New Tool Promises To Passively ldentify BitTorrent Files

QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.

Encryption?

[hansamurai]

I'm assuming this has no chance of defeating encrypted connections?

Re:Encryption?

[fuzzyfuzzyfungus]

TFA confirms it, near the end of the second page. It also only currently works at 100 megabits/second.

Re:Encryption?

[genner]

TFA confirms it, near the end of the second page. It also only currently works at 100 megabits/second.

So my oc4 line is safe!

Re:Encryption?

[cbiltcliffe]

Sure it is. But when it seems to slow down to 100Mb, shortly, it's just network maintenance. Honest.

Re:Encryption?

[eldavojohn]

I'm assuming this has no chance of defeating encrypted connections?

The article explicitly says it cannot recognize encrypted files as the method cannot identify them with a hash. Although, I doubt anyone could think of a good way to ID files in encrypted BitTorrent.

I thought my summary submitted this morning [slashdot.org] did a better job describing this but you should note that this has some key things to overcome before it can be used:

• Has not been tested for false positives (explicitly stated by a researcher in the article). This has been known to totally render a technology unusable (face recognition, anyone?).
• Their device only works on up to one hundred megabit per second before it starts to act as a choke point which makes it usefull only on a small scale (not for police/ISPs).
• Does not work on encrypted files [slashdot.org].

They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.

Re:Encryption?

[Dreadneck]

They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.

I strongly disagree. People need to start raising hell about this Big Brother bullshit now. Technology like this operates under the assumption that ALL users are criminals until proven innocent and blatantly violates the 4th amendment(in the U.S. at least).

Furthermore, does anyone here honestly believe that this type of technology will only be used to stop copyright infringement and kiddie porn? This technology smacks of oppression and the quashing of political dissent.

Re:Encryption?

[Gerzel]

The reason we go after copyright infringement, kiddie porn(well porn in general as it is always lumped in if at all possible to kiddie porn), and things like majauana is to make as much of the general populace guilty of something that is both against the law and seen as deeply wrong with the person.

Once this is achieved the person can easily be moved to a status of lesser or non-personhood.

Example is a "Sex Offender" law. Such laws are created inevitably to protect children. However, sex offender includes any offense that is deemed sexual in nature. Public nudity, an argument with a spouse that turns violent which may indeed be an isolated incident and as much at fault with the spouse(I'm not talking about someone who regularly beats their spouse), or just pissing on the sidewalk because there is no where else to go for miles. Everyone is lumped in and assumed to behave like the worst offenders in the group, the serial rapists and violent pedophiles.

Re:

[UnknowingFool]

From what I understand, the technology relies on fingerprinting and lists. It tries to match a bittorrent's 32-bit header data matches to that of a known illegal download on a list. But who gets to set this list? What about false positives? "Yes, this 'Ubuntu' is on the list. This 'WoW-Update-3.0' is also on the list. Well, we're not sure what this 'Ubuntu' is and 'WoW' is obviously a bittorrent of Windows."

Re:Encryption?

[Dreadneck]

Right, because we all know that this technology couldn't possibly be used to analyze anything other than bittorrent traffic. It would be totally impossible to use it to inspect emails, right? That's just crazy science fiction - no way could it happen in the real world. Besides, we all know that only criminals use bittorrent. Who would possibly think of using it to distribute political documentaries [mininova.org] or leaked government documents [wikileaks.org]?

Re:

[Dreadneck]

You're conflating a privilege - driving an automobile on public roads - with a constitutionally protected right against unwarranted search and seizure of private communications. Even so, if a cop is sitting at a speed trap checking the speed of every vehicle that passes by, then, YES, the assumption is that everyone is breaking the law until proven innocent by the radar gun.

Re:

[Ironica]

Oh, geez. Is that really Interesting? I mean, thanks for the karma, but I'm not hurting for it, and I couldn't even *remember* what I'd posted. A refinement of a car analogy? I should get modded -1 Redundant!

