Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Privacy United Kingdom Piracy The Internet

British ISP Sky Broadband Cuts Off ACS:Law 121

An anonymous reader writes "British ISP Sky Broadband cut off ACS:Law and refuses to cooperate after at least 4,000 of their customers' information was carelessly leaked. According to Sky Broadband, 'We have suspended all co-operation with ACS:Law with immediate effect. This suspension will remain in place until ACS:Law demonstrates adequate measures to protect the security of personal information.' Sky Broadband had been providing customer information to ACS:Law as part of their anti-piracy operation."
This discussion has been archived. No new comments can be posted.

British ISP Sky Broadband Cuts Off ACS:Law

Comments Filter:
  • by MichaelSmith ( 789609 ) on Tuesday September 28, 2010 @09:30PM (#33730442) Homepage Journal

    ..we need more detail about this. Examples are required.

    • by jack2000 ( 1178961 ) on Tuesday September 28, 2010 @09:32PM (#33730452)
      Why hello there. [thepiratebay.org]
      • Just wanted to remind people: If the torrent download link timeouts use the magnet link. It will work.
    • Comment removed (Score:5, Interesting)

      by account_deleted ( 4530225 ) on Tuesday September 28, 2010 @09:57PM (#33730576)
      Comment removed based on user account deletion
      • by matazar ( 1104563 ) on Tuesday September 28, 2010 @10:11PM (#33730648) Homepage

        I think the best part is them claiming that they were hacked, when in reality they made the site's backup available on their main page for all to download for a short period of time when they were trying to restore the site after the DDoS attack. A zip file that was not encrypted in any way that contained EVERYTHING.
        Smart move guys! Especially considering the amount of page requests you were getting,

        • According to this [bbc.co.uk] article, 4chan was thought to be behind the data breach. There's even a screen shot in the article taken from the forums, though there's nothing in there that says what they were planning on doing specifically. Regardless of how the data was exposed, they deserve the potential half a million pound fine for keeping so much personal data on people in unencrypted files.

          Actually, they're pretty lucky if they get away with only a half a million pound fine.

          • by SuricouRaven ( 1897204 ) on Wednesday September 29, 2010 @01:43AM (#33731528)
            Unencrypted files on a webserver at that.

            4chan was the cause of the breach, but not intentionally. Their DDoS successfully shut down the website. ACS:Law's IT staff attempted to disable that function of their server in order to minimise the impact of the DDoS on other aspects of the business, but in their haste they screwd up and revealed that the site backups were actually on the webserver, hidden only by not publishing the filename to retrieve them. ACS took down the files for their website, server started returning the index page by default, backup files revealed.

        • by Xest ( 935314 ) on Wednesday September 29, 2010 @02:53AM (#33731796)

          This is why they're in breach of the data protection act on a massive scale. The hack wasn't the result of the leak of customer data, their incompetence and poor data protection practices were.

          The information commissioner's comments were interesting on the news last night- he said something along the lines of "I don't have the power to shut a company down, but I can issue a fine of upto half a million pounds which can obviously have a devastating effect on a company of this size". His comment seems quite telling as to what he perhaps has in store for this company due to the fact they've breached the DPA on a massive scale.

          What I'm not sure about, is whether private citizens have any legal recourse for compensation also- can the people whose details were leaked now sue the company for this? If they were not the ones who downloaded the materials can they sue under defamation laws or similar? I know if I was on those lists I'd certainly be exploring my options to give them a taste of their own tactics.

          Hopefully this will be devastating for ACS:Law, and it might also be worth noting that under the DPA individual employees can be held criminally responsible for unauthorised release of data too such that for example, the IT guy there who put the personal data on the public web may face a personal fine or prosecution also.

          It's nice that for once, a combination of incompetence and assholery may just be receiving the kind of response it deserves rather than simply being sweeped under the carpet. Partly because our information commissioner is more keen on punishing private sector breaches like this that fall under his remit than the police or government are over similar matters (e.g. Phorm) that fall under theirs. The only downside to the guy is he still seems to let public sector breaches go largely unpunished - i.e. the infamous HMRC 25 million record breach, although I suspect that's more a case of the government exerting influence on him (i.e. the threat of redundancy).

