Illegal p*rn sharing, and digital ID

The BBC News site has an article today about “hundreds” of UK internet users who have recently received letters from a law firm in Frankfurt, alleging violation of copyright and demanding £500 or so in compensation. The allegation is that they have inappropriately shared “adult titles” (though I assume the implication is that they have shared more than the title…).

According to the report, many of the recipients of these letters deny having done anything of the sort. In some cases (particularly among the more elderly pensioners), it’s a pretty plausible denial…

So what’s going on here, and what are the wider implications?

Well, let’s assume first that the German company is genuine, and is sending the letters in good faith. That’s an assumption which bears checking, because I should imagine there are those who, mortified by the mere fact of the accusation, may have sent in their £500 just to make the whole thing go away. They would be unlikely to complain, or discuss it with anyone, because of the embarrassment factor. All in all, that would make for quite a neat phishing scam – playing rather more subtly on human weakness than the “Nigerian 401’s” appeal to raw greed.

The company apparently bases a lot of its forensics on IP addresses; identifying addresses which appear to be associated with illegal file-sharing, and then approaching the ISPs in question for disclosure of the user’s details. And that raises a number of issues:

– first, it’s possible that the IP addresses in question are indeed associated with illegal downloads, but that it’s not the fault of the registered user: exploitation of unprotected wireless hubs, bot-nets and IP address spoofing are all plausible alternative explanations.

– second, one has to ask where this leaves the European proposals for IP addresses to be included within the scope of Personally Identifiable Information (PII) and regulated as such.

To my mind, that step would be both premature and dangerous, while these practical means of exploiting IP addresses remain technically available and, as this news item clearly illustrates, commercially valuable.