Forgot your password?
typodupeerror
Privacy The Internet Your Rights Online

UK ISP Admitted to Spying on Customers 163

Posted by ScuttleMonkey
from the don't-worry-sir-we're-from-the-internet dept.
esocid writes "BT, an ISP located in the UK, tested secret spyware on tens of thousands of its broadband customers without their knowledge, it admitted yesterday. The scandal came to light only after some customers stumbled across tell-tale signs of spying. At first, they were wrongly told a software virus was to blame. BT said it randomly chose 36,000 broadband users for a 'small-scale technical trial' in 2006 and 2007. The monitoring system, developed by U.S. software company Phorm, formerly known as 121Media, known for being deeply involved in spyware, accesses information from a computer. It then scans every website a customer visits, silently checking for keywords and building up a unique picture of their interests. Executives insisted they had not broken the law and said no 'personally identifiable information' had been shared or divulged."
This discussion has been archived. No new comments can be posted.

UK ISP Admitted to Spying on Customers

Comments Filter:
  • An ISP? (Score:5, Informative)

    by 26199 (577806) * on Friday April 04, 2008 @06:11PM (#22968566) Homepage

    BT is not "an ISP". British Telecom was for a very long time monopoly holder on telephone lines in the UK and still the gatekeeper for all ADSL access there. They have a market cap of 35 billion [google.com] and their revenue just about puts them in the top ten telecoms companies [cnn.com] in the world.

    In my personal experience their service has been bad enough that they're almost as bad as their competitors. Given their history, it's not surprising if they've overstepped their bounds ... they're used to being in charge, after all.

    • The parent is correct. BT was the state-run telecom monopoly in the UK, and was converted into a private monopoly in 1984. Not much of an improvement, but at least it finally allowed for the possibility of competition arising, however slim.
    • Re: (Score:2, Insightful)

      by Ashe Tyrael (697937)
      Actually, this is a misstatement these days. As part of the deals that mean BT didn't get truly hosed by the monopoly stick, it's ISP division and wholesale (lines) division have some very hefty chinese walls in place.
    • Re:An ISP? (Score:5, Informative)

      by arkhan_jg (618674) on Friday April 04, 2008 @07:13PM (#22968996)
      BT broadband has about 27% of the UK market, and is the largest single ISP in the UK last I checked. There are fairly strong walls between the broadband business (BT retail/openworld) and the phone line last mile business (openreach), and the trunk network (BT wholesale) these days due to regulation by OFCOM since privatisation, though they are all part of BT group.

      The information commisioner, who ensures the data protection act is followed, is investigating BT [telegraph.co.uk] to see if the law has been broken - there's a strong possibility it has been.

      • Re:An ISP? (Score:4, Insightful)

        by unlametheweak (1102159) on Friday April 04, 2008 @07:57PM (#22969280)
        From the article:

        Executives insisted they had not broken the law and said no 'personally identifiable information' had been shared or divulged.
        If in fact no laws have been broken, then the laws need to be changed (and made retro-active in this case) to punish and make an example of this type of behaviour. People need to be put in jail for this.

        Average people I will allow some lenience towards. Leaders I have no sympathy for; they all too often make excuses for their behavior and have the power (lawyers, political, etc) to get away with it.
        • Re:An ISP? (Score:5, Informative)

          by TheLink (130905) on Friday April 04, 2008 @11:23PM (#22970358) Journal
          I believe the UK Computer Misuse act 1990 covers it.

          http://www.opsi.gov.uk/acts/acts1990/ukpga_19900018_en_1.htm [opsi.gov.uk]

          See:
          * Unauthorised access to computer material
          A person guilty of an offence under this section shall be liable on summary conviction to imprisonment for a term not exceeding six months or to a fine not exceeding level 5 on the standard scale or to both.
          * Unauthorised modification of computer material
          A person guilty of an offence under this section shall be liable--
          (a) on summary conviction, to imprisonment for a term not exceeding six months or to a fine not exceeding the statutory maximum or to both; and
          (b) on conviction on indictment, to imprisonment for a term not exceeding five years or to a fine or to both.

