Thursday, 10 April 2008

Is Phorm a serious threat to search engines?

It occurred to me this evening that given the nature of Deep Packet Inspection it would be a trivial task for Phorm to configure their Layer 7 hardware in such a way that creates a significant threat to search engines.

The technology has the ability to alter the information in the traffic data and so through the use of some fairly trivial regular expressions, the technology could be used to alter search results on their way back to the user. They could potentially insert their OIX partners directly into the top of the search results.

Moreover it would be incredibly difficult to detect (if even possible) that this is happening given the pseudo random manner in which search results are returned by the search engine; at best it would very difficult to detect and even more difficult to prove.

This could have a direct impact on the business models of many search engines including Google, Yahoo! and Microsoft Live Search who are competing in exactly the same markets as Phorm and OIX.

To this end I have emailed Tom Coates at Yahoo! expressing my concerns and have also talked to a close friend who works for Google. I will be talking to another friend who works in Redmond for MS over the next couple of days.

If the major search engines take a consolidated stance on this issue and all implement SSL versions of their search pages; it would go a long way in preventing Phorm building revenue from work which is in essence being done by the search engines.

It is Google's assets which process the search results (at great cost) for Google search pages so why should a company like Phorm be permitted to read and possibly alter the traffic data on the way back to the end users in order to make a profit?

Alexander Hanff

Please use the following link to Digg this post:

Tuesday, 8 April 2008


My apologies for not posting to this blog for some time. I have been very busy on other web site forums, blogs etc. fighting this issue and am currently in the process of writing my dissertation (which is on Phorm) so I have had precious little time.

I will hopefully have a chance to add some more information to this blog this weekend.

If anyone would like to discuss this issue you can find me on the following url:

Alexander Hanff

Monday, 17 March 2008

Attempt to report a crime

At 19:50 this evening I phoned New Scotland Yard to fulfil my civic duty and report a crime. Based on BT's admission to carrying out secret trials of this technology last summer without obtaining customer consent first, and in accordance to the guidance given by FIPR and the Home Office; I attempted to report BT for multiple criminal breaches of Regulation of Investigatory Powers Act 2000 (RIPA).

New Scotland Yard refused to issue the complaint a Crime Reference Number as they knew nothing about the issue and were "sure higher bodies are dealing with this" (in actual fact they don't know they were just trying to fob me off). They also claim that despite BT's admission reported in the press today; I need to know where the crime took place.

So basically what we need are victims of BT's criminal activities, to come forward and file a complaint with the police themselves. If you know you were part of the secret trials phone your local police station and make it very clear that you wish to file a complaint for criminal breach of RIPA against BT. The crime will have taken place in your local exchange as far as I am aware but we may need some clarification as to where the actual Phorm technology was (geographically) on BT's network before the police will act on these complaints.

So please, if you are a victim, come forward, make the call and start the criminal investigation rolling on BT.

Alexander Hanff

Subject Access Request (SAR)

Do you want to know if you were part of the illegal BT trials last summer? If so you can send a Subject Access Request to BT's Data Controller under the Data Protection Act (DPA). You will need to send a £10 cheque or postal order but they are required by law to respond to the request within 40 days.

You can read the Information Commissioner's Office Guidelines on your rights regarding SAR under the DPA by downloading the following PDF directly from their website:

Subject Access - Guide for Data Subjects

If anyone would like to submit any ideas for Subject Access Request templates please do so. If not I will try to get a template up by the end of the week.

Make sure you send Subject Access Requests as "Registered Post" should you need to issue a complaint against BT for failing to adhere to the SAR within the 40 days.

I have talked to a legal friend of mine and he is going to try to put a template for SAR together by the end of the week for us.

Alexander Hanff

Lavasoft Research Blog

Lavasoft have published a blog article researching Phorm. Quite an interesting read (although they fail to make any mention of RIPA):

Lavasoft Article

Foundation for Information Policy Research

Foundation for Information Policy Research (FIPR) have released a statement to the BBC this afternoon stating they believe that Phorm's technology contravenes the Regulation of Investigatory Powers Act 2000 (RIPA).

As a result they have issued the Information Commissioner's Office with an Open Letter on the legality of these technologies. In it they discuss issues such as the Opt-Out cookie fiasco, issues with regards to explicit informed consent as opposed to implied consent (criticising the Home Office press release in doing so) as well as discussing s1 and s2 of RIPA.

You can read the press release and the open letter on FIPR's website here

Alexander Hanff

BT admit to secret trials.

The Register published and article today confirming that BT did in fact trial this system last summer without seeking the consent of their customers or changing the terms and conditions.

This means that BT have now admitted to a criminal breach of RIPA and as such I urge all people who were effected by the secret trials last summer to seek criminal charges against BT with their local police station.

If you were to intercept BT communications and gain access to sensitive intellectual property you can be damn sure that BT would seek criminal charges against you, so why should they not be treated the same.

This is a very very important issue and the quicker criminal charges are brought against BT the quicker the rest of the corporate sector will understand that they cannot break the law for profit. It will also do a good job of stamping a little more life out of the Phorm stock price which is currently down a further 7.29% today (last checked 15:15).

BT are criminals, treat them as such.

Alexander Hanff