20 Comments

Summary:

Many senior BBC executives want to follow Amazon (NSDQ: AMZN) and Wikipedia by opting out of on-net behavioural ad targeter Phorm – a blow w…

Many senior BBC executives want to follow Amazon (NSDQ: AMZN) and Wikipedia by opting out of on-net behavioural ad targeter Phorm – a blow which could trigger a damaging flood of similar requests. A Freedom Of Information request has uncovered a flurry of private emails exchanged in the last few months, as the Beeb and the commercial BBC Worldwide wing brainstormed what to do about the system, which wants to help publishers better target ads by anonymously categorising ISP customers’ every web visit. The emails reveal…

– Future media and technology controller Anthony Rose (pictured) thinks Phorm is “a flawed business model … I don’t see Phorm surviving long-term, which would limit the amount of time and energy that we need to devote to Phorm”. He’s satisfied the data collected by Phorm is anonymous, but brands the collection method “insidious”. He says the BBC could opt out – but he’s fearful of depriving ISPs the extra revenue that would come with their use of the service.

– BBC’s legal and business affairs head Kate Leece in April said execs “are discussing the question of whether the BBC should in fact opt out of Phorm without further delay”. She was advised: “If Amazon are taking this stance on Phorm (opting out), then yes, in the interest of upholding privacy issues, I think we must consider, too.” Noting the EC’s recent criticism of the UK government for green-lighting Phorm, Leece considered opting out “until such time as this is resolved”.

– Archive controller and former BBC.co.uk controller Tony Ageh was advised to opt out, on the theoretical basis that Phorm would use BBC-related traffic for commercial gain, by tech pundit Bill Thompson, who called Phorm “reprehensible, but not illegal“.

– Future media’s chief technical architect Dirk-Willem van Gulik and digital distribution controller Richard Cooper have discussed technical methods for stopping Phorm from using BBC.co.uk users’ traffic data. Cooper says Phorm has commercial value for publishers and ISPs but, “from a technical perspective, it’s evil“. Van Gulik said it’s “not an option” to block Phorm without also hiding BBC.co.uk from search engines, but said Auntie could ask Phorm to be blacklisted. Alternatively, BBC.co.uk could warn users that Phorm may be monitoring their clicks, he wrote.

Auntie’s worried the public outcry will draw complaints about behavioural targeting BBCWW already carries out, albeit not at the ISP-level. Leece: “A key concern is impact on BBC.com’s use of (targeting vendor) Audience Science for behavioural targeted advertising as, whilst technology different, public may see as the same.”

The internal debate culminated in BBC Online controller Seetha Kumar’s public blog post this week – a holding statement that plays a waiting game and is leaving a final decision until government ministers respond to the EC’s criticism. Phorm plans to unveil a new consumer product on June 3, has completed a trial with BT (NYSE: BT) and is embarking on a trial with Korean ISP SK. It criticises the “privacy pirates who appear very determined to harm our company”. We have invited comment on the BBC views.

Update: Phorm tells paidContent:UK its upcoming product launch “would also benefit all websites, even non commercial sites like the BBC”: “In doing this, we

  1. Long John Silver Saturday, May 23, 2009

    The commercial gain argument is entirely feasible.
    The Privacy argument as purported by Amazon is not.
    Purely a commercial decision; Amazon would not want users being presented with ads giving consumers the opportunity of purchasing items cheaper elsewhere. After all, Amazon already profile their own customers and how easy is it to log-out of your Amazon account? Not very.
    The Privacy argument is a non-starter anyway, no-one knows how Phorm will be implemented outside of Phorm and partner ISPs.
    If consumers willingly sign-up knowing the consequences, maybe for free bandwidth, un-throttled connection, free hardware etc. , where's the problem?
    Seems like lots of people have been hoodwinked by a very astute smear campaign, orchestrated at the beginning by a very small band of Privacy Zealots, into thinking that this is a BIG issue.
    The Public Outcry will come from the very same small band who have been agitating for over a year – there's about 10 of them. There is no wide-spread concern, I could name them all.
    There's a poll being conducted just now on TalkTalk's members forum – 14 days and only 101 votes yes or no (4 for 97 agin) to Phorm out of 3000+ views and millions of subscribers, no-one cares outside the tinfoil hat brigade.
    Understand, there is very little extant factual information out there as to how Phorm works, how it will be implemented other than that spread by the die-hard antis.
    I have not been paid by Phorm or any other organisation for this post, just sick and tired of the anti-phorm brigade's assumption that they speak for everyone.

