Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

UK ISPs Profit From Coughing Up Customer Data

Soulskill posted more than 3 years ago | from the they-call-it-monetization-of-assets dept.

Piracy 59

nk497 writes "ISPs in the UK are charging as much as £120 to hand customer data over to rightsholders looking for proof of piracy, according to the Federation Against Software Theft. While ISPs have to hand over log details for free in criminal cases, they are free to charge in civil cases — and can set the price. 'In 2006, we ran Operation Tracker in which we identified about 130 users who were sharing copies of a security program over the web,' said John Lovelock, chief executive of FAST. 'In the end we got about 100 names out of them, but that cost us £12,000, and that was on top of the investigative costs and the legal fees.'"

cancel ×

59 comments

someone always profits (4, Interesting)

Anonymous Coward | more than 3 years ago | (#33719702)

someone always profits from coughing up data, especialy customer data

Re:someone always profits (1)

Anonymous Coward | more than 3 years ago | (#33719876)

I just hope it's not the copyright mafia!

Re:someone always profits (1)

Anonymous Coward | more than 3 years ago | (#33719898)

someone always profits from coughing up data, especialy customer data

The ISPs maybe doing the coughing but they placing numerous hands on the scrotum of their customer(s) in the process. Wonder if any of them can or will refuse to do so?

Re:someone always profits (2, Interesting)

pyrosine (1787666) | more than 3 years ago | (#33720106)

From the recent ACS-Law leak, ACS-Law wont contact virgin media or talktalk for customer data because they are ready to fight the claims in court.

Re:someone always profits (1)

Anonymous Coward | more than 3 years ago | (#33721170)

Wish Sky had taken the same approach rather than rolling over and handing out customer information at the drop of a hat. In the ACS leak there's a excel spreadsheet with the names and addresses (physical and IP) of over 8000 Sky subscribers, if Sky had a little more backbone then buzzards like ACS wouldn't have anything to feed on. I'm not condoning piracy, far from it, but it's usually the uneducated or totally innocent that end up taking it up the rear end. Fingers crossed that ACS crash and burn. Interesting though, may be time to switch to Virgin or talktalk.

Re:someone always profits (2, Interesting)

mjwx (966435) | more than 3 years ago | (#33720224)

someone always profits from coughing up data, especialy customer data

But this is a good thing, if anything it should be more expensive (and the customer should get a cut, if we lived in a fair world) as to discourage the activity.

Re:someone always profits (0)

commodore64_love (1445365) | more than 3 years ago | (#33721370)

>>>But this is a good thing

On first-order thinking, it appears to be good to screw the RIAA/MPAA with expensive bills but on second-level thinking it's Bad. Rather than protect my data, now my ISP has a motive to sell it to these spying organizations. They'll be looking for opportunities to make profit (and screw me the customer).

The politicians in the UK have fallen victim to the law of unintended consequences - they've created a situation that encourage ISPs to NOT protect citizens' privacy.

GBP 85 / hr (4, Insightful)

afaik_ianal (918433) | more than 3 years ago | (#33719710)

GBP 85 / hr doesn't seem outlandishly expensive to me if you consider it a professional IT service. What would surprise me, is if there were ISPs valuing their time at less than GBP 50. What would concern me, is if ISPs were spending 10 minutes on these requests and just giving out data willie nillie.

Re:GBP 85 / hr (2, Interesting)

Anonymous Coward | more than 3 years ago | (#33719866)

its a pitty they don't charge more, or claim it takes 8 hours per person.

Re:GBP 85 / hr (5, Informative)

Dr_Barnowl (709838) | more than 3 years ago | (#33720200)

Flamebait or not, Time Warner ISP in the states does just this, claiming they can only process one of these requests PER DAY.

Re:GBP 85 / hr (3, Funny)

lattyware (934246) | more than 3 years ago | (#33720622)

And this is Barry, our anti-piracy department.
Barry: Huurrrrrr Derp

Re:GBP 85 / hr (1)

DarwinSurvivor (1752106) | more than 3 years ago | (#33720658)

flaimbait? I think the parent had a good point. Charge $10,000/query and IP trolls might be a little less willing to go identity fishing. If your identity (and privacy) is important and IPS's are required to hand over data in civil cases but given the ability to set their price, doesn't a *high* price make sense?

