14 DAY TRIAL // The French High Authority for the Dissemination of Works and Protection of Rights on the Internet, commonly referred to as HADOPI, has suspended the monitoring of peer-2-peer networks for IPs involved in copyright infringement after the company tasked with the job suffered a security breach.
HADOPI is a government agency established through a controversial three-strikes anti-piracy law which gives it authority to disconnect users who repeatedly engage in copyright infringement from the Internet.
According to the law, upon receiving a complaint from a copyright holder or their representative, HADOPI can initiate a procedure that involves sending an email warning to the offender, followed by a letter if they don't stop and finally by suspension of their Internet connection.
A private company called Trident Media Guard (TMG) is currently the only firm licensed by the government to scour P2P networks and gather information about infringers.
Over the weekend it was reported that TMG left an Internet-facing virtual machine unprotected and exposed a lot of files and scripts related to its HADOPI monitoring activity.
Initially it was believed that the breach exposed TMG's procedures and P2P client automation tools, however, according to an investigation performed by online French publication Numerama, the information also included IP addresses of suspected infringers.
When confronted with this news, HADOPI said it will take the situation very seriouly. According to TorrentFreak, Eric Walter, the HADOPI secretary-general later announced that "as a precaution Hadopi has decided to temporarily suspend its interconnection with TMG."
This is a serious blow to the government, which has aggresively pushed for the adoption of HADOPI, despite its lack of popular support and the multiple issues it raises, such as the lack of judicial oversight or presumption of innocence.
Since TMG is the only company licensed to perform HADOPI-work, it means that three-strikes P2P monitoring has temporarily been suspended pending a review. However, the data gathered so far can still be used for enforcement purposes.