Accused of Illegal File-Sharing? Complain to the Government

enigmax
December 5, 2008
46
Data Protection Act,
davenport-lyons,
Information Commissioner
Print

Lawyers in the UK are obtaining the personal details of over 25,000 alleged file-sharers for the purposes of sending them a £500+ bill accompanied by threats of being sued. Read why the government’s Information Commissioner has let down every single one of them and why each disclosure could be a serious breach of the Data Protection Act.

Following numerous TorrentFreak investigations, today the BBC has published numerous articles, online and on radio about companies and lawyers who track down alleged file-sharers in the UK.

If you have received a letter from lawyers Davenport Lyons (or indeed any other law-firm operating the same business model) accusing you of illegally sharing games, videos or music, this article will provide serious food for thought and give you the tools and knowledge to make your voice heard at a government level. It is unacceptable that people are being wrongfully accused. We believe that your names and addresses should not have been handed over to these lawyers in the first place, and that you should not have received a threatening letter.

This is a guest post from Michael Coyle of Lawdit Solicitors who is currently defending many of those accused in the Dream Pinball, Colin McRae Dirt, Call of Juarez and more recently, the various porn titles cases brought by DigiProtect in the UK. (Intros, links, editing and letter template added by TorrentFreak/Penumbra)

Alleged File-Sharers: Why the Information Commissioner Has Let You Down

The Information Commissioner’s Office (ICO) is a non-departmental public body reporting directly to Parliament. It is the office dealing with the Data Protection Act 1998 and the Freedom of Information Act 2000, the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the Environmental Information Regulations 2004 in England and Wales.

UK ISPs were ordered earlier this year [and in 2007] by the High Court to disclose information relating to its customer’s data, based on information provided to them by amongst others, video games companies. The information sought was based on the customer’s IP address. Pursuant to CPR 31.18, lawyers applied for an order that the ISPs disclose the full name, postal address and telephone number of the subscriber of each of the IP addresses supplied.

The game plan was to match each IP address with an individual and write to them with a hefty threatening letter and a request for £500-600. If this sum was not paid, court action was threatened, costing tens of thousands of pounds. It all seemed fairly conclusive. The ISPs complied and the Lawyers [Davenport Lyons] commenced the enormous task of writing to over (so we understand) 25,000 potential infringers.

However it was only when responses started to flood in – many in their hundreds to Lawdit Solicitors – did it become clear that while IP addresses could reveal a name and real-life address, it did not reveal the culprit. It proved very little. It certainly did not prove that any copyright infringement had taken place, far from it. Only by inspecting the hard drive of the customer’s computer could you do this. If there were any other evidence to sit alongside the IP address, for example a user name or password of the file sharing software you could sympathize with the rights holder.

But to rely on the IP address alone is wholly disproportionate and has resulted in untold misery to many thousands of individuals. This whole affair sums up in my view how little the Information Commissioner (IC) is really concerned with an individual’s data. I am not aware of any publicly quoted concerns from the IC about this issue and he has remained silent as the forums and bulletin boards crackle with the indignation and invasion of individual’s data. You cannot blame the ISPs. As a Court Order was in place, why would an ISP go out on a limb for a few thousand customers?

But the IC ought to have been keeping a watchful eye out and at the very least issue a press release to offer individuals some comfort. The silence is even more deafening in that on 29 January 2008, the ECJ held that Community law does not require member states to oblige ISPs to disclose details of suspected file-sharers to enable a copyright owner to bring civil proceedings.

Personal data is protected generally in the EU by virtue of the EC Directive on the protection of individuals with regard to the processing of personal data (95/46/EC) (Data Protection Directive). Member states may provide exemptions to protection in order to conduct criminal investigations or safeguard national or public security or to protect the rights and freedom of others (Article 13(1), Data Protection Directive).

In the UK such an exception can be found under section 35 (1) of the Data Protection Act 1998 which provides that ‘Personal data are exempt from the non-disclosure provisions where the disclosure is required by or under any enactment, by any rule of law or by the order of a court.’ This exemption does not contain any further considerations for a Data Controller before making a disclosure in these circumstances.

