Slashdot Mirror
Protecting Clients: Legal Impact of Filesharing Network Design
Cryogenes writes "InfoAnarchy has posted an excellent piece on legal issues faced by participants in a P2P network. The article is written by Fred von Lohmann who was previously noted on /. for the white paper IAAL*: Peer-to-Peer File Sharing and Copyright Law after Napster
(which you can find on the EFF site here)."
Comment removed based on user account deletion
I really never expected this to be worthy of Slashdot's attention.
(note: I started the email dialogue with Fred von Lohmann back on August 3rd -- I wrote the indented text in the InfoAnarchy article. Fred replied on the 8th, and I posted it on InfoAnarchy on the 9th.)
I think there are a lot of interesting ideas out there -- we have some very powerful technologies to use, but each one satisfies a different need. Someday someone much smarter than myself will find enough connections between enough individual ideas to find a way to connect them all. I think the perfect filesharing network must use lots of cool technologies -- the combined technologies of several current projects.
Fred von Lohmann wrote an excellent paper that addressed the potential legal liabilities of *developers*. In open source applications and serverless peer-to-peer networks, the developer can be invisible or anonymous. If there are no servers, the only thing left to consider is the users -- the peer nodes.
My first question to him was basically rephrasing the kind of caching and forwarding that programs like Freenet and Blocks do.
The second question was based on an idea that an InfoAnarchy user started in an article's comments. I had always assumed that index servers will be a filesharing network's weak point -- the point where index data is being traded is the point where an attacker can best censor the network.
This idea would really suck to implement. Your clients wouldn't even get to see the filenames of their search results -- they would have to trust that the hash system worked properly and that all of their search results are valid. I don't know about you, but I'd hate that. I'd be uninstalling that program in a heartbeat.
But what if that was all there was? What if every other filesharing system with an index server was whitelisted, media company controlled, or was otherwise restricting access to certain information? If a user's alternatives are either a mangled no-filename service or a whitelisted service...or no service at all...perhaps they would choose to use this idea.
Or in other words...it's technology. It's a tool. It doesn't work in all scenarios, but there may be a situation where this idea works better than any others. It's not a good Napster replacement, not by a long shot, but we should file this idea away and use it later instead of dismissing it because it isn't a magic solution.
In my experience, information security is a tradeoff: security for convenience. To gain security you usually have to lose some measure of convenience. Really smart and well-designed security solutions can give you a lot of security for very little sacrificed convenience. Some other security solutions can give you a very small increase in security for a great loss in convenience. (For example, if a bad system administrator sets his NT servers to require frequent password changes with excessively complex passwords, in an environment where users are known to write their passwords down on post-it notes anyway, you're taking a lot of convenience away from users without giving them much extra security. They'll just use more post-it notes than before.)
I have a few more ideas that may present interesting legal situations if they ever get implemented. I'll keep InfoAnarchy.org updated if Fred von Lohmann and I have any more interesting discussions.
As a parting shot: Don't blame the hackers for all of this widespread copying of copyrighted media. We aren't the ones who sold millions of *general purpose* PCs to millions of consumers. They already have the tools -- we're just helping them use their tools to maximize the rights they already have.
--Michael Spencer
blocks@mspencer.net
How many systems have native disk encryption? Two? Perhaps, Three?
That type of sharing isnt what "they" are afraid of unless its the largest pirates on the planet doing it...
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
go to so much trouble to hide illegal activity that you believe is right? Instead of thinking of new ways to circumvent copy protection and sharing, how about lobbying your congressman to get the laws changed? They are after all servants to the people they represent.
Only the State obtains its revenue by coercion. - Murray Rothbard
They want the pipes because they know that's how content will be delivered 5-10 years from now, and they sure do want to control that pipe.
No, you cannot ignore the legal implications, because:
1. It will eventually made illegal to even run the P2P client;
2. ISPs (already have) will start cutting you off for even running Napster, AudioGalaxy, Freenet, etc, bowing to pressure from megacorps.
What good is an encrypted P2P client if you've got no internet connection?
There is nothing inherently evil or illegal about peer-to-peer networking. "P2P" is a bullshit buzzword, and it's sexiness only proves how little anyone (including those in the industry) cares about staying true to defined tech terms.
