ISP (Eircom) Wrongfully Sent 300 "First Strike" Letters To Innocents subscribers

ZOLTAN28 wrote: »

Just as they can't prove I did download it - I can alsonot prove I did not.

The burden of proof falls on them. THEY are making the accusation. If they cannot back it up with specific evidence to prove this then THEY are liable.

If anyone accused me of being a criminal, twice, and engaging in illegal activity, twice, I would have my solicitor all over them.

When something gets me riled, I don't get angry - I just ring my solicitor. HE gets angry.

ZOLTAN28 wrote: »

In their letter they name the file download, the torrent client used and the time and date - that is their proof.

I am hopig for a 'ban' as I will be cancelling with them as soon as I get it - I find the whole policy extremely distasteful whether people are downloading or not.

If it were me, I would challenge them and have them prove this, with detailed logs that can prove it happened. I would also go as far as to file a complaint against them for defamation.

When did you get your modem/router from them? Due to a huge security flaw all of the models they sent before like 2009 were wide open so anyone with a computer in wifi range could log right on. I would argue that there is a good chance due to their lack of security it could have been someone else, and again, the burden of proof falls on them to prove this is not the case, which they can't because they already made this fact public.

CptSternn wrote: »

If it were me, I would challenge them and have them prove this, with detailed logs that can prove it happened. I would also go as far as to file a complaint against them for defamation.

When did you get your modem/router from them? Due to a huge security flaw all of the models they sent before like 2009 were wide open so anyone with a computer in wifi range could log right on. I would argue that there is a good chance due to their lack of security it could have been someone else, and again, the burden of proof falls on them to prove this is not the case, which they can't because they already made this fact public.

Eircom are covered in this regard due to their actions when the issue occured. They informed affected customers. It is a persons responsibility to secure their own wireless network. Read the terms of use

wheresmybeaver wrote: »

You may have found an easy way to get out of contract with Eircom! Download a few Bieber and Gaga albums and you're out!

Here is another crux of the issue - you don't have to download ANYTHING, just connect to a couple of swarms and hit pause. You won't download a single byte yet you still could be reported as doing so, except for the fact if they did come to your house they would find nothing, AND if they had proper logs they would be able to see you didn't download the file in question.

You can claim you were just checking out swarms and not downloading anything, as it is possible, they would have to prove you wrong since the burden of proof would fall on them.

Right now it's like you walk out of a dodgy pub and they claim you are a criminal engaged in criminal activity even though they have no record of what you did inside. They only have the word of a third party that can only tell them you were seen inside, no one can confirm what you did there.

I have taken it up with Eircom - through the forum they have here on boards.

I will await the results of their 'investigation' with interest.

PS router is pre 2009.

poisonedstream wrote: »

Your comparision is in now way the same. Eircom did not know of the issue while releasing the modems and rectified it as soon as they found out. This is not life or death either. Coupled with the fact that the user is responsible for the security of their own network and have been since signing up your point is moot.

If users can't be bothered rectifying a well known security issue, at this stage it is their own fault.

Not from a legal standpoint. IF a company issues a recall of a product, and someone doesn't return the product and is injured, then the company is protected IF they followed proper recall procedures (i.e. large ad campaign, contact vendors and known customers directly, etc.)

Eircom did not do this. Not only did they not do this, they only issued warnings to a select few number of people. On top of this they never offered to replace or fix the issue. Trying to say they somehow shifted legal liability on this issue with the scant number of things they did to correct the issue is imprudent.

Do you really think sending a letter to a 60 year old and telling them they need to change their WEP key really fixed the issue? In legal terms it doesn't pass the common man test. In lawsuit situation, like this could become, a judge will ask, could an average man (or person) be expected to follow through with the instructions sent or even contemplate the severity of the situation at hand from the information which was sent by Eircom.

I would say about 80% of the people who were in the select few to actually get the letter had no idea what it meant, much less any idea of how to fix it. It is easy to prove this as I can walk through any town in Ireland and find dozens of Eircom routers that are still open to this security issue.

Therefore it cannot be assumed that Eircom has negated their legal responsibility and therefore they are still liable.

CptSternn wrote: »

Not from a legal standpoint. IF a company issues a recall of a product, and someone doesn't return the product and is injured, then the company is protected IF they followed proper recall procedures (i.e. large ad campaign, contact vendors and known customers directly, etc.)

Eircom did not do this. Not only did they not do this, they only issued warnings to a select few number of people. On top of this they never offered to replace or fix the issue. Trying to say they somehow shifted legal liability on this issue with the scant number of things they did to correct the issue is imprudent.

Do you really think sending a letter to a 60 year old and telling them they need to change their WEP key really fixed the issue? In legal terms it doesn't pass the common man test. In lawsuit situation, like this could become, a judge will ask, could an average man (or person) be expected to follow through with the instructions sent or even contemplate the severity of the situation at hand from the information which was sent by Eircom.

I would say about 80% of the people who were in the select few to actually get the letter had no idea what it meant, much less any idea of how to fix it. It is easy to prove this as I can walk through any town in Ireland and find dozens of Eircom routers that are still open to this security issue.

Therefore it cannot be assumed that Eircom has negated their legal responsibility and therefore they are still liable.

First of all, Issuing a re-call doesn't get rid of your responsibility, In fact it acknowledges it.

