Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

ISP (Eircom) Wrongfully Sent 300 "First Strike" Letters To Innocents subscribers

  • 18-06-2011 1:12pm
    #1
    Registered Users Posts: 238 ✭✭


    From torrentfreak.com

    According to a report which has flown almost completely under the radar, last year an ISP sent out around 300 “first strike” warning letters wrongfully accusing innocent subscribers of Internet piracy. ISP Eircom implemented the scheme in partnership with the recording industry and is now being investigated by the Irish Data Protection Commissioner.

    In February 2009, IRMA – representing EMI, Sony, Universal and Warner – reached an 11th hour out-of-court settlement with Irish ISP Eircom on the issue of illicit file-sharing. The deal would see Eircom introduce a graduated response system for dealing with errant subscribers.

    “Eircom is proceeding with implementation of the protocol which could result in the suspension and ultimately disconnection of broadband service for those customers who deliberately and persistently infringe copyright,” the company said in a December 2010 statement, reiterating their commitment to the scheme.

    But little did we know that the fears of “3 strikes” opponents had already come true.

    From deep inside the “how the hell did the majority of the media miss this department”, it now becomes clear that by October 2010, Eircom had already sent out around 300 warning letters to completely innocent subscribers.

    The company seems to have tried to play down the error saying that computer clocks were incorrectly adjusted to compensate for daylight saving time, some comfort to the unlucky letter recipients.

    According to TJ McIntyre at digital rights site EDRI.org, as a result of this failure the Irish Data Protection Commissioner is now investigating the entire Eircom scheme.

    “The significance of this case goes well beyond simple technical failings however, as the complaint to the Data Protection Commissioner (DPC) has triggered a wider investigation of the legality of the entire three strikes system,” he writes.

    The DPC is said to be not only investigating the complaint but also “whether the subject matter gives rise to any questions as to the proportionality of the graduated response system operated by Eircom and the music industry.”

    McIntyre says that when the Eircom/IRMA deal was being agreed, the DPC expressed concerns with it, not least over the question of whether or not IP addresses are personal data. However, until someone raised a complaint, that issue was put on the back burner. The delivery of 300 false “first strike” warning letters appears to have met that criteria.

    “The complaint in this case has now triggered that action, and it seems likely that the Commissioner will reach a decision reflecting his previous views that using IP addresses to cut off customers’ internet connections is disproportionate and does not constitute ‘fair use’ of personal information,” McIntyre explains.

    “If so, the Commissioner has the power and indeed the duty to issue an enforcement notice which would prevent Eircom from using personal data for this purpose – an outcome which would derail the three strikes system unless Eircom successfully challenges that notice before the courts, or unless the music industry were to succeed in its campaign to secure legislation introducing three strikes into Irish law.”

    The way this story has flown largely under the mainstream tech news radar will have been a relief to Eircom and IRMA. Something tells us that is about to change.


«13

Comments

  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin




  • Registered Users Posts: 1,120 ✭✭✭wheresmybeaver


    Hadn't heard about this, cheers for posting.

    Absolutely not surprised that there are mistakes. As usual, anti-piracy methods are harming legitimate consumers (although if you were to pick a random sample of 300 broadband users you would be very likely to get at least a handful of pirateers).

    I wonder how quickly those 300 were informed of the mistake? It can't have been a pleasant letter to receive.


  • Registered Users Posts: 2,622 ✭✭✭Thor


    Glad this happened, That stupid Three strikes law is just the music companies dictating law!!

    Sending a letter like that is slander and falsely accusing someone of steeling is an offence, Seeing as this system is supposed to be full proof, So okay not everything truly is full-proof, So a couple of letters by mistake maybe... But 300 is just ridiculous.

    To be honest though, Eircom probably don't really agree to this, But have no money to fight anyone in court, I'm shocked they are still in business.


  • Closed Accounts Posts: 13,126 ✭✭✭✭calex71


    Wonder how their eircom music store is doing? the letters likely went to the 300 people who bought music legitimately from it :p

    I remember wanting to take a look at it a while back but it was too much work , they wanted me to create an account before I could have a look around it :pac:


  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    If I received one of those letters I would be at my solicitors office right now hitting Eircom with the largest lawsuit they have ever seen. Since they have accused people of being criminals involved in criminal activity that can carry a prison sentence, it is slander. They have the proof in writing, a liable case would be dead easy to prove.

