Is Phorm Legal?
Ultimately this can only be decided in a court of law.
The Information Commissioner stated that in BT's secret trials of Phorm's technology in 2006 and 2007 a technical breach of the requirements of the PECR regulations occurred. In addition the Information Commissioner had strong reservations about the nature of BT's 2008 invitation page because it concentrated on security advantages rather than on targeted advertising.
Since November 2008, the Crown Prosecution Service Complex Casework Centre has been investigating whether BT acted unlawfully in its 2006 and 2007 trials of Phorm's technology. On 2nd October 2009, Andrew Hadik of the Crown Prosecution Service confirmed to a poster on NoDPI that the matter was still under review.
As for whether Phorm's technology is fully compliant with relevant EU directives the European Commission opened an infringement proceeding against the United Kingdom on 14th April 2009 about the use of Phorm by internet service providers. On Thursday 29th October, the Commission moved to the second phase of this infringement proceeding stating that it would send the UK government a "reasoned opinion" letter, to which it has two months to reply. If the Commission is not satisfied by the response, it can take the matter to the EU court, which could force a change in the law.
Foundation for Information Policy Research Analysis
FIPR Open letter to the Information Commissioner (17th March 2008)
Provides authoritative arguments on why operating Phorm would fall foul of the law.
Also points out that not only the website user has to provide consent for Phorm to intercept traffic:
the website owner must also provide consent.
FIPR Legal Analysis of Phorm (23rd April 2008)
Concludes that deployment by an ISP of the Phorm architecture will
involve breaches of three separate major laws and other illegalities,
for which ISPs will be primarily liable and for
which Phorm Inc will be liable as an inciter.
FIPR Profiling Web Users -- Some Intellectual Property Problems (25th November 2008)
The new article explains how the Phorm system will also infringe the database right
for some website owners. It further shows that the Phorm system will infringe almost
all website owners' copyright. The way that the Phorm system works means that it will
make an infringing copy of the website content; and none of the statutory exceptions
in the Copyright Designs and Patents Act 1988 are applicable.
Regulation of Investigatory Powers Act 2000
Unlawful interception is defined right at the start of the Act
In an email released on 11th March 2008, the Home Office issued advice to Phorm on how its service might be lawful ... if it was undertaken with the highest regard to the respect for the privacy of ISPs' users and the protection of their personal data, and with the ISPs' users consent.
Further clarification of this was provided in the Cable Forum in April 2008 where by mutual agreement the outcome of a series of exchanges between two members of the Cable Forum and the Home Office was published. This advice from the Home Office confirmed that you do not have to be a law enforcement officer to act unlawfully under RIPA: "RIPA provides for an offence of unlawful interception which any person, absolutely anyone, is able to commit." For example, see the Goodman and Mulcaire case or the Stanford case.
On 23rd April 2008, the Foundation for Information Policy Research sent an open letter to the Home Secretary asking for the Home Office to withdraw the advice set out in the March 2008 email.