DOCSLIB.ORG

A Company Promises the Deepest Data Mining Yet - New York Times

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
A Company Promises the Deepest Data Mining Yet - New York Times A Company Promises the Deepest Data Mining Yet - New York Times http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?_... March 20, 2008 A Company Promises the Deepest Data Mining Yet By LOUISE STORY Amid debate over how much data companies like Google and Yahoo should gather about people who surf the Web, one new company is drawing attention — and controversy — by boasting that it will collect the most complete information of all. The company, called Phorm, has created a tool that can track every single online action of a given consumer, based on data from that person’s Internet service provider. The trick for Phorm is to gain access to that data, and it is trying to negotiate deals with telephone and cable companies, like AT&T, Verizon and Comcast, that provide broadband service to millions. Phorm’s pitch to these companies is that its software can give them a new stream of revenue from advertising. Using Phorm’s comprehensive views of individuals, the companies can help advertisers show different ads to people based on their interests. “As you browse, we’re able to categorize all of your Internet actions,” said Virasb Vahidi, the chief operating officer of Phorm. “We actually can see the entire Internet.” Phorm is not the first company to realize that providers of broadband services are sitting on deep caches of consumer data. Other advertising companies like Front Porch, NebuAd, Adzilla and Project Rialto are trying to do much the same thing. What distinguishes Phorm is the success — and scrutiny — it has had in the British market. Three major Internet service providers in Britain — BT, Carphone Warehouse and Virgin Media — have signed on to work with Phorm, which is incorporated in Delaware and was founded in 2002. Phorm says that these deals give it access to the Web-surfing habits of 70 percent of the British households with broadband. Phorm requires its partner companies to let customers opt out of the tracking, but it leaves it up to those partners to determine how to tell people about the opt-out option. The British government is investigating the privacy ramifications of this system, and consumer advocates in Britain say that it should be set up as an opt-in, if it is allowed at all. An influential research center called the Foundation for Information Policy Research has called Phorm’s system illegal and has asked the government to stop it. Phorm says its technology protects users’ privacy by creating a random number that is associated with a person’s Web surfing patterns, rather than using a person’s name or other information. Phorm puts a 1 of 2 1/18/2009 1:30 PM A Company Promises the Deepest Data Mining Yet - New York Times http://www.nytimes.com/2008/03/20/business/media/20adcoside.html?_... cookie, a small bit of computer code, on a person’s computer to tie his or her Web-surfing to the random number and then saves only that number in advertising categories like types of cars or clothing. Although companies like Google employ users’ I.P. addresses to store their search queries, Phorm says that its technology blocks the company from finding out personal information, like people’s names, I.P. addresses that identify their computers, or information about health, for example. Despite harsh criticism in Britain — from people like Timothy Berners-Lee, who helped create the World Wide Web — Phorm says its systems will withstand the scrutiny. “Anyone who wants to look at it is more than welcome to come,” Mr. Vahidi said. “Because we feel very comfortable that our claims are true.” Copyright 2008 The New York Times Company Privacy Policy Search Corrections RSS First Look Help Contact Us Work for Us Site Map 2 of 2 1/18/2009 1:30 PM.
Load more

Recommended publications
  • Security Forum Strategic Panel Phorm Position Paper
    Security Forum Strategic Panel Phorm Position Paper PHORM – PRIVACY IMPACT OF NEW INTERNET ADVERTISING MECHANISMS 1. INTRODUCTION 1.1. Online advertising company Phorm has caused a stir in the Internet community because of its profile-driven service. Phorm has trialled this service with BT, and signed further contracts with Virgin Media and TalkTalk. However, critics claim that the service breaches the Regulation of Investigatory Powers Act (2000), and that Phorm’s approach is contrary to users’ privacy wishes. 1.2. The BCS believes that the solution to this debate rests in self-regulation of online advertising: companies must establish and enforce a code of conduct; be completely transparent about their practices; resist sharing data with third parties; and submit to ongoing oversight from an independent third party organisation. 2. THE BATTLE FOR THE INTERNET 2.1. The massive market for online advertising is one that affects every Internet user: many search engines and websites depend upon advertising revenues for funding, and some ISPs use advertising to subsidise subscription costs. In the absence of those funding sources they would either have to pass on additional operating costs to users, or cease trading altogether. 2.2. The battle for control of Internet advertising had, until recently, been confined to a small number of (rapidly consolidating) players including the likes of Microsoft, Google, Yahoo! and DoubleClick. These well-established companies have built their offerings over many years and believed themselves to control the market, with little threat from new companies. 2.3. However, a new breed of online advertising company has recently appeared.