          • Re: (Score:3, Interesting)

            by Kijori ( 897770 )

            What I'm not sure about, is whether private citizens have any legal recourse for compensation also- can the people whose details were leaked now sue the company for this? If they were not the ones who downloaded the materials can they sue under defamation laws or similar? I know if I was on those lists I'd certainly be exploring my options to give them a taste of their own tactics.

            Under the Data Protection Act, data subjects (as they are rather unappealingly known) can claim damages from a company that does not process their data in accordance with the act. The firm here would appear to be rather egregiously in violation of the act, so damages will almost certainly be available. Even if they weren't, I suspect that an action for negligence would also succeed, on the grounds that the company did not take the steps that would be reasonable to avoid this information being released.

            The m

            • by AmiMoJo ( 196126 )

              If I were feeling evil I'd download the list and see who paid. I'd then send my own speculative invoices to all those people, knowing I will get a much better return rate than I would with random IP addresses (like ACS:Law were using).

              If I were feeling really evil I'd just use the credit card information of people who paid to charge them and send them a receipt.

              At the very least you can expect every credit card on the list to have been raped. If I were a bank I'd be looking to invoice ACS:Law for all fraudu

      • by Fembot ( 442827 )

        See also: http://ktetch.blogspot.com/2010/09/acs-treated-like-criminals-by.html [blogspot.com] when the glove is on the other hand.

      • Re: (Score:3, Interesting)

        by Ash Vince ( 602485 ) *

        One of the more interesting aspects of this story is the attempt at damage control that ACS:Law are trying to pull. To quote their statement to the BBC: "All our evidence does is identify an internet connection that has been utilised to share copyright work," he told BBC News when pressed about the BSkyB database. "In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files," he added.

        Seems a pretty sharp turnaround from threatening legal action against those people based on that same evidence, doesn't it?

        British liable law is a bitch. Threatening legal action is protected but any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true.

        ACS Law know that and know that if a competing law firm started going round down list and offering people a no win, no fee deal then ACS Law could be defending itself from liable cases on a permanent basis. If the director of ACS Law stood up on TV and said that every person on this list had dow

        • Re: (Score:1, Interesting)

          by Anonymous Coward

          Unfortunately this comment is an example of one of the problems with Slashdot, and the one to which, I think, you allude in your signature: people confidently making statements about matters of which they have either no or next-to-no knowledge. It is also, I believe, an illustration of the danger when making such statements: others may assume them to be accurate and authoritative and repeat them to a wider audience, inevitably with the effect that eventually the comments begin, as here, to resemble the conf

          • Re: (Score:3, Interesting)

            by Ash Vince ( 602485 ) *

            Unfortunately this comment is an example of one of the problems with Slashdot, and the one to which, I think, you allude in your signature: people confidently making statements about matters of which they have either no or next-to-no knowledge. It is also, I believe, an illustration of the danger when making such statements: others may assume them to be accurate and authoritative and repeat them to a wider audience, inevitably with the effect that eventually the comments begin, as here, to resemble the confused results of a game of Chinese whispers.

            I should begin by pointing out that the law to which you refer is "libel". Liable is an adjective.

            Secondly, it is not in any way correct to say that "any other form of accusation in a public forum can get your arse sued into last week unless you can 100% prove that every word you say is true". This implies a level of rigidity of the law that quite simply is not correct. Moreover it ignores the provisions of the Defamation Act 1996 which can act to shield the defendant who has accidentally defamed a third party.

            Thirdly it is not correct to imply as you do that a "damage limitation exercise" is necessitated to avoid legal action for defaming the people on the list. Defamation being a matter of fact for a jury it is not possible to say with certainty that they will not be held liable, but I would suggest that a reasonable person would not consider the list, accidentally published, to imply guilt. The case of Lewis v Daily Telegraph (1964) AC 234 might be a useful starting point to understand the courts' view in similar cases.

            I don't propose here to set out the actual state of British defamation law, nor to explain the situation of the law firm here involved. My point was simply to point out that repeating Slashdot "wisdom" results in the perpetuation of ideas that are incorrect, sometimes dramatically.

