Slashdot Mirror
AT&T's Plan to Play Internet Cop
Ponca City, We Love You writes "Tim Wu has an interesting (and funny) article on Slate that says that AT&T's recent proposal to examine all the traffic it carries for potential violations of US intellectual property laws is not just bad but corporate seppuku bad. At present AT&T is shielded by a federal law they wrote themselves that provides they have no liability for 'Transitory Digital Network Communications' — content AT&T carries over the Internet. To maintain that immunity, AT&T must transmit data 'without selection of the material by the service provider' and 'without modification of its content' but if AT&T gets into the business of choosing what content travels over its network, it runs the serious risk of losing its all-important immunity. 'As the world's largest gatekeeper,' Wu writes, 'AT&T would immediately become the world's largest target for copyright infringement lawsuits.' ATT's new strategy 'exposes it to so much potential liability that adopting it would arguably violate AT&T's fiduciary duty to its shareholders,' concludes Wu."
We all send copyrighted emails to one another under a license that does not allow AT&T to retransmit the contents without written permission. We then start a class-action lawsuit. IANAL, but that ought to slay the dragon if the judge agrees that the case has merit.
Nothing new here
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Two can play in this stupid game.
Aside from the problem "fiduciary duty", it's also pointless.
True, most traffic is not encrypted, but with encryption technology more accessible than ever I think that the whole effort will be a waste of resources.
I can imagine whole sub-networks cropping up that uses VPN, exchanging traffic with immunity to AT&T's traffic analysis.
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
If they lose the protection of just being a transmission medium, don't they open themselves up to liability for child porn, any crimes which may be happening over the transmitted data, and a whole slew of stuff?
It would suddenly become "if you can police this, you're required to police all of these other things". You can't selectively be enforcing what traffic travels without being responsible for all of the rest.
Hopefully, they'll figure out that if they start being the copyright police for all internet traffic, they're responsible for policing everything. Of course, I'm sure there are people who would like them to be the central censor for everything found objectionable.
Cheers
Lost at C:>. Found at C.
AT&T obviously has some deep government connections, they've got senators thinking that what's good for AT&T is good for America. They wrote the previous law, they can unwrite it. The trick will be how to include themselves and exclude their competitors... and I'm sure they'll try to stick people with open wifi ports too.
No, really. I mean it
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Comment removed based on user account deletion
at present AT&T is shielded by a federal law they wrote themselves
So they will just write another law. Do you really think that will be a problem for them to get a "children's internet safety" law passed. The government has been practically wetting themselves wanting a seemingly legal way to inspect all internet traffic, this is the opportunity. Nevermind "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" because this a non-government entity.
We are all just people.
Dammit! I've been planning on looking into switching to AT&T DSL in the near future. I currently have a local cable provider for Internet and TV. The Internet access is OK, but the TV (specifically the HD content) quality sucks bad. Plus it's local so it don't even have the clout like Comcast to improve their offerings.
I've been looking into switching to AT&T DSL and a satellite provider to try and save money and get a better product. The DSL looks like it would be about $15/month cheaper, and the dish provider would give a lot better service I think. But now there's all this talk about AT&T messing with their Internet service....gahhhhh!
When really stupid ideas start seeing the light of day. That means most of the management team has insulated themselves from criticism by surrounding themselves with toadies and have, effectively, separated themselves from any semblance of reality.
Usually the case when you see corporate behavior and wonder, "How could they be that stupid?" Because on their little planet what they're doing makes sense. Just not on this world.
In my experience it also means upper management has divided themselves into warring camps.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I assume that AT&T carries traffic across their network that doesn't neccessarily start or end with them. Somewhere in the middle? How much would this affect a Verizon subscriber accessing something from a server that's not neccessarily AT&T? Would AT&T likely get the traffic across their network somewhere in the US anyhow? If not, then could the rule be applied:
"The Net interprets censorship as damage and routes around it."
I could see a massive boycott of AT&T if this is possible, but I admittedly don't really understand too much how the infrastructure works.
Belief? Hope? Preference?The Existential Vortex
They're a small network compared to the other global players. Even if you add up their SBC+ATT operations it's still not as big as other players in the market.
If they start to block stuff and you get sued for upload and download stuff that did not get blocked can you go to court and say AT&T did not block it so it must be ok to freely upload and download it?
Way back in the dark ages, before the Internet had cast dial-up online services from the home, Prodigy lost a case over content because they chose to moderate a forum.
They didn't even argue that controlling content meant responsibility for that content: their defense was that a volunteer paid in kind was not an agent because they were not an employee.
Well, neither of the criteria contains any mention of the transfer rate. They could limit "offending" downloads to 1 kB/s.
Listen, they paid enough to get the common-carrier laws written so they would be immune from prosecution. What makes anybody think they won't just buy new laws that allow them to police traffic but still enjoy immunity? They are doing it for the children, after all...
That it's only AT&T doing the looking...for now. Wait until the gov't gets Google on it. Then we're all doomed. We'll actually have to pay for music, movies, and pr0n again. The humanity!
http://xkcd.com/386/
Here's another reason why this company was broken up in the first place back in the 80's! How in the hell did the FCC and the American Public let this slip past us? Now we are dealing with it again. WTF? When will the FCC learn?
Okay, so I'm watching TV on my Verizon FIOS (carried over the internet) and AT&T blocks it (as it goes over their network) because I'm watching a copyrighted movie. Yeah, no problem there.
"AT&T argues that it must get involved in stopping the flow of pirated content because much of this content is shared using peer-to-peer protocols, which eats up valuable network bandwidth, slowing network connections for many of its customers."
They just want to block file sharers!
The corporate weasels just dressed this up in a load of crud about copyrioght protection, protecting kittens from microwaves and otherwise keeping the planet safe for CEOs who havent yet earned thier first billion.
Thye dont need any fancy technoligy to do this -- just a list of port numbers.
Old COBOL programmers never die. They just code in C.
