Slashdot Mirror
AT&T's Plan to Play Internet Cop
Ponca City, We Love You writes "Tim Wu has an interesting (and funny) article on Slate that says that AT&T's recent proposal to examine all the traffic it carries for potential violations of US intellectual property laws is not just bad but corporate seppuku bad. At present AT&T is shielded by a federal law they wrote themselves that provides they have no liability for 'Transitory Digital Network Communications' — content AT&T carries over the Internet. To maintain that immunity, AT&T must transmit data 'without selection of the material by the service provider' and 'without modification of its content' but if AT&T gets into the business of choosing what content travels over its network, it runs the serious risk of losing its all-important immunity. 'As the world's largest gatekeeper,' Wu writes, 'AT&T would immediately become the world's largest target for copyright infringement lawsuits.' ATT's new strategy 'exposes it to so much potential liability that adopting it would arguably violate AT&T's fiduciary duty to its shareholders,' concludes Wu."
We all send copyrighted emails to one another under a license that does not allow AT&T to retransmit the contents without written permission. We then start a class-action lawsuit. IANAL, but that ought to slay the dragon if the judge agrees that the case has merit.
Nothing new here
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Aside from the problem "fiduciary duty", it's also pointless.
True, most traffic is not encrypted, but with encryption technology more accessible than ever I think that the whole effort will be a waste of resources.
I can imagine whole sub-networks cropping up that uses VPN, exchanging traffic with immunity to AT&T's traffic analysis.
$7.95/mo, 200 GB disk, 2TBxfer, MySQL, PHP, RoR.
AT&T obviously has some deep government connections, they've got senators thinking that what's good for AT&T is good for America. They wrote the previous law, they can unwrite it. The trick will be how to include themselves and exclude their competitors... and I'm sure they'll try to stick people with open wifi ports too.
No, really. I mean it
The simple truth is that interstellar distances will not fit into the human imagination
- Douglas Adams
Comment removed based on user account deletion
at present AT&T is shielded by a federal law they wrote themselves
So they will just write another law. Do you really think that will be a problem for them to get a "children's internet safety" law passed. The government has been practically wetting themselves wanting a seemingly legal way to inspect all internet traffic, this is the opportunity. Nevermind "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" because this a non-government entity.
We are all just people.
When really stupid ideas start seeing the light of day. That means most of the management team has insulated themselves from criticism by surrounding themselves with toadies and have, effectively, separated themselves from any semblance of reality.
Usually the case when you see corporate behavior and wonder, "How could they be that stupid?" Because on their little planet what they're doing makes sense. Just not on this world.
In my experience it also means upper management has divided themselves into warring camps.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I assume that AT&T carries traffic across their network that doesn't neccessarily start or end with them. Somewhere in the middle? How much would this affect a Verizon subscriber accessing something from a server that's not neccessarily AT&T? Would AT&T likely get the traffic across their network somewhere in the US anyhow? If not, then could the rule be applied:
"The Net interprets censorship as damage and routes around it."
I could see a massive boycott of AT&T if this is possible, but I admittedly don't really understand too much how the infrastructure works.
Belief? Hope? Preference?The Existential Vortex
Well, neither of the criteria contains any mention of the transfer rate. They could limit "offending" downloads to 1 kB/s.
Yea, that's the whole point of the article, you should really try and read it ;-)
Probable impossibilities are to be preferred to improbable possibilities.
Aristotele
Listen, they paid enough to get the common-carrier laws written so they would be immune from prosecution. What makes anybody think they won't just buy new laws that allow them to police traffic but still enjoy immunity? They are doing it for the children, after all...
That it's only AT&T doing the looking...for now. Wait until the gov't gets Google on it. Then we're all doomed. We'll actually have to pay for music, movies, and pr0n again. The humanity!
http://xkcd.com/386/
This issue isn't just limited to AT&T customers. It affects everyone because AT&T is a tier 1 provider, meaning that they provide backbone access for several ISPs. They are looking to sniff *all* traffic, not just traffic of their DSL customers.
Nick
"A plan fiendishly clever in its intricacies"- Homer Simpson
Here's another reason why this company was broken up in the first place back in the 80's! How in the hell did the FCC and the American Public let this slip past us? Now we are dealing with it again. WTF? When will the FCC learn?
"AT&T argues that it must get involved in stopping the flow of pirated content because much of this content is shared using peer-to-peer protocols, which eats up valuable network bandwidth, slowing network connections for many of its customers."
They just want to block file sharers!
