ACS Lulz

by scotslawstudent

ACS Law is one of the controversial law firms which mass mails file sharing cease, desist and pay letters to tens of thousands of people at a time. They often do it with seriously limited information and end up getting a lot, a lot, of false positives. One of the senior employees for the firm put out a tender looking for a program to be written which could sit on bit torrent swarms and record the IP (Internet Protocol) addresses of the people involved – he’s thought to have only paid about £250-£750 for it. They may use that software (they did pay good money for it after all) or they may use different software, no one actually knows how they do it, but they end up with a long list of IP addresses. They then send the screeds of IPs to ISPs (Internet Service Provider) and ask for real world identities of the computers identified in the swarm. They send out letters to the people the ISP identifies asking for money – they average about £900 a letter.

Shockingly, the ISPs generally comply with this. Only two British ISPs – Virgin and TalkTalk – actually insist on you having a court order before they give out personal information. That sounds like a data loss incident in the making.

The IP tracing method is unable to identify a particular computer or particular person. It’s even iffy about how well it can assess the particular time it took place. It certainly cannot tell if you have the file at present. The most common example of why you might be falsely accused is simply because your ISP gave away your IP address to someone else. It’s not your address to keep (unless you make a specific arrangement to keep it) and if you’re not using it someone else could. There are stories of university printers in the US (the little grey box that paper with words on comes out of kind of printer) being served with IP (Intellectual Property this time) infringement litigation because an IP address was identified as being involved with file sharing but now that IP address has been given to a printer.

The long and the short of it is the printer didn’t do it.

The other common way that the IP method fails miserably is if someone is using your wireless connection. In this case it is your IP from your ISP that is downloading the file but you have absolutely nothing to do with it. The problem of proving (even just to the balance of probabilities) that someone you don’t know exists is using your wifi without your knowledge to download files without your permission is a pretty big ask, especially when the cost of defending a copyright infringement action is around £10,000. “A big boy did it and ran away” didn’t work in school and you certainly wouldn’t bet ten grand on it.

Despite the methodical flaws in the system the firm continues sending letters out regardless (is this a case of happily promoting bogus methods a la Singh?). Some of the examples of false positives are both horrifying and darkly funny – the elderly, computerless couple accused of downloading a gay porn movie called “Army Fucking”, for example.

So, they’re a dodgy, greedy company and they have been for ages. Why am I writing about them today?

Well, they’ve been Anon’d. Hard.

Anonymous (big A) is an anonymous (small a) group of internet users who basically troll – that is, annoy – certain people who either deserve it or are funny in some way. They have some horrible moments (there was the time that they decided that a teenager had committed suicide because he had lost his iPod and decided to prank call his grieving parents to tell them so) and some quite impressive moments – Scientology, which for the purposes of French law and South Park is a fairly dangerous way of getting money out of people on the basis of religion, no longer has any web presence worth the name because Anonymous systematically destroyed it.

They have pursued a strategy of distributed denial of service (DDoS) attacks on the websites of groups that fit the deserve it or funny in some way criterion and their current target is Feel free to click that link, if you’re reading this anytime close to when I wrote this it’s not going to work.

A denial of service (DoS) attack simply bombards an internet service with so many requests that it stops working. Sending a fax machine hundreds of 100% black pages until it runs out of paper and toner is a denial of service attack. A distributed denial of service attack is simply getting lots of people to do it so that it is more practicable to do – so rather than you sending the fax machine hundreds of black pages at your expense you get hundreds of people to send one black page each to the machine, splitting the effort but achieving the same result.

That means that the site was taken offline, to protect other people who have sites on the same server, and it then became a rush for ACS Law to get the site back up in a form that let them do business (they are a predominately mail and internet based firm at this point – they’re yet to go to court over one of these file sharing allegations) but in a way that doesn’t get immediately taken back down again.

They did it horribly wrong.

They somehow managed to post up, instead of their company website, a back up of their entire corporate network. Including, notably, their email database. This was rapidly downloaded and is now on bit torrent, just for some extra irony on top. I’m not sure about the specific legality of the files – I suspect that posting your email on the home page of your website means that you’ve effectively waived confidentiality and privilege in terms of the information contained in them but you would need a judge to say for sure.

I suppose they do still own the copyright in them though.

The emails are pretty damaging stuff. They basically show the inner lives of people who basically seem to run their whole lives from their company email (he has fights with his ex-wife in some of the messages). They show that companies that ACS actually works for are uneasy about the sort of coverage the firm is getting. They show that ACS law made warnings towards suing Which? for libel over their coverage of old grannies being sent impossible file sharing letters.

The torrent is about 400MB and has to be one of the top results if you search for ACS law at this point. I’m not really going to read through it all but the extracts are pretty gripping stuff. Torrentfreak is going crazy over it.