Under Strict Embargo

Phorm’s PR planning was foolish. You don’t set up a blog once the crisis has happened but they should have done it at the very latest the same time they were commissioning the Ernst and Young report on privacy.

Your privacy is an illusion anyway if you look at the amount of information that supermarket loyalty cards, credit agencies like Experian and you bank has.

It is just that they haven’t bothered to use that data, pretty much your whole adult life is available there, what isn’t there can be inferred from the available data.

Then there is the battery of CCTV camera that we walk past everyday – the UK has more cameras per head of population than anywhere else in the world including China, Japan or the US .

The governments move towards data-mining and widespread departmental data access is a much greater privacy risk.

Hi Daljit,

Phorm Comms here again. I couldn’t agree more with your comments ref the ICO. Richard Thomas not only warned that we were in danger of sleepwalking into a surveillance society, he went further and said we had woken up in one.

Phorm technology is groundbreaking because it serves relevant advertising (we can have a separate debate about that, but I suspect you’re a realist and believe that without advertising support, lots of sites wouldn’t exist) without storing data: no PII no IP address no browsing histories. No other adserving technology does that. If our system became the standard, there would be no need for search or adserving companies (you know Whooo) to store your personal data for months on end…

Ged — hello again. Thanks for coming to see us a few weeks back http://renaissancechambara.jp/2008/03/10/phorm-factor/I am not sure I can quite agree with your contention that we got our PR strat wrong. I do agree that in normal circs you would blog as much and often as possible.

However, we engaged with Ernst & Young well over a year ago. At that time we did not have the signed contracts we have now and no doubt would’ve been accused of hyping ourselves or our stock. Instead, we worked on getting our technology right, making sure all the privacy components were right and not blowing our own trumpets. We focussed on the privacy and not on the public relations. I think you’ll agree we’ve been open and transparent.

Best wishes both,

Phorm Comms Team

The Phorm Comms Team are none other than Citigate Drewe Rogerson. So that’s not ‘Comms’ as an internet techie would understand it :-)

They have been assiduous in spinning round the tech forums trying as hard as they can to get the toothpaste back into the tube; and to an extent the tech forums have fallen into the trap of seeking technical knowledge about how Phorm is supposed to work.

Which is kind of like a French aristocrat debating the finer points of how the guillotine works with his executioner; it doesn’t matter how good it is or isn’t, it’s something you don’t want anywhere near your neck….

But I’m surprised the Phorm Tech/Comms/PR Team tipped up here; like ‘never kid a kidder’, I’ve always assumed you should ‘never spin a spinner’

What Jed is missing (and Phorm deliberately ignore) is that this is nothing like loyalty card mining (no card: no data) or cctv snooping (of public areas).

Phorm is equivalent to the Post Office opening your letters to friends, family and suppliers and reading every word in order to identify which useless leaflets your local free newspaper should dump on your doormat each week.
Or BT listening in to every phone conversation to better assist a telemarketing droid’s attempts to interest you in their wares.

As for Phorm’s PR team talking up their excellent ’strategy’ — shame you missed that us lowly consumers might expect a complete and secure method of avoiding our data being abused by our ISPs and Phorm? Do you yet accept that an opt-out cookie is completely inadequate?

It’s not that we don’t understand how Phorm works nor appreciate how anonymous you insist the data is reformed: we simply don’t want you to have anything to do with our private data.

Quite how BT Retail, TalkTalk and VirginMedia think they have any right to examine, manipulate and profit from my internet browsing is beyond me but I’m sure they’ll be “open and transparent” explaining it to me. Eventually.

Thanks for your blog, although it has been suggested your info is wrong, it’s nice to see that this company is going down.

What is even nicer is the fact that their PR company are costing them an absolute fortune in trying to mop up the negativity.

If I were them, I would just give up now, there is just way too much bad feeling about this and there is no way on earth that I would agree to OPT IN.

And this is only the start of it. Wait until more people in the UK are educated about this gross invasion of privacy.

Oh a word of advice for any shareholders…. Sell before you lose your money.

Phorm – RIP – You deserve it.

Ah, the Phorm PR Spin machine is at it again. Having played local cricket you get to see some very dodgy actions and pathetic attempts at spin.

