By George Mensah
Privacy has never been more important to people than in today’s surveillance-intensive society. Unless you’re willing to share your secret habits or quirky preferences on, for instance, social networking sites, direct attempts to find out what they are could be considered nosey, to say the least.
So it isn’t really surprising then that when Phorm allowed their software to be trialled without public consent, the backlash came thick and fast.
After a huge amount of damning press for the online advertising company, its actions were judged as being nothing short of illegal. While the service may have offered some benefit and the data collected is said to be anonymous, the secretive nature of Phorm’s actions has dented what would have otherwise been a harmless exercise, that selected users might have even volunteered for.
But while companies will argue that the service is designed to encourage better and more targeted advertising, the idea that someone is able to see your browsing history, the entire content of every single web page you visit and even read your web based mail poses serious questions. While companies may claim this information is discarded as a matter of course, I can’t help but wonder if our online personal data will ever be truly secure? If Phorm can access this data so easily, without our knowledge or approval, how well are ISPs protecting their customers?
For example, prior to the Phorm frenzy, there had been a lot of talk surrounding Google and its retention of web data, an issue that seems to have been swept under the carpet, especially now that it is aiding police in the search for illegal pornography – however, it’s deeply worrying that the Home Office now view traffic from websites as being publicly available and thus legal to intercept.
I’m sure we’ll see more attempts to get people to either consent to having their browsing habits analysed, or companies trying to circumvent the law and jump through loop holes to get at, manipulate and sell the data, but companies should heed this warning – people will only ever accept this intrusion if it is opt-in rather than opt-out. Because if it’s not the former, I doubt very much that this is the last we’ll hear of this very modern invasion of privacy.
Firstly, an introduction, I work in online advertising and manage a very successful (and growing) behavioural targeting product for the UKs leading network. I am therefore both bias, and informed (inphormed?).
Phorm will be a competitor to our business, but we welcome them; the more competition, the more stringent the standards and the more everyone in the industry will be audited, checked and scrutinised. We win, advertisers win, consumers win.
Inside the industry, these privacy issues are largely irrelevant. Yeah, yeah, of course I would say that, right? Seriously though, all we know (actually, all we knew) was that a computer has seen a URL, or a cookie placed by the site. We know when that happened too. Frightening? Intrusive? By the time the data becomes usable, the actions are in the past, the details of it are gone, it is aggregated to be one of hundreds of thousands of cookies who have also done the action. Still frightening? Still intrusive? Really?
Example: you go to a gadget site. You get a cookie (or, in the case of Phorm, you get recorded into their system). You then get on Facebook chatting about whatever people chat about, and you get an ad for a new mp3 player, or a new TV, or a download service. Would you really prefer to get an ad for shampoo? Really?
Anyway, Phorm are sourcing their data from ISPs. The ISPs need to be above board, so it will be a very visible opt in requred from every user. If you do opt in, you get more targeted ads, and some protection from Phishing types (now there's an issue). If you opt out, you carry on as normal. ISPs are going to make lots of money from the extra revenue this provides, meaning that monthly subscription rates make a smaller percentage of their revenue. I would bet that if, say, less than 50% of people opted in, we could see monthly cash incentives (£5 off your internet bill a month, anyone?).
Who doesn't want that?
Personally, I am more concerned by the new CCTV cameras our parent company have installed in our office.
Posted by: Neil | 23 April 2008 at 15:35
Go baby! Woo! That's my man! xxx
Posted by: Nadene Engwell | 24 April 2008 at 13:36
Neil, it's the visibility of the opt in/opt out process that worries me! especially given the fact that privacy issues are "largely irrelevant in the industry". Currently, only Carphone Warehouse have a policy that gives customers a choice, while BT and Virgin automatically enrol anyone who has not explicitly asked to be excluded. Whether user data is accessible or lost in millions of cookies, their actions cannot be excused.
Posted by: George | 25 April 2008 at 12:47
Given my last meeting with the company involved, that last entry is factually incorrect.
Posted by: Neil | 25 April 2008 at 14:04
So in that case, why haven't they asked the BBC to retract this "factually incorrect" comment? Concerns have already been raised this week about what they consider to be "inphormed consent", only giving hints that most ISPs will choose an opt-out solution. Phorm are now spending time educating security vendors on how the system works, hoping to salvage some respect. But the truth is, they were underhanded in the first place.
Posted by: George | 25 April 2008 at 16:53