British ISP Sky Broadband Cuts Off ACS:Law

An anonymous reader writes "British ISP Sky Broadband cut off ACS:Law and refuses to cooperate after at least 4,000 of their customers' information was carelessly leaked. According to Sky Broadband, 'We have suspended all co-operation with ACS:Law with immediate effect. This suspension will remain in place until ACS:Law demonstrates adequate measures to protect the security of personal information.' Sky Broadband had been providing customer information to ACS:Law as part of their anti-piracy operation."

and the pornography they're accused of sharing

[MichaelSmith]

..we need more detail about this. Examples are required.

Re:and the pornography they're accused of sharing

[jack2000]

Why hello there.

Re:and the pornography they're accused of sharing

[MoonBuggy]

One of the more interesting aspects of this story is the attempt at damage control that ACS:Law are trying to pull. To quote their statement to the BBC: "All our evidence does is identify an internet connection that has been utilised to share copyright work," he told BBC News when pressed about the BSkyB database. "In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," he added.

Seems a pretty sharp turnaround from threatening legal action against those people based on that same evidence, doesn't it?

Re:and the pornography they're accused of sharing

[jack2000]

Just wanted to remind people: If the torrent download link timeouts use the magnet link. It will work.

Re:and the pornography they're accused of sharing

[matazar]

I think the best part is them claiming that they were hacked, when in reality they made the site's backup available on their main page for all to download for a short period of time when they were trying to restore the site after the DDoS attack. A zip file that was not encrypted in any way that contained EVERYTHING.
Smart move guys! Especially considering the amount of page requests you were getting,

Re:and the pornography they're accused of sharing

[Clandestine_Blaze]

According to this article, 4chan was thought to be behind the data breach. There's even a screen shot in the article taken from the forums, though there's nothing in there that says what they were planning on doing specifically. Regardless of how the data was exposed, they deserve the potential half a million pound fine for keeping so much personal data on people in unencrypted files.

Actually, they're pretty lucky if they get away with only a half a million pound fine.

Re:and the pornography they're accused of sharing

[SuricouRaven]

Unencrypted files on a webserver at that.

4chan was the cause of the breach, but not intentionally. Their DDoS successfully shut down the website. ACS:Law's IT staff attempted to disable that function of their server in order to minimise the impact of the DDoS on other aspects of the business, but in their haste they screwd up and revealed that the site backups were actually on the webserver, hidden only by not publishing the filename to retrieve them. ACS took down the files for their website, server started returning the index page by default, backup files revealed.

Re:and the pornography they're accused of sharing

[Xest]

This is why they're in breach of the data protection act on a massive scale. The hack wasn't the result of the leak of customer data, their incompetence and poor data protection practices were.

The information commissioner's comments were interesting on the news last night- he said something along the lines of "I don't have the power to shut a company down, but I can issue a fine of upto half a million pounds which can obviously have a devastating effect on a company of this size". His comment seems quite telling as to what he perhaps has in store for this company due to the fact they've breached the DPA on a massive scale.

What I'm not sure about, is whether private citizens have any legal recourse for compensation also- can the people whose details were leaked now sue the company for this? If they were not the ones who downloaded the materials can they sue under defamation laws or similar? I know if I was on those lists I'd certainly be exploring my options to give them a taste of their own tactics.

Hopefully this will be devastating for ACS:Law, and it might also be worth noting that under the DPA individual employees can be held criminally responsible for unauthorised release of data too such that for example, the IT guy there who put the personal data on the public web may face a personal fine or prosecution also.

It's nice that for once, a combination of incompetence and assholery may just be receiving the kind of response it deserves rather than simply being sweeped under the carpet. Partly because our information commissioner is more keen on punishing private sector breaches like this that fall under his remit than the police or government are over similar matters (e.g. Phorm) that fall under theirs. The only downside to the guy is he still seems to let public sector breaches go largely unpunished - i.e. the infamous HMRC 25 million record breach, although I suspect that's more a case of the government exerting influence on him (i.e. the threat of redundancy).

Re:and the pornography they're accused of sharing

[Inda]

One was called "Chubby Chasers". I'm at work so I can't search it out. Maybe someone else would like to provide a link, so I can research it when I get home? Magnet links only please, I wouldn't want to end up on a list.

http://www.bbc.co.uk/newsbeat/11430299

"My partner had been made redundant and I know damn well that he was in bed and hadn't got up and started download pornography."

Hmm, yeah, right love.

Re:and the pornography they're accused of sharing

[Fembot]

See also: http://ktetch.blogspot.com/2010/09/acs-treated-like-criminals-by.html when the glove is on the other hand.

Re:and the pornography they're accused of sharing

The emails contain pirated songs. Starting with "Biggest Mistake.mp3". 1282583527.H337234P12555.mail2.dfsv61.com,S=8651454_2,S

Re:and the pornography they're accused of sharing

[Kijori]

What I'm not sure about, is whether private citizens have any legal recourse for compensation also- can the people whose details were leaked now sue the company for this? If they were not the ones who downloaded the materials can they sue under defamation laws or similar? I know if I was on those lists I'd certainly be exploring my options to give them a taste of their own tactics.

Under the Data Protection Act, data subjects (as they are rather unappealingly known) can claim damages from a company that does not process their data in accordance with the act. The firm here would appear to be rather egregiously in violation of the act, so damages will almost certainly be available. Even if they weren't, I suspect that an action for negligence would also succeed, on the grounds that the company did not take the steps that would be reasonable to avoid this information being released.