            Replying as an AC replied to my post with some damn useful and interesting info.

            Firstly, a little aside: Many people on Slashdot will simply never see posts like this as they apply a -5 modifier to all posts from an AC and browse at a score of 1 or above only.

            Secondly, thanks for the correction and the references to case law. I did actually study law many years ago but not libel (Law of Contract and Legal History).

            I was trying to say in post that if the director of the company in question were to stand up a

    • by Inda ( 580031 )
      One was called "Chubby Chasers". I'm at work so I can't search it out. Maybe someone else would like to provide a link, so I can research it when I get home? Magnet links only please, I wouldn't want to end up on a list.

      http://www.bbc.co.uk/newsbeat/11430299

      "My partner had been made redundant and I know damn well that he was in bed and hadn't got up and started download pornography."

      Hmm, yeah, right love.
  • blackmail (Score:5, Insightful)

    by MadUndergrad ( 950779 ) on Tuesday September 28, 2010 @09:30PM (#33730446)

    So the blackmailer accidentally exposes the blackmail, and Sky is upset not because they've been working with a blackmailer but because the blackmail got out early. Classy.

    • by Moryath ( 553296 ) on Tuesday September 28, 2010 @10:03PM (#33730622)

      Of course Sky is upset because the blackmail got out - they were KNOWINGLY WORKING WITH THE BLACKMAILERS.

      Whoever greenlit "working with" ACS:Law or anyone else of the sort at Sky ought to immediately be canned, stripped to their underwear, and unceremoniously thrown into the street never to find a job working at any telecommunications or technology firm again. And the people who hired those idiots should get the same treatment.

      • Shall we be employing the gibbet my lord? Or would the ax be more fitting for these scallywags? Maybe it's best we give them the long drop, seeing as they are pirates after all.
      • Re: (Score:3, Funny)

        ought to immediately be canned, stripped to their underwear, and unceremoniously thrown into the street

        You're doing it wrong! If you fire them first, you don't get to coerce them to strip THEMSELVES down to their underwear and throw THEMSELVES into the street in vain attempts to save their jobs, then laugh at them when you tell them they're still fired.

        • I didn't know Donald Trump posted to Slashdot...
        • ought to immediately be canned, stripped to their underwear, and unceremoniously thrown into the street

          You're doing it wrong! If you fire them first, you don't get to coerce them to strip THEMSELVES down to their underwear and throw THEMSELVES into the street in vain attempts to save their jobs, then laugh at them when you tell them they're still fired.

          I hate being the slowest sociopath.

      • Re: (Score:3, Insightful)

        by naich ( 781425 )

        Everybody who gives even the smallest shit about the way Sky treat their customers should immediately unsubscribe to all Sky services.

        But that would mean that they couldn't watch football. Oh well. It was a nice idea. Carry on screwing everyone with impunity Sky.

      • Sky were compelled by court orders to hand over these details to ACS Law. Sky also encrypted the data before sending it. ACS Law then posted the unencrypted data on their web site.

        Sky are now going to challenge and fight these court orders.
        http://www.guardian.co.uk/media/blog/2010/sep/28/bskyb-acslaw-filesharing

      • by Eskarel ( 565631 )

        Do you really think that anyone who is getting their Internet from Rupert Murdoch and has other options actually cares about him sharing info with an anti piracy group? A data breach yes, after the UK gov lost so much data over the last decade even regular people are starting to care about that, but the fact that they were cooperating in the first place? Anyone who cares about that either has no choice or is using another ISP.

      • by rich_r ( 655226 )
        Sky, in this context, are an ISP who were ordered by the courts to provide data to ACS law.
        They provided the data in an encrypted format, it was ACS who failed to retain that encryption.
    • by mpe ( 36238 )
      So the blackmailer accidentally exposes the blackmail, and Sky is upset not because they've been working with a blackmailer but because the blackmail got out early.

      Hopefully the Information Commisioner's Office will next turn their attention to Sky and any other ISPs who have worked with this bunch of shysters.
    • Whose newspapers are now behind a paywall? Whose online readers are widely believed to have nosedived? Who wants to prop up their business model by slowly working to outlaw all free content on the Web?

