Category Archive: Hadopi

May 02 2016

Is French HADOPI law dead (13)?

We know now for sure that HADOPI will be dead in 2022. On 27 April 2016, The French National Assembly approved an amendment that decrees that the HADOPI will expire on 4th February 2022.

ARTICLE 43 BIS

Compléter cet article par l’alinéa suivant :

« II. – La même soussection est abrogée à compter du 4 février 2022. Par dérogation à l’article L. 33116 du même code, la durée du mandat des membres nommés après la publication de la présente loi expire le 4 février 2022. »

EXPOSÉ SOMMAIRE

Comme le proposait le rapporteur en commission, cet amendement inscrit dans la loi la fin de vie de la Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet (HADOPI) à compter de l’expiration du mandat en cours du dernier de ses membres nommés, soit le 4 février 2022.

It is a far milestone. Nevertheless, since a few months, HADOPI is in turmoil. In October 2015, the French Senate issued a report about the creation and management of the independent administrative authorities. The HADOPI is such authority. At page 70 of the report, the commissioner proposed to suppress the HADOPI as it has not proven its efficiency as the policeman of the Internet and that the graduated response is not operative to fight piracy.

Votre rapporteur propose ainsi la suppression de la Haute autorité pour la diffusion des œuvres et la protection des droits sur internet (HADOPI), considérant que cette autorité n’a pas apporté la preuve de son efficacité en tant que gendarme de l’internet et que les moyens de lutte contre le piratage à travers le mécanisme de la réponse graduée sont inopérants. En cas de réorientation de cet organisme, pour en faire un outil parmi d’autres de la lutte contre la contrefaçon culturelle et de la protection du droit des auteurs sur internet, il pourrait subsister sous forme de commission spécialisée voire d’établissement public.*

When will its actual death be?

 

* Therefore
your rapporteur proposes the deletion of the high authority for the dissemination of works and protection of rights on the internet (HADOPI), considering that this authority provided no proof of its efficiency as a Constable of the internet and the means of fighting piracy through graduated response mechanism are inoperative. If reorientation of this organization, to make one tool among others cultural counterfeiting and protection of the right of the authors on the internet, it could subsist in the form of commission or public institution. (draft translation from French to English)

Jul 09 2013

Is French HADOPI law dead (12)?

In his long report, Pierre Lescure proposed to lighten the graduated response.   He recommended to replace the controversial suppression of Internet access by a fine about 60€.  He has been listened.

This morning, a decree has modified the law.  The suppression of Internet is officially annulled.

Objet : infraction de négligence caractérisée ; abrogation de la peine complémentaire de suspension de l’accès à un service de communication au public en ligne ;

It has been replaced by a fine.  The fine will not be automatic but decided by a court order.

Seule une peine d’amende contraventionnelle de 5e classe pourra désormais être prononcée pour l’infraction de négligence caractérisée prévue à ce même article.

A fifth class penalty cannot exceed 1,500€ (about 1,900$) but can reach up to 3,000€ in case of  recidivism.

End of the story?

May 16 2013

French Graduated Response: some figures

As I am currently reading in details the 478 page report “Culture-acte 2” from Pierre Lescure, I found an interesting pointer.   The data published by HADOPI concerning its activity related to the graduated response.  http://www.hadopi.fr/actualites/reponse-graduee/chiffres-cles.

Following is the evolution of the number of first notification.

image

Since the beginning of 2013, the activity is stable with around 80,000 first notifications.   Since the beginning of the graduated response, HADOPI sent more than 1,700,000 such notifications.

Following is the evolution of the number of second notifications

image

Since last summer, it seems that the trend is to have a growing number of second notifications.

I will come back soon on this report with a future post.  The recommendations are interesting.  I need to read the detailed chapters before reporting about it.

Apr 10 2013

Hadopi, VLC and BluRay (2)

Following French Hadopi’s public consultation, this institution has given its analysis about the request of VideoLan.  VideoLAN is the “publisher” of the open source  player VLC. Its advice is extremely interesting as it sheds some lights on the French official vision of handling of DRM secrets and open source.

Before jumping to the final conclusion, it is worthwhile to detail some articles.

27. En outre, cette exception porte exclusivement sur des logiciels. Elle ne saurait ainsi concerner les parties non-logicielles des mesures techniques de protection considérées. En particulier, les secrets, au nombre desquels figurent les clés de chiffrement, ne constituent pas par eux-mêmes des instructions de commandes informatiques et ne peuvent être considérés comme des éléments de logiciel.

