Liberty News

The European Commission has sent a message to the British government, and it reads something like this: If you don't deal with Phorm, we will.

Earlier this month, according to Dow Jones, the European Union commissioner for information society and media sent a "pre-warning letter" to UK authorities, voicing her concern over Phorm, the behavioral ad targeter poised to track user activity on Britain's three largest ISPs: BT, Carphone Warehouse, and Virgin Media.

BT has already conducted two trials with Phorm - and web surfers were not notified.

It is very clear in E.U. directives that unless someone specifically gives authorization (to track consumer activity on the Web) then you don't have the right to do that, EU commissioner Viviane Reding said. If UK government does not deal with the issue, Dow Jones says, the EC could take action in the European Court of Justice.

Bad Phorm from BT Execs

See full article from dephormation

A Stop Phorm activist attended the BT AGM and asked a serious of amusing and awkward questions.

His blog entry makes for good reading:

On to resolution 9, appointment of Ms Hewitt.

Resolution 9 – elect Patricia Hewitt MP as a director

When was Ms Hewitt first informed by BT that it had conducted covert 'stealth' trials (BT's own words) of Phorm/121Media advertising systems? Does BT believe Ms Hewitt, or any other MP, would welcome interception of their unencrypted communications for advertising?

Michael Rake tried to shield her with more waffle. Ms Hewitt is obviously well used to handling difficult questions... She rescued him from deep embarrasment. She didn't specify a date, but mentioned a board meeting. Amazingly, she left herself hostage to fortune by saying she would opt in to Phorm because she trusted their assurances.

...Read full article

Imagine a country where strangers have the right to ask intrusive questions and store the answers on a database. Where everyone from police officers to leisure-centre staff can demand: Tell me who you feel close to?

They will also have been trained to ask questions about sexual behaviour, family life, religion, secret fears, weight and "sleeping arrangements" at home.

Incredibly, thousands of Government and council apparatchiks in Britain became entitled on April 1 to ask such questions of anyone under 19.

This horrifying invasion of privacy has begun, almost unnoticed, because the Government has cleverly presented it as being in the interests of "child protection".

The new questionnaire, known as the Common Assessment Framework (CAF), is part of a £20million programme called Every Child Matters (ECM), ostensibly set up to ensure youngsters are safe and leading positive lives.

Professionals - such as police officers, teachers and doctors - and volunteers are now under orders to subject children to a questionnaire if they consider them "at risk": a definition so broad that many decent parents could find themselves labelled as potential abusers.

The questions don't need a parent's consent since any child over 12 is deemed responsible enough to grant permission for an interview.

Any child not achieving the Government's five "outcomes" - being healthy, staying safe, enjoying life, "making a positive contribution", and achieving " economic well-being" - is now defined as having "additional needs".

The Integrated Children's System isn't fit for purpose and many authorities are dragging their feet about implementing it because it's worrying the hell out of them, said Terri Dowty, director of Action On Rights For Children.

One police officer, who attended a CAF course, told me that many of his colleagues are so reluctant to interview teenage criminals about their emotional needs, sex life and diets that they avoid calls involving them. We're cops, not social workers, he said. It's insane. He and his colleagues have renamed the agenda Every Fat Kid Matters.

BThe Government is planning to introduce a giant database that will hold the details of every phone call we have made, every e-mail we have sent and every webpage we have visited in the past 12 months. This is needed to fight crime and terrorism, the Government claims.

The Orwellian nature of this proposal cannot be overstated. However, there is one saving grace for people who fear for their civil liberties. The probability of the project ever seeing the light of day is close to zero. This proposal - like so many grandiose government IT schemes before it - is technologically unfeasible.

...Read full article

A massive government database holding details of every phone call, e-mail and time spent on the internet by the public is being planned supposedly as part of the fight against crime and terrorism. Internet service providers (ISPs) and telecoms companies would hand over the records to the Home Office under plans put forward by officials.

The information would be held for at least 12 months and the police and security services would be able to access it if given permission from the courts.

The proposal will raise further alarm about a “Big Brother” society, as it follows plans for vast databases for the ID cards scheme and NHS patients. There will also be concern about the ability of the Government to manage a system holding billions of records. About 57 billion text messages were sent in Britain last year, while an estimated 3 billion e-mails are sent every day.

Home Office officials have discussed the option of the national database with telecommunications companies and ISPs as part of preparations for a data communications Bill to be in November'
s Queen'
s Speech. But the plan has not been sent to ministers yet.

