The Ads That Dare Not Speak Their Name

Remember Phorm, the evil data pimps who wanted to collect browsing data on Internet users so that they could deliver targeted advertising?

Well, yes, of course you do. It was only a few months ago that the company effectively folded in the UK, having been battered by a succession of staggeringly stupid PR blunders, leaving their investors seriously out of pocket.

So the world and its dog can breathe a sigh of relief that it's safe from this invidious form of advertising, which threatened to usher in a cataclysm unequalled in the annals of human history, surpassing the plagues of Egypt, the eruption of Krakatoa, the rise of Jedward etc. etc.

Er, actually, no. A little-known Internet firm called Google is doing exactly the same thing, with nary a murmur of discontent from the brave warriors who brought Phorm to its knees. And we're not talking about Google's gentlemanly habit of routinely reading Gmail users' emails so that they can serve them with targeted ads. No, it goes further than that.

Some of our more technically literate readers may know that the world's largest text ad broker has, for ages, served up different search results for users logged into its services, such as Google Calendar or Gmail. These search results are tailored to users' previous browsing behaviour, so if you spend a lot of time on bbc.co.uk/sport, Google search results will place this web page higher up the list when it's asked to search for "sport". This, of course, is an entirely selfless service from Google that helps users gain the most relevant results - and it's only coincidental that it helps them to make more money from behaviourally targeted ads.

No problem with that - Google fanbois presumably read the terms and conditions when they sign up to these services (doesn't everyone?). But now Google is "personalising" search results for any user, anywhere, regardless of whether they're signed in to Google or not, through cookies placed on unwitting users' computers.

We've covered behavioural targeting before and, while we don't think it's inherently evil, we do believe that it requires a delicate approach, along with rigorous adherence to best practice procedures to ensure that users are well-informed and are offered a clear choice about whether they want their browsing profiled. Google haven't gone out of their way to publicise their service; nor to explain how to turn it off (it is, naturally, turned on by default).

If companies continue to implement behavioural targeting in a sly, underhand way - as though it were something to be ashamed about - then one can hardly blame the public for being suspicious of it. Instead of cloaking it in the depths of a terms and conditions form, companies like Phorm and Google should communicate openly on the benefits of targeted ads and offers.

One final question remains: why has privacy campaigner Alex Hanff - the single-handed scourge of Phorm and NebuAd, whose brave and lonely battle against these Internet behemoths ended with a victory that brought dragons and St George to mind - been so silent on this issue? Alex, where are you?

Postscript: Google's CEO Eric Schmidt yesterday trotted out that favourite line of civil-liberties-deniers the world round: "If you have something you don't want anyone to know, maybe you shouldn't be doing it in the first place." (©Richard Littlejohn / David Blunkett). How this statement sits with Google Chrome's infamous Incognito function - which hides your porn viewing from other users - remains unclear.

New Watchdog Chief Bares His Teeth

So, farewell then Richard Thomas. The outgoing Information Commissioner handed over the baton to Christopher Graham last June, and the new head of the ICO has wasted little time in getting stuck into parliament, the courts and newspapers for failing to stop the flourishing trade in illegally obtained personal and confidential information.

The former DG of the Advertising Standards Authority was giving evidence to the Commons media select committee investigating phone-hacking and other unscrupulous press activity. This issue came to a head a couple of years ago with the revelations that the News of the Screw's was tapping Prince William and Harry's mobiles; the fact that it's taken until now to establish an investigation speaks volumes about the procrastination of our pusilanimous parliament.

While it comes as no surprise that tabloid journalists resort to questionable - even illegal - activities in their work,what beggars belief is the complete absence of deterrent in the form of proper punishment. Graham raised this in his evidence to the committee, criticising the goverment for failing to introduce jail terms for hackers and other willful violators of the Data Protection Act, and claimed that custodial sentences could end the practice "at a stroke".

It's worth noting that Clive Goodman, the Screws' former royal editor, did in fact do four months' bird for hacking the Princes' phones, but Graham pointed out that the NotW case was merely part of a much bigger malaise. Graham said that the ICO had tried to sound the alarm about the scale of the problem as far back as 2006, when it published a report showing that 305 reporters were using private investigators. Unfortunately, said Graham, "...we were let down by the courts, who didn't seem to be interested in levying even the pathetic fines they had at their disposal; we were rather let down by parliament in the end, with no legislation; and we were let down by the newspaper groups, which didn't take it seriously."