27. Besides, this exception concerns exclusively software. It would not concern the non-software elements of the technical protection measures (TPM).  Particularly, The secrets, amongst which appear the encryption keys, are not software instruction and thus are not part of the software  (approximate personal translation)

As keys are extremely important for TPMs, this is an interesting conclusion.

33. Il résulte de ce qui précède que l’association VideoLAN ne peut se fonder ni surl’exception d’ « ingénierie inverse », ni sur l’exception de « décompilation » prévues àl’article L. 122-6-1 du code de la propriété intellectuelle pour mettre à la disposition des utilisateurs un logiciel contournant, sans autorisation des titulaires de droitconcernés, l’intégralité des mesures techniques protégeant les disques « Blu-Ray»

Here, HADOPI decides reverse engineering and decompilation are not part of the authorized exception by the law.

34. Il résulte de l’instruction que l’association VideoLAN n’a pas entrepris de solliciter, auprès des titulaires de droits sur les mesures techniques de protection « AACS » et BD+ », les informations essentielles à l’interopérabilité de ces mesures. Si toutefois elle se voyait opposer, à l’issue d’une telle demande, un refus, elle serait recevable à saisir la Haute autorité dans le cadre d’une procédure de règlement des différends sur le fondement de l’article L. 331-32 du code de la propriété intellectuelle.

Article 34 states that following the enquiry, VideoLAN has not asked to the owners of the TPM AACS and BD+ information needed for interoperability. Would it be denied this information after the request, then VideoLAN could file a procedure for litigation for disagreement at HADOPI.

35. …
En vertu de la jurisprudence du Conseil Constitutionnel, la communication de ces informations ne pourrait intervenir que contre le versement d’une indemnité appropriée.

Here, HADOPI states that receiving this information form AACS and BD+ would require to pay a proper fee. So long for free open source.

38. Dans le cadre d’une procédure de règlement des différends, l’association VideoLAN ne pourrait être contrainte de renoncer à la publication de son code source que si les titulaires de droit sur les mesures techniques AACS et BD+ étaient en mesure de démontrer que cette publication porterait gravement atteinte à la sécurité et à l’efficacité de cette mesure.

38. As part of the procedure of litigation for disagreement, the VideoLAN association could be forced to abandon the publication of its source code only the owners of AACS and BD+ could demonstrate that this publication would gravely undermine the security and the effectiveness of this TPM. (approximate personal translation)

As a conclusion, HADOPI considers that VideoLAN cannot request the secrets of AACS and BD+ under the exceptions for reverse engineering and decompilation.   Nevertheless, VideoLAN could request HADOPI to analyze against the case if VideoLAN would have requested information from AACS and BD+ and if AACS and BD+ would have not favorably answered.

Will VideoLAN ask information to AACS and BD+?   Your guess?    To be followed

Feb 13 2013

HADOPI, VLC and BluRay

HADOPI, the French law about digital rights has some articles that may allow to facilitate interoperability of copy protection systems.  An editor may request to have access to the APIs and documentation of a copy protection system to implement interoperability.

 

This is what VideoLan, the editor of the famous open-source media player VLC, has just requested to HADOPI.  VLC wants to get access to AACS in order to be able to play BluRay discs. VLC does not yet support BluRay as it is not a licensee of AACS.

 

HADOPI has identified where the real problem is. The documentation and API are not sufficient because AACS requires also cryptographic keys delivered by the licensing authority.  And of course, as in any encryption-based system, keys are the most important asset.

Cette définition des « informations essentielles à l’interopérabilité » ne semble pas permettre d’obtenir, s’agissantd’une mesure technique de protection sous forme d’un algorithme de chiffrement, la communication des clefs de déchiffrement du contenu protégé (et plus généralement les secrets nécessaires), qui semblent n’appartenir ni à la documentation technique, ni aux interfaces de programmation.

Thus, on 6 February, HADOPI launched a public consultation to collect opinions on the topic.  Knowledgeable people may enlighten this institution before 26 February 2013.

… la Haute autorité propose aux personnes, disposant d’une expertise dans ce domaine, de lui soumettre tous les éléments qu’elles jugeraient utiles à sa réflexion, et notamment en répondant à la question de savoir si « la documentation technique et les interfaces de programmation » visés à l’article L. 331-32 intègrent les clefs de déchiffrement d’un contenu protégé et plus généralement les secrets nécessaires.

