Is French HADOPI law dead? (10)

Posted on August 14, 2012 by eric

In 2009, the French government launched HADOPI. The HADOPI is the institution responsible to handle the graduated response to copyright infringement via three escalating strikes. Three years later comes the time of the first bilan.

HADOPI sent out one million warning emails (first strike level) and 99,000 registered letters (second strike level) which resulted to 134 cases examined for prosecution. Today, no case reached the ultimate strike level, i.e. disconnection of the infringer from Internet. The reported cost is of 12M€.

In a recent interview to French newspaper “Le nouvel Observateur”, the French minister of culture, Aurélié FiLIPPETTI severely judged the results of HADOPI.

Ca coûte quand même 12 millions d’euros, 60 agents travaillent, pour un résultat qui me semble au final bien mince. Dans un contexte budgétaire serré, il faut avoir un souci d’efficacité, de réconciliation entre les artistes et les publics, et trouver des solutions qui soient réelles et qui permettent vraiment de financer la création et non plus se payer de mots.

A possible English translation is

This costs 12 million euro. 60 agents work for a result which seems to me light. In a tight budget context, it is mandatory to be efficient, to reconciliate the artists and the audience, and to find solutions which are real and that really fund creation and not to talk a lof of rubbish.

The minister claimed that she’d rather reduce the cost of solutions that do not have proven efficiency. Thus, what is the future of HADOPI?

The interview can be found here and here. Sorry, it is in French.

Copyright and 3D objects

Posted on August 9, 2012 by eric

In march, I reported that The Pirate Bay added a new category of torrents dedicated to physibles. Physibles are files that describe 3D objects for 3D printers. I was also betting that we would soon hear aboutthe first litigation about copyright and 3D objects.

It did not take long. Thomas Valenty designed two figurines inspired from the famous Warhammer game. He shared his physibles on thingverse, which is the reference site for physibles. End of May 2012, Games Workshop, the flag ship company for game figurines such as Warhammer or AD&D, sent a takedown notice to Thingverse using the DMCA. Thingverse removed the physibles.

We will soon more and more such cases. It will be simple when the gimmick is a good replicate of a copyrighted item. But what if it is slightly different? See the ongoing, world wide, copyright battle between Apple and Samsung regarding the shape of the Galaxy versus iPad…

Nano counterfeiting feature

Posted on August 8, 2012 by eric

The blue morpho butterfly changes the color of iits wings through some special reflective structure. The company nanotech security uses a “similar” trick for its NOtES (Nano Optic Technology for Enhanced Security). Using nano holes smaller than the light wave, it creates a kind of light-amplification that generates a similar effect.

Thus, by embossing paper or plastic, it can create bright images through reflection. The holes are about a few hundred nanometers. How does it fit with security? According to them, it could replace holograms used against counterfeiting (the kind of holograms that you find on microsoft official disks). This technology seems to have some advantages:

It is extremely cost effective. Once the master stamping build, it is just stamping the target, thus cheap and fast in production.
Easily identifiable by human
As it works infrared or UV, the pattern could be analyzed by machines using the right wave length (a kind of watermark)

The security relies on the difficulty for the counterfeiters to reproduce the stamping. It seems that it relies mainly on a high barrier entry cost (class 1 clean room) and know how of the company to design the pattern and the stamping tool. Clearly, it would require a funded organization to make it (as holograms today). Nevertheless, I would be interested to see if it would be not possible to reverse engineer the pattern by careful examination through electronic microscope. Another question is how does it degrade with time?

When will we have the first shiny bank notes?

You are what you wear

Posted on August 2, 2012 by eric

Usual knowledge is that what you are wearing has some influence on the perception of your interlocutors. When visiting a therapist, would you trust more the one in shorts and torn tee shirt than the one formally dressed? But do your clothes have some influences on your behavior?

This is what ADAM Hajo and GALINSKY Adam explored in their paper “Enclothed cognition”. And their findings are interesting.

Yet, the clothes we wear have power not only over others, but also over ourselves.

Clothes have influence on our behavior and even efficiency! To prove that, they set up an experiment comparing the respective performance on completing a task between people wearing a white labcoat and people without the labcoat. The first group performed better than the second group.

We posit that wearing clothes causes people to “embody” the clothing and its symbolic meaning.

This is even more interesting. It is actually not the cloth itself but rather its symbolic meaning that impacts the wearer. In another experiment, they created three groups; the first group wore a white labcoat that was announced to be for doctors. The second group wore the same white labcoat but this time it was announced to be for painters. The third group did not wear any labcoat. The first group consistently performed better than the two other groups. The people wearing a “painter” labcoat performed not better than people without a labcoat.

How is that related to security? SOCIAL ENGINEERING! We already knew that you’d better be dressed in a way consistent with is expected from the role you are try to mimic. This helps to trick the target and to create good ground for trust; here clearly, clothes carry a strong symbolic meaning that influences the victim. Uniforms carry a message of order, authority and strength. Labcoats carry a meaning of science, and expertise. .. It seems that these clothes may also help the social engineer to perform better his “supposed” role.

