UK service provider British Telecom and anti-piracy law firm ACS:Law may find themselves in some serious trouble. The BBC reports that BT and the law firm may have breached the Data Protection Act. The law requires that data holders keep personal user information secure at "all times."
Un-encrypted Excel documents were sent in August by BT lawyer Prakash Mistry to Andrew Crossley of ACS:Law. The document was sent in compliance with a court order to turn over names of suspected file-sharers. While BT requested that the personal information be kept securely by ACS:Law, the company sent two un-encrypted documents via email. One document contained information on 413 users suspected of sharing the song "Evacuate the Dance Floor" and the other document contained 130 users who were suspected of sharing pornography - obviously of a commercial nature.
All of this was unearthed when 4 chan attacked the web site of ACS: Law and found a security flaw in its email server. Now sensitive files, including those two Excel documents, are being shared by file-sharers all over the Internet. Other documents are sure to turn up as the group sifts through ACS:Law's data.
The blowback for both BT and ACS: Law could be considered bad: both may face a half-million dollar fine for violating the Data Protection Act. BT and ACS:Law may face additional trouble from the court oder that required the exchange of user names as well. According to Simon Davies of watchdog group Privacy International, BT may have breached the Data Protection Act, and violated the high court order. The High Court order was issued July 7 by Chief Master Winegarten. The wording of the order required BT and other ISPs to provide the data in an "electronic text format by way of Microsoft Excel file saved in an encrypted form to a compact disk, or any other digital media."
Davies told the BBC that he plans to write to both the High Court and the Attorney General to press for action against BT.
According to the BBC, ACS Law is also currently being investigated by the Solicitors Regulation Authority for sending threatening letters to people allegedly engaged in piracy. Many say that these letters are tantamount to blackmail, with the law firm demanding a settlement payment from targets. Those that do not comply are threatened with expensive legal action.