          I don't see how the Act does not apply to the people involved.

          If someone wrote malware or sniffed your keystrokes, the same law should apply whether the perpetrator is BT or some "Evil Hacker".
          • Re:An ISP? (Score:4, Interesting)

            by pacman on prozac (448607) on Saturday April 05, 2008 @07:33AM (#22971966)
            It also seems like a fairly clear cut case of fraud [wikipedia.org].

            fraud is the crime or offense of deliberately deceiving another in order to damage them usually, to obtain property or services unjustly.

            Deliberately returning false DNS responses in order to obtain marketing information from them without their permission.
        • Re:An ISP? (Score:5, Informative)

          by arkhan_jg (618674) on Saturday April 05, 2008 @03:24AM (#22971320)
          It's illegal under the Regulation of Investigatory Powers Act also, according to several legal experts.

          RIPA states: "For the purposes of this Act, but subject to the following provisions of this section, a person intercepts a communication in the course of its transmission by means of a telecommunication system if he... monitors transmissions made by means of the system."

          RIPA goes on to allow for interception without a warrant - i.e. by Phorm and your ISP rather than law enforcement agencies - "if the communication is one sent by, or intended for, a person who has consented to the interception".
          Given that consent wasn't even sought for the technicial trials of 36,000 users, let alone granted, and it isn't in the contract either - they may well be subject to criminal sanctions if the government decide to prosecute.

          There are also possible sanctions under the Data Protection Act, as personal data was collected and passed to a 3rd party without proper safeguards. BT and phorm argue that no personal data is collected. Since all unencrypted traffic is recorded, including webmail, and associated with a unique ID and kept for 14 days, it seems they're taking a somewhat optimistic view about that.

          If they accessed customer PCs directly with spyware, they could be prosecuted under the computer misuse act but as the interception took place at the ISP level, it probably doesn't apply.
        • Re: (Score:3, Insightful)

          by ultranova (717540)

          If in fact no laws have been broken, then the laws need to be changed (and made retro-active in this case) to punish and make an example of this type of behaviour. People need to be put in jail for this.

          Retroactive laws make it impossible to know whether some behavior, which is perfectly legal when it was committed, will get you thrown into prison nonetheless. This makes a mockery of the rule of law, and can not be tolerated.

          The only known alternative for the rule of law is the divine right of kings.

          • I was thinking about the possible consequences and the precedence this would set (more so after I posted). I was actually anticipating a rebuttal). Perhaps you should think of my post more as a modest proposal.

            I do remember reading in the local paper many, many years ago about a lawsuit in which the city (of Toronto, or perhaps one of the boroughs of Toronto) had a problem with a citizen's porch (my memory of the details are vague). The case went to court and the home owner won. The city was not happy with
            • I think making a law retro-active does have its applications however. For example, when there is an obvious case of "abuse" (and there are no existing laws, or there are loop-holes to allow for exploitation).

              Wrong, wrong, wrong. If there is no law against it then in what sense is it an "abuse"?

              Have you never done something legal that someone, somewhere may thing is "bad"? How would you like it if your past actions were declared illegal?

              Law is about dissuading people from doing the things that society thin

              • If there is no law against it then in what sense is it an "abuse"?

                I personally hate the term "abuse" because it is vague. I use it colloquially (and so I added the quotes). My arguments are theoretical in nature, and I do not have a particularly strong opinion on the matter of retro-active laws, so I am saying that I am more open to persuasive arguments on this topic than on some issues that I have put more thought towards.

                At the extreme end of things, I can think of countries (like Rwanda) that probably have no laws against genocide, but whose citizens actively particip

                • At the extreme end of things, I can think of countries (like Rwanda) that probably have no laws against genocide, but whose citizens actively participated in genocide.

                  Who has or needs a law against "genocide"? Name me a country that doesn't have a law against murder.

                  You seem to have some strange idea that we need laws against all bad things, but that we can recognize bad things only after they have happened.