    The fact they are allowing an outside 3rd party to monitor traffic on their network is distrubing enough. No one wants an illegitmate corporate police force with self appointed powers out there making arrests, which is what we are seeing now. The fact they have wrongfully accused hundred of people should be an eye opener.

    If the Gards wrongly accused 300 people of being criminals, there would be no only an uproar, but lawsuits everywhere. These companies shouldn't get off easily because they are not the real police when in fact they have put themselves in a policing position. They must be held accountable just like the real police forces when they make easily foreseeable mistakes, as to keep them from engaging in such practices where it could happen again.


  • Advertisement
  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    As an Eircom customer, I felt obliged to raise the issue with them directly.

    http://www.boards.ie/vbulletin/showthread.php?p=72849493#post72849493


  • Registered Users Posts: 13,979 ✭✭✭✭Cuddlesworth


    How exactly does the daylight savings being out by one hour on a computer affect database records of that scale?


  • Registered Users Posts: 2,622 ✭✭✭Thor


    How exactly does the daylight savings being out by one hour on a computer affect database records of that scale?

    I think they were just using the same excuse that Sony gave when there ps3 network when down a year ago, Basically no one could connect to the network because of the time change.

    My guess is Eircom taught it would confuse people, But fact is that day light savings couldn't accidentally make it look like 300 people downloaded music illegally.


  • Registered Users Posts: 319 ✭✭java


    CptSternn wrote: »

    The fact they are allowing an outside 3rd party to monitor traffic on their network is distrubing enough.

    They don't. The third party monitor the torrent sites and pass on eircom ips to eircom. Further info here, particularly point 18: http://www.eircom.net/notification/legalmusic/faqs


  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    java wrote: »
    They don't. The third party monitor the torrent sites and pass on eircom ips to eircom. Further info here, particularly point 18: http://www.eircom.net/notification/legalmusic/faqs

    Don't be pedantic. If there is no monitoring going on then there would be no letters being sent. If eircom wasn't involved in all with the monitoring then how exactly could a computer error on their end screw cause the screw up in times?

    You have gone through the trouble in three threads to defend Eircom on this and falsely claim Eircom is no way involved in sending the letters which they are being investigated for sending. You wouldn't by chance work for them now would you?


  • Advertisement
  • Registered Users Posts: 7,265 ✭✭✭RangeR


    CptSternn wrote: »
    Don't be pedantic. If there is no monitoring going on then there would be no letters being sent. If eircom wasn't involved in all with the monitoring then how exactly could a computer error on their end screw cause the screw up in times?

    You have gone through the trouble in three threads to defend Eircom on this and falsely claim Eircom is no way involved in sending the letters which they are being investigated for sending. You wouldn't by chance work for them now would you?

    You don't have to be on Eircom's network to monitor a subset of the IP Addresses. You just need to be in the swarm. Do a it of research. These researchers are not just researching eircom customers but customers from many ISP's from many countries. When their research has ended, they pick away at the unknown IP's, group the known IP's and submit them to the relevant ISP's.

    It's NOT that difficult.


  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    RangeR wrote: »
    You don't have to be on Eircom's network to monitor a subset of the IP Addresses. You just need to be in the swarm. Do a it of research. These researchers are not just researching eircom customers but customers from many ISP's from many countries. When their research has ended, they pick away at the unknown IP's, group the known IP's and submit them to the relevant ISP's.

    It's NOT that difficult.

    ...then Eircom has to look up said IP's, link that to real-world user information and write up letters and post them to real addresses with real people on the other end.

    To argue they are not playing any part in the process is ludicrous.


  • Registered Users Posts: 7,265 ✭✭✭RangeR


    CptSternn wrote: »
    ...then Eircom has to look up said IP's, link that to real-world user information and write up letters and post them to real addresses with real people on the other end.

    To argue they are not playing any part in the process is ludicrous.

    I never argues that eircom have no part to play, They do, it's their network.
    On the otherhand, I was just correcting
    CptSternn wrote:
    The fact they are allowing an outside 3rd party to monitor traffic on their network is distrubing enough.

    The fact is, ONLY eircom has this real world information and never gives it to this third party.


  • Registered Users Posts: 319 ✭✭java


    CptSternn wrote: »
    Don't be pedantic. If there is no monitoring going on then there would be no letters being sent.

    I am not being pedantic I'm simply pointing out that your statement:
    CptSternn wrote: »
    The fact they are allowing an outside 3rd party to monitor traffic on their network

    is incorrect.
    CptSternn wrote: »
    If eircom wasn't involved in all with the monitoring then how exactly could a computer error on their end screw cause the screw up in times?