Re:

[Stray7Xi]

I think more accurately, do license plates and the ability for police to look them up assume all drivers are breaking the law?

It's not just the ability to, it's the automated constant use of it. More correct analogies:
-The TSA checking every passenger against a terror watchlist.
-Roadside cameras reading every license plate to find stolen cars and people with warrants on them.

It's all a matter of how accurate of signature it is.

Re:

[thePowerOfGrayskull]

-Roadside cameras reading every license plate to find stolen cars and people with warrants on them.

Alright, I know this won't be a popular view, but is that a Bad Idea?

I don't mean the theoretical slippery slope arguments about loss of privacy - if you're out driving, you don't have it to begin with. Who loses in this scenario? The guy who gets his car back... guess not him. The people driving legal cars? Nuh uh. The people driving who have no outstanding warrants? Nope, not them either. Seems the list of people who actually lose is pretty narrow (ie, those who have stolen or have warrants out for

Re:

[Gerzel]

1 The False positives problem will be ignored. Already most people and lawmakers consider bit-torrent as a whole to be file sharing and thus piracy. Now they have a way to "ID" the criminals or at least their files. The false positive might work in court but your net connection would be gone long before that case comes due.

2. This might have a chance to work, provided legislation isn't passed to counteract net neutrality. If such is passed this would easily meet any definition of "reasonable" as would a

Re:Encryption?

[noidentity]

this has some key things to overcome before it can be used:

* Has not been tested for false positives (explicitly stated by a researcher in the article).

Here's my implementation. It also hasn't been tested for false-positives, but I'm hopeful:

bool is_illicit_content( /* may need parameters in the future */ ) { return true; }

Re:Encryption?

[jandrese]

TFA specifially says that it doesn't work on encrypted traffic. In fact the whole thing seems to have some rather bogus qualities to it.

It uses a FPGA, but is stuck at a rather pokey 100Mbps. All it does is compare the encoded hash value in the Bittorrent header against a list of known illegal hashes. Hashes you have to program manually.

I've seen commercial boxes that you can already buy that do a lot more than this and faster. He made a big deal about it not disturbing the network, but that's a standard feature. Unless this thing is dirt cheap or something, I don't really see the application.

Re:

[El Torico]

I've seen commercial boxes that you can already buy that do a lot more than this and faster. He made a big deal about it not disturbing the network, but that's a standard feature. Unless this thing is dirt cheap or something, I don't really see the application.

I think that the manufacturer will try to pimp this as an "IP Compliance Product" to ISPs and madly lobby every politician they can bribe, err, I mean donate to.

Re:

[Joce640k]

It knows every "illegal" hash on the Intertubes?

If it does that's more newsworthy than the gadget itself.

Re:

[cerberusss]

All it does is compare the encoded hash value in the Bittorrent header against a list of known illegal hashes. Hashes you have to program manually.

That sounds exactly how Snort [snort.org] works.

I guess if you had a bunch of hashes, you could put these in a configuration and basically have the described functionality.

I've analyzed Snort more than 6 years ago and also remembered that it couldn't operate on more than 100Mbit. Might've been a change here and there, though.

Re:

[cbiltcliffe]

Depends how it works.

I'm betting something like this:

$data = read_data_stream($eth)
if (get_protocol($data) == "bittorrent")
      {
      $illegal_content = 1;
} else
      {
      $illegal_content = 0;
}

In which case, encrypted or not, you're still guilty.

Re:

[mochan_s]

I was wondering, would this defeat this scheme?

Let bittorrent deliberately make errors in the data transmitted. Hashing is very sensitive to small changes.

Also, transmit it with error correcting codes so that it can be put back together by the receiver but the hasher gets garbage.

Finally, so that the hasher doesn't do the error correcting themselves, send the parity encrypted with the keys exchanged beforehand.

I suppose it's still open to man in the middle attack though.

Evil Bit

[Lord Byron II]

For the record, I have a rule in my iptables that specifically turns off the "evil bit" in any of outgoing packets. Thank God for Linux! =)

Re:Evil Bit

[VValdo]

wut

It's all detailed in RFC3514 [ietf.org].