                  I also don't see why you keep blathering on about "arrogance". Maybe you want a retrospective law a

                  • At the moment politicians can't even agree on what constitutes genocide!!!

                    Uh, not true:

                    The law and how people (esp. politicians interpret the law are two very different things. Rwanda is fresh in my mind so I mentioned it in the example. More recently the way politicians interpret torture is also up for political debate.

                    You seem to belong to that group of people who thing that fundamental parts of sane legal systems should be torn up...

                    As I've stated, there may be countries that may not have sane legal systems (including Western democracies). IANAL, nor am I a constitutional expert. As I've stated in a previous post, my opinions are

            • by Darundal (891860)
              How was he able to change the ownership title of the homes
              • How was he able to change the ownership title of the homes

                As I stated, I was unable to find a reference on Google. The details are very vague in my mind, so I am loath to state them. The story however was significant enough for me that I will probably never forget it. FYI, I heard of this story on the CBC (Canadian Broadcasting Corporation), I think probably on one of their news magazine type shows (like the 5th Estate or Market Place, etc). I don't usually post 'evidence' of things I cannot prove (give references for). I do realize this makes my argument rather

        • Re: (Score:3, Insightful)

          by Jurily (900488)

          (and made retro-active in this case)
          Fuck that. No new law should be allowed to punish retroactively, EVER. No matter how you justify it, that's not a line you want to cross, especially not in a country where precedence is legally binding. The whole idea of being sent to jail for something that was legal when you did it...

          I agree with you on those people deserving jail, but not at that price.
          • No new law should be allowed to punish retroactively, EVER.

            Perhaps you would want to read my reply to ultranova (that I just posted) http://slashdot.org/comments.pl?sid=511882&cid=22972902 [slashdot.org]. I do have sympathy for what you and ultranova are saying, however I will never say never.

            If it is in fact bad (precedence, etc) to make a law retro-active, then I would suggest that there should be a law that would prevent this from happening (which in many countries there are [wikipedia.org]). The precedence (in the case where there are no retro-active laws in place) is de facto since any

          • I will make an addendum to my previous post (to you):

            I said:

            Average people I will allow some lenience towards. Leaders I have no sympathy for...

            This is really what I was implying in my original post. Punishing those people who should know better, and more specifically those people who have the power to get away with it. For the average citizen, I would agree; retro-active laws are hardly the place. Also, as I have stated, such practices should be taken with great care ("checks and balances", as the US Constitution was apparently based on [in part, at least]).

            Also, a correction; I said:

            I would never suggest such legislation should not be easy to create...

            I

        • then the laws need to be changed (and made retro-active in this case)
          NO!

          Insightful? Slashdot idiot sheep!

        • by rtb61 (674572)
          The interesting thing is of course laws covering that kind of behaviour were created for telephone calls. ADSL is still telecommunications over a telephone line and although digitised and not spoken conversation, no company has been given authorisation to intercept and record what are basically very long phone calls.

          So on some networks BT might not have broken the law, but on telecommunications that also carried voice calls, it seems more likely that they did in fact break the law and should be prosecuted

    • British Telecom was for a very long time monopoly holder on telephone lines in the UK and still the gatekeeper for all ADSL access there. They have a market cap of 35 billion and their revenue just about puts them in the top ten telecoms companies in the world.

      Yes, but they're also an ISP, in the normal "we connect your computer to the Internet" meaning of the term. Though goodness knows what convoluted name that part of their organisation goes by since all the Yahoo mess; I switched away from them years ago.

    • Cable customers get phone and internet without even going near BT. If you're using BT last mile for your ADSL, then you're probably: a) Using a third party ISP (i.e. BT does last mile, but from DSLAM you go to ISP switches) b) Using an unbundled ISP (DSLAM itself doesn't belong to BT). BT owns a lot of copper, but doesn't actually have that many direct ADSL customers - they're not cheap and has been mentioned service is fucking gash (yes I dialled 13 different numbers in one day just to get me away from th
      • Re: (Score:3, Funny)

        >Cable customers get phone and internet without even going near BT.

