HADOPI: a little insight view

In may 2011, French HADOPI mandated an expert, Dadid Znaty, to evaluate the robustness of the system that tracks infringers on P2P.  The objectives were:

  1. Analyze the method used to generate fingerprints
  2. Analyze the method used to compare sample candidates with these fingerprints
  3. Analyze the process that collects the IP addresses
  4. Analyze the workflow

On January 16, 2012, Mr Znaty delivered his report.  A version without the annexes was published on HADOPI site for public dissemination. The report concluded that the system was secure.

Conclusion : en l’état, le processus actuel autour du système TMG est FIABLE.  Les documents constitués du procès verbal (saisine), et si nécessaire du fichier complet de l’oeuvre (stockée chez TMG) associé au segment de 16Ko constituent une preuve ROBUSTE.

Le mode opératoire utilisé permet donc l’identification sans équivoque d’une oeuvre et de l’adresse IP ayant mis à disposition cette oeuvre.

An approximate translation of this conclusion is

Conclusion: The current process of TMG’s system is RELIABLE.  The documents, the minutes, and if necessary the complete opus (stored by TMG)  associated to the 16K segment are a ROBUST proof.

The workflow allows unambiguous identification of a piece of content and the IP address that made it available.

Quickly, content owners complained that sensitive information may leak from this report.  Therefore, it was interesting to have a look to this report.

The report is not anymore available on the HADOPI site.  The links are present, but there is no actual download.    Sniffing around, you may easily find copies of the original report (for instance here).   Once we have it, what is leaking out?

Most probably for the experts, nothing really interesting.   We learn a lot on the process of identification of the right owners of a content.  This part is well described in the document.  When we look on the technical side, no details.  the expert was always answered that the technology providers will not give any details on the algorithms.   Therefore, to validate the false positive rate, the expert checks if there is any content inside the reference database that share the same fingerprint.  The answer is no (excepted for one case where they fed twice the same master  :Pondering: ).   Conclusion: no false positive!  I let you make your own conclusion.

The annexes that may have some details were not published.  I have not found a copy on the net.  What bit of information could we grasp:

  • There are two technology providers for the fingerprint.  They are “anonymized” in the document for confidentiality  (sigh! )  We can guess that the audio fingerprint provider is not French as a quote of an answer was in English.  This is not a surprise as to the best of my knowledge there is no French technology commercialy available.
  • They look for copyrighted content on P2P networks using keywords.  Once a content is spotted, its fingerprint is extracted and compared to the master database.  If the content fits, its hashcode is recorded (most probably the md5 code).   Then, TMG can look for this md5 sample and record the IP address.
  • The content is recognized if there is a ordered sequence of fingerprints.   The length of the sequence seems to depend of the type of content and the rights owner.  For audio, 80% of the duration.  For video, in the case of ALPA, 35 minutes…

In conclusion, no a great deal…


Free ride

FreeRideDRM bashing is an Internet well-established sport.  Famous web sites, such as TechCrunch, Wired or ZDNet, which are otherwise extremely interesting, have a biased view about copyright, content owner, and copy protection.  The position of lobbying groups, such as EFF, are in the same mood.  In a nutshell, according to them, copyright laws and content owners are killing the Internet.

“Free ride” from Robert Levine is taking the opposite point of view.  He shows that denying copyright on the Internet is actually killing the Internet.

He describes the battle between three giant groups with diverging interests.   On one side, the media industry wants its cultural goods to be paid, even on the Internet.  On the other side, the Internet companies want information freely to flow.    The more information available (even pirated one), the more advertisement revenues for the Internet companies and pirated sites.  In the middle, the telecom companies initially benefited from piracy because it was a strong attractor for broadband adoption.  Now, piracy is claimed to consume a too large part of the available bandwidth, and starts to hurt these telecom companies.

The book clearly highlights these diverging interests. It also draws a landscape of the current lobbying battlefield (by showing who is financing groups such as EFF, who Google finances…).

Levine’s message is that valuable content is costly to create.  He also explains that creation is not sufficient, if not combined with promotion which is also costly (see Should you invest in the long-tail?).  Without such investment, valuable content will disappear.  Free riders (i.e. companies that use the content  without rewarding the creators) and piracy will kill the economical incentive to create.  The result would be a free Internet without valuable content to propose.  In other words, rather than creating the promised bright cultural future, Internet may create a poor cultural future.  The fact that distribution and production has a cost nearing zero on the Internet should not hide the fact that creation has a cost.  Dematerialisation often hides this cost. User generated dontent or crowd-sourced content is not necessarily at the same level of quality than professional created content.