In the real world, "generally" cops are used as a response to incident rather than a pre-emptive measurement before an incident occurs. I think the correct term is spy.
Time-Warner cable supposidly has 50% of the bandwidth used by 5% of the users. Who wants to bet that of this bandwidth, it is almost all pirated material?
The strength of piracy on the Internet is the ease of getting the pirated material, and the ease of distribution. Thus pirated material must be easy to find. So all the MP/RI-AA has to do is find it, and do something about it. Rather than playing Whak-A-Mole on Torrent tracker servers (which are largely offshore), with ISP cooperation from AT&T it becomes possible to play Whak-A-Mole on the users of the torrents themselves...
So the MP/RI-AA or their contractor surfs the Torrent sites, and connects to the torrents with a manipulated client, verifies that a particular torrent is a copyright violation, maps the users of the torrent, and then sends an automated list of the nodes to the ISP saying "This graph is bad, any edge between two nodes in this graph should be killed", and the ISP simply RST-flood any edge in the graph which crosses its network, or just put in a router ACL to drop that pair for a while. Because the strength of the system relies on it being public and P2P, the MP/RI-AA can easily get this information.
AT&T has multiple incentives to cooperate, and can probably do it safely. It has a second party (MP/RI-AA or a company they create/contract for) do the deciding, so they dont' have the liabliity.
It keeps the content providers happy for when they are negotiating their compete-with-iTunes/Netflix video on demand and cable TV services.
It keeps the content providers from pushing through very draconian legislation, or at least draconian legislation you aren't happy with. (It can F-up your competitors, but thats just a bonus)
Its very easy to implement (short-lived router ACLs which are automatically injected and revoked).
And it drops their bandwidth bills by 30-50% by eliminating a large amount of deliberately-noncacheable (both politically and because of bittorrent encryption) traffic.
I wouldn't take it as a guarentee, but I'd almost be willing to bet that AT&T does something like this in the next year. Who wouldn't leap at a chance to reduce your costs by 30%, keep a group of "partners" you have to deal with happy, and without any real work on your part (just an SNMP-manager program)?
This won't stop closed-world pirates, but those are far less annoying to the ISPs simply because there are so many fewer of them, and less important to the MP/RI-AA because they are less likely to be users you can convert to paying customers if you make the illegal content sources unusable.
Test your net with Netalyzr
Maybe by the time AT&T has it's filtering plan in place, they also hope to have a wide-ranging immunity law passed by Congress that supplants 17 U.S.C. 512. The new law, passed by a Congress that is nearly completely united on their love for telecom companies, would give telecoms complete immunity from any lawsuits while engaged in "efforts to combat copyright violations."
It looks as if there's a good chance the telecoms will get retroactive immunity for aiding in breaking the law and eavesdropping on customer's communications without warrants; it doesn't seem to be a stretch to imagine that they will plan on their congress-critters to help them out in their fight against digital piracy.
I don't understand how anyone can object to the previous law. If you build a method of transfering information, you are not liable for what people send over it. Should gun makers be liable for what people do with their products?
Your ad here. Ask me how!
They have seen how MediaDefender has made huge profits out of the rabid desire of the music industry & hollywood to stop the perceived 'theft' of music and movies to illeagal downloads particulary torrents through technological techniques.
AT&T see themselves in excellent position to tap into this market through traffic monitoring and MediaDefender's recent stock crash after leaked emails reveal they were pwned by a bunch of high school kids http://torrentfreak.com/mediadefender-stock-plunges-due-to-leaked-emails-071222/ and http://www.portfolio.com/news-markets/national-news/portfolio/2008/01/14/Media-Defenders-Profile?print=true couldn't have come at a better time
This a big and growing market and one of its major players just took a nosedive, the market share is up for grabs.
I can't see big music & hollywood coming to their senses about the whole thing anytime soon so the 'fight' will go on and the likes of AT&T will be there to profit and drive the market.
So if you've got no morals and an idea for a good algorithm or counter-pirate technique give AT&T a ring...
we are all cosmic nuclear waste
AT&T will simply purchase a new law from Congress stating "communications providers are allowed to monitor everything you do and turn you over to the government, but if they happen to miss anything, they are absolutely indemnified." They'll make arguments like "Hey, if the police aren't able to stop a murder from happening, but are shown to be putting forth their best effort to prevent murders, you don't hold the police officer responsible -- so why should we be held responsible if we miss some illegal content?"
And all the legislators will nod their heads and murmur to each other "hey, yeah, they've got a point," while a bag of money passes quietly underneath their tables, and voila, they're allowed -- hell, probably required by the government -- to monitor all traffic and report any and all Violations of the Right to Corporate Profit, and completely immune from prosecution if they happen to miss something.
It'll happen, and the typical "America, Fuck Yeah" voter will grin and gleefully agree that it's for the Good of the Nation, and if you're innocent you should have nothing to hide anyway, so what's the big deal?
The legislators who draft and vote for the bill, meanwhile, will be hailed as patriots and re-elected, again and again, for Protecting the Motherland while simultaneously paying lip-service to smaller government and less federal intrusion into our private lives.
I abhor the fact that my daughter is going to grow up in this pathetic shell that America is today.
...or cause for netsukuku?
AT&T is already facing a mortal threat because it helped Bush/Cheney spy on every phonecall on its network for at least 5 years, in blatant violation of the FISA. Those crimes should get Bush/Cheney impeached (and it just might) - AT&T would be an even huger casualty. That's why it (and its also guilty "competitors" like Verizon - but not Qwest, which refused) is pulling in all its favors in the Congress (especially in the Senate), to get amnesty/immunity for having broken that essential law so much and so badly.
If it gets away with those many and flaming FISA violations, AT&T will write new laws to allow, even encourage, more spying like this one.
