Rights-holder tactics bending the legal position have been exposed following a major data breach involving thousands of emails on the website of UK law firm ACS law. The large ISPs in the UK are withdrawing "co-operation" following the breach, which has revealed false allegations and a pure profit motive for 'scaring' alleged infringing file-sharers.

It is reported that the ACS Law website was the subject of a denial of service attack last weekend, and as a result of this attack, when the website went back online, an error in the technical set up caused thousands of emails to be made visible online. According to a news agency report from AFP, the breach is understood to include a database of more than 5000 users of Sky's broadband services who were alleged to have downloaded pornographic material, as well as a further 8000 Sky users and 400 PlusNet users alleged to have downloaded music or film.

What is interessting is to see how the rights-holders tactics have

been exposed. As reported in ISP Review, the emails reveal how ACS Law uses language which accuses users of mis-using their Internet connection to download copyright-infringing works (ISP Review). This in itself is revealing. It is correct - as pointed out by the Open Rights Group - that this is the language of the Digital Economy Act.

However, the notion of "mis-using their Internet connection to download copyright-infringing works" surely only applies to the ISP contract? It is a legal notion devised so that the ISP can be made liable for copyright infringement. Surely, it has no legal force when coming from a rights-holder representative?

Such a view in consistent with the UK' Solicitor's Regulatory Agency (is this what was formerly known as the Office of Supervision of Solicitors?) which has said that this is a 'bullying' tactic and referred ACS Law to a Disciplinary Tribunal in August.

Further, data sheets exposed by TorrentFreak reveal that ACS Law proceeds to communicate with users on the basis of a direct allegation of copyright infringement, and they are demanding payment on the basis of an 'admission' of 'infringement'.

Torrent Freak further reveals that ACS Law paid P2P surveillance companies on the basis of the number of letters which successfully resulted in revenue collection, and marketed its services using questionable legal precedents. And TorrentFreak has uncovered evidence that ACS Law had to withdraw its allegations in some instances, for example, where the 'infringers' were pensioners who rarely used the Internet.

As a result of the data breach, the Information Commissioner has announced that he will be investigating the incident .

It would be interesting to know his opinion as to whether ACS law are bound by the e-Privacy directive data breach rules, which were touted as a major part of the review in 2009.

Sky has been at pains to say that no credit card information would have been passed to ACS Law (AFP).

The main message of this incident is that the evidence of copyright infringement gathered by online surveillance of P2P usersis unreliable and problematic. Policy-makers should take heed of this lesson and review their backing for rights-holder proposals such as graduated response/3-strikes - and in the UK a serious review of the viability of the DE Act is called for.

This article is licensed under a Creative Commons Attribution Non-commercial-Share Alike 2.5 UK:England and Wales License. http://creativecommons.org/licenses/by-nc-sa/2.0/uk/ It may be used for non-commercial purposes only, and the author's name should be attributed. The correct attribution for this article is: Monica Horten (2009) Rights-holder tactics exposed in ACS law leak , http://www.iptegrity.com 28 September 2010.