Skip Navigation


EU take UK to court over privacy and data protection rules
Friday 01 October 2010 12:02:10 by John Hunt

UK law does not comply with EU law on consent of the interception of data in electronic communications according to the European Commission. After launching an infringement procedure in April 2009, and requesting the UK authorities adjust their laws in October 2009, the Commission has now decided to refer the UK to the European Court of Justice for failing to take action to address the deficiencies in UK law.

The UK law's are in breach of the ePrivacy Directive and the Data Protection Directive in three specific areas:

  • there is no independent national authority to supervise the interception of some communications, although the establishment of such authority is required under the ePrivacy and Data Protection Directives, in particular to hear complaints regarding interception of communications
  • current UK law authorises interception of communications not only where the persons concerned have consented to interception but also when the person intercepting the communications has 'reasonable grounds for believing' that consent to do so has been given. These UK provisions do not comply with EU rules defining consent as "freely given, specific and informed indication of a person's wishes"
  • current UK law prohibiting and providing sanctions in case of unlawful interception are limited to 'intentional' interception only, whereas EU law requires Members States to prohibit and to ensure sanctions against any unlawful interception regardless of whether committed intentionally or not.

The case stems from complaints with regards how the UK dealt with the Phorm advertising system which was secretly trialled by BT on its users without their consent. This effectively resulted in interception of data, but the UK authorities failed to find that either BT or Phorm had committed a criminal offence.

Comments

Posted by GMAN99 over 6 years ago
So how does this effect DEA? Won't <someone> be intercepting our communications without our express permission for DEA?
Posted by CARPETBURN over 6 years ago
Ahhh excellent news indeed, another thing i suggested should happen, which now has.
Posted by Legolash2o over 6 years ago
GMAN99, i would also like to know..
Posted by CARPETBURN over 6 years ago
Lets just hope it stops customer details being given to ass clowns like ACS Law at the very least and make certain BT owned organisations *PlusCOUGHnet* handing them over willy nilly and in general having multiple email and customer data leaks over the years. (please BT defenders dont go and make me link to all those do some searching for yourselfs for once).
Posted by Legolash2o over 6 years ago
I also hope it stops sending our details to gits like ACS Law and hopefully will stop the DEA act as EU LAW is higher than UK LAW.
Posted by andrew (Favicon staff member) over 6 years ago
An ISP releasing customer details under a court order - are people saying this EU action will stop that?

The use of unencrypted comms for this, is a different matter, and should be handled by ICO.

Or are people contending that scanning torrent tracker sites is an interception of communications?
Posted by CARPETBURN over 6 years ago
Many of the details to ACS law were passed by various ISPs without court orders, just letters demanding details and threatening court.... ACS have never had any individual or ISP in court for anything. Data leaks (which is another matter but also relates to plusnet) are something else that needs sorting out.... Forget just how many times ive read about customer details and emails being leaked via plusnet systems over the years.
Posted by GMAN99 over 6 years ago
Plusnet are not responsible for the ACS Data Leak, ACS are. Plusnet have sent personal information without taking the appropriate measures which is very serious and needs to be investigated. But they didn't leak the data. As I said on the forum hopefully going forward this info will be kept in as few places as possible to try to prevent things like this occurring
Posted by andrew (Favicon staff member) over 6 years ago
Urm with a court order, ACS:Law goes to court on its own, obtains an order from a judge, which is then sent to the ISP. In short ISP is not summoned to court, if they contest or fail to fulfill the order, they may be summoned at that point.

What proof of ISP's supplying details without court orders are there? Emails saying 'here is the data as requested' is not proof, since the court order would most likely have been posted, and thus not visible in the email logs.
Posted by TaRkADaHl over 6 years ago
Any opportunity to have a go at BT eh? Even when it is Plusnet who were at fault you still start shouting and squealing about 'BT Defenders'. Gotta love your consistency and arrogance :)
Posted by TaRkADaHl over 6 years ago
"Plusnet have sent personal information without taking the appropriate measures which is very serious and needs to be investigated" - Quite possible, but there is no proof. Data could have been sent via SSL or similar. Innocent until guilt and all that jazz.
Posted by GMAN99 over 6 years ago
TaRkADaHl , I believe Plusnet have already admitted what they've done wrong.
Posted by CARPETBURN over 6 years ago
quote"TaRkADaHl , I believe Plusnet have already admitted what they've done wrong."