But if AT&T doesn't get amnesty (even if it convinces a court that it isn't liable for breaking the FISA, because "the devil^WExecutive made me do it"), then maybe it will be stopped. Not just from spying, but from doing whatever it damn pleases to prey on America, both regular people and the many people who've been trying for several years now to compete with new technologies like VoIP and other open networks.
Death to AT&T. Maybe a lawsuit right up its heat exhaust will do the trick.
--
make install -not war
"Who wants to bet that of this bandwidth, it is almost all pirated material?"
Without more evidence, I will not take your bet. Remember a lot of bandwidth is used by legal porn and legal streaming and media services.
Coding Blog
ya have to get off the government net to get away from government snooping
this means ya gonna have to resort to wireless p2p networks
tee hee -- this is a very interesting concept
the old linear amp. moves from the truck-stop to the geek-shop
Nothing new. Just the usual corporate policy of "Why aim for the sky when you can shoot yourself in the foot?"
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Interesting idea, but I think they'd still be playing whack-a-mole, because they would need to infiltrate every single torrent they want to shut down.
There are a lot of torrents and a lot of torrent sites, and they'd never be able to keep up.
I,for one welcome our new Pax Atandtical overlord!
As your friendly neighborhood libertarian free market absolutist, I'd like to remind you that this is, in no way, censorship or an infringement upon your liberties. Only a government can commit censorship, because governments are evil. If consumers don't like AT&T's service, they will vote with their dollars by switching to one of the numerous, highly competitive suppliers of internet access. As anybody who has ever taken Econ101 or listened to talk radio will know, nothing could possibly go wrong!
Look, if AT&T wants to curry favor with the MPAA, which is to my mind what they're trying to do, they are very likely trying to offer some service which needs the approval of the MPAA. What if AT&T wants to offer full-def streaming movies on demand with a release schedule better than the movie channels? And the MPAA says "no, not unless you guarantee there is no piracy." A marketing bozo would fall all over themselves trying to prove that they could filter intellectual property without having a clue how it was actually done or even really caring if they could do it or not.
I don't really buy the bandwidth argument -- it certainly is contributory but an ISP can mess with your packets without claiming to be a IP cop.
That is a fantastic idea. The only problem is that the "bad guys" would have equal access to that DB, and would be able to manipulate it, rendering it useless. The Man would be able to listen in just as before, just having to go through one extra step to do it.
Raging in an online forum won't do anything for the world around you. To see change, you must take action.
True, but every dead link means more frustration for the pirates. People are generally lazy. A lot of people who can do 3 mouse clicks and get a pirated DVD download will just give up and pay for the thing if they have to spend an hour following dead links and downloading half finished torrents before they get something valid. Thats all they need to do.
DRM-free indie games for the PC and Mac: Positech Games
You know, one of their main buildings is right next to my office. Maybe I could walk over there with a sword and...
Nah, maybe not. I've seen how those "guy walks into office wielding sword" news stories usually go. Don't tase me bro.
Raging in an online forum won't do anything for the world around you. To see change, you must take action.
If Google can find it, an MP/RI-AA spider could find it and spider the torrent.
If Google can't find it, the pirate users can't find it.
Oh, on the liability: according to the original article, this messes up one set of liability protection AT&T has, but they might still be able to retreat to the DMCA safe harbor provision, because they actually aren't making a decision about copyright, just enforcing someone else's decision.
But since they are enforcing someone else's decision, they can probably avoid liability if the decision is bogus.
Test your net with Netalyzr
Your post outlines a possible means by which AT&T will stop bit-torrent traffic. It seems workable and realistic, and AT&T may very implement it (despite the obvious ramifications: e.g. if they block everything listed on PirateBay they will block many sanctioned/legal file transfers).
But the P2P community will fight back. It will become an arms race. For example:
-Trackers inject all kinds of bogus data into the trackers, crafted so that humans skip over it but automated crawlers choke on the massive amount of data (and RST packets!) they must deal with. For added fun, the bogus data includes IPs of legitimate company services, so AT&T will be interfering with, e.g. Blizzard downloads.
-ISPs adjust their software to differentiate "real torrents" from "fake torrents."
-Trackers begin accumulating lists of IP addresses and other signatures that detect the ISP bots, and feed them bogus data.
-ISPs use their control of IP blocks to fake requests from different IPs.
-P2P software starts ignoring RST packets, and uses a different (encrypted) protocol to open/close sessions.
-ISPs give up sending RST-floods, and instead drop all packets.
-Trackers implement algorithms that keep track of "user contribution" based on swarm participation (transmitting valid packets), and block/throttle clients with no "reputation." This makes it difficult for the ISPs bot to browse the torrent listing without actively participating in valid torrenting.
-ISPs switch to checking what IP addresses a person connects to, and simply stalls any connection (all traffic) that connects to a tracker site.
-Trackers switch entirely to TOR: they have no public IP address or domain name. All tracking requests go through TOR routing using the ".onion" pseudo-TLD.
And so on...
My point is this is a crazy arms race, and one should not enter that kind of battle until analyzing all the possible counter-attacks. And the difference here is that hackers will view this as a challenge, whereas AT&T will be spending literally millions of dollars implementing technologies that become invalidated over and over.
Go wireless to evade snooping?
I'm not an encryption expert, but I have used my fair share of VPN gear and tunneling software.
Mathematician friends of mine tell me that most modern encryption methods put brute-force cracking well out of range of the most modern computing hardware - even distributed cracking is extremely difficult with a sufficiently large key size.
So if modern encryption techniques are so secure, what is to stop everyone from encrypting all their traffic?
Once that happens, how does AT&T propose to filter traffic it can not examine?
-ted
I don't have time myself to go looking up the law and trying to figure it out, but could this exclusion affect Comcast for its BitTorrent throttling and RST packet sending?
Too bad I used up the last of my mod points earlier today!
This same thing applies to any reflexive defense.
It applied to the Maginot Line early in the 20th century, and applies to Anti-Ballistic Missile shields, and packet filtering today.
I want to shoot the messenger!