        Not every area has cable. Until last year I lived in deepest, darkest Glasgow (a small hamlet in Scotland). We couldn't get cable in our area (another part of Glasgow I lived in previously got NTL cable). Interestingly, Cable & Wireless had a call-centre just down the road from us; a friend of mine worked there and said that neither C+W or NTL had any intention to roll out more cable to "old" areas; they were consolidating and the

        • by _Shad0w_ (127912)

          Heh, we have the same issue where I live. Now I know our town isn't huge - just over 60,000 people, I think - but really, it would be nice to have at least one cable provider.

          So long as it isn't Virgin. One of the guys I work with had Virgin. Except that was the problem, he didn't. They were charging him a monthly subscription, but hadn't actually managed to lay a connection to his house yet. I think I could do without Clueless and Witless as well.

          • by linuxci (3530)


            All cable in mainland UK is Virgin. Virgin was formed with the merger of NTL and Telewest. Both NTL and Telewest had previously taken over a number of rivals - one of the largest was NTL taking over the consumer cable division of Cable & Wireless.
            • by _Shad0w_ (127912)
              Ah, I have to say I haven't kept track of cable here. Mostly for the reasons I mentioned, lack of provision in this area.
      • by Fweeky (41046)

        Cable customers get phone and internet without even going near BT

        Unfortunately, this means they get Virgin Media, who have awful customer service and can't even get basics like billing right. Apparantly they're going to stop overcharging us and refund what they have taken in the next couple of months, when they're done merging millions of accounts they've for some reason had registered seperately.

        When I tried getting my cable modem service upgraded a couple of months ago, it turned out they'd *lost* all record of the one I'd been using for the past 5 years. They sent

      • by mollymoo (202721) *
        Not quite. 60% of UK broadband customers are on BT Wholesale's IPStream or DataStream products, whatever ISP they're with. These products are dictated by the telecoms regulator. With these products, BT (in various guises) provides the last mile and DSLAM and either aggregates data (IPStream) or rents dedicated virtual pipes (DataStream) from their DSLAMs for ISPs, the data from which they deliver to to the ISP at various POPs around the country. It works the same way, at the same prices, for BT Broadband; B
    • by joe 155 (937621)
      I agree, and the worst part is that I have to pay tribute to the just so I can have the Internet and phone at all. I'm currently with Virgin (though it seems they'll be just as bad) and had to pay over £10 a month just so they would give me a phone number which is a pre-requisate for getting any adsl Internet connection here (annoyingly despite being in the middle of the country I can't get cable... Or freeview, but that's another story)
  • by sd.fhasldff (833645) on Friday April 04, 2008 @06:16PM (#22968590)
    Why on Earth wouldn't BT just do this on their side of the connection? EVERYTHING that the user gets goes through their pipes, their routers. Just install some monitoring hardware+software and be done with it. There doesn't seem to be any logical reason to do this on a users computer. That's just plain stupid.

    The only difference is that you don't have access to encrypted data and "other applications" installed by the user. The stuff they claim to have logged and analyzed is more easily obtainable from their own side.
    • Re: (Score:3, Insightful)

      I would guess that it is easier/cheaper for them to use 3rd party software on client machines than to spend quite a bit of money on network hardware that can filter/cateogrize/inspect every packet that flows through their infrastructure. Having a bit of software on tens of thousands of machines report condensed data back is likely to be much, much cheaper to do.

      Even doing simple L3 inspection on the dataflows that ISPs like BT deal with would require insane amounts of hardware, let alone inspection on the
      • by nighty5 (615965)

        Even doing simple L3 inspection on the dataflows that ISPs like BT deal with would require insane amounts of hardware, let alone inspection on the application (5/7) layer.

        Not if they know what they are doing. You can easily segregate the network routes for inspection based on the customer by putting them into a different virtual network based on their credentials. The inspection part is even easier, with in-line products to do everything you'll ever to need to know about what's going on.

