British ISP Sky Broadband Cuts Off ACS:Law

An anonymous reader writes "British ISP Sky Broadband cut off ACS:Law and refuses to cooperate after at least 4,000 of their customers' information was carelessly leaked. According to Sky Broadband, 'We have suspended all co-operation with ACS:Law with immediate effect. This suspension will remain in place until ACS:Law demonstrates adequate measures to protect the security of personal information.' Sky Broadband had been providing customer information to ACS:Law as part of their anti-piracy operation."

Should of refused to cooperate from the start.

[spikestabber]

Do UK ISP's not have a set of balls to stand up for their customers? They were so against the Digital Economy Act, but when it comes to giving up their customer details to a shady law outfit that wants to extort them, thats apparently just fine.

Comment removed

[account_deleted]

Comment removed based on user account deletion

What's the legality of the ISP sharing the info?

[fluffy99]

Just wondering if the customers have any grounds for suing the ISP. Did their contract have terms that even allowed them to share the info with this legal firm? Would inspection of the traffic flows to generate the data provided to the law firm constitute invasion of privacy or illegal wiretapping?

Re:What's the legality of the ISP sharing the info

[Anonymous Coward]

Given how BT and Talk Talk more or less got away scot free when they were selling out to Phorm, chances are you've got more chance of winning the lotto in every country on earth on the same day than getting a monster like Sky into court and winning.

Re:What's the legality of the ISP sharing the info

[SuricouRaven]

Under the DPA, the customer must be informed. Just what 'informed' means is open to interpretation. It is usually sufficient to include a single line on page 37 of the 98-page contract. Such contracts also have a standard clause allowing the ISP to change the terms at will.

Kipling was indeed a prophet

[Kupfernigk]

Given our current financial crisis, I can't help adding a bit more Kipling:

As I pass through my incarnations in every age and race,
I make my proper prostrations to the Gods of the Market Place.
Peering through reverent fingers I watch them flourish and fall,
And the Gods of the Copybook Headings, I notice, outlast them all.

The "Gods of the Copybook Headings" are exactly what you are describing.

Kipling was widely regarded as an Imperialist, but in fact he believed in the fundamental equality of all human beings - the heroes of Kim are, respectively, Irish, Afghan, East Indian and Tibetan Buddhist - the importance of blue-collar workers, and the importance of a stable economy based on mutual trust. It's a pity he has no modern equivalent.

Re:Great PR

[mpe]

It seems Sky are very quick to trumpet in a press release how wonderful they are now that they've decided not to continue handing over thousands of customer details to a company with woefully inadequate security procedures (for now).

Were they actually complying with the law in handing over the data in the first place? This is the kind of question the ICO needs to be asking of Sky (and other ISPs).

However personally I'd be more impressed if they'd verified that the details would be handled securely before handing them over and getting them leaked in the first place.

If they were to do this they should be charging that company a suitable fee. Probably also requiring a suitable court order.

Are Sky Liable?

[symes]

IANAL - but my understanding of British Data Protection Law is that the person who owns the data is ultimately responsible for how that data is used. So by giving their customers' personal information to ACS, which was in turn leaked, might mean Sky customers can take action against Sky. Maybe there's someone here who can advise?

Re:Should of refused to cooperate from the start.

[Spad]

Virgin & Talk Talk did; almost all the others agreed in advance not to contest applications by ACS:Law for court orders compelling them to divulge user information, which made it trivial for them to operate their little extortion scam.

Technically, it's a DPA breach for ISPs to provide user information to a 3rd party *without* a court order (or the explicit permission of the user in question).

Re:Should of refused to cooperate from the start.

[SuricouRaven]

This is correct - it's in the jargon file. The techie convention, which grow from programming, is to treat quotation marks as perfectly literal. What goes in them is an exact quote, character-for-character, byte-for-byte. That means you don't mess around with the punctuation inside just to make it easier to read.

This is also helpful when telling someone their password is "password." Is that period included or not? It's ambiguous in common english usage.