    Eircoms involvement is clearly stated in the FAQ:


    "On receipt of the IP addresses from IRMA, eircom will identify the specific customers without sharing any customer details with IRMA or any other party."


    So, I'd say something went wrong with their IP identification process.
    CptSternn wrote: »
    You have gone through the trouble in three threads to defend Eircom on this and falsely claim Eircom is no way involved in sending the letters which they are being investigated for sending.

    I never claimed this.
    CptSternn wrote: »
    You wouldn't by chance work for them now would you?

    I am not an apologist for eircom and neither do I work for them. I am a techie and do understand how IP and broadband authentication works. I just want to point readers of this thread to the correct information.


  • Registered Users Posts: 2,622 ✭✭✭Thor


    Don't forget, To monitor a torrent address pool, It means you must be apart of it, Meaning you must also be sharing the same file as the others.

    So unless that company monitoring the downloaders, They to are breaking the law by sharing the file themselves

    Its a grey area, As is all the things involved with this three strikes law.


  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Thor wrote: »
    Don't forget, To monitor a torrent address pool, It means you must be apart of it, Meaning you must also be sharing the same file as the others.

    So unless that company monitoring the downloaders, They to are breaking the law by sharing the file themselves

    Its a grey area, As is all the things involved with this three strikes law.

    Wrong, these companies can share and not break any laws, they have permission from the rights holders. File sharing isn't illegal, it has many legitimate uses.


  • Registered Users Posts: 2,622 ✭✭✭Thor


    PogMoThoin wrote: »
    No, they can share and not break any laws, these companies have permission from the rights holders. File sharing isn't illegal, it has many legitimate uses.

    How can anyone have the right to share copyrighted files to an anonymous person. The whole point of this law is to stop unauthorised sharing of copyrighted files. If the company has permission to share this file, Then anyone who downloads if from them isn't breaking any law's mainly because they downloaded it from someone who is allowed to share the song.

    Also, You can never tell if the person has the cd at home and is just downloading so they have it has an mp3.

    I'm not talking about file sharing in general( I never said file sharing was illegal), Just the illegal side of it.


  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Thor wrote: »
    How can anyone have the right to share copyrighted files to an anonymous person. The whole point of this law is to stop unauthorised sharing of copyrighted files. If the company has permission to share this file, Then anyone who downloads if from them isn't breaking any law's mainly because they downloaded it from someone who is allowed to share the song.

    Also, You can never tell if the person has the cd at home and is just downloading so they have it has an mp3.

    I'm not talking about file sharing in general( I never said file sharing was illegal), Just the illegal side of it.

    They don't have to share, just join the swarm


  • Registered Users Posts: 2,622 ✭✭✭Thor


    PogMoThoin wrote: »
    They don't have to share, just join the swarm

    how, There is no way to to tell who is downloading a torrent if you are not actively downloading the same file(You have to be uploading if you want to download). meaning they are sharing the file.

    Why give an argument about them having the rights to share the file and then come back and say they aren't sharing it.

    I'm not trying to start and argument here myself, But sounds to me like you have no idea what you are talking about.


  • Closed Accounts Posts: 13,874 ✭✭✭✭PogMoThoin


    Thor wrote: »
    how, There is no way to to tell who is downloading a torrent if you are not actively downloading the same file(You have to be uploading if you want to download). meaning they are sharing the file.

    Why give an argument about them having the rights to share the file and then come back and say they aren't sharing it.

    I'm not trying to start and argument here myself, But sounds to me like you have no idea what you are talking about.

    Nope, they don't even need to download, but do anyway to identify the file. Even a stopped torrent has many connections open as each ip in the swarm identifies itself.


  • Advertisement
  • Registered Users Posts: 5,517 ✭✭✭axer


    How exactly does the daylight savings being out by one hour on a computer affect database records of that scale?
    Because the IP addresses are given out by DHCP so the IP address could be passed from one user to another thus the time matters as to when x was using an IP address.


  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    java wrote: »
    I am not being pedantic I'm simply pointing out that your statement is incorrect.

    Eircoms involvement is clearly stated in the FAQ:


    "On receipt of the IP addresses from IRMA, eircom will identify the specific customers without sharing any customer details with IRMA or any other party."


    So, I'd say something went wrong with their IP identification process.

    I am not an apologist for eircom and neither do I work for them. I am a techie and do understand how IP and broadband authentication works. I just want to point readers of this thread to the correct information.