Dont let that stop the idiot spouting off about stuff he hasnt read the latest on.
Posted by CARPETBURN over 6 years ago
ACS LAW Farmed user details from many ISPs without court orders. The only users they were too scared to go after apparantely were Sky (no doubt didnt want to suffer the wrath of Mr Murdoch if he got unhappy) and Virgin (i believe they insist of court orders, for cases like ACS LAW were dealing with, so ACS LAW didnt bother with Virgin users, apparantly anyway). Maybe if i also blabber about how Tiscali have also in the past had ex-employees "obtain" customer data that will keep little TaRkADOHl happy. As that similar data protection leak company isnt BT related.
Posted by andrew (Favicon staff member) over 6 years ago
If ISP's gave out user details without court orders, then the tabloid press will love you to give them the inside detail.
Posted by CARPETBURN over 6 years ago
ACS law were recently refused court orders by a judge, another has ruled their evidence from prior IP address collecting firms they previously used was inadmissable and they have also been before the SRA something like 3 times. Oh and been under the microscope by them and others since something like 2006..... I guess some ISPs though just didnt think about just ignoring the damned ACS clowns though. Amazing their head idiot sends things like sort codes and other banking detail via un-encrypted email :O
Posted by CARPETBURN over 6 years ago
It cant be 100% proven yet Andrew (id convict them on the majority rule :D), and i suspect all those involved apart from the stupid are remaining very tight lipped, for some ISPs concerned it would be hard to look even dumber....... Even those that may of had court orders (i doubt any did), they are supposed to notify the customer of alleged copyright offences. Clearly they didnt and the first many users knew about it is ACS LAWs ransom letter arriving demanding £499 OR GO TO COURT...
Posted by Somerset over 6 years ago
(cb - can you please answer the 'doping the signal' statement)
Posted by CARPETBURN over 6 years ago
They never took anyone to court... I wonder why eh??? especially if they had court orders and done everything right eh??? ACS are well known on consumer tv programmes, WHICH and many others. They are very vocal about anyone that looked at the ransom model. The latest leaked fax documents show they have even more to worry about, apparantely very friendly with a judge, and other "dodgy" things... Hopefully it will be looked at and punishment is swift.
Posted by CARPETBURN over 6 years ago
You will have to link back to that news item somerset, ive forgot which one it was LOL
Posted by Somerset over 6 years ago
(http://www.thinkbroadband.com/news/4374-openreach-to-give-erbistock-customers-option-of-migrating-to-another-exchange.html)
Posted by tommy45 over 6 years ago
There seems to be some evidence that bt and plus net at the least just co operated with acs law (no court order) from some of the internal e-mails and seeing as civil law only requires the probability b/s that some one is guilty as charged that makes them at fault, if they /you don't like that then a change to how civil law works is needed,
though one thing that does puzzle me is how any of the plusnet/bt account holders accuse of infringing copyright can be guilty of anything, as both throttle the hell out of p2p,lol,
Posted by tommy45 over 6 years ago
MR crossley don't like which , and the bbc, as both have reported on his dodgy business activities
Such as they may not of been licensed to harvest the ip addresses in the first place, yet another piece of evidence from the e-mails so i believe, the isc/sra and who ever else should be reading through them, even though they may not be admissible in a court, but at least they would be better informed
Posted by GMAN99 over 6 years ago
tommy they can still be guilty just a much slower guilty ;)
Posted by Dixinormous over 6 years ago
'Posted by CARPETBURN about 3 hours ago
ACS LAW Farmed user details from many ISPs without court orders. The only users they were too scared to go after apparantely were Sky'

You missed that the largest group of user details released were Sky users I take it?

TalkTalk and Virgin were, in common with other ISPs, served court orders and chose to contest them. Sky did not.

Any ISP that released details without court order is in deep excrement for DPA violation.
Posted by TGVrecord over 6 years ago
If Plusnet gave out customer details without a court order to a third party they must be guilty of breaking Data Protection rules? Even if they supplied the data in an encrypted format!
Posted by CARPETBURN over 6 years ago
@Dixi, i stand corrected it was TALK TALK and VIRGIN which told them to basically take a hike.
Sky it seems may have indeed previously complied with requests. Either way the whole episode is the latest to show when it comes to Data protection in this country some are very slap happy.
Posted by CARPETBURN over 6 years ago
@Tommy45 the comment about throttles raised a small chuckle, maybe some pirates like to stay with a company that already partly punishes them ;)
@TGVrecord... Plusnets record when it comes to protecting customers info and data in general is not good. I wouldnt even dare send confidential email on their service.
Posted by chrysalis over 6 years ago
I think there is a link between the government shielding BT from the law and BT's rollout areas for FTTC.
Posted by CARPETBURN over 6 years ago
The one good thing i will say about Plusnet is when they do make a cock up they do quickly raise their hands and admit it, rather than try to cover things up or ignore them and hope it goes away like some ISPs would.
Posted by cf492bcc over 6 years ago
GMAN99 said: "Won't <someone> be intercepting our communications without our express permission for DEA?"