It's good to see such forthright common sense from the new Information Commissioner - it's a sign that the ICO is fast becoming a Watchdog with real bite. Graham has made a great start, and we will be following his progress with interest.

The Human Factor

There are some pretty thankless jobs out there, several of which we at Data Grub have experienced directly. And, while it can't match the indignity of chicken sexing or the sheer slog of meter reading, working in a bank comes pretty high up the list of crap jobs.

(Obviously, we're talking about working behind the counter of a high street retail bank. The "master of the universe" type banking jobs - with its private jets, champagne, corporate boxes and complete lack of conscience - sounds quite a laugh.)

What's so bad about working in a bank? Well, aside from the constant pressure to sell massive amounts of debt to the sort of people who shouldn't be trusted with real cutlery, there's also the Data Protection Act to deal with. Banks workers have to watch an achingly-bad training video - which looked dated when it was made in 1998 - about the Act, and how to stay on the right side of the law with regards to customers' data.

No doubt this is a video that'll get dusted down and rewatched by the staff of HSBC, after the bank was fined a mammoth £3 million by the FSA yesterday for taking a laughably cavalier attitude towards customers' personal data.

Another depressingly familiar story of data loss, sure, but it did remind us of that lame old video, in which a harrassed data protection officer pours out his worries about the new Act to a psychiatrist. At one point, the shrink tries to calm him down by saying: "It's really just a matter of common sense."

Quite. Unfortunately, the global supply of common sense has been waning since around 1860, and it's currently rarer than platinum.

But ultimately, it's humans who have the biggest bearing on whether a company successfully fulfills its data protection requirement. With all the talk of encryption, virtual private networks, network and site security, it's easy to forget that technology is only as useful as the human operating it - or forgetting to. Organisations spend time and money communicating their privacy policies; here at Data Grub we'd like to see organisations showing exactly what steps they are taking to ensure that their employees are following best practice at all times. People as a rule are pretty stupid, but when there's a corporate culture of sound data protection processes this cuts regrettable incidents to a minimum. And, with data loss stories in the media almost every week, there's also a business case for having a public and comprehensive data protection policy, in the same way as firms boast about their CSR credentials.

Anything to declare?

Ah, America! The world's brightest beacon of democracy and freedom; the New World of limitless opportunity, where hard work and fair play are rewarded with the fabulous bounties of the American Dream.

And who can forget that America was built upon the exertions and human capital of the millions of immigrants - themselves often refugees from war, slavery and famine?

Modern day arrivals in the USA have a slightly different experience from these pioneering immigrants. Gone are the humiliating medical inspections, where those suspected of illness and physical defects were marked with chalk symbols. Instead, visitors are subjected to a terrifying ordeal of interrogation by customs officials, including such charmingly naive questions as "Is it your intention to overthrow the government of the United States?" (WS Gilbert famously answered: "Sole purpose of visit".)

But now it's not just fearsome feds with sunglasses and ear pieces that travellers have to worry about: they could risk having their personal data compromised, including fingerprints, employment history and credit information.

It all stems from a company called Clear, which used to speed its customers through customs for an annual payment of $200. To do this, they asked their customers for the personal data that customs officials need to know about travellers. A quarter of a million customers signed up to Clear's service and, for a while, enjoyed VIP treatment at US airports, being rushed through customs and immigration while the plebs queued and sweated.

Unfortunately, Clear shut down its operations last week, and the fate of customers' personal data hangs in the balance. What's interesting is that the company says that it will continue to hold onto this sensitive information, which could still be used by another Register Traveller programme. In other words, the data is a business asset that could be parcelled up and sold on to another firm - as long as that company is in the same line of business.

This is proof - if proof be needed - that personal data is no nothing more than another commodity to be bought and sold. It's worth noting that Clear's privacy policy states that "We do not sell or give lists or compilations of the personal information of our members or applicants to any business or non-profit organization." Unless, that is, we go bust.

We've noted before that companies often rely on burying objectionable practices deep within their Terms and Conditions, but if bankruptcy means companies can ignore their own privacy policies, that's a huge blow to data protection. Even if Clear's successor abides by the most stringent data protection policies, the transfer of such large amounts of sensitive information from one organisation to another is a fraudster's paradise, with plenty of opportunity for data to go missing.

Google fails

Congratulations students of the globe! For anyone from the ages of 5 to 15 can enjoy Google’s new attempt at structured data search: Google Squared. And that’s presumably the only group of people that would ever consider using it. Remember when you were eight and your teacher asked you to make a pretty table on British Monarchy with all the monarchs of Britain including their children, spouses and important dates? How you pored over huge encyclopaedias to get all the information? Well, Google Squared officially heralds the end of early education as all these tasks are completed in a matter of seconds for our burgeoning historians and other putative scientists.

