Category Archives: Copyright

Is French HADOPI law dead?

Posted on by
Reply

One of the outcomes of French law, so called HADOPI, was to allow flexible response against P2P users. An organism nominated by the government could decide to stop for one month the Internet access of P2P recidivists. Before this last strike, the recidivist would have received two notifications.

Unfortunately for HADOPI, on 24th September, European Parliament has voted amendment 138. The odds were 574 against 73 deputies. Amendment 138 states that it is illegal to restrict free speech and access to information of any citizen without prior judiciary decision. This is not the case with HADOPI.

French government announced that it does not expect to drop the law and the flexible response. Nevertheless, European law supersedes national laws. Will there be some adjustment to HADOPI? Wait and see.

More information about fighting P2P piracy, HADOPI, flexible response in next security newsletter due end of October.

Academic research and free speech

Posted on by
Reply

As usual,a company attempted to stop the disclosure of weaknesses at a security conference. This time, Massachusetts Bay Transportation Authority seeked to restrain Zack Anderson, R.J. Ryan and Alessandro Chiesa, students at MIT, to present a paper about the weaknesses of the RFID and magnetic stripes card. The targeted conference was Defcon, one of the great hacking conference. Nothing especially new.

The interesting fact is that the District judge Douglas Woodlock granted such temporary restrain. He backed up his decision with the Computer Fraud and Abuse Act. This law targets hackers who “knowingly causes the transmission of a program, information, code, or command to a computer or computer system.” In other words, according to this judge, presenting a paper disclosing weaknesses is equivalent to using a software to penetrate a system.

Obviously, Electronic Frontier Foundation (EFF) immediately fought back invoking the first amendment about free speech. Once more, we have this legal battle between academic researchers who find a flaw and a company that doe not want this flaw to be disclosed. One of the first example was the Felten versus RIAA case (#CVB-01-2669 (GEB)) about SDMI. The team of Ed Felten broke the watermarks scheme proposed by SDMI in an open challenge. RIAA attempted Ed to restrain to disclose it at Information Hiding 2000. Finally, RIAA withdrew its objection and the paper was presented at ICASP2001.

Once more, this case highlights the same questions and remarks

  • What should be done when discovering a security flaw? Typical ethical procedure is to inform the company abut the flaw, give them sometimes to react and then publish. The problem is often on the definition of the reaction time.
  • What is the right reaction of the company? Often they react badly. In believe it is more beneficial to have been informed by white hats who disclose the weakness than to attacked by black hats who will keep it secret. Once informed, you may at least monitor to find eventual attackers. I prefer a flaw in my product that everybody is aware of (and myself) then one present that I am not aware.
  • Are judges sufficiently prepared to deal with high technological issues? Should there not be a special type of technological judge? They rely on experts, but do they understand what experts are explaining. We have even sometimes difficulty to understand our peer experts!

In any case, it is mandatory that researchers continue to look for weaknesses and disclose them. No security by obscurity.

Wizzgo banned from M6 and W9

Posted on by
Reply

In May 2008, the French startup wizzgo launched its service. Mainly, wizzgo offers two functionalities: Electronic Program Guide and Network recorder for the French channels of Free To Air operators so called Télé Numérique Terrestre (TNT). In other words, you are able to explore the guide of all channels, and through one click you “record” an event. You may view recorded events as often as you want through Internet. The downloaded events are not DRM protected and thus can be copied and distributed without restriction.

Unfortunately, wizzgo did not negotiate with broadcasters. M6 and W9 have sued wizzgo for unfair competition and commercial parasitism. Wizzgo claims that it is legal because it performs only a private copy. The judge did not buy in this argument. Private copy is not applicable to commercial application. Although the service is free for users, wizzgo gets money from advertising. Furthermore, it modifies the audience and user viewing habits thus spoiling broadcasters’ advertising revenues.

An interesting information is that M6 and W9 have just launched their catch up TV service (M6 replay). Thus, wizzgo is in direct competition for the same market.

Comcast, FCC and throttling (2)

Posted on by
Reply

In July, FCC ordered Comcast to stop throttling P2P connections ( See Comcast throttling BitTorrent: trouble). On Thursday, Comcast challenged the decision at in the U.S. District Court of Appeals in Washington. Nevertheless, Comcast will comply with the FCC order. Comcast has to stop discrimination before end of the year.

