There is, however, something else that is very graphically demonstrated by the whole saga - how many different ways your personal data can be at risk. This small story alone demonstrates at least five different ways that personal data can be vulnerable:
- To monitoring and tracking - the initial data about the supposed copyright infringers was obtained by monitoring traffic on the internet.
- To 'legal' attack - ACS initially got a court order to demand that the ISPs involved (we know about BT, Sky and PlusNet in this case) disclose the personal details of the account holders suspected of copyright infringement, based upon this monitoring.
- To human error - BT have admitted that they sent this personal data on an unencrypted Excel file attached to an ordinary email, in breach of their official policies and practices.
- To hacking - at least this is part of what ACS have claimed - that their systems were hacked into in order for the data to be obtained in order to be leaked.
- To deliberate leaking - precisely who did the leaking is far from clear, and who wished for the data to be leaked, but there is certainly a possibility that someone wanted the names to be out in the public domain.
Of course the data itself is far from reliable. It is just the details of the account holders that are suspected of being used to share illegal content, without there being any direct evidence that the people themselves did the sharing - which brings even more dimensions of vulnerability into play: confusion, mistaken identity, even things like defamation by implication could come into play. If your name is on the list, you're not only being labelled a lawbreaker but a consumer of porn - and it might very easily not have been you doing it at all. Other people might be using your account, perhaps without your knowledge, perhaps without your permission, perhaps without your understanding.
Simon Davies, of Privacy International, quoted in the BBC, said that 'You rarely find an aspect where almost every aspect of the Data Protection Act (DPA) has been breached, but this is one of them'. It's also true that almost every aspect of data vulnerability has been demonstrated in one fell swoop.
Perhaps an even more important point, however, is the way that personal data - and individuals' privacy - is viewed almost as 'collateral damage' in the ongoing battle between the entertainment industry (and their hired guns like ACS:Law) and the 'pirates'. From the outside it looks as though as far as the 4chan hackers and ACS:Law are concerned, it's that battle that matters. ACS:Law wants to 'get' the pirates, while the 4chan hackers want to 'get' ACS:Law and to 'win' the war with the entertainment industry for the 'cause' of free and unfettered file-sharing. The fact that some 13,000 individuals have had their personal data released into the public domain and face all kinds of possible consequences from embarrassment (or humiliation) to legal action onwards seems somehow less important. Sadly it often seems to be that way. Privacy is squeezed by politics, law, business and a whole lot more. Every which way, privacy loses.
Perhaps an even more important point, however, is the way that personal data - and individuals' privacy - is viewed almost as 'collateral damage' in the ongoing battle between the entertainment industry (and their hired guns like ACS:Law) and the 'pirates'. From the outside it looks as though as far as the 4chan hackers and ACS:Law are concerned, it's that battle that matters. ACS:Law wants to 'get' the pirates, while the 4chan hackers want to 'get' ACS:Law and to 'win' the war with the entertainment industry for the 'cause' of free and unfettered file-sharing. The fact that some 13,000 individuals have had their personal data released into the public domain and face all kinds of possible consequences from embarrassment (or humiliation) to legal action onwards seems somehow less important. Sadly it often seems to be that way. Privacy is squeezed by politics, law, business and a whole lot more. Every which way, privacy loses.