W

Re:

[DiegoBravo]

> Slashdot does not reward karma for "funny" mods

Yes, and this is one of the silliest things in /. The most informed and insightful teachers I had at school and university were also funny most of the time when delivering lectures, and of course this applies for comments too.

Encrypted traffic...

[bleh-of-the-huns]

Till they come up with a good way to figure out whats going across the network encrypted, they will just be wasting their time.

Re:

[azgard]

In theory, they could attack encryption with man-in-the-middle during the key exchange. If the protocol is known, the middle man can simulate the other end node for both nodes, and give each one a different key, so they can still see the traffic.

Re:Encrypted traffic...

[Kjella]

And if they did that, we could start having the tracker negotiate SSL keys for us. If they tried going after the tracker traffic, we could make that HTTPS. If they started faking the certs, we could move to OpenDNS or install a "trusted" torrent root cert. That is a battle they could not win.

Re:

[azgard]

Well, eventually, people would have to exchange the trusted torrent root certificates directly (i.e. not over the network). And they could be filtered by the network.

I think the scheme is in principle possible, but probably very much impractical. You could perhaps create an order of magnitude more music, movies and videogames for the sheer cost of the setup required to negotiate all the encryption keys in the central government server.

Re:

[headbulb]

He was talking about using a man in the middle attack. Both parties think they are talking to eachother.

It doesn't matter if the tracker sends us a SSL key for us if a man in the middle attack can be used. The only way to be sure the key isn't altered is to get that key directly from the source. How you do that is up to you.

There isn't much that is open about "OpenDNS". OpenDNS is a bad solution for a non-issue problem. Please stop advertising for them.

What we should be fighting for is for isp's to be commo

Re:

[Kjella]

It doesn't matter if the tracker sends us a SSL key for us if a man in the middle attack can be used. The only way to be sure the key isn't altered is to get that key directly from the source. How you do that is up to you.

Wrong, wrong, wrong. Or well, if you don't trust the tracker then true but then the whole setup doesn't make any sense. If we both have a secure conneciton to the tracker then the tracker can swap keys for us and there's nothing a man-in-the-middle could do to prevent us from creating a secure peer connection. And if they tried attacking our connection to the tracker, we could use HTTPS and certificates to prevent that. It's you that don't understand.

Re:

[headbulb]

It's funny you just proved my point.

The internet is in an insecure network. How does anyone know if they have a secure connection? Sure they can know this once a private/public key pair has been exchanged. But how do we know that the public key given to us is good if there is man in the middle to intercept the keys between the "trusted groups"

I should have been more descriptive. Without physically exchanging the keys with the other parties there isn't a way for an automated system to know; Without testing,

Re:Encrypted traffic...

[Sloppy]

That's a lot of "we could"s. How about just using the global OpenPGP WoT, and stopping the problem in its tracks?

Once you have a distributed authentication system (which is what lets you exchange keys safely), email is just one of the applications you can build on it. Sounds like you guys have another. Whatever. The more things it's used for (the more people who connect to the WoT) the better it works for everyone.

Quit building a redundant but also specialized infrastructure, and instead, join the original.

Re:Encrypted traffic...

[Shakrai]

In theory, they could attack encryption with man-in-the-middle during the key exchange

In theory, isn't this (or shouldn't this) all be illegal under wiretapping laws anyway?

As a private citizen I don't have the right to start monitoring my neighbors phone calls (even if those calls are broadcast [wikipedia.org] into my house without encryption) just because I suspect she is dealing drugs. What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?

Re:

[greenbird]

What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?

It's for the children. We must protect the children. Are you one of those evil child porn supporters? If your against this you're a child pornographer.

All you have to do is add this and all politicians will support it and no publication will speak out against it. Haven't you read Mein Kampf?

Re:Encrypted traffic...