    • by joebp (528430) on Friday April 04, 2008 @06:30PM (#22968680) Homepage
      The body of this story is misleading. Phorm *does* work on the ISP's side of the connection. It basically does a MITM attack on HTTP traffic to insert tracking cookies.
      • Re: (Score:2, Informative)

        by LiquidCoooled (634315)
        There *IS* a client portion however:

        You can set an opt-out cookie on your computer which is meant to disable the processing of your web history and to tell the advert server at the far end that you do not want personal adverts.
        However this does not stop them still being sat in the middle and every page I open is still given to a spyware firm who have given a vague promise that they will not use my data for advertising if I opt out.

        It also does not help with multiple computers or browser configurations each
        • by Inda (580031)
          I too am with Virgin Media. Any idea how we can defend against phorm?

          I had my connection throttled down to 25% last night - the first time I've noticed it happen. You're not the only one getting pissed off with them. I expect more from the most expensive UK ISP.
          • Re: (Score:3, Interesting)

            by datajack (17285)

            I too am with Virgin Media. Any idea how we can defend against phorm?

            Yup. The RIPA act (which received an unwelcome reception) actually helps us out here. It basically says that a wiretap without police/government sanction is illegal without the consent of both parties involved in the communication.

            Phorm says that their activities do not break RIPA because hosting a publicly available website implies public monitoring (duh?) and that ISPs may include an acceptance of monitoring clause in their Ts & Cs.

            • by BlueStrat (756137)
              ...IMO, if you write to the ISPs involved expressly denying the right to monitor you as a user and also expressly denying the right to monitor any websites you may own puts them in clear breach of RIPA if they do so....

              I don't know how it is in the UK, but in the USA the TOS/Customer Service Agreement is not negotiable or modifiable by a customer. It's a "take it or leave it" deal.

              If you don't sign on the dotted line and agree to all of the ISPs' terms and conditions, which in most of the ISP TOS/Customer S
              • by datajack (17285)
                Yeah, there is that possibility, but this is why I mentioned website owners too. We need a number of large(er than mine) website owners to send such notices to the ISPs in question. That way either Phorm misses a huge bunch of traffic, those ISPs refuse to provide access to popular local sites or they risk committing a clear criminal offence.

                Also, there is tghe possibility that such a clause ina ToS may be ruled as objectionable (or whatever the legal term is) and therefore void, nullifying ither the contra
                • by BlueStrat (756137)
                  Yeah, there is that possibility, but this is why I mentioned website owners too. We need a number of large(er than mine) website owners to send such notices to the ISPs in question. That way either Phorm misses a huge bunch of traffic, those ISPs refuse to provide access to popular local sites or they risk committing a clear criminal offence.

                  Also, there is tghe possibility that such a clause ina ToS may be ruled as objectionable (or whatever the legal term is) and therefore void, nullifying ither the contra
                  • by datajack (17285)
                    The aim is to make it as awkward as possible for them. The argument that publishing a website implies consent to be wiretapped by the website owner is tenuous at best and many far better educated than I believe that it does not hold water. The RIPA states that both parties must consent to being tapped. So even if it can be argued that the implied consent of site owners holds true and such ToS clauses are legitimate, an explicit notification denying consent to be monitored by the site owners simply must be h
      • does that work even for SSL connections?

        I believe that if you can fool the user into accepting a 'fake' (but real LOOKING) cert, you can do SSL man-in-the-middle attacks.

        but I think you DO have to con the user into taking a fake cert, first.

    • by legirons (809082)
      BT *did* do this on their side of the connection, which is what makes it an illegal wiretap.
    • Re: (Score:3, Interesting)

      Why on Earth wouldn't BT just do this on their side of the connection? EVERYTHING that the user gets goes through their pipes, their routers.

      That's really just a matter of semantics, either way it's still spying. Contrary to what is frequently espoused here on slashdot, there should still be an expectation of privacy even though the internet is largely public. If I yell my ATM pin number in the bank, then everyone knows it through no shady effort on their part, but if someone carefully looks over my shoul
      • I think the confusion here is this article is about a previous trial that involved client-side spying by the same company that is now doing network-side spying.