No, I don't think so. Obtaining the IP addresses of file-sharers is performed simply by joining in with the activity and logging those involved. There's no interception of data there, it's merely a consequence of the simple communication between the two parties that reveals the act.
Posted by CARPETBURN over 6 years ago
quote"I think there is a link between the government shielding BT from the law and BT's rollout areas for FTTC. "

Secret handshakes, meetings, governemnt funding, and lots of nudging and winking.... Surely not our government and BT are far too honest arnt they?
Posted by CARPETBURN over 6 years ago
quote"There's no interception of data there, it's merely a consequence of the simple communication between the two parties that reveals the act."

Reveals what act?...... A) a torrent swarm can introduce false IPs, which idiot firms collect... B) Connections are wireless nowadays so the non-guilty can end up being deemed guilty... C) Its too hard to police so why bother and just pander to the industry and bugger protecting peoples personal info... D) All the above?
Posted by Legolash2o over 6 years ago
carpetburn has a point on that last post. You can't control the internet, no point even trying LOL.
Posted by CARPETBURN over 6 years ago
Its not even about policing, or copyright anymore, but all about money, and where there is money to be made people (term used loosely but to remain P.C on here) like ACS Law crawl out of woodwork.
Some of the money they are rumoured to have made, and the numerous innocent people its clear they accussed makes me sick...... Catch the guilty if you can, but christ sake dont let dirtbags get rich off the innocent, which seems to be the new mantra in the UK with regards to copyright. Lock up those that never buy a damn thing, but dont let idiots police those idiots though for the love of sanity.
Posted by Legolash2o over 6 years ago
Most big businesses and seems the UK government in general go out of their way to screw people over and think that they are the law.

I'm with carpetburns side on this argument.
Posted by cf492bcc over 6 years ago
CB, all that's required is that the process confirms transmission of the copyrighted data. This could be done by the reception of only a single piece from a BitTorrent peer, for instance.

Any monitoring entity that thinks for a moment that simply pulling addresses from a tracker is going to be sufficient proof would be in for a big shock. I would think they're unlikely to be that foolish as the consequence would severely discredit their operation as many innocent people would be falsely accused. The blow back from that would shut them down.

And this has nothing to do with interception.
Posted by cf492bcc over 6 years ago
P.S.

(B) They'll simply state that it is your responsibility to have your equipment sufficiently locked down to prevent this occurrence. Not something I agree with at all, but that is what they will, and actually already do, say.

(C) It's demonstrably not too hard as the monitoring and law companies have shown. They're making profit. Media companies seem to hope it rises to a scale where sharers cease their activities. Governments, too.
Posted by CARPETBURN over 6 years ago
quote"Any monitoring entity that thinks for a moment that simply pulling addresses from a tracker is going to be sufficient proof would be in for a big shock. I would think they're unlikely to be that foolish as the consequence would severely discredit their operation as many innocent people would be falsely accused. The blow back from that would shut them down."

Errm this is basically all what ACS were doing, hiring a third part to record IP addresses in a torrent swarm.
Posted by CARPETBURN over 6 years ago
quote"(B) They'll simply state that it is your responsibility to have your equipment sufficiently locked down to prevent this occurrence. Not something I agree with at all, but that is what they will, and actually already do, say."

Hows that work in open wireless situations then? Or places where you can sit down and use the internet?
Posted by tommy45 over 6 years ago
Just to track back," TT and virgin refused top co-operate with ACS law" that maybe the case, but the reasons why they did it where not to protect their customers,as they are an anti-p2p isp(TT)more like a publicity stunt in an attempt to draw in even more customers, virgin im not sure about,
Posted by CARPETBURN over 6 years ago
Its about time peoples privacy was protected more here. Its clear, idiots that run this country and those that think they run it or want to run it. Have no clue on how to protect your information. The government itself and their shambolic losing of data, laptops etc over the years with peoples private info and now cretin law firms recording spoof IPs of innocents has gone too far... Dont always agree with the EU but in this instance i hope they give the UK government and its so called law and order hell.
Posted by drteeth over 6 years ago
The data has to be sent in encrypted form and the court order is to get details for court action and not threatening letters. Also, the decrypting information does not have to be given AIUI, just as one does not have to fill in a tax return in English.
Posted by TGVrecord over 6 years ago
But did ACS get a court order? And why did Plusnet also provide ACS with customers bank details? As far as I can see Plusnet is guilty of a major data protection breach. It does not matter if they provided the info in encrypted form.
Posted by greemble over 6 years ago
Plusnet didn't provide bank details. The info was lost from ACS servers where it had been stored by ACS after they had received it.
Any bank details lost were those that had been provided by the victims directly to ACS and stored by ACS with the details from Plusnet.

