ACS:Law reuinion tour
ACS:Law is back! Shockingly, their website is back online and people are reporting new letters. It seems like a strange choice by our favourite solicitor to stay quiet for several weeks then try to assert a comeback. Without a fresh source of names and addresses they are on borrowed time and disappearing for weeks hardly seems like the best way through it.
ACSBore has a scan of a new letter demanding £1200, previously I thought they only went up to £500. Is this a price increase as a response to their increasingly dire situation? If so, the price seems to have nothing to do with reclaiming actual damages incurred as a result of the recipient’s alleged copyright infringement and everything to do with propping up Andrew Crossley’s business (if you can call it that). Also £1200 is just silly. You might have been on to something with £500, but £1200 is not realistic from the start. People aren’t going to say “well I wasn’t going to pay the £500 but now he’s bumped it up to £1200 I’m quite tempted”. Duh. Plus the old blackmail route isn’t quite so effective anymore … it doesn’t work when you’ve already publicly released all the details.
Here’s a good post from Slyck.com on an apparent contradiction between Crossley’s official statement to the judge when asking for a court order and Crossley’s subsequent statement to the BBC regarding what the data he requests mean. I haven’t read the email mentioned [can't find it, the mail client I am using does not make it easy to search], but let’s assume it exists and is quoted accurately:
The impression given, even if incorrect, is that:
(a) If it is presented to the Chief Master of the Chancery Division of the High Court, then it is likely that the subscriber is the person that has copied the work and is uploading it from their computer through the connection in question, and the Chief Master finds that there is a prima facie case against the subscriber for the purposes of a NPO application, but
(b) if the information somehow leaks onto the internet where the same witness is potentially facing huge claims or financial penalties for which he might be personally liable, then the information is suddenly demoted in status to amounting to no claim at all that the subscriber has done anything.
http://slyck.com/forums/viewtopic.php?f=66&t=44092&start=11925#p561238
In short, Crossley got the court order [to disclose names and addresses] by claiming that the data he was requesting identified users who are likely guilty of copyright infringement. Then he told the BBC that he doesn’t claim the users identified were likely guilty of copyright infringement, so he got the data under false pretences. As I said, I can’t find this email, but it seems implicit that he must have said something along these lines anyway, else he shouldn’t have got the court order. Does perjury extend to civil cases?
It’s ridiculous that this firm is still going.
Gallant Macmillan 0, 4chan 1 | Ministry Of Sound 0, 4chan 1
In the continuing saga of 4chan vs copyright, on Friday, following widespread coverage of ACS:Law’s spectacular implosion, another UK legal firm decided to announce they’d be continuing the fight against the Internet. The firm is called Gallant Macmillan. To call this a misguided announcement would probably be generous to the intellect of the person making it. 4chan hasn’t ceased its attacks since ACS:Law, it has continued DDoSing various organisations (none so spectacularly as ACS:Law, but regardless sites have gone down, which is a successful DDoS attack), and Friday also saw a bomb threat against the office of the then current target. This sounds like they’ve crossed the line but bomb’s a sensationalist word and you have to put in perspective the effect both sides have had. 4chan made them evacuate their office for a few hours, while the firm has sent letters to ordinary people, which have caused genuine prologued distress and financial damage. One can’t condone bomb threats of course, but 4chan still has a way to go before it causes as much psychological trauma as its targets have. Anyway, unsurprisingly, while nobody before had heard of Gallant Macmillan, within a few hours they were selected as the next DDoS target.
The DDoS officially starts at 7pm GMT (8PM local UK time, 3PM EST), but it looks like a few people were eager to get in ahead of the crowd and GM’s site is down already and has been since I checked at 11 this morning. gmlegal.co.uk is HTTP 400ing (Bad Request (Invalid Hostname) — not entirely sure what this means, not familiar with Windows servers, but I think it may mean the host intentionally disabled their site) and www.gmlegal.co.uk has no IP address. They are due in court tomorrow to try to get a court order to pursue file sharers on behalf of the ‘ministry of sound’ (annoying electronic music guaranteed to drive even the most resilient person insane in about 8 bars). I am not a lawyer so maybe I mangled this a bit, but as I understand it this was delayed a week or so as the judge in charge admitted he didn’t understand the technical issues and he was concerned that there was a lot of public opposition to these practices, which, in the judge’s mind, probably wouldn’t exist if these firms were operating legitimately. A very public and organised and large attack on their website isn’t really going to quell the judge’s fears, but the outcome remains to be seen.