[Shakrai]

New York State Penal Law:

250.05 Eavesdropping.
A person is guilty of eavesdropping when he unlawfully engages in wiretapping, mechanical overhearing of a conversation, or intercepting or accessing of an electronic communication.
Eavesdropping is a class E felony.

Re:

[Anonymous Coward]

The word "unlawfully" means that it all depends on who is holding the money.

Re:

[Shakrai]

Who says I steal anything? I'm a law-abiding citizen who happens to be outraged at the prospect of having my private communications searched through without a court order.

Re:

[Dragonslicer]

Yeah, what gives me the right to use BitTorrent to steal Ubuntu discs

Re:

[MobileTatsu-NJG]

Here's a novel idea, DONT FUCKING STEAL SHIT

Then you won't have any problems whatsoever!!

Answers sure do come easy to those who don't know what the fuck they're talking about.

It's called Port Mirroring

[alta]

And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?

Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.

Re:

[tijsvd]

Two points.

One: the mirror port (aka span port) on your switch does not buffer the traffic, and will drop packets in any spike. That's true even for expensive Cisco switches. To get all traffic, you need a network tap on a line.

Two: getting the traffic isn't hard. It's basic sniffing. Analysing the traffic in realtime is what matters.

Re:

[alta]

What I said is POSSIBLE, I didn't say it was practical ;) Although, I have done this in the past, and there are 3 options.

1. Live with the fact that most of the time each port is underutilized. If the dropped packets aren't of life and death importance, this works out ok.

2. We had to track down something that was saturating our network, we needed every packet. We set every port to 100MB except for the monitor.

3. A waste of ports, and expensive but you don't loose anything... For each port in use, have on

hmm

[Anonymous Coward]

More restrictions on content? More encryption.

Better cracking techniques? Better encryption.

Tyrannical government? Revolution.

Re:

[OSDever]

I believe that falls under "Tyrannical government? Revolution."

Completely Biased and Worthless

[RingDev]

Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.

If you make breathing illegal, only criminals with breath.

-Rick

Re:Completely Biased and Worthless

[azgard]

Or, everybody will become a criminal.

Re:

[mooingyak]

Figured that out on your own, did you?

Re:

[duckInferno]

Financial leader standing on dam: "I promise to not to open the flood gates to foreign investment!"

Douchebag: "It's funny because he's on a dam and dams have flood gates"

Re:

[gEvil (beta)]

If you make breathing illegal, only criminals with breath.

I think you mean breathe.

And what will they do with breathe?

Yawn

[happyemoticon]

From the article:

Then the system looks at the files' hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved.

I mean, you could easily scrape some torrent sites for hashes, but it seems like this system would be fairly easy to circumvent. All you'd have to do is come of with some system for changing the hash on a peer-specific basis.

Re:Yawn

[blueg3]

If I read the article correctly, what they're really doing is looking at the BitTorrent infohash, which is used when communicating with the tracker and other peers to identify the torrent. (The infohash uniquely identifies the torrent.) Having a different infohash for each peer would require significant BitTorrent reengineering, I would think.

However, it's defeated by encryption, cannot legally be used in the U.S. or Europe by ISPs, and relies on a blacklist of illicit torrents.

Re:Yawn

[DMoylan]

>cannot legally be used in the U.S. or Europe

when has that ever stopped anybody?

Re:

[blueg3]

Example [stopthedrugwar.org]

Bonus second example [slashdot.org]

Real answer: ask a lawyer how relevant the legality of a search is.

Re:

[steelfood]

In a word (or two):

Hash chains.

Re:

[blueg3]

As it's a passive tool, all you'd need to do is encrypt the communication with the tracker.

Re:

[jandrese]

Changing the hash on peer basis would mess the protocol up pretty badly. It's a lot easier just to turn on the encryption stuff.

hashes are not the threat

[Khopesh]

All you'd have to do is come of with some system for changing the hash on a peer-specific basis.

The hash is how data is verified. You can't just change the hashing mechanism on a peer-specific basis because you're sharing the same data with thousands of different peers. That would require every single peer to host a specific hash for each other peer, or worse, convert between hashes on the fly.