      Anybody who thought it was a good idea to buy their internet connection from a media company obviously doesn't understand how capitalism works.

      Slightly OT, the failure to understand the need to separate content from channel was one of the major failings of the last British Government, along with Mandelson's "D

    • So the blackmailer accidentally exposes the blackmail, and Sky is upset not because they've been working with a blackmailer but because the blackmail got out early. Classy.

      I'm waiting for O2 to speak out on the matter.

      They appear to have been so busy handing over customer details on bogus court orders that they completely forgot to collect the £13,107.00 that ACS:Law owes them.

  • by spikestabber ( 644578 ) <spike@@@spykes...net> on Tuesday September 28, 2010 @09:31PM (#33730450) Homepage
    Do UK ISP's not have a set of balls to stand up for their customers? They were so against the Digital Economy Act, but when it comes to giving up their customer details to a shady law outfit that wants to extort them, thats apparently just fine.
    • by arth1 ( 260657 )

      Do UK ISP's not have a set of balls to stand up for their customers?

      More like "grin and bear it".
      The British motto should probably be along the lines of "NOBIS AQVIESCIAM" (apologies for my rusty Latin).

      • by krou ( 1027572 )

        The British motto should probably be along the lines of "NOBIS AQVIESCIAM"

        What, ACS:Law they go the house?

    • They're not a single cohesive group. Some do stand up for their customers, and oppose things like the Digital Economy Act, some just want to sell them out. It's not surprising to find one owned by Rupert Murdoch being of the latter persuasion.
    • by Spad ( 470073 ) <slashdot@ s p a d . co.uk> on Wednesday September 29, 2010 @02:58AM (#33731812) Homepage

      Virgin & Talk Talk did; almost all the others agreed in advance not to contest applications by ACS:Law for court orders compelling them to divulge user information, which made it trivial for them to operate their little extortion scam.

      Technically, it's a DPA breach for ISPs to provide user information to a 3rd party *without* a court order (or the explicit permission of the user in question).

      • Re: (Score:2, Informative)

        by Rogerborg ( 306625 )

        Technically, it's a DPA breach for ISPs to provide user information to a 3rd party *without* a court order (or the explicit permission of the user in question).

        ORLY?

        Data Protection Act 1998
        29 Crime and taxation

        (1)Personal data processed for any of the following purposes--
        (a)the prevention or detection of crime,
        [...]

        are exempt from the first data protection principle

        Copyrights Designs and Patents Act 1988, section 107 1, (e)

        107 Criminal liability for making or dealing with infringing article

    • Its called money.

    • Do UK ISP's not have a set of balls to stand up for their customers? They were so against the Digital Economy Act, but when it comes to giving up their customer details to a shady law outfit that wants to extort them, thats apparently just fine.

      This is Sky we're talking about here: they're a media-company/broadcaster with an ISP-to-make-the-packages-more-attractive on the side. Their main business is pay-TV. What do you expect from them?

      In fact, given their main business line, they're glad that bottom-dwell

    • Yes, afaik Zen internet refused to be buggered.

    • by aslate ( 675607 )

      Yes, but Sky are also the major premium TV and content provider. Programmes broadcast on Freeview (free OTA digital terrestrial) are effectively free whereas you need to pay for Sky's TV, content and services. If people torrent programmes the biggest loser is Sky as you're less likely to subscribe, then the advertisers on commercial Freeview channels and the BBC who lose long-term DVD sales. If I can torrent a Sky-only show like House why would I be swayed to pay Sky £20/month for House with adverts?

      S

  • Hmm... (Score:3, Funny)

    by s0litaire ( 1205168 ) on Tuesday September 28, 2010 @09:33PM (#33730460)

    ...something about locks, a stable door and a horse comes to mind...

