Thursday, July 24, 2008

Tarring users with the same brush?

I guess it was inevitable that I would write something about the news that ISPs are going to start sending out warning letters to people file sharing, but what strikes me as impractical about this scheme is precisely the same concern I had about the idea that the Government would start to monitor Internet traffic.

When I wrote that piece in the Times I came in for some flak from some people saying it wasn't about storing data at all and I said I would follow it up explaining the point I was making in more details. I failed to do that until now, so hopefully my fellow blogger Unity will be reading.

Here's the problem, how does the ISP know you have downloaded illegal content with inspecting and storing the data at the same time? Let's take one of the most popular of filesharing utilities, Bittorrent. This network system works on the basis that peers share parts of a file. Often there is only one single seed that has the whole file and the rest only have bits of it.

The protocol works by downloading chunck of binary data that alone are useless until it completes and merges them all together into the original thing that was wanted. An ISop therefore cannot easily 'know' what is being shared without mirroring the download itself from start to finish. This becomes even harder if say the torrent file being used requests a file with an innocuous name that is really the latest REM album.

Given this problem, what actually appears to be being proposed will be a blanket assumption that if you connect to Limewire, Bittorrent etc then you must be doing something illegal. It ignores the fact that many commercial operations now use these methods for distributing their software as it takes the pressure off their own bandwidth consumption.

I personally download a number of images online that are perfectly free and legal to distribute, but without the ISP reconstructing that data all they see is "bandwidth hungry dizzy, must be up to no good". The evidence of an IP address connecting to another IP address is not evidence of what was going on.

This is the point I would have loved to elaborate on in my Thunderer piece. Think about it for a minute, if a log records that I sent traffic from IP A to IP B, where IP B is a suspected criminal, it does not follow that the traffic contains illegality without inspecting it in full.

On the point of filesharing as well, there are networks out that that are DSA encrypted. Unless the ISP monitors from the personal pc, i.e. they put software on your pc so than can see what the end result of the encryption is, then they cannot know that was being shared or transferred was illegal.

I imagine that there will be many test cases on these proposals if they come into being. There will be people who will say "I did not download illegal content" and unless the ISP has a copy of what they did download, then simply stating "you connnected to Limewire and downloaded lots" is not proof of copyright infringement.

In short, this sort of proposal will only work if (a) ISPs start inspecting the content of traffic as well source and destination which has all sort of privacy questions around it, or (b) they take the blanket assumption that a bandwidth hog is being dodgy and tar everyone with the same brush.


Anonymous said...

I'm not a techie. Can you please explain something I seem to be failing to understand.

Part of the rationale put forward by those pursing torrent users seems to be that the person who seeds the file can see the IPs of the persons who connect to it. They then use that as proof of the connection and presumably collection of a chunk of the file to then trace it back to the user. How is that not a valid way of tracing downloaders?

I can see a problem in that it does not prove a completion of the whole downloaded file, but otherwise, what's technically wrong with this?

dizzy said...

Seeders can be traced that is true, but in many case on torrents seeders are located on huge file share and dodgy dumops anyway. Obviously a company could honeytrap seed, is that what you mean?

Anonymous said...

I was wondering if this ties in at all with Phorm which some of the same ISPs seem to be wanting to push. Probably not directly (as I understand it), but I expect that some of the same technology (ie intercepting and storage of what you are recieving) might be involved?

Also strange that the ISPs who, for years, have been steadfast about acting soely as "conduits", and refusing to do anything which would require them to monitor traffic, are suddenly changing their tune? There must be money in it somewhere.

Finally, I think that all this will achieve is a growth in smaller ISPs who promise NOT to check on filesharers...

Anonymous said...

"Guilt by association" was what I think it was called, and juries were specifically warned against it. As you imply, not all dodgy people are dodgy all the time. But with many thngs recently (ANPR springs to mind) guilt by association is part of the guilty until proven innocent line that our parliament is taking.

As far as inspecting and reassembling your downloads, that is my beef against the use of Ellacoya traffic shaping by Deep Packet Inspection. What is technically feasible now, though denied by the ISP, will soon become mandatory.

I fear that centaur's optimism about the niche marketing of small ISPs who promise not to deep packet inspect or pimp data to Phorm etc, is misplaced. There are only two wholesalers of internet capacity in this country, BT and Virgin. All the others must buy at least some capacity off one or other of them. The resellers will have to do as they are told. There can be no other way.

Anonymous said...

Go read this:

It is an account of how some academics at Washington University tried seeing how good the DMCA copyright watchdogs were at spotting spoofed bittorrent filesharing. What they discovered is that said watchdogs are actually quite incredibly stupid, and can be induced to send out take-down notices alleging that devices such as networked printers and wireless access points (the point's own IP, not one using it) were illegally sharing files.

The organisations enforcing the DMCA are therefore incredibly poor at it, and relying on them to correctly identify filesharers is quite incredibly stupid.

The only upside is that as soon as these cretinous laws are enacted, there will be a massed rush to get the scripted take-down systems to list as many Government websites as possible and get them barred from the 'net. A special prize may also be offered for the first person to get the British Phonographic Institution banned.

Anonymous said...

The ISP wouldn’t be doing the policing. I believe the ISPs would be sending out letters on the instruction of the music industry. The music industry’s cronies would do all the leg work and produce lists of copyright offenders.

Anonymous said...

In all this media spin mention was made that users can choose to pay £30 per year so that they can download to their heart's content.

Who do I pay? Cash waiting.

Hopefully this means the music and video files will no longer be the low resolution crap that is currently served up.

Anonymous said...

Just what, exactly, is Virgin Media's game.
I mean...........well I'm lost for words really.

Elby the Beserk said...

Just so, Dizzy. Also, most bittorrent clients encrypt their data now as well, to make it even harder for an ISP to know what it is you are downloading.

I also use Peer Guardian 2, which prevents a long list of IP addresses from sharing in torrents one is downloading.

Odd, one might think, were one cynical, which one is not, of course - that there is no similar zeal for detecting child porn being downloaded. But then, that doesn't hit business profits, does it?

Whatever, they - the ISPs & the govt - are pissing in the wind. And in the immortal words of the immortal Neil Young

"There ain't nothing like a friend,
Who can tell you you are pissing in the wind"

Elby the Beserk said...

Curly's on the ball - they haven't a hope in hell of trapping downloaders from the binary newsgroups.

Anonymous said...

Deep Packet Inspection is becoming the norm, I guess we all gotta get used to it. Comcast is doing it, Verizon say they're not but it's been proven that they are. This suggestion seems to imply that there are DPI routers ready to be lit up on your side of the pond too. Not so terribly surprising really.

Way to get around that:
a) Establish an SSH tunnel to a proxy box based outside the UK (I have'em for a modest fee - and I do mean modest)
b) Gild the lily by making the ssh tunnel happen inside of a VPN - oh hell yeah.
c) Torrent your damn face off 24/7/365 and the best of luck to any DPI router in determining the content of that bitstream.

Of course, there is one horrible thought which inevitably occurs at this point...if SSH tunneling became widespread...truly ubiquitous...would ISP's begin to regard any port 22 (or 443) packets as filesharers? That would royally screw up RFC conventions and - in addition - open up several other cans 'o worms.

[mumble]just my $0.02 worth[/mumble]