Let’s keep things simple and clear here. Citigate Drewe Rogerson are a PR company. They are not technical experts in the same way that the various internet forums and investigative reporters on The Register are. They are dealing in spin, answering the direct questions posted in forums like The Register with a standardised response.

Phorm are claiming that Sir Tim Berners-Lee doesn’t understand what is being offered here. He has made it quite clear – his data is his, you can’t have it. What part of that doesn’t Phorm understand?

We are intelligent customers. We do not want Phorm. We do not need Phorm. Try and spin it however you want, the simple bottom line is that there are technically competent people out there who see this “product” for what it really is – an unforgivable invasion of privacy with no regard for the customer. I reject Phorm in its entirety.

You are the weakest link, goodbye.

Speaking as a Virgin Media customer, this represents an invasion of privacy on scale never before attempted on the internet. Phorm will essentially have a ‘wire-tap’ intercept on the total internet communications of 10 million plus individuals. This is a situation that the average person fondly imagines would require government authorities to obtain warrants, on a per person basis, to arrange. As a customer you will have no choice in the matter, you can only opt to not receive targeted ads, you cannot prevent your data stream being profiled. There is not time or space to go into the intricacies of the process, but at every stage it raises questions relevant to the DPA, RIPA and E.U. privacy laws and highlights some of the strategies Phorm have employed to comply with these laws, such as stating that the profilers belong to the ISP, even though the software is written and maintained by Phorm, thus it is true to say that personal data doesn’t get passed out from the ISP to Phorm. A semantic side-step that doesn’t inspire trust.

In terms of invasiveness the profile building that Google, et al indulge in is small beer by comparison. The essential difference here is about choice. I can choose to not use Google services, or regularly delete/refuse their cookies, they only have a window on my internet dealings. Phorm, through their ‘profiler’, see the totality of my panorama. They claim to ‘ignore’ all sorts of sensitive personal data that they will be witness to, but I have to take that on trust, as the patent they filed makes it clear they have the technical ability to harvest all my data and tie it to my IP address. They say they don’t store any data, apart from the remote log they keep for 14 days for debugging purposes.

Much more could be said, but as it’s rather off topic for a PR blog let me come back to that aspect.The only action which will calm the storm is to offer a proper,informed, opt-in, as might turn out to be legally required, which ensures that, for those that don’t opt-in, their data stream doesn’t pass through any equipment belonging to, under the control of, or programmed by, Phorm and that any interception of that data only takes place for the purpose of forwarding it on to those the customer intends it to go to. This would answer the majority of people’s fears. Unfortunately it might be already too late to wait for that calm to descend as, apart from the petition, a considerable body of technically literate customers have been lobbying and educating their MPs,MEPs,and the European Commissioner for Information Society & Media, plus assorted consumer organisations and privacy pressure groups. Where it might go from there is beyond the control of an irate customer base, even if they were to be placated.

Of course a proper opt-in, rather than the opportunity to opt out from Webwise’s anti-phishing protection, would put a dent in Phorm’s business model.

If my understanding is inaccurate in any way I would be happy for the ‘Phorm Comms Team’ to correct me. On the point of their blogging. I would advise them not to contribute to technical blogs, such as ‘The Register’, they simply appear risible and entrench anti-Phorm feeling.

There is no “product”, its the parasitic use of our data to interfere with our browsing. Given the roots of this company, and the stealth with which this was trialled last year, I can see no reason to trust a single word from this company.

Wonder how happy Phorm are that customers of Virgin Media have already started to move to no Phorm Isp’s.
VirginMedia stand to lose a lot of revenue not just on Broadband but on there other packages. Any VirginMedia customer that moves to a non Phorm ISP will have to change there phone line. That will then mean that they will have to disconnect there TV.

So VirginMedia stand to have customers moving to the following. BT, Sky, A Non Phorm ISP.

Virgin will be crazy if they allow that to happen by jumping into bed with Phorm.

Phorms PR Team trying to engage with deep techs head to head was like throwing lambs to the lions.

What were they thinking trying to bluff their way through a community of educated skilled tech professionals, armed only with a cut/paste menu of stock answers.