The EC Directive on the processing of personal data and the protection of privacy in the electronic communications sector (2002/58/EC) (E-Privacy Directive) provides that national authorities may only lift the protection of data privacy in order to safeguard national or public security or to conduct investigations into criminal offences or the unauthorised use of an electronic communications system, where this is a “necessary, appropriate and proportionate measure” (Article 15(1), E-Privacy Directive).

The ECJ reached its conclusion(.pdf) following a Spanish case concerning Telefonica. The Juzgado de lo Mercantil No 5 de Madrid decided to stay the proceedings and referred the following question to the Court for a preliminary ruling:

Does Community law, specifically Articles 15(2) and 18 of Directive [2000/31], Article 8(1) and (2) of Directive [2001/29], Article 8 of Directive [2004/48] and Articles 17(2) and 47 of the Charter permit Member States to limit to the context of a criminal investigation or to safeguard public security and national defence, thus excluding civil proceedings, the duty of operators of electronic communications networks and services, providers of access to telecommunications networks and providers of data storage services to retain and make available connection and traffic data generated by the communications established during the supply of an information society service?

The ECJ, responded that the answer must be that Directives 2000/31, 2001/29, 2004/48 and 2002/58 do not oblige Member States to ensure effective protection of copyright in the context of civil proceedings to communicate personal data. A fair balance needs to be struck between the various fundamental rights and in particular the principle of proportionality. In Advocate General Kokott’s opinion she considered that it was compatible with Community law for member states to exclude operators of electronic communications networks and services from having to make available personal data relating to connection and traffic information in the context of a civil, as distinct from criminal, action.

While the decision is not binding on the ECJ it will generally follow the Advocate General’s opinion. For the vast majority if not all of the 25,000 recipients, this decision ought to have been interpreted as a request for information relating to a non criminal offence (i.e. any copying/file-sharing was non-commercial) and the request for the personal data ought to have been refused.

If you have received a letter accusing you of illicit file-sharing and you are innocent then please write to the Information Commissioner with your story and complain that the release of your personal data was a breach of the Data Protection Act 1998, while urging them to carry out a review of all subsequent releases.

The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF.

For your convenience, a TorrentFreak reader Penumbra has created this template in order to streamline the complaints procedure: (Link)

Update: You may petition the government online by following this link.

Previous Post | Next Post

Follow @torrentfreak

Roze

I would suppose that most people would know already that there is a huge lack of evidence when it comes to IP addresses and file-sharing, and the linking of the file-sharing to any particular person.

As has been said before: “The law is rigid for certain folk, but it bends for the people at the top.”

Roze
Anonymous

“UK ISPs were ordered earlier this year* by the High Court to disclose information relating to its customer’s data, based on information provided to them by amongst others, video games companies”

and 2006/2007 surely?
http://www.torrentfreak.com enigmax

yes, they do date back that far, but the vast 25,000 majority are threatened for this year, but i’ve added that note. cheers
Roze

I wonder, how many complaints have there been so far about the disclosures?

Roze
John Smith

This is definitely the way to do it.
dotpixel

“You cannot blame the ISPs. As a Court Order was in place, why would an ISP go out on a limb for a few thousand customers?”

It’s not as simple as that really. First of all, ISPs *should* try their best to protect their customer data. That goes even BEFORE the court order is issued, when they are approached by the solicitor firm. What’s even more upsetting however, is that the majority of ISPs have signed a declaration that they would not object to releasing the information, subject to the court order. This document was handed down to the court when asking for the order.

My personal interpretation is therefore that they ISPs could have at the very least NOT sign that form, or file some form of a statement saying they do in fact object to releasing personal data. Perhaps the fact that they actually charge money to extract this information has somehow clouded their judgments??

Another point I would raise is that at no point in time were the real accused people (those whose data was released) given a chance to defend themselves and AVOID their data being disclosed. This is to a large extent the role of the ICO, but clearly it failed all those individuals here.
the.dwarfer

I think we should ALL send a letter of complaint about the dodgy practices of DL, regardless of whether we have been affected personally.

