TalkTalk thought it "didn't need to tell customers" about web snooping

TalkTalk’s proposed anti-malware system, which was under fire for installing itself and logging information without the consent of users, is similar to that of phenomenal baddies Phorm, the ICO has suggested.

The finger pointing comes after Peter White submitted a Freedom of Information request to the watchdog, fearing that the ISP’s anti-malware service was invading people’s privacy.

The service on TalkTalk’s network looks at the websites users visit to check for malware, adding URLs to a white or black list. However, Mr White put the request forward claiming that the company had not sought permission from users while undertaking the trials. This raised red flags for anyone with half a brain on privacy, while TalkTalk carried on defending its snooping.

In a letter sent to the ISP, which was posted by Mr White on the What Do They Know site, it was revealed that the watchdog had asked the ISP for full details of the system, following concerns that consumers hadn’t been warned before the trial started.

The Information Commissioner Christopher Graham said he was “disappointed” the trial wasn’t mentioned by TalkTalk at recent meetings between the two organisations, especially “in light of the public reaction to BT’s trial of the proposed Webwise service”, referencing the behavioural advertising system from Phorm.

“I am concerned that the trial was undertaken without first informing those affected that it was taking place,” he said in a letter to TalkTalk.

“You will be aware that compliance with one of the underlying principles of data protection legislation relies on providing individuals with information about how and why their information will be used,” he added. “You will also be aware that these principles are not suspended simply because the information is being used for the purposes of a trial.”

TalkTalk is having none of it. We spoke to Mark Shmid, communications director for TalkTalk, who said to us: “There were no parallels with the Phorm trials”. 

He went as far to say that the “blogging industry had got it mixed up.”

“All the ICO has said is that it was concerned we had not informed our users of the trail. This story is a red herring and we’re more than happy that the [watchdog] has released this information.”

He said that the system bore no resemblance to Phorm as it looks at websites, not user data, and said the vast majority of the queries TalkTalk has fielded about the system were from website owners wondering why their sites were being scanned, not from the ISP’s customers.

However he admitted that the company “didn’t think it needed to tell customers,” using the excuse that the system “didn’t access personal information.”

Similarities behind TalkTalk’s bonkers idea and Phorm are easier to spot than a leopard. Both farm data and up until recently Talk Talk has done its trials without permission. Phorm’s Webwise service uses deep-packet inspection to tailor adverts based on the user’s surfing habits, while Talk Talk views sites under the guise of security. Whether Talk Talk has good intentions or not is beside the point – it still logs data that a user has not expressly given it permission to.

In this day and age when privacy’s top of the agenda it’s baffling to see such an established brand act so gung ho about privacy.