ACS:Law: This is what regulatory failure looks like

So, the ACS:Law email leak is the gift that keeps on giving as reports have come out of more unsecured sensible data included in Andrew Crossley’s emails. While I have expressed that I generally disagree with vigilante justice, for some reason the words chickens, home, and roost keep coming up in my mind. I am both excited and horrified by the amount of information that is now available to the public as a result of ACS:Law’s mind-blowing negligence and incompetence. Obviously I am horrified because thousands of people are having their financial and personal details compromised, particularly by tying their names to porn films and other objectionable content and practices. But at the same time I am quite simply giggling with delight at the irony of it all.

I cannot help but feel sorry for the victims. Besides having drawn the short straw of being targeted by ACS:Law extortion racket, and some of them having paid settlement fees out of fear and/or guilt, they now have their financial details available for everyone to download, and not only that, they also have their names tainted in this manner. However, I am also angry. Yes, dear readers, I do have the capacity for anger from time to time, and this case has put me in a state of righteous regulatory rage. You see, this was not supposed to happen, we have legislation that deals specifically with the type of sensitive data held by the Internet service providers, data that they willingly provided to ACS:Law in an unsecured manner. Let us simply go back to the good old Data Protection Act, which states in Principle 7:

“Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.”

Further that, the Act specifies that the level of security must be proportional to the potential damage if the data is lost. The DPA states:

“Having regard to the state of technological development and the cost of implementing any measures, the measures must ensure a level of security appropriate to—
(a)the harm that might result from such unauthorised or unlawful processing or accidental loss, destruction or damage as are mentioned in the seventh principle, and
(b)the nature of the data to be protected.”

So, the more harm would come from the unlawful processing, the more security there should be. ACS:Law and the ISPs are therefore in blatant breach of the Seventh Principle. This is unforgivable, and the Information Commissioner should make a stand and send a clear message to other data processors. Otherwise the DPA is just reduced to a bunch of fancy words on paper.

Perhaps this might be something positive to come out from the whole fiasco, maybe Data Protection law will finally be taken seriously. Furthermore, there is another potential silver lining in this very dark cloud, an this is that hopefully the bad publicity that ACS:Law is getting will help to reinforce just how unreliable IP address evidence can be. While the operational details of the Digital Economy Act are still under consideration by OFCOM, this would be a perfect time to continue to stress the point that all forms of digital evidence about infringement should meet the highest standards of security and reliability.

Imagine how ironic it would be if in the future we had to thank ACS:Law for better Internet regulation.

8 comments to ACS:Law: This is what regulatory failure looks like

  • [...] express his anger : ‘ACS:Law: This is what regulatory failure looks like’ Yes, we needed ACS:Law’s innocent victims to ‘reinforce just how unreliable IP address [...]

  • It's a nice idea, but the UK ICO has been totally supine in dealing with this whole matter – and other similar ones (http://www.theregister.co.uk/2008/03/17/bt_phorm_lies/). ICO is not going to argue with content providers. This is the UK – if you can make easy money, great.

  • [...] ACS:Law: This is what regulatory failure looks like >> TechnoLlama“..the more harm would come from the unlawful processing, the more security there should be. ACS:Law and the ISPs are therefore in blatant breach of the Seventh Principle [of the Data Protection Act]. This is unforgivable, and the Information Commissioner should make a stand and send a clear message to other data processors. Otherwise the DPA is just reduced to a bunch of fancy words on paper.” [...]

  • [...] I went to hear more about faster and better communications at the Everything Everywhere fringe event at the upbeat and optimistic #Lab10 conference. Ex shadow cabinet minister for digital stuff Stephen Timms MP kicked things off by talking about differences between conservative and Labour policies.  His optimism was described in social terms: universal access and digital inclusion or the real value of superfast broadband. Richard Rumblelow  from Everything Everywhere described the Orange and T-mobile vision: they had teamed up to pay for the big infrastructure that was essential for superfast broadband. However, I wanted to know if there were some dark clouds appearing for the big four providers Virgin, Everthything Everywhere, Talk Talk and BT by way of the De Act, Ofcom and BIS? Talk Talk and BT have a Judicial Review of the DE Act underway and Talk Talk’s Andrew Heaney has made it clear that he thinks the ISPs should not be forced to share the cost of policing the internet and sharing the cost of Copyright Inspection Reports (CIRs) with rights holders, creative industries or BPI… etc.   Mobile service providers and ISPs are becoming more concerned about the growing costs of policing the internet when those costs are being passed onto them. One area of cost is is still to be fully examined, it is a big one, the rising cost of maintaining data security. As mobile services are expanded (and as analogue TV broadcast frequencys are refarmed) and as governement places greater demands on ISPs, for better data security (not to mention monitoring and reporting). There may well be some large and not so obvious costs attached to providing the infrastructure and emerging technology we need to bring about universal access. But are they really necessary or at very least do they have to be so big or cumbersome? Last week the big 4 virgin, BT Sky, Everthing Everywhere became more worried about what else they may be asked to do to polish the tarnished digisphere. The recent evidence is that they should worry as we can see from the mess that is the ACS Law revelations.  Journalists are rapidly picking up on what are a range of social, technical and legal time bombs which the DE Act and Ofcom has yet to start dealing with. It is obvious that the Data Protection Act and Digital Economy Act are poor bed fellows throw in the human Rights Act and you have a very awkward threesome. Technollama describes the problem. [...]

  • Rajan Patel

    This is not the only dishonest achievement of late from ACS law, check out this link for more information…

    http://www.ultimatefinanceplc.blogspot.com/

  • [...] ACS:Law: This is what regulatory failure looks like >> TechnoLlama“..the more harm would come from the unlawful processing, the more security there should be. ACS:Law and the ISPs are therefore in blatant breach of the Seventh Principle [of the Data Protection Act]. This is unforgivable, and the Information Commissioner should make a stand and send a clear message to other data processors. Otherwise the DPA is just reduced to a bunch of fancy words on paper.” [...]

  • [...] ACS:Law: This is what regulatory failure looks like >> TechnoLlama “..the more harm would come from the unlawful processing, the more security there should be. ACS:Law and the ISPs are therefore in blatant breach of the Seventh Principle [of the Data Protection Act]. This is unforgivable, and the Information Commissioner should make a stand and send a clear message to other data processors. Otherwise the DPA is just reduced to a bunch of fancy words on paper.” [...]

  • [...] >> Symantec ConnectIn-depth post from July analysing this intriguing piece of malware.ACS:Law: This is what regulatory failure looks like >> TechnoLlama"..the more harm would come from the unlawful processing, the more security there should be. ACS:Law [...]

Leave a Reply