The UK government’s Criminal Justice Bill had its first reading in the House of Commons on November 14, 2023, followed by its second reading on November 28.

A Public Bill Committee is now in the process of scrutinizing the Bill “line by line” and if all goes to plan, the Committee will report back to the House by January 30 , in advance of the Bill’s third reading.

The purpose of the Bill is to amend criminal law and, in many respects, it signals positive change. New criminal offenses to prohibit devices used in serious crime, theft, and fraud, such as 3D printer firearms templates, tablet presses, encapsulators, and vehicle concealment compartments, have been reasonably well-received.

Measures against universally despised, SMS spam-and-fraud-enabling SIM farm devices are long overdue, but some believe that criminalizing the homeless for “nuisance” rough sleeping isn’t the type of change Britain needs right now. However, with prison sentences of up to a month on the table, such nuisances can be completely eliminated, in theory for up to a month.

Preventing Online Crime

During the debate on November 28, Home Secretary James Cleverly spoke about the need to tackle fraud in its various forms. Published in June 2023, the government’s fraud strategy revealed that fraud now accounts for over 40% of all reported crime in the UK, with police dedicating just 1% of overall resources to tackle the problem.

“The Criminal Justice Bill contains several new measures to tackle fraudsters and the perpetrators of other serious crimes. We are prohibiting the possession and supply of SIM farms that have no legitimate purpose,” Cleverly said .

On the disparity between police resources deployed and the sheer scale of the fraud problem, Cleverly responded that it’s “not quite as simple as mapping the proportion of crime to the proportion of police officers,” since there’s a need to “upskill investigators so that they can focus on those crime types.”

The Home Secretary added that new tools to fight fraud are also part of the Bill.

“Law enforcement agencies will have extended powers to suspend domain names and IP addresses used for fraudulent purposes or other serious crimes,” Cleverly said.

Are Pirate Sites Among the Targets?

The Bill sees domain and IP suspensions as a mechanism to fight fraud and other crime that has an online component. Pirate sites aren’t mentioned specifically, but the same also applies to many other illegal operations that currently exist, or might exist in the future.

According to the Bill, investigative agencies would be given new power to apply to the court for a suspension order. These would compel third-party entities, involved in the provision of IP addresses or domain names, to suspend or deny access to them for up to a year.

According to the Bill’s explanatory notes, law enforcement agencies and entities responsible for assigning domain names or IP addresses currently operate under voluntary agreements. These rely on alleged fraudsters violating the terms of service laid down by their providers, at which point domains and/or IP addresses can be suspended for those breaches.

While that works in the UK, overseas providers “do not always recognize” informal requests and demand court orders before any suspensions can take place. The Bill addresses this with the introduction of two new orders, one to suspend IP addresses and one to suspend domain names, to be served against “Regional Internet Registries, Local Internet Registries, or Internet Service Providers.”

According to the government, these orders “can be served internationally, to ensure that any threat originating from outside the UK can be effectively tackled.”

Suspension Orders Target ‘Serious Crime’

The Bill says that an “appropriate officer” may apply for an IP address suspension order. The definition covers police officers, NCA officers, HM Revenue and Customs officers, members of staff of the Financial Conduct Authority, and enforcement officers in the Gambling Commission.

Before a court issues an IP address suspension order, certain conditions must be met. For example, an IP address can only be suspended when it is being used for serious crime.

Crime is defined as conduct which constitutes one or more criminal offenses, or corresponds to conduct which, if it all took place in the United Kingdom, would constitute one or more criminal offenses. The threshold for serious crime is when the offense(s), committed by a person over 18 (or 21 in Scotland and Northern Ireland) with no previous convictions, could reasonably be expected to be sentenced to prison for three years or more.

The majority of the defendants in the recent prosecution of Flawless IPTV had no previous convictions. In 2023, five defendants were sentenced to over 30 years in prison for offenses including conspiracy to defraud and money laundering. Over the last ten years, City of London Police has sent letters to pirate site operators ordering them to shut down or face potential prosecution under the Fraud Act and Serious Crime Act.

Relationship Between IP Address and UK

To show a relationship between the alleged serious crime, an IP address, and the UK, one of several conditions must apply. Most center on the definition of a ‘UK Person’ which broadly covers a person with British citizenship, a person living in the UK, a body incorporated under UK law, or an unincorporated association formed under UK law.

A relationship to the UK is established when a UK Person uses an IP address to commit serious crime, or becomes a victim of serious crime for which the IP address has been used. A relationship can also be established when an IP address is used for crime in connection with unlicensed gambling, or when an IP address is allocated to a device located in the UK.

Using the Flawless case as an example, more than one person used an IP address to commit serious crime, while a UK Person (Premier League) was the victim. Even if the defendants had been located overseas, a relationship could still be established due to the victim’s status as a UK Person.