We run a medium sized network. We monitor our folks. We can also view their screen.
Something I've noticed happening a few times which I thought was interesting. I can see the screen & url that the person is looking at, and it has very questionable content.
I pull the URL from my logs and go to that page and it serves up an entirely different site.
Sort of like the webpage that has a breakout game that looks like you are working in Excel, escalation has many fronts. If you make it difficult for people to get the content one way, they find a different way. While we dis-allow e-mail for personal use while at work, and blocked webmail - people can now surf the Internet on their phones.
Why spend all this money on a war? Why not adjust the cost of a CD or DVD to be more in line with what the multitude will pay?
How is it a DVD costs $12.99
http://www.bestbuy.com/site/olspage.jsp?id=31042&skuId=3776596&type=product&ref=06&loc=01&ci_src=17588969&ci_sku=3776596
But the same CD costs $12.99?
http://www.bestbuy.com/site/olspage.jsp?id=124207&skuId=2830565&type=product&ref=06&loc=01&ci_src=17588969&ci_sku=2830565
Shouldn't the CD be cheaper? I know I'd go back to buying CD's if they price were $5.
There's no technology that detects whether a file that's being shared contains material that's in the public domain.
This proves that AT&T is run by a bunch of assholes.
"Fascism should more properly be called corporatism because it is the merger of state and corporate power." -- Mussolini
The arms race favors the MP/RI-AA in this, because in order for a P2P system to work for file exchange, you need to be able to actually get to the peers which have portions of the file.
You don't just take the tracker at its word, but instead actually verify the nodes. This means the graph is "correct", preventing the joe-job defense.
You aren't blocking the tracker, but the actual P2P communication within the system.
And Tor so throttles ones' performance that only the truely paranoid use it for their BitTorrent.
The only reasonably-robust defense strategies involve detecting and blocking the spiders, and distinguishing them from humans. This is a hard problem, as the RI/MP-AA could even use humans (outsourced to India/China for $1/hr) for any human-like behavior needed.
One other possibility might be some honeypot nodes, which if blocked act as early warning and you track which nodes were told about the honeynodes. The problem is if the ISP is cooperating, the spider node IP addresses can be volatile (unused DHCP leases with a quick rotation time, from a large range of addresses with actual users).
The only robust defense is closed-world piracy, where the spiders can't get in, but such networks of pirates, by their very definition, are less distributive in information.
Test your net with Netalyzr
Well, they have a huge spy network paid for by Uncle Sam and meant to wiretap everybody all the time. I doubt they can store it, so it probably just filters out whatever they're interested in today, but still.
My guess is that they thought "we have this huge spy infrastructure and everyone knows about it now, why don't we monetize it?"
It's just about what I'd expect from them.
Step 1: Create something.
Step 2: Sue AT&T when it's inevitably pirated.
Step 3: Profit!
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
Mail it to the executives...
...with detailed instructions...
...and maybe a robot to demonstrate on one (or all) of them.
In a nutshell, a "man-in-the-middle" attack is no more to be feared than a "dictionary" attack on a password: the attack only works if the security is implemented poorly. In the same way that you wouldn't say, "They use a password? How useless --simply do a dictionary attack!", you would not say, "Encryption? Just do a man-in-the-middle attack!"For the same reason that they warn you when you change your password: "Your password is too short!" or "Your password is dictionary-guessable!" etc. Why would it bother doing that if dictionary attacks aren't possible?
You said:This is a common question about public key encryption. I'm going to quote my own post:
Hope that clarifies things for anyone who's still confused about WHY public key encryption works. The GP poster is correct.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
If five percent of their users are using 50% of their bandwidth, why the HELL were they selling packages to users, guaranteeing bandwidth enough to even allow this to happen?
pirated material or not, I have absolutely no sympathy on that point.
Ice Cream has no bones.
Anyone interested in intelligent reasons for why this is an incredibly bad idea could do worse than listen to this outstanding speech given by Lawrence Lessig at the SDForum Distinguished Speaker series titled "The Comedy of the Commons".
http://itc.conversationsnetwork.org/shows/detail349.html/
It's a bit long but very worthwhile.
I have been saying for a while that our corporatist government and their partners in crime will not tolerate the freedom and openness on the internet much longer.
It's ability to bypass the propaganda and behavior control traditionally handled by TV news and (now corporate) newspapers; the ability for people to organize worldwide and share information and files in real time; obviously the IP debate - all of this is the antithesis of where government and corporations are pushing societies in every other aspect of our lives.
They want to turn the net into an interactive place much like a cross between early AOL and the home shopping network....They will snoop on everything you do, download, view, etc.
You've already seen the endless barrage of stuff in the media about "how dangerous the internet is" lurking with pedophiles and terrorists, viruses and those who want to steal your identity; when in reality none of those things are real threats if you take the most basic of precautions.
It may take a catalyzing event, like a virus that shuts down a financial network or turns off a power grid or plays a part in some "terrorist attack." They may even try to require that everything you do online is stamped with a virutal confirmable ID that you have to renew like a drivers license.
This is coming, make no mistake about it. The only hope we have to prevent it is to fight fiercely on both the corporate front (against non net neautrality, because if they can't legislate it directly, they'll do it in a defacto manner) and against laws like S1959 which criminalize thoughtcrime and dissent; make organizing a boycott and other such actions a crime and involve the internet.
isn't that like shoplifting and then saying the store security guard didn't catch you so you presumed it was ok?
Isn't this what the music and movie industry are already doing?
If the security guard was scanning you as you left the store and he did not catch what you had on you at the time then It's like he was what you had on you and said it was ok to leave.
AT&T's execs should already be on trial for spying on Americans.
You wouldn't have to worry about these new evil plans if the justice department wasn't afraid to do their job.
I abhor the fact that my daughter is going to grow up in this pathetic shell that America is today.
My wife and I will have a daughter in early May. I don't personally like the way this country is going. I will still try to create a safe environment for my daughter and teach her what she needs to know to survive in this economic/political climate and hopefully have her be adaptable enough to survive in most any climate.