Jonathan Bamford, the assistant Information Commissioner, said: This would give us serious concerns and may well be a step too far. We are not aware of any justification for the State to hold every UK citizen'
s phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable. We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky - the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen.

David Davis, the Shadow Home Secretary, said: Given [ministers'
] appalling record at maintaining the integrity of databases holding people'
s sensitive data, this could well be more of a threat to our security, than a support.

The proposal has emerged as part of plans to implement an EU directive developed after the July 7 bombings to bring uniformity of record-keeping. Since last October telecoms companies have been required to keep records of phone calls and text messages for 12 months. That requirement is to be extended to internet, e-mail and voice-over-internet use and included in a Communications Data Bill.

Police and the security services can access the records with a warrant issued by the courts. Rather than individual companies holding the information, Home Office officials are suggesting the records be handed over to the Government and stored on a huge database.

One of the arguments being put forward in favour of the plan is that it would make it simpler and swifter for law enforcement agencies to retrieve the information instead of having to approach hundreds of service providers. Opponents say that the scope for abuse will be greater if the records are held on one database.

The UK supermarket chain, Budgens, has installed face recognition cameras in one of its stores to stop children buying alcohol and cigarettes.

It is thought to be the first time a UK retailer has used the technology to identify underage customers.

The scheme is being piloted at an unnamed branch of Budgens in London.

If the system recognises someone who has previously been unable to prove they are 18, a signal alerts the cashier who will refuse to serve them.

Facial recognition software makes a unique template of an individual's features by taking measurements between key points on the face.

Three cameras have been installed at the pilot branch, one in each checkout lane. The cameras monitor customers as they approach the tills, transmitting the pictures to a control centre in Worcester. The customers' facial features are automatically scanned against a database of images of young people who have visited the store before. Anyone who has been refused alcohol or cigarettes on a previous occasion will be flagged up.

The system also identifies when a customer has previously verified that they are 18 or over, enabling the sale to proceed more quickly. Young customers who are not recognised by the system will be asked by the cashier to provide proof of their age when buying drink or cigarettes. Their details will then be added to the database.

Charlie Willetts, managing director of Charton Ltd, which is supplying the software, said the system had to overcome a number of technical issues first and ensure that it was compliant with data protection laws. The storage of large amounts of data is also likely to fuel concerns about civil liberties.

Almost unnoticed last week, the Government announced it had shaved another £1 billion off the cost of its proposed identity card scheme.

It did so by deciding to let the "open market" capture citizens' biometrics, effectively outsourcing the cost of enrolling people on to the ID database. You could end up getting your fingerprints taken at a supermarket, rather than at a passport office as originally proposed.

Almost imperceptibly, the security architecture originally built around the ID card project has been dismantled.

Does any of this sound secure to you? It seems to defeat the purpose of the whole exercise, which is to protect identities, capture terrorists, bear down on benefit fraud and stop illegal immigration. But of course none of these will be ameliorated by the possession of an ID card, which nobody will be required to carry with them.

As one perplexed campaigner said after the publication of the new costings: The Government now appears to have junked the primary pretext for the scheme. So what is it for?

...Read full article

The US Federal Bureau of Investigation (FBI) has withdrawn a secret demand that the Internet Archive, an online library website, provide the agency with a user's registered personal information after the Web site challenged the records request in court.

The FBI sent a national security letter, or NSL, to the Internet Archive in November and included a gag order barring site founder Brewster Kahle from talking to anyone other than his lawyers about the request.

Kahle, the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) filed a lawsuit to challenge the subpoena, arguing that the NSL program is unconstitutional, and the FBI withdrew the NSL on April 22.

The settlement between the FBI and the Internet Archive allowed Kahle to break the gag order, a standard part of an NSL request. The Internet Archive's challenge of the NSL is only the third case that the ACLU is aware of in which an NSL has been challenged in court, said Melissa Goodman an attorney for the civil liberties group's National Security Project.

The NSLs basically allow the FBI to demand extremely sensitive personal information about innocent people without any prior court approval, often in total secrecy, Goodman said.

The NSL program, expanded when Congress passed the antiterrorism Patriot Act shortly after the Sept. 11, 2001, attacks on the U.S., allows the FBI and other U.S. government agencies to issue administrative subpoenas to US businesses for customer and other personal information.