Re:GBP 85 / hr (2)

b4dc0d3r (1268512) | more than 3 years ago | (#33726756)

No it isn't. Then the little guy can't afford protecting copyright. The easy way to protect GPL, for example, requires getting in contact with the infringer and educating them, and getting them to simply comply with the license. While some organizations will help with certain code, DIY types may not be able to get even that far.

Plus, this encourages providers to turn it into a revenue stream when other opportunities for growth dry up and they are simply maintaining obscene profits instead of growing them.

Re:GBP 85 / hr (4, Insightful)

Peeteriz (821290) | more than 3 years ago | (#33720466)

In processing such requests, IT service is not the primary expense - the request validity and rights to publish data have to be vetted by lawyers, and 85/h sounds quite reasonable.

Re:GBP 85 / hr (1)

tehcyder (746570) | more than 3 years ago | (#33732360)

the request validity and rights to publish data have to be vetted by lawyers, and 85/h sounds quite reasonable.

Any qualified UK solicitor working in corporate law who is only charging GBP 85/hour must either be utterly fucking useless/desperate for work, or have some sinister ulterior motive.

Re:GBP 85 / hr (1)

Peeteriz (821290) | more than 3 years ago | (#33732452)

Don't think solicitor, think paralegal corporate drone.

Re:GBP 85 / hr (1)

Anonymous Coward | more than 3 years ago | (#33721022)

I think you mean, "willy nilly". Or to be a total pedant, "will-he, nill-he".

Re:GBP 85 / hr (0)

Anonymous Coward | more than 3 years ago | (#33730686)

Will ye, nill ye even.

This is a good thing. (0, Redundant)

Anonymous Coward | more than 3 years ago | (#33719712)

If the ISPs have to cough up our info, I hope it costs the copyright mafia dearly!

I hope they follow the law (4, Insightful)

wvmarle (1070040) | more than 3 years ago | (#33719728)

As long as those ISPs follow the law regarding the disclosure of this personal data, I have nothing against it. Actually I would be all for it: let those rights holders pay up! After all they are losing so many billions in sales lost to piracy, that paying a few quid to get those evil pirates' names (and the rest of the population to go back to buying all those songs they are now sharing top-dollar on CD) should be no problem for them. And after all as we know it the record companies are always right in their accusations, suing only actual evil pirates, right?

Of course ISPs should only disclose personal data when the law requires them to do so. Potential profiting from non-compliance poses a danger of course. Oh well as long as the penalty for improper disclosure is high enough (preferably including throwing out court cases against alleged pirates) then they will.

Re:I hope they follow the law (2, Insightful)

arbiter1 (1204146) | more than 3 years ago | (#33719830)

follow the? when it comes to making money companies will bend any law they can so wouldn't surprise me if they were bending that law a bit

Re:I hope they follow the law (1)

dcollins (135727) | more than 3 years ago | (#33719880)

"As long as those ISPs follow the law regarding the disclosure of this personal data, I have nothing against it...
Of course ISPs should only disclose personal data when the law requires them to do so."

Those are likely two very different things. If the law is "do whatever you want with customer data" (or equivalently, simply silent on the issue), then you can be releasing data without any "requirement" and still following the law.

But then maybe I've got a U.S.-biased perspective.

Re:I hope they follow the law (2, Insightful)

arivanov (12034) | more than 3 years ago | (#33719954)

The law in question is the data protection act.

Frankly, I do not quite see how does the data protection act authorise you to give the data in question. With fee or without. If the customer has not signed consent to have their data transferred to a third party (this is usually an opt-out option at sign-up) the ISP is not allowed to do so without a court order or without asking the customer's consent. This means that any evidence obtained this way is likely to be tainted.