I agree about the net being inherently p2p.
The difference between napster and apache is one of degree.
I can run an http client on the same machine as an http server. (and I do: wget) But the client/server paradigm is valid. There are many machines whose primary purpose is providing a resource. And there are many machines whose primary purpose is accessing a resource.
It seems p2p just means client and server services reside on a single machine.
Of course, you could also create a separate napster client and napster server.
If that's the case, the entire Internet is *dead*. If every node from here to outer Nowhere is liable for all information passing through it with regards to any and all laws and regulations in the place it exists in (and which may be legal at both endpoints btw), noone would dare operate a node.
It doesn't make any real-world sense either. If I tell you the locked steel crate I'm shipping contains pillows, and I got papers to prove it's reasonably so, UPS won't get sued for attempted drug smuggling no matter what.
Kjella
Live today, because you never know what tomorrow brings
Actually i beleive that if they do find drugs in your car, the owner is ALWAYS responsible. The idea being that you should take care not to let people with drugs into your car in the first place...
Of course, given nifty things like Freenet, such decisions might be essentially unenforceable, which would finally force some sort of action to move the law into the 21st century. It's a hell of a gamble though: start a revolution and hope things work out ok. To some, it definitely might seem a better idea to make the law safe for modern technology, then put it to good use.
Really, some people here are so out of it...The reason that the companies are so irritated is that they have it in their heads that they are losing big money because of illegal replication of their products. You know what? They ARE!
I'll be the first one to say that CDs are overpriced, but companies only understand one thing and that is being profitable.
Corporations, as well as the legal system, are organized and used to things taking years to play out. The community at large is not. I don't think for a second that designing new ways to share files is going to "win" against a corporation that knows they are losing sales.
At best, more people share files illegally and get the media companies more upset. End result is they further increase prices for the majority of people worldwide who don't know how to download Metallica and burn it onto a CD for their Linux enabled car.
It's not your right to steal someone else's product, regardless of what you think of the price. If you don't want to pay, don't buy it.
People will be pretty upset in a few years when we lose more personal liberties because a small percentage of people insist they can pirate the latest Britney Spears type groups (which by the way the media companies you love to hate engineered from the ground up to be popular, yet you MUST have it!?)
Case
If AOL or another big ISP decided to 'crack' down, I'd imagine that an event could be organized where massive amounts of users cancelled at the same time/same day.
Yeah, just assume that they'd pick the worst possible strategy for their own purposes, because it'd be the way to punish the greatest number of their paying customers. That makes sense.
More realistically they'd:
-announce loudly that P2P clients were banned
-loudly kick a few dozen of the most-connected nodes
-send scary warnings in the email of other P2P users
-continue making examples until the majority complied
This is the way ISPs enforce any new restriction on widespread abuse. It works.
---
You'd be surprised at the broadband connection available to things crawling around in your hair.
That sounds fine, except that AOL is probably the only cable modem provider in your community, whereas "Bob's" can only provide 56k or a $800 T1 line.
No, ISPs, especially smaller ones, can't afford to bow to this pressure.
They already are! Look at Adelphia cable. (Do a search). If they are a monopoly in your community, and you don't like their terms of service, what do you do?
Comment removed based on user account deletion
They don't have to finger anyone, they will just get a law passed making it illegal to run "un-certified" P2P networks, or get your ISP to chop you off at the knees just for running the client.
Mega-media companies (TimeWarner/AOL) are buying up broadband like crazy. This should scare you, because without broadband, it slows to a trickle.
Do it only with a very few people you know and do it over an encrypted pipe, storing into an encrypted filesystem.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
The idea that struck me the hardest from Fred von Lohmann's reply is "substantial noninfringing uses". I already stated in another post how I believe that the ideal filesharing client will be a successful implementation of many ideas in one program.
Hopefully law will follow logic here. If this filesharing network enables something that should be illegal, but is composed of many different parts which are all individually legal, it should follow that the process of combining these legal activities should not be illegal. The *intent* and the *actual usage* can be used to gauge the legality of the whole system.
Note that Usenet isn't illegal. (I missed that too -- I think I wasted some of Fred von Lohmann's time by making him explain that.)