If Plusnet and/or BT had sent all their customers' details encrypted, it would have made no difference - ACS had them stored on their web server and placed them in plain view.
Posted by cf492bcc over 6 years ago
CB wrote: "Errm this is basically all what ACS were doing, hiring a third part to record IP addresses in a torrent swarm."

Yes, but you have no idea as to how the monitoring company is obtaining and verifying addresses, so your argument that "a torrent swarm can introduce false IPs" meaning it's not possible accurately to "reveal the act" of people involved in infringement of copyright is plainly wrong. This comes down to specifically how the information is attained, which is what I said.
Posted by cf492bcc over 6 years ago
CB wrote: "Hows that work in open wireless situations then?"

(B) Go argue with them about it, as that is what has already been said. If they haven't yet set it in stone, they are certainly trying to, as obviously they are trying to close it down, the gaping hole in their plan that it is.
Posted by CARPETBURN over 6 years ago
Oh please cf492bcc, understand entirely what you are trying to say but its obvious ACS and those they employed to harvest peoples IP addresses are clueless tards. Examples of some of their accusations include accusing something like a 70 year old couple of downloading porn, when they were not even in the country but visiting relatives. Oh and some English toff of downloading German techno... Its clear the so called information collected is not accurate.
Posted by CARPETBURN over 6 years ago
I also still maintain the wireless arguement and how anyone here could be accussed of being guilty for something they didnt do is a valid one. Even WPA2 based encryption is easy to crack now (especially if you use generic words in your passkey). I could in theory with a simple tool probably hack a good percent of WPA2 users in my street and thats after i use the 3 which are currently completely open. (Not that i would). Nobody should have to argue it with them, if you are being threatened to cough up £500 quid it should be their job to prove you are guilty not you prove you shouldnt be paying.
Posted by TGVrecord over 6 years ago
I gather that ACS has yet to take anyone to court for non payment of their demands so it has not been proved they are guilty. Paying up might be indicative but it would be interesting to see just how strong a case ACS would have if it went to court. On the face of it this is nothing more than a legal scam.
Posted by CARPETBURN over 6 years ago
Indeed TGVrecord. It looks like (very roughly) a third paid up and didnt challenge them, the rest either didnt reply or replied and told them basically no im not paying show me the evidence you have on me. They didnt take anyone to court.
It also looks like they knew their ccases were weak and could be one of the reasons they moved on to tracking porn titles that were supposedly downloaded... A sort of try to shame people into paying method, which for some apparantely worked, unfortunately. Its not even really a legal scam, they are just outright scammers.
Posted by TGVrecord over 6 years ago
Reminds me of a gentleman who took action against a purveyor of porn. He used the 'Sales of Goods' act because the material was not explicit enough! A comment at the time was the purveyor got away with providing tame material because people were too ashamed to complain.

As a matter of interest were the pirated films worth the estimated £500?
Posted by CARPETBURN over 6 years ago
quote"As a matter of interest were the pirated films worth the estimated £500?"

On of the titles they apprantely "monitored" is supposed to be free on a certain site supposedly you get a free 2 weeks trial and ironically one of the choosen methods to watch it is to install a P2P based app... So god knows what they were thinking there........ Maybe they only went after the people downloading the NON-Free HD version..... A policy of "No free HD boobies allowed" maybe ;) lol
Posted by alewis over 6 years ago
The vast majority of customer data was acquired legally, via an NPO. Whether the ISPs supplied the data in the manner proscribed by the Order (encrypted and via a secure physical medium, and *not* 'secure' email) is another matter, and one which requires further investigation. Whether ACS then further complied with the Order, and other statutes (DP, PCI/DSS, etc) is a grey area. That the data became public is true, but it is *not* established *how* the data became available. Much as we might detest ACS, bear in mind the basic legal principle is innocent until proven guilty.
Posted by alewis over 6 years ago
The accuracy of the IP addresses obtained is debatable. And whether an IP address 'proves' anything, well, I don't see that holding in a court - certainly not a criminal court. However, a civil court is a slightly different matter - its a 51% chance.., it is possible that a magistrate *could* decide that an IP address together with a refusal to submit to a forensic examination, could lead to a "balance of possibility"
Posted by alewis over 6 years ago
I'm not an apologist for ACS; whilst I can see the *objective* merit in tracking down CP infringers, how they went about it was revolting. That said, the entire entertainment industry needs to drastically rethink not just its business and distribution models, but even it's attitude towards customers.

And yes, I laughed like a drain at the ACS fisasco.
You must be logged in to post comments. Click here to login.