{"id":951,"date":"2008-04-06T20:07:17","date_gmt":"2008-04-07T04:07:17","guid":{"rendered":"\/?p=951"},"modified":"2008-04-06T20:36:21","modified_gmt":"2008-04-07T04:36:21","slug":"all-about-phorm","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=951","title":{"rendered":"All about Phorm"},"content":{"rendered":"<p>The <a href=\"\/?p=354\">Law of User Control<\/a> is hard at work in a growing controversy about interception of people&#39;s\u00a0web traffic\u00a0in the\u00a0United Kingdom.\u00a0\u00a0At the center of the storm is the &#8220;patent-pending&#8221; technology of a new company called <a href=\"http:\/\/www.phorm.com\/\">Phorm<\/a>.\u00a0 It&#39;s web site advises:<\/p>\n<blockquote><p>Leading UK ISPs BT, Virgin Media and TalkTalk, along with advertisers, agencies, publishers and ad networks, work with Phorm to make online advertising more relevant, rewarding and valuable. (<a href=\"http:\/\/www.phorm.com\/about\/launch_agreement.php\">View press release<\/a>.)<\/p>\n<p>Phorm&#39;s proprietary ad serving technology uses anonymised ISP data to deliver the right ad to the right person at the right time &#8211; the right number of times. Our platform gives consumers advertising that&#39;s tailored to their interests &#8211; in real time &#8211; with irrelevant ads replaced in the process.<\/p>\n<p>What makes the technology behind OIX and Webwise truly groundbreaking is that it takes consumer privacy protection to a new level. Our technology doesn&#39;t store any personally identifiable information or IP addresses, and we don&#39;t retain information on user browsing behaviour. So we never know &#8211; and can&#39;t record &#8211; who&#39;s browsing, or where they&#39;ve browsed.<\/p><\/blockquote>\n<p>It is\u00a0counterintuitive to see claims of increased privacy posited as the outcome of a tracking system.\u00a0\u00a0But\u00a0even if that happened to be true,\u00a0it seems like the system is being laid on the population as a fait accompli by the big powerful ISPs.\u00a0 It\u00a0doesn&#39;t seem\u00a0that users will\u00a0be able to avoid having their traffic redirected and inspected.\u00a0 And early tests of the system were branded &#8220;illegal&#8221; by Nicholas Bohm of the Foundation for Information Policy Research (FIPR).\u00a0<\/p>\n<p>Is Phorm completely wrong?\u00a0 Probably not.\u00a0 Respected and wise privacy activist Simon Davies has done an<a href=\"http:\/\/www.phorm.com\/user_privacy\/Phorm_PIA_interim.pdf\"> Interim Privacy Impact Assessment <\/a>that argues (in part):<\/p>\n<blockquote><p>In our view, Phorm has successfully implemented privacy as a key design component in the development of its Phorm Technology system. In contrast to the design of other targeting systems, careful choices have been made to ensure that privacy is preserved to the greatest possible extent. In particular, Phorm has quite consciously avoided the processing of personally identifiable information.<\/p><\/blockquote>\n<p>Simon\u00a0seems to be\u00a0suggesting we\u00a0consider Phorm in relation to the current alternatives &#8211; which may be worse.<\/p>\n<p>To make a judgment\u00a0we need to really understand how\u00a0Phorm&#39;s system works.\u00a0 <a href=\"http:\/\/www.lightbluetouchpaper.org\/2008\/04\/04\/the-phorm-webwise-system\/\">Dr. Richard Clayton<\/a>, a computer security researcher at the University of Cambridge and a\u00a0participant in\u00a0<a href=\"http:\/\/www.lightbluetouchpaper.org\/\">Light Blue Touchpaper<\/a>, has published a <a href=\"http:\/\/www.cl.cam.ac.uk\/~rnc1\/080404phorm.pdf\">succinct ten page explanation<\/a> that\u00a0that is a must-read for anyone who is a protocol head.<\/p>\n<p>Richard says his\u00a0technical analysis of the Phorm online advertising system has<a href=\"http:\/\/www.lightbluetouchpaper.org\/2008\/04\/04\/the-phorm-webwise-system\/\"> reinforced his view <\/a>that it is &#8220;illegal&#8221;, breaking laws designed to limit unwarranted interception of data.<\/p>\n<p>The British Information Commissioners Office\u00a0<a href=\"http:\/\/news.bbc.co.uk\/2\/hi\/technology\/7331493.stm\">confirmed to the BBC<\/a> that BT is planning a large-scale trial of the technology &#8220;involving around 10,000 broadband users later this month&#8221;.\u00a0 The ICO said: &#8220;We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts.&#8221;<\/p>\n<p>Having quickly read Richard&#39;s description of the actual protocol, it isn&#39;t yet clear to me that\u00a0if you opt out, your web traffic isn&#39;t still being\u00a0examined and redirected.\u00a0\u00a0But there is worse.\u00a0I have to admit to a\u00a0sense of horror when I realized the system rewards ISPs for <em>abusing their\u00a0trusted role in the Internet by improperly posing as other peoples&#8217; domains in order to\u00a0create fraudulent cookies and place them on users machines<\/em>.\u00a0\u00a0Is there a worse\u00a0precedent?\u00a0 How come ISPs can do this kind of thing and other can&#39;t?\u00a0 Or perhaps now they can&#8230;<\/p>\n<p>To accord\u00a0with the <a href=\"\/?p=354\">Laws of Identity<\/a>,\u00a0no\u00a0ISP would examine or redirect packets to a Phorm-related server unless a user explicitly opted-in to such a service.\u00a0 Opting in\u00a0should involve explicitly accepting Phorm as a justifiable witness to all web interactions, and agreeing to be categorized by the Phorm systems.<\/p>\n<p>The system is devised to aggregate across contexts, and thus runs counter to\u00a0the Fourth Law of Identity.\u00a0 It claims to mitigate this\u00a0by reducing\u00a0profiling to categorization information.\u00a0 However, I don&#39;t buy that.\u00a0 Categorization, practiced at a grand enough scale and over a sufficient period of time,\u00a0potentially becomes <em>more privacy invasive<\/em> than a\u00a0regularly truncated audit trail.\u00a0\u00a0\u00a0 Thus there must be mechanisms for introducing amnesia into the categorization itself.<\/p>\n<p>Phorm\u00a0would\u00a0therefore\u00a0require clearly defined mechanisms for\u00a0deprecating and\u00a0deleting profile information over time, and these should be made clear during the opt-in process.<\/p>\n<p>I also have trouble with the notion that in Phorm identities are &#8220;anonymized&#8221;.\u00a0 As I understand it, each user is given a persistent random ID.\u00a0 Whenever the user accesses the ISP,\u00a0the ISP\u00a0can\u00a0see the link between\u00a0the random ID and the user&#39;s natural identity.\u00a0 I understand that ISPs will prevent Phorm\u00a0from\u00a0knowing the\u00a0user&#39;s natural identity.\u00a0 That is certainly better than many other systems.\u00a0 But I still wouldn&#39;t\u00a0claim the system is\u00a0based on anonymity.\u00a0 It is based on controlling the release\u00a0of information.<\/p>\n<p><small>[Podcasts are <a href=\"http:\/\/www.bbc.co.uk\/blogs\/ipm\/2008\/04\/phorm_and_fipr_light_blue_touc.shtml\">available here<\/a>]<\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Are ISPs abusing their trusted role in the Internet when they pose as other domains to create fraudulent cookies and place them on users machines? <\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[6,17,3,47,11],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/951"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=951"}],"version-history":[{"count":0,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/951\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}