  • by JoshuaZ ( 1134087 ) on Tuesday September 28, 2010 @09:42PM (#33730500) Homepage
    ACS:Law is a British lawfirm that has done a lot of IP related stuff although apparently was not all prominent until their recent forays into dealing with piracy issues. http://en.wikipedia.org/wiki/ACS:Law [wikipedia.org] . They should not be confused with the American Constitution Society, although that organization has the website acslaw.org. ACS:Law's homepage is http://www.acs-law.co.uk/ [acs-law.co.uk] although amusingly enough it doesn't turn up on the first page of Google hits at all when you Google for "ACS Law."
  • Rudyard Kipling (Score:5, Insightful)

    by Bob9113 ( 14996 ) on Tuesday September 28, 2010 @09:56PM (#33730564) Homepage

    It is wrong to put temptation in the path of any nation,
    For fear they should succumb and go astray;
    So when you are requested to pay up or be molested,
    You will find it better policy to say: --

    "We never pay any-one Dane-geld,
    No matter how trifling the cost;
    For the end of that game is oppression and shame,
    And the nation that plays it is lost!"

    - Kipling

    ISPs, I know you see dollar signs in your eyes when you think of ways to be the gatekeeper, and find colluding with the usurpers profitable. But when you feed them, they grow. Be it government, lobby, or privileged corporation seeking more privilege, they will never stop. If you think you can make them your ally, you are fools. Their hunger cannot be sated. They will eat everyone you feed them, then finding their bellies fat but their plates empty, they will devour you.

    Serve the user. Fight for the right to provide an honest service. There you will find a rare thing these days: A business model which is stable in the long run. The road you are on leads to fleeting riches followed by Herculean efforts just to restore the tenth part of what you are pissing away today.

    • Re:Rudyard Kipling (Score:4, Insightful)

      by AJWM ( 19027 ) on Tuesday September 28, 2010 @10:36PM (#33730766) Homepage

      Exactly so.

      "...we've proved it again and again,
      That if once you have paid him the Dane-geld
          You never get rid of the Dane."

    • Re: (Score:3, Informative)

      by rsborg ( 111459 )
      Dane-geld today is what're called Monopoly Rents. Corporations that seek this kind of payment are rent-seeking [wikimedia.org] (as opposed to profit-seeking, meaning to gain profits by value-add).
      • Any landlord receiving rent on his land simply because his great-great (etc) grandparents happened to steal/acquire it x hundreds of years ago is not "adding value" or "engaging in profit-making activity" anyway.
    • by Kupfernigk ( 1190345 ) on Wednesday September 29, 2010 @01:46AM (#33731542)
      Given our current financial crisis, I can't help adding a bit more Kipling:

      As I pass through my incarnations in every age and race,
      I make my proper prostrations to the Gods of the Market Place.
      Peering through reverent fingers I watch them flourish and fall,
      And the Gods of the Copybook Headings, I notice, outlast them all.

      The "Gods of the Copybook Headings" are exactly what you are describing.

      Kipling was widely regarded as an Imperialist, but in fact he believed in the fundamental equality of all human beings - the heroes of Kim are, respectively, Irish, Afghan, East Indian and Tibetan Buddhist - the importance of blue-collar workers, and the importance of a stable economy based on mutual trust. It's a pity he has no modern equivalent.

      • He does! Libertarians and libertarian philosophers. Mises, Hayek, Rothbard. Tucker, French, Kinsella, Block....
  • Good tactic (Score:4, Insightful)

    by russotto ( 537200 ) on Tuesday September 28, 2010 @09:58PM (#33730584) Journal

    This does suggest a way those willing to take direct action could hurt the xxAAs efforts. DDoS attacks are just a nuisance, but theft of sensitive data drives a wedge between the xxAAs and the ISPs they need to co-operate with them.

    • Re:Good tactic (Score:5, Insightful)

      by fluffy99 ( 870997 ) on Tuesday September 28, 2010 @10:34PM (#33730756)

      This does suggest a way those willing to take direct action could hurt the xxAAs efforts. DDoS attacks are just a nuisance, but theft of sensitive data drives a wedge between the xxAAs and the ISPs they need to co-operate with them.

      It's a fine line though. Some politician could easily spin this so that it appears that evil pirates are hacking into systems and exposing the personal data of innocent folks. Of course more legislation would be needed to go after these evil-doers.

