Posted: 23rd Mar, 2011 By: MarkJ


UK ISP BT Retail ( PlusNet ) has successfully forced several firms, including
ACS:Law's intermediary
MediaCAT and
Digiprotect, into deleting thousands of private customer details that had been obtained as part of a controversially court approved
Norwich Pharmacal Order (NPO).
Solicitor firms typically collect IP address details from public
P2P (File Sharing) networks and target those whom are suspected of engaging in "
illegal"
internet copyright infringement (piracy). The IP details are then resolved to an ISP and an NPO is served against the provider, which is used to extract related customer details.
Firms, such as ACS:Law, made their money by using this data to "
bully" customers of broadband ISPs with dubious settlement demands ("
speculative invoicing"), many of which can be worth hundreds of pounds or more. However, several recent court cases have highlighted the
many problems with this process (
here and
here) and ISPs have also become more bullish in their defence.
BTCare's Community Manager, Kerry, said:
"We have been working to resolve a number of outstanding issues around the Norwich Pharmacal Orders in light of developments around ACS:Law. We can now share with you some of the work we have done.
With regard to Media CAT, we have been under a court order since July last year to supply it with details belonging to thousands more customers. We refused to do so and have now secured a further order to set aside the July order, meaning that the customer details will not be disclosed. Media CAT has also confirmed that all customer data that we sent to it in the past has now been deleted.
Ministry of Sound had the benefit of a court order from May 2010, which similarly required us to send thousands of customer details. We have now obtained another court order releasing us from that obligation. As was reported last year, Ministry of Sound withdrew its second application after we raised important issues we felt the court should consider.
Digiprotect was another client of ACS:Law. We have already disclosed some customer details to it under a court order in early 2010. Since even before the revelations about ACS:Law, we had been challenging Digiprotect on its use of that data but did not get satisfactory answers. We have now taken the matter back to court and secured an order requiring Digiprotect either to issue proceedings or delete the data. The time for issuing proceedings has now expired and the data should be deleted.
As a business we must facilitate genuine rights holders who wish to enforce their copyright in a proportionate way. With that in mind we have been working on a new framework policy to deal with future applications, in a bid to protect our customers. We continue to develop that policy, particularly in light of the comments of HHJ Birss QC in the recent Media CAT cases."
A key problem is that IP address data cannot always be relied upon because it can at best only identify the owner of a connection and not its individual users, especially on a shared local network (e.g. a library, business, Wi-Fi network etc.). IP's can also be spoofed, redirected or even hijacked (open Wi-Fi networks). Likewise the logs collected by such firms might be slightly out of sync with ISP logs, which can end up catching the wrong users or make such data useless.