The 4chan porn leak: First of many?
Copyright watchdogs are collecting info on suspected file sharers. But in the wake of major data breach, there are questions about how these firms protect data.
The Web probably looks a lot less anonymous and private to the thousands of people whose identities were posted to the Internet this weekend alongside the names of the pornographic films they are accused of downloading.
ACS: Law, a law firm based in Great Britain that tracks down alleged illegal file sharers for the porn industry, saw its database compromised over the weekend caused by members of the Internet forum 4chan. In addition to private e-mails and financial data belonging to the law firm, the names of people whom ACS: Law has accused of downloading unauthorized copies of porn movies were also revealed.
The blog Torrentfreak reported that among the information posted to the Web were e-mails from people pleading for mercy and "married men who have been confronted with allegations of sharing gay porn."
The exact number of people named is unclear, but estimates in the media range from 4,000 to 8,000. Officials from Britain's Information Commissioner's Office (ICO), which oversees data protection in that country, said it will investigate the leak. One of the questions that the law firm is sure to be asked is why was such sensitive information not encrypted? Attempts by CNET to reach ACS: Law were unsuccessful.
For Americans, in turn, the question is: could this happen in the United States? The answer is a definitive "yes." The same kind of information that the British law firm stored is being collected by some antipiracy groups here. The leak at ACS: Law, according to Justin Brookman, a senior fellow from the Center for Democracy and Technology, has revealed a privacy time bomb.
"There's no doubt about it," Brookman said. "These companies...can track your information and create detailed records about you...once they get it there are very few protections in place. The information isn't even guaranteed to be accurate."
Adult Copyright Company
The strategy of suing individual file sharers is apparently catching on in the adult film industry. Last week Larry Flynt Publications sued 635 BitTorrent users in Texas, and Pink Visual, a separate porn studio, is trying to persuade other porn studios to also file copyright complaints, according to the blog, DSLreports.com.
On Friday, a law firm operating under the name Adult Copyright Company (ACC), operating at the Web site XXXcopyright.com, filed at least seven copyright complaints against more than 5,400 individuals on behalf of four film companies. They allege that the accused violated their copyrights by downloading without permission such titles as "Pornstar Superheroes," and "Tokyo Teens."
Kenneth J. Ford, a West Virginia-based attorney, appears to be operating ACC. According to court records reviewed by CNET, he is listed as the lawyer representing the plaintiffs. Ford's fax number and the one listed for ACC are the same. Ford did not respond to multiple interview requests.
It should be noted that ACC doesn't appear to have obtained any identifying information yet. The defendants in each of the seven lawsuits filed Friday name "John Does" as defendants, in lieu of actually identifying someone. Typically, copyright owners must first obtain Internet Protocol addresses belonging to the accused file sharers and later obtain their names and home addresses from the person's Internet service provider.
To acquire personally identifying information, antipiracy companies need a judge to issue a subpoena that compels the ISP to hand over the info. ACC is likely too early in the legal process to have obtained the names of the people accused in the suits filed Friday.
Chasing down and filing lawsuits against individuals for illegal file sharing has received a lot of attention this year. The Washington D.C., law firm of Dunlap, Grubb & Weaver in January began filing copyright suits on behalf of independent film studios. Dunlap, which has worked the copyright cases under the name U.S. Copyright Group, has more than a dozen clients and has indicated it will file lawsuits against as many as 50,000 people. But none of Dunlap's clients are from the porn sector and the firm goes to great lengths to protect data, according to Thomas Dunlap, one of the company's founders.
"We don't monitor any films that are not [our] client's films," Dunlap told CNET today. "Our firm does not represent any clients who make pornography. This is not a policy statement. We simply don't have those clients. The IT company [which the law firm uses to track file sharers] does not do anything for ACS: Law."
It was reported this week that ACS: Law is linked to Dunlap, Grubb & Weaver. Dunlap said executives from the two firms met in Cannes, France, and discussed working on something together. But Dunlap, Grubb & Weaver decided there was little the two companies could accomplish and decided against pursing a relationship with the British firm.
Protection from copyright protectors
In Britain, ACS: Law could face stiff penalties from the ICO, which has the power to fine companies up to 500,000 British pounds or about $800,000 if it is determined the company did too little to protect data. What would happen to a company in the United States should it suffer a similar leak?
Brookman said the U.S. has poor privacy laws but applauded recent efforts by the Federal Trade Commission to require companies to build Web-security safeguards. "U.S. companies are required by law to have in place reasonable security measures to protect from accidental disclosures," Brookman said.
Penalizing companies found to be too lax with customer's private data is probably little consolation to the person revealed to have purchased the film "Tokyo Teenagers" or similar content. In addition, the threat of another 4chan attack appears to hang over companies like ACC.
The 4chan group has declared war recently against pro-copyright groups. Last weekend, 4chan launched a denial-of-service attack against Web sites operated by trade groups representing the largest film studios and music labels and there's no indication that 4chan has any intention of calling off the digital assault.
Of course, the best way to avoid a potentially embarrassing disclosure of your porn tastes is to avoid downloading pirated porn in the first place. But for those people who already have, there appears to be little in the way of guaranteeing that they won't end up like the thousands of people whose porn-viewing habits were exposed in Great Britain.
"For them," said Brookman "this has to be terrifying."