(Dieser Artikel ist auch in deutscher Sprache verfügbar)
A large controversy has been lately spurred in the UK by the new technology Phorm, which can track users' online surfing habits in order to better target ads.
The Phorm system is apparently meant to assign a unique identifying number to a user's browser, which, according to the developing company, cannot be associated with the user's IP address, not even the ISP. Then, it uses information on the user's surfing habits obtained by searching for key words on the requested URLs and visited websites and assigns that unique number to various "channels". When a website with a "Phorm please put an ad in here" tag is visited, Phorm provides an ad from a channel where the user's unique number appears. It appears that some ISPs like BT, Talk Talk and Virgin have signed up to use Phorm.
Several technical questions have been raised. The EDRI-member Foundation for Information Policy Research (FIPR) letter says: "Users are apparently to be allocated pseudonyms for some of the processing, but at various processing stages the personal data can be linked to the pseudonym, the pseudonym can be linked to the IP address used, and the IP address can be linked to the user. Although we understand that this linkage will not be standard operating practice, it can nevertheless be performed."
Phorm assures that it does not write in "the production system" the data on the content viewed, getting rid of this information as soon as the assigning of the unique number to a channel is complete. The data is stored for 14 days in a separate system used for "research and debugging" and then deleted.
Concerns were also related to the legality of the system. It is not yet clear whether the use of Phorm by ISPs is in compliance with the Data Protection Act. In the opinion of the FIPR, Phorm is illegal according to UK law and the Foundation has sent an open letter in this sense to the Information Commissioner Richard Thomas claiming Phorm contravenes the Regulation of Investigatory Powers Act 2000 (RIPA), which protects users from unlawful interception of information.
The UK Home Office has drawn up guidance suggesting that ISPs will conform with the law if customers have given consent. FIPR argues that Phorm must not only ask the consent of web users but also of website operators. Nicholas Bohm, general counsel at FIPR, said: "The need for both parties to consent to interception in order for it to be lawful is an extremely basic principle within the legislation, and it cannot be lightly ignored or treated as a technicality."
But a spokesman for BT told BBC News: "Provided the customer has consented, we consider that there will generally be an implied consent from website owners". Ertugrul, chief executive of Phorm Kent, stated: "With regards to a website that is published openly and fairly, we are not breaching any laws in using information that is published on it" . He also added that websites which discouraged web crawling from search engines would not be subject to Phorm's tools.
In its open letter FIPR pointed out that many websites required registration giving access to their content only to some people adding that many websites or part of websites belonged to an "unconnected web" with a limited number of people.
But Phorm has argued that its system gave users more privacy because of an opt out possibility. "Phorm has an on-off switch and does not store any personal data at all," said Mr Ertugrul.
One of the opponents of Phorm is Sir Tim Berners-Lee, inventor of World Wide Web who stated he did not want his ISP to track which websites he visited. "I want to know if I look up a whole lot of books about some form of cancer that that's not going to get to my insurance company and I'm going to find my insurance premium is going to go up by 5% because they've figured I'm looking at those books," he said.
Phorm has said its system offers security benefits warning users about potential phishing sites.
A petition submitted by Mark Antony Thompson addressed to the Prime Minister to "stop ISP's from breaching customers privacy via advertising technologies" has gathered more than 8500 signatures. The petition considers "the opt out system for this technology is vague and unproven, even when opting out your every move on the Internet might be recorded. Surely this must be a breach of privacy laws, if not then the privacy laws need to be changed to cover such invasive technology."
Foundation for information policy research - Open Letter to the Information
Commissioner (17.03.2008)
http://www.fipr.org/080317icoletter.html
Phorm 'illegal' says policy group (17.03.2008)
http://news.bbc.co.uk/2/hi/technology/7301379.stm
The Phorm storm (12.03.2008)
http://www.openrightsgroup.org/2008/03/12/the-phorm-storm/
Web creator rejects net tracking (17.03.2008)
http://news.bbc.co.uk/2/hi/technology/7299875.stm
Petition to the Prime Minister to Stop ISP's from breaching customers
privacy via advertising technologies
http://petitions.pm.gov.uk/ispphorm/