Comments on: Ernst & Young audit overlooks Phorm’s violation of its own privacy policy http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/ watching technology Tue, 27 Oct 2009 18:51:58 -0400 http://wordpress.org/?v=2.8.4 hourly 1 By: Hal Roberts / Popular Chinese Filtering Circumvention Tools DynaWeb FreeGate, GPass, and FirePhoenix Sell User Data http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/comment-page-1/#comment-109 Hal Roberts / Popular Chinese Filtering Circumvention Tools DynaWeb FreeGate, GPass, and FirePhoenix Sell User Data Mon, 12 Jan 2009 11:35:58 +0000 http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/#comment-109 [...] the browsing histories of its users, which is a big step beyond what companies like NebuAd and Phorm were / are trying to do. NebuAd and Phorm are at least adding a variety of pseudonymity and privacy [...] [...] the browsing histories of its users, which is a big step beyond what companies like NebuAd and Phorm were / are trying to do. NebuAd and Phorm are at least adding a variety of pseudonymity and privacy [...]

]]> By: aluxeterna http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/comment-page-1/#comment-4 aluxeterna Mon, 04 Aug 2008 14:12:22 +0000 http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/#comment-4 Thank you for helping to spread the word about this. There is a bit of noise in the tubes about this, but still far too little scrutiny. Keep up the good work! Thank you for helping to spread the word about this. There is a bit of noise in the tubes about this, but still far too little scrutiny. Keep up the good work!

]]> By: hal http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/comment-page-1/#comment-3 hal Thu, 31 Jul 2008 01:56:02 +0000 http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/#comment-3 Hi Richard, I am not a lawyer. I'm just a lowly computer geek who's done various computer geeky things (coding, systems, tech consulting, etc) for the Berkman Center for Internet & Society at Harvard Law School for the past six years. Lately, I've been spending most of my time at the Berkman Center on research projects that straddle social and technical issues, including a surveillance project that has me looking into dpi monitoring. This particular case does not require formal computer science or legal qualifications, though. The language in the privacy policy is plain, as is the language in the technical document by Richard Clayton. The privacy policy says that Phorm won't share its IDs with anyone else, but the technical description they gave to Richard Clayton says that they do. Notice that I don't speak to the question of whether Phorm is liable in any way for its violation of its privacy policy. The point of the post is just that Phorm is plainly and obviously violating its own privacy policy and that Ernst & Young should be ashamed that they didn't find and disclose that violation. Hi Richard,

I am not a lawyer. I’m just a lowly computer geek who’s done various computer geeky things (coding, systems, tech consulting, etc) for the Berkman Center for Internet & Society at Harvard Law School for the past six years. Lately, I’ve been spending most of my time at the Berkman Center on research projects that straddle social and technical issues, including a surveillance project that has me looking into dpi monitoring.

This particular case does not require formal computer science or legal qualifications, though. The language in the privacy policy is plain, as is the language in the technical document by Richard Clayton. The privacy policy says that Phorm won’t share its IDs with anyone else, but the technical description they gave to Richard Clayton says that they do.

Notice that I don’t speak to the question of whether Phorm is liable in any way for its violation of its privacy policy. The point of the post is just that Phorm is plainly and obviously violating its own privacy policy and that Ernst & Young should be ashamed that they didn’t find and disclose that violation.

]]> By: Richard Schmikel http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/comment-page-1/#comment-2 Richard Schmikel Wed, 30 Jul 2008 21:28:49 +0000 http://blogs.law.harvard.edu/hroberts/2008/07/25/ernst-young-audit-overlooks-phorms-violation-of-its-own-privacy-policy/#comment-2 Dear Hal, It is a very interesting piece you have written here in your blog. I wonder on your "about" page you do not mention your academic background. I would be interested to know your credentials. There is a lot of talk at the moment on the internet about Phorm, NebuAd and other outfits who wish to profile individuals, but alas very little of the debate is disciplined. Whether you have read or are reading law, and whether you have any formal computer science qualifications would greatly interest me. Dear Hal,

It is a very interesting piece you have written here in your blog. I wonder on your “about” page you do not mention your academic background. I would be interested to know your credentials. There is a lot of talk at the moment on the internet about Phorm, NebuAd and other outfits who wish to profile individuals, but alas very little of the debate is disciplined. Whether you have read or are reading law, and whether you have any formal computer science qualifications would greatly interest me.

]]>