If only it were that easy. Just as Babel Fish translate could only ever get a student 12/20 on French translation homework after its launch all those years ago, Google Squared fails to achieve… well anything it’s going for really. A search for the British Monarchy in an attempt to tabulate a chronological factfile brings up a table with the following order – George VI, George II, George V. The genius that is Squared then goes off on a little jaunt that includes the Act of the Union, the Irish Free State, Buckingham Palace and the House of Orange. This just gets embarrassing: the picture accompanying the House of Orange? Why of course! Its Gemma Arterton arriving for the ‘Orange’ BAFTAs at the Royal Opera ‘House’. This is surely Google gone mad. Actually we shouldn’t really be surprised; to be fair to Google, nowadays the Bond Girl must get more hits than the Dutch royals.

It’s rather life affirming to know that even the great god Google isn’t completely infallible. This is an exciting day indeed. This revelation is like those wonderful moments when that beautiful woman who walks like she is better than everyone else trips and falls flat on her face on Oxford Street. At the Christmas Light switch on. On the podium. And the woman is Kate Moss.

One must presumably conclude that the only reason Google released this in such an awkward condition was to distract attention from somewhere else: another attempt to make searching intelligent recently arrived in the form of Wolfram Alpha, the computational knowledge engine. It proclaims to ‘generate output by doing computations from its own internal knowledge base, instead of searching the web and returning links.’ This means, instead of producing lists of useless links or grids of questionable information, it creates pages to answer your search, to the best of its ability. When asked, ‘How many roads must a man walk down before you can call him a man?’, the clever engine replies, ‘The answer, my friend, is blowin' in the wind. (according to Bob Dylan).’ Indeed.

The lady's for turning

We've taken the odd swipe at Jacqui Smith over the last few months, so it only seems fair to applaud her decision to scrap the Home Office's planned über-database of communications data.

The database would have collected data on all electronic correspondence, such as the time, date and length of communication (and, of course, who contacted whom).

Humble Jacqui said that she recognised the public's concerns that a giant database would be a further step toward a surveillance society. And, in a nice little turn of phrase, she said, "To be clear, there are absolutely no plans for a single store."

No longer any plans, Jacqui, no longer.

Of course the cynics will say that Labour couldn't possibly get away with ploughing hundreds of millions of pounds into a deeply un-popular government IT project in light of last week's austerity budget.

We couldn't possibly comment.

Anyway, the upshot of all this is that ISPs are now responsible for intercepting and storing the data that crosses their networks. To this end, the Home Office have earmarked £2 billion to help ISPs to expand their storage capabilities.

Mobile and fixed line operators will be required to process and link the data together to build complete profiles of every UK internet user's online activity. Police and the intelligence services would then access the profiles, which will be stored for 12 months, on a case-by-case basis.

Don't be surprised if even this plan is quietly dropped by the Conservatives after the 2010 election.

A final point - John Reid, the frankly terrifying former Home Secretary, argues in an opinion piece today that communications data is vital to identifying serious criminals. In his short but predictably manipulative piece, he kicks off with a tear-jerker about a murdered 17 year old whose killers were brought to justice by communications data. This, he says, happened in 2007.

So you see, Reid shoots himself in the foot before he's reached the end of his first paragraph, by showing that police then already had adequate access to communications data.

He then comes up with a classic piece of patronising lip service: "Used in the right way, and subject to important safeguards, communications data can play a critical role in keeping us safe."

Presumably, these would be the safeguards that ensured only 36,989,300 pieces of personal information were lost by the government in 2008. As for using it in the right way, it's as if he hadn't heard of the scandal of local authorities using the RIPA legislation to spy on dog fouling and catchment areas.

If we really do need a giant central database, they'll need to do a lot better than this to convince the public.

Facebook moves the goalposts

This week we've heard more rumblings of discontent from Facebook users - they're unhappy that the social networking site has moved the goalposts over the much-hyped "user vote" on changing Facebook's Terms and Conditions.

The story first emerged last February, when Facebook casually mentioned that it had granted itself a licence to all its users' content in perpetuity, even if they deleted their account. Cue a predictable collective wailing and gnashing of teeth from millions of users who, almost by definition, are pretty clued up on the web.

The backlash prompted a partial backdown from Facebook, who attempted to mollify its members by saying that it would agree to drop the proposal if 25 per cent of users voted against.