It may be a lofty goal, but it is my responsibility as a "future" parent to do what I can for my child.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling
... AT&T will be spending literally millions of dollars implementing technologies that become invalidated over and over.
As opposed to spending millions of dollars carrying "pirate" traffic? The "sharers" aren't free. They use huge quantities of bandwidth that AT&T would rather sell (many times over) to customers who won't use it.
Bittorrent is something like 1/3 to 1/2 of all traffic. If I was in the traffic biz and I could cut my volume by 1/3 and bing in the same revenue, I'd jump at it.
Now the slashbots are all outraged for the usual reasons, but this is hardly corporate seppuku.
I'm wondering this... if AT&T filters all content on its network, doesn't that mean it also filters content that goes to ISPs that buy bandwidth from AT&T?
Wouldn't that amount to breach of contract with these ISPs??
Not only that, but what about those ISPs' own customers -- who can no longer get what they are paying their ISP for, since their ISP can no longer get unfiltered bandwidth from AT&T.
If this is how it works, it's one helluva can of legal worms.
~REZ~ #43301. Who'd fake being me anyway?
Bring back key escrow, make it mandatory. Possession of encryption software without automatic escrow is illegal. Illegal software far fetched? No, the DMCA showed us this, as did the recent law in Germany over "hacking tools."
Initially the keys will only be released to "catch terrorists," and that is how it will be passed. Watch it start to be used for regular crime, then to snoop for copyright infringement. Far fetched? Again no, the Patriot Act's over-reaching powers were sold as anti-terrorist, but they've become popular in going after regular criminals, and then they were used against a Stargate SG-1 fan for copyright infringement.
interesting. but what makes you think they'd drop their prices based on reduced network bandwidth?
"If for any reason you're not satisfied with our service, I hate you."
"An Internet pig is an Internet pig is an Internet pig."
Can I bum a sig?
Seems silly doesn't it?
The only way it makes sense is if the wire you'd be using in place of the wireless runs straight to the people you're most worried about snooping your connection. At least with wireless they'd have to be in some sort of physical proximity instead of conveniently having all your packets dropped right on their doorstep.
Won't happen unless you do all of this over UDP. TCP RST packets cannot be ignored - it's why Comcast was so effective. RST packets are handeled at the stack level, not at the application level. Any conforming stack MUST reset a connection when it gets a RST packet. So if you want a conforming TCP/IP stack, you have to implement this behavior.
Now, if an open source operating system would allow a filter for RST packets, that might work, but it requires modification to the TCP stack. UDP is the much better option here as it's connectionless.
but that's the problem -- it saves them money. but we'll never see the savings. if they cust a third of their bandwidth, the prices wouldn't go down. besides, doesn't it balance out even if you have 50% of bandwidth being used by a minority when most people are just checking their e-mail and shopping online? i could be wrong, but i don't buy their argument that piracy is crippling their networks. it's just a cheap ploy for the chance to censor content. it's the golden rule: he who has the gold makes the rules. cliche but true.
"If for any reason you're not satisfied with our service, I hate you."
So if modern encryption techniques are so secure, what is to stop everyone from encrypting all their traffic?
Once that happens, how does AT&T propose to filter traffic it can not examine?
Your ISP: the ultimate man in the middle. You want real security, hand deliver your public key to all your contacts after first encrypting *it*. With a one-time pad. Which you then proceed to burn. And eat the ashes.
They don't want their deceptive advertising, bordering on criminal fraud, exposed. They committed the equivalent of overselling shares in a company, like in The Producers.
But at least TWC has reasonable plans. They're going to start doing metered usage and make the high bandwidth users pay more. State the truth about your network capacity and charge people for their use, what a concept!
Actually you have it exactly backwards. The "net", as you call it, exists in its present form because of the internet community ... entirely.
Some of the best features of the internet have been shaped by the very "bad Behavior", which you rail against. While some of the problems with the internet that you are blaming on "Hackers" are actually caused by the big companies (AT&T, Sony, Microsoft, etc.) that you wish to have "Supervise" the internet for you.
As for your list; Keyloggers have legitimate use, by sysadmins among others.
Software distribution over the internet is legitimate; ever hear of Open Source Software? Didn't Sony recently include a rootkit on some of their physical media? Are they included in the "misbehaving Kids" you're talking about?
Copyright law is a moving legal target and the subject of much debate regardless of the medium. You shouldn't have even included it in your post.
Hushmail and PGP mail are also legitimately used wherever security is of concern. Those resources were developed for entirely legitimate reasons.
Even some spam is legitimate. I get email from places where I shop, how about you? Well that type of email is spam.
Are you suggesting that your whole list of computer processes is entirely criminal in and of itself? Tell that to your bank, your investment firm, and your Government and Military, among others ... all of whom use most if not all of the technologies you list, and use them for legitimate purposes.
Your computer is not a TV. It never was. It's more akin to an open window to the town square.
Besides, anything can be misused; do you want to outlaw all cars because of some bad drivers?
If you need a virus free computing experience, you will need to use a less vulnerable Operating System. That's right, you will have to "think" and maybe even "learn" something.
To whomever abused the modding system and modded the parent "Flamebait" ... Mod points are not intended to censor points of view with which you disagree.
Someone will say "computational overhead" but I heard of this thing called Moore's Law. Nevertheless, it is somewhat of an obstacle, because MitM is an active step. But if they start doing MitMs, they face a serious problem: they will get caught. Maybe not everyone is going to have a trusted introducer for their communications, but some people will. As soon as the attacker MitMs one of those, it's going to be detected. Then word will get out that AT&T does MitM attacks. Legal issues aside, that will raise awareness, and people will start using a good WoT.