    Maybe an analogy will help you understand this a bit better.

    If the Gards allowed a 3rd party to monitor someone, and then took that recorded information and sent it straight to the DPP without reviewing it, that 3rd party would be considered a member of the Gards, working via proxy.

    In this case an outside third party is doing the same, information is being sent to Eircom, and letters sent out. By their own admission they are not checking the details therefore IRMA is acting on behalf of Eircom. Just because it isn't Eircom employees sitting in an Eircom building doing the physical monitoring of the swarms does not mean they are not acting on behalf of Eircom via proxy and that Eircom is not monitoring people.

    Whether it is a 3rd party group doing it or their own employees it is being done and they are following through making legal accusations just as if it were their own employees doing the monitoring, and from a legal standpoint there is absolutely no difference in who is connecting to the swarm and collecting data as long as Eircom is the one in the end making the legal accusations based on this collected data.

    Think hitman - murder for hire. Just because you don't pull the trigger does not absolve you of any liability if yer plans are found out by the Gards.

    In this case, IRMA have become agents of Eircom via proxy and are acting on behalf of Eircom. All legal ramifications would be the same as if they were doing the monitoring in-house themselves, which is why they are being investigated.


  • Registered Users Posts: 7,265 ✭✭✭RangeR


    CptSternn wrote: »
    Maybe an analogy will help you understand this a bit better.

    If the Gards allowed a 3rd party to monitor someone, and then took that recorded information and sent it straight to the DPP without reviewing it, that 3rd party would be considered a member of the Gards, working via proxy.

    In this case an outside third party is doing the same, information is being sent to Eircom, and letters sent out. By their own admission they are not checking the details therefore IRMA is acting on behalf of Eircom. Just because it isn't Eircom employees sitting in an Eircom building doing the physical monitoring of the swarms does not mean they are not acting on behalf of Eircom via proxy and that Eircom is not monitoring people.

    Whether it is a 3rd party group doing it or their own employees it is being done and they are following through making legal accusations just as if it were their own employees doing the monitoring, and from a legal standpoint there is absolutely no difference in who is connecting to the swarm and collecting data as long as Eircom is the one in the end making the legal accusations based on this collected data.

    Think hitman - murder for hire. Just because you don't pull the trigger does not absolve you of any liability if yer plans are found out by the Gards.

    In this case, IRMA have become agents of Eircom via proxy and are acting on behalf of Eircom. All legal ramifications would be the same as if they were doing the monitoring in-house themselves, which is why they are being investigated.

    I don't think many would argue your points but you're posts seem a bit disjointed. You made two main point but only one is not wrong.

    1. Eircom gave 3rd party access to their network
    2. Third party are operating on behalf of Eircom.

    Point 1 is plain wrong. Point 2 is shakey but I'll grant it to ye.


  • Registered Users Posts: 13,979 ✭✭✭✭Cuddlesworth


    axer wrote: »
    Because the IP addresses are given out by DHCP so the IP address could be passed from one user to another thus the time matters as to when x was using an IP address.

    I was aware of that. But IP address changes are infrequent at best. Also this information would be stored on a database which would be independent of errors in daylight savings time made on local machines. I just can't see how they can screw up on this sort of scale.


  • Moderators, Technology & Internet Moderators Posts: 12,448 Mod ✭✭✭✭dub45


    CptSternn wrote: »
    Maybe an analogy will help you understand this a bit better.

    If the Gards allowed a 3rd party to monitor someone, and then took that recorded information and sent it straight to the DPP without reviewing it, that 3rd party would be considered a member of the Gards, working via proxy.

    In this case an outside third party is doing the same, information is being sent to Eircom, and letters sent out. By their own admission they are not checking the details therefore IRMA is acting on behalf of Eircom. Just because it isn't Eircom employees sitting in an Eircom building doing the physical monitoring of the swarms does not mean they are not acting on behalf of Eircom via proxy and that Eircom is not monitoring people.

    Whether it is a 3rd party group doing it or their own employees it is being done and they are following through making legal accusations just as if it were their own employees doing the monitoring, and from a legal standpoint there is absolutely no difference in who is connecting to the swarm and collecting data as long as Eircom is the one in the end making the legal accusations based on this collected data.

    Think hitman - murder for hire. Just because you don't pull the trigger does not absolve you of any liability if yer plans are found out by the Gards.

