According to a report which has flown almost completely under the radar, last year an ISP sent out around 300 “first strike” warning letters wrongfully accusing innocent subscribers of Internet piracy. ISP Eircom implemented the scheme in partnership with the recording industry and is now being investigated by the Irish Data Protection Commissioner.
In February 2009, IRMA – representing EMI, Sony, Universal and Warner – reached an 11th hour out-of-court settlement with Irish ISP Eircom on the issue of illicit file-sharing. The deal would see Eircom introduce a graduated response system for dealing with errant subscribers.
“Eircom is proceeding with implementation of the protocol which could result in the suspension and ultimately disconnection of broadband service for those customers who deliberately and persistently infringe copyright,” the company said in a December 2010 statement, reiterating their commitment to the scheme.
But little did we know that the fears of “3 strikes” opponents had already come true.
From deep inside the “how the hell did the majority of the media miss this department”, it now becomes clear that by October 2010, Eircom had already sent out around 300 warning letters to completely innocent subscribers.
The company seems to have tried to play down the error saying that computer clocks were incorrectly adjusted to compensate for daylight saving time, some comfort to the unlucky letter recipients.
According to TJ McIntyre at digital rights site EDRI.org, as a result of this failure the Irish Data Protection Commissioner is now investigating the entire Eircom scheme.
“The significance of this case goes well beyond simple technical failings however, as the complaint to the Data Protection Commissioner (DPC) has triggered a wider investigation of the legality of the entire three strikes system,” he writes.
The DPC is said to be not only investigating the complaint but also “whether the subject matter gives rise to any questions as to the proportionality of the graduated response system operated by Eircom and the music industry.”
McIntyre says that when the Eircom/IRMA deal was being agreed, the DPC expressed concerns with it, not least over the question of whether or not IP addresses are personal data. However, until someone raised a complaint, that issue was put on the back burner. The delivery of 300 false “first strike” warning letters appears to have met that criteria.
“The complaint in this case has now triggered that action, and it seems likely that the Commissioner will reach a decision reflecting his previous views that using IP addresses to cut off customers’ internet connections is disproportionate and does not constitute ‘fair use’ of personal information,” McIntyre explains.
“If so, the Commissioner has the power and indeed the duty to issue an enforcement notice which would prevent Eircom from using personal data for this purpose – an outcome which would derail the three strikes system unless Eircom successfully challenges that notice before the courts, or unless the music industry were to succeed in its campaign to secure legislation introducing three strikes into Irish law.”
The way this story has flown largely under the mainstream tech news radar will have been a relief to Eircom and IRMA. Something tells us that is about to change.
Reported days ago on IrelandOffline
Hadn't heard about this, cheers for posting.
Absolutely not surprised that there are mistakes. As usual, anti-piracy methods are harming legitimate consumers (although if you were to pick a random sample of 300 broadband users you would be very likely to get at least a handful of pirateers).
I wonder how quickly those 300 were informed of the mistake? It can't have been a pleasant letter to receive.
Glad this happened, That stupid Three strikes law is just the music companies dictating law!!
Sending a letter like that is slander and falsely accusing someone of steeling is an offence, Seeing as this system is supposed to be full proof, So okay not everything truly is full-proof, So a couple of letters by mistake maybe... But 300 is just ridiculous.
To be honest though, Eircom probably don't really agree to this, But have no money to fight anyone in court, I'm shocked they are still in business.
Wonder how their eircom music store is doing? the letters likely went to the 300 people who bought music legitimately from it
I remember wanting to take a look at it a while back but it was too much work , they wanted me to create an account before I could have a look around it
If I received one of those letters I would be at my solicitors office right now hitting Eircom with the largest lawsuit they have ever seen. Since they have accused people of being criminals involved in criminal activity that can carry a prison sentence, it is slander. They have the proof in writing, a liable case would be dead easy to prove.
The fact they are allowing an outside 3rd party to monitor traffic on their network is distrubing enough. No one wants an illegitmate corporate police force with self appointed powers out there making arrests, which is what we are seeing now. The fact they have wrongfully accused hundred of people should be an eye opener.
If the Gards wrongly accused 300 people of being criminals, there would be no only an uproar, but lawsuits everywhere. These companies shouldn't get off easily because they are not the real police when in fact they have put themselves in a policing position. They must be held accountable just like the real police forces when they make easily foreseeable mistakes, as to keep them from engaging in such practices where it could happen again.
As an Eircom customer, I felt obliged to raise the issue with them directly.
How exactly does the daylight savings being out by one hour on a computer affect database records of that scale?
I think they were just using the same excuse that Sony gave when there ps3 network when down a year ago, Basically no one could connect to the network because of the time change.
My guess is Eircom taught it would confuse people, But fact is that day light savings couldn't accidentally make it look like 300 people downloaded music illegally.
They don't. The third party monitor the torrent sites and pass on eircom ips to eircom. Further info here, particularly point 18: http://www.eircom.net/notification/legalmusic/faqs
Don't be pedantic. If there is no monitoring going on then there would be no letters being sent. If eircom wasn't involved in all with the monitoring then how exactly could a computer error on their end screw cause the screw up in times?
You have gone through the trouble in three threads to defend Eircom on this and falsely claim Eircom is no way involved in sending the letters which they are being investigated for sending. You wouldn't by chance work for them now would you?
You don't have to be on Eircom's network to monitor a subset of the IP Addresses. You just need to be in the swarm. Do a it of research. These researchers are not just researching eircom customers but customers from many ISP's from many countries. When their research has ended, they pick away at the unknown IP's, group the known IP's and submit them to the relevant ISP's.
It's NOT that difficult.
...then Eircom has to look up said IP's, link that to real-world user information and write up letters and post them to real addresses with real people on the other end.
To argue they are not playing any part in the process is ludicrous.
I never argues that eircom have no part to play, They do, it's their network.
On the otherhand, I was just correcting
The fact is, ONLY eircom has this real world information and never gives it to this third party.
I am not being pedantic I'm simply pointing out that your statement:
Eircoms involvement is clearly stated in the FAQ:
"On receipt of the IP addresses from IRMA, eircom will identify the specific customers without sharing any customer details with IRMA or any other party."
So, I'd say something went wrong with their IP identification process.
I never claimed this.
I am not an apologist for eircom and neither do I work for them. I am a techie and do understand how IP and broadband authentication works. I just want to point readers of this thread to the correct information.