    Share
  2. Zoot Cadillac Saturday, May 23, 2009

    @Long John Silver.

    If I may address some of your comments?
    I'll dismiss the first two as conjecture.
    The third? Sure Amazon or any company seeking to make financial gains from it's online visitors would not want a 3rd party scraping their data so that those same visitors might be served advertisements elsewhere based upon information gained whilst those people were at Amazon's site.
    That's a no brainer.
    The privacy argument a non-starter? You state that nobody outside of Phorm knows how it will be implemented? Well I thought that everyone who had read Phorm's releases on this issue coupled with Dr Richard Clayton's analysis of the system would certainly have a very good idea how they plan to implement this and if they go under the model that Phorm themselves have currently made public then the fact remains that there is illegal interception of data between 2 parties without gaining explicit and previous consent from both of those parties. Who cares about privacy? Let's be sure that it's legal for a company to intercept a website's communication, make and store copies of their content so that they can serve competitor's advertisements to their visitors.

    I don't think anyone is out to smear Phorm. Phorm themselves have shown to be untrustworthy and unwilling to engage with the very people they seek to monetise to see a way in which they may be accepted ( they would have been happy to never engage with the public and indeed not have the public be aware of them ). Your assumption that consumers will be receiving free or improved broadband services as a result of Phorm is totally unfounded. Not one ISP has ever made a statement to this end and neither has my ISP responded that this would ever be the case were they to adopt Phorm. This is just another one of those carrots dangled by Phorm when they need to convince the public that their system can have any merit for them.
    There is no need for anti-phishing. There is no need for cheap incentives. I have a contract with my ISP to connect me to the web and they enjoy common carrier status which holds them totally exempt from responsibility for my actions online. The moment they decide to be a content deliverer that will all change.

    There will be more public outcry. There are more people becoming aware of this now that the mainstream media has taken it up and people will find ways to refuse to be used for the profit of 3rd party leeches such as Phorm
    Seriously, who needs them? If my ISP wants to monetise my data whilst giving me some benefit for that ten let tem engage with me and see how that goes. Why get into bed with the people behind one of the most insidious spyware rootkits of the last decade?
    There is plenty of factual information out there as to how Phorm 'claim' their system works and just because you have not read that it is unfair of you to assume that it does not exist.

    I don't claim to speak for anyone other than myself and I've certainly not been paid by Kents 'arch competitor'. I'm Joe Public and I'm tired of 3rd party advertisers thinking that they have any right to make money from my habits without me explicitly knocking on their door and asking to be a part of it.
    That's what the law, the EU and the ICO require. Opt-In.
    Until there is opt-in on both ends of the communication it does not matter if there are 2 or 2 million people against it. It's not happening.

    Share
  3. The BBC have a contract with Audience Science to allow them to profile overseas visitors. This contract does NOT allow them to profile UK visitors.

    1) Why should Audience Science pay the BBC for access to information which companies using DPI on overseas visitors could get for free? Why should the BBC allow companies using DPI on UK visitors to profile them, when they don't allow Audience Science to do so?

    (Oh, and I am not being paid by, or have any interest in, any of Phorm's competitors)

    Share
  4. As I see it, the main difference between Phorm and other current methods of monetising we lowly users is that Phorm has equipment in the ISP through which all your traffic passes regardless of whether or not you have signed up to accepting ads from Phorms partners.

    The potential for abuse or mission creep (intended or accidental) is enormous. That data is HUGELY valuable.

    The fact that Phorm are a company with their roots in malware production is just the icing on the cake.

    If my ISP (VirginMedia) does eventually partner with Phorm, I will be leaving them for one that doesn't. It will cost me money, but that's not the point.

    Any website that partners with Phorm, I will abandon. In the Beeb's case it will be with much regret, but make no mistake, I will not knowingly use any of Phorm's partners.