The trend seems to be that a lot of these firms are very small and have very inadequate IT facilities which fold up very easily when put under pressure. This of course, along with inadequate talent, proved catastrophic to ACS:Law. I think this highlights the problem of this kind of business model. Letter-sending has a high failure rate which is a difficult optimisation problem because if you’re not aggressive enough then people will disregard you and if you are too aggressive then people will band together and encourage defiance, and you will also attract formal complaints to regulatory bodies which may hamper your legal credibility. It might even encourage file sharing as an act of defiance (there’s a few ‘forbidden’ compilations on BitTorrent now as a result of ACS:Law’s media coverage, sharing collections of titles which rights’ holders were paying ACS:Law to prevent from being shared), AKA the Streisand effect, which will disincline sensible rights’ holders from viewing their relationship with you as having an overall benefit.
Going from letter-writing/extortion/speculative invoicing (delete as appropriate) into actual lawsuits is also a waste of time and money because even if you do end up with a settlement which equates to a net profit, suing randomly selected individuals on the basis of their alleged musical taste isn’t a profitable pastime because 1) on average, they don’t have much money to give you and 2) they’re going to have a lot less after they’ve employed a lawyer to defend them. The only highly publicised (and perhaps just ‘only’) case of an actual such copyright lawsuit in the UK was a few years ago, Davenport Lyons were awarded £16k against a woman for sharing a pinball game. Unfortunately, the woman never turned up in court so it was a default judgement. Pretty good result for Davenport Lyons, you think? Well, I remember reading about this at the time on Slashdot and I thought it was awful she was going to have to pay so much simply because she didn’t defend herself and the merits and flaws of the case were never heard. But as time goes on, DL’s victory seems less sensational: Not only did this woman never turn up in court, but there’s growing scepticism of her actual existence. There’s not a single known quote, statement, interview by her or her family or her friends, no pictures, no social networking profiles, nothing. The only place her name appears on the Internet is in all the cloned reporting of the case at the time, and in subsequent discussions thereof. Some think she was a Polish immigrant who went back to Poland several months before the court case, and has never been traced (I don’t know if there is any hard evidence for this), but Occam’s razor warns us against making up complicated stories about people who might not exist, so a cynic might be tempted to suspect some form of fabricated identity and publicity stunt. Whatever became of her, it seems unlikely that Davenport Lyons saw any of that money they were awarded.
So to turn a profit, you want to keep the outfit small and have everyone directly contributing to getting letters processed. Things like IT, as long as the computer system basically works, are an unnecessary expense if you don’t really understand how important they are. This of course means such firms are probably not in compliance with data protection laws (hello ACS:Law), not because they don’t understand the law, but because their overall IT experience is “I know how to press buttons” and they don’t really understand how the data are being stored. And as soon as 4chan decides they don’t like you, your website goes offline and unless you had a professional set the whole thing up in the first place, your email probably does as well. If they can keep you down for a few days, it’s a big reputation hit: people receiving letters are going to Google your name and see if you’re legitimate. If you’ve got no reachable web presence they’re going to be suspicious that you’re not a real firm, and they may be tempted to disregard your letter as a basic scam.
Secondly, you may have to explain to your clients over the phone that the reason they can’t communicate with you via email is because you’re being attacked. They might accept this for a few hours but after a few days they’re going to start have doubts about whether you’re really running a professional outfit or whether you’re a bunch of cowboys, an association with whom is a liability.
Similarly it attracts all sorts of negative attention. The sheer weight of these DDoS attacks shows just how strongly a lot of people feel about this kind of behaviour. It should deter all but the seediest of clients from doing business with you because clients with good reputation stand to suffer damage if they associate with you. I don’t think it’s a coincidence that a lot of ACS:Law’s money came from pornography cases, clients who don’t really have any reputation to lose. If you’re a ‘legitimate’ law firm you might well find your non-file sharing related clients deciding to dump you when you start to get a bad reputation. This is what seems to have happened to Davenport Lyons (the precursor to ACS:Law); they were a real law firm who got into the letter-writing business then took a lot of criticism then withdrew from it, probably because it was hurting them overall (it appears that some of their employees transferred to ACS:Law at this point to continue.).
