The Bespoke Internet

The controversial deep-packet inspection service offered by Phorm has been making the news again. But despite some of the hostile coverage that Phorm has received, there are possible benefits as well.

Controversy has followed Phorm since their early trials were uncovered by Internet users who accused them of monitoring their usage without consent. An independent Privacy Impact Assessment was slated for not condemning the service, and the ICO concluded that the service is not illegal following a formal complaint. Now the European Commission has announced its intention to take action against the UK government for failing to intervene to stop Phorm. Questions have been asked about the independence of Phorm’s directors.

The Open Rights Group has written to a number of major websites to urge them to opt out of Phorm’s profiling, with some considerable success: first Amazon, then Wikipedia have asked Phorm not to profile their traffic. With big names such as these refusing to permit profiling, it seems inevitable that others will follow suit. Meanwhile, whilst Facebook has not opted out, their CPO Chris Kelly has suggested that users who are unhappy with Phorm’s profiling should complain to their ISPs.

Throughout this, Phorm have argued that their approach is the future of the Internet: that current ISP pricing levels are unsustainable as online advertising revenues fall, and unless users want to see cost hikes for Internet access, they have to accept that targeted advertising is a necessary reality. Whilst I’m not familiar with the economics of the situation, there would appear to be some legitimacy in this. In fact, I’d really like to get a bespoke Internet experience, where the content, links and advertising are selected to be of greater interest to me than they are now. A ‘bespoke’ Internet would be a great user experience.

However, if I’m allowing my browsing habits to be profiled, then I want to own that profiling service: I want it on my machine (or at least somewhere in the Cloud where I feel I have control over it), set up according to my wishes, with the ability for me to edit or erase any or all of the history at the click of a button. In fact if I trusted the system, I’d be willing to populate it with basic data about me to help it in its decision making: my age, gender, address, interests, and equally importantly, things I don’t want to read about. But I won’t volunteer that information to a third party over whom I have no control, and who is acting with a purely commercial interest.

And it is there that the trustworthiness of Phorm’s approach slips up. In trying to build and dominate a market for behavioural online advertising, the company has, arguably, lacked transparency in some of its actions, and the resulting media coverage has left sufficient doubt in people’s minds that many individuals and companies are unwilling to participate. Phorm has announced a trial of its service in technology-savvy South Korea, and it will be interesting to see how people react there. Culturally, many Asian countries appear to have less privacy – after all, to British eyes, everyone’s packed in together with little personal space – but my experience is that because of this the individuals guard the privacy of their thoughts even more closely than the British generally do.

So Phorm’s premise that they can deliver the bespoke Internet is arguably valid, but they will have a lot of work to do if they wish to build public trust. After all, a bespoke suit is doubtless preferable to an off-the-peg, but I’d need to trust my tailor before I’d be comfortable about letting him measure my inside leg.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

When I click on the bit above about 'the ICO concluded that the service is not illegal following a formal complaint' it stays inert, as it's not a link to a reference supporting that. So what, please, is your support for that assertion? But whatever it is, the ICO has clearly stated that the responsibility for expressing an opinion about Phorm's legality or illegality under RIPA rests with the Home Office, and not the ICO. Accordingly, the ICO has only ever made comments about the DPA and PECR, and has only ever said that it thought that Phorm could be operated legally under these. Which is not at all the same thing as saying that it would be legal. And still leaves out the Copyright Act and the Forgery Act, which would apply in addition to RIPA unless Phorm were to seek consent for interception not just from Phormed-up web users, but from every website they visit. (And no, the Home Office's 'implied consent' theory won't wash. Just ask Jodie Foster)
I'd completely agree with your point on the ICO relying on the Home Office to determine legality here. The ICO's first comment on Phorm was benign, and only became more critical in light of public outrage. That office only has limited resources, and I sympathise with their reluctance to get dragged into a debate like this when the likes of Richard Clayton have done an excellent job of analysing the implications. I stand by my point that there is a place for a bespoke Internet, particularly since the advertising revenues would enable ISPs to subsidise the cost of service delivery to users and keep prices down. My problem is with the architecture that Phorm have deployed, and a general unease that they have possibly not been as transparent in their service delivery as one might have hoped. [Have checked the link and it appears to be fine - might have been a temporary glitch?]