        But IMHO, either way it's still spying and it's just plain wrong, unless users opt-IN with informed consent because they believe they'll get something valuable in exchange, as is the case with using Google Mail.

        And by opt-in, I mean they have to have a genuine choice, not "here's a 10-page EULA, like it or lump it, we're the only broadband you can ge
  • These people should be shut down completely or compelled to pay some very serious damages to the people whose privacy was compromised this way.

    A strong response now would send a message to other ISP's who may be moved to try this kind of irresponsible, illegal spying.

    • by Ilgaz (86384) *
      As they are unofficial monopoly, nobody can dare to shutdown them without breaking entire country. That is how they dare to do such things. It is similar in lots of countries.
    • The Home Office indicated their position on the usage of Phorm. Phorm's data collection was declared to be legal and lawful if the end-user gave consent for collecting the information.

      Here's a reference from the guardian blogs of March the 12th [guardian.co.uk].

      Article says that end-users were not not made aware of the phorm tracking. This will be an interesting case.

      Cheers.
      • by mollymoo (202721) *
        It's worth pointing out that Home Office guidance isn't a binding statement on what is and is not legal (which the guidance does point out), it's up to the courts to interpret the law. A court could may well disagree with the Home Office official who wrote the guidance.
      • by hyades1 (1149581)

        Thanks for the information.

        This particular phrase caught my eye: "...or by the acceptance of the ISP terms and conditions."

        It's pretty reasonable to suppose that all of the major ISP's will make consent a condition of use, thus making it impossible to "opt out". Of course, this is simply the opinion of some faceless drone in the Home office. The courts might take a different view of the situation.

        It will be interesting to see how this comes out.

  • They (BT) are implementing this in the UK, along with a couple of other ISPs (like Virgin).
  • sounds like a major privacy violation, I hope they get sued into oblivion.
    • Re: (Score:3, Insightful)

      by arth1 (260657)
      BT is the equivalent of Bell/AT&T in the US. It's impossible to sue them into oblivion. The best you can hope for is that one of the sub-sub-sub-sub-sub-CEOs gets a slap on the wrist and won't be invited to the next golf tournament.
      • Re: (Score:3, Informative)

        by mollymoo (202721) *
        There was nominal breakup of BT, though not into regional "baby bells". BT Broadband, the ISP in TFA, could be sued (or more likely regulated) out of existence and the rest of the telecoms network (most importantly - BT Openreach (last mile), BT Retail (telecoms), BT Wholesale (bulk services, including ADSL provision)) would carry on. Openreach and Wholesale are the bits with a near-monopoly on the last mile and national network and are heavily regulated to provide open access to other providers. BT Broadba
  • by 3seas (184403) on Friday April 04, 2008 @06:40PM (#22968744) Journal
    .... that if you are online someone is watching you.
  • by lobiusmoop (305328) on Friday April 04, 2008 @06:41PM (#22968752) Homepage
    BT's ADSL internet service seems to be one of the worst in the UK. Unfortunately since they have a long history of providing landline connections in the UK, many people assume they must be a worthy internet provider also - not so. I'd recommend UK Slashdotters look at This ADSL ratings site [dslzoneuk.net] for more personal citations of BT's (and other providers) service.
    • by jez9999 (618189)
      Unfortunately since they have a long history of providing landline connections in the UK, many people assume they must be a worthy internet provider also

      Hahahaha, BT's customer service when providing landline connections is hardly great.

      No - it's that quite a few people, at least in the early days, and with the help of positive reenforcement from BT's advertising, thought that BT were the *only* ADSL provider. Either that or they just couldn't be bothered to do one iota of research and just went with BT.
    • by jez9999 (618189)
      That site has fast.co.uk as almost perfectly rated, when it offers a pathetic 40GB transfer/mo for £29/mo at a pathetic 8mbit/0.5mbit transfer speeds. Compare that to Be. The site's ratings don't seem very reliable.
      • by mollymoo (202721) *
        Its not all about headline speeds and bandwidth allowance. I pay £25 a month for 20 GB of transfer from Zen, with "up to" 8 Mbps down (I can sync at 6.5, but prefer 5 for a more reliable connection) and 0.5 up. In terms of headline figures, it sucks. But they're consistently rated among the best ISPs in the country.