The more difficult question will be the damages. There are no grounds for exemplary or punitive damages here, so the only damages available will be compensatory, meaning that the claimant must show a loss that would be reasonably forseeable by someone releasing this information - damage to reputation would seem the obvious possibility. Given that there has been no widespread publication of the list (it has not, for example, been republished in newspapers), that, given its length, individuals are unlikely to come to any particular personal attention as a result of it, and that most people on the list will not trade based on a reputation that would be damaged by this list I don't think the damages will be particularly high. In an effort to restrain the figures that will be thrown around by Slashdotters I would point out that Elton John, a figure much more famous than most people on this list and whose reputation is important to his success, was awarded £25,000 for damage to his reputation following a much more damaging article. Unless people begin to be singled out and suffer harassment because of the list I cannot see how they could suffer damage beyond perhaps distress from the possibility of future harassment.

Of course I should add the standard disclaimer that you should never take legal advice from people on the internet. If you figure on the list the person best able to advise you is your solicitor.

Re:and the pornography they're accused of sharing

[Ash+Vince]

One of the more interesting aspects of this story is the attempt at damage control that ACS:Law are trying to pull. To quote their statement to the BBC: "All our evidence does is identify an internet connection that has been utilised to share copyright work," he told BBC News when pressed about the BSkyB database. "In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," he added.

Seems a pretty sharp turnaround from threatening legal action against those people based on that same evidence, doesn't it?

British liable law is a bitch. Threatening legal action is protected but any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true.

ACS Law know that and know that if a competing law firm started going round down list and offering people a no win, no fee deal then ACS Law could be defending itself from liable cases on a permanent basis. If the director of ACS Law stood up on TV and said that every person on this list had downloaded porn or even implied it he could suddenly find himself on the receiving end of one legal summons for every person on that list and they would be demanding a shit load more than £500. Liable cases for defamation in England have the damages set by home much the person who was defamed lost, and this can be a shit load if they lost some sort of contract or job as a result of appearing on this list.

This would not just bankrupt his company, this would be a bye bye house type scenario as he could be sued into personal bankruptcy. This would also shit all over him ever being the director of a company ever again and may well prevent him from being a solicitor.

So yes, what a surprise, he engages in a massive damage limitation exercise that desperately tries to keep him and his worthless little company just above water rather than so far underwater he was actually turning into oil.

Re:and the pornography they're accused of sharing

[rtb61]

More embarrassingly that disclosed information also detailed ASC:Law main business tactic. File copyright claims againts people for P2P porn ie. blackmail them into paying off rather than be publicly disclosed for sharing same rather nasty porn basically a 500 pounds a go.

More coverage here http://arstechnica.com/tech-policy/news/2010/09/amounts-to-blackmail-inside-a-p2p-settlement-letter-factory.ars/.

Apparently the normal route of extorting poor people to pay off rather than fight of the civil suits as done in the US doesn't really work in the UK as such the have gone down the blackmail route. It will be interesting to see what happens in France now that the right wing government has allowed open slather on basically baseless "WeSaySo" copyright claims (http://muppet.wikia.com/wiki/WESAYSO dinosaur claims from a dinosaur industry).

Re:and the pornography they're accused of sharing

[AmiMoJo]

If I were feeling evil I'd download the list and see who paid. I'd then send my own speculative invoices to all those people, knowing I will get a much better return rate than I would with random IP addresses (like ACS:Law were using).

If I were feeling really evil I'd just use the credit card information of people who paid to charge them and send them a receipt.

At the very least you can expect every credit card on the list to have been raped. If I were a bank I'd be looking to invoice ACS:Law for all fraudulent activity, administration, new cards etc.

Re:and the pornography they're accused of sharing

Unfortunately this comment is an example of one of the problems with Slashdot, and the one to which, I think, you allude in your signature: people confidently making statements about matters of which they have either no or next-to-no knowledge. It is also, I believe, an illustration of the danger when making such statements: others may assume them to be accurate and authoritative and repeat them to a wider audience, inevitably with the effect that eventually the comments begin, as here, to resemble the confused results of a game of Chinese whispers.

I should begin by pointing out that the law to which you refer is "libel". Liable is an adjective.

Secondly, it is not in any way correct to say that "any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true". This implies a level of rigidity of the law that quite simply is not correct. Moreover it ignores the provisions of the Defamation Act 1996 which can act to shield the defendant who has accidentally defamed a third party.

Thirdly it is not correct to imply as you do that a "damage limitation exercise" is necessitated to avoid legal action for defaming the people on the list. Defamation being a matter of fact for a jury it is not possible to say with certainty that they will not be held liable, but I would suggest that a reasonable person would not consider the list, accidentally published, to imply guilt. The case of Lewis v Daily Telegraph (1964) AC 234 might be a useful starting point to understand the courts' view in similar cases.

I don't propose here to set out the actual state of British defamation law, nor to explain the situation of the law firm here involved. My point was simply to point out that repeating Slashdot "wisdom" results in the perpetuation of ideas that are incorrect, sometimes dramatically.

Re:and the pornography they're accused of sharing

[Ash+Vince]

Unfortunately this comment is an example of one of the problems with Slashdot, and the one to which, I think, you allude in your signature: people confidently making statements about matters of which they have either no or next-to-no knowledge. It is also, I believe, an illustration of the danger when making such statements: others may assume them to be accurate and authoritative and repeat them to a wider audience, inevitably with the effect that eventually the comments begin, as here, to resemble the confused results of a game of Chinese whispers.

I should begin by pointing out that the law to which you refer is "libel". Liable is an adjective.

Secondly, it is not in any way correct to say that "any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true". This implies a level of rigidity of the law that quite simply is not correct. Moreover it ignores the provisions of the Defamation Act 1996 which can act to shield the defendant who has accidentally defamed a third party.

Thirdly it is not correct to imply as you do that a "damage limitation exercise" is necessitated to avoid legal action for defaming the people on the list. Defamation being a matter of fact for a jury it is not possible to say with certainty that they will not be held liable, but I would suggest that a reasonable person would not consider the list, accidentally published, to imply guilt. The case of Lewis v Daily Telegraph (1964) AC 234 might be a useful starting point to understand the courts' view in similar cases.

