Trials were bad Phorm
Remember all the fuss over Phorm and its Webwise internet behavioural advertising technology? Ever since it was revealed that BT had been running secret trials of Phorm technology to snoop on customers without permission, it’s fanned a boisterous privacy debate. It looked as though we who regard this technology as invasive and a breach of privacy had been defeated by a joint attack from government, law enforcement and information watchdogs, all of whom gave Phorm the green light. But things have recently taken a different turn. Feisty Viviane Reding, European Union Commissioner for Information Society and Media, has declared those secret BT/Phorm trials illegal under European law – and, what’s more, that UK data protection and privacy laws are structurally flawed. She’s started legal proceedings against the UK government for breach of the EU Data Protection Directive and called on the UK to “change their national laws and ensure that national authorities are duly empowered and have proper sanctions at their disposal to enforce EU legislation on the confidentiality of communications.”
And if that isn’t enough to put a smile on your privacy campaigner’s face, some of the biggest internet outfits are opting out of the Phorm Webwise service and informing their users through press releases and blogs. LiveJournal’s opting out may not make the headlines, but Amazon and Wikipedia certainly will – both have decided to play no part and have cancelled themselves out of the Phorm equation after the Open Rights Group sent them (along with Microsoft, Google and others) an open letter asking them to do just that. Let’s hope other big names follow soon.
Why so? Well, I think the Wikimedia Foundation expressed it perfectly in the email it sent to Phorm: “…we consider the scanning and profiling of our visitors’ behaviour by a third party to be an infringement on their privacy.”
Trust me, I’m a worm writer
Last month I warned about hiring hackers, or to be more exact, about hiring un-rehabilitated hackers fresh from their crimes as opposed to those poacher-turned-gamekeeper types who’ve switched sides over many years. Now it seems there are even people hiring worm writers, while the worms they’ve released are still active and causing chaos on the net. Let’s get real here and inject a dose of long-trousered common sense – hiring any new employee always involves trust, in no small amount, but how could I, you or anyone place such trust in someone whose hands are still sticky from the stolen honey-pot?
As I write this column, it’s only a week since two worms badly hit social-networking site Twitter. Both exploited a cross-site scripting vulnerability, but instead of alerting Twitter techs to this security flaw the 17-year-old author of both worms chose to set them loose, one after the other, in his own words to “give the developers an insight on the problem”. Yeah right, and if you believe that you’ll probably want to offer the kid a job – which is exactly what someone has done while his worms are still wriggling in the ground. This kid is no hacker supremo or technical whizz, he’s someone who exploited a vulnerability with no thought for the users who were impacted, and who did so in order to publicise his own website (with the first worm) and then himself (with the second). It saddens me that someone can release a worm into the wild that effectively says “look at me”, and then find employment as a direct result. As security consultant Graham Cluley at Sophos points out, all this kid did was prove that “he had no problem with acting irresponsibly”, and the actions of his new employer will encourage “other youngsters to behave irresponsibly”. Do we seriously want a load of me-too kids jumping on this bandwagon on the off-chance they might get a job out of it?