And should a case ever come to court and the defendant says “well you say you’re technical experts who can evaluate this evidence and collect it reliably, but isn’t it true your site was attacked by some teenagers and it went down in about a minute and you didn’t manage to get back online for x days?” I’m not quite sure what your rebuttal can be to that.
Update: it appears maybe GM realised they couldn’t take a DDoS and took their site down willingly. It may also be that their provider decided GM’s custom wasn’t worth a DDoS and took them down. It is unclear exactly why it’s down. In any case, the denial of service was successful. Accordingly, 4chan shifted the official DDoS target to ministryofsound.com. It’s now 15 minutes into the attack and it’s hopelessly offline. Their digital download subdomain is a secondary target and it’s also down, which means no one can purchase anything from them at the moment. I’m really impressed at 4chan’s ability to shift the target relatively late and yet still take it down very quickly after the attack officially commences. I’m sure a part of their resources are still hitting Gallant Macmillan right now, but even not at full power, they’re still powerful enough to easily take down a fairly big site like MoS. I suspect the media coverage has got 4chan a lot of new firepower from people who have never been actively part of 4chan before. It shows the strength of the anti aggressive copyright sentiment. MoS is the big customer of GM, hence the reasoning behind targeting them.
Update2: 11PM — nslookup for gmlegal.co.uk is now returning 127.0.0.1. huh? Is that universal or just some kind of default fail case?
as you may have guessed…
I had a rather major and unexpected traffic spike as the result of the last entry and change a few things around and hid a bunch of the older stuff. I was linked to from a bunch of forums and I’m actually being cited by RationalWiki who in light of the publicity ACS:Law has received recently wrote their own article on them. So I changed things around temporarily for privacy reasons and hid a lot of the older entries which will be slowly coming back after I have the chance to review each one and determine whether I’m really okay with it being in the public interwebsphere. I have also changed the theme because the wasted horizontal space of the old one drove me insane. Not that this one is perfect. That’s artists for you.
It was pretty cool because I picked up the story from Slashdot, who are usually a few days behind the curve. But in this case, none of the major news outfits had picked up on it, and it was a Saturday, and they didn’t get their behinds into gear until late Monday. I put up the blog Saturday night, cue a sudden traffic influx as it turns out I’m one of the few people who have collected the whole thing together, and the URI was being shared on various forums, wikis, other blogs and Facebook. Pretty awesome to see the internet work like that though; to let people like me write news reports and generate a buzz around a story until the more reliable places got themselves in gear. Also a lot of the initial news reports were hesitant to NOT attribute the leak to the DDoS attack so in that respect the blogosphere was making sure people knew the whole story. It’s also nice to see that a lot of people were indulging in the schadenfreude of ACS:Law scoring an own goal without needing to be prompted by the major news. It snowballed massively late Monday and Tuesday, but there was a lot of interest before then.
I guess the other news is just how effective Anonymous/4chan has managed to be. Their DDoS tactics may seem dubious but it’s come in response to recent revelation that anti-piracy firms employed an Indian IT outfit to enact DDoS attacks on ThePirateBay. 4chan calls it “Operation Payback Is A Bitch”, and clearly, 4chan can harness enough resources to make a dent on whomever they target. There are basically a lot of people who don’t “get” the internet, who think it is okay to try to restrict information. Most people under 20 have grown up with the Internet as a fact of life as far back as they can remember and a lot of people under 30 happily embraced it when it came along. They realise that the most important aspects it has are that it’s not centrally controlled and it was always designed to route around localised problems, which means its very hard to censor. The people who don’t “get” it want to bumble in and try to change the entire philosophy of it because it doesn’t fit with their old, obsolete and naive view of the world. These people are apparently unaware that while older people might not be used to having so much information and communication powers so readily available to them and might not have fully embraced what the Internet offers in those respects, to younger people, these things are a core fact of life and not one they’re going to give up just because some overweight, middle-aged idiot in a suit decides that either it’s okay to tell people what they’re not allowed to read/view, or that the free flow of information makes his dubious brand of capitalism and exploitation a bit harder for him to be successful at. Frankly, we value our free information and we don’t give a toss if you think it hurts your profits (and we aren’t convinced it does anyway). And this is coming from someone who doesn’t actually download anything.
