Hadopi Mulling Mandatory Spyware to Help Enforce Three Strikes Law Drew Wilson | August 5, 2010 Many questions have been raised on how HADOPI planned on enforcing a three strikes law. One particular question that really raises doubts on the possibility of enforcement is how to guard against false accusation. One idea being floated right now is forcing users to install spyware that can do real-time observations of what internet protocols are being used on a persona computer among other things. Note: This is an article I wrote that was published elsewhere first. It has been republished here for archival purposes It seems to be the latest ill-advised idea being proposed along with a three strikes law. The question is, how exactly do users guard against false accusations while confidently saying they did everything they could to guard against WiFi hacking? According to IPTegrity, one idea is to demand that users install a program that would monitor what protocols are going over their internet connection. This was part of a public consultation launched late last month which aimed to answer the question of how a user can claim innocence when accused of copyright infringement (three accusation and a judge will decide whether or not you would be disconnected) Hadopi is apparently interested and has requested that the software satisfy 4 elements: * the real time observation of protocol traffic; * analysis of configuration files, including static analysis of the programmes installed and the router, and dynamic analysis of the use of the connection; * logs of all activity on the Internet access – including activation /deactivation, modification of any security profiles – to be kept for a year; * a system of alerts warning users if they are about to use a P2P connection: for example, “You are about to download a file using a P2P protocol – do you want to continue?”. In a nutshell, the idea is this: if you don’t have the software installed, you can’t say you are innocent if you are accused of copyright infringement. If you want to say you are innocent, you have to have the software installed. This information was private, but the details were leaked by the French media (Numerama to be precise) The thing about asking people to install such software to prove their innocence is that there would be a huge push to patch the software. Maybe make it give off a false signal to protect the users privacy. The other thing is that banning p2p protocols is that there are also legal uses of such protocols as well. One excellent example is when the Canadian Broadcasting Corporation (CBC) offered a prime time TV show in BitTorrent. Ultimately, user-side software is an extremely poor solution. It requires honesty from the user in question. If a user wants to be dishonest about their online activities, there’s no stopping them from faking a log or otherwise tampering with the software themselves. The best thing such software can provide is a loop-hole for determined file-sharers. Drew Wilson on Twitter: @icecube85 and Google+.