Slashdot Mirror
UK Anti-Piracy Firm E-mails Reveal Cavalier Attitude Toward Legal Threats
Khyber writes "A recent DDoS attack against a UK-based anti-pirating firm, ACS:Law, has resulted in a large backup archive of the server contents being made available for download, [and this archive] is now being hosted by the Pirate Bay. Within this archive are e-mails from Andrew Crossley basically admitting that he is running a scam job, sending out thousands of frivolous legal threats on the premise that a percentage pay up immediately to avoid legal hassles."
Is this surprising at all? I don't think anyone would be shocked at this...
I've gotten, umm.. a dozen or so cease and desist letters over the years.. my response to every single one of them has been to ignore it. No response. They never follow up. Why would they? It's a fishing game, the only way they can get you on the hook is if you take the bait.
How we know is more important than what we know.
The submission is a little inaccurate. Crossley didn't admit, even implicitly, to deliberatly running a scam. What he has admitted is that the data upon which ACS sends out it's threatening letters is of poor quality and riddled with inaccuracies so severe even the clients are complaining - but even though he knows that many of those he accuses are innocent, he threatens them anyway because it's faster and cheaper than producing accurate data. Instead, ACS just threatens to sue anyone who criticises this practice for libel. I imagine that works very well, given that the UK arrangement of libel law is quite infamously written in favor of the plaintiff.
And probably all rendered inadmissible in court because they were obtained illegally. Way to immunise a guy against an awful lot of evidence.
I know someone who was threatened by ACS:Law. As with all things serious, we researched it and discovered it was likely a scam, and this was WAY before they were news-worthy. The threat was ignored, except for a polite response, and nothing else happened. If you pay up, you're a moron. If you think this will stop such companies, there are no shortage of other morons willing to pick up such easy work, and they don't even need to be anywhere near a lawyer themselves.
DDOS, hacking, etc. isn't doing anything but legitimising their actions should they go to the mainstream media. Just ignoring their threats and/or inviting them to court, as any sensible person would do (and have done - ACS:Law are under investigation by various high-level UK legal authorities for legal irregularities) does infinitely more.
The guys an scamming idiot, but it's like a playground fight here - I can guess how much a moron he is without having to break into his personal emails and just because they might reveal he is an asshole doesn't mean that you've "won" anything against anti-piracy lawsuits or even against legal threats with zero evidence. All you've done is become nothing more than a publicity generator. How long before I see on the news: "Pirates hack into law-firm's servers, distribute private emails, law-firm says it's represents the mindset of the people they are chasing".
It was a chain of events, which was triggered by the DOS. According to what I read, in the process of countering the DOS, the default home page was briefly moved. This exposed a listing of the root directory, which happened to contain a backup image, which was rapidly grabbed by the DOSers.
From TFA: "Email evidence that ACS:Law deliberately does not target two UK ISPs, TalkTalk and Virgin Media"
That's interesting. I'm with Virgin so that's nice to know. I wonder why these two?
Perhaps they don't cave as easily as the others.
The DDoS brought their servers down. They went down in flames so ACS:Law had to reinstall everything and their idiot admin exposed their entire website (mostly tons of confidential information) to the public. I downloaded it myself, the file is called backup-8.24.2010_12-58-28_acslawor and the shit I found in it was very scarry. If it wasn't for the DDoS, we wouldn't have gotten our hands on this file. Go die somewhere and stop posting shit you don't know anything about.
It's the same strategy used by police and councils, sending out fines with threats of prosecution for minor motoring offences. Realistically the case is unlikely to go to court, but people pay up anyway because: (1) they want to avoid the months of worry, waiting to find out if they are taken to court or not; (2) often the case would be heard hundred of miles from their home and, even if they win, they can't recover their travel / accommodation expenses; and (3) the court system is notoriously biased against the motorist and appeals are expensive and complicated.
This isn't as off-topic as you may think. People have been convinced by government / police campaigns that paying the fine is "the done thing". For example, someone driving at 67mph in a 60mph zone may be faced with a £30 fine, but if they let it go to court they risk getting 6 points on their license (halfway to losing it!) and a fine in the thousands.
This is what the copyright enforcement industry is now trying to achieve: A form of "justice" based on fear. Not fear of a fair punishment for a genuine offence, but fear of being put in to a situation where right or wrong, win or lose, people suffer significant financial loss and a great deal of worry.
It's the sound of the copyright lobby having another heart attack.
/. had an article on the fact that RIAA spent $16m to recover $391,000 in 2008. It was worse in 2007, when they spent $21m and only recovered $516,000. I know it's been all over the place at various points. Add in the frivolous lawsuits, DDoS attacks and harassment of uninvolved individuals, and the whole copyright lobby looks like an organized crime syndicate.
When will the governments of the world finally say "Enough is enough" to these clowns?
It's not like all this litigation and threats are profitable or anything. I believe
In what dream world would there ever have been a case against him to begin with? "oh noes, it's rendered inadmissable". Wake up from your fantasy, it's this or it'd never even surface AT ALL.
No, it's a safe bet that destroying his business and his name IS in fact the winning move. As can be seen, he was already being doubted by his clients ("rights holders"), this will likely mean he's dropped like a hot potato. No clients, no income, no income no "Lambo".
Not saying it'll really change anything, but at least one more Douche is getting what he so justly deserves.