I think they seriously underestimated the strength of feeling. Good PR advisors would have told the client, in this instance, the product is wrong not the audience.

Pete
http://www.dephormation.org.uk/

The current media storm started over four weeks ago due to considerable effort in getting into public domain the disgust a number of Virgin Media users felt after digging into the background about Phorm and how it would affect them. The newsgroup virginmedia.feedback has been had unprecedented numbers of complaints and questions whilst at the same time the normally vocal Virgin Media support staff have said almost nothing on the subject.

The PR teams have been all over the web trying to sway opinion. When ever there has been an opportunity for the Phorm PR team to swing into action, they are there with the same old reassurances. Except they are missing the point. Nobody in their right mind wants Phorm, or any Phorm equivalent, especially at ISP level to have their browsing habits looked at by a company like Phorm or any other company for that matter. It’s a step too far.

What an utter PR disaster. Trying to slashdot their way out of a storm, not realising how cynical an exercise responding to individual blog posts will appear to the community.

And as Andy M said, ‘no-one in their right mind wants Phorm’. Unless you’re an advertiser of course. If my ISP buys, I’ll be moving ISP.

I think the first PR debacle was Citigate Dewe Rogerson’s very first forray into the ranks of the tech sites that were initially building this story.

By calling themselves ‘phorm tech team’ they instantly discredited themselves, as within a matter of two or three canned cut and paste responses it was fairly obvious to those they were attempting to interact with that it was simply a lie.

That just piled more distrust on a situation revloving around distrust of phorm, who had to change the business name from 121media to try and put a little distance between thee previous adware history before going public with the new scheme.

In a dissertation about how not to run a PR campaign, pretending to be a tech bod from a company and engaging in a technical debate with experts , only to eventually have to admit you really arent a tech bod, or even a phorm employee at all, because you got so out of your depth, is probably pretty high on the list of dont do’s.

Particularly running a PR campaign for a company woefully short on credibility to begin with.

Flaming eck what have you started Daljit!

I think Phorm’s PR strategy has been more subtle and polyvalent than they have been given credit for.

It might be useful to go back to basics on this and take a guess at how things might play out amongst all the interested parties: advertisers, ISPs, consumers, the technical community, regulators and the political classes.

The regulators and politicians need to know that this will not redound upon themselves. The advertisers sniff opportunity: the ISPs see money. So long as their brands are not noticably tainted, both will be happy.

As far consumers are concerned, Phorm are selling a product no sane and informed person could possibly want. The peculiarly propagandist tone of the consumer copy (eerily reminiscient of the government broadcasts in Starship Troopers), probably reflects this. “a safer experience,
a more relevant experience” – ugh. Whatever – there has to be some evidence of consumer engagement.

The interactions between Citigate (PhormPR/TechTeam) and the technical community may be no more than a smokescreen beneath which the heavy armour rolls on unimpeded. The online PR presents the illusion of engagement to the technical community. They are cordial, yet provocative. They obfuscate endlessly, all the while talking of transparency. Their job is not to say “Black is White”, but “Black is not the colour we’re here to talk about today”. To needle opponents to the point where they no longer act with intelligence.

And meanwhile, in the cold depths of Whitehall, the real work is done.

“Look, our clients are good people. An accountant you’ve heard of said so. Yes, the consumer copy’s a bit iffy, but this is a complex message to get across [viz: we know everything about you: your privacy is assured]. I bet you find techies unreasonable too. Have you seen the names they call us? Have we not web-chattered? Have we not blogged. Yes, we may have done a few things that don’t reflect currently accepted best practice. But we’ve drawn a line under that. We’ve moved on. You can understand that. Capiche.

Remember, all Phorm have to do here is not lose. They’re not here to gain anyone’s respect, or love. They just need to get their wedge in.

Oh and I forgot to add, there are degrees of ‘not losing’. Instituting a proper opt-in, of the type outlined many times, would reduce serious opposition to a rump. Phorm could continue their business, but with a considerably reduced profit forecast. Or, they could implement a proper opt-out, that would satisfy a lot of the protest and wouldn’t hit the profits so much. They have reasonable options, they have the opportunity to broker a compromise. Ultimately it’s the ISPs who are most exposed and they will decide if it’s worth selling our privacy, in perpetuity, for thirty pieces of silver, so that Phorm can achieve their dreamed of El Dorado.

