A prominent IT thinktank has criticised the Information Commissioner's Office for apparently giving its approval to an internet-advertising system that may be illegal.
The Foundation for Information Policy Research (FIPR) said on Sunday that it hoped the Information Commissioner would "reconsider what appears to be a green light for lawbreaking". These words came after the Information Commissioner's Office (ICO) made a long-awaited statement about the system, which is called Phorm.
Phorm is a technology for tracking an internet user's browsing habits, then using the resulting information to present that individual with targeted advertising. Privacy campaigners, including those at the FIPR, have expressed concern that Phorm represents not only a breach of privacy, but a breach of the law. The controversy has also been heightened by the revelation that BT, the country's largest internet service provider, has conducted trials of Phorm on some customers without telling them.
The ICO reacted to the controversy on Friday by acknowledging that Phorm and its BT trials have "provoked considerable public concern", but it welcomed "the efforts [Phorm] are making to engage with sceptical technical experts".
"We have had detailed discussions with Phorm. They assure us that their system does not allow the retention of individual profiles of sites visited and adverts presented, and that they hold no personally identifiable information on web users," the ICO said. "Indeed, Phorm assert that their system has been designed specifically to allow the appropriate targeting of adverts whilst rigorously protecting the privacy of web users. They clearly recognise the need to address the concerns raised by a number of individuals and organisations including the Open Rights Group."
"The ICO strongly supports the use of technology in ways which enhance rather than intrude upon privacy, and plans to produce a report on 'Privacy by Design' later this year," the ICO's statement added.
On Monday the FIPR said the ICO's statement "appeared to give the go-ahead for upcoming trials of [Phorm's] system by BT". Nicholas Bohm, FIPR's general counsel, said a letter, sent from the FIPR to the ICO in mid-March, remained unacknowledged and unanswered.
"We now know that BT have already conducted secret trials of this technology, testing the effectiveness of snooping on their customers' internet activities. They claim to have received extensive legal and other advice beforehand, but have failed to give the reasoning on which this advice is based," said Bohm. "As we pointed out in our letter, the illegality stems not from breaching the Data Protection Act directly, but arises from the fact that the system intercepts internet traffic. Interception is a serious offence, punishable by up to two years in prison. Almost incidentally, because the system is unlawful to operate, it cannot comply with data-protection principles."
Bohm added that BT's decision to, in future, get their customers' permission to "monitor their… browsing" appeared to "ignore the fact that they can only legalise their activity by getting express permission not just from their customers, but also from the web hosts whose pages they intercept, and from the third parties who communicate with their customers through web-based email, forums or social-networking sites".