Simply put, you can't change a company without changing its management - Andy Grove - Only the Paranoid Survive
A VICTIM of shoddy lack of data protection by ACS:Law, Sky Broadband has admitted that copyright holders pay the costs incurred by Internet service providers (ISPs) to turn over the personal information of their subscribers accused of copyright infringement.
Since 4Chan took ACS:Law's website offline and the subsequent emergence on the website of a backup file that included the email archive of the firm's founder and only known solicitor, Andrew Crossley, the UK ISPs Sky, BT and Plusnet have found themselves at the centre of this fiasco. Sky was the first up to face the media after the personal information about more than 5,000 of its customers was leaked onto the Internet by ACS:Law.
Matters haven't been helped by the fact that Sky's news arm, er, Sky News, decided to ignore the matter completely. Searching for "ACS:Law" on the Sky News website returns nothing, while a search for "ACS Law" brings up Crossley's now second most famous flirtation with the media, which was representing a British couple who were jailed for allegedly having sex on a beach in Dubai.
One might say that it's not all that surprising that Sky News would not cover the legal troubles of its corporate sibling, but given that Sky Broadband was simply complying with a legally binding court order, as it claims, it's a bit curious that Sky's own news outlet did not cover the news or put forward the ISP's views.
Since then, an interesting image has tipped up in our inbox, an image of what appears to be a price list for Sky to look up its subscribers' names and addresses based upon whatever IP addresses might be provided by copyright holders.
Sky's official line is that, "Sky has only disclosed account information to ACS:Law when served with a Court Order requiring us to do so. Because this process inevitably imposes a burden on ISPs' resources, the Court has ordered that they should be entitled to recover the reasonable costs of complying."
We were told that the court order doesn't actually include costing and that is something determined after negotiations between copyright holders and ISPs. We have heard on the grapevine that the costs are close to £1 per IP address for the volume of data that Sky was asked to fork over.
A spokesman for Sky responded to the allegations that the screenshot was tantamount to an "IPs for hire" list by saying, "It is wrong to suggest that we have provided information for commercial reasons. This is simply a question of complying with a legally-binding Order and recovering the reasonable costs of doing so." Even the most cynical hack would find it hard to believe that a firm such as Sky would take such a risk to pad its bottom line with so little money by flogging its own customer's personal data, which is covered under EU and UK data protection laws, for minimal profit.
The idea of ISPs negotiating with copyright holders to recoup costs is still likely to leave customers uncomfortable. One can imagine the outpouring of disgust, should Sky or any ISP ask for customers to pick up the tab for sending their own data over to law firms.
A Sky spokesman told The INQUIRER that, unlike BT, which admitted yesterday that it had sent ACS:Law some of its customer data unencrypted, Sky had always sent data encrypted, which was "more than just putting a password on an [Microsoft] Excel file". Apparently the firm has implemented "data management protocols" to ensure that customer data remains private. Obviously ACS:Law didn't do a particularly good job of following those protocols, and it will be interesting to see what action Sky Broadband might be entitled to take against Crossley for failing to observe its private data protocols and thereby arguably damaging its reputation.
We were also told, after ACS:Law's flagrant disregard for private data became apparent, that Sky will be more "aggressive" in opposing requests to hand over its customer data, until ACS:Law and other law firms can demonstrate that they can protect its customers' data. We were not told what law firms would have to do in order to satisfy Sky and other ISPs, although given the adverse publicity that's been recently suffered by Sky, BT and Plusnet, it's likely to be a case of once bitten, twice shy, at least for the time being and perhaps into the future.
It's hard to see how Andrew Crossley and his apparently sole practicioner firm will manage to weather this storm, let alone show up in court asking for more data from ISPs following all this.
In some ways the ISPs are off the hook, at least for the moment, maybe. After all Sky was just complying a legally binding court order for information, it claims.
The question is, however, if ISPs would take a more aggressive stand against handing over personal data about their subscribers without solid proof of wrongdoing in the first place, might they stand better chances to avoid becoming mired such public relations disasters? µ
Sign up for INQbot – a weekly roundup of the best from the INQ