News has emerged this week that Phorm, the online-behavioural-advertising company about whom a great deal has been written (including by me) has targeted a new country for its latest attempt to track internet users’ every move: Romania.
Having been kicked out of the UK after a huge struggle a couple of years ago – a struggle from which civil society came out with a lot of credit, not least the Foundation for Information Policy Research and in particular the work of Richard Clayton and Nicholas Böhm, while the UK government came out with a severe amount of egg on its face – Phorm has tried to relaunch its services in a number of other countries. South Korea was the first, then Brazil, both without much sign of success, before the current efforts in Romania.
As a reminder, what Phorm’s services essentially do is ‘intercept’ the instructions a user sends as he or she browses the web – every site visited, every link followed, every click – and uses that information to build up a profile of the user, mostly to enable it to target advertising as accurately as possible but potentially (at least according to the publicity put out by Phorm during their attempts to launch in the UK) to tailor content. In a lot of ways Phorm’s system is only a logical extension of what many other advertisers on the web do – almost everyone’s at it, from Google to Facebook to Amazon (particularly if the stories emerging about the Kindle Fire are true). There are significant differences, however, to even the most privacy-invasive services offered by the others. The most important of these is that it covers ALL your activity on the web: even the latest furore about Facebook tracking you when you’re logged out didn’t get close to that, only potentially tracking you when you visit sites with Facebook links or ‘like’ buttons.
The second difference, almost as important, is that in exchange for these immense invasions of privacy, Phorm offers you nothing except better targeted advertising – something that few people would value very much. All the others give you something quite significant in exchange for their gathering your data: Google offers you very effective search engines, mapping systems, blogging services (including the one on which this blog is hosted) and much more, Facebook provides a social networking service of huge functionality, while Amazon’s Kindle is a lovely bit of kit for a remarkably small price, one that many people enjoy. There’s a ‘bargain’ going on for your data, even if few people fully grasp that this exchange is going on. With Phorm there’s nothing – essentially, they just spy on you for their own benefit, and give you nothing in return. Indeed, they might even harm your browsing, as the ‘interception’ process can potentially slow down your web-browsing.
Phorm failed in the UK, and I for one am very glad that they did. I hope the same happens in Romania, unless they’ve changed their practices significantly. The signs so far, sketchy though they are, do not suggest that this is very likely. Just as they did in the UK, they’ve done a deal with one of the big ISPs, Romtelecom, which is a part state-owned telecoms and internet company, and are looking for business partners. Their product appears to be pretty much the same as it was before, though they do at least mention the word ‘choose’ in terms of customer actions. That ‘choice’ does not seem to amount to much in reality, and indeed there seems to be another twist: they’ve added flash cookies to the system, with the express intention of using them to re-spawn their own status cookies in case you ‘accidentally’ delete them. The precise technical details have not yet emerged: I am looking forward to finding out if they’ve learned the lessons of their previous failures and decided to do something that actually respects the individual users and gives them some kind of real consent process. I’m not exactly waiting with bated breath…
I have a personal connection with Romania – my wife’s Romanian – and that country has experienced far too much of surveillance and invasions of privacy in the past. Indeed, Romania was one of the first countries to hit out against the privacy-invasive Data Retention Directive, their supreme court striking down the implementation of the Directive in their country as unconstitutional in 2009. I am fully confident that they will find a way to fight against this latest intrusion into their privacy. Phorm may have chosen Romania as a ‘soft target’. I suspect they’ll find the reality quite different, unless they’ve seriously changed their spots….