kNOw Future Inc.

law, technology and cinema, washed down with wine

Hadopi Law: Spyware Provisions and the TF1 Sacking

Sunday’s Liberation reported an announcement from the French Ministry for Culture that they had identified the staff member responsible for passing Jérôme Bourreau-Guggenheim’s letter to his MP on to his employer TF1, leading to his sacking. According to Electronlibre, his name is Christophe Tardieu and he is Minister Christin Albanel’s assistant director. He offered his resignation, rejected by the Minister, and has been suspended for a month.
——–

National Spyware Program

An element of Hadopi which hasn’t received much or enough attention as yet, is a section which specifies steps that can be taken by computer users to ensure that they will not be found liable under the new regime. The following is a rough translation of the relevant sections, taken from the text of the law in its current state, as found here (final version as amended and adopted by the Senate on May 13th, here). Bear with me, it is torturous, some explanatory notes are added in bold…

« Art. L. 331-30. – After consultation with those developing security systems designed to prevent the illicit use of access to a communication service to the public online (internet!), or electronic communications, people whose business it to offer access to such a service (ISPs) as well as those companies governed by title 2 of the book (Intellectual Property Code) and rightsholders organizations  (ie SACEM etc), the High Authority will make public the pertinent functional specifications that these measures must comprise so as to be considered, in its eyes, as valid exoneration of the responsibility of the access subscriber (internet user!) as defined in article L. 336-3.

At the end of a certified evaluation procedure, and taking into consideration conformity with the specifications set out in the previous paragraph and their effectiveness, the High Authority will issue a list certifying the security software whose use will validly exonerate the access holder (internet user!) from their responsibility under the terms of article L. 336-3. This certification will be periodically revised.

Mmmh. So what the law intends is to set up a meeting between consultation with security software vendors, antipiracy organizations and ISPs to decide what software you need to install on your machine, so that they can be sure that you behave yourself. If you don’t fancy installing their device, then you’ll just have to swallow any liability consequent to someone else using your machine or accessing your connection.

Art. L. 336-3. – The access holder to an online service of communication to the public ( internet!) or electronic communications is obliged to ensure that thus access is not used for purposes of reproduction, display, making available, or communication to the public, of works protected by copyright or a neighboring right, without the authorisation of the holders of those rights set out in books 1 and 2 (of the Intellectual Property Code), where required.

Failure to satisfy the obligation set out in the preceding paragraph can result in a punishment according to the conditions defined by article L. 331-25.

No sanction can be taken regarding the access holder in the following cases:

1° If the access holder (internet user!) installed on of the security systems appearing on the list mentioned in the second paragraph of article L. 331-30;

2° If the attack on the rights set out in the first paragraph of the present article is the work of a person who has fraudulently used the access to the online communication service;

3° In case of force majeure.

The failure of the access holder to the obligation defined in the first paragraph will not have the effect of imposing criminal liability.

Apart from finding the last paragraph a bit puzzling – the list of exceptions exempts from all liability, the coda refers only to criminal liability – and the language atrocious, it’s obvious the whole framework is mad and unacceptable. Imposing such strict liability unless users agree to install spyware, almost certainly connected to remote databases, is intrusive as well as dangerous.

How can this not amount to a wholesale surveillance of online activity? Who will have access to the data collected and transmitted by these ‘security systems’ (sic), and how will that access be managed? Will the security systems be transparent (free software/open source), or proprietary black-box money-makers, prone later to surrender to a veritable orgy of exploits? If proprietary, how will it be interoperable with free operating systems such as GNU Linux?

‘Certification’ (labellisation) is a phrase commonly heard in recent weeks, and the government wants to ‘certify’ legal content providers (Article. L. 331-21-1), and ultimately looks forward to a set of digital fingerprints corresponding to the works in their repertoires. Presumably the approved ‘security systems’ are intended to be able to interact with a database of such objects.

The proposals were already criticized by the French Free Software advocacy group APRIL in March. Attempts by the opposition to have a member of the French data protection agency, CNIL, designated a seat on the Hadopi ‘High Authority’ were rejected, so there won’t be any reassurance coming from that direction.

With the clarification of the law, and its pending passage into the statute book, more attention needs to be focused on these technical provisions and the future process through which they will be defined.

