Technology and the law are not really the best of friends. Whilst we can use the law to try to plug the legal holes created by online piracy and the threats posed by illegal file-sharing to the interests of the intellectual property owners, legislating technology also has its downsides. The adverse effects on privacy in the fight against internet piracy have started to become more widespread.
The heavily criticized Digital Economy Act which came into force in the United Kingdom in June this year and which has been enacted to combat online piracy has already found its first victim and unfortunately it is nothing but personal data itself.
The latest example of the flak being received in response to the controversial UK law is what has been termed "Operation Payback".
The 'operation' was in retaliation of the taking down of The Pirate Bay by net vigilance firm Aiplex Software. Various Distributed Denial of Service (DDOS) attacks were initiated in the beginning of September against a number of associations including the Motion Picture Association of America (MPAA) and the Recording Industry Association of America (RIAA) by various anonymous hackers (also known by the name of "Anonymous") recruited through online posts made on the 4chan message boards.
A number of law firms associated with the anti-piracy industry were also affected by Anonymous' attacks, the most notorious directed against the small UK law firm "ACS:Law" whose managing partner (and only registered solicitor), Andrew Crossley, was all out to enforce the law. True to their name, following Crossley's comments that the initial wave of attacks were simply a "minor nuisance" as the law firm's site was down for a few hours and that he had "far more concern over the fact of [his] train turning up 10 minutes late or having to queue for a coffee than them wasting [his] time with this sort of rubbish", Anonymous attacked again and this time with far graver consequences for the law firm.
Following the second wave of DDOS attacks against ACS:Law, the hackers managed to leak online a good number of internal emails of employees at the law firm as well as lists of people that were accused by ACS:Law of illegally sharing pornography and music. These lists, containing personal data of around 14,000 individuals, were made available on torrent sites for all and everyone to see.
This attention of Anonymous on ACS:Law was due to the latter's use of the powers granted by the Digital Economy Act to request from UK ISPs the details of specific IP addresses (including names and addresses) by means of a court order – which meant that various ISPs had sent this information to ACS:Law in an unencrypted format.
It is reported that throughout this last year, ACS:Law sent thousands of letters to private individuals accusing them of illegal file-sharing and requesting monetary payments as damages suffered by the IP owners and the law firm has allegedly also used third-party software to scrape the internet and search for possible IP infringements. However, many are those who claim that the software used by ACS: Law is inaccurate and that the system used by the law firm is not fool proof- resulting in the publication of personal details relating to many 'innocent' persons.
Some commentators have described the leak as one of the worst breaches of the UK Data Protection Act. Now, ACS: Law could be fined as much as half a million pounds by the Information Commissioner (the UK's equivalent to our Data Protection Commissioner) for lack of adequate security on ACS:Law's servers. Whilst Crossley states that his law firm has been the subject of a criminal cyberattack, the UK Information Commissioner stated that companies who are in the spotlight and more prone to these kind of attacks should be more aware of the risks they face and are to take appropriate steps to ensure that any personal data in their possession is safe including by setting up of proper firewalls and encrypting sensitive information.
Clearly, the implications are vast. Many in the UK are already lobbying for a review of the Digital Economy Act and as a result of Operation Payback, the number of opponents to this law (including several ISPs) has increased considerably.
Maltese law does not presently provide IP holders such wide-ranging powers as are found in the UK Digital Economy Act and obtaining such personal details remains more of an uphill battle. How the Maltese society would react to the introduction of a law similar to the Digital Economy Act is something debatable. Surely, with or without the Digital Ecomomy Act, illegal file-sharing is and will still remain rampant both in the UK as well as in tiny Malta and how to balance online copyright violation with your right to privacy will be the next challenge for lawmakers and the industry alike.
UPDATE: Irish Court rules in favour of ISPs in Piracy Case http://www.bbc.co.uk/news/technology-11521949
(even though not directly related, this latest judgement in Ireland is one worth noting)
No comments:
Post a Comment