        I get 8 static IPs with configurable reverse DNS, excellent speeds even at peak times and a contract which explicitly says they won't filter or throttle and I am allowed to run servers. Not
  • by Peil (549875) on Friday April 04, 2008 @06:44PM (#22968760) Homepage
    This has been bubbling under for a few weeks, but really broke badly in the past couple of days.

    Essentially they appear to have broken the Regulation of Investigatoy Powers Act (RIPA) by performing an unauthorised interception of a communication over telecommuncations infrastructure.

    No word yet on legal action, although several MP's are kicking up a fuss about it.

    BTW BT are the only ones who have confessedd to doing this so far, the other ISP's haveeither kept schtum, or muttered paltitudes like we will wait and see
  • How do i turn the reply buttons back to text like it was before? Ive been moving around computers alot and probably enabled some stupid new feature. I cant seem to find it in the preferences.

    thanks

  • ...

    Wait, so you're telling me that a third party can, without my consent and/or notification (implied or explicit), install and execute a program on my hardware? Isn't that what sends most virus writers to jail?

    I'd want a lawyer to run over the BT access agreements with a fine tooth comb, and check this against any applicable privacy laws.

    • Computer Misuse Act (Score:3, Interesting)

      by mutube (981006)
      IANAL but the UK law covering this is the Computer Misuse Act and more recently the European Convention on Cyber Crime.

      As I read it BT are guilty under CMA 1(1) [wikipedia.org] which relates to unauthorised access to any program or data held in a computer. Whether the information checking is done on the computer or the ADSL hub it is a violation. With regard to the Convention on Cybercrime [coe.int] they appear to be guilty under Articles 2, 3 and 6.

      I hope someone sues their buttocks off.
  • With the new terror-laws, every ISP here in Denmark is bound by law to monitor and log all and every connections made in the country (mainly IP adresses, but probably down to protocel level, ports, mails, IMs etc.). I don't see how this is different...
    • by arkhan_jg (618674)
      That same law is in effect in the UK due to an EU directive - websites visited, and email addresses sent and received are collected (similar to phone log records) but not the contents, and only available after the fact by warrant.

      The difference with this is because it's being passed to a third party company to analyse the traffic in realtime for keyword trends, to be passed to adbanner providers. So when you go to a website using phorm for their ad banners, phorm know where else you've been in the past, and
  • I use ad-block+ so I never see any ads anyway but further I have absolutely no interest in letting any company besides Google, whom I'm presently very fond of, know anything about my Net habits. It just doesn't serve any of my interests and it causes me great anxiety to think that a profile could be built and accessed and sold. I'm not in the US but as an example the present US administration I would prefer to be an absolute cipher to. Would using a proxy server achieve much?
    • by sexconker (1179573) on Friday April 04, 2008 @07:03PM (#22968912)
      Why do you (and so many others) trust google?

      • Re: (Score:2, Interesting)

        by dixonpete (1267776)
        1) I use Google to search, very often 2) I watch their tech talks, often 3) I am starting to use their free apps Google is offering great value gives me services that greatly enhance my life. Plus, I signed up for this. These other jokers are stealing that information without my permission and offering me nothing in return. If ISPs need more money they can ask me for it.
      • Re: (Score:3, Insightful)

        by cheater512 (783349)
        They have defended our rights where others have not.

        They are also relatively honest and havent done anything immoral in regards to privacy to date.
      • by esocid (946821)
        I like google but disabled the search tracking since I found it a little creepy. For extra protection I use track me not [nyu.edu].
      • Re: (Score:3, Informative)

        by fuego451 (958976)
        Google at least gives you a reach around. Gmail has some nice features and I now have over 6.5 GiB of storage and counting. I use iGoogle to organize my most viewed sites with access to all the other Google features/tools/apps. Am I worried abut personal my personal info, shit, the IRS has it all from the late 50's, the FBI has it from the 60's (military secret clearance), the Veterans Administration from the 70's, employers, banks, the post office, state licensing agencies, mortgage companies, title compa
        • by fuego451 (958976)

          Am I worried abut personal my personal info

          Interesting! When I previewed this in the new comment box, all was fine.