Although the settlement keeps parts of the FBI request secret, Kahle applauded the lawsuit and settlement, saying it will show other businesses how to challenge NSLs. The FBI issued nearly 200,000 NSLs between 2003 and 2006, according to a U.S. Department of Justice inspector general's report.

The gag order prevented Kahle from discussing the case with the library's board of directors, staff, and even his wife, he said. Gags don't seem to be necessary, he said. Gagging librarians is horrendous.

The NSL sent to the Internet Archive asked for a user's name, address, length of service, e-mail header information and activity logs.

The Internet Archive provided the FBI some information that was publicly available on the site, but could not comply with the FBI request because the site does not track user activity or record IP (Internet Protocol) addresses, said Kurt Opsahl, a senior staff attorney with the EFF. The site asks only for an unverified e-mail address when users register.

Oyster Cards: Containing pearls of data for the snoops

Spy chiefs are demanding the right to monitor the movement of bus, train and car passengers in Scotland supposedly as part of the battle against terrorism.

MI5 wants to use live information from a new generation of swipe-card payment systems planned for buses, trams and trains, as well as automatic number-plate recognition, to plot the movement of suspects as they travel.

It argues the information could be used to foil terrorist incidents such as last year's Glasgow Airport attack. But civil rights campaigners say the plan is another step towards a "surveillance society" and is open to abuse.

Currently, the security services need to make specific requests to monitor an individual, but they want to be able to watch anyone without seeking permission first.

In London, the Oyster swipe card, covering the Underground and buses, already records the details of around 17 million travellers automatically. Similar travel systems are planned across Britain, including Glasgow and Edinburgh, within five years.

If the security services get their way, details from these schemes will also be open to random checks. Plans to introduce swipe cards in Glasgow covering bus, subway or train tickets have already been mooted, and a similar scheme will come into operation with Edinburgh's new tram network.

The security agencies also want access to the Automatic Number Plate Recognition Scheme, a UK-wide network of 3,000 CCTV cameras.

The technology has the eventual capacity to monitor up to 50 million cars a day, including the time and date a vehicle was spotted, and its location, direction and final destination.

Microsoft has developed a small plug-in device that the authorities can use to quickly extract forensic data from computers.

The COFEE, which stands for Computer Online Forensic Evidence Extractor, is a USB "thumb drive" that was quietly distributed to a handful of law-enforcement agencies last June. Microsoft General Counsel Brad Smith described its use to the 350 law-enforcement experts attending a company conference

The device contains 150 commands that can dramatically cut the time it takes to gather digital evidence, which is becoming more important in real-world crime, as well as cybercrime. It can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer.

It also eliminates the need to seize a computer itself, which typically involves disconnecting from a network, turning off the power and potentially losing data. Instead, the investigator can scan for evidence on site.

More than 2,000 officers in 15 countries, including Poland, the Philippines, Germany, New Zealand and the United States, are using the device, which Microsoft provides free.

New snooping laws are being used by Scottish councils to track people suspected of housing-benefit fraud, selling cigarettes to children and environmental-health offences. Campaigners are now calling for a root-and-branch review into the Regulation of Investigatory Powers Act (Ripa), after the scale of its use by local authorities across the UK was revealed.

Ripa was introduced in 2000, primarily giving the police, security services and HM Revenue and Customs wide powers to spy on people and their communications.

The main objectives of the Act were to help in the fight against crime and terrorism. But in 2002, the powers were controversially extended to councils, offering the opportunity to carry out surveillance.

An investigation has now revealed that councils have even used the Act to track dog-foulers and litterbugs, with some local authorities using the powers more than 100 times in the last 12 months.

Among the Scottish local authorities that confirmed using Ripa in the past year was Aberdeen City Council, which admitted covert surveillance on eight occasions to investigate benefit fraud, environmental-health and trading-standards issues. The council did not specify which environmental-health offences were involved, but this can include flytipping, littering and noisy-neighbour disputes.

Glasgow City Council carried out physical surveillance 24 times in criminal investigations, over trading-standards offences and illegal money-lending. Thirteen requests to access phone billing information – another power granted under the Act – were used in the same investigations.

Earlier this month, it emerged that a family in Poole in Dorset had been covertly tracked for nearly three weeks to check if they lived in a school catchment area.

The investigation has also revealed that the law was used in at least seven cases to find out about people who let their dogs foul; a breach of planning law; an animal-welfare case; and an instance of littering.

