Home Office official offered advice and "comfort" to Phorm spyware vendor

Newly released emails secured through a Freedom of Information request show that a UK Home Office official colluded with and offered guidance to Phorm, providers of illegal spyware that British Telecom infected its users' PCs with. BT deployed a secret test of Phorm that involved infecting its customers' PCs with the spyware, which then rewrote every web-page they viewed with BT's advertising, while gathering information on their browsing habits and delivering it to Phorm and its marketing partners. Subsequently, BT switched from running Phorm as client-side spyware and instead implemented it as a server-side spyware app that captured every web-page visited by affected BT subscribers and inserted BT ads and captured users' clickstreams for BT's marketing partners. The EU has initiated legal action against Phorm for violating European privacy and consumer-protection laws.

Now it transpires that a UK Home Office official provided guidance to Phorm, offering advice on how to skirt British law with a minimum of fuss, tenderly asking if the Phorm executives and partners could be "comforted" by Home Office assurances.

This is the same Home Office that has taken extraordinary measures to make Britain "secure," including inveigling UK ISPs into spying on their users' clicks, IMs, and emails, ordering them to retain all this personal information for years so that government snoops can consult it at will. They have also ushered in an unparalleled surveillance state characterized by CCTVs on every corner; illegal, indefinite DNA-logging of people who are exonerated of crimes (including children); they also attempted to exempt Members of Parliament from having to disclose the details of their expenses to the public.

It's hard to imagine the Home Office failing worse at protecting the public.

In an e-mail dated August 2007, an unnamed Home Office official wrote to Phorm's legal representative and said: "My personal view accords with yours, that even if it is "interception", which I am doubtful of, it is lawfully authorised under section 3 by virtue of the user's consent obtained in signing up to the ISPs terms and conditions..."
The Home Office official wrote to Phorm: "If we agree this, and this becomes our position do you think your clients and their prospective partners will be comforted."
Jim Killock, executive director of privacy campaigners, the Open Rights Group, said: "The Home Office's job is to uphold the law: not to reinterpret it for commercial interests. It's extraordinary, when you think of the blatant disregard Phorm showed towards UK laws in its secret trials, that this sort of lax attitude should be shown."

Home Office 'colluded with Phorm'

Previously:

Discussion

Take a look at this

#1 posted by Spikeles, April 28, 2009 2:52 AM

Test if you connection is being hijacked by your ISP: UW CSE and ICSI Web Integrity Checker or using the EFF tools

#2 posted by hbl, April 28, 2009 3:47 AM

Oh good grief. Clearly the Home Office has our best interests at heart, and is no doubt driven by an all encompassing maternal desire. After Jacqui Smith has resigned for her countless indiscretions, the Home Office will rebrand itself as the far friendlier sounding Ministry of Love, in 3... 2... 1...

#3 posted by Marcel, April 28, 2009 4:18 AM

You're almost inclined to believe that this is an experiment of the british Home Office to control information streams on a local level.

Supplying you with your own, personalized, safely controlled version of the Internet.

#4 posted by annoyingmouse, April 28, 2009 4:42 AM

Who exactly on BT is this affecting? I'm a customer and I've not had any experience of this. I've tried things like #1 recommends to detect it but nothing. Is this something that new users have voluntarily installed?

#5 posted by toyg, April 28, 2009 5:01 AM

This is extra-sad. Labour finally managed to lose my euro-vote, they really failed on all technology issues (Cleanfeed, wasteful e-NHS project, useless e-petition site, worshipping the MafiAA, etc etc).

It's unfortunate that the Tories will be even worse, given half the chance, and the Lib-Dems always tend to waver.

Is there any organisation like the Swedish Pirate Party that will stand for MEP elections in England? If yes, they have my vote, and my keyboard.

#6 posted by toyg, April 28, 2009 5:23 AM

AnnoyingMouse, Phorm has not been fully deployed yet; BT only performed three temporary tests, two of which were secret (and as such they are being investigated from EU for breach of European directives on data-confidentiality protection) and involved only a subset of users. They are currently pushing to introduce it for all BT customers before the end of the year, so make sure you read those random letters they send you with small-print changes in your terms of contract...

#7 posted by phisrow, April 28, 2009 6:22 AM

I smell a "public/private partnership" in the works for the next round of "Tightening the Noose with Nu Labour".

#8 posted by hassan-i-sabbah, April 28, 2009 6:52 AM

Good fun from the Grauinad
http://www.guardian.co.uk/media/pda/2009/apr/28/phorm-startups

#9 posted by Anonymous, April 28, 2009 7:03 AM

Wow, usually I think Cory's complaints about UK policing cameras are overblown, and I wish we had more of them, but this is out of control! Now, I'm worried, and I don't even live in the UK... (Although honestly as an occasional tourist there, I am concerned about photographing the wrong thing, or a policeperson.)

#10 posted by Scurra, April 28, 2009 10:14 AM

"it is lawfully authorised under section 3 by virtue of the user's consent obtained in signing up to the ISPs terms and conditions"

What?!
I know the Home Office is mad (I've got actual friends who work there!) but that is ridiculous. Someone may need to start a legal defence fund for a case to challenge this preposterous idea though.

#11 posted by PaulR, April 28, 2009 3:35 PM

The only way the pieces of the puzzle fit together is, as I see it, if you look at Phorm as a way for the Home Office to track users on the Internet - it saves them the time and effort of combing through, sorting, and figuring out IP packet headers.

They're asking/forcing ISPs to keep ALL the data, so they can see what you were looking at too.

Again: who keeps electing these people?

#12 posted by Brother Phil, April 29, 2009 3:08 AM

And for crowning chutzpah, Phorm have set up a website characterising the complaints as a "smear campaign"

#13 posted by Dewi Morgan, April 29, 2009 12:49 PM

Those of us who have websites owe it to our readers to do two things:

1) Opt our domains out of Phorm, by sending a simple email to website-exclusion@phorm.com
with something like:
"Please exclude the following domains from the WebWise service, and any similar services run or controlled by your organisation:
*.example.com
*.example.org" - no we shouldn't have to do this; no, opt-out isn't the right way to manage it; yes they're assholes; but as site owners we should do it anyway, because otherwise we are tacitly permitting our site to be used as a tool to gether data.

2) Provide HTTPS versions of all HTTP pages, for those who would like their traffic not to be snoopable. With "Server Name Indication", a separate IP per domain is no longer required, and trusted Comodo or CaCert SSL certificates are free. With SSL, our readers' traffic is no longer snoopable: it can't even be proven which site on a shared host they visited. If we don't do this, we tacitly give our permission for visits to our sites to be used by anyone who pleases as aggregate data. Phorm, while evil, are the *exception* in offering an opt-out for snooping: stopping them won't stop all the governments/ISPs/Googles/ad-companies/etc who are snooping and tracking without declaring it.