‘Absolutely. I’m just keen that people don’t get the idea that because the online PR team are regularly getting trounced on the forums that the battle is almost won.’

Ah yes, I totally agree with you in that case, technical blogs are a small side-show, but they can produce some of the plankton that supports the higher journalistic food chain. They educate journalists and provide them with ammunition to use. It’s the ignorance, which Phorm seek to exploit, that needs to be combated.

We have the policy makers, who are technologically illiterate, compared to the knowledge required to understand the scope of this threat. Then there are those who have enough understanding to believe that Firefox and Adblock will insulate them. There is also a significant block of Gen.Y, who have been in thrall to brands since they were old enough to pronounce ‘Nike’, who can’t even see an issue in this.

The PRs themselves need educating. They are used to running campaigns that have little personal ramifications for themselves, like convincing the masses to chuck over-sweetened chemical concoctions down their necks while they drink premium orange juice hand squeezed by virgins.

In this case they are campaigning away their own personal freedoms. There is no ’superior internet’ they can buy into, while the hoi polloi struggle along having all their traffic intercepted.

Once this Rubicon has been crossed there will be no going back and they would do well to consider this from a personal perspective. When their particular consultancy has dispensed with their services, because they’ve become ‘old and in the way’, they’ll be able to tell their children that they made their contribution to extinguishing personal freedom in this country.

Welcome back Phorm Comms Team

Let me return comment on a few issues you raised. Firstly, Tim Berners Lee and the example he gave vis-a-vis insurance companies; lets just say for now we accept what you say. Have you actually read your own patent application? Your system has the potential capability to do a great deal more than you currently claim it will. Even the Privacy Impact Assessment you commisioned from 80/20 thinking warns of the dangers of “function creep.” What is to stop Phorm from implementing the kind of scenario he raised 5 years down the line if we allow you to get away with this now? Even your own Chief Operating Officer made a potentially alarming statement to the NY Times:

“As you browse, we’re able to categorize ALL of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the ENTIRE Internet.” * [please note the capitalised emphasis is MINE]

Also, you may want to go back and read his full comments. I think he was very clear that he views his clickstream data as his, only his and that you cant have it and neither can any ISP that you sign deals with.

When it comes to your point about fielding tech people to answer questions you are right. You have done so but in a very limited capacity. In very limited places such as theregister, the guardian and your own website. What you havent done is to respond with technical information
to questions posted for example on the phorm thread on the cableforum website. Numerous technical questions have been posed and all we have had is PR responses that are less than clear and only obfuscate the debate.

I am still waiting for any kind of response (Even a pr-friendly spun response) as to what information will be held in the “research and debug logs” that phorm will be storing for up to 14 days. That term research has some very wide connotations yet we still have no answer. Care to respond? Right now I will even gladly accept a heavily “spun” response right now just so we can move the debate on.

Also, please allow me to congratulate you on your remarkable achievement of making the first ever infallible computer system that cannot ever go wrong or be abused. Of course, historically, others also thought they had an infallible system that anonymised data. AOL anybody?

Finally, if I can be bold, let me make a suggestion. If you really want to try and deal with the storm of controversy your system has aroused you may want to actually send your tech team to some of the more active forums and blogs so that we can finally get some crystal clear answers to our questions.

“Ref Sir Tim B-L, we think we might be more aligned than appears. Let’s see. If we manage to have a chat, we’ll publish it (_IF HE ALLOWS_!) — how does that sound?”

ROTFL, “if he allows”, thats a classic PCT, so you DO understand the legal implications then!

iv asked this before and never got an answer.

Phorm Comms Team, what is your clients head legal councils name, address and contact phone No in the UK and US.

the same question for all the Phorm contracted PR companys.

they and you do understand that under Uk and EU copyright law, a users key entrys and click stream data are infact that users copyright?.

this legal council do understand the concept of ‘comercial piracy’ under both UK and EU law? and have instructed the Phorm BOD and all persons involved of its implications for them.

and they understand the meaning under UK and EU law of ‘EXPLICIT’ consent.

you understand that you collectively do not have the right to use anothers copyright without written consent or signed contract for comercial purposes.

