Extremly interesting article about how ACS:Law make their money.
http://arstechnica.com/tech-policy/news/2010/09/p2p-settlement-factory-expects-10-million-from-maili...

I think the big thing which people are overlooking here is how these civil cases mostly fall foul of the DPA anyway...
As a data subject, I am able to request at any time what information a company is holding on me... All very simple.
However, when ISP's give details out to a 3rd party - whoever it is - and then that 3rd party (for whatever reason) does not get in touch with an end user - but subsequently mishandles your data or holds incorrect data - how is the data subject supposed to know who holds what data and where it's being shared if they don't even know that their data has been passed to 3rd parties because the ISP won't tell them?!?
AFAIK - in Criminal cases there is, of course, a no tipping off rule but in a civil case there is no such restriction unless a court rules that evidence may be destroyed... In which case (AFAIK) that is specified on the court order itself.
As for BT and Plusnet - I think this whole situation has been very badly handled - and I blame BT rather than Plusnet for that (and as an ex BT Ignite employee who left during the AOL v BT Wholesale lawsuits - I've seen it all before and know how the company ties itself in knots and goes into "lockdown"). I am however still sticking with Plusnet (and have since 2002) providing that they are open about improvements to processes and procedures and avoid this type of situation again. Up to this incident they have been one of the most open ISP's I've ever encountered - and that's why I've stuck with them.
What's happened has happened - but what is important is that Plusnet does what It can now to fix procedures on their end (maybe challenge your parent company if necessary) and that everyone learns something from the mess that's happened to prevent this sort of mess happening again - and hopefully forcing legislation to find a better way of working to reduce piracy.
It shouldn't have happened, it did - and maybe it's the wake up call that *everyone* (users, ISP's and government) needs about using RADIUS records in civil cases to "catch" copyright infringers - and why the current methods are flawed, dangerous and effectively become a way to legally embarrass, blackmail and harass somebody - guilty or not.

Quote from: okrzynska

<snip> but these days your innocent until proven guilty especially where blood sucking lawyers and solicitors are concerned.

I think you meant to say 'guilty until proven innocent'

On the Sky subscriber lists that were released, very slightly less than 25% of all the IP requests resulted in "Unknown".  Just digest that for a moment, let it sink in.
So one in four of the IP's requested by ACS:Law the ISP in effect replied "No idea."
So lets assume everybody from the data collector through the RADIUS server to the staff member who processed the logs and the spreadsheet got everything 100% correct, just suppose.  That would mean that at least 25% of all IP's in the trackers are spoofed, and I'm not stats person, but actually it means (I think) that 25% of whats left and apparently identified would also be spoofed, so that means those sent a letter 1 in 3 are not only innocent, no one using their internet connection was guilty either.
Infact (and I am not a stats person and could have got my numbers wrong) I think with a 25% "Unknown" rate to IP requests, means that statistically your the chances of your IP being miss identified as being used is 1 in 3, when you add in that all wireless is insecure, and the deliberately open wireless's and those running TOR, and those whose computers have been compromised by a virus and could be doing god knows what, and those that have other people living in their homes.  I'm guesstimating that the chances of the letter being sent to the person who actually committed the crime has got to be no more than 1 in 5.
I need a speechless smiley and their aint one.

There was at least one well documented case (although I can't find the link I thought I had) of a person wrongly accused due to poor work on the logs, although I think it was in the days of dialup rather than DSL. Essentially they had a dynamically assigned IP and the ISP wrongly checked who was assigned the IP at the time in question in GMT rather BST, making it an hour out, by which time the IP had been reassigned, and it was the person who received the IP later on who was pursued. While it's less likely to happen with broadband and the longer retention of an IP, its not impossible. Plus net used to have a real problem with BST/GMT, at least in terms of webspace server logs (and I think with email at one time), so they might well be a candidate for an error like this.
Point is, there are about a billion ways an IP might be a bad way to ID someone, but unlike the law in the physical world, anything computer related seems to be treated as voodoo in legal terms, and about as well understood by courts as witches were a couple of centuries ago. The difference is, there is no good excuse for the ignorance now.

What standard of proof does a court require to grant an NPO?  What is to stop me rolling up with a random list of IP addresses on a fishing expedition, claiming I have all manner of evidence just waiting to be presented to a court proving that these are implicated in illegal file sharing?  Assuming the ISP doesn't resist they presumably turn my list of numbers into a mailing list I can use to demand money from people, safe in the knowledge that a certain number will be frightened into paying up, guilty or not.
I may be looking at a change of career.

Look at one of previous my replies for the standard required http://community.plus.net/forum/index.php/topic,85908.msg744621.html#msg744621
Of course, it needs someone to contest the order before the judge really has any opportunity to look into the standard of proof.

Quote from: okrzynska

Just found this thread... We've not done any file sharing (gave up on that years ago after joining PN and finding the throttles in place) but I've been reading that a lot of people have had threats from ACS even though they've done nothing wrong (supposedly). I've not shared a file for years (so in some ways PN saved me from myself) but these days your innocent until proven guilty especially where blood sucking lawyers and solicitors are concerned. I'm obviously concerned about this as I certainly don't want threats for doing nothing wrong. How do we find out if our details were supplied? - This topic is now 80-something pages long so I'm not going to spend all night trawling through it. I was shocked when I saw plusnets logo on the bbc news website where they clearly state PN are heavily involved in this scandal. We shall now be seriously considering leaving this ISP. If its not technical glitches, long CS call queues, mail box errors etc then you just allow confidential information to be leaked all over the place. Sorry guys but in these times of ID fraud thats not impressive.

If you were affected you'll have received an email from us over the last few days.
We don't allow confidential information to be leaked all over the place. The circumstances of this issue have been debated almost endlessly in this thread already, so I'll leave that there.

Quote from: Mand

Quote from: okrzynska How do we find out if our details were supplied? If you were affected you'll have received an email from us over the last few days.

I may be wrong but I think he wanted to know how we find out if our details have been supplied at any time to any of these law firms, rather than just whether we are affected by this leak.

If your details have been disclosed in the past (ie prior to the Nov 09 NPO) then you would have received communication from the law firm in question.

Quote from: Mand

If your details have been disclosed in the past (ie prior to the Nov 09 NPO) then you would have received communication from the law firm in question.

Are you sure of that?
I think that is totaly wrong.
Why did Plusnet not get the report we had been requesting?
EDIT:
Maybe you are right prior to Nov 09 what about after that date?

Forgive my ignorance but Is "prior to the Nov 09 NPO" the same as "at any time"?

Can we assume all data sent by Plusnet prior to Nov 09 has been distroyed by all parties?

I suspect that is a bold assumption