    [Show full text]
  • Phorm PIA Interim
    80/20 Thinking Ltd: Interim PIA for Phorm Inc 1 80/20 Thinking Ltd First Stage (Interim) Privacy Impact Assessment For Phorm Inc. February 10, 2008 80/20 Thinking Limited Registered office: 4th floor, 18 Pall Mall, London, SW1Y 5LU Company number 06483833 80/20 Thinking Ltd: Interim PIA for Phorm Inc 2 INTRODUCTION Phorm Inc has engaged 80/20 Thinking Ltd to deliver a Privacy Impact Assessment (PIA) as an integrated component of product development and deployment of its technology. This document serves as an Interim (first stage) report that will lead to the publication of a full PIA in March 2008. The commissioned work involves the following elements: • Scoping the technology and engineering elements to assess privacy functionality. • Assessment of due diligence and compliance aspects. • Conducting a full risk assessment of presentational and other elements of the product launch and deployment. • Working collaboratively to develop a sustainable privacy framework within the organisation. • Conducting privacy training to all Phorm staff. • Auditing the privacy policies. • Developing an outreach and stakeholder engagement process. • Creating a rapid response privacy reporting & response regime. • Follow-up for nine months, involving meetings with the executive team. As this assessment is being conducted relatively late in the lifecycle of Phorm’s product deployment, 80/20 Thinking has developed a “late stage implementation” PIA model that aims to satisfy most, if not all, of the criteria of a “full product cycle” PIA. This model is specifically designed to assist the implementation of a risk mitigation strategy for the implementation and lifecycle of IT projects that either involve personal data or which deploy potentially complex or controversial technologies and techniques.
    [Show full text]
  • Shunned Profiling Technology on the Verge of Comeback
    Dow Jones Reprints: This copy is for your personal, non-commercial use only. To order presentation-ready copies for distribution to your colleagues, clients or customers, use the Order Reprints tool at the bottom of any article or visit www.djreprints.com See a sample reprint in PDF format. Order a reprint of this article now WHAT THEY KNOW November 23, 2010, 11:31 p.m. ET Shunned Profiling Technology on the Verge of Comeback By STEVE STECKLOW and PAUL SONNE One of the most potentially intrusive technologies for profiling and targeting Internet users with ads is on the verge of a comeback, two years after an outcry by privacy advocates in the U.S. and Britain appeared to kill it. The technology, known as "deep packet inspection," is capable of reading and analyzing the A History of Phorm "packets" of data traveling across the Internet. It can be far more powerful than "cookies" and other techniques commonly used to track people online because it can be used to monitor all online activity, not just Web browsing. Spy agencies use the technology for surveillance. Now, two U.S. companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people's privacy with steps that include obtaining their consent. They also say they don't use the full power of the technology, and refrain from reading email and analyzing sensitive online activities. Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads More interactive graphics and photos to people based on extremely detailed profiles of their Internet activity.
    [Show full text]
  • The Case for a Right of Audit in Private Databases
    LITTLE BROTHER'S BIG BOOK: THE CASE FOR A RIGHT OF AUDIT IN PRIVATE DATABASES Preston N. Thomast I. INTRODUCTION To even the most dedicated scholars, the concept of privacy has proven "ex- asperatingly vague and evanescent"' and "infected with pernicious ambigui- ties."2 Because privacy is difficult to define, it does not fit neatly into existing legal frameworks.3 Instead, privacy has produced years of "well-meaning but intractable debates."4 English legal scholar and privacy advocate Raymond Wacks suggests that "[i]nstead of pursuing the false god of 'privacy', attention should be paid to identifying what specific interests of the individual we think the law ought to protect."' Following this advice, many legal scholars grappling with the problem of protecting privacy have advocated a more operationalized view of privacy that breaks the abstract concept into concrete assertions more readily incorporated t J.D. Candidate, May 2010, The Catholic University of America, Columbus School of Law. The author wishes to express his deep gratitude to the associates and editors of the Com- mLaw Conspectus for their hard work on this project. I Daniel Solove, "I've Got Nothing to Hide " and Other Misunderstandings of Privacy, 44 SAN DIEGO L. REV. 745, 754 (2007) (quoting ARTHUR R. MILLER, THE ASSAULT ON PRI- VACY: COMPUTERS, DATA BANKS, AND DOSSIERS 25 (1971)). 2 Id. at 754 (quoting Hyman Gross, The Concept of Privacy, 42 N.Y.U. L. REV. 34, 35 (1967)). 3 RAYMOND WACKS, PERSONAL INFORMATION: PRIVACY AND THE LAW 10-11 (1989). Wacks argues that a rights-based approach to privacy, as opposed to a holistic approach, will avoid forcing personal information problems into the "strait-jacket of 'privacy."' Id.
