Italy Says P2P Monitoring Firm Broke The Law -- But This Might Not Be A Good Thing

from the there-goes-that-evidence dept

There have been various accusations in the US that the techniques used by various P2P monitoring firms that the entertainment industry uses are an "illegal investigation." While we're still waiting to see the outcome of such cases, over in Italy, the government organization in charge of privacy has determined that, indeed, the efforts to monitor P2P use violates local privacy laws. This comes just a few months after a similar finding in Switzerland. With the EU recently saying that IP addresses are private information, you can see why these types of rulings are coming through.

While I will argue vehemently over the fact that the entertainment industry's tactics are wrong, short-sighted and unfair to many of the people it accuses of copyright infringement, I'm not so sure that merely collecting information that someone's computer broadcasts about themselves should be considered a violation of privacy. I do agree that ISPs shouldn't just hand over data on who's account is attached to a certain IP address (that's a privacy violation. But, to simply collect the data, which is publicly "broadcast" by the user, hardly seems like a privacy violation. There are plenty of arguments against the entertainment industry's tactics -- but you get into dangerous territory when you start declaring publicly broadcast information as somehow "private." While it may be appealing in that it makes life more difficult for short-sighted entertainment industry execs hellbent on suing customers, the unintended consequences of such things could be dire. It raises serious questions about how other types of publicly broadcast info may be judged later.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Dr.A, Mar 18th, 2008 @ 11:21pm

    P2P not public broadcast

    Monitoring (on your TV) publicly broadcast pay TV channels, monitoring publicly broadcast mobile communications, monitoring wi-fi traffic, .. is it all legal ?
    The thing is P2P communication is not public broadcast.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike (profile), Mar 19th, 2008 @ 12:00am

      Re: P2P not public broadcast

      Monitoring (on your TV) publicly broadcast pay TV channels, monitoring publicly broadcast mobile communications, monitoring wi-fi traffic, .. is it all legal ?

      All of those (with the possible exception of WiFi) are encrypted. That's quite different.

      The thing is P2P communication is not public broadcast.

      Your IP address is publicly broadcast via your P2P app. Yes, it is a public broadcast.

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        ehrichweiss, Mar 19th, 2008 @ 8:12am

        Re: Re: P2P not public broadcast

        "Your IP address is publicly broadcast via your P2P app. Yes, it is a public broadcast."


        In technical terms, it is NOT a broadcast. The IP is provided to any peers contributing or downloading but it is not provided to everyone, and that's only if the P2P app doesn't use tunneling to obfuscate/encrypt the data/IP.

         

        reply to this | link to this | view in chronology ]

  •  
    identicon
    TheZorch, Mar 18th, 2008 @ 11:39pm

    No, it is wrong

    If you break the law trying to enforce the law you are twice as guilty as those who violate the law you are trying to enforce, period.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2008 @ 12:02am

    If you have enough money and government backers, You can't break the law, if your broke, then they sue you to death. Welcome to America - The land of the money grubbing arseholes and the government personel whom support them.

    Death to RIAA!

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2008 @ 12:23am

    It might be an idea to do some research on what 'private' here means, in the context of EU law.

    Here in the EU, with the penetration of always-connected Internet connections being what they are, your IP address probably will be 'personally identifiable information'. There are laws around the use of such information. And personally identifiable information can be those bits-and-pieces that, in themselves, don't lead back to the identity of a person, but when used in conglomerate do reveal a person's identity.

    One of those laws is that information like that CAN be used - but the collector of that information needs to inform the person WHAT is being collected and, more importantly, HOW it's going to be used. Using that information for something other than the stated reasons is illegal; the user hasn't been informed beforehand that the information could be so used.

    Also, the uses that the information is put too has to have some relevance to WHY the information is being used. Using the data collected from an electronic public-transport ticket to collect the fare from you bank account would be relevant. Using it to send you marketing information based on your travel profile probably wouldn't be.

    Whether you agree with the EU view on this or not - it IS the law here and needs to be respected by those companies doing business over here.

