French users seem aware of the risks and threats of illicit sites

The French HADOPI recently published an interesting paper “Etude sur les risques encourus sur les sites illicites,” i.e., a study on the risks incurred on illegal sites. They polled 1,021 Internet users older than 15. The first part of the study analyses the reported use of so-called illicit sites. The second part checks the awareness of these users of the associated risks.

The first part is very conventional and shows information that was already known for other markets. The results are neither surprising nor widely deviating from other countries. For instance, without surprise, the younger generations use more illicit sharing sites than the oldest ones.

Figure extracted from the report. In black, my proposed translation.

Music, movies and TV shows are the categories that are the most illicitly accessed.

The second part is more interesting than the first one. Most polled users claim to know the threats of Internet (scareware, spam, the slowdown of computer due to malware, adult advertisement, and change of browser’s settings) as well as the issues (theft of banking account, identity theft, scam, or ransomware). Nevertheless, the more using illicit content, the higher the risk of nuisance and prejudice. Not surprisingly, 60% of consumers who stopped using illicit content suffered at least on serious prejudice.

Figure extracted from the report. In black, my proposed translation.

Users seem to understand that the use of illicit content seriously increases the risks. Nevertheless, there is a distortion. The nuisance is more associated to illegal consumption than actual real prejudices.

Figure extracted from the report. In black, my proposed translation

The top four motivation of legal users is to be lawful (66%), fear of malware (51%), respect for the artists (50%) and a better product (43%). For regular illicit users, the top three motivation to use legal offer is a better quality (43%), fear of malware (42%) and being lawful (41%). 57% of illicit users claim that they intend to reduce or stop using illegal content. 39% of illicit users announce that they will not change their behavior. 4% of illicit users claim they plan to consume more illicit content.

We must always be cautious with the answers to a poll. Some people may not be ready to disclose their unlawful behavior. Therefore, the real values of illicit behavior are most probably higher than disclosed in the document. Polled people may also provide wrong answers. For instance, about 30% of the consumers is illicitly consuming software claim to use streaming! Caution should also apply to the classification between streaming and P2P. Many new tools, for instance, Popcorn time, use P2P but present a behavior similar to streaming.

Conclusion of the report

Risks are present on the Internet. Illicit users are more at risk than lawful users.

Users acknowledge that illicit consumption is riskier than legal consumption.

Legal offer is perceived as the safe choice.

Having been hit by a security problem pushes users towards the legal offer.

An interesting report, unfortunately, currently it is only available in French.

 

 

Is French HADOPI law dead (13)?

We know now for sure that HADOPI will be dead in 2022. On 27 April 2016, The French National Assembly approved an amendment that decrees that the HADOPI will expire on 4th February 2022.

ARTICLE 43 BIS

Compléter cet article par l’alinéa suivant :

« II. – La même soussection est abrogée à compter du 4 février 2022. Par dérogation à l’article L. 33116 du même code, la durée du mandat des membres nommés après la publication de la présente loi expire le 4 février 2022. »

EXPOSÉ SOMMAIRE

Comme le proposait le rapporteur en commission, cet amendement inscrit dans la loi la fin de vie de la Haute Autorité pour la diffusion des œuvres et la protection des droits sur internet (HADOPI) à compter de l’expiration du mandat en cours du dernier de ses membres nommés, soit le 4 février 2022.

It is a far milestone. Nevertheless, since a few months, HADOPI is in turmoil. In October 2015, the French Senate issued a report about the creation and management of the independent administrative authorities. The HADOPI is such authority. At page 70 of the report, the commissioner proposed to suppress the HADOPI as it has not proven its efficiency as the policeman of the Internet and that the graduated response is not operative to fight piracy.

Votre rapporteur propose ainsi la suppression de la Haute autorité pour la diffusion des œuvres et la protection des droits sur internet (HADOPI), considérant que cette autorité n’a pas apporté la preuve de son efficacité en tant que gendarme de l’internet et que les moyens de lutte contre le piratage à travers le mécanisme de la réponse graduée sont inopérants. En cas de réorientation de cet organisme, pour en faire un outil parmi d’autres de la lutte contre la contrefaçon culturelle et de la protection du droit des auteurs sur internet, il pourrait subsister sous forme de commission spécialisée voire d’établissement public.*

When will its actual death be?