The flaw in this method is the hashes themselves; the only way to detect the so-called illicit content is by knowing the specific encoding. This stops camcorder films and screener rips because they are enc

Wait, wait, slow down there...

[fuzzyfuzzyfungus]

So, you're telling me that, given a set of hashes corresponding to "Prohibited content" and access to all the packets moving across a network, you can detect prohibited content? Why, it's a miracle of science!

Seriously, this is news? It has been possible, with the complicity of the router or physical access to the wire, to unobtrusively and undetectably tap a network since forever. That isn't news. And being able to identifiy files whose hashes you have ahead of time? Also not news, especially since bittorrent uses hashes extensively itself, and was never designed for subtlety or concealment.

I realize that Technology Review lost interest in technology years ago, and now spends most of its time fellating venture capitalists; but this is pathetic.

So...

[Adrian Lopez]

So... they invented packet sniffing?

Re:

[Chelloveck]

Yeah, but this is completely passive packet sniffing! It doesn't get the packets all sticky like the other tools do.

Obsolete from the start

[EdIII]

It also means that it's impossible for users to tell if a network is being monitored

"Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,"

This is nothing new and it's just meaningless marketing drivel. It's impossible to tell that *any* network is being monitored. It's not like you could buy an electronic device in a spy shop that can detect network monitoring. Throttling and "traffic management" are different since that is changing the network traffic.

There is only one type of network that can prevent a 3rd party from being able to copy the network traffic. Quantum communications provides that type of infrastructure by making it *impossible* to read the traffic without destroying it.

It's not like network monitoring is really a problem anyways. If you want privacy then just use encryption.

"Our system does not modify traffic in any way, nor does it interfere in the delivery of traffic either in or out of a network,"

Ohhh, you mean it's useless right? Everyone involved knows that a large amount of torrent traffic is infringing on various copyrights. The goal of the ISPs is to protect their profit margins. They sell unlimited but expect limited. They don't care whether traffic is illicit or not, just that it does not interfere with their business models. The MAFIAA is interested in the contents of the traffic and could care less about network congestion and bandwidth issues. Until the ISPs actually start caring about content, the goals of these two groups are not the same.

Enter Net Neutrality. Only when it is in the financial interests of ISPs to care about content will they start to listen to the MAFIAA. Obviously they could not reach an agreement since the MAFIAA is going to the whores in various legislatures to trade our freedoms for the protection of a few group's business models.

Note, that I don't support piracy on principle. However, I will not give up my rights to privacy and anonymity to protect someone else's copyrights either.

Schulze adds that the approach relies on having an up-to-date list of illegal files. "The system has to update a huge list of file hashes frequently," he says. "Somebody has to qualify the hashes as copyright infringements or other criminal content."

That sounds really easy doesn't? Of course there are only a few dozen really popular public trackers out there they can scrape the thousands and thousands of new torrents each day to update their tables. Don't forget about all the private trackers either that add a file or two that changes the hash to be different from the public torrents containing some of the same files.

Yep. This should be really easy. I can't possibly see how this task could not be reasonably accomplished with just a few salaried personnel on daily basis.

From a legal standpoint, Schulze says that privacy may be a more significant problem. "Neither the U.S. nor any European country would allow [anyone] to install a device that inspects the traffic of every user just to stop Internet piracy," he says. "In this approach, every user is considered to be suspicious."

I laughed so hard I almost peed myself at this point. Legal viewpoints change more frequently than the weather. If there is enough pressure from private interests in the U.S and abroad I don't think a little thing like privacy will stop them.

Even if the legal framework were to allow the technology, it is not quite ready to go. Tests of the system, details of which will be published later this year in a book called Advances in Digital Forensics V, showed that it was effective at detecting 99 percent of illicit files, but only at speeds of 100 megabits per second.

I just knew there was a p

Unclear wording

[Rix]

This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).

This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.

