HADOPI: a little insight view

Posted on July 4, 2012 by wunderbarb

In may 2011, French HADOPI mandated an expert, Dadid Znaty, to evaluate the robustness of the system that tracks infringers on P2P. The objectives were:

Analyze the method used to generate fingerprints
Analyze the method used to compare sample candidates with these fingerprints
Analyze the process that collects the IP addresses
Analyze the workflow

On January 16, 2012, Mr Znaty delivered his report. A version without the annexes was published on HADOPI site for public dissemination. The report concluded that the system was secure.

Conclusion : en l’état, le processus actuel autour du système TMG est FIABLE. Les documents constitués du procès verbal (saisine), et si nécessaire du fichier complet de l’oeuvre (stockée chez TMG) associé au segment de 16Ko constituent une preuve ROBUSTE.

Le mode opératoire utilisé permet donc l’identification sans équivoque d’une oeuvre et de l’adresse IP ayant mis à disposition cette oeuvre.

An approximate translation of this conclusion is

Conclusion: The current process of TMG’s system is RELIABLE. The documents, the minutes, and if necessary the complete opus (stored by TMG) associated to the 16K segment are a ROBUST proof.

The workflow allows unambiguous identification of a piece of content and the IP address that made it available.

Quickly, content owners complained that sensitive information may leak from this report. Therefore, it was interesting to have a look to this report.

The report is not anymore available on the HADOPI site. The links are present, but there is no actual download. Sniffing around, you may easily find copies of the original report (for instance here). Once we have it, what is leaking out?

Most probably for the experts, nothing really interesting. We learn a lot on the process of identification of the right owners of a content. This part is well described in the document. When we look on the technical side, no details. the expert was always answered that the technology providers will not give any details on the algorithms. Therefore, to validate the false positive rate, the expert checks if there is any content inside the reference database that share the same fingerprint. The answer is no (excepted for one case where they fed twice the same master :Pondering: ). Conclusion: no false positive! I let you make your own conclusion.

The annexes that may have some details were not published. I have not found a copy on the net. What bit of information could we grasp:

There are two technology providers for the fingerprint. They are “anonymized” in the document for confidentiality (sigh! ) We can guess that the audio fingerprint provider is not French as a quote of an answer was in English. This is not a surprise as to the best of my knowledge there is no French technology commercialy available.
They look for copyrighted content on P2P networks using keywords. Once a content is spotted, its fingerprint is extracted and compared to the master database. If the content fits, its hashcode is recorded (most probably the md5 code). Then, TMG can look for this md5 sample and record the IP address.
The content is recognized if there is a ordered sequence of fingerprints. The length of the sequence seems to depend of the type of content and the rights owner. For audio, 80% of the duration. For video, in the case of ALPA, 35 minutes…

In conclusion, no a great deal…

MegaUpload effect: is technology evil?

Posted on April 5, 2012 by wunderbarb

My editorial of the last security newsletter provoked many reactions. It could have been expected because I reported about MegaUpload’s shutdown. The typical reaction was the tricky question: how do you decide that a cyber locker is acting evil? Is the cyber locker operator liable for its users to store illegal contents? We’re back to the safe harbor issue.

who-owns-the-rain-a-discussion-on-accountability-of-whats-in-the-cloud posted on http://parasam.me/ blog nicely presents the problem. In a nutshell, why only megaUpload? Most of the other cyber lockers will probably host illegal content.

The issue of cyber lockers is similar with the situation of Peer To Peer. The technology is not to be blamed, it is its misuse that is to be blamed. How often did we see people automatically identifying P2P to piracy? And too often, even us, the specialists, oversimplify communication by identifying the technology with its use. P2P and cyber lockers are valuable technology and have many legitimate use. Therefore, we must be very careful about breaking the identification of cyber locker to piracy harbors.

Now why striking MegaUpload? Of course, there were non-infringing content stored on MegaUpload, as there may be illegal content stored on DropBox (choose any other name). I am sure that I will certainlyfind legitimate content on The Pirate Bay (both on there P2P service and their own cyber locker). When closing MegaUpload, most probably some people did loose legitimate content. Now, why would MegaUpload be evil and not DropBox? Most probably, the difference between bad/good comes from the actual behavior of the site owners. For instance, YouTube answers to cease and desist notice. According to the US justice, MegaUpload did not have such a clean behavior. An extract of the FBI announcement about MegaUpload.

The indictment states that the conspirators conducted their illegal operation using a business model expressly designed to promote uploading of the most popular copyrighted works for many millions of users to download. The indictment alleges that the site was structured to discourage the vast majority of its users from using Megaupload for long-term or personal storage by automatically deleting content that was not regularly downloaded. The conspirators further allegedly offered a rewards program that would provide users with financial incentives to upload popular content and drive web traffic to the site, often through user-generated websites known as linking sites. The conspirators allegedly paid users whom they specifically knew uploaded infringing content and publicized their links to users throughout the world.

