piracy shield – Techdirt (original) (raw)

Italy’s ‘Piracy Shield’ Misfires, Blocks Google Drive In Anti-Piracy Blunder

from the no-cloud-for-you dept

In a stunning display of technological and regulatory ineptitude, Italy’s ‘Piracy Shield’ law has managed to block access to Google Drive, apparently confusing the popular cloud storage service with a hotbed of illegal activity. Bravo, Italy, bravo.

Earlier this year, we wrote about Italy’s new “Piracy Shield” nonsense, in which the country’s telecom regulator, AGCOM, could designate certain IP addresses as “piracy” and require all internet providers and VPNs to block access to those sites. As we noted in our original article, this was already causing problems, such as when a dynamic IP address from Cloudflare was blocked, taking out legitimate sites in the process.

The structure of the Piracy Shield means that it’s almost impossible to appeal bad blocks. The focus seems to be on blocking first and dealing with the fallout later.

Earlier this month, Italy made the Privacy Shield even worse, amending the regulations to increase criminal sanctions for failing to block IP addresses AGCOM designates and expanding even further the list of VPNs and DNS services covered. It also put in place rules demanding that ISPs proactively alert AGCOM of suspected piracy or face criminal charges with potential prison sentences.

Just last week, our own Glyn Moody sent over an article he had written on Walled Culture about just how bad all of this was. I was all set to republish it here this week. But fate intervened. Over the weekend, someone alerted us to the news that AGCOM had designated Google Drive as a piracy service, and pretty much all of it was blocked in Italy for a few hours.

Italian Wired has the details (auto-translated):

On the evening of Saturday 19 October, a ticket uploaded to the system adopted by the Communications Authority (Agcom) to stamp out illegal streaming blocked a critical domain of Drive, the Big G web service used to archive and share data in the cloud, and one of the YouTube caches. Two resources that, obviously, have nothing to do with the pirate broadcasting of football matches and other sports, which is what Piracy Shield should be dealing with, but which demonstrates for the umpteenth time how the technology gifted by Serie A to Agcom ends up paving over harmless sites. Even stepping on Google’s toes.

Let’s reconstruct the facts. At least since 6:56 PM on Saturday afternoon, as demonstrated by a source to Wired through some analysis, Piracy shield has been blocking the address drive.usercontent.google.com . As Google itself explains , it is one of the critical domains for Drive. The blackout implemented by the national anti-piracy platform prevents it from being reached and, in fact, from being able to download files stored on Drive . Wired was able to verify on Piracy shield search , a project for public sharing of blacked-out domains provided by Infotech srl, the effective blocking of the domain.

The same report notes that some YouTube URLs were also listed, so part (but not all) of YouTube was blocked across Italy.

Really making a dent in piracy there, AGCOM. Great work. Bang-up job, everyone.

As Wired explains, part of the issue is that the Piracy Shield law is so stupidly written. Rights holders can file complaints with huge lists of domains they want blocked, and ISPs are then given 30 minutes to block those domains. So, you know, mistakes are made. Like blocking all of Google Drive.

There is an “allowlist” that is supposed to protect against taking down big trusted sites like Google, but apparently a key Google Drive domain wasn’t on there.

The article also notes that while a few ISPs have chosen to unblock Google Drive, many had not at the time of writing. They have strong incentives not to unblock, as ISPs are subject to costly sanctions if they unblock domains designated under the Piracy Shield.

Of course, this kind of overblocking always happens. We’ve talked about examples in the past where similarly stupid blocking demands have removed tens of thousands of sites from the internet. You would think that someone in the Italian government might recognize the problems of this approach by now?

Filed Under: agcom, copyright, google drive, italy, overblocking, piracy shield
Companies: google

Italy’s Piracy Shield Blocks Innocent Web Sites And Makes It Hard For Them To Appeal

from the what's-42.4-million-innocent-domains-among-friends? dept

Italy’s newly-installed Piracy Shield system, put in place by the country’s national telecoms regulator, Autorità per le Garanzie nelle Comunicazioni (Authority for Communications Guarantees, AGCOM), is already failing in significant ways. One issue became evident in February, when the VPN provider AirVPN announced that it would no longer accept users resident in Italy because of the “burdensome” requirements of the new system. Shortly afterwards, TorrentFreak published a story about the system crashing under the weight of requests to block just a few hundred IP addresses. Since there are now around two billion copyright claims being made every year against YouTube material, it’s unlikely that Piracy Shield will be able to cope once takedown requests start ramping up, as they surely will.

That’s a future problem, but something that has already been encountered concerns one of the world’s largest and most important content delivery networks (CDN), Cloudflare. CDNs have a key function in the Internet’s ecology. They host and deliver digital material to users around the globe, using their large-scale infrastructure to provide this quickly and efficiently on behalf of Web site owners. Blocking CDN addresses is reckless: it risks affecting thousands or even millions of sites, and compromises some of the basic plumbing of the Internet. And yet according to a post on TorrentFreak, that is precisely what Piracy Shield has now done:

Around 16:13 on Saturday [24 February], an IP address within Cloudflare’s AS13335, which currently accounts for 42,243,794 domains according to IPInfo, was targeted for blocking [by Piracy Shield]. Ownership of IP address 188.114.97.7 can be linked to Cloudflare in a few seconds, and doubled checked in a few seconds more.