The findings have fuelled the debate on the surveillance culture in Britain and whether councils are using Ripa – which has been dubbed “a snoopers'
 charter” – proportionately.

Privacy International director Simon Davies called for a root- and-branch review of Ripa and questioned the huge cost to the taxpayer of the council surveillance: There have to be hard limits on the scope of surveillance by local authorities who do not work within the spirit of the Act or indeed the letter . Local authorities can be very petty and vindictive and they can become obsessed with issues like dog fouling and there can be a lack of judgment.

The FBI has called for new legislation that would allow federal police to monitor the Internet for “illegal activity.” The suggestion from FBI Director Robert Mueller, which came during a House of Representatives Judiciary Committee hearing, appears to go beyond a current plan to monitor traffic on federal-government networks. Mueller seemed to suggest that the bureau should have a broad “omnibus” authority to conduct monitoring and surveillance of private-sector networks as well.

The surveillance should include all Internet traffic, Mueller said. In response to questions from Rep. Darrell Issa, a California Republican, Mueller said his idea: balances on one hand, the privacy rights of the individual who are receiving the information, but on the other hand, given the technology, the necessity of having some omnibus search capability utilizing filters that would identify the illegal activity as it comes through and give us the ability to preempt that illegal activity where it comes through a choke point.

In response, Issa said: Can you have someone on your staff designated to work with members of Congress on trying to craft that legislation?

If any omnibus Internet-monitoring proposal became law, it could implicate the Fourth Amendment'
s guarantee of freedom from unreasonable searches and seizures. In general, courts have ruled that police need search warrants to obtain the content of communication, and the federal Wiretap Act created “super warrant” wiretap orders that require additional steps and judicial oversight.

In addition, it'
s unclear whether “illegal activity” would be limited to responding to denial-of-service attacks and botnets, or would also include detecting other illegal activities, such as online gambling, the distribution of “obscene” images of adults engaged in sexual acts, or selling drugs without a license.

To be fair, Wednesday'
s discussion of the plan was geared toward cybercrime and the Bush administration'
s classified “cyberinitiative,” which includes a shadowy program known as Einstein. Some politicians have already raised concerns that even Einstein, which is described as dealing only with government networks and not private ones, could infringe upon the privacy rights of American citizens. It'
s already in place at 15 federal agencies, but Homeland Security has said it'
s still preparing the necessary privacy impact assessments for a proposed $293 million governmentwide Einstein expansion.

Just a few routine questions Sir

The power of the police to mount surveillance operations at peaceful protests is being challenged in court.

In a case seen as opposing Britain's move towards a Big Brother-style society, the High Court will determine if police are legally entitled to take photographs and compile information on protesters even if they do not break the law.

Arms campaigner Andrew Wood from Oxford claims that his human rights were infringed after Scotland Yard took his details and images of him even though he was not arrested.

The two-day judicial review is likely to determine the legality of surveillance and whether 'routine' intelligence gathering is permissible under the Human Rights Act.

Wood attended the 2005 annual meeting of Reed Elsevier, a publisher of academic journals which also runs arms fairs. The Metropolitan Police openly photographed and questioned members of the public who attended the central London meeting.

At the time Wood was press officer at Campaign Against Arms Trade. Scotland Yard has admitted that photographs and notes were stored on computers although no one was arrested or charged. Wood was there as a shareholder to ask about the recent purchase of the arms exhibition subsidiary Spearhead.

I hope this legal action will safeguard our rights to privacy, said Wood, who was granted legal aid.

Police claim that routine intelligence gathering plays a key role in deterring crime. However, the case comes amid concern that Britain is heading towards a 'police state', with the government's information commissioner warning that fears the UK would sleepwalk into a surveillance society have become a reality.

Routine journeys carried out by millions of British motorists can be monitored by authorities in the United States and other enforcement agencies across the world under anti-terrorism rules introduced quietly by Jacqui Smith.

The discovery that images of cars captured on road-side cameras, and "personal data" derived from them, including number plates, can be sent overseas, has angered MPs and civil liberties groups concerned by the increasing use of "Big Brother" surveillance tactics.

Images captured by road-side cameras will be made available to foreign authorities
Images of private cars, as well as registration numbers, could be sent outside to countries such as the USA

Yesterday, politicians and civil liberties groups accused the Home Secretary of keeping the plans to export pictures secret from Parliament when she announced last year that British anti-terrorism police could access "real time" images from cameras used in the running of London's congestion charge.