The only notable thing about this article is that it points out how clueless tech journalists really are.

They've never heard of salting?

[Anonymous Coward]

There's a well-known technique for dealing with dictionaries of hashes - add some meaningless bits to the content before computing the hash, so that the number of possible hashes increases. This is cheap for everyone except a person trying to keep a dictionary of all possible hashes.

This is useless

[s_p_oneil]

"Another drawback is that the system cannot cope with encrypted files."

Even the article mentions that anyone doing something they want to hide is more likely to check the "encrypted only" checkbox. I work on NetSpective WebFilter, which has been passively identifying encrypted protocols that try to hide themselves like encrypted BitTorrent (both standard and Azureus), Skype, and UltraSurf for years. It also lets you choose to block any of these protocols you don't want on your network.

"If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved."

Maintaining a list of hashes is not a new idea, as they seem to claim. It was abandoned because the list is insanely painful to manage, and it is insanely easy to get around. These guys aren't even trying to provide a list, which might be worth something (until the hackers put in the time to work around it). They're just sniffing/logging the hashes, which is child's play and worth almost nothing.

Cute

[Dunbal]

I like the way the summary tries to equate torrent with illicit. Interesting, on a site full of linux people who have probably torrented more than one distro in their lives.

      Anyway - good luck with that.

Gotta love these articles.

[Anachragnome]

I am thoroughly amused by articles like this that essential start out as:

"Hey, look we got! Yackkity, yakkity, yak, yak..." ...And end with something along the lines of...

"...Well, its pretty damn useless considering xxxxx and xxxx are already in use and defeat it completely."

Why do people even bother printing such useless information, much less invest millions of dollars into such a product?

legal, schmegal ...

[jc42]

I wonder if it can specifically identify legal content, too.

So why would the likes of the RIAA and MPAA want to do that?

They're interested in finding criminals, not showing that people are innocent.

uh, isn't that called wireshark?

[DragonTHC]

isn't it a packet sniffer? Isn't that illegal tech for these purposes?

Re:

[DragonTHC]

oh wait, http://www.vnunet.com/vnunet/news/2236292/stimulus-bill-nixed-net [vnunet.com]

Feinstein just introduced this amendment, http://www.publicknowledge.org/pdf/GRA09175_xml.pdf [publicknowledge.org] into the stimulus bill.

guess it's not going to be so illegal after all.

Why do they hate us so much?

Re:Carrier Status?

[commodore64_love]

I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.

Re:Carrier Status?

[Jane Q. Public]

They SHOULD. As long as they do not alter or supply content themselves.

The whole concept of common carrier was to account for services such as ISPs. Of course telephone systems were the first real examples, but the concept is still the same: a communications channel, where a service can carry those communications from point to point, without altering, supplying, or monitoring content.

I know of no logical reason why ISPs should not be "common carriers". They are ideal candidates to be. As long as they keep their fat fingers off the content.

And THEY should be in support of the concept, because if they cannot claim the "common carrier defense" (i.e., no responsibility for content), then they have some very heavy legal liability issues that common carriers do not have to deal with.

Re:Carrier Status?

[Kjella]

The short story: There's more to being a common carrier than lack of liability, and ISPs don't want it. ISPs have liability protections under USC 17512 [cornell.edu] which are very strong and thus under heavy lobbying attack, but they are *not* repsponsible for content today. Read it yourself, it's surprisingly clear.

Re:Carrier Status?

[Jane Q. Public]

You think I don't understand this?

If you read the content of USC 17512 [cornell.edu] yourself, you will see that it addresses exactly the same kind of protections that I stated, and that if they do alter or supply the content, they lose the protection of the law. While this does not directly pertain to actual, "official" common carrier status, this is still often referred to as the "common carrier defense", since the principal is exactly the same. Why did YOU not know that?

In any case, since that is out of the way: what are these other reasons that you assert are the cause of ISPs not wanting to be common carriers? That is more to the point.

Re:

[Anonymous Coward]

"...then they have some very heavy legal liability issues that common carriers do not have to deal with."