This week, that threshold has quietly been raised to 30 per cent. What's more, a significant number of Facebook users have been disenfranchised by the decision to allow votes only from those who've used their accounts in the last thirty days.

Simon Davies of Privacy International is so confident that the 30 per cent threshold won't be achieved that he's promised to eat his shorts if he's wrong. (As if there wasn't already a good enough reason to get voting - Ed.)

At the time of writing, 73.11% of respondents have voted against Mark's Terms of Use, but unfortunately "only" 284,473 have voted in total - barely a tenth of one per cent of Facebook's 200 million regular users.

So Zuckerberg is really expecting 60 million users to vote? And isn't he concerned that the respondents, while still so "few", should be so overwhelmingly opposed to his plan?

Here at Data Grub, we're rather disappointed with the preternaturally young Facebook CEO. Changing the rules like this is pretty childish, after all, and we reckon he could do much better.

Zuckerberg really needs to take lessons from a master manipulator, such as the late Saddam Hussein or even the Dear Leader Kim Jong-il himself. We'd love to see the People's Democratic Republic of Facebook announce that 99.8% of members had voted in favour of the rule change, on a 100% turnout.

Read Zuckerberg's plans for Facebook here.

Construction firms to mount the scaffold?

The information commissioner Richard Thomas has come down like a ton of bricks on a group of British builders who allegedly bought secret personal data about potential employees.

Construction companies Balfour Beatty, Sir Robert MacAlpine, Laing O'Rourke and Costain are among those alleged to have bought data about workers' trade union activities from one Kerr, Ian, operator of the shadowy-named "Consultancy Association".

Kerr has apparently spent 15 years amassing an "extensive intelligence database" of thousands of construction workers with details of union activities stretching back to the 1980s. Samples of comments on these workers include: "Poor timekeeper, will cause trouble, strong TU [trade union]"; "Sleeper, should be watched"; and, simply, "Do not touch!".

Workers could not challenge inaccurate information because the information was held without their knowledge or consent.

Richard Thomas says that more than 40 construction companies paid Kerr a retainer of £3,000 a year for his "consultancy services", with a further fixed fee for each worker they wanted checked.

The good news is that officials from the Information Commissioner's Office (ICO) raided Kerr's office and removed the entire contents of the database, as well as invoices - up to a value of £7,500 - from companies in the construction business.

Steve Acheson, an electrician from somewhere north of Watford, believes he was one of the workers on the database, and that this was behind the fact that he's only had 36 weeks' employment in the past nine years. "It affects your character and demeanour," he said. "I'm hoping that because of this brilliant success I'll be able to get my family life back and it will open the doors for me and others to get back to work."

Of course, this is all still sub judice, but the commissioner will be bringing a prosecution against Kerr. We'll keep you posted.

Data Grub is sure that Mr Kerr will be found innocent, because we cannot believe that anyone would be capable of such repugnantly unethical behaviour as robbing people of their livelihoods for personal profit.

(We should point out that some of the construction firms, including Laing O'Rourke and Morgan Est, say that they "inherited" payments to Kerr after they had bought up other constuction companies, and have since ceased paying him. Data Grub.)

IAB's Guide To Good Behaviour

We're pleased to see that the Internet Advertising Bureau (IAB), the trade body for online advertisers, has finally launched its Good Practice Principles for behavioural advertising.

Drawn up in collaboration with companies like Google, Phorm and NebuAd, the IAB's best practice guide is, remarkably, the first set of self-regulatory guidelines to set good practice for companies that use users' online browsing behaviour to target ads that are relevant to individual users' interests.

An accompanying website, http://www.youronlinechoices.co.uk/, will help consumers to understand what online behavioural advertising does and (crucially) doesn't do.

The core of the Principles is formed by three commitments: Notice, where companies that collect online data must inform users that data is being collected; Choice, which says that companies must provide an opt-out; and Education, whereby they must let consumers know exactly how the information is being used and how they can opt out.

And not before time, think we. The debate surrounding online behavioural advertising has for too long been dominated by single-issue campaigners relying on hearsay, misrepresentation and misinformation to argue that behavioural targeting infringes individuals' online privacy.

That's not to say that some developments (not least BT's secret and most-probably illegal trials of Phorm's Webwise technology without users' knowledge or consent) haven't done real damage to the industry in the eyes of the general public.

That's why we welcome the IAB's Good Practice Principles which, as well as advising on best practice approaches to online behavioural targeting, provide consumers with the information they need to make an informed decision about whether they want to take part in any new service.

