PHORM - UPDATE

It would seem that the chorus of disapproval about the "targeted advertising scheme" (a cute euphemism for spyware that) developed by Phorm is gathering pace somewhat. There is this from The Register - for me a clear indication of how disingenuous, if not mendacious, BT are being about the product. And, as The Register reports here, FIPR (for the uninitiated, the Foundation of Information Policy Research) has written an open letter to the Information Commissioner outlining their concerns and maintaining that the scheme is illegal.

I note too Tim Berners-Lee's comments, reported here. I can't help feeling that this intervention is especially significant, essentially because it reaches beyond the narrow confines of the Phorm issue. He makes the crucial point about his data and web history that: "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return." It will come as no surprise that I agree wholeheartedly with this. No doubt in common with Tim Berners-Lee I also believe that the principle should be applied to all data that is held about an individual wherever it is held, not just to their web-browsing history. But, as the law stands, it simply does not give effect to this. Ergo, returning to one of my more persistent themes, what is urgently required in the interests of both data privacy and data security is a radical overhaul of the current legal provision in this area to re-cast the law back in favour of the individual's data rights.

DNA DATABASE DEBATE - UPDATE

This - from the Daily Telegraph - sparked my interest, not least because of my relatively recent blog about the DNA database (here).

Now I acknowledge that one has to be careful in making judgements about individual cases when one does not necessarily have all the details available. Nevertheless, even with that proviso, it is manifestly ludicrous and disproportionate that an individual should have his DNA and fingerprints entered on to the respective databases for the measly sum of £2.40 - which, according to the report he was going to pay anyway. Mr. Ahmad's explanation of his discomfiture at his treatment - "I don't want my DNA stored on the database because it implies I'm going to do something in the future. It feels like I have been tarred with the same brush as criminals." - is very much to the point. It demonstrates the uncomfortable transition from 'innocent' to 'suspect' citizen that is inherent in national/universal database schemes - and the seriousness of which, incidentally, is hugely difficult to understand or appreciate until such time as one has been subject to it. The case also underlines the way in which the Government's current policy - requiring DNA samples on the back of all recordable offences - could/would lead to an all-but universal database over time. One way or another, as more and more offences are added to the statute book and as more and more prosecutions are sought for what are essentially trivial reasons (dropping apple cores or what-have-you), it is getting increasingly difficult not to break the law!

I am reminded too that, in my previous post, I didn't make it entirely clear where I stand on this so I take this opportunity to tidy this up. Clearly I am vehemently opposed to any form of national/universal database. Rather I favour a threshold whereby prosecutions of recordable offences that result in convictions, together with arrests, whether or not resulting in conviction, for violent/sexual/serious crimes should require DNA samples to be taken and entered on the database. While this may be a tad difficult to draft accurately in law it strikes me as being the most proportionate way available to deal with the matter.

STRANGE/WARPED SENSE OF PRIORITIES

There was, for want of a better word, an 'interesting' juxtaposition of subjects in the House of Lords debates on the Criminal Justice & Immigration Bill last Wednesday.

Just short of 4.45pm the Lib Dem's Baroness Miller introduced amendment 129, the purpose of which - as recommended by the Information Commissioner and others - was to increase the current penalties for unlawfully obtaining data. Perhaps more importantly, amendments 146 (from the Lib Dems) and 148A (from the Conservatives) were coupled with this, both of which aimed at introducing the new offence - again recommended by the Information Commissioner - of "knowingly or recklessly causing the loss of personal data".

Now, as regular readers (if there are any) will now, I've blogged about this a fair few times in the past (e.g. here). I also reckon that, because it increasingly feeds into pretty much every aspect of all of our lives, this is the single most important policy area facing our legislators at the moment. With that in mind, I still hold to the view that, while undoubtedly the new offence is a stop-gap measure (until such time as our 'dear leaders' can get their heads round the imperative for a radical overhaul of the whole area of data privacy and security), it is nevertheless both urgent and essential in the short-term that the new offence appear on the statute book (if only, as it were, pour encourager les autres).

Having got that sales-pitch out of the way, what was the Government's response to these proposals? Well, reading between the lines of Lord Hunt's comments, it looks like they want to kick them into the long grass. Apparently the Government have run into serious difficulty with this particular Bill in that - I paraphrase here - they have to get it passed by mid-May at the latest in order to avert a strike by Prison Officers. As a result a bunch of shabby deals are being negotiated behind closed doors by the respective front benches to try and eliminate potential areas of conflict/controversy that might delay the Bill. One such clause touted for this process - Lord Hunt admitted it openly - are these data protection provisions. As Baroness Miller put it: "We have just debated a clause on self-defence that I heard the noble and learned Lord say is not really necessary and now the Government are considering dropping not that but a clause that the public really believe in." Bluntly this is no way to legislate.

Be that as it may, debate on this substantive and essential issue lasted for about 20-25 minutes. And in fact all the respective front-bench spokesmen (Baroness Miller, Lord Henley and Lord Hunt) opened their remarks with direct/indirect apologies for detaining the House from its next business. What subject was so important that, in their minds, it outweighed data protection and security? Why, the arcana of blasphemy of course!?! Debate on this went on for over two hours and culminated in a vote.

Now I'm sure the Lords are have considerable expertise in this field. And for sure it is a subject that attracts the interest of many of the members. Of course it's entirely up to them to decide what they think is important. So call me a cynical old goat if you will but I can't feeling that, as my title says, this demonstrates a decidedly strange, if not warped, sense of priorities amongst the Lords and Ladies. Surely in the world in which we live 'data privacy/security' versus 'blasphemy' is a no-brainer?

PHORM "SPYWARE"

Should you be concerned about the security and privacy of the data on your computer/laptop and just in case you're a customer of British Telecom Retail, Virgin Media or Carphone Warehouse TalkTalk, you might want to take a look at this (from the ever-reliable SpyBlog), this and this (from The Register).

Even for those aren't especially techie-minded (including me), it is plain that the design of the Phorm web advertising scheme is no more than 'spy-ware', pretty sophisticated but 'spy-ware' nonetheless. At a pinch one could argue (just about) - as BT seem to be - that it is moot as to whether or not these Phorm-based schemes breach the provisions of RIPA. But, I reckon they're skating on decidedly thin legal ice here; for sure, if I were a BT lawyer, I'd be nervous about turning up in court trying to sustain such a position.

Obviously I can't speak for anyone else but it does strike me as the most abominable cheek that, just as we are justifiably fuming about the Government's utter contempt for and cavalier attitude about the security and privacy of our data, along come BT, Virgin, and Carphone Warehouse with this mendacious wheeze that demonstrates precisely the same sort of mind-set. Of course, this is in fact a major part of the problem. Because the Government is so contemptuous and cavalier about looking after our data, the private sector begins to think it can behave in the same way: a case almost of monkey is as monkey does. And that makes it all the more imperative that action be taken across the whole of Government to sort this out as a matter of urgency.

Will they do so?