I've always wondered how Earthlink, RR, etc. can get away with all the warez, music, movies, and porn hosted on their own usenet servers, and made available to their subscribers.

Re:Carrier Status?

[Wesley Felter]

Usenet probably counts as a cache under section 512(b) of the DMCA; as long as ISPs process takedown notices correctly they have no liability. Also see ALS Scan v. Remarq. IANAL.

Re:Carrier Status?

[Jurily]

Usenet probably counts as a cache under section 512(b) of the DMCA; as long as ISPs process takedown notices correctly they have no liability.

alt.binaries.takedownnotices?

Re:

[HTH NE1]

alt.binaries.takedownnotices?

Such a group would require the notices to be binary-encoded. There's no compelling reason why alt.binaries.d can't be used for the same purpose which already has an exception for non-encoded content.

Re:Carrier Status?

[Jane Q. Public]

They still have liability if they supply, alter, or control the content in any way. As long as the content is supplied by others, and remains unaltered and uncensored, then there is no liability.

Oh, yes, that is another important point. Censorship or moderation of a forum is de facto control of content, which generally means that the censor has legally assumed liability (or at least some of the liability) for that content.

For example, in a libel case involving an AOL online chatroom, both the poster of the alleged libel and AOL were named as defendants. AOL tried to wiggle out of the suit by claiming immunity via the "common carrier defense", but the judge did not allow that because they moderated the chatroom, which means they actively controlled the content.

Re:Carrier Status?

[tonyray]

The reason ISP's are not common carriers dates back to dial-up modem Internet. The Telco's wanted to charge ISP's by the minute just like they do long-distance carriers for access to their network. The FCC got involved in this and used AOL as a model. AOL had these huge caching servers so AOL customer's web page requests rarely went out onto the Internet; instead they were served from the caches. So the FCC ruled that ISP's were delivering content and were not themselves carriers.

The Telcos are now (with broadband) satisfied with the content provider status as it saves them a lot of headaches, fees and taxes on their own Internet services. Broadband is far closer to a carrier service than a content service, but I don't see thing changing.

Re:

[Gerzel]

And if they can control the content they can charge more for it not only by charging the sender and receiver but also by adding in third party content such as commercials.

Re:Carrier Status?

[click2005]

How would you start lobbying congress about making it reality? Common Carrier status in exchange for Net Neutrality.

When the phone companies switch to a fully IP based network like BT is doing over here in the UK, will they lose the common carrier status?
The difference between Telco & ISP is so thin these days already that i'm surprised the law has never been updated.

I'm not asking you specifically, just anyone who might know.

Re:Carrier Status?

[Jane Q. Public]

This is a very good point and part of what I was saying. I see no ACTUAL difference between what were once known as "common carriers" and ISPs, EXCEPT that they seem to want to provide content.

However, here in the U.S., the government (the FCC in particular) has historically been adamant about keeping carriers and content separate, largely because of the danger of monopolistic practices on the part of a corporation that was both the content carrier and the content provider. Another concern was that if carriers (which tend to be large and centric) controlled content as well, there would be too much control over services like news, for example. And I see no logical reason that policy should change, considering that the concerns are at least as valid today as back when the policy was first formulated, decades ago.

Re:

[Anonymous Coward]

This is an opinion, NOT legal advice; for legal advice, please see a competent attorney in your jurisdiction.

An ISP which provides access (and does not host end-user systems directly on its network) doesn't have, and has never had, "common carrier".

They do, however, have immunity for liability under monetary relief for copyright infringement under 17 USC 512(a) [cornell.edu] (Digital Millennium Copyright Act), unless they filter, modify or cache their traffic. (Cache is covered under (b), hosting under (c); note there ar

Re:Carrier Status?

[Dun Malg]

I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.

The "safe harbor" provisions of the DMCA create a situation for ISPs that gives them common carrier status in all but name. So yes, people should stop saying "give up their common carrier status", and instead say "fail to meet the conditions of DMCA Safe Harbor".

