penwing's DD208 blog
ACS:Law and Data leaks

ACS:Law is a law firm which has been playing a major part in the fight against filesharers. Their tactic in brief is to get IP addresses (where stuff on the internet finds you) of filesharers, request subscriber information based on the IP address from the Internet Service Provider and then threaten the subscriber to try and get some money out of them. There are many many problems with this approach (for example, a subscriber is not the same as the actual user - see Open Rights Group for more reasons why this and the Digital Economy Act are the wrong way to deal with this problem) and one of them really came home to roost this week.

Anon (a group of individuals who organise through the web) launched an attack against ACS:Law and as a result all of ACS:Law’s data became available to the world. This included details of who is supposedly filesharing what. One of ACS:Law’s big clients in this matter is a group of porn studios so for some people their porn habits are now exposed to the world. 

In Chapter 1 of DVD1 Kirstie Ball from the OU and Peter Banford from the ICO talk about the importance of how surveillance data is used, stored and joined together. In this case, ACS:Law have taken data from two different sources, linked them together to create very personal and private data and then through lax security policies on that data have allowed it into the wild. This is an example of surveillance being used for one purpose having unintended consequences.