UK rules on tainted evidence are not as strong as USA, but even in the UK bringing in the court room evidence that is obtained in violation of the law generally ends up with the case being thrown out.

Re:I hope they follow the law (3, Interesting)

Spad (470073) | more than 3 years ago | (#33720244)

On that subject, everyone's favourite UK-based law firm ACS:Law are being investigated by the ICO [bbc.co.uk] over the data that was leaked when 4chan carried out their DDOS.

Turns out that in addition to all the internal documents, letters and other crap on their webserver they also had a load of Sky broadband subscriber information in plaintext on there; I quote "You rarely find an aspect where almost every aspect of the Data Protection Act (DPA) has been breached, but this is one of them," said Mr Davies [of Privacy International]".

Re:I hope they follow the law (1)

Grumbleduke (789126) | more than 3 years ago | (#33720528)

Frankly, I do not quite see how does the data protection act authorise you to give the data in question. With fee or without.

It is my understanding that this is where the Court order comes in. And from what we've seen; provided whoever is asking for the data is willing to pay, the person who has the data may not put up a fight. However, it seems that even the judges are beginning to question this [torrentfreak.com] .

Plus the Data Protection Act (based on the EU data protection directives) is all about consent; if when you signed your ISP agreement there was a clause that said "we will not share the data with any third parties unless required to do so by a court order or we feel like it" then everything may well be covered.

Re:I hope they follow the law (3, Informative)

Rogerborg (306625) | more than 3 years ago | (#33720718)

I do not quite see how does the data protection act authorise you to give the data in question.

What, you can't read the Act?

29 Crime and taxation

(1)Personal data processed for any of the following purposes--
(a)the prevention or detection of crime,
[...]

are exempt from the first data protection principle

Go on, argue that copyright infringement isn't a "crime". Then read the Copyrights Designs and Patents Act 1988, section 107 1, (e)

107 Criminal liability for making or dealing with infringing articles,
(1)A person commits an offence who, without the licence of the copyright owner--
[...]
(e)distributes otherwise than in the course of a business to such an extent as to affect prejudicially the owner of the copyright
an article which is, and which he knows or has reason to believe is, an infringing copy of a copyright work.

That's the controlling statute. The only argument to be made is whether sharing a file constitutes "distributes [...] to such an extent as to affect prejudicially the owner of the copyright".

Now, we can have an informed debate. Go ahead.

Re:I hope they follow the law (1)

jrumney (197329) | more than 3 years ago | (#33721338)

The personal data is being requested for civil cases, not criminal ones.

Re:I hope they follow the law (0)

Anonymous Coward | more than 3 years ago | (#33723398)

Now, we can have an informed debate. Go ahead.

I was hesitant to reply to you because you are looking for an argument and it is obvious from your choice of emphasis that there is no debating with you. You have your well informed and sound arguments and you will not concede anything otherwise. I just want to throw a couple things out there though.

You are 100% correct according to the statute the pirates are guilty of a crime. Riddle me this though, why haven't any of these cases AFAIK resulted in a criminal prosecution? Why has everything been litigated in a civil court?

IANAL but my best guess is because there is no way the MaffIAA would win in a criminal case. The evidence is shaky at best and the procedures used to gather the evidence would most likely preclude it's use or at the very lease make it difficult to establish any sort of reliability for the source/witness/evidence. Criminal court provides for damages to be awarded but they would be limited to what could be proved and subject to a small multiplier (not one of several hundred).

If you have a better reason I'd love to hear it. Same for why should they be allowed to continuously harass people with frivolous law suits in civil court if after all it is a criminal matter.

Re:I hope they follow the law (1)

tehcyder (746570) | more than 3 years ago | (#33732396)

Now, we can have an informed debate. Go ahead.

*tumbleweed drifts across this thread*

Re:I hope they follow the law (2, Informative)

wvmarle (1070040) | more than 3 years ago | (#33719958)

From a previous /. story [slashdot.org] you may recall that the UK has pretty stringent laws on the disclosure of personal data. Basically no disclosure to third parties without court order.