The people in power are so old and out of touch that they don’t understand new tech and how it works,

WE know that an ip can’t really identify you, but i bet the MAFIAA rep who explained it to the judge spun it to sound like it was like DNA or a fingerprint.
jon.bloggs

There is a reason that HTTPS, SSL, PKI and Certificate Authorities were created.
That reason is to ensure
1) You know with certainty who is the endpoint of a transaction
2) You know what is sent hasn’t been tampered with

How do you know your bank is the owner of the webpage you give your password to? By that nice little Verisign/Thwate signed certificate! Now THAT’s proof, and lets be honest it’s pretty tricky stuff and wouldn’t have been implemented if an IP address would have done instead…

There should be an international Technological High Court I think… geez I wouldn’t expect a normal Judge (no offence, much respect) to understand PKI, MD5 hashs, or the difference between AES and TKIP – I mean, if you’re reading this you’re probably a techy and I bet even you are a little hazy on these things… they ain’t straightforward and they are very esoteric…

I think perhaps the various international courts are going through phase now… a setting of precedents… just one UK court case of this ilk that sets the precedent that IP address is not sufficient will be all it needs… no wonder DL are so careful not to let their evidence be properly challenged…

All the above is purely personal opinion – of course.
The DON

It might be worth adding the information that the radio5 link starts discussing the filesharing litigation situation at 0:51:40. A lot of other news, weather etc first
test

test
Roze

Perhaps it may be good to have a meeting as well as sending complaints. I mean a general protest meeting against the disclosures.

Roze
uksucks

The problem is that complaining to the government is like banging your head againsta wall. They couldnt give a monkeys if you were falsly accused of filesharing exactly because it is civil. Even if it was criminal they wouldn’t care. It was the government who forces ISP’s to hammer out these agreements with ISP’s in the first place. ISP’s were reluctant to disclose details to begin with and we are in the position we are now due to the BPI lobbying the government, who at the end of the day only care about business so will side with the BPI regardless. EU law is all very well and good, but member states can opt out of EU legislation, they retain their individual sovereignty and EU law is little more than a “guideline”. From a personal opinion, complain if it makes you feel better, but thats about all it will achieve. The UK government has a vested interest in big business and as such will bend over backwards to make them happy, even at the expense of your privacy.
That Guy

There needs to be a better way to get this info out. If we can find out a way to do that im sure that we will be able to make the difference that is necessary so that all of this non since the lawyers are throwing out can be stopped dead in its tracks.
youarenotalone

Remember you live in a democracy – but if you want change you have to make it happen… question is – do you care enough?
Trevor

#14 We live in a Democracy? What? There isn’t a true Democracy anywhere in the world. The closest to any Democracy is Sweden.
Not going to work

Like the government is going to listen? They have more important things to deal with like wars, disease, terrorists, BANKING CRISIS – p2p networks is the last thing on their mind right now.
mike

well the goverment are very keen for the needy to have broadband to the extent that its allmost immposible to escape it wonder why??? but honestly davenport and lyons are advertising porn besides making a mint they are disgusting
10ch.org

@12 uksucks
But do they bend over to the will of the people? Last time I have heard, when large amounts of people disapprove of what companies did, and boycotted, they do bend over to the will of the people. The problem with any current boycotting of the “content industry” is that boycotting for many people is a private matter, and they don’t bother organizing this boycott in large groups.

Roze
10ch.org

@12 uksucks
Continuing on 19, to give you an example, the NAACP amongst other organizations organized boycotts of companies due to their discriminatory policies against colored people in the civil rights era, and they bent over in time. The major difference is that for p2p, people are not organized in any major organization like the NAACP, and as a result, people in favor of p2p are powerless. A major problem is that there seems to be no call to unification and organization, and people prefer to stay un-organized, which is sure to keep the p2p cause powerless.

Roze
uksucks

You cannot equate race discrimination with filesharing. The gov is not going to give a crap about a bunch of whining downloaders who feel it is acceptable to tread on the rights of others while complaining that THEIR rights are being abused. It’s hypocracy and it only makes you look like an idiot. Now while I am in agreement that the media industry get their own way far to often and is too easy for them to go around accusing innocent people of an infringement, the vast majority of people accused are guilty and simply want to use those innocent people as THEIR scapegoat. That’s as deplorable as the media undusrty using underhanded tactics to catch people. Why dont people organise? Because most of them are guilty in the eyes of the law. Its as simple as that.