I don't propose here to set out the actual state of British defamation law, nor to explain the situation of the law firm here involved. My point was simply to point out that repeating Slashdot "wisdom" results in the perpetuation of ideas that are incorrect, sometimes dramatically.

Replying as an AC replied to my post with some damn useful and interesting info.

Firstly, a little aside: Many people on Slashdot will simply never see posts like this as they apply a -5 modifier to all posts from an AC and browse at a score of 1 or above only.

Secondly, thanks for the correction and the references to case law. I did actually study law many years ago but not libel (Law of Contract and Legal History).

I was trying to say in post that if the director of the company in question were to stand up and say "the people on the list all illegally downloaded porn" on national TV he would have certainly libelled the people contained on this list. This would open him up to a libel case from every person contained on this list which they stood every chance of winning. I do know enough about English libel law to state this with some degree of certainty. He could simply say he had no comment regarding this list but this would have made for a very short interview that would unlikely have been published.

I also know that damages in libel cases can run into large amounts of money very quickly if the plaintiff can prove they suffered measurable losses to that amount as a result of statement in question. Being the large number of people on the list this could drive a single defendant into personal bankruptcy very quickly. People who have been declared bankrupt and not discharged their debts are banned from acting as company directors and may even be sent to prison for doing so.

Now it is true under the Defamation Act 1996 that he may avoid being sued for libel if he chooses to make amends, but this is simply ridiculous as to use in this contact as it would still involve paying the aggrieved party any damages they felt they suffered.

I do concede though that my original post was pure junk, filled with misused words and piss poor grammatical errors. It was also very poorly written in terms of getting across my main point. Hopefully this one corrects that.

Re:and the pornography they're accused of sharing

It seems to me that there are a variety of interesting legal angles to this. For example, it may be at least possible that some people named have significant personal injury claims available to them given the nature of the titles - the classic example is someone who is an "in the closet" gay and has been outed as a result of what appears to be, frankly, gross negligence.

Alternatively, perhaps Sky or some of the other ISPs have an angle for claiming defamation?

And of course as a backdrop there is the argument that the entire operation always was a huge abuse of process. If this amounts to Perverting the Course of Justice then the Proceeds of Crime Act could possibly come into play (although it seems a bit far fetched that politically this would ever happen).

blackmail

[MadUndergrad]

So the blackmailer accidentally exposes the blackmail, and Sky is upset not because they've been working with a blackmailer but because the blackmail got out early. Classy.

Re:blackmail

[Moryath]

Of course Sky is upset because the blackmail got out - they were KNOWINGLY WORKING WITH THE BLACKMAILERS.

Whoever greenlit "working with" ACS:Law or anyone else of the sort at Sky ought to immediately be canned, stripped to their underwear, and unceremoniously thrown into the street never to find a job working at any telecommunications or technology firm again. And the people who hired those idiots should get the same treatment.

Re:blackmail

[Bahamut_Omega]

Shall we be employing the gibbet my lord? Or would the ax be more fitting for these scallywags? Maybe it's best we give them the long drop, seeing as they are pirates after all.

Re:blackmail

[mpe]

So the blackmailer accidentally exposes the blackmail, and Sky is upset not because they've been working with a blackmailer but because the blackmail got out early.

Hopefully the Information Commisioner's Office will next turn their attention to Sky and any other ISPs who have worked with this bunch of shysters.

Re:blackmail

Sky is Murdoch owned so they really just give fuck about themselves, their definitely more on the side of big media not consumers.

Re:blackmail

[interkin3tic]

ought to immediately be canned, stripped to their underwear, and unceremoniously thrown into the street

You're doing it wrong! If you fire them first, you don't get to coerce them to strip THEMSELVES down to their underwear and throw THEMSELVES into the street in vain attempts to save their jobs, then laugh at them when you tell them they're still fired.

Re:blackmail

[naich]

Everybody who gives even the smallest shit about the way Sky treat their customers should immediately unsubscribe to all Sky services.

But that would mean that they couldn't watch football. Oh well. It was a nice idea. Carry on screwing everyone with impunity Sky.

Re:blackmail

Actually Murdoch currently only owns 39%, but is actively trying to gain a majority stake.

Re:blackmail

[Hieronymus+Howard]

Sky were compelled by court orders to hand over these details to ACS Law. Sky also encrypted the data before sending it. ACS Law then posted the unencrypted data on their web site.

Sky are now going to challenge and fight these court orders.
http://www.guardian.co.uk/media/blog/2010/sep/28/bskyb-acslaw-filesharing

Re:blackmail

[Mr_Silver]

So the blackmailer accidentally exposes the blackmail, and Sky is upset not because they've been working with a blackmailer but because the blackmail got out early. Classy.

I'm waiting for O2 to speak out on the matter.

They appear to have been so busy handing over customer details on bogus court orders that they completely forgot to collect the £13,107.00 that ACS:Law owes them.

Re:blackmail

[Eskarel]

Do you really think that anyone who is getting their Internet from Rupert Murdoch and has other options actually cares about him sharing info with an anti piracy group? A data breach yes, after the UK gov lost so much data over the last decade even regular people are starting to care about that, but the fact that they were cooperating in the first place? Anyone who cares about that either has no choice or is using another ISP.

Re:blackmail

[rich_r]

Sky, in this context, are an ISP who were ordered by the courts to provide data to ACS law.
They provided the data in an encrypted format, it was ACS who failed to retain that encryption.

Re:blackmail

[BJ_Covert_Action]

I didn't know Donald Trump posted to Slashdot...

Re:blackmail

[ImprovOmega]

ought to immediately be canned, stripped to their underwear, and unceremoniously thrown into the street

You're doing it wrong! If you fire them first, you don't get to coerce them to strip THEMSELVES down to their underwear and throw THEMSELVES into the street in vain attempts to save their jobs, then laugh at them when you tell them they're still fired.