      • by N1AK ( 864906 )

        Some politician could easily spin this so that it appears that evil pirates are hacking into systems and exposing the personal data of innocent folks.

        Politicians don't need to spin it. People have used the anonymity of the internet (and safety of national borders) to harass someone. If the company used the same tactics against the (alleged) file sharers we'd be screaming bloody murder. Internet vigilantism, regardless of how just,will be part of the reason why further clampdowns on anonymity will happen.

        • Internet vigilantism, regardless of how just,will be part of the reason why further clampdowns on anonymity will happen.

          So what do you suggest? That everyone take no effective action, for fear that this action will be an excuse for reprisals? You say "vigilantism" as if it's always unacceptable, but what alternative exists when authority is on the side of those doing wrong in the first place?

    • Re: (Score:3, Insightful)

      by Pax681 ( 1002592 )
      without the DDOS attack the info would never have been accessible to those who took it thus , it could be said the DDOS was successful
  • Great PR (Score:5, Insightful)

    by Psychor ( 603391 ) on Tuesday September 28, 2010 @10:30PM (#33730742) Homepage

    It seems Sky are very quick to trumpet in a press release how wonderful they are now that they've decided not to continue handing over thousands of customer details to a company with woefully inadequate security procedures (for now). However personally I'd be more impressed if they'd verified that the details would be handled securely before handing them over and getting them leaked in the first place.

    I guess the main lesson for us Brits here is to make sure all your pornography is hardcore enough that it's illegal in the UK, then you can't be held in breach of copyright for sharing it. You will of course break some other laws, but there isn't much that's legal here these days anyway!

    • by shermo ( 1284310 )

      Yeah Sky aren't the good guys here.

      If you entrust a person's personal details to a third party and that third party leaks it, you're responsible. The third party is too, but you gave them the info in the first place when you didn't have permission to do so.

      Impressive backpeddling though.

      • by mpe ( 36238 )
        If you entrust a person's personal details to a third party and that third party leaks it, you're responsible. The third party is too, but you gave them the info in the first place when you didn't have permission to do so.

        Even if the third party dosn't leak the data then you've still most likely broken the law by passing the data to them.
    • Re: (Score:3, Interesting)

      by mpe ( 36238 )
      It seems Sky are very quick to trumpet in a press release how wonderful they are now that they've decided not to continue handing over thousands of customer details to a company with woefully inadequate security procedures (for now).

      Were they actually complying with the law in handing over the data in the first place? This is the kind of question the ICO needs to be asking of Sky (and other ISPs).

      However personally I'd be more impressed if they'd verified that the details would be handled securely befor
    • I guess the main lesson for us Brits here is to make sure all your pornography is hardcore enough that it's illegal in the UK, then you can't be held in breach of copyright for sharing it.

      I think I'd rather be done for copyright infringement and pay a fine than have my name spread over the newspapers for owning paedo-snuff (or whatever it would have to be illegal now) movies and going to prison for a few decades.

      • Re: (Score:3, Interesting)

        by MrNemesis ( 587188 )

        I think the parent is referring to the so-called laws banning "obscene" pornography in the UK (mostly S&M IIRC). The same hilarious laws that say "You can legally DO that thing to that person... but if you film it, take a photo of it or write about it you're going to prison!". Forget the name of the law itself and google isn't proving helpful.

        Of course, what with "obscenity" being the best Aunt Sally in the world - especially when you aren't allowed to describe what it is - no-one wants to back the vict

    • Ah, but the difference here is that the judicial system has an obligation of A) proving your guilt and B) giving you a trial. The recording industry do not bother themselves with either, rather they extort you for rather hefty sums, threatening to ruin you with the cost of defending yourself in court if you don't give into their blackmail.
  • by fluffy99 ( 870997 ) on Tuesday September 28, 2010 @10:31PM (#33730748)

    Just wondering if the customers have any grounds for suing the ISP. Did their contract have terms that even allowed them to share the info with this legal firm? Would inspection of the traffic flows to generate the data provided to the law firm constitute invasion of privacy or illegal wiretapping?