A few years back, 750,000 rallied together in London to oppose Britains involvement in Iraq, did that achieve a damn thing? No. So what exactly do you think a few thousand filesharers will achieve? Nothing, thats what.
http://10ch.org 10ch.org

@21
Do you even know what the word “hypocrite” means? From the way you are using it, it seems like you are randomly throwing this word around and don’t even know what you are talking about.

You think that it is “treading on others’ rights”? No, it does not. How could doing something with one’s private property possibly be treading on other’s rights? The ridiculousness of what you are saying is astonishing. It is like saying that slave owners had the “freedom” to control their slaves, and that for slaves to escape “violated” their rights. Same here. You are saying that these copyright owners have the “freedom” to control vast amounts of the population in what they do with their private property, and the failure to obey is somehow “violating” this right.

I will tell you that you did get one thing right. File-sharing is indeed abusing the copyright holders’ rights. It is abusing their right to control others, and it is abusing their right to take away other people’s liberties. Copyright is essentially a right to abuse other people’s liberties. Some rights just have to be taken away in order to protect individual freedoms. For example, the right for government to take away freedom of speech is restricted. Unfortunately, copyright, the right to take away other people’s right to do whatever they want with their private property, like copy it and give it to someone else, has not been restricted yet.

You are confusing “guilty in the eyes of the law” and “guilty in the eyes of morality.” Indeed, Rosa Parks was guilty in the eyes of the law. She was guilty of violating the Jim Crow laws. File-sharers are also guilty in the eyes of the law. I bet you thought that Rosa Parks was someone who should have been thrown in jail. Well, I am more sensible than you are, and I do believe in what is right, whereas you support the law when it also goes wrong. I bet that you support the dictatorship in North Korea – after all, it is the law there.

You are the hypocrite.

Also, people rallying together have made a difference. Marches and protest may or may not have made a difference, but the effort itself is important at the very least. Gatherings may not be sufficient to effect a change, but they are necessary.

Roze
outraged

Davenport Lyons do not care about their clients, the client gets a small share of any money recovered.

It is just bullying.

I wonder if the bad publicity is harming them.

It certainly does not dispel the fact that many lawyers are greedy dishonest and lack integrity
uksucks

Can’t you post without preaching? Yes I know what a hypoctrite is, you are a perfect example. Regardless of your opinion on copyright, it is THEIR right and untill that changes whining about your information being shared while you defend your “right” to do the same is a contradiction, that makes YOU the hypocrite. You can blah blah all you like about slavery, communism, whatever, the fact that you even consider filesharing to be like them in any way only proves how perverted your views are. Pull your head out your ass. Either everyone has the right to protect what belongs to them or no one does, that includes your right to privacy.
http://www.10ch.org www.10ch.org

@24 uksucks
“Yes I know what a hypoctrite is, you are a perfect example.”
You support the dictatorship in North Korea. You said that you support the law – therefore, you must support North Korea.

“Regardless of your opinion on copyright, it is THEIR right and untill that changes whining about your information being shared while you defend your ?right? to do the same is a contradiction, that makes YOU the hypocrite.”
Works are not information about others. For example, fan-art is not sharing any information. Equation fan-art, fan-edits, fan-fiction, fan-subtitles, amongst other things with privacy breaches makes absolutely no sense whatsoever. You make absolutely zero sense whatsoever. You should get your head checked.

“You can blah blah all you like about slavery, communism, whatever, the fact that you even consider filesharing to be like them in any way only proves how perverted your views are.”
The fact that you are okay with the RIAA suing disabled teenagers proves how perverted your views are.

“Pull your head out your ass.”
That’s what you should do.

“Either everyone has the right to protect what belongs to them or no one does, that includes your right to privacy.”
I guess you should includes “that includes your slaves” as well. The fact that you equate private information with well-known public cultural symbols proves how distorted your world-view is. How is sharing the latest episodes of a TV show and creating fan-edits of it sharing any private information? What you are saying is absolutely ridiculous.