    [Show full text]
  • The Phorm “Webwise” System
    The Phorm \Webwise" System Richard Clayton, 4th April 2008 Introduction On Wednesday 26th March 2008 I put on my \hat" as Treasurer of FIPR and accompanied Becky Hogge, Director of the Open Rights Group, to a meeting with Phorm, the company whose advertising platform has been much in the news lately. We had a wide-ranging briefing about the technical aspects of their system, the way in which it preserves privacy and their vision of how it will transform online advertising. The meeting was very technical throughout, and these notes reflect that. Doubtless more user-friendly explanations will be provided in time. The meeting was entirely on the record, with the sole agreed exception of Phorm telling us the identities of their suppliers of \phishing" URLs. They fully understood that we would be writing about what we learnt from the meeting. Some of the information which was imparted had already been made public in various places, but a fair bit is entirely new. I provided an initial draft of this document to Phorm, who corrected a handful of details (mainly timeout periods) which they'd mis-remembered in the meeting, and pointed out a couple of errors I'd made { which I have been happy to correct. Because the relevant person was travelling, this has engendered a slight delay, but I felt that the resulting accuracy of the document made this worthwhile. Naturally, when describing such a complex system, there is ample opportunity for errors to creep in, or important detail to have been glossed over. A single meeting is inadequate for delving into every detail { hence it must be assumed that there is still more to be usefully learnt about the system's operation.
    [Show full text]
  • Article Profiling Phorm
    Profiling Phorm: an autopoietic approach to Article the audience-as-commodity Andrew McStay Bangor University, Wales. [email protected] Abstract As advertisers’ media spend on online advertising continues to increase, there exists a need to update the means by which we understand and critique advertising. Reliance on textual analysis and visuality is of little use in a milieu increasingly predicated on technics and surveillance. A post-hegemonic critique is advanced here that argues for a stronger understanding of feedback relations and the means by which we as users contribute to heterogeneous advertising experiences. This paper progresses and updates Dallas Smythe’s (1977) audience-as-commodity argument. It examines developments in online behavioural advertising that employs deep-packet inspection (DPI), which has caused consternation to technologically savvy consumers, privacy activists and regulators. Drawing upon the case study of Phorm that received national media attention in the UK and policy-maker attention in Europe, this paper highlights key features of DPI-based advertising, non-personally identifiable profiling and their implications for contemporary commercial autopoietic feedback relationships where users themselves are a fundamental component of online behavioural advertising practices. Introduction As Ball et al. (2006) recognise, critical accounts of surveillance technologies benefit from an understanding of technological and political specifics, as well as theoretical conceptualisation. This paper thus initially offers a detailed exposition of behavioural advertising technologies, drawing on the privacy situation in Europe involving Phorm, the behavioural advertising company whose intentions to roll out deep-packet inspection (DPI) across the most popular UK broadband providers received a severe reception from interested citizens, privacy activists and the European Commission alike.
    [Show full text]
  • This Item Was Submitted to Loughborough's Institutional
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by Loughborough University Institutional Repository This item was submitted to Loughborough’s Institutional Repository (https://dspace.lboro.ac.uk/) by the author and is made available under the following Creative Commons Licence conditions. For the full text of this licence, please go to: http://creativecommons.org/licenses/by-nc-nd/2.5/ Privacy Impact Assessments: the UK experience Dr Adam Warrena, Robin Bayleyb, Professor Colin Bennettb, Andrew Charlesworthc, Dr Roger Clarked, Professor Charles Oppenheime aDepartment of Geography, Loughborough University, UK. Email: [email protected] bLinden Consulting, Inc., Victoria, BC, Canada cSchool of Law, Bristol University, UK dXamax Consultancy Pty Ltd., Chapman, ACT, Australia eDepartment of Information Science, Loughborough University, UK Abstract This paper builds on original work undertaken as part of a team of researchers into Privacy Impact Assessments (PIAs), defined as a systematic risk assessment tool that can be usefully integrated into decision-making processes. The team were commissioned by the UK Information Commissioner’s Office (ICO) in June 2007 to develop a study of PIAs in overseas jurisdictions and a handbook to guide UK organisations through the PIA process. This research has subsequently attracted interest in the UK and overseas. PIAs are now mandatory for all UK central government departments. In this paper, the development of the project team’s PIA methodology and subsequent user experiences led to a key project output, the PIA handbook. The handbook has become a significant part of the privacy ‘toolkit’ and has impacted on public policy.
