PHORM - UPDATE

It would seem that the chorus of disapproval about the "targeted advertising scheme" (a cute euphemism for spyware that) developed by Phorm is gathering pace somewhat. There is this from The Register - for me a clear indication of how disingenuous, if not mendacious, BT are being about the product. And, as The Register reports here, FIPR (for the uninitiated, the Foundation of Information Policy Research) has written an open letter to the Information Commissioner outlining their concerns and maintaining that the scheme is illegal.

I note too Tim Berners-Lee's comments, reported here. I can't help feeling that this intervention is especially significant, essentially because it reaches beyond the narrow confines of the Phorm issue. He makes the crucial point about his data and web history that: "It's mine - you can't have it. If you want to use it for something, then you have to negotiate with me. I have to agree, I have to understand what I'm getting in return." It will come as no surprise that I agree wholeheartedly with this. No doubt in common with Tim Berners-Lee I also believe that the principle should be applied to all data that is held about an individual wherever it is held, not just to their web-browsing history. But, as the law stands, it simply does not give effect to this. Ergo, returning to one of my more persistent themes, what is urgently required in the interests of both data privacy and data security is a radical overhaul of the current legal provision in this area to re-cast the law back in favour of the individual's data rights.

GOVERNMENT'S DATA WOES: FIPR'S PROGNOSIS

As I idle away the holiday hours - and sip my rum punch(es) - I've been doing a bit of browsing and, as it were, catching up on old friends. So I gravitated to the FIPR site, a bunch of people for whom I have an enormous amount of respect.

Their press release of a week or so ago (reported on here by Ideal Government) is such manifest common sense that, in case you haven't yet 'discovered' these inestimable fellows, I reproduce it here in full (my emphasis):

"The Government misses the point on Poynter

RELEASE: 17 December 2007

The Foundation for Information Policy Research (FIPR) believes that the Government's response to the interim Poynter report shows that they just don't understand what has gone wrong. Their refusal to abandon the headlong rush towards Transformational Government -- the enormous centralised databases being built to regulate every walk of life -- is not just pig-headed but profoundly mistaken.

Both Alasdair Darling, commenting on the HMRC fiasco, and Ruth Kelly, telling the House about the loss of 3 million people's personal information, told us that once 'lessons have been learned' and 'procedures tightened' the march to ever-larger database systems will continue.

Before Transformational Government came along, only small amounts of data were lost -- but as the new databases cover the whole population, everyone's affected now, not just a few unlucky people.

Transformational Government means putting all of the eggs into one basket and it is creating:

• The multi-billion pound identity card scheme, to hold data on the whole population;


• The National Health spine, which will make everyone's health records available for browsing by a million NHS workers;


• ContactPoint which will record details on every child in England, with details of their parents, carers and indicators of whether they have any contact with social services. Three hundred thousand people can look that information up;
  
• A universal pensioner's bus pass scheme which will hold the data on 17 million people, and in principle will let any bus driver learn your age and address -- when all that it should record is an entitlement to free travel.

Ross Anderson, Chair of FIPR and Professor of Security Engineering at the University of Cambridge said, "the Government believes that you can build secure databases and let hundreds of thousands of people access them. This is nonsense -- we just don't know how to build such systems and perhaps we never will. The correct way to design such systems is to localise the data, in a school, in your local GP practice. That way when there is a compromise because of a technical failure or a dishonest user then the damage is limited.

"You can have security, or functionality, or scale -- you can even have any two of these. But you can't have all three, and the Government will eventually be forced to admit this. In the meantime, billions of pounds are being wasted on gigantic systems projects that usually don't work, and that place citizens' privacy and safety at risk when they do."

Richard Clayton, FIPR Treasurer said, "Personal data ought to be handled as if it were little pellets of plutonium -- kept in secure containers, handled as seldom as possible, and escorted whenever it has to travel. Should it get out into the environment it will be a danger for years to come. Putting it into one huge pile is really asking for trouble. The Government needs to completely rethink its approach and abandon its Transformational Government disaster.""