    Advertising-driven Deep Packet Inspection (DPI) is a step too far,

    Share
  5. Interested in privacy Saturday, May 23, 2009

    LJS,

    You raise some interesting points, so I thought I would add my perspective…

    You cannot speak for Amazon, in the same way that I can't, if they say it's a privacy issue, we have to take them at their word, just like so many people expect us to take the word of phorm (previously known as 121Media, peddlers of the apropos rootkit which was a wrapper for their adware contextplus).

    Do I trust Amazon? On the balance of things, I'd have to say yes, they have never installed rootkits on to peoples PC's as far as I am aware, and openly admit to profiling their customers.

    Do I trust phorm? On the balance of things I would have to say no, they have a history of deceptive business tactics and a lack of respect for end users, they ran two trials with my previous ISP while denying doing so, and failed to register with the ICO while these trials were conducted, and then there is the previously mentioned rootkits.

    As for logging out of the Amazon account issue you raise, actually I find it very easy, I just clear cookies at the end of my browsing session.

    You claim that the privacy issue is a non starter, perhaps you'd like to expand on that for everybody to understand your reasoning a bit better; having read the report by Dr Richard Clayton who got his information first hand from phorm, I would contend that the privacy issues are very real.
    I fail to see how profiling almost all of somebodies browsing habits can be privacy enhancing. (I say almost all, because ssl sessions are ignored, and supposedly webmail too, although I have doubts that they can exclude all webmail.)

    You ask "If consumers willingly sign-up knowing the consequences, maybe for free bandwidth, un-throttled connection, free hardware etc. , where’s the problem?"
    Well firstly, phorm will still have no consent from the websites they are abusing the copyright of (copyright requires that they seek a licence before using any content, and they can't rely on assumed consent of the rights holders, nor is an opt-out system for websites legally binding, they have to seek consent, or face legal action) so that is one major problem straight away.

    Your claims of an astute smear campaign, you may be correct, there were rumours that phorm were smearing their opponents to political types before, but I have no proof of that, but it sounds believable.
    Phorm spent plenty of time trying to get political types onboard with their system early on, while trying to hide what they were doing from end users, that hardly seems to be the actions of a trustworthy company.

    As for 10 campaigners, I presume you have facts to back that up? I would say it is likely to be a far greater number, and as this whole affair is dragged out into the light, I would expect to see more people become involved as time goes on.

    With regard to "There’s a poll being conducted just now on TalkTalk’s members forum – 14 days and only 101 votes yes or no (4 for 97 agin) to Phorm out of 3000+ views and millions of subscribers, no-one cares outside the tinfoil hat brigade."

    I had a look on the talktalk members forums to satisfy my curiosity, and see how accurate your statement was.

    On those forums, out of the "millions of subscribers" only a small percent actually seem to use the forums at all. The forum statistics at the bottom of the page show Topics: 19,944, Posts: 256,953, Members: 12,698, Active Members: 2,223, so once you ignore the shock value of the "millions of subscribers" a better indication of how people feel can be had by looking at your numbers again.

    Out of 12,698 members, only 2223 of them are active members, so your millions no longer mean that much.

    97 out of 101 who voted are opposed to phorm, and in that thread, it is claimed that 2 of the votes in favour were made by staff members.

    As for the postcount and total views, well, I clocked up 3 hits on the number of views today by revisiting the thread, so again, not a good indicator.

    To give a comparison, I also looked at other parts of their forum, in the Christmas competition thread they had, there was a total of 41 votes, 171 replies and 4209 views, so the votes against phorm are certainly worth paying attention to it would seem.

    You claim "Understand, there is very little extant factual information out there as to how Phorm works, how it will be implemented other than that spread by the die-hard antis."

    That is true to a great extent, because phorm refuse to actually engage properly, they will answer favourable questions, but they answer most questions with PR statements, that are vaguely worded and have lots of space to allow backtracking of what they said. The most factual information in the public domain is the report by Dr Clayton, and that doesn't paint a pretty picture.

    I don't care if you were paid by phorm or not, but just so we are on an even footing, I wasn't paid to make this post either, by any individual or organisation. Ultimately though, I'd be much happier to allow the anti-phorm types speak for me than you.