Perhaps the most successful implementation of 'the perfect filesharing client' will create a large number of individual services that have tons of non-infringing uses, establish their value and their common use, and then all at once build a filesharing program that connects them all.
I think that's what you just said. Movie trailers, convention broadcasts, etc.
--Michael Spencer
blocks@mspencer.net
(use my IP's ARIN contact to reach me IRL)
Performance-wise, this caching is actually one of Freenet's strengths. If a cached copy of the data you want exists on the near side of a slow link, you never have to traverse that slow link, and Freenet's caching makes this much more likely. Obviously cache hit ratios, miss penalties, etc. have a lot to do with exactly how well it works in practice, but the caching in general will help far more than it hurts.
Speed problems in Freenet are implementation artifacts, which I expect to be fixed. There is, however, a much more serious design-level problem with Freenet: its lack of reliability. Freenet drops data. While Ian Clarke always turns several pretty colors whenever someone characterizes the data loss as random, data loss that occurs in response to events or conditions that the requester cannot control or even know is just not practically any different. Even if the data exists somewhere in the system, you might not be able to find it. Search requests have a horizon, which Freenet developers in a classic instance of "Not Invented Here" syndroms call HTL (Hops To Live) instead of using the well-known term TTL (Time To Live). If you're 10 hops from where the data was inserted, and your requests use HTL=4, you'd better hope that not one but (at least) two nodes between you and the insertion point requested the data before you. One might argue that you could just use larger HTL values, but if everyone did that your overlay network would get totally clogged with everyone's search requests hitting every other node: ask the Gnutella guys how much fun that was. Freenet makes it even worse because the routing's not reliable enough to avoid loops. The basic problem is that Freenet doesn't have any solution better than HTL to prevent this sort of query-overload meltdown, and adopting HTL as your "solution" guarantees that search results will never be more than guesses.
There are other less technical problems with the Freenet project, but it's not necessary even to go into those. On the basis of technical problems alone, I think that Freenet can never be more than a mediocre niche solution. It will certainly never be the world-changing tsunami that its self-appointed PR flacks (hello IC, OS, BW) would have us believe it is.
Slashdot - News for Herds. Stuff that Splatters.
One point he failed to make concerning the Freenet issue was with nodes B and C passing traffic, and the DMCA. Correct me if I'm wrong, but aside from it being difficult for the node operators to know about what traffic they're passing along and to remove infrigning material, would it not be illegal, since the traffic is encrypted, for the node operator to find out what that traffic is, and hence filter it?
--
"Karma can only be portioned out by the cosmos." - Homer Simpson [1F10]
FTP, HTTP, Telnet, Usenet, Gopher, POP, SMTP...and of course, IRC!
Ban it all! One computer connects to another computer and gets stuff from it. That's how it all works and always has, dimwits!
While the article says that Freenet is safe under current US lays, it doesn't address a large potential problem: Congress could pass a law making "anonymous, encrypted, peer-to-peer networks" illegal on the grounds that the only reason you would choose to use that kind of P2P network would be to trade illegal material (especially since Freenet tends to be slower than a P2P network that doesn't involve encryption).
I think we should be thinking about ways to shift public opinion in favor of Freenet, so that such a law doesn't get passed, instead of trying to work around current laws. One thing that might help would be if official videos (movie trailers, convention broadcasts) were officially distributed through Freenet, saving the content providers money on bandwidth. That doesn't help to argue that anonymity and encryption are important, however. Can Freenet be defended, or is it truly only useful for trading kiddie porn and bootleg music?
The shareholder is always right.
A good example of a decentralized p2p network is FastTrack; you'll find FastTrack in some of the newer p2p software like Morpheus and Kazza. FastTrack extends what the Gnutella developers have been trying to do.
1. It incorporates SuperNodes automatically. A SuperNode is a computer with the capacity to host serial other clients. Which solves the weakest-link problem with the Gnutella network; an example would be a user with a 56k connection having to relay all PING/PONG/QUERY messages for its section of the network. It also solves the problem of slow searches.
2. It uses a hashing scheme to identify files, this allows for the software to positively identify identical files for simultaneous downloads.
