NNSquad - Network Neutrality Squad

NNSquad Home Page

NNSquad Mailing List Information

 


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ NNSquad ] UK ISPs to Spy on Google Users (and Others)


                 UK ISPs to Spy on Google Users (and Others)

                http://lauren.vortex.com/archive/000375.html


Greetings.  Given the CCTV surveillance fetish in the UK these days,
it seems somehow sickly appropriate that British ISPs are in the
forefront when it comes to spying on the content of their
subscribers' Web browsing -- and it appears that Google users are in
the bull's-eye.

Most of the related media attention so far has revolved around the
manner in which the three largest UK ISPs have gone to bed with
"Phorm" -- toward the goal of monetizing Web browsing habits of
subscribers and providing targeted ads
( http://www.theregister.co.uk/2008/02/29/phorm_roundup/ ).

Of course, there's a lot "soothing" promotional blather on the BT
site claiming that the data collected regarding the sites that you
visit is quickly deleted or anonymized.  And while officially the
ISPs claim that they haven't made a decision about opt-out vs.
opt-in, the current British Telecom limited deployment -- they call the
"service" "Webwise" ( http://webwise.bt.com/webwise/index.html )
and promote it as mainly an anti-phishing system -- appears to be
opt-out (requiring either maintaining a special cookie in your
browser or blocking all cookies from a particular site).

Third-party tracking of the Web sites that you visit is bad enough,
but Webwise (and presumably the other incarnations of the Phorm
system) go one big step farther -- they actually *spy* on your
Web content and extract for their own use the search terms that you
enter into search engines:

   "We [Webwise] use the website address, keywords and search terms
    from the page viewed to match a category or area of interest
    (e.g., travel or finance)."

Given that the vast majority of searches these days are conducted
with Google, it's obvious that this ISP-based system will be
attempting to monetize the vast number of search transactions
between users and Google, in a technical manner that seems eerily
similar to wiretapping.

This is unbelievably intrusive and unacceptable, except perhaps on a
fully-informed opt-in basis.  When I use a search engine -- let's
say Google -- I am expressing an implicit belief that my search data
will not be abused or misused by Google.  I have made no such
determinations regarding any use in any manner of this search query
data by ISPs or their partners. 

I'm communicating with Google.  Period.  I don't care if the ISPs
claim that the data is quickly discarded, or anonymized so well that
it looks like an iPhone that's been put through a blender 
( http://youtube.com/watch?v=qg1ckCkm8YI ), nobody but Google and I
have any rights to those search terms!

And we all know that search keywords can be very sensitive.  Names,
addresses, social security numbers (sloppy, but people do it),
searches for new words to be used for domains or product names --
all manner of personally and commercially sensitive information can
be found in search query data.  

Anyone who tried this stunt on such a basis with physical mail or
phone calls they'd probably land in prison.  But ISPs are
increasingly pushing the envelope in terms of spying on and even
altering subscriber Web traffic.  This latest example is utterly
beyond the pale, and it's hard to see how such abusive behavior can
continue to pass legal muster indefinitely.

If subscribers wish to opt-in to such systems with a full
understanding of what's involved -- well, I wouldn't recommend it
but that's their choice.  However, if these systems are fully
deployed in a manner that requires subscribers to opt-out to avoid
having their communications with Google and other search engines
being intercepted, then I foresee some very angry subscribers, and a
particular search services giant who will likely be anything but
amused.

--Lauren--
Lauren Weinstein
lauren@vortex.com or lauren@pfir.org 
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren 
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org 
Co-Founder, NNSquad 
   - Network Neutrality Squad - http://www.nnsquad.org
Founder, PRIVACY Forum - http://www.vortex.com 
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com