HADOPI – Three Strikes Letters ‘Imminent’

After all the problems with the famed French three strikes, Security General for HADOPI, Eric Walter, has publicly commented that the letters are coming out imminently.

Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes

It was during an online public question and answer period in La Tribune that Walter said (Google Translation) in answer to when the letters are coming that they “always said she would not give the date. It is working, we started to communicate, it is quite obvious that it is imminent.”

This is surprising because, judging by all the very real problems with HADOPI, it’s pretty much like saying, “Sure, the hull is full of holes, navigation does not work, the engine is still seized, and the rudder has fallen off, but this ship is sea-worthy!”

Here’s the problems we know are in HADOPI:

1. If a user wants to claim innocence because, say, a router was hacked, there is no standard to say if that person did everything possible to secure their connection

This is why HADOPI had to launch a public consultation – to determine whether or not a person was negligent or if that person took proper steps to secure their network. The question is, albeit rather ridiculous from a security standpoint, “what counts as a secure internet connection?”

If a person did not secure their connection to the internet, then they are liable for fines because of what HADOPI calls “gross negligence”. So what does count as “gross negligence”? Our information says that HADOPI really doesn’t know at this point in time.

2. If HADOPI is choosing to use mandatory spyware, it’s doubtful this has been rolled out

Last we heard, it was only earlier this month that HADOPI was merely considering mandatory spyware. Are they enforcing it? Are they officially saying this, albeit, ill-conceived since that software would be a huge target for hacking if it becomes mandatory, is the solution to go forward with? Our information says that HADOPI has yet to formally decide at this point.

3. The public may not be informed as far as the government is concerned.

The French government wanted to reach as many people as possible. So when they wanted to tackle this problem of not everyone in the country knowing about this new law, they opted to spend two weekends handing out pamphlets to motorists coming back in to the county after weekend holidays. It’s peculiar and there’s no evidence to suggest this campaign even really worked to our knowledge.

4. HADOPI doesn’t cover all forms of file-sharing.

The French government wants to tackle all forms of copyright infringement online. Arguably, they never will be able to do this. Our information says that HADOPI doesn’t cover things like one-click hosting, streaming and Usenet to name three examples. It all depends on an IP address and if one knows about the US copyright debate a few years back, they’ll know how flimsy an IP address really is.

5. An IP address is not a solid piece of evidence.

As if to prove the point further, the University of Washington conducted a study that pretty much spelled out that anyone could be framed for piracy. To show just how flimsy the evidence is – namely an IP address to name one piece of evidence commonly used to track down alleged copyright infringers – they showed that even a printer could be falsely accused of copyright infringement.

6. The French government has yet to solve the financial burden problem.

How much does a three strikes law cost? According to our research, about $64 Million US or about 50 Million Euro’s per year. Last we checked, which was in the middle of the month, there were still negotiations between the French ISPs and the government over who foots the bill at the end of the day. The government wants to have the bill after the fact, but ISPs want to give them a detailed cost and bill them as the complaints come in to our knowledge.

7. Expecting perfect security to help make HADOPI enforceable is like wanting the moon, it just isn’t going to happen.

Just days ago, we learned that it is possible that a compromised website could act as a proxy for copyright infringement, leaving all potential complaints leading to the website. The website of the French National Assembly was one of those websites apparently and some wondered if the French National Assembly could be liable for what HADOPI calls “Gross negligence”.

All these stories that we are aware of pretty much screams HADOPI is far from ready. HADOPI depends on IP addresses directly linking to an individual (which is almost never going to happen) who has a secure connection (which hasn’t even been defined). A well funded system (which has yet to even determine where the money is coming from) would support this system which is suppose to stop copyright infringement online dead in its tracks (though some forms skirt the law). Ultimately, as we’ve seen, everything about this law, in practice, is wrong and yet an official says they are ready. Is this like watching some abstract version of a Weird Al song or something? At least the Weird Al song makes more sense.

Drew Wilson on Twitter: @icecube85 and Google+.

Leave a Reply

Your email address will not be published. Required fields are marked *