 

* Therefore
your rapporteur proposes the deletion of the high authority for the dissemination of works and protection of rights on the internet (HADOPI), considering that this authority provided no proof of its efficiency as a Constable of the internet and the means of fighting piracy through graduated response mechanism are inoperative. If reorientation of this organization, to make one tool among others cultural counterfeiting and protection of the right of the authors on the internet, it could subsist in the form of commission or public institution. (draft translation from French to English)

Is French HADOPI law dead (12)?

In his long report, Pierre Lescure proposed to lighten the graduated response.   He recommended to replace the controversial suppression of Internet access by a fine about 60€.  He has been listened.

This morning, a decree has modified the law.  The suppression of Internet is officially annulled.

Objet : infraction de négligence caractérisée ; abrogation de la peine complémentaire de suspension de l’accès à un service de communication au public en ligne ;

It has been replaced by a fine.  The fine will not be automatic but decided by a court order.

Seule une peine d’amende contraventionnelle de 5e classe pourra désormais être prononcée pour l’infraction de négligence caractérisée prévue à ce même article.

A fifth class penalty cannot exceed 1,500€ (about 1,900$) but can reach up to 3,000€ in case of  recidivism.

End of the story?

French Graduated Response: some figures

As I am currently reading in details the 478 page report “Culture-acte 2” from Pierre Lescure, I found an interesting pointer.   The data published by HADOPI concerning its activity related to the graduated response.  http://www.hadopi.fr/actualites/reponse-graduee/chiffres-cles.

Following is the evolution of the number of first notification.

image

Since the beginning of 2013, the activity is stable with around 80,000 first notifications.   Since the beginning of the graduated response, HADOPI sent more than 1,700,000 such notifications.

Following is the evolution of the number of second notifications

image

Since last summer, it seems that the trend is to have a growing number of second notifications.

I will come back soon on this report with a future post.  The recommendations are interesting.  I need to read the detailed chapters before reporting about it.

Hadopi, VLC and BluRay (2)

Following French Hadopi’s public consultation, this institution has given its analysis about the request of VideoLan.  VideoLAN is the “publisher” of the open source  player VLC. Its advice is extremely interesting as it sheds some lights on the French official vision of handling of DRM secrets and open source.

Before jumping to the final conclusion, it is worthwhile to detail some articles.

27. En outre, cette exception porte exclusivement sur des logiciels. Elle ne saurait ainsi concerner les parties non-logicielles des mesures techniques de protection considérées. En particulier, les secrets, au nombre desquels figurent les clés de chiffrement, ne constituent pas par eux-mêmes des instructions de commandes informatiques et ne peuvent être considérés comme des éléments de logiciel.

27. Besides, this exception concerns exclusively software. It would not concern the non-software elements of the technical protection measures (TPM).  Particularly, The secrets, amongst which appear the encryption keys, are not software instruction and thus are not part of the software  (approximate personal translation)

As keys are extremely important for TPMs, this is an interesting conclusion.

33. Il résulte de ce qui précède que l’association VideoLAN ne peut se fonder ni surl’exception d’ « ingénierie inverse », ni sur l’exception de « décompilation » prévues àl’article L. 122-6-1 du code de la propriété intellectuelle pour mettre à la disposition des utilisateurs un logiciel contournant, sans autorisation des titulaires de droitconcernés, l’intégralité des mesures techniques protégeant les disques « Blu-Ray»

Here, HADOPI decides reverse engineering and decompilation are not part of the authorized exception by the law.

34. Il résulte de l’instruction que l’association VideoLAN n’a pas entrepris de solliciter, auprès des titulaires de droits sur les mesures techniques de protection « AACS » et BD+ », les informations essentielles à l’interopérabilité de ces mesures. Si toutefois elle se voyait opposer, à l’issue d’une telle demande, un refus, elle serait recevable à saisir la Haute autorité dans le cadre d’une procédure de règlement des différends sur le fondement de l’article L. 331-32 du code de la propriété intellectuelle.

Article 34 states that following the enquiry, VideoLAN has not asked to the owners of the TPM AACS and BD+ information needed for interoperability. Would it be denied this information after the request, then VideoLAN could file a procedure for litigation for disagreement at HADOPI.

35. …
En vertu de la jurisprudence du Conseil Constitutionnel, la communication de ces informations ne pourrait intervenir que contre le versement d’une indemnité appropriée.

