Friday, 19 November 2010

Who’s been a naughty file sharer, then?

It looks as though another nail is being hammered into the Digital Economy Act’s coffin. And this time it’s the Solicitors Regulation Authority wielding the hammer. So, if the SRA is getting uneasy about what some lawyers have been up to recently, I wonder what’s going to happen next.

Some lawyers have been accused of of knowingly "targeting people innocent of any copyright breach" when they sent "bullying" settlement letters to those suspected of being involved with unlawful ("illegal") broadband ISP based Peer 2 Peer File Sharing. This has come about because they gathered public Internet Protocol addresses from file transfers (uploads) on Peer to Peer networks, and used these records to get customer details from Internet Service Providers after having first obtained a court order.

Thousands of people whose addresses were subsequently obtained then received letters which suggested they were involved with copyright file sharing. Many of these letters demanded several hundred pounds in compensation for the alleged act and a further fee to cover costs. Those receiving the messages were threatened with legal proceedings if they refused to pay, which in reality rarely ever happened.

The real scandal was that the people who sent these letters (apparently) knew that IP addresses, which are assigned to your computer each time you go online, are not an effective way of determining a computer user's true identity. At least one middle aged lady received an allegation that she was involved in downloading gay pornography – which came as an awful surprise both to her and to her son, who had not previously discussed his sexuality with either of his parents.

Sensitive personal data? But whose?

We all know that Internet Protocol addresses can easily be faked, hijacked, redirected and generally abused or used in ways that can be hard to detect. And we all know that the owner of a particular internet connection, such as in case of a hotel, business or shared public/home Wi-Fi network (secure or not), may not be the individual responsible for the actual act itself.

So I wonder what Ofcom’s going to do now. I was at one meeting today to hear an official from the Information Commissioner's Office recommend that Privacy Impact Assessments be carried out for most initiatives that involve the processing of personal information. And we all know that the Information Commissioner can now carry out privacy audits on all public authorities, whether they want to learn of his views or not. Will Ofcom carry out and publish a Privacy Impact Assessment about these proposals, in order that everyone can be satisfied that the case has been made for the initiative and that all the legitimate privacy concerns have been addressed? Will the Information Commissioner demand to see one before the process which is currently under construction goes horribly wrong?

Will Ofcom really continue to tell the Internet Service Providers to keep logs of people whose IP addresses have been possibly used by someone else for nefarious purposes, in order that they can report to the copyright owners when there have been a number of similar allegations? Could the Internet Service Providers be accused of sending thousands of bullying letters, too? These providers like to send nice letters to their customers. Not letters containing threats.

And then, finally, are Internet Service Providers really expected to cut off the accounts of people whose IP Addresses have possibly been used by someone else? Is this madness?

Or will someone come to their senses and ask themselves how much angst really needs to be caused in possibly hundreds of thousands of households up and down the country, as parents realise what their offspring have actually been up to?