Five months after having begun sending hundreds of thousands of warning letters to online infringers with high media coverage, HADOPI—the authority in charge of digital copyright enforcement—became the victim of a security breach.
A security expert revealed a vulnerability in a server used by an HADOPI supplier to collect the IP addresses of Internet users who had illegally downloaded files. The breach would have permitted third parties to freely access information on the monitored works, the hashing torrent used to trap Internet users and many IP addresses of Internet users connected to peer-to-peer networks.
The supplier argued that the server in question was a test server dedicated to its research and development teams.
HADOPI decided, out of caution, to suspend the exchange of information with this company to avoid any intrusion into its information systems containing personal data and to launch an audit. The supplier will face a security audit commissioned by organisations representing the authors and their assignees; i.e SACEM, SDRM, SCPP, SPPF.
The CNIL has also launched an onsite investigation procedure and its report is expected at the end of June or beginning of July. The findings are eagerly anticipated, as, in France, most people know someone who knows someone who has received a warning from HADOPI.
It is another tough call for the much-criticized HADOPI, at a time where the "Parti Socialiste" reveals its "digital programme"—in view of the campaign for the presidential elections—in favour of the suppression of HADOPI and of the allocation of its budget to the CNIL.