It’s hard to take these people on on their own ground because a lot of the people who do “get” the Internet aren’t of voting age or don’t have enough familiarity with the political system to effect any changes [and there are relatively few sufficiently educated people in the established political parties anyway so there's quite often no real avenue for pursuing it politically], really this is an instance where the ‘official’ above-board route is a massive failure. So instead they choose to fight a different battle, one that they can do very effectively. And although it’s legally questionable, it’s ethically justifiable and it is great that they really can have an effect and raise publicity to people who aren’t necessarily in geekier circles.
I’ve looked through the emails in more detail and looked at some recent articles from smaller news sources about ACS:Law.
One of the more amusing outcomes is the hasty back-pedalling done by Crossley in a short BBC interview he made directly after the leak gained attention: “In relation to the individual names, these are just the names and addresses of the account owner and we make no claims that they themselves were sharing the files”. So it’s reliable enough to threaten to take that person to court with, it’s reliable enough to demand £500 out of that person with, but it’s not reliable enough to actually identify THAT PERSON. How does that work exactly?
And oh my, the emails show that Crossley is such a whiny little girl. There’s no other phrase for it.
He’s tried to sue Slyck.com (who linked to me) for defamation because they criticise him, in fact one of the complaints was that a Slyck user called Terence Tsang a ‘wanker’, and another said “for Andrew Crossley, I hope you choke on your mince pies”. I’m pretty sure a court probably wouldn’t rule that this really counts as defamation. A bit mean, yes, but not really a legal issue. This is the guy all over. If there’s a record for the lowest rate of actually bringing about legal proceedings against people whom you threaten to do so, Crossley is a serious contender. I rather imagine he has the words “All mouth and no trousers” framed on the wall in his office underneath the words “ACS:Law Mission Statement” (uh oh was that defamation?). It really does strongly appear that his modus operandi is to rely on his legal credentials as a means to attempt to effect by intimidation action that should be decided in a fair court.
And he complains about everything. He had to pay a fine for littering which was traced to his office, he emailed someone to complain and said “I am utterly appalled I have been treated like a criminal”, which seems slightly ironic given what his business does. Uncharacteristically, he didn’t threaten to sue them.
After the One Show’s report on ACS:Law was broadcast he wrote a whiny email to the BBC, which basically amounted to complaining that they gave advice to deny ACS:Law’s claims if innocent. He decided to pretend the ‘if innocent’ part didn’t exist and worked on this assumption throughout. Needless to say, the BBC didn’t uphold his complaint.
He seems to have a long running feud with the solicitor who appeared on it to give the advice (Dr. Deborah Prince, who works for Which?), here’s an email quote: “That Deborah Prince is a total idiot. I am going to sue her“. He emailed her about a Which? article she wrote and he said: “I regard your conduct as unprofessional and in severe breach of the core duties of honesty and integrity”. I think the man genuinely believes himself! The emails are fragmented afterwards, but it appears after deciding not to sue her after all (oh you do surprise us, Andrew), he wrote to the Solicitors Regulation Authority (SRA), by whom he’s currently being investigated for misconduct, for the third time, to file a complaint against Dr. Prince. I don’t think their response is present in the email archive, but his reaction to their response is and he’s not a happy bunny: “Accordingly, I have referred the papers to the Ombudsman, as I am dissatisfied with the response given. However, I am not remotely surprised at the response to my complaint, as the SRA has consistently been a big disappointment to me.”. He lives in a different world.
As for their IT setup, they seem to have been hosted on a fairly amateurish hosting package, which I’m willing to bet was configured by an enthusiastic amateur in their office (old Teflon Terence, I rather imagine), not a reputable IT consultancy firm or something. Mixing personal data, computers and the law is quite hard and you really do need someone with a formal computing education to set it all up to an appropriate standard. 4chan’s DDoS attack should have been a minor inconvenience to them as they sorted a more appropriate host. In contrast, ACS:Law took the opportunity to score a massive own goal. They didn’t just fall on their sword, they left a whole rack of them sticking up and covered the corridor in banana skins. A DDoS attack is rarely effective for causing any real financial damage because companies who are susceptible to it and visible enough to attract such an attack take appropriate precautions to ensure they’ll have a good chance to be able to weather any surprise attacks, it’s usually only good for annoying people. On the other hand, ACS:Law has been offline for about a week now. No website, no email … oh dear. Out of their depth? Just a bit.
