By Cassandra Williams BA(Hons) LLB(Hons)
The gloves are seemingly off as certain rights holders are turning to what some say are dubious tactics in order to prosecute and receive compensation for alleged infringement. However this is giving rise to data protection worries and possibly even worries of false accusations.
One of the most well know “bounty hunters” in this field are ACS:Law, a London based legal firm who have been accused of being lax in their data protection and who have also been accused of “intimidating” people to enter into out of court settlements where the defendants have been accused of illegally accessing and downloading porn, an accusation many would have been nervous about facing in court. These concerns have been raised earlier this year by Which? Magazine and according to the BBC the Solicitors Regulation Authority is reviewing ACS’s letter-sending campaign on behalf of their content owning clients.
Now ACS:law itself has become the “victim” of a hacker in a move which enabled a list of thousands of Sky web users details including names, contact, credit card information and potential details of alleged pornography downloaders who were accused of accessing to be published. ACS:Law had their website taken down by a 4chan in a DoS (Denial of Service) attack and according to TorrentWeek, owner Andrew Crossley was harassed at home in the middle of the night by prank phone calls.
The organisation could now be in trouble with regulators if it’s shown that it was ACS:Law’s approach to data protection that enabled the hackers to gain access to sensitive information. According to campaign group Privacy International, the provisions of the Data Protection Act mean that such sensitive data should never have been stored on a public-facing server. The BBC quote UK Information Commissioner Christopher Graham, who says: “The question we will be asking is how secure was this information and how it was so easily accessed from outside. We’ll be asking about the adequacy of encryption, the firewall, the training of staff and why that information was so public-facing”. He continued: “The Information Commissioner has significant power to take action and I can levy fine of up to half a million pounds on companies that flout the Data Protection Act. I can’t put ACS:Law out of business, but a company that is hit by a fine of up to half a million pounds sufferers real reputation damage”.
According to CMU Daily this sort of file-sharing litigation that has been widely disregarded by the mainstream music industry which sees it as a costly, time consuming and inefficient way of dealing with the file-sharing problem. However as this is a source of revenue for firms such as ACS:Law how long is it before we see such tactics being employed on a regular basis?
CMU Daily 28 September 2010: File-sharing law firm could be fined half a million for alleged data protection failures after 4chan attack