ICO compares TalkTalk's anti-malware trial to Phorm

 

Gallery

By Nicole Kobie

Posted on 7 Sep 2010 at 08:00

The Information Commissioner’s Office has issued a mild rebuke to TalkTalk, comparing its new anti-malware system to that of controversy-strewn Phorm.

TalkTalk is testing an anti-malware system on its network that looks at the websites users visit to check for malware, adding URLs to a white or black list. Any users who opt into the system will be warned before visiting malware-ridden sites on the black list, the ISP has said.

While the ICO has not publicly condemned the trial, a Freedom of Information Act request submitted by Peter White and listed on MySociety's What Do They Know site, revealed the watchdog asked the ISP for full details of the system, following concerns that consumers hadn’t been warned before the trial started.

In a letter sent to the ISP, Information Commissioner Christopher Graham said he was “disappointed” the trial wasn’t mentioned by TalkTalk at recent meetings between the two organisations, especially “in light of the public reaction to BT’s trial of the proposed Webwise service”, referencing the behavioural advertising system from Phorm.

TalkTalk can hardly plead ignorance of the privacy furore surrounding Phorm. It was one of the three British ISPs that signed a contract with Phorm, before tearing up the deal last summer.

I am concerned that the trial was undertaken without first informing those affected that it was taking place

The ICO said TalkTalk couldn't hide behind the excuse that the anti-malware measures were merely being trialled. “I am concerned that the trial was undertaken without first informing those affected that it was taking place,” Graham said in a letter to TalkTalk at the end of July.

“You will be aware that compliance with one of the underlying principles of data protection legislation relies on providing individuals with information about how and why their information will be used," he added. "You will also be aware that these principles are not suspended simply because the information is being used for the purposes of a trial.”

Mark Schmid, communications director for TalkTalk, told PC Pro that his firm saw no parallels with the Phorm trials. "Our view is that it isn't the right comparison to draw."

Schmid stressed the system looks at websites, not user data, and said the vast majority of the queries TalkTalk has fielded about the system were from website owners wondering why their sites were being scanned, not from the ISP's customers.

TalkTalk has said the system will be opt-in and not look at secure https URLs.

While TalkTalk admitted in its response to the ICO that it should have “mentioned” the test to the watchdog, it added: “No personal data has been collected or processed, and accordingly there was no need to inform customers.”

The ISP also took aim at critical reporting and privacy activists. “It is unfortunate that the media and certain individuals have, without being fully informed, viewed the network testing of the service with suspicion,” it said.

The anti-malware system is expected to be rolled out by the end of the year.

A spokesperson for the data watchdog said it was keeping an eye on the trial. “The ICO is currently looking into the process by which TalkTalk collects data about websites visited on its network. We have requested further details about how data is used and will continue to monitor this service to ensure that it complies with the Data Protection Act.”