The public is wonderfully tolerant. It forgives everything except genius - Oscar Wilde
|
|
|
ISPs admit to taking money for handing over subscribers' data
A VICTIM of shoddy lack of data protection by ACS:Law, Sky Broadband has admitted that copyright holders pay the costs incurred by Internet service providers (ISPs) to turn over the personal information of their subscribers accused of copyright infringement.
Since 4Chan took ACS:Law's website offline and the subsequent emergence on the website of a backup file that included the email archive of the firm's founder and only known solicitor, Andrew Crossley, the UK ISPs Sky, BT and Plusnet have found themselves at the centre of this fiasco. Sky was the first up to face the media after the personal information about more than 5,000 of its customers was leaked onto the Internet by ACS:Law.
Matters haven't been helped by the fact that Sky's news arm, er, Sky News, decided to ignore the matter completely. Searching for "ACS:Law" on the Sky News website returns nothing, while a search for "ACS Law" brings up Crossley's now second most famous flirtation with the media, which was representing a British couple who were jailed for allegedly having sex on a beach in Dubai.
One might say that it's not all that surprising that Sky News would not cover the legal troubles of its corporate sibling, but given that Sky Broadband was simply complying with a legally binding court order, as it claims, it's a bit curious that Sky's own news outlet did not cover the news or put forward the ISP's views.
Since then, an interesting image has tipped up in our inbox, an image of what appears to be a price list for Sky to look up its subscribers' names and addresses based upon whatever IP addresses might be provided by copyright holders.
Sky's official line is that, "Sky has only disclosed account information to ACS:Law when served with a Court Order requiring us to do so. Because this process inevitably imposes a burden on ISPs' resources, the Court has ordered that they should be entitled to recover the reasonable costs of complying."
We were told that the court order doesn't actually include costing and that is something determined after negotiations between copyright holders and ISPs. We have heard on the grapevine that the costs are close to £1 per IP address for the volume of data that Sky was asked to fork over.
A spokesman for Sky responded to the allegations that the screenshot was tantamount to an "IPs for hire" list by saying, "It is wrong to suggest that we have provided information for commercial reasons. This is simply a question of complying with a legally-binding Order and recovering the reasonable costs of doing so." Even the most cynical hack would find it hard to believe that a firm such as Sky would take such a risk to pad its bottom line with so little money by flogging its own customer's personal data, which is covered under EU and UK data protection laws, for minimal profit.
The idea of ISPs negotiating with copyright holders to recoup costs is still likely to leave customers uncomfortable. One can imagine the outpouring of disgust, should Sky or any ISP ask for customers to pick up the tab for sending their own data over to law firms.
A Sky spokesman told The INQUIRER that, unlike BT, which admitted yesterday that it had sent ACS:Law some of its customer data unencrypted, Sky had always sent data encrypted, which was "more than just putting a password on an [Microsoft] Excel file". Apparently the firm has implemented "data management protocols" to ensure that customer data remains private. Obviously ACS:Law didn't do a particularly good job of following those protocols, and it will be interesting to see what action Sky Broadband might be entitled to take against Crossley for failing to observe its private data protocols and thereby arguably damaging its reputation.
We were also told, after ACS:Law's flagrant disregard for private data became apparent, that Sky will be more "aggressive" in opposing requests to hand over its customer data, until ACS:Law and other law firms can demonstrate that they can protect its customers' data. We were not told what law firms would have to do in order to satisfy Sky and other ISPs, although given the adverse publicity that's been recently suffered by Sky, BT and Plusnet, it's likely to be a case of once bitten, twice shy, at least for the time being and perhaps into the future.
It's hard to see how Andrew Crossley and his apparently sole practicioner firm will manage to weather this storm, let alone show up in court asking for more data from ISPs following all this.
In some ways the ISPs are off the hook, at least for the moment, maybe. After all Sky was just complying a legally binding court order for information, it claims.
The question is, however, if ISPs would take a more aggressive stand against handing over personal data about their subscribers without solid proof of wrongdoing in the first place, might they stand better chances to avoid becoming mired such public relations disasters? µ
Share this:
Share
Selling peoples personal info?
I'm no legal expert by any means, but I'm quite sure there will be some legal ramifications for selling something that wasn't yours to begin with.
It sounds like they are begging to be sued!
It's no surprise that the lawyers who ask for these court orders have no morals, and expecting your ISP to protect you is wishful thinking.
But what about the judge who, like a nodding donkey, has signed all of these court orders? Doesn't he owe a duty of care to the thousands of people whose lives have been made a misery by the blackmail letters they have received?
Unfortunately, he's right... All you lot that moved from B Sky B to Zen, Be Broadband, O2, Telefonica, Plus Net are all getting screwed. These arse holes sold (charged for the service of handing over) your information. As far as I can ascertain, and was mentioned here as well, Talk Talk and Virgin Media told them to go forth and play with themselves and I’ve seen absolutely NO customer information coming from those companies in ACS’s data (a big thank your for respecting your customer’s privacy)
I spent the last two nights going through the court order applications that the above shit-bags agreed to (Judge said no need for a hearing, just do the paperwork etc. since all of the complicit were already willing to cough for a fee) Said shit-bags got paid for their hard work of finding out the names and address of IP owners supplied by ACS and handing them over. They all colluded with the devil.
