The ACS ‘data leak’ story that’s been emerging fairly dramatically over the last couple of days has got pretty much everything you could hope for in this kind of story: a bit of porn, a bit of piracy, some hacking, threats of huge fines, legal action and so on. It’s already been widely reported on – Andrew Murray’s blog on the subject gives an excellent description of what ACS do, and how this whole thing has to a great extent blown up in ACS’s face. As he explains, it’s a prime example of how symbiotic regulation works – and why the law is not the only thing that matters when regulating the internet.
There is, however, something else that is very graphically demonstrated by the whole saga – how many different ways your personal data can be at risk. This small story alone demonstrates at least five different ways that personal data can be vulnerable:
- To monitoring and tracking – the initial data about the supposed copyright infringers was obtained by monitoring traffic on the internet.
- To ‘legal’ attack – ACS initially got a court order to demand that the ISPs involved (we know about BT, Sky and PlusNet in this case) disclose the personal details of the account holders suspected of copyright infringement, based upon this monitoring.
- To human error – BT have admitted that they sent this personal data on an unencrypted Excel file attached to an ordinary email, in breach of their official policies and practices.
- To hacking – at least this is part of what ACS have claimed – that their systems were hacked into in order for the data to be obtained in order to be leaked.
- To deliberate leaking – precisely who did the leaking is far from clear, and who wished for the data to be leaked, but there is certainly a possibility that someone wanted the names to be out in the public domain.
Perhaps an even more important point, however, is the way that personal data – and individuals’ privacy – is viewed almost as ‘collateral damage’ in the ongoing battle between the entertainment industry (and their hired guns like ACS:Law) and the ‘pirates’. From the outside it looks as though as far as the 4chan hackers and ACS:Law are concerned, it’s that battle that matters. ACS:Law wants to ‘get’ the pirates, while the 4chan hackers want to ‘get’ ACS:Law and to ‘win’ the war with the entertainment industry for the ’cause’ of free and unfettered file-sharing. The fact that some 13,000 individuals have had their personal data released into the public domain and face all kinds of possible consequences from embarrassment (or humiliation) to legal action onwards seems somehow less important. Sadly it often seems to be that way. Privacy is squeezed by politics, law, business and a whole lot more. Every which way, privacy loses.