———–

For a guide to my various posts on Hadopi, please click here.

May 11, 2009 - Posted by | /, enforcement, France, HADOPI, p2p, technology

23 Comments »

  1. [...] directas existen otros efectos que aún no han podido cuantificarse. En otro blog llamado Know Future Inc. han publicado las notas sobre el denominado por ellos "Programa de Spyware Nacional", que [...]

    Pingback by ¿Linux, prohibido en Francia? « Tecnologia, Actualidad,y mucho mas…. | May 11, 2009 | Reply

  2. Its obvious that the law makers have no idea of technology. I want to see how they will for example enforce this “spyware” on my iPhone connected over WLAN to my DSL line. Yes, this is technically possible in theory but will they jailbreak my iphone for me? certainly not. So this will result in a denial of service. I will only be allowed to use Windoze or the like because they dont have any software for Mac, iPhone, Linux, freeBSD, Solaris .

    Its certainly a severe impact on privacy not in balance with the rights of any copyright holder. HADOPI is a totally sick law. The EU has at least made it clear that such measures without democracy can not pass. So they made it a requirement to have a judge to decide things instead of the control gremium themselves.

    its a good thing to have division of power. Its essential in any good democracy.

    Comment by Andreas Fink | May 11, 2009 | Reply

  3. My hair turns gray when I read such things. Sounds like it comes from the start of some apocalyptic future movie where in the end the whole suppressing system blows up. Well, in the real world such things shouldn’t even exist from the beginning.

    Comment by Slasher | May 11, 2009 | Reply

  4. [...] Wait, what? .. the law intends is to set up a meeting between security software vendors, antipiracy [...]

    Pingback by Frankrike, orka. « The Zash Blag | May 11, 2009 | Reply

    • Oh don’t worry, it’s not a meeting, it’s a ‘consultation’! Strange that there’s no mention of user or consumer organizations to be consulted, an oversight perhaps?

      And of course, it’s not actually the anti-piracy organizations, it’s the people who create and finance the anti-piracy organizations – the collective rights organizations: SACEM (sinilar to ASCAP), SELL (video games), SDRM etc

      Comment by nonrival | May 11, 2009 | Reply

      • Oh, how much better!

        Still, what the hell? They should be consulting the EFF at least.

        Comment by Zash | May 12, 2009

  5. It would be impossible to enforce all this.

    It’s good theory if you masturbate while reading 1984 and enjoy it, but in practice, the massive diversity and amount of information will be impossible to control or regulate.

    The lawmakers have no idea of how the technology even works, or how it can be bypassed by anyone with some programming skills. They are trying to beat the crap out of thin air, so to say. Just a waste of tax money and civil liberties.

    Comment by Leo Ryberg | May 11, 2009 | Reply

  6. Oh, this is normal, the music industry just found a new market, and they sure as hell know how to work it.. when it comes to money, moral, and even law is not to much to break.

    Comment by Marcus Nilsson | May 11, 2009 | Reply

  7. [...] directas existen otros efectos que aún no han podido cuantificarse. En otro blog llamado Know Future Inc. han publicado las notas sobre el denominado por ellos “Programa de Spyware Nacional“, [...]

    Pingback by ¿Quiere Sarkozy prohibir Linux? @ maslinux.org | May 12, 2009 | Reply

  8. Looks like there will be a huge rise of odd operating systems in France. Let’s force them to make that software for OS/2, QNX, E/OS and just about every unusual OS ever made…

    Comment by Anders Troberg | May 12, 2009 | Reply

  9. Anders: Don’t worry. They will make it for BOTH PC and Mac. What is this “operating system” thingy you talk about?

    Comment by Tuxie | May 12, 2009 | Reply

  10. Aaahhh, I’ll dig that old BeOS install CD out, let them have fun. Or what about that LinuxFromScratch I was toying with some time ago ? Or a pen-drive ?

    When my 8-year old son looks for some Pokemon film on Dailymotion, am I safe ?

    Comment by Zolko | May 12, 2009 | Reply

  11. The question of openness and interoperability of the spyware has been the subject of several amendments to the law. They have been discussed and all of them have been rejected. If I remember correctly, “The interoperability harms the software makers, and is not asked for by the users.” was the most striking answer to them.

