[FSFLA-Traductores] Brazilian PLC 89/03

[Alexandre Oliva]

On Jul  5, 2008, Richard M Stallman <rms en gnu.org> wrote:

> It is an outrage to prohibit them from taking pictures
> of themselves, or possessing those pictures.

*and* have the parents go to jail if they do, which is how legal
responsibility for minors works in Brazil.

> (A teenager in the US has been prosecuted for sending
> her boyfriend a nude photo she took of herself.)

Oh, God!  How stupid can this get?  Next thing, they'll go after porn
stars who perform during pregnancy.

> However, the worst part of the bill is this:

>     - surveillance: network service providers are mandated to retain logs
>     about customers' connections, required to relay reports of suspected
>     crimes committed by its customers to authorities, and to share logs
>     with the authorities.

> That is what we should focus on.

I respectfully disagree.  Maybe you got the impression that it's worse
that it actually is, and that the DRM side is not as bad as it is,
because of the way I summarized it.  The surveillance issue is very
bad, but I think the DRM-enforcement aspects are worse.  I think we
have to focus strongly on both.

For one, I don't think it's such a big deal that providers maintain
logs about what IP address they assign to me when I connect to their
networks, and aggregate traffic accounting.  They actually have to do
that for billing purposes, just like the phone companies have to do
that to be able to show you what phone calls it's charging you for.

The big problem here IMHO is the obligation to relay reports of
suspected activities to authorities (why wouldn't the reporter contact
the authorities directly?) and to share logs upon a court demand (and
not in any other case, with anyone else).

It's some of a concern that courts may *already* demand such
information, and even mandate such information to be collected.  But
currently they can only do so when a person is already under
investigation, and if enough evidence is already available to justify
this invasion of privacy.  This is not an aspect in which the bill
makes things worse.

What makes things slightly worse IMHO is that a provider will no
longer be able to refuse a demand for past logs, claiming to not have
collected them, to have already removed them, or to be bound by
agreements with other parties (say the customer), because it is now
required to maintain and retain them, and to offer them to a court
upon formal request.  But, again, there needs to be a sufficient body
of evidence against a person for such information to be requested, and
then, even logs collected before the investigation started and a court
demanded logs to be collected may be exposed.

Very bad, indeed, but, given the circumstances, it's not really worse
than what we have in place today, as evidenced by the legal disputes
against Google for refusing to provide to Brazilian courts information
about certain images posted on Orkut.  Because provides *do* maintain
these logs, and courts already have power to demand them to be
created, retained and relayed, and this does not change with the bill.


But, however bad this is, I still think the criminalization of access
to computer systems, and data stored in them, without authorization,
or not in accordance with authorization, has far more potential for
abuse, especially from DRM supporters.

It's full erosion of fair use, just by storing data in digital form
and wording the license of the player or of the work such that certain
uses become not permitted, regardless of what copyright law says.  And
you can go to jail by as much as trying to install software or decode
information in violation of authorization terms.  It's DRM implemented
through law rather than technology.  *Really* scary.

-- 
Alexandre Oliva         http://www.lsd.ic.unicamp.br/~oliva/
Free Software Evangelist  oliva@{lsd.ic.unicamp.br, gnu.org}
FSFLA Board Member       ¡Sé Libre! => http://www.fsfla.org/
Red Hat Compiler Engineer   aoliva@{redhat.com, gcc.gnu.org}