3. It's not file specific. Users could share anything. Or course he network is rampant with copyrighted software, pornographic material and mp3's. But at least it's not designed to do that - it's just used for that.
The central problem with FastTrack isn't the technology but in how's it's marketed. FastTrack license its technology to be marked by third party developers, these third partly developers market as the next napster. To manage there user base they have established a login system which breaks the decentralized nature of the network.
Thankfully the gnutella scene has been working on incorporating these features into the gnutella network. Namely the flagship gnutella companies, BearShare and Limewire.
Freenet IMO is broken except for the most fanatic of freedom fighters. The central problem with Freenet is its speed, which I believe is inherently broken. When a user begins a transfer of a file over the Freenet network it is copied to every node (space abiding) along the path. This is to enforce redundancy, and is central to the anonymous nature of the Freenet network as it allows users to be unaware of what they are storing; it also has a weakest link problem in that a hop from the source might be very slow. In theory if a file is popular enough it will always be close, however we have yet to see that happen.
The other problem with Freenet is that it is un-searchable; users are required to KNOW what they are looking for. I don't deem this is a death blow as other services could get around this, an indexing service for example
Some links that you might find helpful:
FastTrack
BearShare
Limewire
Gnutella Developer Forum @ Yahoo
MusicCity's Morpheus
Freenet
-Jon
this is my sig.
A serious question: How many broadband ISPs would both a) kick you off, and b) refuse to ever allow you to sign up with them again? Considering that that means they'd refuse to ever take money from you again? Anyone know of cases where this has happened? Which ISPs?
Also, couldn't one go through a reseller or
sign up under a different name if one has been
banned?
Just because it CAN be done, doesn't mean it should!
Well, this sounds like it's time for Freenet to reach a usable state. :)
That is the only real way we can be safe from bad laws made by people who protect business interests and don't understand technology.
An encrypted, anonymous network can completely ignore legal implications, because there is nobody directly responsible for it, or even for any single transfer.
Ultimately this big ole network has to have some way to figure out how to get those little packets of information into your computer, rather than MIT's mainframe or Aunt Mildred's or mine. That's what the IP is for. It's like trying to "anonymously" send a letter by putting it in the mailbox in front of your house. You may misrepresent the return address (IP spoof) but unless you go to a public mailbox (internet cafe) the Post Office (net) can trace the letter back to you if it wants to badly enough.
Brackets contain world's first nanosig, highly magnified:[.]
First it sends a cookie, then it wants you to register. Those guys aren't anarchists, they're control freaks.
I've thought about this. You want to be anonymous, but at the same time you want to make sure the person that just joined up isn't a narc waiting to bust your mp3 sharing ring. Can't have both. Would you trust that blank certificate? You basically have to resort to the ignorance of not knowing what it is you are carrying and letting the folks who encrypted it and put portions of it on your server worry about who they talk to.
"Beware of he who would deny you access to information, for in his heart, he dreams himself your master."
I know the purpose of something like FreeNet is that the content is encrypted, such that you don't know what you're storing, sending, and receiving. But anyone else on FreeNet also knows that you are running a FreeNet host, and your IP address, correct?
What I'm getting at is that FreeNet sounds great... but what if in the future, it is made illegal/difficult to even run a node? (and that IS coming) What then? Is there any way to hide the fact that you're running a node, and still be able to access the network?
The reason I bring this up is that many people are getting broadband. Frequently, there is only 1 DSL and 1 cable provider per community. You can't afford to get kicked off for a terms of service violation. (Whereas with dialup, you could just get another account...)
So how can you participate in peer to peer networks without endangering your (possibly only) source of broadband connectivity?
"File sharing"
And companies seem perfectly capable of enforcing this world, using a variety of strategies: putting "no server" clauses in your access provider's TOS, forcing the world to adopt proprietary and patented content formats for audio and video, and legally going after anybody who writes software that does not fit into their master plan.
Like the "anonymous" 1-800 number they use on America's Most Wanted?
I sometimes get the feeling the only reason the cops allow "anonymous" tips is so that, after listening to an illegal phone tap, one cop can go outside, pick up a pay phone, call his partner and "anonymously" report a crime...
-- Don't Tase me, bro!