    In this case, IRMA have become agents of Eircom via proxy and are acting on behalf of Eircom. All legal ramifications would be the same as if they were doing the monitoring in-house themselves, which is why they are being investigated.

    You are throwing the word "legal" around freely here.

    There is no involvement of the legal system here. There is an agreement between IRMA and Eircom that's all.


  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    dub45 wrote: »
    You are throwing the word "legal" around freely here.

    There is no involvement of the legal system here. There is an agreement between IRMA and Eircom that's all.

    The minute Eircom started accusing its customers of illegal activity, activity which carries criminal penalties under the law, writing down said accusations and sending them via post to real world people it became a very legal-centric issue, or should I say libel issue.

    Eircom's actions have left the company in a very actionable position, from a legal standpoint.


  • Moderators, Technology & Internet Moderators Posts: 12,448 Mod ✭✭✭✭dub45


    CptSternn wrote: »
    The minute Eircom started accusing its customers of illegal activity, activity which carries criminal penalties under the law, writing down said accusations and sending them via post to real world people it became a very legal-centric issue, or should I say libel issue.

    Eircom's actions have left the company in a very actionable position, from a legal standpoint.

    As far as I understand it there is no involvement of the law in the system agreed between IRMA and Eircom. At no stage will customer details be passed to any other body.

    As Eircom have not published any accusations against any customers how can libel enter into it?

    http://www.personal-injury-info.net/libel-definition.htm


  • Registered Users Posts: 5,822 ✭✭✭kirving


    eircom don't want to be doing this at all really, they're just sending out letters to.keep the IRMA quiet. Remember the leaked internal emails?!


    They(eircom) don't have to accuse you themselves either, I'm sure they can sidestep that hot water by blaming it on IRMA.

    It would be very smart of eircom to intentionally sent out these letters to attract the attention of the DPC and be forced out of the ridiculous agreement they had to enter. They're losing customers hand over fist when people think that they'll be caught and sued for downloading stuff.

    I think the competition authority should have a look at this too.


  • Moderators, Technology & Internet Moderators Posts: 12,448 Mod ✭✭✭✭dub45


    eircom don't want to be doing this at all ..............................

    I think the competition authority should have a look at this too.

    Why?


  • Advertisement
  • Registered Users Posts: 1,530 ✭✭✭CptSternn


    dub45 wrote: »
    As far as I understand it there is no involvement of the law in the system agreed between IRMA and Eircom. At no stage will customer details be passed to any other body.

    As Eircom have not published any accusations against any customers how can libel enter into it?

    http://www.personal-injury-info.net/libel-definition.htm

    A company sending a letter to a customer accusing them of being a criminal is definitely a case for defamation. Libel doesn't mean it has to be put in the newspaper or on telly for it to be considered libel. If it is written and distributed even in an office it can be considered libel. Google EMAIL LIBEL - many cases these days involve someone in a company sending an email to a handful of people. In this case a few people at least have to be involved in sending around the persons personal details and would know who the person is and what they are being accused of, a very easy case to prove.

    Lets also not forget when you sign up for services, you enter into a contract - a legal contract. Eircom does not have the right to break that contract, or send you warnings claiming you are involved in criminal activity and warning you they are going to break the legal contract.

    If you rang a month after signing up for a twelve month contract and said you were not going to pay anymore because you didn't want the services, you could be taken to court as you are legally in breach of said contract.

    Eircom is threatening to break a legal contract, on paper after it passes through multiple departments and they find the customers details. They are sending letters stating this along with stating they have found the customer to be engaged in illegal activity. This leaves them open to a defamation lawsuit not to mention if they did go the whole full monty and cut off your services then they would be in breach of said contract and would have to prove in court they had good reason to do so, in which case they would be forced to produced the aforementioned letters and put those letters into court evidence, furthering the defamation case against themselves.

    Another issue here is the mixing of criminal and civil proceedings into one giant mess. In a civil case one only needs to prove there is a preponderance of truth. In simplified terms that means if the courts think you did or didn't do it, if there is say 51% chance you did it then you lose. In a criminal preceding there needs to be evidence beyond a shadow of a doubt, a 99% probability.

    In this case they are sending you a letter based on civil law but accusing people of breaking criminal law, which means they have to be able to prove beyond a shadow of a doubt that customer is a criminal if they want to proceed with their civil case (i.e. cutting off your services). They have not met that burden, a fact further emphasised with the revelation that they have already screwed this up over three hundred times. They are wide open to litigation and obviously their legal team is asleep at the wheel.


Advertisement