Commission Nationale Informatique et Libertés (CNIL) announced Tuesday morning that it was conducting an audit at Nantes Company Trident Media Guard (TMG), mandated by the rights holders to monitor file-sharing networks and transmit their findings to Internet Piracy. The CNIL control follows the discovery in this past weekend, a company server was not protected and could be freely accessed by any user, without any technical expertise.
Among the data, part of which was published on the Internet, there were records of Internet Protocol (IP) and identifiers of downloaded files, to know what the computer was downloading what file at what time. TMG said Monday evening that the server in question was a test machine, and the data transmitted to Internet Piracy was not available.
Even so, says Olivier Laurelli, computer security specialist and one of the first to reveal the existence of this server is not protected, "it was a collection of IP addresses, stored in publicly accessible, which poses a major problem of respect for privacy. " National Commission for Data Protection, IP address is regarded as personal information, and therefore subject to strict protection, just as e-mail or a phone number.
To monitor peer-to-peer (P2P), TMG had to have permission of the CNIL, which had been granted in June, but with reservations. In its report, the CNIL noted in particular that the volume of alerts sent by TMG Internet Piracy - 150 000 daily run, tens of thousands today - made all audit work by the High Authority complex.
If the NDC believes, as a result of its control, TMG insufficiently protects the data collected, it may withdraw its authorization of the company, bringing a halt to the "graduated response" implemented by the hadopi. The authorization of the CNIL is indeed imperative to proceed with the collection of information, and it would likely take several weeks or a month before the necessary corrections to be made or that another company obtains approval of the Commission.
A CRACK IN THE POSSIBLE "graduated response" In the meantime, the secretary general of Internet Piracy, Eric Walter, announced Monday night that the High Authority has temporarily suspended its computer connection with TMG. In the meantime, it will process reports late, but if the suspension was to last more than a fortnight - the legal time limit for data retention by TMG - would open a gap in the device.
A decision could be known Wednesday, at the end of a long-planned meeting between TMG and Internet Piracy, which was just wearing on the audit procedures of the action of TMG, a measure demanded by the CNIL. "The law provides that TMG is monitored every three months. However, no audits have been conducted.
The result of the personal data of users are freely available on a server since last June," annoyed Olivier Laurelli, very critical of the operating mode of the High Authority. "Suspending the connection with TMG is also in the direct interest of Internet Piracy: This company is now a black box, nobody knows exactly how." Even if the procedures were validated by TMG and the CNIL Internet Piracy, the company's difficulties should not stop there.
The server is freely accessible in fact contained a copy of the software used by the company to monitor P2P networks, which were coded fake profiles used by the company on the networks. The distribution of this software on the Web opens the door to the development of tools to greatly reduce the effectiveness of software TMG.
Among the data, part of which was published on the Internet, there were records of Internet Protocol (IP) and identifiers of downloaded files, to know what the computer was downloading what file at what time. TMG said Monday evening that the server in question was a test machine, and the data transmitted to Internet Piracy was not available.
Even so, says Olivier Laurelli, computer security specialist and one of the first to reveal the existence of this server is not protected, "it was a collection of IP addresses, stored in publicly accessible, which poses a major problem of respect for privacy. " National Commission for Data Protection, IP address is regarded as personal information, and therefore subject to strict protection, just as e-mail or a phone number.
To monitor peer-to-peer (P2P), TMG had to have permission of the CNIL, which had been granted in June, but with reservations. In its report, the CNIL noted in particular that the volume of alerts sent by TMG Internet Piracy - 150 000 daily run, tens of thousands today - made all audit work by the High Authority complex.
If the NDC believes, as a result of its control, TMG insufficiently protects the data collected, it may withdraw its authorization of the company, bringing a halt to the "graduated response" implemented by the hadopi. The authorization of the CNIL is indeed imperative to proceed with the collection of information, and it would likely take several weeks or a month before the necessary corrections to be made or that another company obtains approval of the Commission.
A CRACK IN THE POSSIBLE "graduated response" In the meantime, the secretary general of Internet Piracy, Eric Walter, announced Monday night that the High Authority has temporarily suspended its computer connection with TMG. In the meantime, it will process reports late, but if the suspension was to last more than a fortnight - the legal time limit for data retention by TMG - would open a gap in the device.
A decision could be known Wednesday, at the end of a long-planned meeting between TMG and Internet Piracy, which was just wearing on the audit procedures of the action of TMG, a measure demanded by the CNIL. "The law provides that TMG is monitored every three months. However, no audits have been conducted.
The result of the personal data of users are freely available on a server since last June," annoyed Olivier Laurelli, very critical of the operating mode of the High Authority. "Suspending the connection with TMG is also in the direct interest of Internet Piracy: This company is now a black box, nobody knows exactly how." Even if the procedures were validated by TMG and the CNIL Internet Piracy, the company's difficulties should not stop there.
The server is freely accessible in fact contained a copy of the software used by the company to monitor P2P networks, which were coded fake profiles used by the company on the networks. The distribution of this software on the Web opens the door to the development of tools to greatly reduce the effectiveness of software TMG.
- China: Exposing Internet Surveillance Abroad (02/05/2011)
- 23,000 targeted in latest US BitTorrent lawsuit (10/05/2011)
- Google Fined €100K for Street View Collection of Wi-Fi Data (21/03/2011)
- Breaking the Monopoly of Celebration (28/04/2011)
- Breaking the Monopoly of Celebration (26/04/2011)
CNIL (wikipedia)  HADOPI law (wikipedia)  
No comments:
Post a Comment