Roze
uksucks

“You support the dictatorship in North Korea. You said that you support the law – therefore, you must support North Korea.”

What the hell kind of logic is that? Are you a complete moron? And you accuse me of not making any sense. I never said anything about Korea, at all. You seriously need to lay off the crack. The number one ill in this world are those who feel they are somehow moraly superior to those around them, that would be you. Self ritious and arrogant and frankly no longer worth even conversing with. You’d be quite funny if you were not so pathetic.
http://www.10ch.org www.10ch.org

@26
Speak for yourself. You are the one who is on crack.

“Are you a complete moron?”
You, uksucks, are indeed a complete moron.

“The number one ill in this world are those who feel they are somehow moraly superior to those around them, that would be you.”
Yeah, like you are any less self-righteous, saying how “file-sharers are guilty and and just want innocent people as their scapegoat.” Talk about hypocrite. You feel morally superior to file-sharers and fan-artists and fan-editors. You are quite pathetic. Why don’t you get your head checked, as I have last said?

Roze
Poze

Amongst Roze’s usual irrational ramblings and calling people to protest and organise and drop copied DVD’s in the street (despite showing no evidence that he is organising jackshit or wasting his own money by wasting DVDs) was this little gem:

“Well, I am more sensible than you are”

That shows how far Roze’s head is up his ass better than most things.
TorrentHub

It might be worth adding the information that the radio5 link starts discussing the filesharing litigation situation at 0:51:40. A lot of other news, weather etc first

My 2c – http://www.torrenthub.org
http://www.10ch.org www.10ch.org

@28 Poze
“That shows how far Roze?s head is up his ass better than most things.”
Actually, it is more likely that your head is up your own ass.
http://www.10ch.org www.10ch.org

@28 Poze
“That shows how far Roze?s head is up his ass better than most things.”
Even if my head is up my ass (whatever that means), doesn’t mean that I am not right.

Roze
Daniel

That is such a huge grey area over who is responsible for downloading the porn in the first place.

Every idiot under the sun uses WiFi for their broadband connections and they inevitably immediately choose WEP to secure their connection as its the easiest to setup.

However WEP is not a secure protocol.

They may have the IP address of the person they believe to be responsible but what is to stop any hacker worth their salt from cracking their WEP key then using their IP address to upload or download porn over the poor unsuspecting victims IP address?

I hope they get counter sued for wrongful prosecution.
Daniel

BT Home and BT Buisness both advocate the use of WEP to its customers. They come around your house and even set it up for you. The password to the router box which they say is written on the back of the WiFi Box on a sticker and its nothing more than the mac address of the router. If an attacker has sniffed your connection he already knows the password to the router, it would have been displayed for him whilst he was gathering interesting packets to break your encryption.

WiFi networks are flawed by design, the only secure protocol is WPA2 with the advanced encryption algorithm and even then you would probably want to use certificates.

There are many `undocumented` -1 exploits in the world, I say -1 exploits as there not even underground public. ARP has many weaknesses by design (reading RFCs will show the cracks).

Bottom line there are many tricks that whilst hinted and bubbeling arn;t actualy out in the clicky clicky form, hence its good to actualy understand how things work fully first, then and only then can you see how broken it all is.

Also peer networks are kinda a client and AP in one – they peer so one client on one AP is a AP with the other showing as its client, SO if you inject into the peer level (IE your a muppet and didn’t pick a client but actually a peer’d paired AP, then nuff said).
Daniel

Want to have some fun? Next time a police officer walks down your street scan for a WiFi signal, it’s shows up as Patrol and guess what? It’s WEP!!!
Daniel

http://uk.youtube.com/watch?v=oHq-cKoYcr8
Pingback: 20 Hacking Computers on LAN Videos | Code/Realm
jj

will i get a letter because im downloading, or is it if your just uploading illegal files to bit torrent websites?
meh

So where is it against the DPA?

“UK ISPs were ordered … by the High Court”
“Personal data are exempt from the non-disclosure provisions where the disclosure is required by … order of a court.”

Unless the high court stopped being classed as a court, that falls squarely within the exemptions.