The reward program was most probably a good indicator as well as a red rag under the nose of MPAA. The frontier is most probably in the applied business model. Does most of your money come from “legitimate” business? But even that is a difficult test. If your business model is purely based on advertisement revenue, then you should try to increase the traffic, thus the number of eye balls. Free copyright content is one of the categories that attracts visitors.

As for all ethical matters, it is not Manichean. And the grey scale is large.

What is your opinion?

The Pirate Bay and 3D objects

Posted on March 15, 2012 by wunderbarb

Would you like to have a Guy Fawkes mask (currently better known as Anonymous mask)? If you have a 3D printer, it is easy. Just ask the Pirate Bay. The Pirate Bay, the flagship of P2P sharing, recently added a new category of torrents: physibles. Physibles are files that describe a 3D object for 3D printers. In other words, the Pirate Bay proposes a category for sharing 3D printable objects.

With the advent of 3D printers, we could expect soon to see copyright infringement for 3D shapes. This is the first sign of such trend. It will take time before 3D printers become mainstream. They are still expensive. But once they will become cheaper, then it will be a new battle field for anti-piracy and anti counterfeiting.

Funnily, next issue of the Technicolor Security Newsletter will feature a long article on how to protect 3D CGI object. The Pirate Bay demonstrates that it will be needed in the future.

Is Google moving towards paid distribution of content?

Posted on February 28, 2012 by wunderbarb

End of 2010, Google acquired Widevine. At that time, I was forecasting that the acquisition of a DRM provider was the preparation of paid distribution of content. This prediction seems to be correct.

Thursday, the Wall Street Journal reported that Google asked the authorities the rights to offer a paid video service.
Previously, analysts at the Bernstein Research made predictions that soon Google would offer a pay TV service.

The initial trial would occur in Kansas City.

Apple, Google, Amazon: the future giants of content distribution?

BTJunkie is down!

Posted on February 14, 2012 by wunderbarb

After the closure of MegaUpload last month, another iconic site is closing: BTJunkie. BTJunkie was the fifth P2P tracker site. This is what appears on the site:

2005 – 2012
This is the end of the line my friends. The decision does not come easy, but we’ve decided to voluntarily shut down. We’ve been fighting for years for your right to communicate, but it’s time to move on. It’s been an experience of a lifetime, we wish you all the best!

Are these two events correlated ? Is this correlated to the signature of the ACTA ? To the best of our knowledge, BTJunkie was not under any current legal suit.

The PirateBay is still active. They will replace torrent-files by magnets on the 29th February. Another movement in this arena. (I’ll come back on this one later)

Megaupload is down

Posted on January 20, 2012 by wunderbarb

Yesterday, FBI launched a vast operation to stop Megaupload. Megaupload is one of the most important Direct Download (DDL) sites or cyberlocker. It offers the possibility to store content, and to allow others to access it. Nevertheless, DDL sites do not offer a method to explore the content or a catalog. The links to the stored data are published by other means such as dedicated sites, and even twitter.

A US grand jury indicted 7 individuals and two societies of

engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering and two substantive counts of criminal copyright infringement.

Four individuals have been arrested in Aukland (New Zealand) and will be hand over to the US. Servers have been seized in the US, the Netherlands, and Canada.

This is probably the most impressive operation against copyright infringement of the last years. Currently DDL traffic exceeds P2P traffic. This a strong message against piracy. It will be interesting to see whether there will be any retaliation from the Darknet.

Update (Friday 3.50pm):

As we could have expected, Anonymous started the retaliation operation with a large scale DDoS. Many sites are down such as the DoJ, some studios and recently the French Hadopi.

Update of the French law related to private copy

Posted on January 13, 2012 by wunderbarb

On 29 November 2011, the French Assembly approved the text 776. On 20 Dec ember 2011, the French Senate approved the “LOI n° 2011-1898 du 20 décembre 2011 relative à la rémunération pour copie privée (1)”. This law fixes the current law about private copy.

The most interesting part is in article 1.

… le mot : « réalisées » est remplacé par les mots : « réalisée à partir d’une source licite »

It states that a private copy has to be done from a lawful source. This was not the case for the previous version. The main point for the private copy was that its use should be personal. this modification closes a nice hole. Interestingly, the source has to be lawful, but not necessarily yours. This opens some interesting possibilities, for instance for public libraries that have lawful sources. See the French post: Copie privée et licéité de la source : des conséquences inattendues pour les bibliothèques ?

The blog of content protection

A site managed by Eric Diehl

Category Archives: Copyright