Slashdot Mirror
UK ISPs Profit From Coughing Up Customer Data
nk497 writes "ISPs in the UK are charging as much as £120 to hand customer data over to rightsholders looking for proof of piracy, according to the Federation Against Software Theft. While ISPs have to hand over log details for free in criminal cases, they are free to charge in civil cases — and can set the price. 'In 2006, we ran Operation Tracker in which we identified about 130 users who were sharing copies of a security program over the web,' said John Lovelock, chief executive of FAST. 'In the end we got about 100 names out of them, but that cost us £12,000, and that was on top of the investigative costs and the legal fees.'"
From a previous /. story you may recall that the UK has pretty stringent laws on the disclosure of personal data. Basically no disclosure to third parties without court order.
Flamebait or not, Time Warner ISP in the states does just this, claiming they can only process one of these requests PER DAY.
Not exactly sure about the UK, but I know here in Canada that FOIP (Freedom of Information and Privacy Act) has provisions that mean that ISPs aren't allowed to give out that info without a court order, and would be subject to Federal criminal prosecution if they did hand out the info to private 3rd parties. I had thought the laws were similar in the UK. It would be interesting if one of these users sued their ISP for unlawful disclosure of personal information. The privacy act in the UK can be nasty to those who break it. It all depends whether that information is protected or not. FOIP is the big reason why you don't see these types of lawsuits in Canada, that and a long history of the Canadian courts telling rights holders "tough noogies" when they sue people who make copies for personal use - we pay a blank media tax that gets divvied up amongst rights holders as a hedge against piracy.
What, you can't read the Act?
Go on, argue that copyright infringement isn't a "crime". Then read the Copyrights Designs and Patents Act 1988, section 107 1, (e)
That's the controlling statute. The only argument to be made is whether sharing a file constitutes "distributes [...] to such an extent as to affect prejudicially the owner of the copyright".
Now, we can have an informed debate. Go ahead.
If you were blocking sigs, you wouldn't have to read this.
OP said
Actually, ISPs routinely charge the cost of obtaining, processing and handing over log details when asked for it by law enforcement authorities under the Regulation of Investigatory Powers Act 2000, including when the data is needed for criminal investigations.
ISPs aren't allowed to make a profit from providing this data, whether for civil litigation or criminal investigations, just recover their costs. However ISPs' costs can be substantial: ISPs don't just spend time fishing out the records and handing them over, there are also significant overheads in training and systems to ensure this data is only handed over when it should be, to make sure the requesting authority is genuine and the ISP isn't being subjected to an imposter trying a social engineering attack, and so forth. Larger ISPs/telcos run dedicated units to cope with the high volumes of request from public authorities (in total, hundreds of thousands of RIPA requests are made each year, although most of these are for telephony data rather than Internet accounts).
For confirmation see Chapter Four of the relevant Code of Practice.