[governance] Re: France To Require Internet Service Providers To Filter Infringing Music

Dan Krimm dan at musicunbound.com
Wed Nov 28 17:04:34 EST 2007


Thanks very much, Meryem, this helps me understand things a lot more.

BTW, Audible Magic does (I believe) fingerprinting analysis, which likely
aims at certain spectral characteristics of the unencrypted/unencoded audio
waveform and compares to registered recordings' signatures stored in a
database.  So it is a form of genuine content identification, not just
protocol.  A similar system is in operation at http://www.shazam.com/ --
because of the spectral methodology, this is quite resistant to bad
recording quality and additional ambient noise (like: in a noisy bar, going
through a phone call, coming from someone's iPod held up to the phone
receiver).  I know the guy who worked on Shazam's algorithm, and I assume
AM's is similar in principle.

So, I guess my final question is, if this stuff is all legal (including
getting a "legal order" to obtain personal data), then what would be
unconstitutional in France about a law to create the proposed regulatory
authority, in order to challenge the constitutionality of such a law?

Also, is the mere fact of a data transfer involving a work under copyright
unequivocal proof of infringement in France?  (What about fair use
provisions, etc.?)  Part of the issue with regulatory frameworks such as
this is that they can avoid legitimate judicial review, in an unbalanced
manner that favors copyright owner/aggregators over the rights of end
users.  If the legal order is too easy to get, then justice is being
systematically subverted, because it is not as easy to fight the order.
Easy = cheap, of course; it's all about money and other transaction costs.)

But all of this is moot if the law never actually gets passed in the first
place.  Can you estimate the political chances of this?

Dan



At 11:49 AM +0100 11/28/07, Meryem Marzouki wrote:
>Le 28 nov. 07 à 02:05, Dan Krimm a écrit :
>
>> At 1:18 AM +0100 11/28/07, Meryem Marzouki wrote:
>>> Le 27 nov. 07 à 22:25, Dan Krimm a écrit :
>>>
>>>> Another question I heard elsewhere is: does the deep packet
>>>> inspection
>>>> violate EU privacy laws?
>>>
>>> I'm not sure I understand what you mean by "deep packet inspection"
>>> here?
>>
>> In order to detect infringement, the content must be identified as
>> it is
>> passed through the net.  In your earlier message you referred to it as
>> "filtering techniques" such as provided by Audible Magic (also
>> referenced
>> in the title of this email thread).
>
>Thanks for the explanation (and thanks, McTim, for the pointer).
>Actually, I don't know the answer to your question, as I'm not sure
>how deep this inspection goes, it depends on the system used: if used
>to only identify that it's P2P traffic (I assume we can call this
>protocol filtering), does this necessarily mean *content* inspection
>in the sense of privacy laws? Advanced network analysis tools (for
>e.g. QoS analysis or any other metrology studies) are based on
>"application flow classification". This is needed for fine analysis
>of network operation, but may also be used for other purposes, as we
>know. So, I personally wouldn't advocate a radical position against
>any use of such tools, but rather look at (1) how proportional is
>their use w.r.t. a given purpose and (2) whether the use is actually
>limited to the claimed purpose, which should obviously be legitimate.
>These two criteria are actually the cardinal principles of EU
>personal data protection legislation. Then come user rights
>recognized in this legislation (information on, and access to, user's
>data being processes, etc.). And they all should be examined on a
>case by case basis.
>
>> Perhaps, as you noted, this must be in conjunction with IP
>> addresses, etc.,
>> to identify the supposed infringers.  I guess it comes down to the
>> status
>> of the "legal order" to get the identifying info in the case of
>> claimed
>> infringement.  Would this proposed system create some sort of "blanket
>> legal order" to allow bulk access to identifying info in case of
>> flagging
>> of infringing content in the filtering system?
>
>Not necessarily "blanket", but in any case a rather easy to obtain
>legal order (see my previous answer to Rui in the same thread, with
>the link given).
>
>> Even if the IP address "is not personal data" anymore in France, at
>> some
>> point they do have to get some personal data to prosecute the
>> claim, so at
>> some point there are personal data involved, and one would assume
>> that at
>> that point the privacy laws would kick in somehow, unless the
>> identifying
>> path is so "spread out" that the law cannot catch it at any
>> specific point
>> in the path.
>
>What I'm trying to explain is that once you get a legal order, you
>can go to the concerned ISPs and ask them for the identity of the
>concerned persons, given the IP addresses (and other relevant trafic
>data such as date, time, etc.). Given that, on the other hand, there
>are data retention laws, you're done. Like it or not, this is lawful.
>
>Meryem____________________________________________________________
>You received this message as a subscriber on the list:
>     governance at lists.cpsr.org
>To be removed from the list, send any message to:
>     governance-unsubscribe at lists.cpsr.org
>
>For all list information and functions, see:
>     http://lists.cpsr.org/lists/info/governance

____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.cpsr.org
To be removed from the list, send any message to:
     governance-unsubscribe at lists.cpsr.org

For all list information and functions, see:
     http://lists.cpsr.org/lists/info/governance



More information about the Governance mailing list