Does Phorm violate its own privacy policy?
Our Berkman colleague, Hal Roberts, "notes":http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overl... that Phorm (an ISP-based advertising system that has "raised some eyebrows with regard to consumer privacy":http://www.guardian.co.uk/technology/2008/mar/06/internet.privacy) may violate its own privacy policy:
bq. In fact, in a couple of hours of looking at the available technical information I found a significant breach of Phorm’s privacy policy missed by the audit: Phorm’s privacy policy claims that it will not disclose its Phorm IDs to any third parties, but a technical description of the system by Richard Clayton finds that Phorm does indeed share its IDs with web sites in a common usage scenario.
StopBadware.org has been keeping an eye on services such as Phorm and competitors such as NebuAd and Front Porch. At issue is that ISPs may deploy these services, which inspect a user's web traffic to profile the user and serve up relevant ads, without providing the clear notice and opportunity for consent that would give users control over their privacy. We're not alone in being concerned. The "U.S. Congress":http://computerworld.com/action/article.do?command=viewArticleBasic&taxo... and the "European Commission":http://www.theregister.co.uk/2008/07/16/eu_warns_uk_over_phorm/ have both gotten involved after reports of ISPs in the U.S. and the U.K. testing these advertising programs with no notice to their customers.