      • Re: (Score:3, Insightful)

        1) because i get something back, in exchange for tracking me, they get more data about what i want and their searches are more tailored.
        2) because they dont charge me, in exchange for good search results they track me and give me non intrusive ads.
        3) because its very easy to switch, if they change their privacy policy im not tied to searching with them for another 6-12 months
        4) because they do good stuff with the money ( FF, SOC, etc)
        5) because theyre geeks, the main way the information is mis used is if so
      • I choose to use google mail despite the privacy implications. In this case people are FORCED to have their connections sent through third party servers and profiled.

        There's a big difference between profiling people based on adds on participating sites and scanning every connection to ANY site. Google doesn't see what Wikipedia pages I am editing, this system could.

        The only way you could compare this to Google would be if every site you could connect to was using Google adds, and they were all written as to
      • Re: (Score:2, Interesting)

        by BountyX (1227176)
        Google can't be trusted....I think it's stupid to store your most sensitive emails, conversations, and documents, on someone elses property. Use scroogle over an SSH tunnel, tor, or freenet. Any centralized organization that collects even the most unimportant data in mass amounts can turn that data into established paterns, habits, etc. Information they do NOT need to know about you. Augementation > Algorithm.
  • by Sosigenes (950988) on Friday April 04, 2008 @07:03PM (#22968910)
    The summary of the story doesn't emphasise the point that the spying test was just a small trial, and that Phorm is actually coming directly to the UK.

    3 of the major UK ISPs: Virgin Media, BT and Talk Talk are getting all ready to implement and bring in Phorm. More information and details are available at the useful website BadPhorm: http://www.badphorm.co.uk/ [badphorm.co.uk]

    Thousands and thousands of UK users are going to be subject to this inescapable violation of their privacy with little to do about it. There is an opt-out cookie, but this does not prevent the fact that the users browsing still goes through the Phorm servers. Would you be happy with all your internet browsing going through a third party server, let alone one owned by an advertising company that wants to profile you and "see the whole internet" (Reference: http://www.badphorm.co.uk/news.php?item.30.3 [badphorm.co.uk] ) through your browsing history.

    There is lots of interesting discussion going on about this, particularly at Cable Forum by Virgin Media users, who are going to be thrown into this spying (Link: http://www.cableforum.co.uk/board/12/33628733-virgin-media-phorm-webwise-adverts-updated.html [cableforum.co.uk] )

    A fast growing petition to the UK government on the governments website is nearing 10000 signatures, and just shows how many people do not want this to happen (Link: http://petitions.pm.gov.uk/ispphorm/ [pm.gov.uk] )

    This may not concern many people in the US, or people on the smaller ISPs in the UK - but the worrying thing is, other ISPs are already saying that they are going to watch the results and see if the ISPs can get away with it - if they can, they will likely pick it up to. And your ISP might do too!
    • If I was this ISP and had to make a choice, I'd do it the following: :If we have spyclient installed, watch for certain pattern of data through high# ports. IP dest and dest port should not matter, as to prevent detection :Bridges between customer backbones that watch all data from specified port. :The bridge captures and saves pertinent data to separate spy-net that they can watch, not interfere

      All this talk only brings bad blood. Anyways, unencrypted traffic can be viewed at any point from source to desti
  • BT phone home.
  • If spying on your customer does not break the law, the law is broken.
  • by darkob (634931)
    BT as an ISP failed it's customers at just about every level imaginable. Not only they infringed on privacy of it's customers, but it was apparently done deliberately and on a grand scale. I haven't found direct reasoning behind these actions, but spying on customers and citizens is nowadays "covered" by the omnypotent argument, that there's a ongoing "war on terror". I just wonder what happends next in the name of the fight against terrorism?

"We learn from history that we learn nothing from history." -- George Bernard Shaw

Working...