A statement by Miss Smith to Parliament on July 17, 2007, detailing the exemptions for police from the 1998 Data Protection Act, did not mention other changes that would permit material to be sent outside the European Economic Area (EEA) to the authorities in the US and elsewhere.

Her permission to do so was hidden away in an earlier "special certificate" signed by the Home Secretary on July 4. The certificate specifically sets out the level of data that can be sent to enforcement authorities outside the European Economic Area (the EU plus Iceland, Liechtenstein and Norway) by anti-terrorist officers from the Metropolitan Police. It says: The certificate relates to the processing of the images taken by the camera, personal data derived from the images, including vehicle registration mark, date, time and camera location.

Last night, Nick Clegg, the Liberal Democrat leader, said: This confirms that this Government is happy to hand over potentially huge amounts of information on British citizens under the catch-all pretext of 'national security'.

Civil liberties campaigners said they were appalled that images of innocent people's journeys could end up in the hands of the British police, let alone foreign investigators. They feared that it was a move towards the US-style system of "data mining" - in which powerful computers sifted millions of pieces of information as they tried to build patterns of behaviour and match them to material about suspects.

Town halls responsible for areas with large Muslim populations were summoned to London and told to get their refuse collectors to search bins for discarded documents or material that might identify and incriminate Islamic extremists.

The Mail on Sunday understands that the instruction was issued at a secretive summit hosted by the Department for Communities and Local Government (DCLG), attended by Ministers and Andy Hayman, who at the time was Britain's top anti-terror policeman and an Assistant Commissioner of the Metropolitan Police.

The meeting was designed to encourage the chief executives of 17 local authorities – including Manchester, Oldham, Leicester, Bradford and four London boroughs – to get their employees to play a greater role in addressing extremism and the terror threat.

They were told that the meeting and its deliberations were to remain strictly confidential. But the bin-searching instruction was deemed so potentially damaging to community relations that councils simply refused to carry out any sort of spying.

Bradford City Council leader Kris Hopkins said: We were asked to snoop on our own residents by getting our binmen to rummage around people's rubbish. But the idea that our binmen should be rooting around a wheelie bin to see if they can spot dodgy bits of paper or funny wires is ridiculous. Our binmen aren't there to act like the secret police. They're there to empty our bins. It goes without saying that if any of our staff spotted something illegal they'd call the police. But our job is to bring communities together, to help our communities live side by side, not do the dirty work for MI5.

The DCLG stressed that the instruction had come from the police and attempted to distance the measure from Ministers, particularly Cabinet Minister Ruth Kelly, who was in charge of the department when the meeting took place. A spokesman said: It was the police. It did not come from Ruth Kelly or any of her officials. It is not policy.

Web companies are increasing their lobbying efforts against New York Assemblyman Richard Brodsky's proposed bill aimed at regulating snooping on web browsing with view to targeting advertising.

A consortium of members representing 12 companies, including AOL, Yahoo!, Google, Facebook, Comcast and eBay, complained about the bill in a letter to Brodsky.

The letter sent on behalf of the misleadingly named State Privacy and Security Coalition, said the proposed bill would have profound implications for the future of Internet advertising and the availability of free content on the Internet. The coalition wrote that the bill would subject advertising networks to an extremely detailed, unprecedented array of notice, consent and access obligations.

The group said the bill is unnecessary because several large advertising networks voluntarily allow users to opt out of behavioral targeting.

Brodsky, who said the measure is needed to protect privacy, said the State Privacy and Security Coalition is going to lose this fight. They're taking the position that a corporation can exploit, control and manipulate the activities of private citizens.

The proposed bill, the Third Party Internet Advertising Consumers' Bill of Rights (A. 9275), seeks to impose a host of requirements on companies that monitor Web-surfing activity for marketing purposes. Among the most significant requirement is that companies that use cookies to track browsing activity tell users about the practice and give them an opportunity to opt out.

The bill is largely patterned after the seven-year-old voluntary standards created by the Network Advertising Initiative who have proposed new behavioral-targeting guidelines. Among other changes, the new standards call for companies to obtain users' consent before using their Web-surfing history to target them based on "sensitive" matters, such as certain medical conditions, psychiatric conditions or sexual behavior. The new proposal also prohibits companies from using behavioral-targeting strategies to market to children younger than 13.

