Slashdot Mirror
UK Anti-Piracy Firm E-mails Reveal Cavalier Attitude Toward Legal Threats
Khyber writes "A recent DDoS attack against a UK-based anti-pirating firm, ACS:Law, has resulted in a large backup archive of the server contents being made available for download, [and this archive] is now being hosted by the Pirate Bay. Within this archive are e-mails from Andrew Crossley basically admitting that he is running a scam job, sending out thousands of frivolous legal threats on the premise that a percentage pay up immediately to avoid legal hassles."
Is this surprising at all? I don't think anyone would be shocked at this...
The submission is a little inaccurate. Crossley didn't admit, even implicitly, to deliberatly running a scam. What he has admitted is that the data upon which ACS sends out it's threatening letters is of poor quality and riddled with inaccuracies so severe even the clients are complaining - but even though he knows that many of those he accuses are innocent, he threatens them anyway because it's faster and cheaper than producing accurate data. Instead, ACS just threatens to sue anyone who criticises this practice for libel. I imagine that works very well, given that the UK arrangement of libel law is quite infamously written in favor of the plaintiff.
And probably all rendered inadmissible in court because they were obtained illegally. Way to immunise a guy against an awful lot of evidence.
I know someone who was threatened by ACS:Law. As with all things serious, we researched it and discovered it was likely a scam, and this was WAY before they were news-worthy. The threat was ignored, except for a polite response, and nothing else happened. If you pay up, you're a moron. If you think this will stop such companies, there are no shortage of other morons willing to pick up such easy work, and they don't even need to be anywhere near a lawyer themselves.
DDOS, hacking, etc. isn't doing anything but legitimising their actions should they go to the mainstream media. Just ignoring their threats and/or inviting them to court, as any sensible person would do (and have done - ACS:Law are under investigation by various high-level UK legal authorities for legal irregularities) does infinitely more.
The guys an scamming idiot, but it's like a playground fight here - I can guess how much a moron he is without having to break into his personal emails and just because they might reveal he is an asshole doesn't mean that you've "won" anything against anti-piracy lawsuits or even against legal threats with zero evidence. All you've done is become nothing more than a publicity generator. How long before I see on the news: "Pirates hack into law-firm's servers, distribute private emails, law-firm says it's represents the mindset of the people they are chasing".
It was a chain of events, which was triggered by the DOS. According to what I read, in the process of countering the DOS, the default home page was briefly moved. This exposed a listing of the root directory, which happened to contain a backup image, which was rapidly grabbed by the DOSers.
From TFA: "Email evidence that ACS:Law deliberately does not target two UK ISPs, TalkTalk and Virgin Media"
That's interesting. I'm with Virgin so that's nice to know. I wonder why these two?
Perhaps they don't cave as easily as the others.
The DDoS brought their servers down. They went down in flames so ACS:Law had to reinstall everything and their idiot admin exposed their entire website (mostly tons of confidential information) to the public. I downloaded it myself, the file is called backup-8.24.2010_12-58-28_acslawor and the shit I found in it was very scarry. If it wasn't for the DDoS, we wouldn't have gotten our hands on this file. Go die somewhere and stop posting shit you don't know anything about.
It's the same strategy used by police and councils, sending out fines with threats of prosecution for minor motoring offences. Realistically the case is unlikely to go to court, but people pay up anyway because: (1) they want to avoid the months of worry, waiting to find out if they are taken to court or not; (2) often the case would be heard hundred of miles from their home and, even if they win, they can't recover their travel / accommodation expenses; and (3) the court system is notoriously biased against the motorist and appeals are expensive and complicated.
This isn't as off-topic as you may think. People have been convinced by government / police campaigns that paying the fine is "the done thing". For example, someone driving at 67mph in a 60mph zone may be faced with a £30 fine, but if they let it go to court they risk getting 6 points on their license (halfway to losing it!) and a fine in the thousands.
This is what the copyright enforcement industry is now trying to achieve: A form of "justice" based on fear. Not fear of a fair punishment for a genuine offence, but fear of being put in to a situation where right or wrong, win or lose, people suffer significant financial loss and a great deal of worry.
It's the sound of the copyright lobby having another heart attack.
/. had an article on the fact that RIAA spent $16m to recover $391,000 in 2008. It was worse in 2007, when they spent $21m and only recovered $516,000. I know it's been all over the place at various points. Add in the frivolous lawsuits, DDoS attacks and harassment of uninvolved individuals, and the whole copyright lobby looks like an organized crime syndicate.
When will the governments of the world finally say "Enough is enough" to these clowns?
It's not like all this litigation and threats are profitable or anything. I believe
Perhaps there's a difference legally, but I don't see any difference for the common man.
"Pay us $5000 or else be prosecuted," is extortion in my mind, especially since it involves money. The law firms are acting like members of The Family. "Pay us money or else we'll rough you up."
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Just a thought, and I am not really too up on it, but by allowing peoples details to be leaked, including address, phone number, account numbers etc isn't this company negligent in its duty to keep such information confidential.
If I was an "Infringer" I would be asking how much for ME to go away after you really screwed up by not even having rudimentary security in place as is required by the DPA and peoples details downloadable my poor data hygiene.
http://www.writeitfor.us - Writing IT for the IT generation.
I'd probably send a "fuck off" reply
Please, if you are replying to a legal letter the correct response is "I refer you to the reply given in the case of Arkell v. Pressdram".
Sued - probably not. But they might well be at risk of prosecution. This is covered by the Data Protection Act 1998, one of the principles of which states that appropriate technical and training measures need to be taken against granting unauthorised access to data. If they are in breach of this they could well be prosecuted by the Information Commissioner's Office. DPA also requires that the data subject has consented to the processing, which makes me wonder whether by passing user data on to ACS:Law without a court order, ISP's are breaching the Data Protection Act.
The difference is that people are supposed to be able to trust the legal system. "Be prosecuted" shouldn't be a threat if you're innocent, and the fact that it is is a huge damnation of our system.
It's because they've both publicly stated that they will challenge requests for subscriber information that don't come complete with a court order - see this Torrentfreak article from a few days ago.
"While we all know that an ISP must comply with a court order once it’s issued, Plusnet and virtually every other ISP in the UK are giving the likes of Gallant Macmillan and ACS:Law a free ride by agreeing not to contest in advance."