EU data ruling slaps filesharers with red herring

BPI: You don't have to show us any stinkin' personal data


Analysis Internet users in the UK can safely ignore this week's EU Courts of Justice ruling on data protection for filesharing: it's already irrelevant.

On top of that, the judgement covers an ISP belief system that's being rapidly eroded by governments and rights holders behind closed doors.

Neither fact has stopped the judgement being widely misreported (here's the correct story).

Here's a typical example from The Times, the UK's supposed national newspaper of record: "Record labels and film studios cannot demand that telecoms companies reveal the personal details of people suspected of swapping copyrighted material on the internet, the European Court of Justice ruled yesterday."

No, it didn't.

The court ruled that EU law doesn't compel ISPs to reveal customer details in a civil case brought by a rights holder. National courts are in charge as to whether laws are introduced to that end on the ground.

And in the UK, that happened years ago. Most recently the media law firm Davenport Lyons, acting on behalf of videogames developer Codemasters, easily scored the personal details of ISP customers it wanted to accuse of copyright infringement over peer-to-peer networks.

It obtained a High Court order, which forces ISPs to hand over the details in exchange for a small administrative fee. PlusNet customers were among those targeted, and the firm explained its hands are tied under UK law in a posting here.

Davenport Lyons used the details to fire off dozens of demands for hundreds of pounds along with threats of criminal action.

Thus the EU's judges' ruling is an irrelevant footnote in the UK, where civil courts require a low threshold of proof to issue a court order that trumps data protection regulations.

But for rights holders, battling copyright-infringing filesharers by court order is expensive, time-consuming and impractical given the scale of peer-to-peer networks in 2008.

In the UK and France at least, the real frontline in the filesharing war isn't in the data protection field, but in the ongoing negotiations for a voluntary agreement for ISPs to disconnect persisitent illegal filesharers.

A BPI spokesman told us the system it is pushing for would not require any personal data to be handed over by ISPs.

The line makes logical sense. If the ISPs are one half of a voluntary agreement to cut off filesharers, then the personal data is already where it is needed. No need for courts, lawyers or nastygrams*.

The BPI man was cagey on the technical details of how infringers might be identified, saying that negotiations aren't past the stage of agreeing an enforcement procedure. The recording industry wants a three-stage slap: a first warning letter, a short suspension of service, followed by a termination of service. The government backs the push.

On the nuts and bolts, in our view it's most likely that simple witchfinder procedures will be used to target individual filesharers. All an investigator needs to do is join copyright-infringing BitTorrent swarms and log the IP addresses of the peers. The rest is simple database manipulation. For now, nebulous waffling about filtering technologies in the network can be reasonably disregarded for practical purposes.


Other stories you might like

  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not.

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • Intel plans immersion lab to chill its power-hungry chips
    AI chips are sucking down 600W+ and the solution could be to drown them.

    Intel this week unveiled a $700 million sustainability initiative to try innovative liquid and immersion cooling technologies to the datacenter.

    The project will see Intel construct a 200,000-square-foot "mega lab" approximately 20 miles west of Portland at its Hillsboro campus, where the chipmaker will qualify, test, and demo its expansive — and power hungry — datacenter portfolio using a variety of cooling tech.

    Alongside the lab, the x86 giant unveiled an open reference design for immersion cooling systems for its chips that is being developed by Intel Taiwan. The chip giant is hoping to bring other Taiwanese manufacturers into the fold and it'll then be rolled out globally.

    Continue reading
  • US recovers a record $15m from the 3ve ad-fraud crew
    Swiss banks cough up around half of the proceeds of crime

    The US government has recovered over $15 million in proceeds from the 3ve digital advertising fraud operation that cost businesses more than $29 million for ads that were never viewed.

    "This forfeiture is the largest international cybercrime recovery in the history of the Eastern District of New York," US Attorney Breon Peace said in a statement

    The action, Peace added, "sends a powerful message to those involved in cyber fraud that there are no boundaries to prosecuting these bad actors and locating their ill-gotten assets wherever they are in the world."

    Continue reading

Biting the hand that feeds IT © 1998–2022