I Know What You Typed Last Summer

New Scientist magazine reports that over a dozen American ISPs have been intercepting users’ web searches and responding with their own “results”. They implemented technology from a company called Paxfire, which scans the users’ input and redirects requests containing specific terms to an online advertising agency. The users then received, not the list of “hits” they expected, but the direct web page which the advertiser decided was appropriate (i.e. the one they were being paid to promote).

Researchers at Berkley identified some of the matching search terms, including “apple”, “safeway” and “dell”. So, for example, a customer using a search engine to search for “apple” was immediately redirected to Apple’s retail website. Just to be clear, this was a service which Apple and the other clients were paying for.

And to get right to the point, interception of communications without a warrant is illegal in the United States (except under President Bush). All the ISPs have now stopped the practice, but a lawsuit has been filed in a New York dictrict court against Paxfire and RCN, one of the ISPs.

Cyber SpyingEuropean law takes a similarly dim view of Internet “wiretaps”. Some years ago, it emerged that BT had secretly trialled technology in the UK from another American company, Phorm, which also scanned users’ input, in this case not just searches, but everything. But unlike the Paxfire system, the objective here was to identify and track users’ interests so that they could be served directed advertising by websites which normally carry adverts.

The EU commission raised the issue with the UK government, and failing to receive any adequate response, initiated infringement proceedings against the UK in April 2009. This application to the European Court of Justice was suspended in May 2011 in response to a UK Parliamentary amendment of the 2000 Regulation of Investigatory Powers Act to clarify that BT’s actions were indeed illegal. However, the UK’s Crown Prosecution Service decided that it would “not be in the public interest” to take BT and Phorm to court.

Incidentally, if BT is still your ISP, your “Terms and Conditions” still contain a carefully-worded statement to say that if you use their service you implicitly agree to have all your Internet materials scanned, including incoming and outgoing e-mails. Nice.

In the American case, the ISPs initially intercepted searches on services including Bing, Yahoo! and Google (possibly others) but dropped Google after that company complained. Google, of course, are firmly on the side of the user and implacably opposed to scanning or intercepting Internet communications.

Nah, I’m only kidding. Google’s entire business model is based on that sort of thing. I had direct experience of this the other day when I did a Google search. I noticed that the first page of hits were all about open source software, even though that had only a very peripheral connection to my search.

So I started a “Private browsing” session (I use Firefox; but Chrome, Safari, Opera and IE8 also have the feature.) The exact same search terms resulted in an entirely different set of results, this time being more relevant to what I was actually looking for. It’s clear that Google, helpfully, was previously giving me results it thought I wanted, not the most accurate that the famous “algorithm” could come up with.

There’s only one lesson to draw from all of these incidents: if it’s possible to spy on you, then it will happen. Or, to put it another way, never do anything on the Internet if you’d prefer the whole world didn’t know about it.

List of ISPs that redirected search queries

Cavalier
Charter
Cincinnati Bell
Cogent
Frontier
Hughes
IBBS
Insight Broadband
Iowa Telecom
Megapath
Paetec
RCN
Wide Open West
XO Communication

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s