    Disclaimer: IANAL nor have I played one on television.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Dr.A, Mar 19th, 2008 @ 12:27am

    Encrypted

    Everything is "encrypted"/"encoded" in some way. Even if it is just in a binary code.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike (profile), Mar 19th, 2008 @ 12:54am

      Re: Encrypted

      Everything is "encrypted"/"encoded" in some way. Even if it is just in a binary code.

      You miss my point. I said encrypted -- not encoded. All of your examples were encrypted in a manner purposely designed to hide what the data is. In other words, designed in a way that you cannot simply read the information without a specific key.

      That is not the case with an IP address.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Mar 19th, 2008 @ 5:43am

      Re: Encrypted

      Your post implies that "Encrypted" and "encoded" are the same thing. They are practically opposite. Encoding information allows you to organize and quickly identify it. Encrypting information reduces it to meaninglessness.

      JPEG is an encoding sceme, allowing you to quickly describe an image. AES is an encryption sceme, making data difficult to extract without additional special, secret information (the key).

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    enigmax \ torrentfreak, Mar 19th, 2008 @ 1:57am

    Privacy

    My understanding of this decision is this: If you operate a P2P client for the purposes of file-sharing, then other P2P users who have the intention of sharing files with you can connect to you without breaching your privacy. However, those using the same networks for non P2P file-sharing purposes (Logistep, et al) are breaching your privacy if they connect to you 'pretending' to share files, only to do something else (collect data)

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      Mike (profile), Mar 19th, 2008 @ 2:17am

      Re: Privacy

      My understanding of this decision is this: If you operate a P2P client for the purposes of file-sharing, then other P2P users who have the intention of sharing files with you can connect to you without breaching your privacy. However, those using the same networks for non P2P file-sharing purposes (Logistep, et al) are breaching your privacy if they connect to you 'pretending' to share files, only to do something else (collect data)

      Interesting. Still not sure I agree with it, however. It still seems to go down a slippery slope.

      I guess, at best, you could say not so much that it's a privacy violation, but that there's some kind of fraud going on, in that Logistep is claiming one thing, but really doing another...

       

      reply to this | link to this | view in chronology ]

      •  
        identicon
        Anonymous Coward, Mar 19th, 2008 @ 5:49am

        Re: Re: Privacy

        Slippery Slope?? for who? In fact this is the one time that the user is properly protected in the law, against the Evil Empire.

        If the states had the same protection, everyone would be better off.

         

        reply to this | link to this | view in chronology ]

      •  
        identicon
        John, May 18th, 2011 @ 2:35pm

        Re: Re: Privacy

        No im saying if thats the case the privacy would come into
        P2p not knowing his machine was customly set up that way do to lack of technical knowledge

         

        reply to this | link to this | view in chronology ]

    •  
      identicon
      reech, Mar 23rd, 2008 @ 12:32pm

      Re: Privacy

      Indeed - it's all about intent - I am sharing files - not asking for people to snoop.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    ReallyEvilCanine, Mar 19th, 2008 @ 3:01am

    EU != US

    The Anonymous Coward in #5 beat me to it. How many times do we have to tell you that the EU has privacy laws which are sadly absent in the US' Constitution and, for the most part, the entirety of more than 200 years of juris prudence? Privacy laws are enumerated in EU countries and these laws heavily restrict both the collection and transfer of personal data.

    Without my consent my bank may not pass on any information about me to anyone, not even other divisions within the same corporation in order to try and sell me some service or package. Without providing full disclosure and obtaining my explicit permission -- signed and dated -- no company can distribute any personal information they may have about me. They cannot even confirm that I'm a customer unless I've signed a waiver or instruction to release such information.

    And you think this is a bad thing... why?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2008 @ 5:09am

    Just because my address is on the outside of my property doesn't make it not private - If someone goes and shares that around it is indeed an invasion of privacy - IP addresses are the same as far as I'm concerned - The IP address is needed for delivery only - Sharring that info should be illegal.

     

    reply to this | link to this | view in chronology ]

    •  
      identicon
      Alimas, Mar 19th, 2008 @ 5:26am

      Re:

      Thats not really the point at all.