Ad-targeting system Phorm must be "opt in" when it is rolled out, says the Information Commissioner Office (ICO)

European data protection laws demand that users must choose to enrol in the controversial system, said the ICO in an amended statement.

The ICO only commented on whether Phorm complied with UK and European data protection laws. It said a decision about whether Phorm broke laws on interception was a matter for the Home Office.

From its discussions with Phorm, the ICO said it appeared the company did not break laws regarding "personal data" ie information which can be used to identify a living individual.

The ICO said European laws demand that users must consent to their traffic data being used for "value added services". The ICO wrote: This strongly supports the view that Phorm products will have to operate on an opt in basis to use traffic data as part of the process of returning relevant targeted marketing to internet users.

Before now Phorm has been expecting to operate on an "opt out" basis where every customer of ISPs that have signed up is enrolled unless they explicitly refuse to use it.

Responding to the ICO statement, Kent Ertugrul, chief executive of Phorm, said We now have a statement from the Home Office and the Information Commissioner saying not only is there no privacy issue but there is no interception issue either. He said that the warnings Phorm will give to those enrolled in it would "exceed substantially" the "valid and informed consent" demanded by European regulations.

Responding to the ICO statement, Nicholas Bohm, general counsel for the Foundation for Information Policy Research, said: The ICO has set a floor below Phorm-like activities by saying it has at least to be opt in and that's better than before. Bohm said Phorm had consistently "ducked" questions about whether its system was "opt in". Being opt in faces them with a much more difficult business model, he added.

Phorm has admitted that it deleted key factual parts of the Wikipedia article about the huge controversy fired by its advertising profiling deals with BT, Virgin Media and Carphone Warehouse.

A number of Phorm-friendly edits were made to the page. The revisions were quickly reverted by a Wikipedian who argued that they made Phorm out to be "awesome and perfect".

In a telephone conversation, a spokesman for Phorm refused to comment on why it had tried to censor a quotation from The Guardian's commercial executives describing the ethical stance they took against its tracking system. He also refused to talk about the deletion of a passage explaining how BT admitted it misled customers over the 2007 secret trial.

Phorm also deleted a link to the The Register's report on the 2006 trial, and accompanying reference to BT's own document. It said that the aim of the trial was to validate that users were unaware of the presence of the tracking system.

The spokesman said Phorm's PR team had not been aware of Wikipedia's policy on conflicts of interest. Among many other rules they violated, it states: Producing promotional articles for Wikipedia on behalf of clients is strictly prohibited.

Experian, the credit checking company, is braving mounting concerns over internet privacy with plans to launch a service that will track broadband users' activity so they can be targeted with advertising.

Through Hitwise, the web-site company it acquired for £120m a year ago, Experian has held talks with internet service providers to sell its monitoring technology.

Observers expect it to compete in part with Phorm who have stirred controversy after being recruited by BT, TalkTalk and Virgin Media to track their 10m customers' behaviour so they can be sent advertising messages on the websites they are looking at.

However, the key difference is that Hitwise, which describes itself as an “online competitive intelligence service” would play little part in dispatching the advertising to web pages itself, something that Phorm does through its Open Internet Exchange.

The online behavior of a growing number of computer users in the United States is monitored by their Internet service providers, who have access to every click and keystroke that comes down the line.

The companies harvest the stream of data for clues to a person's interests, making money from advertisers who use the information to target their online pitches.

The extent of the practice is difficult to gauge because some service providers involved have declined to discuss their practices. Many Web surfers, moreover, probably have little idea they are being monitored.

But at least 100,000 U.S. customers are tracked this way, and service providers have been testing it with as many as 10%of U.S. customers, according to tech companies involved in the data collection.

...Read full article

The head of one of Britain's biggest internet providers has criticised the music industry for demanding that he act against pirates.

The trade body for UK music, the BPI, asked internet service providers to disconnect people who ignore requests to stop sharing music.

But Charles Dunstone of Carphone Warehouse, which runs the TalkTalk broadband service, is refusing.

He said it is not his job to be an internet policeman. Dunstone, whose TalkTalk broadband is Britain's third biggest internet provider, said the demands are unreasonable and unworkable. He also said his firm will refuse to cooperate with the BPI, despite threats of legal action.

But the BPI said internet firms need to educate their customers not to steal music. It also claims that if they do not help with the fight against music piracy, then the government will bring in legislation to make them cooperate.