Re:

[Rary]

According to the article the method is currently too slow to be implemented and fails for encrypted traffic. So not quite the BT killer yet.

Which article did you read? The one linked in the summary says the method is fast, and it makes no mention of encryption.

Nevertheless, it sounds like encryption would do the trick here. All it's doing is looking for torrented files and comparing the hashes to a database of known "illegal" content. If it's a match, then it logs the IP address.

Re:Not yet

[blueg3]

He probably read page 2 of the article,.

Re:Not yet

[Rary]

He probably read page 2 of the article,.

Ouch! Wow, do I feel like a retread.

Oh well. Allow me to turn this around and make it the website's fault instead of mine: who the hell decided that such a short article needed to be split into two pages? This isn't a print medium. Have they never heard of the scrollbar?

I'll go away now.

Re:

[pipatron]

who the hell decided that such a short article needed to be split into two pages?

The guy who wants to get a lot of ad revenue by making you see more ads.

Re:Not yet

[Rary]

who the hell decided that such a short article needed to be split into two pages?

The guy who wants to get a lot of ad revenue by making you see more ads.

Someone should point out to that guy that he put the same ads on both pages.

Re:

[Moryath]

Yes but by splitting to two pages he made sure he "served" the ads twice, so gets paid for twice as many "pageviews..."

Re:

[redJag]

Actually, most ad services I've seen don't give you an impression for the same visitor on the same ad on different pages if they are within a certain window of viewing. A lot of ad providers don't even pay for impressions anymore since advertisers are finding less value in internet ad impressions as time goes on. Sometimes you will find a startup ad provider that pays per thousand impressions, but as they go on that value decreases towards zero. Places like Google AdSense only give you the "estimated cas

Re:

[rts008]

Which article did you read? The one linked in the summary says the method is fast, and it makes no mention of encryption.

Well, this article [technologyreview.com] claims that it is too slow @100Mb/s for ISP and law enforcement use. And it is defeated by encryption.(yes, that is the same article that is linked in the summary!)
FTA:

Even if the legal framework were to allow the technology, it is not quite ready to go. Tests of the system, details of which will be published later this year in a book called Advances in Digital Forensic

Re:

[HadouKen24]

From TFA: "Tests of the system... showed that it was effective at detecting 99 percent of illicit files, but only at speeds of 100 megabits per second." While it wouldn't slow down the data transfers themselves, the percentage of illicit files that it can successfully identify will drop significantly when more than 100 Mb/s goes through.

Re:

[jandrese]

For those of you who are wondering, my guess is Cee Pee is Child Porn.

Re:

[Jah-Wren Ryel]

For those of you who are wondering, my guess is Cee Pee is Child Porn.

Who knew that 3-CP0 was secretly a child pornographer, we need to outlaw shiny metal droids for the safety of the children!

Re:

[doti]

Worse yet.

Remember, kids: when you're downloading Free software, you're downloading communism!

Re:

[smchris]

Does it matter? A free and open broadcast medium isn't something most governments will embrace gleefully, so you can pretty well figure business will get whatever it wants.

Re:ATTN !! Is this a good thing or a bad thing?

[Lucky75]

Can someone please explain to me how they plan to view the files of encrypted traffic without it being illegal?

One would think that if they happen to decrypt anything with copyright protection that it would then violate the DCMA, as per various ridiculous recent rulings of the sort.

...or, you know, just be plain illegal due to attempting to access people's personal files.

Re:ATTN !! Is this a good thing or a bad thing?

[Ashriel]

If you read the article, you know the answer to these questions.

They plan to sniff for the hash, of course, and compare it to a list of hashes for "forbidden files".

It's not new technology - the same approach is used in China (according to the article).

And no, I don't think this is legal in the EU (not yet at least), and certainly not in the U.S., as it requires sniffing through everybody's stuff, regardless of what they're downloading.

Re:

[Migity]

From TFA

Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.

/ducks for reading TFA