Here, HADOPI states that receiving this information form AACS and BD+ would require to pay a proper fee. So long for free open source.

38. Dans le cadre d’une procédure de règlement des différends, l’association VideoLAN ne pourrait être contrainte de renoncer à la publication de son code source que si les titulaires de droit sur les mesures techniques AACS et BD+ étaient en mesure de démontrer que cette publication porterait gravement atteinte à la sécurité et à l’efficacité de cette mesure.

38. As part of the procedure of litigation for disagreement, the VideoLAN association could be forced to abandon the publication of its source code only the owners of AACS and BD+ could demonstrate that this publication would gravely undermine the security and the effectiveness of this TPM. (approximate personal translation)

As a conclusion, HADOPI considers that VideoLAN cannot request the secrets of AACS and BD+ under the exceptions for reverse engineering and decompilation.   Nevertheless, VideoLAN could request HADOPI to analyze against the case if VideoLAN would have requested information from AACS and BD+ and if AACS and BD+ would have not favorably answered.

Will VideoLAN ask information to AACS and BD+?   Your guess?    To be followed

HADOPI, VLC and BluRay

HADOPI, the French law about digital rights has some articles that may allow to facilitate interoperability of copy protection systems.  An editor may request to have access to the APIs and documentation of a copy protection system to implement interoperability.

 

This is what VideoLan, the editor of the famous open-source media player VLC, has just requested to HADOPI.  VLC wants to get access to AACS in order to be able to play BluRay discs. VLC does not yet support BluRay as it is not a licensee of AACS.

 

HADOPI has identified where the real problem is. The documentation and API are not sufficient because AACS requires also cryptographic keys delivered by the licensing authority.  And of course, as in any encryption-based system, keys are the most important asset.

Cette définition des « informations essentielles à l’interopérabilité » ne semble pas permettre d’obtenir, s’agissantd’une mesure technique de protection sous forme d’un algorithme de chiffrement, la communication des clefs de déchiffrement du contenu protégé (et plus généralement les secrets nécessaires), qui semblent n’appartenir ni à la documentation technique, ni aux interfaces de programmation.

Thus, on 6 February, HADOPI launched a public consultation to collect opinions on the topic.  Knowledgeable people may enlighten this institution before 26 February 2013.

… la Haute autorité propose aux personnes, disposant d’une expertise dans ce domaine, de lui soumettre tous les éléments qu’elles jugeraient utiles à sa réflexion, et notamment en répondant à la question de savoir si « la documentation technique et les interfaces de programmation » visés à l’article L. 331-32 intègrent les clefs de déchiffrement d’un contenu protégé et plus généralement les secrets nécessaires.

If you have read my book, then you know that I do not believe in open-source based DRM , at least for B2C.  There is no way tp protect properly the keys.  Thus, the decision of the HADOPI on this topic will be extremely important and scrutinized by the community.  We will follow up.

Is French HADOPI law dead? (10)

In 2009, the French government launched HADOPI.  The HADOPI is the institution responsible to handle the graduated response to copyright infringement via three escalating strikes.  Three years later comes the time of the first bilan.

 

HADOPI sent out one million warning emails (first strike level) and 99,000 registered letters (second strike level) which resulted to 134 cases examined for prosecution.   Today, no case reached the ultimate strike level, i.e. disconnection of the infringer from Internet.  The reported cost is of 12M€.

 

In a recent interview to French newspaper “Le nouvel Observateur”, the French minister of culture, Aurélié FiLIPPETTI severely judged the results of HADOPI.

Ca coûte quand même 12 millions d’euros, 60 agents travaillent, pour un résultat qui me semble au final bien mince. Dans un contexte budgétaire serré, il faut avoir un souci d’efficacité, de réconciliation entre les artistes et les publics, et trouver des solutions qui soient réelles et qui permettent vraiment de financer la création et non plus se payer de mots.

A possible English translation is

This costs 12 million euro.  60 agents work for a result which seems to me light. In a tight budget context, it is mandatory to be efficient,  to reconciliate the artists and the audience, and to find solutions which are real and that really fund creation and not to talk a lof of rubbish.

 

The minister claimed that she’d rather reduce the cost of solutions that do not have proven efficiency.   Thus, what is the future of HADOPI?

 

The interview can be found here and here.  Sorry, it is in French.