Reactive and Proactive Suspensions

In respect of domain names, the measures are similar but also include a significant proactive element.

“The domain name conditions also cover instances in which domain names could be used for criminality in the future,” the Bill’s explanatory notes read.

“This is due to the criminal use of domain generation algorithms (DGA) to aid their operations. Once the relevant law enforcement agencies understand the DGA, they can identify domains which could be associated with criminal activity in the future and suspend them before they can be used.”

As previously reported , UK broadcaster Sky is fighting DGAs deployed by IPTV providers who are attempting to circumvent a High Court blocking injunction. While that is a matter under civil law, case law establishes that Sky is a victim of fraud, and a UK Person as defined by the Criminal Justice Bill.

Whether companies like Sky and the Premier League will make use of the provisions in the Bill when it enters into law is unknown. What isn’t in doubt is their determination to use any tool that has the potential to reduce the piracy problem.

From: TF , for the latest news on copyright battles, piracy and more.

Read 6 remaining paragraphs | Comments

Read 17 remaining paragraphs | Comments

After years of relative calm, punctuated by intermittent action against larger operations, law enforcement actions against pirate IPTV services in Europe are on the rise.

The UK’s Eastern Region Special Operations Unit (ERSOU), a regional force with responsibility for disrupting organized crime and counter terrorism policing, has revealed details of raids executed on Tuesday targeting a pirate IPTV operation.

Warrants Executed in England and Scotland

ERSOU reports that simultaneous warrants were executed at residential addresses in Harlow and Chigwell in Essex, Waltham Cross in Hertfordshire, and Lanarkshire in Scotland. Two men, aged 33 and 35, were arrested on suspicion of fraud, money laundering, and intellectual property offenses.

The investigation, led by ERSOU but most likely supported by Sky investigators, relates to a channel on Telegram where pirate subscription packages, granting illegal access to Sky TV channels, were sold to the public. Police say the packages were sold to thousands of end users, earning those behind the scheme over £800,000 (US$1.01m).

Police Seize Cash, ‘Custom’ Streaming Devices, Firearms

Police report that specialist financial investigators were able to seize around £17,000 (US$21,800) in cash, unnamed digital devices, and an unspecified number of ‘custom’ streaming devices. Supplied images featuring some of the seized cash, and clear evidence bags containing immediately recognizable orange boxes, suggests modified Amazon Firesticks were probably part of the haul.

ERSOU reports that the men were taken into police custody where they were questioned and subsequently bailed. After two shotguns were seized by police, a man at the address in Harlow was also arrested for firearms license breaches, ERSOU reports.

Large-Scale Criminal Operation

ERSOU Detective Inspector Steve Payne says the arrests were part of an investigation into a “sophisticated large-scale criminal operation” that has generated significant revenue from the sale of illicit IPTV subscription packages. The money generated comes from buyers of the packages, most likely ordinary people looking for a cheaper way to access subscription TV.

DI Payne says that after police obtained subscriber lists, further action shouldn’t be ruled out.

“We have also gained access to the details of those purchasing the streams, and I would remind anyone doing so that they will be breaking the law and could ultimately be subject to criminal proceedings,” DI Payne notes.

The arrests were also welcomed by Matt Hibbert, Sky’s Director of Anti-Piracy.

“We’re grateful to ERSOU and to the forces involved for taking this action, which will have a significant impact on the illicit sale of Sky TV. We’ll continue to support efforts to shut down the organised networks involved in the large-scale theft of our content, and to protect consumers from the risks involved in accessing content in this way,” Hibbert says.

From: TF , for the latest news on copyright battles, piracy and more.

Read 6 remaining paragraphs | Comments

Read 15 remaining paragraphs | Comments

Read 5 remaining paragraphs | Comments

Anyone who uses the internet today should already be aware that privacy is all but non-existent.

The quid pro quo for using any major online service, social networks in particular, is the surrender of extraordinary amounts of personal data.

Even regular websites can deploy dozens of trackers and trying to surface those don’t, using a search engine perhaps, makes everything several times worse. The position today is simple: accept being tracked in some way, shape, or form, or stay off the internet.

While the privacy-invading aspects of the wider internet are broadly discussed, much less attention is given to the companies that allow us to get online in the first place. Without broadband providers the internet would die but by default, all traffic generated by subscribers goes through them. There’s a much bigger conversation to be had on the role of ISPs and their handling of subscriber data but our focus here is on a very specific niche.

When ISPs and Content Providers Collide

All kinds of radical antidotes were up for discussion in the early days of file-sharing, but one often dismissed out of hand most was always destined to pose the biggest threat. In general terms, ISPs ‘owned’ the access tubes of the internet and rightsholders owned the content. Two decades later, these previously warring parties are frequently found under the same corporate roof.