I hate being the slowest sociopath.

Re:blackmail

[pacman+on+prozac]

Same thing for Plus, they've put a FAQ up which states they were subject to court orders to turn over their customers details, here.

Should of refused to cooperate from the start.

[spikestabber]

Do UK ISP's not have a set of balls to stand up for their customers? They were so against the Digital Economy Act, but when it comes to giving up their customer details to a shady law outfit that wants to extort them, thats apparently just fine.

Re:Should of refused to cooperate from the start.

[arth1]

Do UK ISP's not have a set of balls to stand up for their customers?

More like "grin and bear it".
The British motto should probably be along the lines of "NOBIS AQVIESCIAM" (apologies for my rusty Latin).

Re:Should of refused to cooperate from the start.

Fuck damn it, it's "Should have" not "Should of" you goddamn illiterate moron. The contraction is "Should've".

Re:Should of refused to cooperate from the start.

[Robstafarian]

The parent comment is not flamebait; it is a correction which is required far too often in the context of native English speakers. The AC should have been more diplomatic, but that doesn't invalidate the point.

Re:Should of refused to cooperate from the start.

We all seem to forget who owns Sky in the first place...

This should not be surprising when you realise this is just another Murdoch operation.

Re:Should of refused to cooperate from the start.

Well, if we're going to be pedantic little bitches:

1. Who is "Fuck," and why should he damn it? Perhaps you were looking for "God damn it" or "fucking damn it?"

2. Punctuation goes on the inside of quotation marks, not the outside.

If you can't even get your shit together for a post criticizing somebody else's grammar, perhaps you should simply shut up?

Re:Should of refused to cooperate from the start.

[Eunuchswear]

Punctuation goes on the inside of quotation marks, not the outside.

Not in British usage (or traditional computer geek usage for that matter(*)).

* A true geek puts punctuation that is part of the quotation inside the quote marks, that which is not outside. Your punctuation inside the quoutes in the first of your points is an offense to our eyes, you should have written:

1. Who is "Fuck", and why should he damn it? Perhaps you were looking for "God damn it" or "fucking damn it"?

Re:Should of refused to cooperate from the start.

[LainTouko]

They're not a single cohesive group. Some do stand up for their customers, and oppose things like the Digital Economy Act, some just want to sell them out. It's not surprising to find one owned by Rupert Murdoch being of the latter persuasion.

Re:Should of refused to cooperate from the start.

[Spad]

Virgin & Talk Talk did; almost all the others agreed in advance not to contest applications by ACS:Law for court orders compelling them to divulge user information, which made it trivial for them to operate their little extortion scam.

Technically, it's a DPA breach for ISPs to provide user information to a 3rd party *without* a court order (or the explicit permission of the user in question).

Re:Should of refused to cooperate from the start.

[SuricouRaven]

This is correct - it's in the jargon file. The techie convention, which grow from programming, is to treat quotation marks as perfectly literal. What goes in them is an exact quote, character-for-character, byte-for-byte. That means you don't mess around with the punctuation inside just to make it easier to read.

This is also helpful when telling someone their password is "password." Is that period included or not? It's ambiguous in common english usage.

Re:Should of refused to cooperate from the start.

[Haedrian]

Its called money.

Re:Should of refused to cooperate from the start.

[Aceticon]

Do UK ISP's not have a set of balls to stand up for their customers? They were so against the Digital Economy Act, but when it comes to giving up their customer details to a shady law outfit that wants to extort them, thats apparently just fine.

This is Sky we're talking about here: they're a media-company/broadcaster with an ISP-to-make-the-packages-more-attractive on the side. Their main business is pay-TV. What do you expect from them?

In fact, given their main business line, they're glad that bottom-dweller-scum-feeding companies like ACS:Law exist and do what they do and probably even sent over a complimentary bottle of Champagne with their first list of customer names and addresses.

Same thing with other media businesses with ISPs on the side such as Virgin (a conglomerate that specializes in looking cool and self-benifiting billing mistakes).

Beyond that you have the big, mass-market, cheap-but-its-a-tenth-of-the-advertised-speed ISPs who don't really see the point in fighting for a couple (of thousands) of customers.

In the UK, if you want ISPs with a spine you need to go for the small ones, preferably those with fewer customers than the threshold of the Digital Economy Act (400,000). They're also the same that don't do fishy things like filtering your Internet, blocking ports, gathering and selling information on customer habits or throtling down connections. The big ones are either a joke or have interests in media and are thus likelly to make more money from their share of copyright infringement "fines" than from the actual customer fees.

This not being the US, laws where long ago passed to force the incumbent Telcos to open up their networks to any ISP, so there are a lot of smaller ISPs around.

Re:Should of refused to cooperate from the start.

No:

1. Who is "Fuck", and why should he damn it? Perhaps you were looking for "God damn it" or "fucking damn it"?

Yes:
1. Who is "Fuck!", and why should he damn it? Perhaps you were looking for "God damn it!" or "fucking damn it!"?

Re:Should of refused to cooperate from the start.

[SteveAstro]

Yes, afaik Zen internet refused to be buggered.

Re:Should of refused to cooperate from the start.

[Rogerborg]

Technically, it's a DPA breach for ISPs to provide user information to a 3rd party *without* a court order (or the explicit permission of the user in question).

ORLY?

Data Protection Act 1998
29 Crime and taxation

(1)Personal data processed for any of the following purposes--
(a)the prevention or detection of crime,
[...]

are exempt from the first data protection principle

Copyrights Designs and Patents Act 1988, section 107 1, (e)

107 Criminal liability for making or dealing with infringing articles,
(1)A person commits an offence who, without the licence of the copyright owner--
[...]
(e)distributes otherwise than in the course of a business to such an extent as to affect prejudicially the owner of the copyright
an article which is, and which he knows or has reason to believe is, an infringing copy of a copyright work.

