• silicon.com
• Management
• CIO Insights

By David Meyer, 11 April 2008 08:39

NEWS

The company behind an ISP-based web advertising user-tracking system has denied claims what it is doing is illegal.

Phorm - whose Webwise and Open Internet Exchange (OIX) technologies were used by BT in a trial on its customers - says the Foundation for Information Policy Research (FIPR) is wrong to say the use of Phorm's technologies constituted unlawful interception under the Regulation of Investigatory Powers Act (Ripa).

A-Zs…

1. Security from A-Z…

2. Biometrics from A-Z…

3. Broadband from A-Z…

4. Wireless from A-Z…

5. Green IT from A-Z…

Nicholas Bohm, the FIPR's general counsel, said last week "the illegality stems… from the fact that the system intercepts internet traffic".

He added: "Interception is a serious offence, punishable by up to two years in prison. Almost incidentally, because the system is unlawful to operate, it cannot comply with data-protection principles."

On Wednesday, a statement from Phorm argued there was "no interception issue in the Phorm system".

The statement read: "FIPR asserts - under a very narrow interpretation of Ripa - that although we obtain user consent, without the explicit consent of each website, there is an unlawful interception under Ripa. We would point to the many important and valuable consumer internet services such as Gmail or spam filters where data from one side of the 'communication' is analysed for the purpose of showing ads or blocking spam. Under FIPR's interpretation such services would be deemed illegal."

On Tuesday the Information Commissioner's Office (ICO) issued a statement on Phorm's activities, in which it said any allegations of Ripa non-compliance were a matter for the Home Office, rather than the ICO. The ICO also said Phorm had already approached the Home Office to check it was complying with Ripa - a point which Phorm reiterated in its statement.

According to Phorm: "Our extensive consultations have led to only one conclusion - that Phorm's systems are legal under any full interpretation of the law." Also in the statement, Phorm's chief executive, Kent Ertugrul, pointed out that FIPR had campaigned against Ripa when it was drawn up eight years ago but was now using it to attack Phorm.

Ertugrul said: "We're delighted to have a dialogue with FIPR but it has to be in the context of how today's online world actually works and how to improve it for the future. Our objective is to ensure the internet continues to be a vibrant and thriving community, where new developments can contribute greatly to user experience and safety."

Richard Clayton, FIPR's treasurer, told silicon.com sister site ZDNet.co.uk yesterday that FIPR's issues with Ripa - such as the "way that police could self-authorise [interception]" - remained, but had nothing to do with the elements of Ripa forbidding the use of services such as Phorm.

Clayton said: "[Phorm asked] the Home Office a rather general question about the way the things could be done. [The Home Office] gave an opinion, not a legal opinion, of their understanding of how the law was [to be applied] - it was essential to get opt-in permission from people whose outgoing traffic was being intercepted."

Clayton was also keen to point out that FIPR was not suggesting Phorm itself was breaking the law. "What Phorm are doing is legal," he said. "It is the ISPs who are intercepting the traffic and giving it to Phorm - it is that that is illegal."

Intercepting traffic for spam-filtering purposes or for blocking denial-of-service attacks was a different matter, Clayton added, because Ripa contains an exemption for technologies that are needed to protect the functioning of an ISP's service.