Recently I noticed a number of articles about Phorm some which condemn it some which simply report on the current debate around the idea and some which call for BT to be prosectuted. My opinion is that BT have made a monumental PR blunder (I mean the kind that can go down in history as how not to do it) but nothing more.
The Phorm concept is basically to put a tracking cookie on BT subscribers PC allowing them to know which websites they have surfed and then serve adverts to those users based on their behavior. It’s probably legal because personally identifiable information is not collected and the service can be opted out of. Because BT have a massive subscriber base the idea is that Phorm could then send more targeted and relevant ads to the individuals.
It’s no different for you as a consumer going to a website which tracks your behavior and targets ads based on what you look at. They’re just doing it on a wider scale (everything you look at is recorded not just individual websites) and with more behavioral data than before.
BT have shown very poor form in how they have handled this. Firstly instead of openly and transparently informing and explaining what they are doing, they have conducted trials without their subscribers knowledge. Some sources say this was illegal but if BT have illegally conducted tests to people who hadn’t somehow opted into WebWise or something similar then they would have to be incredibly stupid. Knowing some folks from BT I know this is unlikely to be the case. Secondly they have not defended their position other than with legal statements and they have only one page explaining what the WebWise service is all about. BT focuses on the anti-fraud protection and the ability to switch on and switch off the service.
The ability to opt-in and opt-out probably makes the service legal. I say probably because I am not a lawyer but by giving the users the freedom to turn the service off they are most likely covered, so I am inclined to disagree with the stance of Dr Richard Clayton that BT should be prosecuted. It would most likely be a waste of money and serve no purpose other than to scare an already confused general public. Unless the prosecution would be a landmark case designed to educate big companies about their PR responsibilities!
Hitwise, Comscore and others have been collecting data from ISPs for years. The manner in which they have used the information is different, they aren’t using it to specifically serve ads to people, they use it to show Internet demographical and behavioral patterns but their panel sizes are similar and similar data is aggregated.
As to whether this is a concern or not is a matter for debate. My feeling as a web analytics specialist looking at data every day is that most of the reasons why this might be worrying are overstated. I never know whose behavior I am looking at and am concentrating more on the trends of overall traffic than anything else. You can never go beyond IP address to find out who is being tracked and the IP address might give a general location (like city) but that is about as close as it gets. So from the data in BTs case you might be able to know the behavior of “someone in London” if you really drill down into the data.
Internet privacy concerns worry people because of the lack of clear understanding. You’re well protected already and this case proves it.
BT have the information already. If you’re their customer they can look at your data and know exactly what you had been doing. It’s not an easy process because they would need to first track the dynamic IP addresses you were assigned and then collate all that data over a given time period. So it’s not like your name sits in a database and BT can extract everything you’ve done. A lot of work per person would be required to collate that data. This is how the police can for instance track child molesters online. They ask the ISPs to extract the data and build up a behavioral profile. But doing that falls under the data protection act and can only be retrieved when the law has been broken and an investigation is underway. It is not legal for BT to look at that data any time they wanted too.
Just like it’s not legal to look at credit information without following the Consumer Credit Protection Act.
The reason that services like Phorm are being tested in BT is because of good practice. It shows BT are not exploiting the data they are not allowed to look at. They are trying to follow good practices but rather than explain this openly they made an almost laughable error. I mean it would be funny if it weren’t so serious.
Claims that this could lead to hacking and cyber terrorism are quite frankly scare mongering. About the worst thing that could happen is that a hacker could send an advert to the subscribers. Ok, they could break in and send propaganda about Al qaeda but that’s not what people talking about cyber terrorism are discussing. We’re talking about manipulating cookie text strings that can not execute anything.
I completely understand the concerns raised and BTs’ lack of transparency is in my view appalling and doesn’t help the industry at all. If Google, Microsoft or Yahoo! had done this then the whole world and his dog would be calling for blood.
What do you think? Let me know.