There is a difference!
http://en.wikipedia.org/wiki/Extortion
Extortion, outwresting, and/or exaction is a criminal offense which occurs when a person unlawfully obtains either money, property or services from a person(s), entity, or institution, through coercion.
http://en.wikipedia.org/wiki/Coercion /korn/) is the practice of forcing another party to behave in an involuntary manner (whether through action or inaction) by use of threats, intimidation, trickery, or some other form of pressure or force. Such actions are used as leverage, to force the victim to act in the desired way.
Coercion (pronounced
No, you're being confused by the Virgin name. Virgin Media (the broadband provider) was sold to NTL. Although Branson owns shares in the company, it's not the same company as the record label -- indeed Virgin Media pay Branson a yearly fee just to use the Virgin brand. Further, the Virgin record label was sold off to EMI years ago.
Its been a scam for longer than the internet has been around.
http://michaelsmith.id.au
Perhaps there's a difference legally, but I don't see any difference for the common man.
"Pay us $5000 or else be prosecuted," is extortion in my mind, especially since it involves money. The law firms are acting like members of The Family. "Pay us money or else we'll rough you up."
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Just a thought, and I am not really too up on it, but by allowing peoples details to be leaked, including address, phone number, account numbers etc isn't this company negligent in its duty to keep such information confidential.
If I was an "Infringer" I would be asking how much for ME to go away after you really screwed up by not even having rudimentary security in place as is required by the DPA and peoples details downloadable my poor data hygiene.
http://www.writeitfor.us - Writing IT for the IT generation.
Stores had a policy of catching teen-age shoplifters, then sending their parents a demand letter saying they wanted $300 for some nebulous "costs". The judges rightfully threw it out. When someone does you harm, you're entitled to be compensated. You may even be entitled to exemplary damages. However, unless there's an amount that is set by statute (which is why they're known as "statutory damages"), you can't just "pull a number out of the air."
Trying to get what you, as a lawyer, should know the law does not allow, is extortion because your threat of legal action is being used to commit a crime. You no longer enjoy the "except threat of legal action" exemption.
Not sure about the legality of their scam, but I do wonder if making this stuff available constitutes not taking sufficient care to preserve confidentiality and is enough for disbarment.
I am TheRaven on Soylent News
Actually, people didn't decide the old way was better. The old way was an absolute monarchy, while the post-restoration monarchy was severely limited by parliament. People really decided that, having set the precedent that you were allowed to behead bad kings, having a king was better than having a Lord Protector with no such precedent.
I am TheRaven on Soylent News
I'd probably send a "fuck off" reply
Please, if you are replying to a legal letter the correct response is "I refer you to the reply given in the case of Arkell v. Pressdram".
TalkTalk definitely haven't - they were quite vocally opposed to the Digital Economy Act, and have publicly stated that they will never surrender customer's details unless presented with a court order.
Sued - probably not. But they might well be at risk of prosecution. This is covered by the Data Protection Act 1998, one of the principles of which states that appropriate technical and training measures need to be taken against granting unauthorised access to data. If they are in breach of this they could well be prosecuted by the Information Commissioner's Office. DPA also requires that the data subject has consented to the processing, which makes me wonder whether by passing user data on to ACS:Law without a court order, ISP's are breaching the Data Protection Act.
The difference is that people are supposed to be able to trust the legal system. "Be prosecuted" shouldn't be a threat if you're innocent, and the fact that it is is a huge damnation of our system.
Are you sure their 'idiot admin' is really an idiot? Maybe (s)he is a sympathetic techie that took a calculated risk based on confidence of the masses and plausible deniability.
Yeah, I know the odds aren't great for that, but it could be possible.
(Just imagine if you had a conscience and were the admin for those scum and a chance like that came up. What would you do?)
Heck, you don't even need to have a real gun.
You don't even have to have a fake gun.
Just the act of saying "I have a gun" is sufficient to be charged with armed robbery once they give you the money.
However, when they step beyond the bounds of the law - for example, threatening to sue for monetary damages without actually being able to show any monetary damages OR statutory damages, and falsely claim to have forensic evidence, when the server logs in question were not yet properly analysed (sorry, but saying that a log shows that ip 11.22.33.44 was used at such-and-such a date, without any analysis having been performed to see if the date and time are correct, that the traffic transmitted was actually the content in question, and that the ip matched that person's computer (not their account), and falsely claiming that it is illegal to have an open wifi connection, they are now into extortion.
It's why they're being investigated.
Actually I do get it, that was my exact point. If someone's making a threat it doesn't really matter whether it's coercion or extortion as you have no way of knowing if they're going to follow through with the threat.
-=This sig has nothing to do with my comment. Move along now=-
It's because they've both publicly stated that they will challenge requests for subscriber information that don't come complete with a court order - see this Torrentfreak article from a few days ago.
"While we all know that an ISP must comply with a court order once it’s issued, Plusnet and virtually every other ISP in the UK are giving the likes of Gallant Macmillan and ACS:Law a free ride by agreeing not to contest in advance."
Well let me point this out from Canada. In Canada coercion is illegal(unless it falls under a very limited set of exclusionary rules), and extortion is illegal. Don't do it, don't do it at all here. We will come down on you hard.
Om, nomnomnom...
The fact they left it wholly unencrypted is one of the purest violations of the UK DPA.
Disbarment, plus jail time, is likely.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
"Be prosecuted" shouldn't be a threat if you're innocent,
Seriously? You couldn't finish reading that sentence to realize I was making your point? If a comment is only 2 sentences long, you might want to read both of them before rushing off to insult someone.