    They do seem to be genuinely interested in helping to maintain what little privacy is left on the internet, it seems to me, that you would be content to sell it to phorm on behalf of everybody else.

    Share
  6. The anti-Phorm lot are still content to confuse mole hills with mountains it would seem. Anyone who read coverage of the last Westminster eForum would know that Phorm's SVP for Technology (Marc Burgess) made clear that users would have to provide consent to use the service. That being the case the BBC have nothing to worry about because users won't be profiled (anonymously) without having given their permission.

    Interesting point from 'brianlj' on the prospect of data accumulation due to "mission creep;" as far as anyone knows based on what Phorm have announced and on what independent experts have said, the Phorm system is unique at the present time in that it doesn't store users' browsing histories, which is more than could be said for a certain other company http://news.bbc.co.uk/1/hi/technology/8058084.stm

    Share
  7. it appers the "Stop Phoul Play" website are indeed running "very astute smear campaign" and changing the so called facts as time passes, and informed end users are bringing their smears to light for instance see below:

    its appears these officially released BT pictures outlining the dataflow of Phorm keep going missing, so grab them while you can ;)

    but upon inspectionm these make it very clear that without exception , all your dataflow belongs to Phorm and their ISP partners ;)

    lets be clear here, at no point can you stop any of your ISP data going through the Deep Packet Interception/Inspection Layer7 kit, regardless of any cookie "Opt in" or"Opt Out".

    a clear cut "wiretap" as seen in these official BT diagrams.

    and also the cookie point being, they clearly did ,do ,and will in the future need to place a cookie on your harddrive without your consent, and look for it every single session….

    i expect this is exactly the same way the current "Korea Telecom" is dong it now, perhaps someone in the BBC better inform the users there reading these BBC server pages news etc…

    http://bayimg.com/KaaKGAAcA
    bt2customer_choice_diagram70.JPG

    http://bayimg.com/kAAkKAACa
    phormslide_thumb.jpg

    Share
  8. Interested in privacy Saturday, May 23, 2009

    CP, you seem to have bought the official phorm line, so go look at Dr Claytons report and educate yourself.

    You will still be profiled (although phorm promise to ignore you) just not served adverts with the way the technology is setup at the moment.

    Phorm have not demonstrated a network opt-in / opt-out solution as yet, so the report by Dr Clayton stands, you merely opt out of adverts the way things are.

    It still doesn't mean the BBC really need to tell phorm no though, telling them no shouldn't really be necessary, phorm and their partners should respect copyright and seek permission after all. (And if copyright isn't really applicable to webpages as phorm and their partners claim, go ask phorm and their partners why they all expect the copyright of their own pages to be respected.)

    If the system was truly opt-in, the user would need to take a positive step to say "oh yes please, I really want to have more adverts shoved in my face, and want to help take revenue from any website who won't pay phorm to be part of the OIX and display their wonderful adverts."

    Phorm haven't changed since their days of spyware, adware, and rootkits, they've just found a new way to gather the data, and this new venue is harder for the user to avoid. A user now has to change ISP if they want to be rid of the leech who is making a note of their every interest to try and sell him things he was looking at 3 days ago, before they had the minor inconvenience of formatting their hard disk and starting over.

    Share
  9. 'Interested in privacy' – as someone who claims to know a great deal about this, surely you might have the decency to at least admit that Phorm's system doesn't result in "more adverts" being "shoved" in anyone's face. If you turn the system on all that will happen is that the adverts you're shown will relate to whatever you are browsing (minus certain sensitive topics such as tobacco, firearms, adult themes etc), simply as that really. If you're going to engage, at least do it honestly.

    Share
  10. Interested in privacy Saturday, May 23, 2009

    CP, why do you actually believe that yet another ad network won't lead to more adverts?

    Do you really believe that the sites who currently display adverts are going to give up their current ones and replace them with OIX ones?

    Or is it more likely that they will have them as well?

    More ad networks = more adverts, until proven otherwise.

    There you go, a nice honest answer, it's just a shame phorm aren't that easy to get honest answers from.

    Share

Comments have been disabled for this post