If you sell a defective product in the first place and someone gets injured from said product, The company is liable even if it issued a recall, They can't reach out to everyone who purchased the item.

Also, Eircom didn't manufacture the modems, Netopia did, Which means they to blame for the fault.

If someone hacks your wireless in general then is it the isp's fault for giving you a device that can be hacked. Just because it was easier to obtain the WEP code doesn't make it any bit different in the long run. They are not liable for any damages period! Mainly because they aren't the ones who hacked the device.

Does the alarm on a car stop someone from stealing it, NO!!! It just makes it a little bit harder!!

Fact is the encryption is there, If someone wants to get the code, Its extremely simple to do, The problem with the netopia router was that it was even easier then the normal methods.

CptSternn wrote: »

Not from a legal standpoint. IF a company issues a recall of a product, and someone doesn't return the product and is injured, then the company is protected IF they followed proper recall procedures (i.e. large ad campaign, contact vendors and known customers directly, etc.)

Eircom did not do this. Not only did they not do this, they only issued warnings to a select few number of people. On top of this they never offered to replace or fix the issue. Trying to say they somehow shifted legal liability on this issue with the scant number of things they did to correct the issue is imprudent.

Do you really think sending a letter to a 60 year old and telling them they need to change their WEP key really fixed the issue? In legal terms it doesn't pass the common man test. In lawsuit situation, like this could become, a judge will ask, could an average man (or person) be expected to follow through with the instructions sent or even contemplate the severity of the situation at hand from the information which was sent by Eircom.

I would say about 80% of the people who were in the select few to actually get the letter had no idea what it meant, much less any idea of how to fix it. It is easy to prove this as I can walk through any town in Ireland and find dozens of Eircom routers that are still open to this security issue.

Therefore it cannot be assumed that Eircom has negated their legal responsibility and therefore they are still liable.

You honestly have no idea what you are talking about.

dub45 wrote: »

Guilt and liability for what exactly?

Eircom made a mistake - they are guilty of that. Companies make mistakes all the time there is no law against it.

Liable for what? Public derision and criticism yes but what else?

They appear to have made a gesture to the customers affected so what? Lots of companies make mistakes and never make a gesture.

If we are going to have a discussion here about a system or a particular occurrence lets do our best to make it on grounds of substance and fact not on hysteria and fantasy

You have no concept of tort law and legal liability.

http://en.wikipedia.org/wiki/Tort

http://en.wikipedia.org/wiki/Legal_liability

http://en.wikipedia.org/wiki/Tort#Defamation

When Eircom sent out those letters they made the claim the customer receiving said letter was a criminal. It is not a 'crime', but it is a violation of civil law. If Eircom, or any other company or person, sends a letter to someone claiming they are engaged in illegal activity, then they under the law have to have solid proof which they can offer up in court as evidence else they are guilty of defamation.

Your own words above contradiction the very thing you seems to be arguing against. Eircom made a mistake, that is the very nature of tort law. It IS a violation and there ARE laws against it.

It is no different than if ESB sent you a bill stating you had been stealing electricity or if Bord Gáis sent you a letter claiming you had been stealing their gas or if your next door neighbor sent you a letter claiming your broke into his home. If it turns out to be a mistake or there is no evidence to back your claims it means the company/person which made the accusation is in an actionable position. That means they stand to lose in a civil suit when brought before the courts (i.e. civil action).

Thor wrote: »

First of all, Issuing a re-call doesn't get rid of your responsibility, In fact it acknowledges it.

If you sell a defective product in the first place and someone gets injured from said product, The company is liable even if it issued a recall, They can't reach out to everyone who purchased the item.

And that is what I said, and you are arguing this why?

Also, Eircom didn't manufacture the modems, Netopia did, Which means they to blame for the fault.

They were OEM modems, built to specs supplied by Eircom. The WEP keys and the original configuration were Eircoms idea and they are the ones who gave the order to manufacture them in this manner so the burden of liability rests with them.

If someone hacks your wireless in general then is it the isp's fault for giving you a device that can be hacked. Just because it was easier to obtain the WEP code doesn't make it any bit different in the long run. They are not liable for any damages period! Mainly because they aren't the ones who hacked the device.

Normally that is true, but in this case Eircom circumvented normal procedure to create a system in which security could be easily compromised. Their idea was to make a simple system where any tech who answered the phone could find the users WEP key. What they did was create a backdoor to their own systems and therefore they are the ones at fault here.

Does the alarm on a car stop someone from stealing it, NO!!! It just makes it a little bit harder!!

Apples and oranges.

Fact is the encryption is there, If someone wants to get the code, Its extremely simple to do, The problem with the netopia router was that it was even easier then the normal methods.

You bandy around the terms 'simple', 'easier', and 'normal'. For whom exactly are you refering? Can you take an average person with no IT experience off the street and in a short letter with only a few sentences teach them what WEP is, why it is important to change that key, and then instruct them in such a manner they can do it without issue?

Thats the issue here. Just because YOU found it 'simple' do you really think your Mother or even your Granny would be able to do it 'easily'? Would they even grasp the concept of why it is important? THAT is the test the courts use when establishing where liability lies, not can an IT/tech guy sort it out, but can the average person on the street who purchased said product be able to do it.