    The Ministre de la Culture and the other politics sponsoring this law have demonstrated repeatedly how terribly ignorant they are, unless they just play this role on purpose.

    In her very best speeches, Christine Albanel stated that Open Source software like OpenOffice contains open source firewall software on par with Microsoft Office’s integrated firewall (go figure!) and that producing a hard disk containing the installed spyware would be a valid proof that you didn’t download stuff with your IP address!!!).

    The good news is that this law is so oblivious to petty details such as how the real world works, that it can’t be implemented in the first place.

    Comment by Patrice | May 12, 2009 | Reply

  12. [...] Hadopi Law: Spyware Provisions and the TF1 Sacking How can this not amount to a wholesale surveillance of online activity? Who will have access to the data collected and transmitted by these ’security systems’ (sic), and how will that access be managed? Will the security systems be transparent (free software/open source), or proprietary black-box money-makers, prone later to surrender to a veritable orgy of exploits? If proprietary, how will it be interoperable with free operating systems such as GNU Linux? [...]

    Pingback by Links 12/05/2009: Fedora 12 Features Preview, TrueCrypt 6.2 is Out | Boycott Novell | May 12, 2009 | Reply

  13. [...] Hadopi Law: Spyware Provisions and the TF1 Sacking Sunday’s Liberation reported an announcement from the French Ministry for Culture that they had identified the [...] [...]

    Pingback by Top Posts « WordPress.com | May 13, 2009 | Reply

  14. [...] einer Software, die permanent überwacht, was auf einem Rechner passiert. Das zumindest schreibt kNOw Future Inc. Als Quelle dient hierfür die Webseite der [...]

    Pingback by Hadopi so gut wie umgesetzt - liberté, égalité, fraternité adé | musik.klarmachen-zum-aendern.de | May 13, 2009 | Reply

  15. [...] I feel really sorry for your country and for the whole humanity. When things like this happen in modern times it shows that something is completely wrong with the world.  It was even claimed here in Sweden by the pirate party that hadopi would force people to install some supervising software on their computers. I assume that is just a joke, even if we were playing the weird eXistenZ it sounds just too absurd.  But there are other people writing about this so even such an insane thing could be true… http://knowfuture.wordpress.com/2009/05/11/hadopi-spyware-provisions-and-the-tf1-sacking/ [...]

    Pingback by HADOPI, la honte | blog.entremidietdeux.com | May 13, 2009 | Reply

  16. #15: Unfortunately, your assumption is wrong: it’s not a joke! The law indicates that to be able to prove that you have not illegally downloaded/shared copyrighted media, you’ll have to install some spyware. Requests for additions to the law to make sure the said spyware is open and interoperable have been rejected. As the detection of infringement is based on IP address only, this spyware “solution” is widely considered as a joke, but all arguments against it have been simply ignored or answered by ridiculous arguments.

    -Sigh-

    Comment by Patrice | May 13, 2009 | Reply

  17. I wonder if it will be possible to install the software to a virtual machine, or the opposite install, then run utorrent from a virtual machine

    Comment by phil | May 15, 2009 | Reply

  18. [...] rolarem em cima. Na verdade quem pode deitar e rolar com essa lei pode no ser bem os crackers. Aqui tem alguns comentrios e indicao para o texto integral do projeto. Dizem que os gastos para [...]

    Pingback by Frana aprova lei e vai suspender internauta que fizer download ilegal - ISTF | May 17, 2009 | Reply

  19. http://www.orderyang.com

    Comment by a | May 23, 2009 | Reply

  20. Thank you for your interesting article. Learned a lot new to subscribe to your news. I would wait for new articles. Good luck.

    Comment by Psh | May 31, 2009 | Reply

  21. Microsoft and most of the major software producers have been quietly using this kind of spyware for years. But it’s all been done quietly up until now and of course there is always a way around it. That’s why Hadopi is being discussed.

    I don’t see how it can come to too much and someone will write a fix for it, a way to block it or remove it, they always do.

    This is just bureaucracy gone mad!!

    Comment by Tim | June 9, 2009 | Reply


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 29 other followers

%d bloggers like this: