Page last updated at 18:03 GMT, Friday, 4 April 2008 19:03 UK

'Illegal' ad system scrutinised

BT has tested Phorm's technology

Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal".

The analysis was done by Dr Richard Clayton, a computer security researcher at the University of Cambridge.

What Dr Clayton learned while quizzing Phorm about its system only convinced him that it breaks laws designed to limit unwarranted interception of data.

The Information Commissioner's Office (ICO) has also said it would monitor Phorm as it got closer to deployment.

In addition the ICO confirmed that BT is planning a large-scale trial of the technology "involving around 10,000 broadband users later this month".

Previous trials of the technology by the telecoms firm were branded "illegal" by Nicholas Bohm of the Foundation for Information Policy Research (Fipr), which campaigns on digital rights issues.

As the company did not inform customers that they were part of the trial, he said the tests were "an illegal intercept of users' data".

In the subsequent trial the ICO said: "We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts."

In a statement Phorm said it was satisfied that its system complied "with all the appropriate UK laws".

Close scrutiny

Phorm works by taking a copy of the traffic generated when a user visits a website, analyses the text in this traffic and then uses the resulting information to insert targeted adverts on sites that have signed up.

I'm still not happy at all
Richard Clayton

Dr Clayton visited Phorm in his capacity as a security researcher and as treasurer of Fipr.

In mid-March Fipr wrote an open letter to Information Commissioner Richard Thomas spelling out its worries about the technology.

The analysis was carried out to weigh up Phorm's claim that it preserved the privacy of web users and did not break laws.

In a blog entry detailing his findings, Dr Clayton wrote: "Overall, I learnt nothing about the Phorm system that caused me to change my view that the system performs illegal interception."

The definition of interception Dr Clayton used comes from Section 1 of the Regulation of Investigatory Powers Act 2000.

In the blog entry, Dr Clayton said Phorm could claim "with some justification" that its system did not let it identify individuals and did a better job of targeting advertising than many others.

However, he noted, this justification conflated the notions of data protection and privacy.

For Dr Clayton privacy involves the expectation that "other people, even people I'll never meet and who will never meet me, don't get to know what I do".

Having spent time analysing Phorm, Dr Clayton declared: "I'm still not happy at all."

The ICO said it had received "a number of queries" relating to Phorm's impact on personal privacy.

It said it had "detailed discussions" with the company and had been assured that the ad-serving system "does not allow the retention of individual profiles of sites visited and adverts presented" and that "no personally identifiable information" was held.

In response to Dr Clayton's report, a spokesperson for Phorm said: "Our technology complies with all the appropriate UK laws - and we've consulted a range of experts on this.

"The Regulation of Investigatory Powers Act (RIPA) was drafted in the earliest days of the internet. It is not designed to criminalise legitimate business activities - online targeted advertising is an accepted part of the internet landscape today."

video and audio news
A data expert on BT's actions

The BBC is not responsible for the content of external internet sites

Has China's housing bubble burst?
How the world's oldest clove tree defied an empire
Why Royal Ballet principal Sergei Polunin quit


Americas Africa Europe Middle East South Asia Asia Pacific