    [Show full text]
  • Freedom on the Net 2011
    1 FREEDOM HOUSE Freedom on the Net 2011 UNITED KINGDOM 2009 2011 POPULATION: 62.2 million INTERNET FREEDOM Free Free TATUS INTERNET PENETRATION: 84 percent S 0 WEB 2.0 APPLICATIONS BLOCKED: No Obstacles to Access 2 1 SUBSTANTIAL POLITICAL CENSORSHIP: No Limits on Content 7 8 BLOGGERS/ONLINE USERS ARRESTED: Yes Violations of User Rights 14 16 PRESS FREEDOM STATUS: Free Total 23 25 INTRODUCTION The United Kingdom has high levels of internet penetration, and online freedom of expression is generally respected. However, both the government and private parties have presented ongoing challenges to free speech rights in connection with antiterrorism efforts, public order, and intellectual property. The biggest controversy in the past year was the adoption of the Digital Economy Act on the last day of the outgoing government in April 2010. The law allows for the blocking of websites as well as the cutting off of user accounts based on claims of intellectual-property rights violations. In a positive development, the newly elected coalition government has promised to review and repeal a number of laws that negatively affect online free expression and privacy. The United Kingdom has been an early adopter of new information and communication technologies. The University of London was one of the first international nodes of the ARPAnet, the world‟s first operational packet switching network that later came to compose the global internet, and the Queen sent her first ceremonial email in 1976. Academic institutions began to connect to the network in the mid 1980s. Internet service providers (ISPs) began appearing in the late 1980s and more general commercial access was available by the early 1990s.
    [Show full text]
  • Nebuad Report Final
    NebuAd and Partner ISPs: Wiretapping, Forgery and Browser Hijacking Robert M. Topolski Chief Technology Consultant Free Press and Public Knowledge June 18, 2008 Executive Summary This report addresses the technical aspects of NebuAd, a targeted behavioral advertising company with offices located in the United States and United Kingdom that recently began seeking deals with Internet Service Providers (ISPs). NebuAd recently made headlines when the cable operator Charter announced that it had struck a deal with the company. Charter’s announcement prompted public and congressional inquiries into NebuAd’s practices, including a letter from Rep. Ed Markey (D-Mass.) and Rep. Joe Barton (R-Texas). NebuAd has also been deployed by WOW!, Embarq, Broadstripe, CenturyTel, Metro Provider and others. To determine NebuAd’s practices, this investigation used sound and reproducible network testing methods. The investigation concludes that NebuAd’s advertising hardware monitors, intercepts and modifies the contents of Internet packets using Transmission Control Protocol on Internet Protocol (TCP/IP). In doing so, NebuAd commandeers users’ Web browsers and collects uniquely identifying tracking cookies to facilitate its advertising model. Apparently, neither the consumers nor the affected Web sites have actual knowledge of NebuAd’s interceptions and modifications. NebuAd exploits several forms of “attack” on users’ and applications’ security, the use of which has always generated considerable controversy and user condemnation, including browser hijacking, cross-site scripting and man-in-the-middle attacks. These practices -- committed upon users with the paid-for cooperation of ISPs -- violate several fundamental expectations of Internet privacy, security and standards-based interoperability. Moreover, NebuAd violates the Internet Engineering Task Force (IETF) standards that created today’s Internet where the network operators transmit packets between end users without inspecting or interfering with them.
    [Show full text]
  • Who Wants to Snoop on Your Internet Traffic?