Who cares? In discussions about network security (just as in discussions about DRM), copyright infringement is mostly irrelevant, even if it is the initial cause of the coflict. If AT&T starts MitMing, they are a threat to everyone, not just pirates. They'll be reading your love letters, examining your bank transactions, etc. You don't even know if a link is being used for copyright infringement, until you have already snooped it. If AT&T does this, the issue won't really about pirates anymore. We as a society will have to deal with AT&T, and we will.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Friends in government? Nah . . . .
"They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety" Franklin
I'm curious -- when you talk about survival in most any climate, are you talking actual "survivalist" methods? Hunting, growing your own food, building shelter and fires, et cetera? Like many computer geeks, I've never been much of an outdoorsman, so I could probably use some brushing up on those sorts of things too. Maybe we can learn together as she gets older.
Not that I really think society is going to collapse or whatnot... but they would definitely be some good skills to know.
How do you create an encryption system between two entities when a 3rd has access to all the same technology and can monitor, intercept, and spoof all communications.
It is an interesting problem, any crypto guys out there want to take a stab at it.
I have one question -- How?? This isn't about AT&T bugging their consumer-level services, this is about AT&T bugging their backbone, meaning just about *any* ISP in the US (and probably in many other countries too) is going to have their traffic sniffed. As far as I can tell, there's precisely Jacques Merde that people can do about it with their wallets, unless you start talking about people like George Soros and Ted Turner and the like.
Cheers,
"What in the name of Fats Waller is that?"
"A four-foot prune."
Then stop using Windows. Duh.
If AT&T does this, it's equal to declaring war on the entire internet. I think it's a crazy, a STUPID move. All it will do is make the security technology more sophisticated and increase privacy for all.
AT&T, please do this.
What if they just inspect the content, not change it or block it?
Then RIAA and the like would know who to attack.
Of course, they could just be trying to encourage universal encryption.
There is not much that AT&T can do about encryption. Support they do try to block or ban traffic which looks suspicious, well people will just respond by making the traffic look less suspicious. Suppose they try to decrypt? Then people will use better encryption schemes that they'll have a harder and harder time until it's impossible to decrypt it all.
How will they deal with packet encryption? What if a hardware device were to literally encrypt every single packet with a different key of 128bit length, on each end?
What they will do is create a market for hardware level encryption. They will also make it so encryption works on the packet level instead of just encrypted files, which would honestly be their worst nightmare because even with all the super computers in the world, they'll have a hard time decrypting every packet.
It's good for security technology for them to do this kinda stuff.
.p2p format. Look at Freenet. And that's just the beginning. Nothing stops the hardware companies from making hardware products. It's like when the cops started using lasers to track cars, and the car owners started buying the cop car detectors.
These types of attacks on the internet only make the internet less vulnerable to attack in the future. They are going to increase the security of the internet by doing this.
Currently most users don't know what encryption is, and most hackers are busy focused on other stuff. If AT&T does this, millions of hackers who are currently writing linux software or legit software, will start writing software designed to surpass the limits AT&T places on them.
Just look up the
As I see it, AT&T is wasting their time. Nothing can stop people from sharing files. All this does is stop users from sharing unecrypted files. How will AT&T stop darknets, and encrypted p2p?
The icing on on the cake will be when malware appears that starts sending copyrighted material from an unsuspecting consumer's machine. The rash of complaints from innocent customers outght to be enough to severly cut into most ISP's profits, or at least force them to increase their customer service budget.
Find coupons in Greeley
It will be a great, great day for America, and the world when AT&T does this ( IF they do. I am not yet convinced they are really that stupid). Mark where you were that day, and take a picture for posterity. You will be able to tell your children one day, "Yes Billy that was where I was when AT&T started the death march for the MAFIAA and government sponsored surveillance and suppression of free speech".
I really do, and I mean seriously, pray that this happens. I got kneepads on, and my back hurts from praying and chanting to any god that will listen.
There are posters that believe this to be in response to the government and media losing control of its propaganda machine. Some believe it is just the MAFIAA at work behind the scenes. All of the reasons, the catalysts for this event are irrelevant. To quote the Architect from the Source, "Concordantly, while your first question may be the most pertinent, you may or may not realize it is also the most irrelevant".
This is really about human nature. Our very nature is to not only create information, but to share it . We have a great need to do this. Our curiosity and creativity is with us from birth. Watch a young child closely, and you will see the simplicity of this truth. Art, Science, and Philosophy are all driven by this inherent or instinctive trait that we possess as a species. It may be what helped us evolve.
Unfortunately, we also have a darker side to our nature. It may also have helped us evolve into what we are today, but it may also be what ultimately destroys us. There is always a fraction of us, which develop an unwavering need to control other members of our species. They assert their dominance and control, and not always in a benign, and selfless manner. This has been accomplished through violence, fear, intimidation, and murder.
Corporations and governments are merely groups of people operating together to accomplish a purpose. Corporations must not only profit, but also expand. Governments, of any size, operate under a social contract. Of course, they ultimately become corrupt and the social contract can be changed, often without the consent, or to the benefit, of the society it intended to protect and nurture. This happens to be so, since these entities are made up of people, and it is people that exhibit the aforementioned "flaw". It is hard for these organizations to change, since nepotism is also a behavior at the core of our nature. In other words, organizations tend to recruit, promote, and protect those individuals that have like minds and are willing to follow in their superiors footsteps and implement and promulgate the paradigms of their organization.
The free flow of information can threaten a government's ability to control the masses. There is an abundant amount of evidence throughout history that shows this. It should also be no surprise to people that corporations would be against the free sharing of ideas, and content. The need to share information is in direct conflict with the concept of intellectual property. Corporations must control information, since only through control, can they secure profits from it.
Never in the history of mankind have we been able to share information and content so freely, and so effectively. This is a dire threat to those that would seek to control us, and a mortal wound to those that would seek to profit through the control of its flow.