Meanwhile, two consumer interest groups and a company seek an order of court to have Comcast stopping immediately the throttling. The company is Vuze Inc. that distributes a software Vuze formerly known as Azureus. Azureus is one of the P2P software built on top of BitTorrent. Azureus has a serious “market share”.

Comcast has prepared its next move. On 1st October, Comcast will install a monthly maximum download capacity of 250GB for residential customers. This remains a rather high capacity. It represents 300 SD DiVXed movies and around 100 HD movies. Not too bad.

We could have expected Comcast to announce throttling policy in the usage conditions. This limitation is another answer. What will other ISPs do?

Fair use and video online

Posted on by
Reply

The US Center for Social Mediarecently published a report entitled Code of Best Practices in Fair Use for Online Video. Its aim is to help creators to interpret the copyright doctrine of fair use. Fair use is a set of exceptions defined by the DMCA. The document does not define the limits of fair use. When reading it, you quickly understand that these limits are extremely fuzzy. Everything is about balance and judgment.

The paper gives a good overview of fair use doctrine. It clearly states the two questions which are at the heart of fair use:

  • Did the unlicensed use “transform” the material taken from the copyrighted work by using it for a different purpose than that of the original, or did it just repeat the work for the same intent and value as the original?
  • Was the material taken appropriate in kind and amount, considering the nature of the copyrighted work and of the use?
  • Then, it provides some guidelines for 6 typical cases:
      • Commenting on or critiquing of copyrighted material
      • Using copyrighted material for illustration or example
      • Capturing copyrighted material incidentally or accidentally
      • Reproducing, reposting, or quoting in order to memorialize, preserve, or rescue an experience, an event, or a cultural phenomenon
      • Copying reposting, and recirculating a work or part of a work for purposes of launching a discussion
      • And quoting in order to recombine in elements to make a new work that depends for its meaning on (often unlikely) relationships between the elements

The funniest part of the document is the section about myths and truths of fair use. Some supposedly questions:

  •  If I’m not making any money off it, it’s fair use.
  • If I’m making any money off it (or trying to), it’s not fair use.
  • Fair use can’t be entertaining
  • If I try to license material, I’ve given up my chance to use fair use.
  •  I really need a lawyer to make the call on fair use.

If you ask yourself some questions about fair use, read it. Although its target is video, I am sure that it is easily extrapolated to other type of copyrighted materials.

YouTube will not have to provide private data

Posted on by
Reply

Next sequel in YouTube-Viacom litigation. You tube was requested by a judge to handover Viacom the IP address and list of viewed clips of each viewer. (See Blog of 10th July) Fortunately, YouTube and Viacom reached an agreement. The data will be anonymized before to be passed to Viacom.

This is at least true for normal users. Viacom maintains the requests of these identified data for YouTube’s employees. The objective is to prove that YouTube was aware of these infringements. In retaliation, YouTube will ask the same data for Viacom’s employees who browsed YouTube. The objective is to detect eventual Viacom’s people posting copyrighted clips.

Let’s wait next movement. Nevertheless, we can applause two companies that found an agreement on a legal decision that preserves privacy.

Are modchips illegal?

Posted on by
Reply

Modchips are components that are added to a game console in order to gain new features, often possibility to play replicated games. Modchips require the opening of the console and soldering of a chip on the board. Of course, the addition of a modchip to a console means the loss of the warranty.

In the US, modchips fall under the realm of DMCA. Often the games are encrypted, and thus fell in the scope of DMCA. But, is it the case in all countries? Last month, it seems that English judge Jacobs ruled in favor of legality. Mr Neil HIGGS was released from the 26 counts. He sells modchips imported from Honk Kong.

Modchips are an important factor in game piracy. There are modchips for most game consoles. It is rather easy to find modchips on the Web, but it requires some skills to solder the chip. Some shops offer this service, and even sell already modchiped consoles. Ironically, one large modchip supplier uses holograms to authenticate its modchips. Other suppliers are selling counterfeited modchips!