The service that rightsholders wanted to block was not the IP address’s sole user. There’s a significant chance of that being the case whenever Cloudflare IPs enter the equation; blocking this IP always risked taking out the target plus all other sites using it.

The TorrentFreak article lists a few of the evidently innocent sites that were indeed blocked by Piracy Shield, and notes:

Around five hours after the blockade was put in place, reports suggest that the order compelling ISPs to block Cloudflare simply vanished from the Piracy Shield system. Details are thin, but there is strong opinion that the deletion may represent a violation of the rules, if not the law.

That lack of transparency about what appears to be a major overblocking is part of a larger problem, which affects those who are wrongfully cut off. As TorrentFreak writes, AGCOM’s “rigorous complaint procedure” for Piracy Shield “effectively doesn’t exist”:

information about blocks that should be published to facilitate correction of blunders, is not being published, also in violation of the regulations.

That matters, because appeals against Piracy Shield’s blocks can only be made within five working days of their publication. As a result, the lack of information about erroneous blocks makes it almost impossible for those affected to appeal in time:

That raises the prospect of a blocked innocent third party having to a) proactively discover that their connectivity has been limited b) isolate the problem to Italy c) discover the existence of AGCOM d) learn Italian and e) find the blocking order relating to them.

No wonder, then that:

some ISPs, having seen the mess, have decided to unblock some IP addresses without permission from those who initiated the mess, thus contravening the rules themselves.

In other words, not only is the Piracy Shield system wrongly blocking innocent sites, and making it hard for them to appeal against such blocks, but its inability to follow the law correctly is causing ISPs to ignore its rulings, rendering the system pointless.

This combination of incompetence and ineffectiveness brings to mind an earlier failed attempt to stop people sharing unauthorized copies. It’s still early days, but there are already indications that Italy’s Piracy Shield could well turn out to be a copyright fiasco on the same level as France’s Hadopi system, discussed in detail in Walled Culture the book (digital versions available free).

Follow me @glynmoody on Mastodon and on Bluesky. Originally posted to Walled Culture.

Filed Under: agcom, copyright, due process, italy, piracy shield, takedowns
Companies: cloudflare

Italy’s ‘Piracy Shield’ Creating Real Problems As VPNs Start Turning Away Italian Users

from the that's-not-helping dept

Back in October, Walled Culture wrote about the grandly named “Piracy Shield”. This is Italy’s new Internet blocking system, which assumes people are guilty until innocent, and gives the copyright industry a disproportionate power to control what is available online, no court orders required. Piracy Shield went live in December, and has just issued its first blocking orders. But a troubling new aspect of Piracy Shield has emerged, reported here by TorrentFreak:

A document detailing technical requirements of Italy’s Piracy Shield anti-piracy system confirms that ISPs are not alone in being required to block pirate IPTV services. All VPN and open DNS services must also comply with blocking orders, including through accreditation to the Piracy Shield platform. Google has already agreed to dynamically deindex sites and remove infringing adverts.

This is no mere theoretical threat. The VPN (Virtual Private Network) service AirVPN has just announced that it will no longer accept users residing in Italy. As AirVPN explains:

The list of IP addresses and domain names to be blocked is drawn up by private bodies authorised by AGCOM (currently, for example, Sky and DAZN). These private bodies enter the blocking lists in a specific platform. The blocks must be enforced within 30 minutes of their first appearance by operators offering any service to residents of Italy.

There is no judicial review and no review by AGCOM. The block must be enforced inaudita altera parte [without hearing the other party] and without the possibility of real time refusal, even in the case of manifest error. Any objection by the aggrieved party can only be made at a later stage, after the block has been imposed.

As a result, AirVPN says it can no longer offer its service in Italy:

The above requirements are too burdensome for AirVPN, both economically and technically. They are also incompatible with AirVPN’s mission and would negatively impact service performance. They pave the way for widespread blockages in all areas of human activity and possible interference with fundamental rights (whether accidental or deliberate). Whereas in the past each individual blockade was carefully evaluated either by the judiciary or by the authorities, now any review is completely lost. The power of those private entities authorized to compile the block lists becomes enormous as the blocks are not verified by any third party and the authorized entities are not subject to any specific fine or statutory damage for errors or over-blocking.

That’s a good summary of all that is wrong with Piracy Shield. Companies can compile block lists without any constraint or even oversight. If the blocks are unjustified, there are no statutory damages, which will obviously encourage overblocking. And proving they are unjustified is a slow and complex process, and only takes place after the block has been effected.

What is particularly troubling here is that Italian residents are now losing access to a popular VPN as a result of this new law. In a world where privacy threats from companies and governments are constantly increasing, VPNs are a vital tool, and it is crucial to have a range of them to choose from. The fact that AirVPN has been forced to discontinue this service for people in Italy is a further demonstration of how here, as elsewhere, copyright is evidently regarded by the authorities as more important than fundamental human rights such as privacy and security.

Follow me @glynmoody on Mastodon and on Bluesky. Originally posted to Walled Culture.

Filed Under: censorship, copyright, guilty until proven innocent, italy, piracy shield
Companies: airvpn