TechRadar: Did Phorm expect the backlash against ‘targeted ads’ to be so widespread?
Kent Ertugrul, CEO, Phorm: Internet users have concerns about privacy – we understand that – which is why we’ve designed our system from the ground up with privacy in mind. Our technology is able to deliver targeted advertising without storing any data on individuals and participation will always be a choice – people can turn the service off or on at anytime.
TechRadar: What exactly do you think most people are so distrustful of? How does Phorm plan to change their minds?
Kent Ertugrul, Phorm: Quite rightly people are concerned about their privacy, particularly when they see stories about organisations losing or misplacing personal information. But it is not possible to reveal any personal information as our system simply does not store it. We do not store IP addresses and do not store browsing histories. In fact we don’t know who a user is or where they have been.
Research shows that our technology will help overcome two of the biggest issues consumers have with the internet – irrelevant ads and security. Our system will deliver ads that are more relevant and provide more secure surfing with its anti-phishing service – all without storing any personal data.
That’s groundbreaking, because the other major online ad companies store your personal information for at least 13 months before they even anonymise it.
Our aim is to continue to educate people on our system in order to reassure the small minority who have expressed concerns that they can trust our technology to safeguard their privacy.
TechRadar: Would you agree that ‘profiling’ is akin to ‘spying’ regardless of whether it’s being done ‘anonymously’?
Kent Ertugrul, Phorm: No, we wouldn’t agree. We will not be profiling users – we are not attempting to build a picture about a particular user by storing data on them and their activities online. We don’t know who the users are – all we have is a random number.
We store no personal data as I said. Essentially, the system looks for the 10 most frequently occurring words on a webpage to match it to a keyword chosen by an advertiser such as camera. If a match is made then an ad will be shown. We will not let advertisers use words that might relate to sensitive topics such as adult content, medical conditions and so on.
It’s important to remember in this process that the system is designed to ignore any data that might be personal such as names or long numbers which might be telephone numbers or postcodes. Nor is the system able to look at secure pages, like those used for online banking or webmail. We are only looking at webpages and so cannot read the content of people’s emails.
TechRadar: How can Phorm convince the average web-user that their data is being profiled ‘anonymously’?
Kent Ertugrul, Phorm: We built the system from the ground up with privacy in mind and have been very transparent about how it works. We’ve had Ernst & Young, privacy experts from a company called 80/20 Thinking and technology professor, Richard Clayton review the technology.
Their conclusions are that the privacy aspects of the technology work pretty much as we say they do. We’re happy to learn from these assessments and have other independent experts verify the system.
TechRadar: The FIPR recently came out and said that it believed that Phorm’s technology could be deemed illegal under RIPA. What has Phorm done to ensure its technology complies with the law?
Your comments (1) Click to add a new comment
popper
April 11th 2008
1. rather than re-type Alexanders points on the cable forum and ElReg sites ill just paste this
of of these also being relevant to the newest BT trials as laid out in the new BT Diagram
http://webwise.bt.com/webwise/customer_choice.html
PECR is going to have to be taken into consideration according to the ICO, how do BT propose to change their T&C's I wonder?
Section 27 states:
"To the extent that any term in a contract between a subscriber to
and the provider of a public electronic communications service or such
a provider and the provider of an electronic communications network
would be inconsistent with a requirement of these Regulations, that
term shall be void."
So BT asserting that a simple change to the T&C's will capture consumer consent doesn't really carry much weight.
not to forget section 6 Of Course as regards BT wanting to place a data cookie on a Users machine after unlawfully intercepted their data stream and gettign a distinct Explicit NO from the user.
:waveing:
“Legal Issues
By Alexander HanffPosted Monday 7th April 2008 14:52 GMT My analysis of the secret
trials in 2006/2007 is that multiple laws were broken as outlined below:
Regulation of Investigatory Powers Act 2000
Secret trials = no consent from either party to intercept.
Privacy and Electronic Communications (EC Directive) Regulations 2003
Secret trials = no consent from either party to intercept or process.
Data Protection Act 1998
Secret trials = no consent to process personal data, even anonymising is processing
European Convention on Human Rights
Right to privacy of correspondence
Human Rights Act 1998
Right to privacy of correspondence
Computer Misuse Act 1990
Knowledge and Intent to “Hinder” access and “Impair” operation
Fraud Act 2006
Masquerading as the intended destination (Phorm’s “special machine”) for the purpose of gain (revenue from advertising)
Torts (Interference with Goods) Act 1977
Trials inserted javascript programs into web pages which then took resources to process
(see Ebay vs Bidders Edge) = trespass to goods/trespass to chattels
The Council of Europe’s Convention on Cybercrime
Covers this issue very comprehensively
Copyright, Designs and Patents Act 1988
Copying a website for commercial purposes, see cases against Google and Archive.Org
I am in the process of writing my dissertation based around all of the above legal arguments,
it will be publicly available under Creative Commons once it is finished.
Bottom Line?
BT trials in 2006/2007 can only be seen to have been criminal offences under multiple Acts as well as
leaving BT liable for litigation under Tort law.
ICO?
They have a duty to investigate BT’s secret trials for the unauthorised processing of personal data
(irrespective of what was done with it “after the fact”) under DPA and PETR
Home Office?
They have a duty to investigate BT’s secret trials on multiple counts under RIPA, CMA, Fraud Act 2006.
Other stuff?
Any case which is initiated in a court of law (either criminal or civil) can also attach complaints
under Human Rights Act 1998 irrespective of the fact that BT are not a public body. A judgement from
a court -MUST- be compatible with ECHR and HRA as a court is a public body as explicitly defined in
the Convention and the Act.
Possible EU Action?
Definitely. Council of Europe’s Convention on Cybercrime is a mandatory convention, European Court of
Human Rights may be applicable for breaches of ECHR and HRA. EU Copyright Directives and Data Protection
Directives may also be relevant.
That’s -my- opinion and it is such a strong opinion I have decided to study for a Masters in Law next year
in order to help prevent this dogmatic attack on the fundamental rights of our society.
Phorm CEO (Kent) wants to talk to me on the telephone according to message I got from his PR team, but given
the misquoting of Dr. Richard Clayton on their Blog this weekend, they can whistle.”
— Posted by david M
Alert a moderator
Tell us what you think
You need to Log in or register to post comments