He claims that the business models proposed by the Internet companies do not fit the economical constraints of valuable content.  As such, he is opposed to Free: the future of a radical price.

This book is refreshing because it gives an argumented position against the widely diffused position of the Internet companies.  In a democracy, it is paramount for a sound debate to hear both sides of the story.  Thus, read also this book, and only then, make your own opinion.

Conclusion:  if you regularly visit my blog, then you should read this book.  It is at the heart of our industry.

Is French HADOPI law dead? (9)

Despite the negative ruling of the French Constitutional Council, the French government has decided to launch the HADOPI. Thus, this authority may use the first two levels of the graduated response:

  • sending mails to supposed infringers
  • sending registered letter for cease and desist in the event of second offence.

Of course, HADOPI will not be able to escalate to the last level: banishing from the Internet. For this last level, there were mainly two choices (if resuming the same repressive strategy):

  • Ask a judge to pronounce the Internet banishment. This track would have been more time and money consuming.
  • Define another penalty

The government has chosen this second strategy. It will propose new penalties for the infringers. I am not sure that it solves the second issue presented by the French constitutional Council, i.e., that HADOPI has to prove the guilt.

Until the penalties are defined (and approved by the Chambers), the French graduated riposte may not frighten many P2P sharers.

Thus, the story continues…

Is French HADOPI law dead? (8)

Last month, the French Chambers approved the law “Internet et Création”. This law defines the HADOPI that is the administrative authority to handle French graduated response.

About 60 deputies referred to the French Constitutional Council. Was the law constitutional? The council provided the answer today.

In short, the articles 5 and 11 are unconstitutional. There are mainly two reasons:

  • The French declaration of Human Rights requires that the citizen has free speech rights. The Council estimates that today the Internet is one of the mandatory means of free speech. Only a judge can restrain this right and not an administrative authority.
  • The French Constitution requires presumption of innocence. It means the court has to prove the guilt. The law inverted this principle. The Netsurfer had to prove his/her innocence. This is unconstitutional.

In view of these two points, the French Constitutional Council ruled that articles 5 and 11 were unconstitutional.

Thus, the story continues…

Is French HADOPI law dead? (7)

The French law “Création et Internet” has been approved by the two chambers. On Tuesday, the French deputies voted for the second time the law. This time it passed easily. The right wings deputies were massively present to vote yes (compared to the last presentation).
Yesterday, the senators approved the law. The French government can now launch the HADOPI. The HADOPI is the body that will manage the graduated riposte.

Is the story finished? Not sure. Last week European parliament approved the amendment 138 that requires a court decision to cancel the Internet connection. it is not yet sure that the modus operandi of HADOPI will respect the law. No doubts that the anti-HADOPI proponents will try to use this threat.

The story continues…

Is French HADOPI law dead? (6)

The story continues. Last week, it seemed that the law was in good shape. But the adventure continues.

Meanwhile, the “Commission Mixte Paritaire”, which has deputies and senators, rejected some amendments that annoyed the government. for instance, this commission decided that the customer should pay the full Internet subscription during the suspension.

Yesterday, the French National Assembly voted this new version of the law. About 40 députés were present (This lower house of the French parliament has 577 députés!) The result was 21 against the law and 15 for the law.

Is the law dead? No. The government can ask a second presentation of the law. It is already scheduled for the 28th April. No doubt, that the government will lobby its députés to avoid the same fiasco.

Is French HADOPI law dead? (5)

The current answer is no. The law is alive and in good shape.

Thursday evening, French Parliament has approved the law “Création et Internet.” This law allows the graduated response. (For more details see Fighting piracy in Security Newsletter #11).

The law has been slightly modified with approved amendments. The most important one requires the ISP to pay back the subscriber the subscription part that is not related to IP TV or IP phone during the banning period. The amendment that proposed to replace the banishment by a fine has been rejected.

Is the game over? Not fully sure. There are two remaining pitfalls.

  • The HADOPI is a non judicial institution that will take judicial decisions. This may be judged unconstitutional by the French Council of State.
  • If ever European Union decides that the access to Internet is a fundamental right, then the French law would be also unconstitutional regarding EU constitution.

In any case, the next step is the announcement of the HADOPI and its members.