The stuff about the EU is just waffle. Member states are “not obliged” to hand over details in copyright cases, but that is nothing like saying that member states must not hand over the data.

The rest of the text about the EU is non-binding decisions, opinions and “ought to’s”. Hardly enough to make the ICO tell the high court where to stick it.
penumbra

@37
Meh, your “…”s are hiding a wealth of legalese information very pertinent to the argument. And you’re wrong on the waffle front.

The UK are interpreting their “…”s far more broadly than the 2002 E privacy directive allows. Note that a directive *requires* member states to achieve a particular result, just without dictating the means of achieving that result. The E Privacy directive *requires* governments to legislate proportionately. The UK is not.

Italy, Germany and Spain are interpreting it correctly, as backed up by the EJC. This needs to be fixed in the UK.

Of course, writing to government never works – there is no true democracy, yaddah yaddah yaddah. We may as well just sit at home and not bother and have all our personal details sold to the highest bidder and not make a squeak about it.

Or not.
Pingback: Accused of Illegal File-Sharing? Complain to the Government | CyberLaw Blog
me

Davenport lyons now have the attention of bbc watchdog

http://www.bbc.co.uk/blogs/watchdog/2008/12/davenport_lyons_threatening_le.html
Anonymous

PLS Click: http://www.iHateCandy.de.gp/
Pingback: Protestas de los internautas británicos poniendo el caso español Promusicae vs. Telefónica como ejemplo
Davenport Lyons

We do it for the money and frankly speaking it’s easy and does not involved any hard work.
Davenport Lyons.
30 Old Burlington Street
London W1S 3NL
Tel: (+44) 020 7468 2600
Fax: (+44) 020 7437 8216
nocomments

the davenport lyons your IP:217.29.195.33 was involved in illegal fileshring activities.
nocomments
Pingback: Užrašai iš skaitmeninio fronto #10 : nežinau.lt
Nemo

The High Court Order under which IPs released names and addresses can be found at:
http://www.digiprotect.org/html/hc_london_300608.html
The judge who made the order Chief Master Winegarten is highly respected but clearly not IT literate in that he approved an order which states:
AND UPON reading the documents marked in the Court file as having been read and it appearing that there is a prima facie case that each of the subscribers associated with the IP addresses listed in Schedule 1 to this Order have copied the Applicant’s work(s) on to his or her personal or office Computer (the “Work(s)”) without the Applicant’s permission for the purpose of making it available via file sharing Websites for third parties to download, which may give rise to a claim for Copyright infringement;
The order is such utter codswallop that any lawyer could have had it overturned in ten minutes; British IPs did not have it overturned because they are happy to go along with anything that discourages people from using the service that they have paid for.
In the UK IPs are allowed to advertise UNLIMITED downloads, but then put so called fair usage clauses in the small print.

TorrentFreak

The place where breaking news, BitTorrent and copyright collide

Accused of Illegal File-Sharing? Complain to the Government

Related Posts

Previous Post | Next Post

NewsBits

Pirate Bay Founder Gottfrid Svartholm on Freedom of Speech

Blu-ray Anti-Piracy Tech Stops Discs and Promotes Purchases

Foxtel Breeds Pirates by Locking Up Game of Thrones

UK Student Admits Breaching Sony Copyrights With Leak of PS3 SDK

Pirates Can Be Identified Despite Sharing IP Addresses, ISP Claims

MostDiscussed

Pirate Bay Takes Over Distribution of Censored 3D Printable Gun

McAfee Patents Technology to Detect and Block Pirated Content

Pirate Bay Finds Safe Haven in Iceland, Switches to .IS Domain

Copyright Trolls Threaten to Call Neighbors of Accused Porn Pirates

Game Pirates Whine About Piracy in Game Dev Simulator

CopyQuote

PopularArticles

VPN Services That Take Your Anonymity Seriously, 2013 Edition

Top 10 Most Popular Torrent Sites of 2013

Which VPN Service Providers Really Take Anonymity Seriously?

What’s The Best VPN / Proxy for BitTorrent?

BTGuard Review: How Does it Work?

Optimize Your BitTorrent Download Speed