BT tested secret "spyware" on tens of thousands of its broadband customers without their knowledge, it admitted yesterday.
It carried out covert trials of a system which monitors every internet page a user visits.
All for the sake of "targeted advertising." *sigh*
An investigation into the affair has been started by the Information Commissioner, the personal data watchdog.
I'm glad to see that someone is investigating the legalities of this. Being in the UK, the laws are certainly more restrictive than they are in the U.S. regarding privacy (if you can believe that).
Privacy campaigners reacted with horror, accusing BT of illegal interception on a huge scale. Yesterday, the company was forced to admit that it had monitored the web browsing habits of 36,000 customers.
The scandal came to light only after some customers stumbled across tell-tale signs of spying. At first, they were wrongly told a software virus was to blame.
"A software virus was to blame." When working tech support, when all else fails, blame the problem on a virus or software issue. Viruses and spyware have become a blanket explanation to most anything a tech support group does not know how to handle. This usually results in the user taking their system to a professional who can then examine the system hands-on.
One of two things were happening here; (a) the tech support people were not made aware of the "testing" so as not to divulge this information to customers (quite plausable), or (b) they knew, but were not allowed to speak of it.
It then scans every website a customer visits, silently checking for keywords and building up a unique picture of their interests.
If a user searches online to buy a holiday or expensive TV, for example, or looks for internet dating services or advice on weight loss, the Phorm system will add all the information to their file.
Typical keyword-gathering advertising, much like Google's AdWords, except not quite so transparent as to how it works and what it logs.
Nicholas Bohm, of the Foundation for Information Policy Research, said BT's actions amounted to illegal data interception.
He told the BBC: "It seems a clear-cut case of illegal interception of communication."
Again, I am not a lawyer, and I'm certainly not familiar with UK law, but if that's not "illegal data interception", it certainly should be.
Sir Tim Berners-Lee, the British inventor and founding father of the worldwide web, said a person's data and web history are private property.
"It's mine - you can't have it," he added.
"If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return."
Exactly. I don't care if I'm banking online or just reading Slashdot, my packets are my packets. I don't have anything to hide in my data (other than the occasional CC number when ordering online), but it's merely the principle of the matter. I pay a monthly fee to have my IP packets sent and received without tampering, snooping, or filtering.
This is yet another strong example of why encryption should be mandatory. I encrypt everything I can, from https traffic to PGP signed/encrypted email, to SSL connections between my applications as their database back-end.
Some good places to start in regards to providing some security to your data are as follows: GNU Privacy Handbook (GPG - Free OpenPGP implementation) PGP (Commercial, proprietary OpenPGP implementation) OpenSSH (ssh, scp, sftp, etc) CrytoLoop file-system (Linux)
There are many other ways to encrypt data on your local hard drives and in-transit across the network. A search through Google for "encryption software" should be a good place to start.