The Information Commissioner's Office (ICO) have voiced their support, saying that 'a joined-up approach to promoting transparency, choice and education makes good sense.'

Getting the thumbs up from the ICO, who know their stuff, is one thing; changing the public's perception of online behavioural targeting is quite another, especially given the bad press that it's garnered over the last couple of years. Whether or not it succeeds in its aim of educating the public about behavioural targeting, the code of conduct is certainly a step in the right direction for the industry.

Taken along with another piece of recent news, we could be seeing something of a fightback from the targeted ad industry. Last week, Phorm unleashed its lawyers on Which?, which had published a press release highlighting opposition to their service. Nothing very surprising there, except that following the legal intervention, Which? immediately pulled the offending release from its website (though not before the story had been covered in several publications). It seems that some of the information in the release was inaccurate enough to be defamatory; Which? is now "working with Phorm" to correct the release.

If consumer champions and all-round experts Which? can't get its facts right, what hope for your average Internet user? That's one reason, at least, to welcome the IAB's new code of practice.

David's Damascene Conversion

Here at Data Grub we’ve so far held off from writing about ID cards, in part because this long-running saga has been so comprehensively covered in most mainstream media.

But we couldn’t let the Rt Hon David Blunkett get away with Tuesday’s speech at, of all places, Essex University. Blunkett, the original panegyrist of ID cards in this country, used his speech in part to propose scrapping compulsory ID cards.

So, what prompted David’s Damascene conversion, especially given that he’s often expatiated on the benefits of ID cards in his News of the World column and was at one point trousering a decent sum as adviser to Entrust, a company interested in bidding to run the UK card scheme?

Well, let’s not get ahead of ourselves. Blunkett went on to recommend that all UK citizens be required to have a fancy biometric passport which is, in effect, an ID card with a handy notebook attached for shopping lists. (Let’s be honest, when was the last time Bermondsey Bob needed a visa?)

Blunkett proposes that ID cards be voluntary but that biometric passports – which contain exactly the same information and will be linked to exactly the same database – will be compulsory. That way, the government can spin ID cards as a handy “mini-passport” that fits snugly into your wallet.

But even if compulsory passports are merely ID cards in disguise, one wonders what his rational is for jumping horses now, especially given that the current Home Secretary is still keen on the cards. Could it be that he wants the law on the statute books before the Tories’ inevitable election in 2010?

Blunkett and his successors have been trying to get make ID cards mandatory for donkeys’ years, but couldn’t do so until a large proportion of the population started carrying them voluntarily.

That’s clearly not going to happen in the next 12 months; but plenty of people have passports – make them compulsory and you’ve got your ID database system sorted.

Of course, all this completely ignores the question of whether ID cards might not, in fact, be quite a Good Thing after all. In spite of the government’s claims that they will prevent benefit fraud and halt terrorists in their tracks, Data Grub remains to be convinced of their utility.

Should Jacqui Smith decide to take Blunkett’s advice by making passports compulsory, it’ll be interesting to see if she employs the traditional ID card arguments (fraud, terrorism) or if Labour spins it some other way.

Watch this space.

Clayton makes a suggestion

Enough has been written about the House of Lords' report into surveillance in Britain, so today we'll be returning to Microsoft's latest version of Internet Explorer.

We've written previously about IE8's notorious InPrivate function, the sole purpose of which is to keep the wife from knowing about the surprise holiday / present you've bought for her online. According to Microsoft, anyway. Let's face it, they weren't going to dub the function "PornCloaking+" were they?

But still, there's nothing inherently evil about InPrivate.

What does cause concern is IE8's "Suggested Sites" feature, which allows users (in Microsoft's words) to "discover websites you might like based on sites you've visited". By activating the service in your browser, you consent to send various data about your browsing activity to Microsoft. This could include the URLs of visited sites, search terms and form data, as well as information that could potentially identify individuals, such as a user's IP address.

It's the classic trade-off: you agree to give up personal data in return for a service. But since users are fully aware of what data they'll be giving up and are able to give their informed consent to the service, this shouldn't present a privacy problem, should it?

Unfortunately for Microsoft, Suggested Sites has attracted criticism from the esteemed Richard Clayton, the Bill Bryson-lookalike and doyen of Internet privacy campaigners.

Dr Clayton says Microsoft must be clearer about explaining the risks, as well as the potential benefits of the service. He points out that full URL sharing via Suggested Sites poses a privacy and security risk and in particular warns that Microsoft should avoid sharing data submitted by surfers with other users of the service.