Regardless of whatever philosophy, morals, or ethics you want to apply to this situation, it exists and will not go away. It may be akin to mob mentality, but people will continue to share information, regardless of intellectual property considerations or consequences. If consequences truly stopped us, then why is the Drug War failing? I want to make it clear, that I am not promoting or detracting from capitalism, socialism, commu
So, will AT&T still be "The RIGHT Choice"?
Or, more, will AT&T ask themselves, "Was it the RIGHT choice?"?
Previously: "Linux... Toward the Sunrise..." Now: "Linux... Toward the-- No, now, part of Every Sunrise"
So if they look at everything will they spy on my e-mails back and forth with my patent lawyers?
Are they going to look at my collaborative R&D going back and forth?
Will they look at DARPA contract work too?
If not how are they separating all this?
Are all their workers citizens that passed top secret clearance?
if Not - Why are they not being ARRESTED for SPYING?
If this comes to pass, I'm not at all worried about what it'll do to my pirating. I'm sure there will be plenty of ways to download all the stuff I care to pirate and then some.
I'm more worried that this will screw over suspicious-looking, but legitimate traffic where I can't just use the latest clever work-around.
The pirates, after all, are a lot better at setting up servers and such than most normal companies.
Seeing as ATT is already filtering all the traffic for the NSA I don't see that it would be much harder to add this layer.
Welcome to the American Stasi.
If ATT does this - it opens the door for the government to require other carriers to do the same - thus eliminating competition for ATT. This bad thing suddenly looks even worse. The NSA is underwriting the cost of the system - other carriers that followed the law (Quest) will not get the same help and will be forced out.
Just a quick read of the 1998 immunity law makes it clear that "without selection of the material" and "without modification of content" is intended to provide immunity for user-generated content as opposed to ISP-generated content. In other words, the ISP doesn't select material or modify content to create content, it just makes what the user created available over the network.
Simply *blocking* undesirable content would not fall under selection or modification. Tim Wu is frothing hyberbolic because he is so against network filters and AT&T. He's lost his objectivity (if he ever had any).
Using Tim Wu's argument, closing an AT&T-network-hosted child porn website would violate the 1998 law.
This may WELL BE a stupid move by AT&T. But "it's illegal" is a complete red herring.
And thus good bye to my iPhone. Encryption is not a great answer as a lot of traffic is not end user controllable. It is a good thing to do in these days of the government and industry thinking they can peruse our externally extended brains with impunity. But it is not imho the best answer. A better effective answer is to slam any company that tries such nonsense in the wallet directly and press class action suits. Make it expensive and scary for so-called internet providers to play these games.
By the logic in the original post, wouldn't Comcast already be liable under current law, since they are now interfering with selected traffic by blocking p2p transfers?
You've been modded "funny" for this. But the point you've made is absolutely valid.
It's not as if the ISP necessarily has any malicious intent. Though, come to think of it, to judge by the quality of customer service of some of them, we might want to leave that as an open question.
But you know what? The only thing that you have to keep private is your private key. That's why you must always generate the key pair locally. Public keys are supposed to be distributed widely. There's no harm in anyone in the middle seeing it in transit. They're not learning anything that you want to be kept secret.
A counterfeit public key will not correspond with your private key, but it could cause grief for any party which encrypts sensitive information with it. This and some other related scenarios are addressed by wrapping the public key in a certificate signed by a trusted authority.
Now, what about the case where you have generated the key pair and want to get it made into a certificate? In order to do this, you have to transmit the bare public key to the certificate authority. That's okay too. You encrypt it with the public key of the authority, contained in a root certificate which by definition is trusted, meaning that you have it already.
Parity: What to do when the weekend comes.
Tools/Options/Connection/Transport Encryption/Require Encrypted Password
Tools/Options/Connection/Networks/The Onion Router (Tor) Network
But you know what? The only thing that you have to keep private is your private key. That's why you must always generate the key pair locally. Public keys are supposed to be distributed widely. There's no harm in anyone in the middle seeing it in transit. They're not learning anything that you want to be kept secret.
Ah, the beauty of the man in the middle attack! The problem is, how do your contacts know they're using *your* public key? If the ISP can successfully intercept everything on all ends (and they could if they cared enough), then they replace your public key with theirs, decrypt incoming traffic using their own public key and re-encrpyt it with your public key. Total bummer.
Now, what about the case where you have generated the key pair and want to get it made into a certificate? In order to do this, you have to transmit the bare public key to the certificate authority. That's okay too. You encrypt it with the public key of the authority, contained in a root certificate which by definition is trusted, meaning that you have it already.
So that helps...except there has to be some ultimate thing you trust. That would be the root certificate. Question is, how do you get that? Can't be online, let's imagine your ISP redirects all traffic destined to Verisign to themselves. It's very much a regressive problem. You have to trust something, but if you're using encryption you probably aren't in the trust business.
You're right, I wasn't being facetious - you want secure communications with someone, you need a secure way of getting something truly trusted. You need to start with something you know is good. And that's why I maintain that the best way to do it is with one-time pads that you've exchanged, in person, with someone you trust completely.
And no, I'm not paranoid, because they are out to get me. That makes me cautious. ;)
But your wireless goes somewhere doesn't it?
I pointed out that this is what gave rise to digital certificates, in which your public key is signed by a certificate authority. Anyone encountering the certificate can immediately verify that it has not been tampered with. I also described how to securely transmit a bare public key to that authority so that it cannot be counterfeited at that point either.
You're absolutely right to observe that, despite all these means of verification, there has to be some ultimate thing you trust. You need something to bootstrap the rest of the process. That would be a root certificate in the case of a hierarchical public key infrastructure, though there are other approaches, such as Zimmerman's PGP, which attempt to distribute trust from the bottom up, and others based on trust metrics. In other words, some consideration also should be given to how distant that source of authority is from the particular object of interest to you.