Re:and the pornography they're accused of sharing

[Kijori]

What I'm not sure about, is whether private citizens have any legal recourse for compensation also- can the people whose details were leaked now sue the company for this? If they were not the ones who downloaded the materials can they sue under defamation laws or similar? I know if I was on those lists I'd certainly be exploring my options to give them a taste of their own tactics.

Under the Data Protection Act, data subjects (as they are rather unappealingly known) can claim damages from a company that does not process their data in accordance with the act. The firm here would appear to be rather egregiously in violation of the act, so damages will almost certainly be available. Even if they weren't, I suspect that an action for negligence would also succeed, on the grounds that the company did not take the steps that would be reasonable to avoid this information being released.

The more difficult question will be the damages. There are no grounds for exemplary or punitive damages here, so the only damages available will be compensatory, meaning that the claimant must show a loss that would be reasonably forseeable by someone releasing this information - damage to reputation would seem the obvious possibility. Given that there has been no widespread publication of the list (it has not, for example, been republished in newspapers), that, given its length, individuals are unlikely to come to any particular personal attention as a result of it, and that most people on the list will not trade based on a reputation that would be damaged by this list I don't think the damages will be particularly high. In an effort to restrain the figures that will be thrown around by Slashdotters I would point out that Elton John, a figure much more famous than most people on this list and whose reputation is important to his success, was awarded £25,000 for damage to his reputation following a much more damaging article. Unless people begin to be singled out and suffer harassment because of the list I cannot see how they could suffer damage beyond perhaps distress from the possibility of future harassment.

Of course I should add the standard disclaimer that you should never take legal advice from people on the internet. If you figure on the list the person best able to advise you is your solicitor.

Re:and the pornography they're accused of sharing

[Ash Vince]

One of the more interesting aspects of this story is the attempt at damage control that ACS:Law are trying to pull. To quote their statement to the BBC: "All our evidence does is identify an internet connection that has been utilised to share copyright work," he told BBC News when pressed about the BSkyB database. "In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," he added.

Seems a pretty sharp turnaround from threatening legal action against those people based on that same evidence, doesn't it?

British liable law is a bitch. Threatening legal action is protected but any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true.

ACS Law know that and know that if a competing law firm started going round down list and offering people a no win, no fee deal then ACS Law could be defending itself from liable cases on a permanent basis. If the director of ACS Law stood up on TV and said that every person on this list had downloaded porn or even implied it he could suddenly find himself on the receiving end of one legal summons for every person on that list and they would be demanding a shit load more than £500. Liable cases for defamation in England have the damages set by home much the person who was defamed lost, and this can be a shit load if they lost some sort of contract or job as a result of appearing on this list.

This would not just bankrupt his company, this would be a bye bye house type scenario as he could be sued into personal bankruptcy. This would also shit all over him ever being the director of a company ever again and may well prevent him from being a solicitor.

So yes, what a surprise, he engages in a massive damage limitation exercise that desperately tries to keep him and his worthless little company just above water rather than so far underwater he was actually turning into oil.

Re:Great PR

[MrNemesis]

I think the parent is referring to the so-called laws banning "obscene" pornography in the UK (mostly S&M IIRC). The same hilarious laws that say "You can legally DO that thing to that person... but if you film it, take a photo of it or write about it you're going to prison!". Forget the name of the law itself and google isn't proving helpful.

Of course, what with "obscenity" being the best Aunt Sally in the world - especially when you aren't allowed to describe what it is - no-one wants to back the victims of an idiotic law. Because, y'know, if you support free speech and/or logical laws you must be one of those obscene people and the stuff I see in my head when I think of "obscenity" makes me disgust you!

Re:and the pornography they're accused of sharing

[Anonymous Coward]

Unfortunately this comment is an example of one of the problems with Slashdot, and the one to which, I think, you allude in your signature: people confidently making statements about matters of which they have either no or next-to-no knowledge. It is also, I believe, an illustration of the danger when making such statements: others may assume them to be accurate and authoritative and repeat them to a wider audience, inevitably with the effect that eventually the comments begin, as here, to resemble the confused results of a game of Chinese whispers.