Re:I hope they follow the law (1)

ais523 (1172701) | more than 3 years ago | (#33721924)

Interestingly, this is one of only two laws I was taught in school (the other being the Race Relations Act). I think it's on the official school curricula here in the UK.

Re:I hope they follow the law (1)

ObsessiveMathsFreak (773371) | more than 3 years ago | (#33720472)

As long as those ISPs follow the law regarding the disclosure of this personal data, I have nothing against it.

You know, legality and morality are two different things. Ethicality is a third. Just because something is legal, that doesn't make it the right, correct or civic thing to do.

So, even if the ISPs are following the law to the letter in this, I think selling customer data this way is wrong--massively wrong. This is a huge breach of customer trust, and for nothing but greed besides. The corporate model fails society yet again.

Re:I hope they follow the law (1)

wvmarle (1070040) | more than 3 years ago | (#33720492)

So, even if the ISPs are following the law to the letter in this, I think selling customer data this way is wrong--massively wrong. This is a huge breach of customer trust, and for nothing but greed besides. The corporate model fails society yet again.

When the law requires the ISP to give those details they should do it. That's nothing to do with failure of the corporate model: the businesses are only doing what the government thinks they should do. So it's a governance issue that's at stake here.

Re:I hope they follow the law (1)

houghi (78078) | more than 3 years ago | (#33720516)

Of course ISPs should only disclose personal data when the law requires them to do so.

... and the law must be written with the privacy of the individual in mind.

humm (-1, Redundant)

Anonymous Coward | more than 3 years ago | (#33719736)

sounds about right. if you make it less profitable to sue 10,000 people at a time perhaps they will stop doing it!

What is the problem? (0)

Anonymous Coward | more than 3 years ago | (#33719816)

If the the details requested are from people sharing files without the permission of the rights holder these costs should be part any settlement awarded by the court (in UK courts in most cases the costs of the winning party are payed by the losing party).

The real story here (0)

Anonymous Coward | more than 3 years ago | (#33719976)

is that the chief exec of the Federation Against Copyright Theft conflated the web and the net in a way that hints at his ignorance on the topic he's acting as an authority on.

GOOD! (2, Funny)

sjames (1099) | more than 3 years ago | (#33720080)

The more they charge the better. If it actually costs some real money, the rights holders will naturally be driven to avoid the frivolous requests they've become notorious for. Alas, 120 isn't likely enough. After all, the biggest repeat customers can and do afford a noticeable percentage of Bolivia's "agricultural exports" all by themselves. Perhaps if they spend 10K to find the name and address of someone offering a recording of Dr. Usher's lecture for download they'll finally start bothering to check the content first.

Good for them (2, Interesting)

MrDoh! (71235) | more than 3 years ago | (#33720216)

FAST has very dubious practices to get people to cough up to join their little group 'we offer a reward for copied software your employees may report to us, if you pay us, we'll let you know that we've had a report and let you get legit before we set the attack lawyers onto you". Anything to gouge them of some of their dubiously gained monies is great by me.
That advice about never talk to a cop because they'll twist it around somehow to ensnare you, even (probably) if you're innocent? They've got nothing on these jokers.

Re:Good for them (1)

tehcyder (746570) | more than 3 years ago | (#33732416)

That advice about never talk to a cop because they'll twist it around somehow to ensnare you, even (probably) if you're innocent?

Don't forget the UK police caution is: "You do not have to say anything. But it may harm your defence if you do not mention when questioned something which you later rely on in court."

There is no right to silence in the UK.

Boohoohoowawa (2, Insightful)

xtracto (837672) | more than 3 years ago | (#33720262)

'In 2006, we ran Operation Tracker in which we identified about 130 users who were sharing copies of a security program over the web,' said John Lovelock, chief executive of FAST. 'In the end we got about 100 names out of them, but that cost us £12,000, and that was on top of the investigative costs and the legal fees.'"

Cry ME a fucking river crybaby. Boohoo... we want to screw people, and want to make ISPs screw their customers with laws that we have made by buying legislators... and ISPs are charging us to screw their customers... the nerve of them I say! how can they!

