Phorm failed to mention 'illegal' trials at Home Office meeting in 2007

Just fancy that!


Exclusive The Home Office held a private meeting with Phorm in August last year, but BT's interception and profiling partner did not disclose that it had completed an allegedly illegal trial of its technology on tens of thousands of unwitting broadband subscribers just weeks earlier.

Senior civil servant Andrew Knight revealed the meeting had taken place in a response to a Freedom of Information Act (FOI) request from a member of the public, passed to The Register. Today, the Home Office said it had no knowledge of the secret interceptions until we revealed the 2007 trial on 27 February and the 2006 trial on 1 April this year. BT reps were not present, Knight's note implied.

The Home Office refused to disclose further details of who was present at the August 2007 meeting with Phorm, how it was arranged, or what was discussed, saying that the information remained the subject of an ongoing FOI inquiry.

The trials have been widely branded a criminal interception on a grand scale, under the Regulation of Investigatory Powers Act 2000 (RIPA). Phorm refers all questions on the legality of the action to BT, which in turn refuses to comment beyond stating that it took legal advice.

In response to our questions about its meeting with the Home Office, Phorm said in a written statement: "We have been entirely open on our consultations with stakeholders across the industry and that part of this process included a meeting, at our request, with the Home Office."

A Phorm spokesman said during a phone call that it would not discuss what it had told the Home Office or the reasons for those choices. "We've made our statement and that's all we're going to say," he said.

Nicholas Bohm, an expert on interception law at the Foundation for Information Policy Research, an internet policy think-tank which has called for BT to be prosecuted, said: "It's surprising that Phorm didn't think it was relevant to tell the Home office what they had been up to. You have to wonder whether they were certain about the propriety of what they had done with BT."

Several months after the meeting took place, in January 2008, Phorm and BT requested legal advice from the Home Office. It was written by Knight's colleague Simon Watkin, who came to the published conclusion that the advertising targeting system might be within current law if full consent was obtained from broadband subscribers. No attempt to get customer consent was made by BT during either the 2006 or 2007 trial.

To tell or not to tell

Phorm's failure to disclose the fact it had carried out the interceptions without consent suggests three possible conclusions.

Obviously, it would be understandable for anyone who knew they had broken the law on a grand scale to keep that fact on the down-low when talking to the government department charged with ensuring that those laws are enforced.

A second possibility is that the legal advice BT claims it took went against the the opinion of the Home Office's own RIPA expert and all other legal opinion we've heard over the last three months, and so Phorm didn't feel it needed to mention the trials.

Finally, perhaps in its keenness to rise from the ashes of its spyware business, Phorm forgot to consider the law.

Yet the Home Office has disavowed any responsibility for pursuing transgressions of RIPA, even on this scale, so why not just toss it into the conversation? Phorm has not been shy about its ability to "see the entire internet" now that it is looking for publishers and advertisers to join its targeting network.

Authorities including the police and Information Commissioner have so far not investigated the events of Autumn 2006 and July 2007. Private individuals who believe their broadband line was subject to the secret wiretapping still have several legal avenues open to them, including the right under RIPA to pursue a private prosecution. ®

Bootnote

We tried to obtain an interview today with Andrew Knight via a direct email approach. A Home Office press officer called soon after to say that "I'm not impressed by that... you [El Reg] do not do that, you come through us. If you do you will not get any response [at all to your queries]".

We asked if it was Home office policy to threaten journalists with excommunication if they try talking to senior civil servants. "No," she said. "It's just the way it is."

Similar topics

Broader topics

Narrower topics


Other stories you might like

  • 381,000-plus Kubernetes API servers 'exposed to internet'
    Firewall isn't a made-up word from the Hackers movie, people

    A large number of servers running the Kubernetes API have been left exposed to the internet, which is not great: they're potentially vulnerable to abuse.

    Nonprofit security organization The Shadowserver Foundation recently scanned 454,729 systems hosting the popular open-source platform for managing and orchestrating containers, finding that more than 381,645 – or about 84 percent – are accessible via the internet to varying degrees thus providing a cracked door into a corporate network.

    "While this does not mean that these instances are fully open or vulnerable to an attack, it is likely that this level of access was not intended and these instances are an unnecessarily exposed attack surface," Shadowserver's team stressed in a write-up. "They also allow for information leakage on version and build."

    Continue reading
  • A peek into Gigabyte's GPU Arm for AI, HPC shops
    High-performance platform choices are going beyond the ubiquitous x86 standard

    Arm-based servers continue to gain momentum with Gigabyte Technology introducing a system based on Ampere's Altra processors paired with Nvidia A100 GPUs, aimed at demanding workloads such as AI training and high-performance compute (HPC) applications.

    The G492-PD0 runs either an Ampere Altra or Altra Max processor, the latter delivering 128 64-bit cores that are compatible with the Armv8.2 architecture.

    It supports 16 DDR4 DIMM slots, which would be enough space for up to 4TB of memory if all slots were filled with 256GB memory modules. The chassis also has space for no fewer than eight Nvidia A100 GPUs, which would make for a costly but very powerful system for those workloads that benefit from GPU acceleration.

    Continue reading
  • GitLab version 15 goes big on visibility and observability
    GitOps fans can take a spin on the free tier for pull-based deployment

    One-stop DevOps shop GitLab has announced version 15 of its platform, hot on the heels of pull-based GitOps turning up on the platform's free tier.

    Version 15.0 marks the arrival of GitLab's next major iteration and attention this time around has turned to visibility and observability – hardly surprising considering the acquisition of OpsTrace as 2021 drew to a close, as well as workflow automation, security and compliance.

    GitLab puts out monthly releases –  hitting 15.1 on June 22 –  and we spoke to the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, about what will be added to version 15 as time goes by. During a chat with the company's senior director of Product, Kenny Johnston, at the recent Kubecon EU event, The Register was told that this was more where dollars were being invested into the product.

    Continue reading

Biting the hand that feeds IT © 1998–2022