I should begin by pointing out that the law to which you refer is "libel". Liable is an adjective.

Secondly, it is not in any way correct to say that "any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true". This implies a level of rigidity of the law that quite simply is not correct. Moreover it ignores the provisions of the Defamation Act 1996 which can act to shield the defendant who has accidentally defamed a third party.

Thirdly it is not correct to imply as you do that a "damage limitation exercise" is necessitated to avoid legal action for defaming the people on the list. Defamation being a matter of fact for a jury it is not possible to say with certainty that they will not be held liable, but I would suggest that a reasonable person would not consider the list, accidentally published, to imply guilt. The case of Lewis v Daily Telegraph (1964) AC 234 might be a useful starting point to understand the courts' view in similar cases.

I don't propose here to set out the actual state of British defamation law, nor to explain the situation of the law firm here involved. My point was simply to point out that repeating Slashdot "wisdom" results in the perpetuation of ideas that are incorrect, sometimes dramatically.

Re:and the pornography they're accused of sharing

[Ash Vince]

Unfortunately this comment is an example of one of the problems with Slashdot, and the one to which, I think, you allude in your signature: people confidently making statements about matters of which they have either no or next-to-no knowledge. It is also, I believe, an illustration of the danger when making such statements: others may assume them to be accurate and authoritative and repeat them to a wider audience, inevitably with the effect that eventually the comments begin, as here, to resemble the confused results of a game of Chinese whispers.

I should begin by pointing out that the law to which you refer is "libel". Liable is an adjective.

Secondly, it is not in any way correct to say that "any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true". This implies a level of rigidity of the law that quite simply is not correct. Moreover it ignores the provisions of the Defamation Act 1996 which can act to shield the defendant who has accidentally defamed a third party.

Thirdly it is not correct to imply as you do that a "damage limitation exercise" is necessitated to avoid legal action for defaming the people on the list. Defamation being a matter of fact for a jury it is not possible to say with certainty that they will not be held liable, but I would suggest that a reasonable person would not consider the list, accidentally published, to imply guilt. The case of Lewis v Daily Telegraph (1964) AC 234 might be a useful starting point to understand the courts' view in similar cases.

I don't propose here to set out the actual state of British defamation law, nor to explain the situation of the law firm here involved. My point was simply to point out that repeating Slashdot "wisdom" results in the perpetuation of ideas that are incorrect, sometimes dramatically.

Replying as an AC replied to my post with some damn useful and interesting info.

Firstly, a little aside: Many people on Slashdot will simply never see posts like this as they apply a -5 modifier to all posts from an AC and browse at a score of 1 or above only.

Secondly, thanks for the correction and the references to case law. I did actually study law many years ago but not libel (Law of Contract and Legal History).

I was trying to say in post that if the director of the company in question were to stand up and say "the people on the list all illegally downloaded porn" on national TV he would have certainly libelled the people contained on this list. This would open him up to a libel case from every person contained on this list which they stood every chance of winning. I do know enough about English libel law to state this with some degree of certainty. He could simply say he had no comment regarding this list but this would have made for a very short interview that would unlikely have been published.

I also know that damages in libel cases can run into large amounts of money very quickly if the plaintiff can prove they suffered measurable losses to that amount as a result of statement in question. Being the large number of people on the list this could drive a single defendant into personal bankruptcy very quickly. People who have been declared bankrupt and not discharged their debts are banned from acting as company directors and may even be sent to prison for doing so.

Now it is true under the Defamation Act 1996 that he may avoid being sued for libel if he chooses to make amends, but this is simply ridiculous as to use in this contact as it would still involve paying the aggrieved party any damages they felt they suffered.

I do concede though that my original post was pure junk, filled with misused words and piss poor grammatical errors. It was also very poorly written in terms of getting across my main point. Hopefully this one corrects that.