Re:Boohoohoowawa (0)

Anonymous Coward | more than 3 years ago | (#33720316)

Cry ME a fucking river crybaby. Boohoo... we want to screw people, and want to make ISPs screw their customers with laws that we have made by buying legislators... and ISPs are charging us to screw their customers... the nerve of them I say! how can they!

Wouldn't be surprised if they ask to add the cost onto the amounts sued for. Anyone here familiar with UK law on that concept?

I wonder if this opens the ISP's up to liability.. (2, Informative)

grelmar (1823402) | more than 3 years ago | (#33720392)

Not exactly sure about the UK, but I know here in Canada that FOIP (Freedom of Information and Privacy Act) has provisions that mean that ISPs aren't allowed to give out that info without a court order, and would be subject to Federal criminal prosecution if they did hand out the info to private 3rd parties. I had thought the laws were similar in the UK. It would be interesting if one of these users sued their ISP for unlawful disclosure of personal information. The privacy act in the UK can be nasty to those who break it. It all depends whether that information is protected or not. FOIP is the big reason why you don't see these types of lawsuits in Canada, that and a long history of the Canadian courts telling rights holders "tough noogies" when they sue people who make copies for personal use - we pay a blank media tax that gets divvied up amongst rights holders as a hedge against piracy.

Re:I wonder if this opens the ISP's up to liabilit (1)

Grumbleduke (789126) | more than 3 years ago | (#33720548)

If you read the summary it mentions that "they are free to charge in civil cases". In fact, the article itself states: "Under UK law, rights holders can only obtain details of who was using an IP address when copyright material was downloaded by obtaining a court order."

Basically, they still need to get the Court order, but that just forces the ISP to hand over the data - the ISP can still charge an "administrative fee" for doing so. In these cases, the disclosure is done as the result of a court order (so the ISPs can claim they were "forced" to hand over the information) although the information filtering out of the Courts suggest that they enter into agreements before the case takes place not to contest it.

Also, for the record, there is no "privacy act", "privacy law" or "privacy right" in the UK.

[IANAL, but working on it...]

Charge more! (1)

muzicman (1148101) | more than 3 years ago | (#33720542)

My belief is that they ISP's should charge more. £10000 per person. At least then they would be able to sort out the shambles that is "up to 20 MEG DOWNLOAD!!!" and you never get more than 200mbits per sec. YOU KNOW WHO YOU ARE!

Re:Charge more! (1)

jimicus (737525) | more than 3 years ago | (#33720554)

200 Mbits/sec is 20 meg download.

Security warez? (1, Funny)

Anonymous Coward | more than 3 years ago | (#33720644)

I find it incredible that there are

130 users who were sharing copies of a security program over the web

That's a lot of people who are concerned about security enough to get special software for it, but never stopping to think that the copies they're illegally downloading might be compromised?
We're all doomed.

Re:Security warez? (1)

tehcyder (746570) | more than 3 years ago | (#33732558)

In other news, not all of the people downloading warez copies of Photoshop Cs5 and NFL Madden 2011 are 1337 H4x0rz.

Illegal...? (1)

RichiH (749257) | more than 3 years ago | (#33720768)

I dunno, maybe I am missing something, but either you _have_ to give out the data by law in which you can't charge anything. Or you do not _have_ to give out the data in which handing it out seems questionable at best. Charging for it smells illegal, to me.

Re:Illegal...? (0)

Anonymous Coward | more than 3 years ago | (#33720886)

I dunno, maybe I am missing something, but either you _have_ to give out the data by law in which you can't charge anything. Or you do not _have_ to give out the data in which handing it out seems questionable at best.

Or, maybe, you just don't have any clue.

Fishing expeditions (1)

benjfowler (239527) | more than 3 years ago | (#33720862)

I see ISPs charging to rat out their subscribers as a good thing. For starters, it cuts down on morally bankrupt ambulance-chasers wasting everyone's time with pointless fishing expeditions. Remember, we're talking ACS:Law, the kings of all ambulance chasers -- they'll happily try and make a buck at somebody else's expense, including your ISP (who'll happily pass on the cost) for a few squalid pounds.

