New French ‘Loppsi 2’ Law Proposal to Allow Police to Upload Malware to File Sharers? Drew Wilson | May 19, 2009 Currently, we only have a Google translation of the article, but if the translation came out right, is France really preparing to allow the government to upload spyware onto users computers? If this is true, it almost makes the HADOPI, or three strikes law, seem like nothing. Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes There’s an article posted on Le Monde recently that, if the translation is accurate enough, seems to suggest that the government wants to propose a law, known as Loppsi 2, that would allow a government official or a police officer, to upload “cookies” for the pupose of, among other things, data retrieval, without the need to clarify that what they did was legal or not for a period of 4 months. Here’s the Google translation of what we are reading: Dadvsi and Hadopi supposed fight against illegal downloading with technical measures, should be completed in autumn 2009 by a far more ambitious, focusing on all the crime. Loppsi 2 (law and planning for the performance of Homeland Security, 2nd named after Lops, 2002), commissioned by Nicolas Sarkozy, would have a budget of one billion euros over five years (2010-2015). The key to Loppsi 2, the cookies. The Hadopi law already provides for the simplification of procedures by the state services software incorporating technical measures remote control functionality or access to personal data. ” Also refers to the Dadvsi cookies: Article 10bis Additional C to Article 15 enables the central management of security of information systems (DCSSI) to escape the control of software bugs that could be installed by government departments, local authorities and public or private operators. In other words, the state will no longer be obliged to verify the “legality” of the cookies used by its services on the network. Therefore, the door is open to all “broadcasts” information and sound of any kind. Bill Loppsi 2 incorporates this principle in the development, since it would “without consent, to access data, to observe, collect, record, store and transmit such that they appear to the user or as he introduces by entering characters. This is the legalization of “Trojans” (spyware) in the Internet, for a period of four months, renewable once by agreement of the judge. Technically, the device may be implemented at any time, either by slipping in any physical location (with the establishment of a key connection in the computer monitor) or by transmission over a network electronic communications in remote infiltrating into the machine to monitor. In other words, if this is really what the article is saying, a government official or police official, can upload a trojan horse or other forms of spyware onto a users computer without their knowledge, consent or a court order for a period of 4 months. After that four month period, a judge has to give an OK to allow continued use. The purpose is supposedly to investigate all kinds of crimes which, judging by this article, would include file-sharers (though it is unclear if the article is saying that the previous HADOPI law and the Dadsvi law already covers that). It’s unclear where the checks and balances are from the article but one wonders, does Loppsi 2 make HADOPI/the Three Strikes law seem tame in comparison? Besides, at what point during a civil investigation makes the use of installing a trojan horse necessary? Still, not much is known through a more direct translation. If anyone in France is reading this and knows about French law, feel free to contact us if you want to offer any verifications on this new law proposal. Update, May 19th: Special thanks goes out to all our French readers who were able to verify the story, though yes, we should emphasize that the law is suppose to cover all forms of “crime” and is under the guise of stopping paedophilia (as we’ve noticed in countries like Australia, that sort of talk isn’t known to be entirely truthful over things like this) Arstechnica, today, also picked up the story and seemed to make this early report seem optimistic in the viewpoint of a privacy advocate. The report suggests that Loppsi 2 covers things like web censorship as well as introducing “Pericles” that would create a “super-dossier” on people – in other words, a database on targeted peoples activities. The article additionally points to a critics point of view which discusses the end of a free and open internet. (For those, like me, that don’t speak French, here’s a Google translation of the posting) Drew Wilson on Twitter: @icecube85 and Google+.