The appearance of a leaked document about a test of ad-serving technology performed by BT in 2006 has led to calls for the company to be prosecuted.
BT confirmed to ZDNet.co.uk on Friday that the leaked documents were genuine. The documents give details of a test between September and October 2006 of 18,000 BT customers which trialled ad-serving technology by 121Media, which has since become Phorm.
The documents show BT customers were not made aware of the tests, and that their web traffic was being intercepted, according to Cambridge University computing expert Richard Clayton, who called for BT to be prosecuted.
"This appears to document a secret trial snooping personal traffic, processing data, and serving up adverts without anyone's consent," said Clayton. "BT should be prosecuted, as it seems they committed a criminal offence."
The BT document states: "The trial involved approximately 18,000 users with a maximum 10,000 concurrently active on the system during the network's peak period, and was operated on a 24/7 basis. All users were unaware they were participants in the trial."
As BT had not obtained permission from users, website owners or search companies to redirect data, Clayton argued BT had intercepted the data illegally under the Regulation of Investigatory Powers Act 2000.
"Under the Regulation of Investigatory Powers Act, you need permission from both ends of a communication to intercept," said Clayton. "BT was snooping on traffic to see which keywords were in it, in the system they describe."
Technical details of how the ads were served showed users were assigned a unique identifier, and the identifier's browsing habits were observed. Clayton argued that tracking a unique identifier (UID) browsing for cars, then serving up a car insurance advert, was "personal data" being processed, and therefore contravening the Data Protection Act.
"It's breaking data-protection principles for a user to be unaware of that process," said Clayton.
BT on Friday said it sought legal advice before initiating the tests, and insisted no personal data had been processed.
"BT can confirm that we conducted a very small scale technical test of a prototype advertising platform in 2006," stated the company. "The test was specifically conducted to evaluate the functional and technical performance of the platform. Absolutely no personally identifiable information was processed, stored or disclosed during this trial."
BT added that it was planning to conduct a technical test "soon".