Your belief about what the statutes say does not alter what the statutes say. The court orders are being used to compel disclosure, but there's nothing in the DPA that would prevent disclosure without them, for this purpose.

Re:Should of refused to cooperate from the start.

[aslate]

Yes, but Sky are also the major premium TV and content provider. Programmes broadcast on Freeview (free OTA digital terrestrial) are effectively free whereas you need to pay for Sky's TV, content and services. If people torrent programmes the biggest loser is Sky as you're less likely to subscribe, then the advertisers on commercial Freeview channels and the BBC who lose long-term DVD sales. If I can torrent a Sky-only show like House why would I be swayed to pay Sky £20/month for House with adverts?

Sky have an active interest in preventing people from torrenting, whereas most other ISPs are just ISPs and therefore have very little interest in restricting their customers. Virgin Media are another TV/ISP company and I remember them being fairly pro DEA too.

Re:Should of refused to cooperate from the start.

[krou]

The British motto should probably be along the lines of "NOBIS AQVIESCIAM"

What, ACS:Law they go the house?

Re:Should of refused to cooperate from the start.

[psm321]

I actually always thought of it this way even before I got into programming, and hated that teachers made me do it the other way. Quotes are supposed to be QUOTES and it just makes more sense to put the punctuation outside if it's not part of the quote.

Hmm...

[s0litaire]

...something about locks, a stable door and a horse comes to mind...

Re:Hmm...

[TheGratefulNet]

and for extra points, this horse happens to be named 'streisand'.

anyone who didn't know these guys were incompetants, knows it now.

For those like me who don't know what ACS:Law is..

[JoshuaZ]

ACS:Law is a British lawfirm that has done a lot of IP related stuff although apparently was not all prominent until their recent forays into dealing with piracy issues. http://en.wikipedia.org/wiki/ACS:Law . They should not be confused with the American Constitution Society, although that organization has the website acslaw.org. ACS:Law's homepage is http://www.acs-law.co.uk/ although amusingly enough it doesn't turn up on the first page of Google hits at all when you Google for "ACS Law."

Re:For those like me who don't know what ACS:Law i

[MichaelSmith]

They should not be confused with the American Constitution Society

And the Australian Computer Society.

Rudyard Kipling

[Bob9113]

It is wrong to put temptation in the path of any nation,
For fear they should succumb and go astray;
So when you are requested to pay up or be molested,
You will find it better policy to say: --

"We never pay any-one Dane-geld,
No matter how trifling the cost;
For the end of that game is oppression and shame,
And the nation that plays it is lost!"

- Kipling

ISPs, I know you see dollar signs in your eyes when you think of ways to be the gatekeeper, and find colluding with the usurpers profitable. But when you feed them, they grow. Be it government, lobby, or privileged corporation seeking more privilege, they will never stop. If you think you can make them your ally, you are fools. Their hunger cannot be sated. They will eat everyone you feed them, then finding their bellies fat but their plates empty, they will devour you.

Serve the user. Fight for the right to provide an honest service. There you will find a rare thing these days: A business model which is stable in the long run. The road you are on leads to fleeting riches followed by Herculean efforts just to restore the tenth part of what you are pissing away today.

Re:Rudyard Kipling

[AJWM]

Exactly so.

"...we've proved it again and again,
That if once you have paid him the Dane-geld
    You never get rid of the Dane."

Re:Rudyard Kipling

[rsborg]

Dane-geld today is what're called Monopoly Rents. Corporations that seek this kind of payment are rent-seeking (as opposed to profit-seeking, meaning to gain profits by value-add).

Re:Rudyard Kipling

[tehcyder]

Any landlord receiving rent on his land simply because his great-great (etc) grandparents happened to steal/acquire it x hundreds of years ago is not "adding value" or "engaging in profit-making activity" anyway.

Good tactic

[russotto]

This does suggest a way those willing to take direct action could hurt the xxAAs efforts. DDoS attacks are just a nuisance, but theft of sensitive data drives a wedge between the xxAAs and the ISPs they need to co-operate with them.

Re:Good tactic

[fluffy99]

This does suggest a way those willing to take direct action could hurt the xxAAs efforts. DDoS attacks are just a nuisance, but theft of sensitive data drives a wedge between the xxAAs and the ISPs they need to co-operate with them.

It's a fine line though. Some politician could easily spin this so that it appears that evil pirates are hacking into systems and exposing the personal data of innocent folks. Of course more legislation would be needed to go after these evil-doers.

Re:Good tactic

[Pax681]

without the DDOS attack the info would never have been accessible to those who took it thus , it could be said the DDOS was successful

Re:Good tactic

[N1AK]

Some politician could easily spin this so that it appears that evil pirates are hacking into systems and exposing the personal data of innocent folks.

Politicians don't need to spin it. People have used the anonymity of the internet (and safety of national borders) to harass someone. If the company used the same tactics against the (alleged) file sharers we'd be screaming bloody murder. Internet vigilantism, regardless of how just,will be part of the reason why further clampdowns on anonymity will happen.

Finally, it was the 'evil pirates' who did most of the damage sharing the personal data. ACS cocked up by making it available, but it wouldn't have spread over the web like wildfire if the DDoSers had the moral fortitude to resist the urge to spread it around. If anyone on that list suffers harm it will be because the attackers shared it so wildly. If I forget to lock your house and someone robs it then I'm to blame for not locking the house. The douche who stole your stuff is still a douche.

Re:Good tactic

The information was always available to those who took it. They just didn't know where to look. The DDOS revealed the files.

Re:Good tactic

[russotto]

Internet vigilantism, regardless of how just,will be part of the reason why further clampdowns on anonymity will happen.

So what do you suggest? That everyone take no effective action, for fear that this action will be an excuse for reprisals? You say "vigilantism" as if it's always unacceptable, but what alternative exists when authority is on the side of those doing wrong in the first place?