      I hate to break it to you - but your address isn't private. Hundreds of people are aware of your street address. The person delivering your mail is probably familiar with it, the town you live in and the post office are vaguely familiar with it. Heck, everyone that lives on your street, particularly those with a number higher on their address are aware your address exists. It isn't private information.
      And much like you said about your address being visible on the front of your house, your IP address is equally not private.
      Now, your name attached to your address - thats different.
      And thats the same thing with the IP address.
      And like your address, keeping that private is your responsibility. How far you want to go with your anonymity is your choice and your risks to gauge.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      SomeGuy, Mar 19th, 2008 @ 5:38am

      Re:

      My understanding of "private" is "not publicly known or available." Your address is publicly known and available in so much as it's posted outside your door. Anyone looking for 4 Privet Drive can find it. Now, you might argue that connecting 4 Privet Drive with the name of the person that lives there is a violation of privacy, but I'd argue that in THAT case the name, or the association of the name with the address, is the private information, not the address itself.

      This is pretty much what Mike said above: the address is public. If you want to claim the ASSOCIATION as private, that's more than understandable and very reasonable. But it's dangerous to say that information any passerby can get in a glace is somehow "private."

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Yeah another AC whatever, Mar 19th, 2008 @ 5:39am

      Physical address is not private

      Ever heard of the phone book?

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2008 @ 5:37am

    yeah, but when you add a name to the address it becomes private - The post office has it to deliver your mail, but if they gave out to anyone with your name attached- that would be a violation of privacy - same with phone numbers - the number may not be private, but when you attach a name to it, it IS! And if it isn't, It should be. Anyway - Not like it matters anyway, The corps and governments will still do whatever they want and most likely get away with it

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2008 @ 6:10am

    ok then, I will take your IP address - get your name and home address and post all together online and see how un-private that seems to you - Dee Dee Dee

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Todd, Mar 19th, 2008 @ 6:58am

    I would have to say that collecting the IP address is not an invasion of privacy. It is not an invasion of privacy to drive down the street and write down an address.

    It is how ever an invasion of privacy to walk down a street, look in the windows of every house, collect data of what is in thier houses legal or otherwise, and then write down that address to identify the contents of those houses.

    Oh, and on the encrypted conversation not all models of cordless phones are encrypted, but it is still illegal to monitor the signal.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Mar 19th, 2008 @ 5:58pm

    Mike has too much time on his hands

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Justin, Mar 20th, 2008 @ 1:18am

    Re: Re: P2P not public broadcast

    I agree with ehrichweiss.

    Your IP address is not broadcast, it is provided in a point-to-point connection (outside of your local network that is).

    It's no different from having an unlisted telephone number and then using your phone to call someone else who has an unlisted phone number.

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Pizza, Mar 21st, 2008 @ 1:04pm

    Coverage from italy

    I'm from Italy and I would like to add a couple of points to the discussion. Good coverage to the italian and german stories has been published at Punto Informatico (main IT news resource in Italy - very reliable I'd say, ask your italian friends if you have any). I sum up and translate below some points from two linked articles.

    Italy
    - monitoring is unlawful because it's active, massive, detailed, long-term surveillance of many users (i.e., not the same thing that receving a broadcasted information)
    - Logistep stored data that usually would be deleted because they are not necessary to P2P activities
    - data got collected from P2P networks for different reasons than using/participating P2P networks themselves
    - data got collected secretly

    Germany:
    - you can't do automatic scanning against users without their previous consent
    - you can't ask to ISPs users' IP addresses - only enforcement agencies can

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    James, Jul 3rd, 2008 @ 5:36am

    Re: Re: P2P not public broadcast

    "Your IP address is not broadcast, it is provided in a point-to-point connection (outside of your local network that is)."

    It varies from system to system, but discovery and publication activities typically are broadcast - in that you try and get your message out to as many people as possible. Yes, this might involve many point-to-point connections, but then so does normal network broadcasting.

    P2P systems are public systems, so if you broadcast "Who has this file?" or "I'm sharing X" - they you are effectively broadcasting into the public domain.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This