It's really sickening to read the harrowing letters of some poor bastards with no job, single parents with loads of kids, parents whose kids are accused, elderly people who don't know what a fucking PC is or looks like all being bullied, threatened and worried sick by this bunch of absolute ass holes (ACS Law) who have made a god-damn fortune out of other people’s misery. Rot in hell Andrew Crossley. You are calling P2P file sharers “The Infringers…” while flying around in lazy circles feeding off them, getting ever richer and fatter and ultimately dreaming of the day when you’ll be deciding what shade your new kitsch office sofa will be? Puke!
It’s all there! £495 please, Sir... or else!
Some pseudo clever-sods sent in the LoD (letters of denial) based template response readily available on the Internet and were treated with the utmost contempt; receiving replies back saying, "we can see you got this off the Internet and it's a standard template (despite it being completely correct in all it's protocols et al.) so we're not believing a word you are saying. Now the first offer has been with-drawn (£495) and we want £990 instead, in-full and within 21 days of receipt of this threat.
I, and now millions and millions of people around the world not only have your name AND address details, but your financial details as well as other deeply personal information about your mitigating and family circumstances. Plus, if I were a hacker I would have your IP address to boot! Not a good day for many and a very sad day for the Internet in the UK.
So many poor sods said they genuinely didn’t do anything wrong, but were sorry that ‘somehow’ someone used their connection (many through hacking their WiFi) to down load said Porn. One single young lady said she only used mugbook, read emails and did shopping on the Internet and was so embarrassed and ashamed she’s been associated with such a title (Desperate Gay Husbands) that she was willing to pay the fine, but because she was a student and had hardly any money, she has offered to take their instalment plan to do it!
Yes, that’s correct. Loads of people who didn’t have the huge amounts of cash being demanded at hand, simple offered to do instalments. ACS even got one of there pencil necks to write a spreadsheet to manage all the instalment payers.
Some of the savvier parties who insanely admitted liability, those with hyphenated double and triple-barrelled names, managed to call-up these creeps and negotiate a discount for full and final settlement saving a couple of hundred quid in some cases just on a one-handed surf.
One poor geezer begged them for re-assurance that his name would be removed from any lists, their correspondence sent to another address; other than next of kin, and asked if it would affect his credit rating? (I’d be more worried about my blood pressure)
So, what am I going to do? Ummm…. Well, there are some things I suppose.
I may start a campaign to email all those poor sods listed in ACS’ database (not individually, but mail merge them) letting them know they are next on the list.
Then, I will pay for a SSH (128bit) tunnel to Proxy Server connection to lock down my Internet harder than the US military’s. Try snooping the packets now, spooks!
And I will definitely begin some form of political rallying with letter writing etc. etc.
By the way, anyone who doesn’t know how to lock-down their WiFi router/access point such that it can’t be ripped open by Back Track 4’s in-security suite (airmon) and used to facilitate the downloading of illegal P2P files should be cast out of society and left in isolation, staked to the ground near some baron land fill site in Clacton. It’s CRIMINAL you know? Yes, I’m talking to YOU, granny!
Enough is enough I’m afraid. The UK government is run by a load spine-less lackeys with no clue about privacy let alone technology.
A word to the wise: if you get a letter ACS ‘your’ information would probably be part of this debacle and have been seen by millions of people. Find out, and then sue them hard. It might even be worth while getting a group-action brought against them?
Good Luck.
Why is it waaay cheaper to request more IPs? Doesn't this encourage the "content protection agency's" to be more aggressive/less careful to only request IPs they "know" to be infringers?
Some ISP's go out of business and keep collecting money.
Like Volker Hoppe, owner of Sprintweb.de, he has hurt 50000 people or more by not paying the racks for 9 months but keep sending out bills!
I do not know why, nobody does.
But if you have problems with him, his email is: Volker.Hoppe@digital-z.de
Can somebody make an article of this?
So tell me, how would it benefit those in receipt of these legal threats from ACS:Law if the they hadn't been charged the costs of providing it in response to a court order?
If there is no charge to sleazy outfits like ACS:Law, then they would have the incentive to do even more of these fishing trips. Only if the costs of doing so are higher than the expected return will outfits like this not go round seeking out the court orders. Of course, ISPs could go round examining the merits of each of these court demands themselves and challenge them, but just how much is that going to cost? Forensic examination of records costs a huge amount of time and effort.
i'm bloody glad my broadband is not with Sky, BT or Plusnet and i feel sorry for the people whose data has been sold to this law firm.
If I was i'd be cancelling straight away knowing that they'd sell personal data to a law firm without question regardless of whether it's a valid claim or not (like what bigger_luddite said, copy & pasting names).
to these look-ups, having an IT guy swear to an affidavit that the address is registered to so-and-so, and perhaps an archived file on CD to substantiate it. However, at a pound an address, they're likely just looking up in a list and copy-pasting names, without any verifiable link even between those. -- And of course that process is only after an even less verifiable number comes from the monitoring company. Crucial links for evidence are allowed to be assumed.
This organization that can make sure requests for personal information for suspect clients of the ISP should be charged with failing to keep client information secure whistle they perform their functions. They should be held accountable for the security of the information just like the ISP.
If you are able to use the law to allow you to basically tap into private user information and not being a governing body, you should face penalties if you fail to keep the information you request secure by showing some effort to have the data encypted. I think this is casue to make an example of them so that they will have better procedures in place if they want to harvest sensative information.
I wish the ISPs would charge £3,000 per IP address then donate £2750 to a copyright infringement lawsuit fund or an anti-DE Act lobbying fund.