UK.gov misses deadline on EU Phorm probe

Commission's data pimping quiz-o-gram leaked


Exclusive The government has failed to meet a deadline to respond to European Commission questions over the UK's handling of BT's allegedly illegal secret trials of Phorm's ISP-level adware and its planned rollout of the system to millions of subscribers, The Register has learned.

The Commission wrote to the UK government to quiz officials on why no action has been taken over the trials under the Privacy and Electronic Communications Regulations 2003 (PECR), which implement European Directives on wiretapping and communications data.

Fabio Colasanti

Fabio Colasanti

Contrary to reports last week, the letter was sent on 30 June, not mid-July. It required the UK to respond to the letter one month after it was sent, not by the end of August, as wrongly claimed by the BBC.

A spokeswoman for the Department for Business, Enterprise and Regulatory Reform (BERR) admitted today that the UK had not met the deadline. "We haven't responded yet," she said. The spokeswoman declined to comment further beyond saying that BERR is working on a reply with other departments.

We have obtained the EU's letter. It requests answers on how and why the UK government has acted over both the secret trials of Phorm in 2006 and 2007, and planned future deployments of the technology.

It sets out the context of the EU's interest in the controversy and asks detailed questions ahead of possible Commission intervention. Failure to implement a European Directive properly can land national governments in the European Court of Justice in Luxembourg.

"In order to provide the response that is expected from it, the Commission needs to base itself on a clear understanding of the position of the United Kingdom authorities," the letter says. "Several EU law provisions concerning privacy and electronic communications may be applicable."

It is signed by Fabio Colasanti, Director General of combative European Commissioner Viviane Reding's Information Society and Media Directorate. It is addressed to Kim Darroch, the UK's ambassador to the European Union. His office acts as a diplomatic conduit for contact between the UK government and the European Commission.

The letter concludes with five bullet-point questions for UK officials to answer. The majority focus on the uninvestigated trials revealed by The Register.

Campaigners and unwitting participants in those secret trials have been frustrated by the failure of any UK authority, including the Information Commissioner's Office (ICO), to investigate BT and Phorm for alleged lawbreaking. The ICO has stated that although it believes the data laws were breached when tens of thousands of BT customers' web browsing was co-opted into Phorm's systems, it does not intend to pursue the matter. BT has publicly insisted "it was not illegal".

But the Commission is also concerned about how Phorm's technology will behave once fully rolled out in ISP networks. In one passage, Colasanti queries the mismatch between the ICO's insistence on a positive opt-in for future deployments and Phorm's own line that consent will be obtained via "transparent meaningful user notice".

Phorm's language prompts Colasanti to ask: "What exactly will be the methodology followed by the ISPs in order to obtain their customers' consent for the deployment of Phorm technology in accordance with the relevant legal requirements and what is the United Kingdom authorities' assessment of this methodology?"

After the ICO toughened its stance on future Phorm deployments in April, the firm's CEO Kent Ertugrul has insisted that debate over opt-in versus opt-out is a "huge red herring".

Correspondence between Phorm and the ICO disclosed after a Freedom of Information Act (FOIA) request by a member of the public paints a different picture. The regulator's stance that only a positive opt-in would be allowed for any future deployment was not so readliy dismissed inside Phorm. A company representative wrote to the ICO: "[I] was a little surprised that in your latest statement you seem to have come down fairly firmly in favour of opt-in, but obviously I understand the issues. I'd very much welcome a quick chat on this point."

The ICO remains committed to a positive opt-in.

The EU's interrogative approach to the issue is in contrast to the secret liasons between the Home Office, BT and Phorm going back to November 2006. The government provided a legal opinion - which has since been heavily criticised by independent experts - on ISP-level adware that said it didn't think such systems would contravene the Regulation of Investigatory Powers Act 2000 (RIPA).

Colasanti wants to know which body would investigate a breach of RIPA.

BERR's spokeswoman said she was unable to explain why the government has not responded yet. ®

See the next page for the EU's letter in full.


Other stories you might like

  • Running Windows 10? Microsoft is preparing to fire up the update engines

    Winter Windows Is Coming

    It's coming. Microsoft is preparing to start shoveling the latest version of Windows 10 down the throats of refuseniks still clinging to older incarnations.

    The Windows Update team gave the heads-up through its Twitter orifice last week. Windows 10 2004 was already on its last gasp, have had support terminated in December. 20H2, on the other hand, should be good to go until May this year.

    Continue reading
  • Throw away your Ethernet cables* because MediaTek says Wi-Fi 7 will replace them

    *Don't do this

    MediaTek claims to have given the world's first live demo of Wi-Fi 7, and said that the upcoming wireless technology will be able to challenge wired Ethernet for high-bandwidth applications, once available.

    The fabless Taiwanese chip firm said it is currently showcasing two Wi-Fi 7 demos to key customers and industry collaborators, in order to demonstrate the technology's super-fast speeds and low latency transmission.

    Based on the IEEE 802.11be standard, the draft version of which was published last year, Wi-Fi 7 is expected to provide speeds several times faster than Wi-Fi 6 kit, offering connections of at least 30Gbps and possibly up to 40Gbps.

    Continue reading
  • Windows box won't boot? SystemRescue 9 may help

    An ISO image you can burn or drop onto a USB key

    The latest version of an old friend of the jobbing support bod has delivered a new kernel to help with fixing Microsoft's finest.

    It used to be called the System Rescue CD, but who uses CDs any more? Enter SystemRescue, an ISO image that you can burn, or just drop onto your Ventoy USB key, and which may help you to fix a borked Windows box. Or a borked Linux box, come to that.

    SystemRescue 9 includes Linux kernel 5.15 and a minimal Xfce 4.16 desktop (which isn't loaded by default). There is a modest selection of GUI tools: Firefox, VNC and RDP clients and servers, and various connectivity tools – SSH, FTP, IRC. There's also some security-related stuff such as Yubikey setup, KeePass, token management, and so on. The main course is a bunch of the usual Linux tools for partitioning, formatting, copying, and imaging disks. You can check SMART status, mount LVM volumes, rsync files, and other handy stuff.

    Continue reading

Biting the hand that feeds IT © 1998–2022