The Copyright Alert System -- a "voluntary" system of disconnection threats sent to alleged file-sharers, created by entertainment companies and the large US ISPs -- has just celebrated its first birthday, having spent $2 million in order to send out 625,000 threats to people it believed to be infringers. How's that working out for them?
No one knows. The Center for Copyright Information -- which made a lot of noise about its war on piracy when it was ramping up -- has been totally silent for the past twelve months, not issuing a single press release (nor have its participating entities said anything about it in that time).
I guess there are two possibilities: one is that this was an amazing success, but they're too modest to boast.
The other one is that, like every other variant on this, as practiced in New Zealand, the UK, and France, it is an expensive boondoggle that wasted millions, alienated hundreds of thousands, and did nothing to break the copyright logjam that has been sowing chaos on the Internet since the 1990s.
This program was the brainchild of US copyright czar Victoria Espinel and the entertainment bigs, and was a predictable disaster from the outset. No doubt there will be some grossly flawed study in the near future to demonstrate that they've finally managed to
invent perpetual motion square the circle make Pi equal 3.1 threaten Internet users into doing their bidding.
Read the rest
In Graduated Response Policy and the Behavior of Digital Pirates: Evidence from the French Three-Strike (Hadopi) Law a team of business-school researchers from the University of Delaware and Université de Rennes I examine the impact of the French "three-strikes" rule on the behavior of downloaders. Under the three-strikes law, called "Hadopi," people accused of downloading would be sent a series of threatening letters, and culminating with disconnection from the Internet for a period of a year for everyone in the household. Hadopi is the entertainment industry's model for global legislation, and versions of it have been passed in the UK and New Zealand, and it has also been proposed for inclusion in the global Trans-Pacific Partnership treaty.
The researchers carefully surveyed French Internet users to discover what effect, if any, the Hadopi law had had on their behavior -- specifically, whether they were encouraged to download more from legitimate sites and pay more for music as a result of the threat of Hadopi. Their conclusion: [Hadopi] has not deterred individuals from engaging in digital piracy and that it did not reduce the intensity of illegal activity of those who did engage in piracy.
Read the rest
Copyright and Creation, a policy brief from a collection of respected scholars at the rock-ribbed London School of Economics, argues that the evidence shows that piracy isn't causing any grave harm to the entertainment industry, and that anti-piracy measures like the three-strikes provision in Britain's Digital Economy Act don't work. They call on lawmakers to take an evidence-led approach to Internet and copyright law, and to consider the interests of the public and not just big entertainment companies looking for legal backstops to their profit-maximisation strategies.
Read the rest
Evaluating Graduated Response, a new paper from Rebecca Giblin from the law school at Australia's Monash University, looks at the impact of "three strikes" and "graduated response" punishments for file-sharing. Countries including France, New Zealand, Taiwan, South Korea, the U.K., Ireland and the U.S. have adopted systems whereby people accused of file-sharing have their Internet access curtailed. This takes many forms, from losing access to YouTube and Facebook until subscribers complete a "copyright training course" designed by the entertainment industry to out-and-out disconnection from the Internet.
A good summary in IT News by Juha Saarinen discusses Giblin's findings from an in-depth survey of the file-sharing landscape before and after the introduction of three strikes rules: "There is no evidence demonstrating a causal connection between graduated response and reduced infringement. If 'effectiveness' means reducing infringement, then it is not effective."
Giblin is the author of 2011's Code Wars, an excellent book on the first ten years of file-sharing data.
Read the rest
After years of controversy, millions spent, and nothing to show for it, the French government has backtracked on HADOPI
, the "three strikes" law that made it possible for entertainment companies to demand the termination of Internet accounts implicated in illegal downloading accusations. People whose routers are said to have been used for piracy may still face fines -- even if they can prove they didn't personally download anything illegally -- but no one will lose their Internet connection over piracy accusations in France: "the panel concluded that the three strikes mechanism had failed to benefit authorized services as promised."
