triesman_isps_legislation_timetable
The music publishers and movie industry have been continually putting pressure on governments to attempt to get them to toughen legislation against filesharing. In a way, I don't blame them, they are businesses, and seek to maximise their revenue.
The problem (for them) stems from the way once the internet was established across the world, basically designed and built as a means TO SHARE INFORMATION, then the old monopolies on putting value on information are breaking down.
In the documentary, 'Steal this film 2', this new paradigm is explored in some depth.
In the last century, information was a precious commodity, perhaps largely due to the difficulty of making copies. Copying out information by hand, and later via the printing press, was a costly enterprise, involving equipment, material, transport, shelf space, advertising costs, warehouses, etc etc.
The internet totally blows this old paradigm away. Making a digital copy of information is, in most instances, totally free, and produces a perfect copy, every time. In addition to this, the internet allows free advertising - information can spread in a viral fashion and other means, at no cost.
This means for the end user, if they can duplicate information from a friend, then they can have access to that information for free, whether it be an mp3, movie, game, application, or the design of a spaceship. The industry argument is that the end user is 'stealing' the music or film. However the end user argument would be, if they were not going to buy the information anyway, then there is no loss to the content producer, because they were never a potential customer.
The industry would claim the user is 'stealing' the film or music. However, in a way as there is no physical loss involved, steal is maybe not the right word, and legally speaking the action is a copyright infringement rather than stealing... it is also not dealt with by criminal law but by civil law, where the recourse of the content producer is to sue the end user for damages. However, in reality, the legal recourse in the simple case has no bite, because if you were to sue an end user for copying a movie, the economic loss would be the price of a movie ticket. The only way for industry prosecutions to have any 'bite', is for them to sue on the basis of an end user also being a file sharer, i.e. they publish the content on for other users to download. It should be obvious that it would be possible to claim greater financial damage for this act than for downloading.
The UK government is under pressure to give the impression of making some effort to preserve the status quo of copyright protection. This latest move seems to have the idea of passing the responsibility on to the ISPs, to prevent all those naughty people enjoying all that free information.
Although anti-piracy organisations can currently take advantage of the non-anonymous nature of several peer to peer protocols, in the long run, this approach will not work. It is based upon a fundamental misunderstanding of how the internet works.
The Difficulty of Eavesdropping
The internet works by sending little 'packets' of data around, from computer to computer, through wires, routers, switches, fibre optic cables etc etc. Each packet contains some basic information, like the address of the computer it should be delivered to. The rest of the packet, is arbitrary.
This means on a fundamental level, if a whole load of bytes are being transferred between one computer and another, it is very difficult (pretty much impossible) to determine what these bytes mean, once they have been encrypted. At the moment, most internet data is unencrypted, and it's pretty easy to 'packet sniff' simple packets conforming to well known protocols such as web page requests and other web browsing data.
If every packet floating through the internet was unencrypted, and had a nice header on it saying 'I am legitimate web browsing data', or 'I am illegal file sharing data' with the name of e.g. a movie in plain text, it would STILL be enormously difficult to monitor this data.
Consumer broadband connections typically could provide between 75k - 2000k per second of data. Now multiply this up by millions. That's a exceedingly large amount of data for any ISP to attempt to monitor.
Now the actual problem is FAR FAR more difficult than this. The problem for any 'snooper' is, that illegal filesharing traffic is not marked with a special flag to say 'HELLO EVERYONE!! I'M ILLEGAL FILE SHARING TRAFFIC!!'. Herein lies the problem with this whole approach. An ISP could capture all the data passing to and from a PC, send it to a team of IT forensic professionals, and STILL have absolutely no idea what the user was transferring. Fair enough if you already know you are looking for a certain DIVX compressed movie and have that data on file to monitor against, you could conceivably try to match each packet against the comparison file (although it would be horribly inefficient and take ages). And because you wouldn't know WHICH bit of content it was a priori, you'd have to compare it with EVERY PIRATE BIT OF CONTENT AVAILABLE in order to have a hope of getting a match.
Now that gives some idea of the extent of the problem for an ISP to try and monitor a SINGLE user. Now consider that that user is filesharing using, e.g. uTorrent, and decides, 'Hey, you know what, I don't want my ISP to know what I'm downloading, it's none of their business!!'. They go to their options and click a little tickbox which says 'ENCRYPTION'. With one move monitoring attempts are effectively screwed.
With unencrypted content it's INCREDIBLY difficult to monitor a users data flow. Once it's encrypted, it's pointless.
Here's an example of a filesharing packet captured in wireshark. Is it legal or illegal? How would you know? How would you prove it was illegal in a court of law?
If monitoring attempts to 'home in' on particular types of packets, coders will just modify the file sharing source code to make it mimick other packets. If you go simply on volume, there is no way to prove that a user is downloading a movie, versus for example a service pack update for their operating system. And if you want to just start disabling users because they have high traffic, well you might just as well switch off the internet.
Rather amusingly, in addition to this whole process being completely futile, there is another reason why ISPs REALLY don't want to start monitoring users data. That is a legal reason. At the moment there exists a provision where ISPs are not held responsible for the data that flows over their network, BECAUSE they cannot monitor it. This is known as the ISP defense. If ISPs do start monitoring data, then it opens the door for any content provider to sue them. Why didn't the ISP do anything about a user stealing their image? etc etc.
The Bittorrent Flaw
However, while all this is true on a theoretical level, there currently is a large security flaw in many peer to peer systems, particularly in run-of-the-mill bittorrent. It is this that will probably be taken advantage of, until anonymous protocols become widespread. The way the flaw works is this:
While it is currently very difficult to determine the contents of encrypted streams by 'eavesdropping on the wire', the enforcers don't actually have to. All they have to do is fire up their bittorrent client (or modifed version), choose to download a movie / mp3 that they own the rights to, then choose to examine the list of peers in the swarm. Yes, that's right folks, when you have a file available via bittorrent, the people who are downloading from you (in your swarm) can see your IP address, and along with a timestamp, that's all they need to track down your internet connection.
This has been the situation for a long time, and users have depended on safety in numbers ... i.e. the difficulty of prosecution. However there are moves in the UK whereby legislation may make prosecution easier for rights holders, so this is one to keep a watch on.
The Future
Ultimately what will happen in this 'arms race' is that users will simply move over to a more secure protocol / system. Already quite decent solutions are available for truly anonymous peer to peer traffic .. through networks such as I2P and TOR. However the reason the current anonymizing solutions have not become mainstream is that there is a cost to their anonymizing : It lowers the efficiency of file transfers, because the packets (as I understand it) have to travel through one or more intermediate computers in order to 'hide' the source and destination IP addresses from the two end points.
There are also other side effects - In order for those systems to work, and maintain plausible deniability, your PC must route through it traffic which has been requested by other PCs in the anonymous network. While this could be something perfectly innocent, it could also be something pretty heinous, and there have even been cases of people being charged for routing packets through TOR without their knowledge of what they contain. However, one should realise that this is the very nature of the internet. All the time routers and cables carry information that they have no knowledge of their content. Why should routing packets unintelligently through a PC be any different?
No comments:
Post a Comment