The risks hinge upon the fact that Microsoft will get the full URL of the site you visit. In some cases, this is essential - knowing that you visited blogger.com ain't going to help Steve Ballmer to suggest sites, but a visit to blogger.com/animals-do-the-funniest-things will help him to point you in the direction of some cutesy squirrel pics.

But sometimes, a full URL may hold clues to your identity, give permissions to others to access the site, or compromise your privacy or security in some other manner, says Clayton.

It's not so much that a Microsoft employee might one day go rogue and start stealing these sensitive URLs; it's the possibility that Microsoft hands the URL to someone with similar tastes and these users visit the exact places that you go to. "Suddenly all that "security through obscurity", the pious hope that no one could possibly guess that URL, goes up in
smoke," says Clayton.

Dr Clayton is a Cambridge academic and an eminently sensible, if somewhat cautious, voice in a debate which is all too often conducted by shrill, ignorant or ill-informed comentators.

Clayton doesn't want to score cheap points by gratuitously slating Microsoft - he merely points out that they could do better, by minimising the data transfer, and only obtaining longer URLs for the sites, like blogger.com, where it actually matters.

In the meantime, they should honest and transparent about the potential risks.

But Clayton's comments do have a silver lining for Microsoft: he points out that selecting the InPrivate mode automatically disables Suggested Sites, even if users have opted in. So, at least they can claim another alternative use for Pr0n-Mode...

A day for quiet reflection

Yesterday was European Data Protection Day; this blog held a one day's silence as a gesture of respect to the millions of pieces of personal and sensitive data that have been lost in the last year.

Across the continent people gathered in their hundreds of thousands, coming together in their workplaces, in their communities, in the fields, in the hills and in the streets, to mark this most solemn and momentous day of data.

I need not tell you what an emotional day it was for us all.

Some of us may have brushed aside manly tears as we reflected on the 182 per cent rise in card cloning and phishing in the second quarter of 2008 compared with the same period in 2007; others may have stifled their sobs over the $2.8bn cost of phishing attacks; still more wept -openly and without shame - for the 44 per cent of small businesses that have fallen victims to identity fraud through phishing, internet scams and data theft.

But all were united in their fervent hope that 2009 finally marks the year when the UK's government pulls its bloody finger out and puts a stop to departments' haemorrhaging of our personal and sensitive data.

Fat chance...

A load of nonce-sense

If the first law of marketing is that sex sells, the first rule of tabloid journalism is that paedos shift papers.

Things may have quietened down a bit since the 2000 moral panic, when the News of the World whipped up a hysterical mob of mouth-breathing simpletons into an orgy of vigilante violence, but tabloid editors still know that their barely-literate readers love a good “hate” almost as much as a new Lizzy Duke sovereign ring.

So it’s no surprise to see yet another paedo story in today’s Sun, with the baffling headline: “Internet pervert charges rap”. In a nutshell, the story concerns comments made by the chief executive of the Child Exploitation and Online Protection (CEOP) Centre which "slammed" (criticised) Internet Services Providers (ISPs) for charging child abuse investigators to access their data.

The way that the Sun spins it, cynical ISPs are making an easy profit from the authorities hunting down Britain's biggest nonces. Naturally, the Sun is sympathetic to CEOP’s chief executive, Jim Gamble, who believes that ISPs should waive these charges in the public interest.

Balance has never been the Sun’s strongest suit. If it were, they would have pointed out that under the Regulation of Investigatory Powers Act (RIPA) ISPs are entitled to charge the police for reasonable costs for data retrieval and that in the last four years, the Government has paid ISPs and telcos £19m for its agencies’ growing demands for access to communications data. This information was obviously deemed by the Sun to be of no interest to its audience, even to its more intellectual readers who don’t need to use their index fingers to read a newspaper.

Interestingly, CEOP’s share of this £19m amounts to around £170,000 – less than one per cent of the total paid to ISPs. With CEOP having made just shy of 10,000 requests, the average cost of each request works out at less than £18.

Why, then, is the Sun focused purely on paedophile investigators, when all regular police forces and government agencies are charged, fairly and under UK law, for using ISPs’ time and resources?

As Malcolm Hutty, policy chief at the London Internet Exchange (Linx) points out, "Regular police forces investigate extremely serious crimes using communications data, including murder, rape and kidnapping, and they believe they are better served by cost recovery. We don't believe that the situation becomes different for child abuse cases merely because they are investigated by a specialist national unit."

But here we come to the second law of tabloid journalism: never let the facts get in the way of a good story.