As America's phone and cable companies roll out their "six strikes" plans (which they voluntarily adopted in cooperation with the big film companies), it's becoming clear that operating a public Internet hotspot is going to be nearly impossible. Anyone operating a hotspot will quickly find that it can no longer access popular sites like YouTube and Facebook, because random users have attracted unsubstantiated copyright complaints from the entertainment industry. Verizon (and possibly others) have made it clear that this will apply to businesses as well as individuals, meaning that firms will have to spy on all the traffic of all their users, all the time, and heavily censor their use of the Internet in order to prevent them from attracting these complaints.
It's not much of a stretch to see why the carriers would like this: every time you use a hotspot instead of using your phone or device's metered data-plan, they lose revenue.
Also, as the strikes get higher, there are two things to be aware of: ISPs are then more likely to hand over info to the copyright holders, meaning that it could still lead to copyright holders directly suing. That is, the "mitigation" factors are not, in any way, the sum total of the possible consequences for those accused. On top of that, we still fully expect that at least some copyright holders are planning to insist that ISPs who are aware of subscribers with multiple "strikes" are required under law to terminate their accounts. At least the RIAA has indicated that this is its interpretation of the DMCA's clause that requires service providers to have a "termination policy" for "repeat infringers." So it's quite likely that even if the ISPs have no official plan to kick people off the internet entirely under the plan, some copyright holders will still push for exactly that kind of end result.
Details Of Various Six Strikes Plans Revealed; May Create Serious Problems For Free WiFi [Techdirt/Mike Masnick]
Don't Let Verizon Kill Free WiFi! (petition)
(Image: Wifi signal around here (2), a Creative Commons Attribution (2.0) image from nnova's photostream)
France is on the verge of killing its ill-starred HADOPI system, whereby people who are accused of multiple acts of copyright infringement are disconnected from the Internet, along with everyone in their homes. After two years, HADOPI has spent a fortune and has nothing to show for it. HADOPI was enacted thanks to enormous pressure from American entertainment companies and the US Trade Representative, and was the first of the "three strikes" rules to make it into law (New Zealand and the UK also both capitulated to Pax America shortly after).
But the new president Hollande is determined to continue to have France play the role of crash-test dummy for America's failed copyright policy. As a condition of dismantling HADOPI, his government has proposed enacting the worst provisions of SOPA, the US copyright proposal that America roundly rejected last year. Under SOPA.fr, the French government will make intermediaries (payment processors, search engines, web hosts) liable for infringement, with broad surveillance and censorship powers.
French Hadopi Scheme Gutted; Other Bad Ideas To Be Introduced Instead
The French Hadopi agency has prosecuted its first user
under the country's insane anti-piracy laws, which provide for disconnection of whole families from the Internet if someone using their connection is accused of multiple acts of file-sharing. The first person to be convicted is a 40-year-old man whose ex-wife admitted to downloading some songs on his connection. The law ascribes blame for infringement to the person with the Internet account, not the person who infringes, so he is paying the €150 fine. He will not have his Internet connection taken away.
Hadopi was the jewel in the Sarkozy regime's crown of shitty copyright policy: a rule that said if you lived in the same house as someone who'd been accused of copyright infringement, you would lose your Internet access. Heavily lobbied for by the entertainment industry and hailed as a success thanks to dodgy, misleading studies, Hadopi is now on the outs. The agency that administers it has had its budget zeroed out. Next up: outright cancellation? EFF hopes so:
Citing extraordinary costs and scant results, a high-level French official has announced intentions to defund Hadopi1, the government agency charged with shutting off Internet access of individuals accused of repeat copyright infringement. Under the French three strikes law, Internet subscribers whose connection is repeatedly used to share copyrighted material may be disconnected from the Internet and may even have to continue paying for the service (the so-called "double pain"). The three strikes law in France runs contrary to principles of due process, innovation, and free expression—yet has unfortunately served as a template for similar legislation in countries like New Zealand, the UK, and South Korea under pressure from the entertainment industry. Defunding Hadopi may mean that France won't be focusing on enforcing its three strikes law anymore, but that's not enough. France needs to repeal the three strikes law altogether.
