Friday, April 25, 2008

"Home Office guidance misleading" on Phorm says FIPR

The Foundation for Information Policy Research (FIPR) sent an open letter to the Home Secretary, Jacqui Smith, earlier this week noting that Home Office guidance on the Phorm webwise system deployed is misleading.
"Dear Secretary of State,

The Phorm “Webwise” System
Interception of Communications

In February 2008 your department began to circulate to interested parties a
note addressing the question of whether the operations of Internet Service
Providers in scrutinising their customers’ web browsing for the purposes of
targeted online advertising involved the interception of communications, and
whether it was lawful if it did. On 11th March Mr Simon Watkin of your
department helpfully published that note on the ukcrypto mailing list. In
response to questions about the note, he made the point that the note was not,
and did not purport to be, based upon a detailed technical examination of any
particular technology. The purpose of this letter is to explain why that note
should be withdrawn.

Phorm Inc have announced that they treat the statement as confirming the
lawfulness of their proposed operations in the UK, and the Information
Commissioner has stated that in examining the data protection aspects of Phorm’s
proposed operations he will not take account of matters covered by the Home
Office statement. And after it emerged that BT had conducted secret trials of the
service in 2006 and 2007, complaints to the Avon and Somerset police about
illegal interception were met with a refusal to investigate them, on the basis that it
was a matter for the Home Office.

A detailed technical analysis of the Phorm system by Dr Richard Clayton is
now available which sheds much new light on its proposed operations. A
detailed legal analysis by Nicholas Bohm has also now been published. These
documents are at:

Technical analysis: http://www.cl.cam.ac.uk/~rnc1/080404phorm.pdf

Legal analysis: http://www.fipr.org/080423phormlegal.pdf

The documents show that the operation of Phorm’s systems involve:

• interception of communications, an offence contrary to section 1 of the
Regulation of Investigatory Powers Act 2000

• fraud, an offence contrary to section 1 of the Fraud Act 2006, and
• unlawful processing of sensitive personal data, contrary to the Data
Protection Act 1998

The documents also highlight a number of technical errors as well as some very
significant oversights in the Home Office note that was circulated in February.
We therefore urge you to make it clear to Phorm, to such ISPs as may have
consulted the Home Office, to the Information Commissioner, and to chief
officers of police:

• that the Home Office does not condone illegal interception for the
purposes of targeted online advertising,

• that the law is for the courts and not for the Home Office to decide, and
that it is for the police and prosecuting authorities to investigate reports of
crime and make decisions about prosecutions without deferring to the
views of the Home Office, and

• that where complaints under the Data Protection Act are concerned, it is
for the Information Commissioner and not the Home Office to investigate
whether the data processing involved in targeted online advertising
amounts to illegal interception.

Your department’s note can now be seen to be significantly incomplete
and dangerously misleading. We call on you to withdraw it.

We have provided copies of this letter to Mr Simon Watkin in your
department and to the Information Commissioner.

Yours sincerely,

Nicholas Bohm

Richard Clayton"

No comments: