Forums
| BadPhorm - When good ISPs go bad! :: Forums :: Fight Back :: Complaints about Phorm |
|
<< Previous thread | Next thread >> |
| ICO reponse to complaint about Phorm handling BT Webwise data | ||
|
Moderators: Jim Murray, narcosis, felixcatuk, Sammy
|
| Author | Post | ||
| revrob |
| ||
 Registered Member #372 Joined: Wed Apr 23 2008, 03:09PMPosts: 26 | I have had a formal response to my 10th June complaint to the ICO about 1) BT www.bt.com cookie security, the leakage of cookie data including full email address to the then operator of BT Webwise pages, in particular the Contact Us page operated by Phorm (evidence in browser logs) 2) The handling of BT Webwise Contact Us form enquiries by Phorm Helpdesk. (evidence in email headers) Basically the response was as follows: 1 - the cookie leakage was ignored. My concerns about leaking cookies sending PII to the BT Webwise US operator Phorm, were acknowledged but then there was nothing following them up in the rest of the letter. 2 - the issue of Phorm handling the BT Webwise enquiries is held to be data processing within the meaning of the Act. Phorm didn't need to be registered with ICO even though outside EU, and didn't need to be in Safe Harbor agreement. Even though I had not given consent for my data to go to a third party, it still did and that is fine by the ICO. The fact that BT did in fact respond to both issues when they were "found out" suggests that BT felt somewhat unsure of their legal standing in leaking PII from bt.com cookies, and in having customer data handling on BT Webwise dealt with by a US hosted, Phorm run helpdesk. But it doesn't seem to worry the ICO. The ICPO did acknowledge that there was a "perception" problem given that BT were making much of the fact that "Phorm never got any PII from BT" in their statements about Webwise, and that they been in contact with BT to suggest they might like to make any further involvement by Phorm in handling of BT customer data clear to customers. So one tiny little drop of blood squeezed out of the ICO stone. So yet another brush off. And the cookie leakage (for which we have evidence) was simply not discussed - yet another "technical" issue that ICO don't seem to have the expertise to even think about. I will be writing back to express my dissatisfaction. I will also be advising the ICO that my formal DPA request to BT about the matter has been ignored twice. I wonder if even that will prompt any action. I will be scanning the ICO reply to a text based pdf in the next few days and making it available. revrob | ||
| Back to top | | ||
| lardycake |
| ||
 Registered Member #141 Joined: Sun Mar 09 2008, 06:17PMPosts: 50 | I guess you will also be checking out the procedures to complain about the ICO itself? | ||
| Back to top | | ||
| madslug |
| ||
  Registered Member #266 Joined: Tue Apr 01 2008, 12:11PMPosts: 499 | Thanks for the update on the cookie, etc leakage. It just goes to show that the ICO needs to make more use of technical advisers who understand all this stuff. For those of us who run our own websites and servers it is bread and butter. It just shows that the ICO role is very much a matter of collecting complaints and then telling people who are DPA registered that they need to improve their data controls. The only solution seems to be to read the privacy statement of any website used and that if the privacy statements mentions that your PII will be made available to businesses outside the control of the ICO, then that is OK then and it is down to the users of the website to decide whether or not to supply any PII during their visit to the site. The average web surfer is far too trusting of what controls they believe are in place without realising that the reality is that their data is being harvested by everyone and passed to anybody. Not even the DPA registration details published on a site are any guarantee if the privacy statement reveals sharing of data to 3rd parties. 6 months ago the internet was a very innocent place. Thanks to the ISP's greed, that status will forever be in doubt. Proud to be a Phorm free ISP - www.mADSLax.co.uk - Griffin reseller | ||
| Back to top | | ||
| revrob |
| ||
| Registered Member #372 Joined: Wed Apr 23 2008, 03:09PMPosts: 26 | I have now completed scans and made text based searchable/quotable pdf files of my 10th June ICO complaint and the ICO responses. If someone would like to PM me regarding hosting them I will let you have them and then post the url's on various boards- so you can comment/advise on where to go next (like complaining, and/or forwarding it all to the EU) revrob | ||
| Back to top | | ||
| revrob |
| ||
| Registered Member #372 Joined: Wed Apr 23 2008, 03:09PMPosts: 26 | Here are my BT customer ICO complaint and the ICO response relating to leakage of my PII to Phorm by BT in the operation of their bt.com site and the BT Webwise site and the BT Webwise contact pages. Enjoy. Comments welcome and thanks to Dephormation site for both some of the logging tools used in tracking the leaks down, and also for hosting the pdf files which have searchable and quotable text http://www.dephormation.org.uk/documents/btuser/complaint.pdf http://www.dephormation.org.uk/documents/btuser/response.pdf revrob | ||
| Back to top | | ||
| Vindex |
| ||
| Registered Member #334 Joined: Fri Apr 11 2008, 09:35AMPosts: 15 | I am a little curious about what the ICO powers are? It seems to me that we spend millions of pounds of our taxes on organisations like the ICO and Ofcom and so on. And yet we give none of them power to do anything. It looks like their most severe punishment they can actually impose would be to 'Tell mummy'. And in this case the Home Office seem to be in BTs pocket. Have the Home Office given a single statement on this since last year? Utilities like Communications, Electricity, Gas etc. Whilst not quite monopolies are operating in controlled markets seemingly as unofficial cartels. They offer essential services and I would have thought of all the things governments are responsible for this should be high on their list. When these companies use their controlling positions to impose unfair charges or improper use of their power by force feeding us Phorm the government should step in and remind them of their position. But sadly our regulators are doing nothing, the government is doing nothing, the police are doing nothing. The one and only reason Phorm has been delayed and modified is because of public pressure. And sadly public pressure is likely to diminish as people lose interest or some other more pressing issue takes the lead. I am sure BT and Phorm are hoping to ride the storm and we will resign ourselves to the inevitability of getting screwed. I just hope Phorm go bust before that happens. | ||
| Back to top | | ||
| felixcatuk |
| ||
felixcatuk  Registered Member #95 Joined: Wed Mar 05 2008, 12:03AMPosts: 1104 | Agree. It seems even when a firm gives an explicit written public assurance that processing of personal data 'cannot' happen, and it clearly does, the ICO don't think that merits any action. They are completely incompetent, utterly pointless, and the sad thing for the IT industry is that brings all IT businesses into complete disrepute. If a firm like BT can get away with processing personal and private communications traffic without consent, can leak personal contact data to an American firm despite giving an explicit assurance that it would not do so, and a regulator takes absolutely no action against a firm that so does ... why should anyone in the UK imagine that the IT industry fears compliance and regulation? Whats even more worrying; suppose Phorm were ever allowed to operate. Suppose you found that despite your choice not to opt in, BT had in fact given Phorm your communication data/your name/address/email address/IP address. What action do you imagine the ICO would take to protect you? As Stalin's grandchild (now employed by the Information Commissioners Office) might have said, "one DPA offence is a tragedy, a million DPA offences is a statistic". [ Edited Wed Sep 10 2008, 09:50AM ] BT/Virgin/TalkTalk customers - you don't need Webwise and Phorm, pure and simple. Regulators will not protect you from Phorm. Find a Phorm Free ISP. Protect your privacy. Protect your web content. Phorm must be stopped. www.Dephormation.org.uk: Free Anti-Phorm Countermeasures for Firefox Users and Web Sites Sign the No. 10 Downing Street Petition PhormUKPRTeam/PhormUKTechTeam is a PR consultant from Citigate Dewe Rogerson. | ||
| Back to top | | ||
Powered by e107 Forum System