When copyright holders (working through professional organizations) file complaints about alleged infringement, Hadopi is authorized to contact Internet access providers and issue warnings to subscribers. After the third warning of copyright infringement is issued to a subscriber, Hadopi can recommend to a public prosecutor that the individual have her Internet connection terminated. Hadopi also maintains a blacklist of subscribers to block users from simply switching ISPs after being disconnected. Though hundreds of alleged infringers have been referred to court—Hadopi has sent 1 million warning emails, 99,000 "strike two" letters, and identified 314 people for referral to the courts for possible disconnection—no one has yet been disconnected since the law was enacted in 2009.2
In speaking about the decision to significantly reduce funding for Hadopi, French culture minister Aurelie Filippetti, stated: "€12 million per year and 60 officials; that's an expensive way to send 1 million emails." Filippetti also stated that "[T]he suspension of Internet access seems to be a disproportionate penalty given the intended goal."
Repealing French Three Strikes Law is the Next Step to Safeguarding Free Expression
IFPI, the international trade group for the record industry, has trumpeted a study that allegedly shows that France saw a surge in iTunes sales following the institution of a mass-scale regime of "disconnection warnings" -- threats to remove you and your family from the Internet if you don't stop downloading. These warnings are the first step of the controversial HADOPI system, which is the first of a series of global "three strikes" laws pushed for by IFPI.
TorrentFreak had a look at the study, which was written by researches at Wellesley College and Carnegie Mellon, and they found that none of the benefits claimed by the record industry were in its conclusions: "What the researchers found is that in France, compared to five other European countries, more music was sold through iTunes. Looking at the graph below (from the report), it’s clear that the “uplift” in France before Hadopi was introduced (March 2009) is actually much sharper than the two years after."
“We also estimated the model for the 6 months before and after September 2010, as this was the first month that HADOPI began sending out first notices. In this case, the resulting coefficient was close to zero and statistically insignificant.”
Indeed, when the three-strikes warnings were actually sent out, there was no effect on iTunes sales compared to the control countries. This is unusual, because you would expect that the hundreds of thousands of warnings that went out would have had more of an impact than the ‘news’ that this could happen in the future.
In addition, if we look at the search trends for Hadopi and The Pirate Bay we don’t see a drop in interest for the latter, suggesting that the interest for pirated goods remained stable.
Anti-Piracy Warnings Have No Effect on iTunes Sales
Further revelations from the YouHaveDownloaded
BitTorrent logger: six infringing BitTorrent swarms included computers logged into the network of the official residence of French President Nicholas Sarkozy
. Sarkozy, of course, pushed for the HADOPI law that allows whole households to be disconnected from the net if their network is implicated in three copyright complaints. Note that there's no proof that anyone who was downloading these files got enough of them via the Sarkozy network to turn into a recognizable video or audio file; nor does it mean they were a member of the Sarkozy household. But the HADOPI law doesn't make this distinction, and who am I to argue with Sarkozy's favorite Internet law?
Last year, the UK government held consultation into its proposed Digital Economy Act, an extremist copyright proposal created by the unelected Business Secretary Peter Mandelson. The process that followed was as dirty as any I'd ever seen (for example, the then-head of the BPI wrote an amendment proposing a national censorship regime
that a LibDem Lord then introduced on his behalf. But it turns out that there was much more sleaze below the surface.
Documents released in response Freedom of Information requests show that Mandelson had already made up his mind from the start about the Act's most controversial section: the rules that said that users would have their Internet connections terminated if enough unsubstantiated infringement claims were made against their households. The "compromise" that the Act made was to suspend this measure initially, and bring it into force if the other measures in the Act failed to substantially reduce infringement. Critics called it the sham it was, saying that a 70 percent reduction in file-sharing was a delusional target, and the FOI documents show that the Act's supporters agreed -- they only intended the compromise as a means of smuggling in France-style disconnections.
Which is to say that the whole business was a sham: the Business Secretary and his pals in the record industry had stitched the whole thing up from the start, and the thousands upon thousands of Britons who wrote in never had a hope of changing things. That's why the Act was crammed through Parliament without debate in the "wash-up," hours before Labour dissolved the government.
One consultation respondent told TorrentFreak: “As someone who went to considerable effort to submit a rational and evidence-based response to the consultation on these issues, I am disappointed, although not surprised, to see that the outcome was predetermined.” The UK Pirate Party is a little more scathing.
Digital Economy Act: A Foregone Conclusion?
“These documents show how outrageously complicit everyone from the entertainment industry, politicians and unions were in framing the Digital Economy Act,” PPUK Chair Loz Kaye told TorrentFreak.
“Its most controversial aspect – suspending people from the Internet – was already sorted out in July 2009. It appears that the consultation was just for show, and the lobbyists got all they asked for. There are now serious questions to be asked of successive governments’ relations to groups like Universal Music and the BPI.”
HADOPI, the French agency charged with disconnecting French Internet users who use the same Internet connections as accused copyright infringers, conducted a study on media purchasing habits by copyright infringers. They concluded that the biggest unauthorized downloaders are also the biggest customers for legitimate media. Just like every other study that's looked at the question, of course, but this time the study was funded and released by one of the most extreme copyright enforcement bodies on the planet.
Joe Karaganis, from SSRC, points us to the news that there's been yet another such study... and this one is from HADOPI, itself. Yes, the French agency put together to kick people off the internet for file sharing did a study on the nature of unauthorized file sharing, too. Not surprisingly (and consistent with every other study we've seen on this topic), it found that those who spend a lot of money on content... were much, much, much more likely to also get content through unauthorized means. HADOPI released the results in a somewhat convoluted way (perhaps trying to downplay this result), but Karaganis reformatted the results to make this clear.
Another Day, Another Study That Says 'Pirates' Are The Best Customers... This Time From HADOPI
Hadopi, biens culturels et usages d’internet : pratiques et perceptions des
internautes français. (PDF)
A new report from the Organization for Security and Co-operation in Europe (OSCE) called "Freedom of Expression on the Internet" is intensely critical of Eurpean moves to censor the Internet, and is especially down on the French Hadopi rule that makes provision for disconnecting Internet users when someone is accused of using their network connections to infringe copyright. The OSCE rapporteur's conclusions are in line with the recent UN condemnation of Internet censorship and declaration that network access is a human right. Ars Technica's Nate Anderson's prepared some highlights from the report:
"Three strikes": "The increased use of so-called 'three-strikes' legal measures to combat Internet piracy is worrisome given the growing importance of the Internet in daily life... This disproportionate response is most likely to be incompatible with OSCE commitment on the 'freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers.'"
Yet another report: Internet disconnections a "disproportionate" penalty
Internet kill switch: "Existent legal provisions allow several OSCE participating States to completely suspend all Internet communication and 'switch off' Internet access for whole populations or segments of the public during times of war, states of emergency and in cases of imminent threat to national security. Reaffirming the importance of fully respecting the right to freedom of opinion and expression, the OSCE participating States should refrain from developing, introducing and applying 'Internet kill switch' plans as they are incompatible with the fundamental right to information."
Web blocking: "As blocking mechanisms are not immune from significant deficiencies, they may result in the blocking of access to legitimate sites and content. Further, blocking is an extreme measure and has a very strong impact on freedom of expression and the free flow of information. Participating States should therefore refrain from using blocking as a permanent solution or as a means of punishment... Blocking of online content can only be justified if in accordance with these standards and done pursuant to court order and where absolutely necessary. Blocking criteria should always be made public and provide for legal redress."
Freedom of Expression on the Internet (PDF)
Sarkozy's latest plan for "civilizing" the Internet: a Great Firewall of France that government agencies to add URLs to without judicial oversight or public scrutiny on the basis of broad, nebulous criteria.
Information website PC INpact revealed today a draft executive order which would give the French government the power to arbitrarily censor any content or service on the Net. The French government is furthering its policy to control the Internet, in complete disregard of citizens' rights and freedoms.
The Entire Internet Under Governmental Censorship In France?
To implement article 18 of the law for the Digital Economy of June 21th, 2004, the French government is proposing to give to several of its ministries the power to order the censorship of online content that harms or otherwise puts at risk public order and security, the protection of minors, of public health, national defence, or physical persons1.
Clearly, the definition of these categories of content are both vague and overreaching. Such censorship measures - whether they consist in the removal or filtering of content - would be directly undertaken by the government, without any decision by a judicial authority. In practice, they would apply to all kinds of websites or online news services2.
Last week, the private company responsible for enforcing France's "three strikes" copyright law was found to be massively insecure
, prompting France to suspend the program. Under France's HADOPI copyright law, households lost their Internet connection if they received three accusations of copyright infringement committed on their network. TMG, the private contractor that maintained the system, suffered a massive breach when hackers showed that they hadn't taken even the most rudimentary steps to secure their servers.
Now, Ars Technica reports that it's not just TMG's security that's flawed -- the breach has also revealed that its data-gathering system is as untrustworthy as its perimeter security:
TMG's server was running a custom-written administration program coded in Delphi. It had the unusual security feature of not requiring any authentication at all, allowing anyone connecting to port 8500 to send commands to the server. The commands it supports are limited--shutdown or reboot the computer, stop or start a peer-to-peer client, and update the software on the server--but due to their shoddy design these commands are sufficient to allow hackers to do whatever they want. The update command connects to an FTP server, retrieves a file, and then executes it--all without authentication--and rather than connecting to a specific FTP server, it allows the server to be specified when the update command is given.
French "three strikes" anti-piracy software riddled with flaws
This allows an attacker to set up their own FTP server, put their malicious program onto the server, and then tell the TMG system to update from the hacker-controlled server. In this way, they can make the TMG server run whatever software they want. If all of TMG's anti-piracy servers are running the same administrative program, then they are all susceptible to being attacked in this same, trivial way.
(Image: Drapeau Hadopi, a Creative Commons Attribution (2.0) image from 17962689@N08's photostream)
TMG, a private contractor that administers France's HADOPI copyright system, has been hacked, resulting in a temporary suspension of HADOPI. Under HADOPI, people who use an Internet connection where one or more users have been accused of multiple acts of copyright infringement lose their Internet access for a year. TMG was in charge of storing the entertainment industry's enemies list of networks that had been used by accused infringers, and their security was basically nonexistent. The hack resulted in a dump of administrative material and IP addresses, and the head of the HADOPI agency announced that they would not gather IP addresses while they got their house in order. The UK has a plan to gather the IP addresses of networks used by accused infringers as well -- will they pick a better contractor to administer it than France did?
The problems appear to be real. Eric Walter, the head of France's HADOPI antipiracy agency that administers the "three strikes" regime, took to Twitter to tell the world that "par mesure de précaution l' #hadopi a décidé de suspendre provisoirement son interconnexion avec #TMG" [as a precautionary measure, #hadopi decided to temporarily suspend its interconnection with #TMG].
France Halts 'Three Strikes' IP-Address Collection After Data Leak
This temporary suspension of the interconnect agreement means that TMG -- the only private firm cleared to collect the IP addresses needed for HADOPI to function -- can't provide new addresses for the moment.
French tech sites like Numerama have run with the story, posting lists of questions that "need to be answered" by HADOPI and by French data-security authority CNIL.
(Image: HADOPI, a Creative Commons Attribution (2.0) image from goodvibez's photostream)