    • Re: (Score:2, Informative)

      by mysidia ( 191772 )

      You know... the UK has this thing called the Data Protection Act [wikipedia.org]

      I'm very concerned about Sky Broadband's actions, and I wonder how they could possibly be legal under the act.

      • Re: (Score:1, Interesting)

        by Anonymous Coward

        Given how BT and Talk Talk more or less got away scot free when they were selling out to Phorm, chances are you've got more chance of winning the lotto in every country on earth on the same day than getting a monster like Sky into court and winning.

        • Re: (Score:2, Interesting)

          Under the DPA, the customer must be informed. Just what 'informed' means is open to interpretation. It is usually sufficient to include a single line on page 37 of the 98-page contract. Such contracts also have a standard clause allowing the ISP to change the terms at will.
          • by mysidia ( 191772 )

            Yes... I wonder specifically how they are following this part though...

            Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

            I don't know in what world having a third party posting personal data to a web site yourself counts as appropriate technical and organizational measures.

            Also, as ACS:Law is a UK-based organization themselves, they also have to ob

    • by SydShamino ( 547793 ) on Tuesday September 28, 2010 @11:49PM (#33730990)

      Had you read the Plusnet link in the summary, you'd see, at least for that ISP, ACS:Law requested and received court orders requiring the delivery of customer information. It's not likely that they took different action with Sky Broadband.

      In other (U.S.) words, ACS:Law acquired sensitive information via John Doe discovery, then put that information, unencrypted, on their web site. The people who provided it to ACS:Law under the directive of a court order aren't likely culpable.

      • by mpe ( 36238 )
        Had you read the Plusnet link in the summary, you'd see, at least for that ISP, ACS:Law requested and received court orders requiring the delivery of customer information. It's not likely that they took different action with Sky Broadband.

        If this was the case then Sky's refusal to co-operate press release dosn't make much sense. If you don't want to follow a court order you take the matter up with the courts not whoever got a court to issue it...
      • the data protection act requires you to take reasonable steps to protect information . Putting it on a web site does not seem reasonable .

      • by arkhan_jg ( 618674 ) on Wednesday September 29, 2010 @02:54AM (#33731802)

        ACS:Law were using Norwich Pharmacal civil orders against the ISPs; there basically demand information relevant to a future court case from a third party, in this case the ISP. Sky broadband chose not to contest these court orders, and just supinely handed over the data. Nor did they notify their subscribers that such an order was taking place, so they could fight it if they chose.

        In fact, ACS:Law were combining these requests into huge tranches of data - one such recent one was 25,000 BT Broadband IP addresses, expected to ID 15,000 subscribers.

        Virgin and Talk Talk refused to go along with these orders without a fight - potentially forcing ACS:Law to do a Norwich Pharmacal order per individual IP, which would be ruinously expensive - so the leaked emails reveal that ACS:Law specifically did not target them.

        So yes, it's true that Sky Broadband were under court order - but it was one they supinely accepted, with the IP addresses in bulk. Uncontested, the judge has little choice but to rubber-stamp the request from ACS:Law. Sky may not be at fault for the data breach (they hand the data over securely), but they certainly are for co-operating with ACS:Law, a known dodgy legalised extortion outfit, without even bothering to attempt to protect their customers.

        ACS:Law is under investigation by the Solicitors Regulation Authority for the way they go about their 'letters with menaces, demanding £495 or else' campaign; Crossley, their head solicitor, has been investigated twice before.

      • by RMH101 ( 636144 )
        It's all disinformation. Some ISPs hand data over without a court order, such as Sky and others. Other ISPs, such as Talk Talk and Virgin, took a stand and refused to do so without a court order.
      • by dugeen ( 1224138 )
        "If you use +1 Insightful to mean +1 Agree, I'll use -1 Overrated if I disagree." - surely that policy merely doubles the inaccuracy of the score for such posts?
      • I am not a lawyer, although I do work with data protection as part of my profession.

        Sky are clearly caught between a rock and a hard place here. They have two different duties under the law

        - Comply with the court order ACS:Law have obtained, and provide the account holder details matching the IP address/Timestamp.