Re:For those like me who don't know what ACS:Law i

[iammani]

A small correction. Their homepage is http://www.acs-law.org.uk/ . Anyway they seem to have been slashdotted (and 4channed probably), so it doesnt matter what their website is.

Great PR

[Psychor]

It seems Sky are very quick to trumpet in a press release how wonderful they are now that they've decided not to continue handing over thousands of customer details to a company with woefully inadequate security procedures (for now). However personally I'd be more impressed if they'd verified that the details would be handled securely before handing them over and getting them leaked in the first place.

I guess the main lesson for us Brits here is to make sure all your pornography is hardcore enough that it's illegal in the UK, then you can't be held in breach of copyright for sharing it. You will of course break some other laws, but there isn't much that's legal here these days anyway!

Re:Great PR

[shermo]

Yeah Sky aren't the good guys here.

If you entrust a person's personal details to a third party and that third party leaks it, you're responsible. The third party is too, but you gave them the info in the first place when you didn't have permission to do so.

Impressive backpeddling though.

Re:Great PR

[mpe]

It seems Sky are very quick to trumpet in a press release how wonderful they are now that they've decided not to continue handing over thousands of customer details to a company with woefully inadequate security procedures (for now).

Were they actually complying with the law in handing over the data in the first place? This is the kind of question the ICO needs to be asking of Sky (and other ISPs).

However personally I'd be more impressed if they'd verified that the details would be handled securely before handing them over and getting them leaked in the first place.

If they were to do this they should be charging that company a suitable fee. Probably also requiring a suitable court order.

Re:Great PR

[mpe]

If you entrust a person's personal details to a third party and that third party leaks it, you're responsible. The third party is too, but you gave them the info in the first place when you didn't have permission to do so.

Even if the third party dosn't leak the data then you've still most likely broken the law by passing the data to them.

Re:Great PR

[tehcyder]

I guess the main lesson for us Brits here is to make sure all your pornography is hardcore enough that it's illegal in the UK, then you can't be held in breach of copyright for sharing it.

I think I'd rather be done for copyright infringement and pay a fine than have my name spread over the newspapers for owning paedo-snuff (or whatever it would have to be illegal now) movies and going to prison for a few decades.

Re:Great PR

[Drakkenmensch]

Ah, but the difference here is that the judicial system has an obligation of A) proving your guilt and B) giving you a trial. The recording industry do not bother themselves with either, rather they extort you for rather hefty sums, threatening to ruin you with the cost of defending yourself in court if you don't give into their blackmail.

Re:Great PR

[MrNemesis]

I think the parent is referring to the so-called laws banning "obscene" pornography in the UK (mostly S&M IIRC). The same hilarious laws that say "You can legally DO that thing to that person... but if you film it, take a photo of it or write about it you're going to prison!". Forget the name of the law itself and google isn't proving helpful.

Of course, what with "obscenity" being the best Aunt Sally in the world - especially when you aren't allowed to describe what it is - no-one wants to back the victims of an idiotic law. Because, y'know, if you support free speech and/or logical laws you must be one of those obscene people and the stuff I see in my head when I think of "obscenity" makes me disgust you!

What's the legality of the ISP sharing the info?

[fluffy99]

Just wondering if the customers have any grounds for suing the ISP. Did their contract have terms that even allowed them to share the info with this legal firm? Would inspection of the traffic flows to generate the data provided to the law firm constitute invasion of privacy or illegal wiretapping?

Re:What's the legality of the ISP sharing the info

[mysidia]

You know... the UK has this thing called the Data Protection Act

I'm very concerned about Sky Broadband's actions, and I wonder how they could possibly be legal under the act.

The Internet is for Porn

"...the ultimate exposure of thousands of individual's personal information - their IP addresses, their names, addresses, and the pornography they're accused of sharing."

Oh. Um, well, DAMMIT!

Re:The Internet is for Porn

[Drakkenmensch]

"...the ultimate exposure of thousands of individual's personal information - their IP addresses, their names, addresses, and the pornography they're accused of sharing." Oh. Um, well, DAMMIT!

Interesting. If this whole mess if about the sharing of porn, why are only mainstream movies and music concerned in those sort of accusations, and why is the porn industry not taking the same stand as Hollywood and the recording industry? You'd almost think that pornographers have... ethical standards.

Re:For those like me who don't know what ACS:Law i

[PatPending]

A small correction. Their homepage is http://www.acs-law.org.uk/ . Anyway they seem to have been slashdotted (and 4channed probably), so it doesnt matter what their website is.

Slashdotted my arse; did you read the title of the post? British ISP Sky Broadband Cuts Off ACS:Law (emphasis added).

Perhaps Mr. Praline can explain it better:

'E's passed on! This website is no more! It has ceased to be! 'E's expired and gone to meet 'is maker! 'E's a stiff! Bereft of life, 'e rests in peace! If you hadn't nailed 'im to the server rack 'e'd be pushing up the daisies! 'Is metabolic processes are now 'istory! 'E's off the twig! 'E's kicked the bucket, 'e's shuffled off 'is mortal coil, run down the curtain and joined the bleedin' choir invisibile!! THIS IS AN EX-WEBSITE!!

Re:What's the legality of the ISP sharing the info

Given how BT and Talk Talk more or less got away scot free when they were selling out to Phorm, chances are you've got more chance of winning the lotto in every country on earth on the same day than getting a monster like Sky into court and winning.

Re:For those like me who don't know what ACS:Law i

[iammani]

British ISP Sky Broadband Cuts Off ACS:Law

Mmm, I read it as British ISP Sky Broadband Cuts Off [Ties with/Cooperation with] ACS:Law. Now that I have RTFAed, it seems they actually did mean it both literally (cut access to the website) and figuratively (cooperation with ACS:Law).