Ob. Brazil (0)

Anonymous Coward | more than 3 years ago | (#33721076)

I understand this concern on behalf of the taxpayers. People want value for money. And that’s why we always insist on the principle of Information Retrieval Charges. It's absolutely right and fair that those found guilty should pay for their periods of detention and the Information Retrieval Procedures used in their interrogation.
-Deputy Minister Helpmann

This is BAD not good (2, Insightful)

rcb1974 (654474) | more than 3 years ago | (#33721096)

This is bad because ISPs now have an incentive reveal your identity to the mega corporations who will sue you. If all ISPs in the UK are required to do this, then ISP won't need to worry about losing customers by revealing their customer names. Here's how it will work:

1) MPAA pays ISP $120 to get your name from your IP address. I don't know why people still think that the ISP account holder is necessarily the person who is sharing copyrighted material.
2) ISP profits!
3) MPAA sues you for $150000, but settles for $3000.
4) MPAA profits! ($3000 - $120 - $0.5 (stamp)) = $2879.50

YOU LOSE $3000, lot of sleep, and get stressed because you feel so powerless to stop those parasites.

Re:This is BAD not good (1)

mlk (18543) | more than 3 years ago | (#33723730)

ISP gains $120 (£75) - or about 4 months of interwebs.

So in exchange for a previously loyal customer that would happily be paying $300+ a year the ISP gains $120 plus any contractual obligations (i.e length of the contract) then the user moves ISPs looking for one that does not give data away so easily.

I'm not sure the ISP really profits in this.

Re:This is BAD not good (1)

rcb1974 (654474) | more than 3 years ago | (#33727472)

If all ISPs are required to obey the same law, then no single ISP has to worry about losing customers. This is because customers won't have any other ISP they could run to that wouldn't also have a financial incentive to report them to the MPAA/RIAA. So basically UK people are screwed unless they setup their own wireless or laser link that transmits stuff directly to France/Ireland/other country within range (Sealand?) that isn't bound by UK law.

Re:This is BAD not good (1)

mlk (18543) | more than 3 years ago | (#33731924)

Except not every UK company does simply hand the data over. The law companies involved avoid some ISPs (Virgin and O2 I think) as they will fight the court orders requesting the information.

I've got an idea... (1)

jesseck (942036) | more than 3 years ago | (#33721130)

How about pass savings to a customer? If you are getting paid 120 per inquiry, then those subscribers are becoming a revenue stream for your ISP. Knock off some percentage of their bill for a while, to encourage their staying with your service. Hell, next time they are accused of infringing, you get 120! Since people don't like change, even if they wanted to change ISPs after you shared their data, they will be getting a discount, so they are less likely to move.

ISPs can recover costs, even in criminal cases (2, Informative)

malx (7723) | more than 3 years ago | (#33721146)

OP said

While ISPs have to hand over log details for free in criminal cases, they are free to charge in civil cases

Actually, ISPs routinely charge the cost of obtaining, processing and handing over log details when asked for it by law enforcement authorities under the Regulation of Investigatory Powers Act 2000, including when the data is needed for criminal investigations.

ISPs aren't allowed to make a profit from providing this data, whether for civil litigation or criminal investigations, just recover their costs. However ISPs' costs can be substantial: ISPs don't just spend time fishing out the records and handing them over, there are also significant overheads in training and systems to ensure this data is only handed over when it should be, to make sure the requesting authority is genuine and the ISP isn't being subjected to an imposter trying a social engineering attack, and so forth. Larger ISPs/telcos run dedicated units to cope with the high volumes of request from public authorities (in total, hundreds of thousands of RIPA requests are made each year, although most of these are for telephony data rather than Internet accounts).

For confirmation see Chapter Four of the relevant Code of Practice [homeoffice.gov.uk] .

Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...