Content owners exercising total control over subscriber connections isn’t yet a reality but close working relationships and shared interests with ISPs suggest travel in that general direction. In 2019, it emerged that a UK-based anti-piracy company, known for its work against pirate IPTV providers, was sharing data with one or more UK ISPs to determine subscribers’ consumption of content from various ‘pirate’ servers.

The arrangement was referenced again in October 2020 when it was revealed that traffic data from UK ISP Sky supported a successful UEFA High Court ISP blocking injunction. A year later it emerged that Sky had compiled data on high-traffic IP addresses accessed via its network to help an anti-piracy company working for the Premier League.

At this point we should highlight how this work was framed. This wasn’t Sky spying on customers’ connections via the modem in the home, we were told. This was activity at completely the other end, i.e monitoring the levels of traffic flowing inbound from the pirate servers’ IP addresses. Some might argue that any type of monitoring is unacceptable but what if UK ISPs actually had permission to do more?

Permission to Monitor Pirates?

After receiving information suggesting that other ISPs may also be collaborating in similar anti-piracy work, we requested proof to show that is indeed the case. While that is yet to surface, we were invited to consider legal documents issued by two leading UK ISPs: Sky and Virgin Media, and for comparison, BT.

These documents – customer agreements and their related privacy policies — reveal that when people sign up as customers to at least two UK ISPs, they do so on the understanding that piracy might lead to their information being shared with third-parties.

Sky Privacy Policy

Sky documentation contains several references to the protection or enforcement of its own rights, and of “any third party’s rights.” For example, in the ‘How we use it” section relating to contact details and account information, the policy contains the following:

The same declaration appears in the ‘IP Addresses & Online Identifiers’ section where Sky notes that subscriber information can be used where it has a “legitimate interest” including the protection or enforcement of its own or any third party’s rights. “This may involve analysing activity on our network to help stop unauthorized access to content or publication of or access to unlawful content,” the company notes.

As a content provider in its own right, much of the above will relate directly to Sky’s own delivery platforms and its ability to prevent unauthorized access to content under its own control. However, in the section titled “Sharing with third parties” statements become much more explicit.

“We share your personal data, such as your contact details, financial data and other information described below, with credit reference and fraud prevention agencies and other relevant parties…for the prevention and detection of crimes such as fraud, piracy and money laundering,” the section reads.

“Where we reasonably suspect that you are pirating Sky or third-party content, we may share information with other organizations with a similar legitimate interest in preventing, detecting and prosecuting piracy.”

How these policies work in practice is unknown, but they are there for a reason. That Sky subscribers effectively grant these permissions shows once again that nobody reads the small print.

Sky’s Privacy Policy is available here

Virgin Media Privacy Policy

The first mention of using customer data for anti-piracy purposes appears in section 4 of Virgin Media’s privacy policy.

“We rely on Legal Obligation and Legitimate Interests Legal Bases to use your information to ensure we comply with our legal and regulatory obligations (these are our legitimate interests),” Virgin’s policy reads.

“We use information about who you are and your use of our products and services to block unauthorized or illegitimate content on our TV platforms, respond to court proceedings and enforcement authorities, and help authorities and industry organizations with any security, fraud, anti-piracy, crime or anti-terrorism enquiries.”

In the section where Virgin declares use of customer data to “develop, manage and protect” its business, the company says it does so “to identify and prevent piracy and other crime” and to “identify threats to our network that result in TV piracy.”

The company further states that it collects information about its customers from third-party or external sources, including “fraud and anti-piracy prevention agencies.”

Virgin also has a dedicated anti-piracy relating to its own TV services.

Virgin Media’s Privacy Policy is available here

BT Privacy Policy

In contrast to competitors Sky and Virgin, explicit mentions of anti-piracy cooperation are absent from BT’s privacy policy . Elsewhere, however, BT goes into some detail on the information it collects and where that data can be used when a user is suspected of piracy.

“We keep information about how you’re using your broadband to help us understand and manage traffic flows on our network, improve our services and tell you about products you might be interested in. That includes IP addresses and other traffic data including websites you’ve visited,” the ISP reports.

“We are sometimes contacted by third parties who monitor illegal online file sharing on behalf of copyright holders. If we receive a claim that there has been illegal sharing on your broadband service, we may use your IP address to notify you. But unless we are required to by law, we will not disclose your personal information to the copyright holder or any party acting on their behalf.

While these three leading UK ISPs all see piracy as problem to be countered, from these policies it’s evident that Sky’s approach is the most uncompromising, at least on paper. How much data it shares externally is unknown but having put that intent in black and white, one has to assume that anything is possible.

From: TF , for the latest news on copyright battles, piracy and more.

Read 4 remaining paragraphs | Comments