A new service soon to be deployed by several British Internet providers has run into controversy for targeting Web advertising based on a user’s surfing habits. A technology policy group warns Phorm’s system violates data protection laws.
Digital Journal — In a letter sent to U.K.’s Information Commissioner’s Office, the Foundation for Information Policy Research (FIPR) explained how a new ad-serving system illegally snoops on a Net user’s browsing activities. Political opinions, sexual preferences and religious views will all be viewable by Phorm’s tracking technology, which will soon be rolled out by ISPs BT, Virgin Media and Talk Talk.
After collecting data on a user’s browsing history and inputted search terms, the system delivers ads that may cater to the user’s interests. The company says the data is quickly discarded and the collected data is assigned a random number that can’t be traced to an individual.
But FIPR believes users will still be identifiable from the scanned data content, since “it will include email sent or retrieved by users of web-based email, and messages viewable by those authorised to gain access to individual pages of social networking sites.”
The open letter goes on to say:
Classifying users by scanning the content of their communications involves interception in the sense of s1 and s2 of the Regulation of Investigatory Powers Act 2000. That is because classification cannot be done without the content being made available to the person doing the classifying. The fact that he does so by the application of machinery which avoids the need for him to read the content is irrelevant — it is clear, for example, from ss16(1) that material is to be treated as intercepted even before classification or examination and despite the fact that it may not be lawful to examine it.
The group maintains that Phorm’s Web-monitoring ability and data collection violates U.K.’s Regulation of Investigatory Powers Act of 2000 and the Data Protection Act.
Virgin Media, though, is satisfied with how Phorm works. Last week, a Virgin Media spokesperson told the Financial Times:
However we have full confidence that the system meets all applicable guidelines for privacy and protection of personal data.
Phorm argues that users can opt out of the service, but FIPR is quick to rebut their comment. In the letter, they say: “It would be specially objectionable if opting out were to depend on the maintenance by the user of a cookie, since many reasonable users regularly clear all cookies; nor should users be expected to opt out by blocking one or more websites, since many may not understand how to do this or may make errors in trying to do so.”
And the main benefit to users, like the 10,000 BT customers invited to try out the service later this month? A BT spokesperson explained to BBC:
Customers will receive more relevant advertising and will get warnings if any of the websites they visits are known to be phishing sites.
Richard Clayton, Treasurer at FIPR, countered by criticizing the service’s snooping technology:
The Phorm system is highly intrusive — it’s like the Post Office opening all my letters to see what I’m interested in, merely so that I can be sent a better class of junk mail.
When Phorm does get deployed in the UK, it will be interesting to watch how customers adopt it. Will they rebel against the custom ads popping up on their screen based on the last hour’s Google searches? Or will they enjoy the marketing targeting their interests? Phorm has the potential to reshape online advertising, but it also carries with it an albatross of a controversy. Data scanning and personal info retention will continue to be on the minds of Internet advocates for years to come, so expect the argument against Phorm to only gain momentum as ISPs continue to experiment with the service. The battle over your Web surfing activities has just begun.