So, while I agree that we each individually have to start with some source of information that we trust, among the various mechanisms which depend on this source, each has strengths and weaknesses. If you go for the single authority approach, say George Bush just for the sake of argument, then (a) if George Bush is compromised then so are you, and (b) George Bush is going to be overwhelmed with requests out of band for root certificates. If, on the other hand, you go for a "web of trust" approach, then (a) your verification effort increases with the number of peers, and (b) you have introduced multiple points of compromise.
What happens in practice is that we make some concessions for the sake of usability. For example, web browsers come with a set of root certificates preinstalled. Who decides this set? Not you, certainly. You can strip them all out, and then install just the root certs that you have received through some, presumed secure, channel. Yes, you could set up a one-time pad with some trusted individual in order to create this channel, but as you point out, you would have to trust that individual completely, and they would have had to trust someone else in order to get their copy of the root cert, and so on. Every such step is an injection point and a dilution of trust, and worse still, you can't determine how many steps there were between the root authority and you.
So your approach ends up delivering an informal, unknown, unquantified, unverifiable effect of trust dilution. The only way around this is to go straight to the certificate authority with your one-time pad, and for reasons of scale that ain't gonna happen. What happens instead, deplorably imperfect though it may be, is that in effect we trust the web browser. If I wanted to distribute a counterfeit root cert, I'd start by installing it into a browser distribution and set it loose on the net.
But this leads to an important observation. Besides trusting some certificate at some point, we inevitably also have to trust the software which puts that certificate to use. There is no way around it. And, if that degree of trust is equivalent, we might as well combine the two together and decide whether or not to trust the whole package. In that case, you might not be satisfied with exchanging a one-time pad with your completely trusted peer. You might want to exchange source code for a very basic web browser or other transfer agent which contains a hardcoded root cert, then use it to bootstrap a signed browser.
But if you're a purist, that's not enough either. Your underlying system might be compromised, such that whatever you try to install, it substitutes its own backdoor. Given industry p
Parity: What to do when the weekend comes.
It seems to me that these Big Money folks think that I swore to defend the president and his big money friends. As a US Army Ranger, I swore to defend the "Constitution" from all enemies, foriegn and domestic. The freedom of expression available today with the Net is our last bastion of free speech. One cannot express an opinion to our leaders now without being arrested as was demonstrated just the other day. The Secret Service agent that made the arrest and is now getting hammered for it didn't even witness the so called "incident". Future wars will be fought not for land or oil, but for "Bandwidth". That is why the corporations and big money interests need to assume complete control over the net. As it stands today, it is the biggest threat to them and the policies of max profit. What is scary to me is how the rest of the world will react. These money hungry people may cause the fall of the greatest country on earth and lead to a real world war. Those of us who are in the know and have the training and are already sworn in to defend democracy and the US Constitution will not stand idly by... This we will defend.
I agree....It's scary how little the "American Idol" watching general public realize about the situation we're in.
...Voice or no voice, the people can always be brought to the bidding of the leaders. That is easy. All you have to do is to tell them they are being attacked, and denounce the pacifists for lack of patriotism and exposing the country to danger. It works the same in any country."
When I look 5 years down the line I can see several possible outcomes, hardly any of them good - and one of the possibilities I see is this country being in a sort of civil war.
When you look at all of the legislation and executive orders it seems like these elements of the government are preparing for a power grab and martial law. With so many of our soldiers and Natl Guard overseas fighting empire wars it scares me, because if some like this were to happen I can see the government using Blackwater and foreign troops (there have been foreign troops training on US soil according to some things I have read which seem to be credible) and if you look at the drills being run out of Ft. Bliss since at least 2000 (of which I have seen a lot of video) where they go to a US city (Oakland) and take over part of it, hire extras to play civilians and have them yell things like "I am an American Citizen" etc it is very scary.
If anyone is reading this and things the above sounds crazy, trust me, I would too had I not seen these things with my own eyes. One of the resources for the video I am referring to is on Alex Jones "Martial law: Rise of the Police State" or something like that. People may find Alex to come off as a little kooky, but but his facts are credible.
I think we're in trouble here in America and it makes me so sad - because I love this country and it's people, I believed everything I was taught in school about the constitution and how the founding fathers came here and established this country to get away from excessive tax and for religious freedom (subsequent reading and study as an adult has taught me that it wasn't quite that simple, but nonetheless that was a big part of it) - and I remember the 80s when we constantly lambasted the Soviets and the East German Stassi for spying on their own citizens and criticized and looked down on other countries who did all of the things which are happening here now. Nobody would have ever believed it.
Many people think all of the recent corruption started with this administration; and it is true that they have gone beyond the pale, but it is also that they aren't trying as hard to hide it - which is scary because it means they feel completely safe being unconstitutional and doing illegal (and I would say immoral) things...It wasn't just them - all of the recent administrations before it played a part in this and had their own corruptions etc which have gotten this country to where it is today.
And all of this stuff using the oldest tricks in the book - having a catalyzing event (9/11) and then, as Hermann Goering said:
"Naturally the common people don't want war; neither in Russia, nor in England, nor in America, nor in Germany. That is understood. But after all, it is the leaders of the country who determine policy, and it is always a simple matter to drag the people along, whether it is a democracy, or a fascist dictatorship, or a parliament, or a communist dictatorship.
Apparently the people who are in control of our country have learned from this.
I'm no survivalist. I am a southern born man, so I do know how to hunt and fish. I have grown a garden or two. But I did these for fun and recreation, not to survive. Sometime I could share some deer hunting stories... see I am the worst deer hunter in the world. They came closer to killing me than I have them.
On the subject of children, I was focusing more on critical thinking and money skills like you suggested. I have a BS in computer science. I do believe the ability to sift through large amounts of readily available information and put something cohesive together from it all will be the critical skills of the future. Just knowing things is not good enough. Soon anyone can "know" things in a connected society. It is what people can do with their knowledge that is important.
I would be glad to have further conversations about children and society in general. Oh, and congrats on your child. I can hardly wait to be where you are.
I only look human.
My mother is a halfling and my dad is an ogre, so that makes me an Ogreling