In message <[log in to unmask]>, at 06:40:24 on
Sat, 20 Sep 2008, Tim Trent <[log in to unmask]> writes
>I was hoping we might distill some thoughts over it.
Phorm raises very many interesting issues, some of a highly technical
and/or philosophical nature.
For example, the Home Office states that RIPA is "not intended" to be
used to determine whether there is technically an interception of
communications taking place; but there are dozens of examples where a
law is used in a way that wasn't originally intended (eg the offence of
"making" indecent photos simply by viewing them on a computer, that was
'invented' by a court and not Parliament). Sauce for the goose?
Putting aside potential breaches of RIPA for a moment, it's clear that
the communications are scanned for keywords. While Phorm may not
currently pass these results to third parties [or even to its own staff]
this is reminiscent of Congestion Charge cameras not (originally)
sending their results to the terrorist police. Things can change. To
take a topical example, who is to say they won't be instructed to inform
on people where "napalm" is one of those keywords. Or once the system is
deployed, they could change their mind about the way they process
keywords, involving a system where the contents/contexts do end up being
available to people within the ISP/Advertising industry.
For an interception to be legal (if not covered by the "ISP" exemptions)
then both parties must agree. Not just the person viewing the webpage,
but the person sending it. While Phorm argues that websites give
implicit permission to be viewed, that doesn't actually apply to the
"unlinked web" [pages whose existence is only known to people knowing
the obscure url] and other sites such as Intranets. So that's another
"permission" issue.
Getting onto PECR, one consideration which has arisen in the past (in
relation to unsolicited communications - although not to be conflated
with the unsolicited nature of these targeted adverts) is that the
decisions about a whole household's opt-in/opt-out will be made by the
subscriber, aka head of household, and not by the individual users. In
such circumstances is it legal/ethical for one person to be making that
decision for the whole household? [It is widely expected that if ISPs
are forced to gain a household's total explicit opt-in, rather than rely
upon a model of automatic subscription based on their T&C, with opt-out
available if you know to ask for it, that the takeup will be
insufficiently high to make the project worthwhile.]
At the individual user level, you can only opt-out by setting a cookie,
but people who value their privacy highest will have cookies disabled. A
classic catch-22. [However, if the system become deployed I would expect
some sort of browser plug-in to be available, that simulated a Phorm
opt-out cookie while all other cookies were disabled].
It's also possible that the cookie system will have complications if you
"roam" from one connection to another. Not only may you have to remember
to opt-out afresh, but there is extra information potentially available
because your phorm-ID could be spotted roaming from one subscriber to
another. And it appears that because any website can read your Phorm
cookie, there are techniques that will allow that website to determine
your "interests" - which they could trace back to you if for example
it's a site you've registered at. (See the "leaking cookies" section of
the wiki article).
In summary, I'm not against permission based marketing, but people
should understand what they are giving permission for - which might end
up being rather more than the "move on, nothing to see here" material of
which there have been several examples.
--
Roland Perry
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
All archives of messages are stored permanently and are
available to the world wide web community at large at
http://www.jiscmail.ac.uk/lists/data-protection.html
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at http://www.jiscmail.ac.uk/help/commandref.htm
Any queries about sending or receiving messages please send to the list owner
[log in to unmask]
Full help Desk - please email [log in to unmask] describing your needs
To receive these emails in HTML format send the command:
SET data-protection HTML to [log in to unmask]
(all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|