Re:What's the legality of the ISP sharing the info

[SydShamino]

Had you read the Plusnet link in the summary, you'd see, at least for that ISP, ACS:Law requested and received court orders requiring the delivery of customer information. It's not likely that they took different action with Sky Broadband.

In other (U.S.) words, ACS:Law acquired sensitive information via John Doe discovery, then put that information, unencrypted, on their web site. The people who provided it to ACS:Law under the directive of a court order aren't likely culpable.

Re:I'm confused...

I thought America didn't condone torture.

No, no, America doesn't condone "torture." You have to put quotes around it because it's what you would call a term of art, rather than what normal people understand by the word torture.

Re:For those like me who don't know what ACS:Law i

[gmhowell]

I thought it was some weird perl module.

Of course; this is the Murdochs

[Kupfernigk]

Whose newspapers are now behind a paywall? Whose online readers are widely believed to have nosedived? Who wants to prop up their business model by slowly working to outlaw all free content on the Web?

Anybody who thought it was a good idea to buy their internet connection from a media company obviously doesn't understand how capitalism works.

Slightly OT, the failure to understand the need to separate content from channel was one of the major failings of the last British Government, along with Mandelson's "Digital Economy Act", which basically gave citizens no redress against these coercive lawyers. I'm waiting to see if Ed Miliband will get this, and consign Mandelson to the dustbin. But I'm not hopeful.

Re:For those like me who don't know what ACS:Law i

[socsoc]

Did you read TFA?

The ISP Sky Broadband today stated they cut off further cooperation with ACS:Law...

Re:For those like me who don't know what ACS:Law i

[mpe]

I thought it was some weird perl module.

No doubt someone will now write a perl module which accuses random ISP customers of copyright infringement.

Re:What's the legality of the ISP sharing the info

[SuricouRaven]

Under the DPA, the customer must be informed. Just what 'informed' means is open to interpretation. It is usually sufficient to include a single line on page 37 of the 98-page contract. Such contracts also have a standard clause allowing the ISP to change the terms at will.

Kipling was indeed a prophet

[Kupfernigk]

Given our current financial crisis, I can't help adding a bit more Kipling:

As I pass through my incarnations in every age and race,
I make my proper prostrations to the Gods of the Market Place.
Peering through reverent fingers I watch them flourish and fall,
And the Gods of the Copybook Headings, I notice, outlast them all.

The "Gods of the Copybook Headings" are exactly what you are describing.

Kipling was widely regarded as an Imperialist, but in fact he believed in the fundamental equality of all human beings - the heroes of Kim are, respectively, Irish, Afghan, East Indian and Tibetan Buddhist - the importance of blue-collar workers, and the importance of a stable economy based on mutual trust. It's a pity he has no modern equivalent.

Re:Kipling was indeed a prophet

[Deefburger]

He does! Libertarians and libertarian philosophers. Mises, Hayek, Rothbard. Tucker, French, Kinsella, Block....

Re:What's the legality of the ISP sharing the info

[mpe]

Had you read the Plusnet link in the summary, you'd see, at least for that ISP, ACS:Law requested and received court orders requiring the delivery of customer information. It's not likely that they took different action with Sky Broadband.

If this was the case then Sky's refusal to co-operate press release dosn't make much sense. If you don't want to follow a court order you take the matter up with the courts not whoever got a court to issue it...

I'll say it.

[Revvy]

Nice work, anonymous. Thanks.

Re:I'll say it.

Nice work, anonymous. Thanks.

You're welcome

Are Sky Liable?

[symes]

IANAL - but my understanding of British Data Protection Law is that the person who owns the data is ultimately responsible for how that data is used. So by giving their customers' personal information to ACS, which was in turn leaked, might mean Sky customers can take action against Sky. Maybe there's someone here who can advise?

Re:Are Sky Liable?

[jonnyj]

Under the DPA, there's an arcane difference between data controllers and data processors. ACS:Law would almost certainly have beome a controller of this data, so Sky's responsibility would have ended once it was securely transferred. A particular problem for ACS:Law is that the DPA places additional safeguards around sensitive data, which includes sexual orientation and practice. Data that allegedly describes individuals' pornography viewing habits almost certainly falls within that definition, and deserves particular security measures. The ICO is right to be incandescent with rage.

Re:Are Sky Liable?

[tehcyder]

IANAL.

But I suspect Sky are breaking the Second Amendment to the Constitution in this matter.

Re:Are Sky Liable?

The basic DPA test is of whether you're a "data owner" or merely a "data processor" is whether or not you're acting under contract for the original owner, under their direction.

In this instance, ACS are the data owner, not Sky.

Re:Are Sky Liable?

[Zaiff+Urgulbunger]

Not sure in Sky's case, but in BT's case, they've doubley cocked up by sending the information to ACS:Law via an unencrypted email attachement. This, according to the BBC, means BT "appear to be in contempt of a high court order" since the initial request specified that the data be supplied as an encrypted Excel spreadsheet on a CD or other digital media.

So, one "Prakash Mistry", a lawyer working for BT who sent the unencrypted data to ACS:Law has presumably got himself stuck neck deep in shit... although presumably he had to ask IT for the data, so maybe they're in the shit too? Shame that these particular peoples were almost certainly not being particularly evil, just a bit dumb, and now they're going to get beaten up pretty bad in the cross fire.

I can't believe how hilariously this is panning out though -- Andrew Crossley must be seriously regretting his comments. Ha ha!! :D

Re:Are Sky Liable?

[SenseiLeNoir]

This is the UK, the second Amendment is US specific, but this case/situation is entirely British.

Re:For those like me who don't know what ACS:Law i

[Eunuchswear]

I thought it was some weird perl module.

That would be ACS::Law.