    Who wants to snoop on your Internet traffic? Dr Richard Clayton BCS, Hertfordshire 30th September 2009 verview • Phorm • Great Firewall of China (GFC) • Peer-to-Peer (p2p) • Internet Watch Foundation (IWF) • Interception Modernisation Programme (IMP) • …and many more Behavioural advertising • Advertising is big bu$ine$$! • Basic Google model is —put ads on relevant pages“ • Alternative approach is —show ads that are relevant to people who happen to visit“ ° DoubleClick tracks visits to participating sites by cookies (returned to DoubleClick) ° Phorm proposed to inspect HTML on (almost) all visited pages to deduce nature of content, then serves relevant advert if you visit a participating site • Advertisers want to know what you do, not who you are ° they break people down into categories ° ABC1, —empty nesters“, lots of fancy new names…. • So they can live with anonymity Phorm design #1 Layer 7 switch 16byte unique ident channel server profiler anonymiser Phorm design #2 2istilled pages attack advertising consumers CleanFeed content format leading document OIX inquiry event ISP online partners Phorm legal Phorm packets technology PIA Virgin paper privacy PDF websites School Webwise system system Thinking This is what all those rubbish search engines used to do before Google came along! Channel server • Channel server is also told about URLs • Hence channel server is also told of search terms (Google &c keep them within the URLs) and these are then mined • Channel server only learns UID not IP address ° hence some —anonymity“ properties
    [Show full text]
  • BT Shelves Phorm's Web Usage Monitoring for Ads 7 July 2009, by ROBERT BARR , Associated Press Writer
    BT shelves Phorm's Web usage monitoring for ads 7 July 2009, By ROBERT BARR , Associated Press Writer (AP) -- British telecommunications provider BT "To allow someone to snoop on your Internet traffic PLC is indefinitely shelving plans to target online is to allow them to put a television camera in your advertising to individual customers by using Web room, except it will tell them a whole lot more about monitoring techniques that have drawn privacy you than the television camera," Berners-Lee said complaints. in March at a Parliamentary event where he clashed with Phorm's chief executive, Kent BT announced this week that it had no immediate Ertugrul. plans to deploy Phorm Inc.'s Webwise ad-targeting system for BT's 4.8 million broadband customers, Phorm has said its system would ask users saying it needed to spend its resources on more whether they wanted to use the Webwise system, urgent projects. BT did not address the privacy and that it would not store browsing histories or concerns in its statement. Internet Protocol addresses, the online equivalent of a street address. Shares in Phorm fell Tuesday for a second day. The company has said it received assurances from In the United States, potential partners for a similar the British government that its technology can be ad-targeting system from NebuAd Inc. began operated lawfully. The European Union, however, backing out amid privacy complaints and has started legal action against Britain for not congressional inquiries, prompting NebuAd to shut applying EU data privacy rules to Internet down. monitoring such as Phorm's activities.
    [Show full text]
  • Deep Packet Inspection, Public Pressure and Regulatory Actions
    Deep Packet Inspection, Public Pressure and Regulatory Actions Comparative Cases on Online Copyright Enforcement and Behavioral Targeted Advertising Andreas Kuehn, Milton Mueller School of Information Studies, Syracuse University www.deeppacket.info Talk @ HIIG, Berlin, Oct 24, 2012 Flyer der Digitale Gesellschaft e.V. zum Thema DPI, Oktober 2012. Source: https://digitalegesellschaft.de/wp-content/uploads/2012/10/dg_dpi_FINAL1.pdf Stellen Sie sich vor, die Post öffnet alle Ihre Briefe und liest den Inhalt. Manche schreibt sie um – und andere schmeißt sie einfach weg. Das klingt absurd? Genau das passiert mit Ihren Daten im Internet Flyer der Digitale Gesellschaft e.V. zum Thema DPI, Oktober 2012. Overview • Introduction – What is DPI? – DPI Capabilities and Applications • Cases: Online Copyright Enforcement • Cases: Online Behavioral Advertising – Proposed 4-Stage Disclosure Pattern • Conclusion • Q&A Deep Packet Inspection SPI Header DPI Payload Deep Packet Inspection Key Features • DPI pertains to information in motion, not information at rest. Technical Capabilities • Recognition • Manipulation • Notification Applications and Deployments • Using these three basic capabilities, vendors and network operators build DPI applications. • The list of DPI use cases is long and the lines between them are blurry. DPI as “Disruptive Technology” • Tension or conflict with three fundamental principles of Internet governance: – The end to end argument (a.k.a. net neutrality) – Intermediary immunity – Expectations of privacy General Research Question
    [Show full text]