Overview for Web Masters, eCommerce Businesses, and Online Publishers

If you publish content online, for any purpose, you need to be concerned about Phorm and BT Webwise (and similar systems like Nebuad, Experian Hitwise, Umber, FrontPorch, Project Rialto, Feeva, Bluecoat).

These products function by illegally processing your private & confidential communications with visitors to your web site.

The effort that you invest in creating your web site, accurately describing the products & services you sell, automating interactions with your customers, the time spent writing the articles you publish, and the money you invest in promoting your site... all that work is exploited by Phorm (and similar firms) to gather confidential commercial intelligence from your communications, identify your visitors, and target your customers & suppliers.

The marketing intelligence yielded by this processing is sold to your competitors. Indirectly through advertising targeted at your customers & suppliers, or directly through 'reports' which reveal intelligence gathered from your communications.

In effect, this is systematic automated industrial espionage on a nationwide scale, and it will strip your traffic, your money, and your business away from you.


Isn't That Illegal?

While you could never assume that unencrypted communications were entirely secure (there was always a risk that criminals or hackers might obtain unencrypted information), it was possible to expect that the Directors of UK communications companies would not break the law. It was once reasonable to assume they would not intercept or disclose private & confidential communications without a warrant.

As far back as 1884, Members of Parliament were assured that the inviolability of UK electronic communications was protected in law.

With the illegal deployment of DPI systems like Phorm by BT, and failure of their Directors to abide by the law, you now cannot trust UK ISPs with any aspect of your communication traffic. As a sender or recipient.

UK regulators, Police forces, the ICO, Ofcom, and Government have comprehensively failed to uphold and enforce the law.

The major UK mobile telcos -  Orange, T-Mobile, 3,Vodafone and O2 -  have also acknowledged gathering communication data in secret from their UK customers.

The NSA whistleblower Edward Snowden was quoted in Speigel saying; "As a general rule, so long as you have any choice at all, you should never route through or peer with the UK under any circumstances".

In short, the right to expect confidential unencrypted communication in the UK is being completely subverted, and the law is simply not being enforced.


Your Options

If your web site is hosted in the UK, if you communicate with customers or visitors in the UK, if your data passes over a UK network, you should now assume that your private communications are being abused to promote your competitors and act accordingly.


Technical Options

First and foremost, you should cancel any contracts for communication & hosting services supplied by BT (or Virgin/ NTL/ TalkTalk).

Secondly, you should encrypt your web site communications using SSL.

For as little as 30 - it will be possible to ensure that your web site content and private communications cannot be abused by systems like Phorm.

Where practical, you might then consider blocking untrusted Internet Service Providers by IP address ranges.

Note too that it is not just web communications traffic that is now at risk. Any method of unencrypted data communication in the UK - over the internet or private circuit - is now effectively open to illegal abuse. That includes email, VOIP, SMS, FTP as well as web communications.

Protecting other methods of unencrypted communication, such as VOIP or email is much more challenging. Standards for encrypting these services are not well established, yet.

If you can avoid using UK telecommunications providers, or passing your communications through the UK, you should.


Commercial Options

Serving content to UK customers is likely to incur a cost overhead; the money you spend developing your site will be used to benefit your competition. Commercial options for limiting this damage, and/or recovering the costs include

  1. Charging a premium
  2. Denying high value products or content
  3. Offering customers information, and an incentive or discount to opt out of Phorm


Legal Options

You should ensure that you have a clear Copyright notice on your site.

Recording visits to your site, and identifying those which originate from BT and Phorm partner network customers will allow you to make Copyright infringement claims against the network operator. UK network operators are obliged to obtain a Copyright licence in advance, before copying and processing your work.

By mimicking your web site, hi-jacking image requests, and setting fraudulent tracking cookies... ISPs may also be infringing your trademarks. Registering domain names as variations on your trademark may give you additional protection.

You may also wish to consider serving an injunction against network operators, to discourage them from exploiting your intellectual property, and intercepting your communications.

If you can show your communications have been intercepted, or your copyright infringed or trademark violated without licence (which would be a criminal offence in the UK) you should complain to the police and/or UK Trading Standards.