Hello again Phorm Comms Team

Thanks for your reply. I am glad to see that you acknowledge it would have been good to have more tech people attend the forums and blogs. I honestly think that would have helped to at least partly assuage some of the bitter feeling that there is on this issue.

Naturally, I understand that Mark Burgess and your Chief Technology Officer are busy people and wouldnt have the time necessary to deal with all the necessary questions. That said, surely someone other than MB or the CTO would have the technical knowledge to be able to come to the forums and give detailed answers to peoples questions? [ Please note kind offers to do this on a one-to-one basis via visits to you or phone calls with techies, in my opinion, undermines your cause. The resistance to Phorm, as has been mentioned by Daljit already, is taking on the Phorm (pun intended) of a “grassroots campaign.” Trying to win us over 1 by 1 with offers of phone calls or in-person visits will not work ]

Playing devils advocate here (not really sure why I am trying to help you – maybe something to do with the spirit of Easter?) if that is not possible then I strongly urge you to communicate to your bosses that they make it possible for one of your techie employees to start addressing the technical questions posted on websites such as cableforum.

As for needing a good techy who can communicate well, let me say that flattery will get you nowhere but please feel free to keep on trying ;) All joking aside, however, I wouldnt be suitable for a number of reasons;

I arent that good a techy, I am more of an enthusiastic and knowledgeable amateur really. I know enough to see the potential dangers inherent in your systems particularly regarding “function creep” and I know enough to know that I dont want Phorm anywhere near my internet clickstream. I know enough to see the dangers represented in your patent application.

Regarding Tim Berners Lee, I wish you good luck. If you do manage to have a dialogue with him regarding your system I would be very interested to read about it. It sounds a great idea to me. If he agrees to it and agrees to allow it to be published are you gauranteeing to release the information even if he remains adamantly opposed?

Regarding the information you posted in relation to the debug logs I would like to say thank you. At first glance I dont see anything there that sets alarm bells ringing but I also note that no mention is made there of the term that had me most worried; namely “research.”

Am I to understand that the data stored for 14 days will only be for debugging purposes and not be used in any other way? If so then on face value I am somewhat reassured on that matter. A comment regarding this at the next webwise chat would be greatly appreciated.

On another point dont you find it interesting that the COO of Phorm was making statements to the NY Times that bear no resemblence to the system you say are going to implement? To be charitable could it be that the system you intend to introduce here in the UK differs greatly from the system you are considering for the US market? If this IS the case then surely this is an important message for you to communicate to us?

Apologies for such a lengthy response. Let me sum things up neatly in just a few words. My advice to Phorm in two simple phrases is this: Technical answers to technical questions. Engage NOT enrage.

no PRform answering the questions put today?, shame.

heres another post i made elsewere, it would be good to get an answer on the copyright and safe harbor, or at least have others comment on this less talked about and considered aspect.

IAmTheLaw

Comment No. 1013624
March 26 15:57
Phorm can maintain all it wants that it retains no information etc, but it doesnt make it true.

infact their very own Coo to the us market, says the exact oposite as already pointed out in Charles tech blog.

for those that didnt see the quote yet.

http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?_r=1&ref=business&oref=slogin

“”As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.”

and their Patent confirmed this very same extensive capability.

here is Phorm’s patent application toread for yourself
http://www.freshpatents.com/Targeted-advertising-system-and-method-dt20060921ptan20060212353.php?type=claims

for a change heres some less talked about facts:
theres also the fact a customers key entrys and click stream data are their copyright property.

its not for any ISPs or any profiling companys that think they can commercially use and own, without written permission or a signed contract.

they are in law considered committing ‘commercial piracy’ if they use your date (and we are talking companys using these ISPs as well as home workers/users)to make profit,with all the implications that brings .

then theres the ’safe harbor’ question, did the UK ISPs in question, give up their legal protection in EU law by freely signing up and agreeing to ‘a general monitoring of the network’ in that contract for profit.

…now back to the usual DPA, and RIPA comments…