        - Under the Data Protection Act 1998, principle 7, to ensure : "Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and aga

    • I don't think so. There was a court order involved and it is something to do with the 'Digital Economy Act' here in the UK.

      http://www.bbc.co.uk/blogs/thereporters/rorycellanjones/2010/09/acslaw.html [bbc.co.uk]

      I love how this story is developing. A law firm not following the UK Data Protection Act? Now that's a thing to behold...
  • by Anonymous Coward
    "...the ultimate exposure of thousands of individual's personal information - their IP addresses, their names, addresses, and the pornography they're accused of sharing."

    Oh. Um, well, DAMMIT!
    • "...the ultimate exposure of thousands of individual's personal information - their IP addresses, their names, addresses, and the pornography they're accused of sharing." Oh. Um, well, DAMMIT!

      Interesting. If this whole mess if about the sharing of porn, why are only mainstream movies and music concerned in those sort of accusations, and why is the porn industry not taking the same stand as Hollywood and the recording industry? You'd almost think that pornographers have... ethical standards.

  • I'll say it. (Score:4, Insightful)

    by Revvy ( 617529 ) * on Wednesday September 29, 2010 @02:00AM (#33731610) Homepage
    Nice work, anonymous. Thanks.
  • Are Sky Liable? (Score:3, Interesting)

    by symes ( 835608 ) on Wednesday September 29, 2010 @02:23AM (#33731676) Journal
    IANAL - but my understanding of British Data Protection Law is that the person who owns the data is ultimately responsible for how that data is used. So by giving their customers' personal information to ACS, which was in turn leaked, might mean Sky customers can take action against Sky. Maybe there's someone here who can advise?
    • You would have, in effect, to show that Sky were negligent in ensuring that the requester of the data compliant with the Act. This is the Act that was rushed through in the dying days of New Labour by Mandelson in an effort to retain the support of ...the Murdochs, major Sky shareholders.

      So I would say, no chance. Go after the "law firm".

      • The Digital Economy Act was the one rushed through Parliament. The Data Protection Act is the one that might have been breached here.
    • Re: (Score:3, Informative)

      by jonnyj ( 1011131 )
      Under the DPA, there's an arcane difference between data controllers and data processors. ACS:Law would almost certainly have beome a controller of this data, so Sky's responsibility would have ended once it was securely transferred. A particular problem for ACS:Law is that the DPA places additional safeguards around sensitive data, which includes sexual orientation and practice. Data that allegedly describes individuals' pornography viewing habits almost certainly falls within that definition, and deser
    • IANAL.

      But I suspect Sky are breaking the Second Amendment to the Constitution in this matter.
    • Re: (Score:1, Informative)

      by Anonymous Coward

      The basic DPA test is of whether you're a "data owner" or merely a "data processor" is whether or not you're acting under contract for the original owner, under their direction.

      In this instance, ACS are the data owner, not Sky.

    • Not sure in Sky's case, but in BT's case, they've doubley cocked up by sending the information to ACS:Law via an unencrypted email attachement. This, according to the BBC [bbc.co.uk], means BT "appear to be in contempt of a high court order" since the initial request specified that the data be supplied as an encrypted Excel spreadsheet on a CD or other digital media.

      So, one "Prakash Mistry", a lawyer working for BT who sent the unencrypted data to ACS:Law has presumably got himself stuck neck deep in shit... although
  • What the story failed to mention is that ACS:Law lawyers are already due to be brought to a tribuneral by the Law Society to explain their conduct. It could lead to them being disbarred. This only serves to fan the flames of the raging fire against them.
  • All the world governments are looking to shutdown or restrict or control the internet in some way.

    Internet just makes it possible for people to find whistleblowers or activities governments do not revealed. You know, some real truth, as compared to main stream media dribble.

    The EASIEST way for governments to initiate net neutrality authority, with minimal public resistance, is to FIRST CREATE A PROBLEM, and then enact restrictions under guise of necessary response.

    And that would create a crack. J

"Someone's been mean to you! Tell me who it is, so I can punch him tastefully." -- Ralph Bakshi's Mighty Mouse

Working...