BT tested secret "spyware" on tens of thousands of its broadband customers without their knowledge, it admitted recently.

It carried out covert trials of a system which monitors every internet page a user visits.

An investigation into the affair has been started by the Information Commissioner, the personal data watchdog.

Privacy campaigners reacted with horror, accusing BT of illegal interception on a huge scale. The company was forced to admit that it had monitored the web browsing habits of 36,000 customers.

The scandal came to light only after some customers stumbled across tell-tale signs of spying. At first, they were wrongly told a software virus was to blame.

Executives insisted they had not broken the law and said no 'personally identifiable information' had been shared or divulged.

BT said it randomly chose 36,000 broadband users for a "small-scale technical trial" in 2006 and 2007.

The monitoring system, developed by U.S. software company Phorm scans every website a customer visits, silently checking for keywords and building up a unique picture of their interests.

Nicholas Bohm, of the Foundation for Information Policy Research, said BT's actions amounted to illegal data interception. He told the BBC: It seems a clear-cut case of illegal interception of communication.

A further trial is planned in the next few weeks, BT said, but customers will be asked in advance.

Technical analysis of the Phorm online advertising system has reinforced an expert's view that it is "illegal".

The analysis was done by Dr Richard Clayton, a computer security researcher at the University of Cambridge.

What Dr Clayton learned while quizzing Phorm about its system only convinced him that it breaks laws designed to limit unwarranted interception of data.

The Information Commissioner's Office (ICO) has also said it would monitor Phorm as it got closer to deployment.

In addition the ICO confirmed that BT is planning a large-scale trial of the technology involving around 10,000 broadband users later this month.

Previous trials of the technology by the telecoms firm were branded "illegal" by Nicholas Bohm of the Foundation for Information Policy Research (Fipr), which campaigns on digital rights issues.

As the company did not inform customers that they were part of the trial, he said the tests were "an illegal intercept of users' data".

In the subsequent trial the ICO said: We have spoken to BT about this trial and they have made clear that unless customers positively opt in to the trial their web browsing will not be monitored in order to deliver adverts.

Husbands who are not where they are supposed to be could soon be in danger of being “sniffed” out by a mobile phone service that gives suspicious partners an electronic map showing the location of their spouse.

The Social Network Integrated Friend Finder (Sniff) is a new application, accessed via Facebook or mobile phone. The service promises to provide users with a detailed map of their friends' locations, any time and anywhere. However, there are fears that Sniff could be abused by employers to remove the last vestiges of privacy from staff.

Useful Networks, the American company behind Sniff, promised that only consumers who gave their permission could be electronically tracked by the service, which operates across all mobile carriers. Users can specify who can and can not sniff them, or whether they are open to be sniffed by anyone on the network. The company plans to charge users about 75p for each location “sniff”, with the results for mobile customers sent by return text.

“Sniffing” works through similar technology used by the police to track down suspected terrorists or missing children via their mobile phones. The phone sends a signal to nearby base stations. Positioning software performs a triangulation calculation on the information from the base stations and converts it into a geographical location.

Brian Levin, chief executive officer of Useful Networks, told The Times: Privacy is paramount and sniffing should only be used by people you can trust.

But employees who are enjoying a long lunch or a secret liaison instead of the business meeting in their diary could also find themselves “sniffed out”. Levin said: If the employer is paying the phone bill and employees are aware they can be 'sniffed', at least everyone knows those are the rules.

Levin also cautioned that sniffing should not be relied upon by parents to track their young children: the service will only place a location within a radius of about 200m.

Useful Networks hopes to introduce “sniffing” in Britain this month.

Update: SNIFF Away

4th June 2008

The SNIFF service which allows friends and family to find out where you are has been launched in Britain.

The technology delivers a map to the inquirer's mobile phone, giving the location to the nearest 100 metres.

But those behind the idea insisted that such a service can only work if the person being sought gives permission to be found. And if someone has already agreed to be tracked, they have then option to be made “invisible” for as long as they want.

Users will be able to register on the Social Network Integrated Friend Finder (SNIFF) via social networking sites Facebook, Bebo and MySpace, as well as online, and each searching text will cost 50 pence.

The service provider, American-based company Useful Networks, hopes hundreds of thousands of people will sign up. It has been running in Scandinavia for several months and each registered person has an average of five to seven people they track.