If you have read my book, then you know that I do not believe in open-source based DRM , at least for B2C.  There is no way tp protect properly the keys.  Thus, the decision of the HADOPI on this topic will be extremely important and scrutinized by the community.  We will follow up.

Aug 14 2012

Is French HADOPI law dead? (10)

In 2009, the French government launched HADOPI.  The HADOPI is the institution responsible to handle the graduated response to copyright infringement via three escalating strikes.  Three years later comes the time of the first bilan.

 

HADOPI sent out one million warning emails (first strike level) and 99,000 registered letters (second strike level) which resulted to 134 cases examined for prosecution.   Today, no case reached the ultimate strike level, i.e. disconnection of the infringer from Internet.  The reported cost is of 12M€.

 

In a recent interview to French newspaper “Le nouvel Observateur”, the French minister of culture, Aurélié FiLIPPETTI severely judged the results of HADOPI.

Ca coûte quand même 12 millions d’euros, 60 agents travaillent, pour un résultat qui me semble au final bien mince. Dans un contexte budgétaire serré, il faut avoir un souci d’efficacité, de réconciliation entre les artistes et les publics, et trouver des solutions qui soient réelles et qui permettent vraiment de financer la création et non plus se payer de mots.

A possible English translation is

This costs 12 million euro.  60 agents work for a result which seems to me light. In a tight budget context, it is mandatory to be efficient,  to reconciliate the artists and the audience, and to find solutions which are real and that really fund creation and not to talk a lof of rubbish.

 

The minister claimed that she’d rather reduce the cost of solutions that do not have proven efficiency.   Thus, what is the future of HADOPI?

 

The interview can be found here and here.  Sorry, it is in French.

Jul 04 2012

HADOPI: a little insight view

In may 2011, French HADOPI mandated an expert, Dadid Znaty, to evaluate the robustness of the system that tracks infringers on P2P.  The objectives were:

  1. Analyze the method used to generate fingerprints
  2. Analyze the method used to compare sample candidates with these fingerprints
  3. Analyze the process that collects the IP addresses
  4. Analyze the workflow

On January 16, 2012, Mr Znaty delivered his report.  A version without the annexes was published on HADOPI site for public dissemination. The report concluded that the system was secure.

Conclusion : en l’état, le processus actuel autour du système TMG est FIABLE.  Les documents constitués du procès verbal (saisine), et si nécessaire du fichier complet de l’oeuvre (stockée chez TMG) associé au segment de 16Ko constituent une preuve ROBUSTE.

Le mode opératoire utilisé permet donc l’identification sans équivoque d’une oeuvre et de l’adresse IP ayant mis à disposition cette oeuvre.

An approximate translation of this conclusion is

Conclusion: The current process of TMG’s system is RELIABLE.  The documents, the minutes, and if necessary the complete opus (stored by TMG)  associated to the 16K segment are a ROBUST proof.

The workflow allows unambiguous identification of a piece of content and the IP address that made it available.

Quickly, content owners complained that sensitive information may leak from this report.  Therefore, it was interesting to have a look to this report.

The report is not anymore available on the HADOPI site.  The links are present, but there is no actual download.    Sniffing around, you may easily find copies of the original report (for instance here).   Once we have it, what is leaking out?

Most probably for the experts, nothing really interesting.   We learn a lot on the process of identification of the right owners of a content.  This part is well described in the document.  When we look on the technical side, no details.  the expert was always answered that the technology providers will not give any details on the algorithms.   Therefore, to validate the false positive rate, the expert checks if there is any content inside the reference database that share the same fingerprint.  The answer is no (excepted for one case where they fed twice the same master  :Pondering: ).   Conclusion: no false positive!  I let you make your own conclusion.

The annexes that may have some details were not published.  I have not found a copy on the net.  What bit of information could we grasp:

  • There are two technology providers for the fingerprint.  They are “anonymized” in the document for confidentiality  (sigh! )  We can guess that the audio fingerprint provider is not French as a quote of an answer was in English.  This is not a surprise as to the best of my knowledge there is no French technology commercialy available.
  • They look for copyrighted content on P2P networks using keywords.  Once a content is spotted, its fingerprint is extracted and compared to the master database.  If the content fits, its hashcode is recorded (most probably the md5 code).   Then, TMG can look for this md5 sample and record the IP address.
  • The content is recognized if there is a ordered sequence of fingerprints.   The length of the sequence seems to depend of the type of content and the rights owner.  For audio, 80% of the duration.  For video, in the case of ALPA, 35 minutes…

In conclusion, no a great deal…

 

Older posts «