By the way, in our daily life, could this trick help to boost our performances?

Reference

H. Adam and A.D. Galinsky, “Enclothed cognition,” Journal of Experimental Social Psychology, vol. 48, Jul. 2012, pp. 918–925 available at http://www.utstat.toronto.edu/reid/sta2201s/labcoatarticle.pdf.

Pending extradition for a UK alleged pirate

Posted on July 31, 2012 by eric

In December 2007, UK citizen Richard O’Dwyer established the TVShack site. TVShack did not contain any copyrighted files but actually linked to illegal contents stored on third party owned websites. As such, the site was not hosting illegal contents (as MegaUpload did). Nevertheless, it was a facilitator as it helped to locate illegal contents. This site soon became a success. The US authorities estimate that it made about $230,000 of advertisement. The site was among the first ones that were strike by Immigration and Customs Enforcement domain seizure strategy.

In May 2011, the US Justice Department asked for the extradition of Richard O’Dwyer under the two charges of conspiracy to commit copyright infringement and criminal infringement of copyright. The defense of O’Dwyer argued that the extradition was not valid because TVshack servers were not hosted in the US. On January 2012, an English judge ruled that O’Dwyer could be extradited to US. On March, UK home secretary Theresa May approved the extradition. Of course, soon an appeal against the extradition was presented.

In June, Jimmy Wales, the founder of Wikipedia, launched an online campaign to collect signatures to stop the extradition. The site has already collected more than 237,000 signatures. Recently, Theresa May confirmed that she will not reverse her decision, regardless of the potential success of the online petition. We will have to wait for the result of the appeal in the coming months.

As I am not a lawyer, I will not comment on the (il)legality of this extradition. Clearly, the US authorities try through such actions (like for Megaupload) to demonstrate that:

No country is safe if you are infringing copyright on US industry
Even facilitating copyright infringement can be prosecuted

If your power adapter could recover your lost password?

Posted on July 26, 2012 by wunderbarb

This is the idea that Apple protected by a patent. The basic idea is that a familiar peripheral could serve as a vault for the recovery process of lost credentials.

Claim 1: A method of storing a password recovery secret on a power adapter, the method comprising:

receiving a password recovery secret associated with a computing device at an electrical power adapter via an interface with the computing device; and

storing the password recovery secret on a memory in the electrical power.

The peripheral would store the memorized password encrypted with a identifier unique to the main device. This means that there is a pairing between the device and the peripheral. In other words, it is useless to steal the peripheral to try to extract the stored password. The claims specifically cites electrical power adapter and non-transitory computer-readable storage medium.

To recover the lost password, you will have to start a procedure of recovery. The recovery procedure returns the encrypted password that can be decrypted if recovered by the proper device. It can also share the secret between the peripheral and a remote server.

You may already have spotted the tricky part of the game: how do you trigger the recovery procedure? The patent does not tackle this issue. If Alice is able to trigger it only because she has access to both the portable and the power adapter, then of course game over. Steal both of them, then you can get access to the computer by recovering the secret and changing the password. It would make the system even weaker than before. If Alice needs a secret to trigger it, then we’re back to the starting point. The likelihood that she forgot this recovery secret is even higher than forgetting the day to day password! By the way, this is always one of the difficult parts of every recovery system.

Will we see that in one of the next MacBook generations?

Facebook, privacy protection and civil lawsuit

Posted on July 23, 2012 by wunderbarb

Is Facebook a privacy harbor in case of a civil lawsuit? Can your Facebook posts be used against you even if they are tagged as private? This is the question that the court of Pennsylvania- Franklin county (USA) answered last November.

Following an accident, the plaintiffs claimed serious injury. She testified that she suffered from chronic physical and mental pains, and used a cane to walk. The defendant claimed that on the plaintiff’s Facebook account, the plaintiff announced that she went to gym and posted family pictures that contradicted the allegations. The plaintiff claimed that it could not be used in front of the court.

The judge ruled differently and detailed his objections in a 14 page opinion document. The rationales:

Discoverability; the court made it clear that material on social networks was discoverable on civil cases
Privacy; the court made it clear that there was no expectation of privacy on social networks because their purpose was to share with others.

Almost all information on Facebook is shared with third parties, and there is no reasonable privacy expectation in such information… even “private” Facebook posts are shared with others.

Embarrassment; The judge estimated that contrary to personal sure that may create embarrassment, it is not the case for Facebook posts and posted pictures as their purpose is to be shared with others.

This is an interesting statement that highlights that privacy in social network is more related to access control than to actual privacy, at least for the US law. An interesting reading that shows all the complexity of privacy in front of the law.

PS: I was not able to find out if the use of these posts helped the defender to win or not.

The blog of content protection

A site managed by Eric Diehl