ACS:Law sounds like an American TV series.

winter boots

Law requested and received court orders requiring the delivery of customer information. It's not likely that they took different action with Sky Broadband.http://www.typier.com

Very difficult

[Kupfernigk]

You would have, in effect, to show that Sky were negligent in ensuring that the requester of the data compliant with the Act. This is the Act that was rushed through in the dying days of New Labour by Mandelson in an effort to retain the support of ...the Murdochs, major Sky shareholders.

So I would say, no chance. Go after the "law firm".

Re:Very difficult

[LordSnooty]

The Digital Economy Act was the one rushed through Parliament. The Data Protection Act is the one that might have been breached here.

acs law probably broke the law

[Colin+Smith]

the data protection act requires you to take reasonable steps to protect information . Putting it on a web site does not seem reasonable .

Re:acs law probably broke the law

It most certainly is. After all if any one should dare defeat the unbreakable security of the 'right click and then copy' they are criminals, terrorists, homosexuals, and evil-capitalist-haters. The should be sued into bankruptcy to be made proper examples.

Re:What's the legality of the ISP sharing the info

[arkhan_jg]

ACS:Law were using Norwich Pharmacal civil orders against the ISPs; there basically demand information relevant to a future court case from a third party, in this case the ISP. Sky broadband chose not to contest these court orders, and just supinely handed over the data. Nor did they notify their subscribers that such an order was taking place, so they could fight it if they chose.

In fact, ACS:Law were combining these requests into huge tranches of data - one such recent one was 25,000 BT Broadband IP addresses, expected to ID 15,000 subscribers.

Virgin and Talk Talk refused to go along with these orders without a fight - potentially forcing ACS:Law to do a Norwich Pharmacal order per individual IP, which would be ruinously expensive - so the leaked emails reveal that ACS:Law specifically did not target them.

So yes, it's true that Sky Broadband were under court order - but it was one they supinely accepted, with the IP addresses in bulk. Uncontested, the judge has little choice but to rubber-stamp the request from ACS:Law. Sky may not be at fault for the data breach (they hand the data over securely), but they certainly are for co-operating with ACS:Law, a known dodgy legalised extortion outfit, without even bothering to attempt to protect their customers.

ACS:Law is under investigation by the Solicitors Regulation Authority for the way they go about their 'letters with menaces, demanding £495 or else' campaign; Crossley, their head solicitor, has been investigated twice before.

Re:What's the legality of the ISP sharing the info

[RMH101]

It's all disinformation. Some ISPs hand data over without a court order, such as Sky and others. Other ISPs, such as Talk Talk and Virgin, took a stand and refused to do so without a court order.

Re:For those like me who don't know what ACS:Law i

[Gordonjcp]

It looks more like their DNS isn't resolving. Sky Broadband provide domestic broadband, so unless they are running their DNS on a box hanging off someone's home ADSL it seems unlikely that they mean "cut off" as in "disconnected".

Re:What's the legality of the ISP sharing the info

[dugeen]

"If you use +1 Insightful to mean +1 Agree, I'll use -1 Overrated if I disagree." - surely that policy merely doubles the inaccuracy of the score for such posts?

Re:What's the legality of the ISP sharing the info

[pumpkin2146]

I am not a lawyer, although I do work with data protection as part of my profession.

Sky are clearly caught between a rock and a hard place here. They have two different duties under the law

- Comply with the court order ACS:Law have obtained, and provide the account holder details matching the IP address/Timestamp.

- Under the Data Protection Act 1998, principle 7, to ensure : "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data."

Clearly ACS:Law have demonstrated themselves incapable of sufficiently protecting the data, and therefore to continue to cooperate with them would place Sky in breach of the DPA. Of course not complying with a court order is Contempt of Court.

What you going to do ?

It gets better....

[Computershack]

What the story failed to mention is that ACS:Law lawyers are already due to be brought to a tribuneral by the Law Society to explain their conduct. It could lead to them being disbarred. This only serves to fan the flames of the raging fire against them.

Re:What's the legality of the ISP sharing the info

[mysidia]

Yes... I wonder specifically how they are following this part though...

Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

I don't know in what world having a third party posting personal data to a web site yourself counts as appropriate technical and organizational measures.

Also, as ACS:Law is a UK-based organization themselves, they also have to obey the act, even though they don't have any contract or agreement at all with the people whose information they have obtained.

Re:What's the legality of the ISP sharing the info

[jimbob666]

I don't think so. There was a court order involved and it is something to do with the 'Digital Economy Act' here in the UK.

http://www.bbc.co.uk/blogs/thereporters/rorycellanjones/2010/09/acslaw.html

I love how this story is developing. A law firm not following the UK Data Protection Act? Now that's a thing to behold...

How dare this ISP cut me off!

How dare this ISP cut me off!
What are they doing? Seceretly support the website by protecting it against another DDOS?
Afraid that they might find more on the relationship with said ISP perchance?
Or are is the ISP just worried for their profits because the line to the website it 'too full'?

No ISP has the right to cut of websites. EVER

Re:I'm confused...

OP here. How my post ended up here instead of on http://slashdot.org/story/10/09/29/0434232/Star-Wars-Films-In-3D-Due-In-2012 , I have no idea.

I could have sworn I posted on the right one. Well, too late now. If I post there, it's just going to get overlooked.

Basically, I was referring to the Star Wars films being made in 3D as a form of torture. Maybe I clicked on the wrong window and replied here instead.

Data leak was probably intentional

[SadieJane]

All the world governments are looking to shutdown or restrict or control the internet in some way.

Internet just makes it possible for people to find whistleblowers or activities governments do not revealed. You know, some real truth, as compared to main stream media dribble.

The EASIEST way for governments to initiate net neutrality authority, with minimal public resistance, is to FIRST CREATE A PROBLEM, and then enact restrictions under guise of necessary response.

And that would create a crack. Just a few more well-placed cracks, and the internet, as we know it, comes tumbling down.