like