The corporate weasels just dressed this up in a load of crud about copyrioght protection, protecting kittens from microwaves and otherwise keeping the planet safe for CEOs who havent yet earned thier first billion.
Thye dont need any fancy technoligy to do this -- just a list of port numbers.
Old COBOL programmers never die. They just code in C.
Time-Warner cable supposidly has 50% of the bandwidth used by 5% of the users. Who wants to bet that of this bandwidth, it is almost all pirated material?
The strength of piracy on the Internet is the ease of getting the pirated material, and the ease of distribution. Thus pirated material must be easy to find. So all the MP/RI-AA has to do is find it, and do something about it. Rather than playing Whak-A-Mole on Torrent tracker servers (which are largely offshore), with ISP cooperation from AT&T it becomes possible to play Whak-A-Mole on the users of the torrents themselves...
So the MP/RI-AA or their contractor surfs the Torrent sites, and connects to the torrents with a manipulated client, verifies that a particular torrent is a copyright violation, maps the users of the torrent, and then sends an automated list of the nodes to the ISP saying "This graph is bad, any edge between two nodes in this graph should be killed", and the ISP simply RST-flood any edge in the graph which crosses its network, or just put in a router ACL to drop that pair for a while. Because the strength of the system relies on it being public and P2P, the MP/RI-AA can easily get this information.
AT&T has multiple incentives to cooperate, and can probably do it safely. It has a second party (MP/RI-AA or a company they create/contract for) do the deciding, so they dont' have the liabliity.
It keeps the content providers happy for when they are negotiating their compete-with-iTunes/Netflix video on demand and cable TV services.
It keeps the content providers from pushing through very draconian legislation, or at least draconian legislation you aren't happy with. (It can F-up your competitors, but thats just a bonus)
Its very easy to implement (short-lived router ACLs which are automatically injected and revoked).
And it drops their bandwidth bills by 30-50% by eliminating a large amount of deliberately-noncacheable (both politically and because of bittorrent encryption) traffic.
I wouldn't take it as a guarentee, but I'd almost be willing to bet that AT&T does something like this in the next year. Who wouldn't leap at a chance to reduce your costs by 30%, keep a group of "partners" you have to deal with happy, and without any real work on your part (just an SNMP-manager program)?
This won't stop closed-world pirates, but those are far less annoying to the ISPs simply because there are so many fewer of them, and less important to the MP/RI-AA because they are less likely to be users you can convert to paying customers if you make the illegal content sources unusable.
Test your net with Netalyzr
Maybe by the time AT&T has it's filtering plan in place, they also hope to have a wide-ranging immunity law passed by Congress that supplants 17 U.S.C. 512. The new law, passed by a Congress that is nearly completely united on their love for telecom companies, would give telecoms complete immunity from any lawsuits while engaged in "efforts to combat copyright violations."
It looks as if there's a good chance the telecoms will get retroactive immunity for aiding in breaking the law and eavesdropping on customer's communications without warrants; it doesn't seem to be a stretch to imagine that they will plan on their congress-critters to help them out in their fight against digital piracy.
They have seen how MediaDefender has made huge profits out of the rabid desire of the music industry & hollywood to stop the perceived 'theft' of music and movies to illeagal downloads particulary torrents through technological techniques.
AT&T see themselves in excellent position to tap into this market through traffic monitoring and MediaDefender's recent stock crash after leaked emails reveal they were pwned by a bunch of high school kids http://torrentfreak.com/mediadefender-stock-plunges-due-to-leaked-emails-071222/ and http://www.portfolio.com/news-markets/national-news/portfolio/2008/01/14/Media-Defenders-Profile?print=true couldn't have come at a better time
This a big and growing market and one of its major players just took a nosedive, the market share is up for grabs.
I can't see big music & hollywood coming to their senses about the whole thing anytime soon so the 'fight' will go on and the likes of AT&T will be there to profit and drive the market.
So if you've got no morals and an idea for a good algorithm or counter-pirate technique give AT&T a ring...
we are all cosmic nuclear waste
AT&T will simply purchase a new law from Congress stating "communications providers are allowed to monitor everything you do and turn you over to the government, but if they happen to miss anything, they are absolutely indemnified." They'll make arguments like "Hey, if the police aren't able to stop a murder from happening, but are shown to be putting forth their best effort to prevent murders, you don't hold the police officer responsible -- so why should we be held responsible if we miss some illegal content?"
And all the legislators will nod their heads and murmur to each other "hey, yeah, they've got a point," while a bag of money passes quietly underneath their tables, and voila, they're allowed -- hell, probably required by the government -- to monitor all traffic and report any and all Violations of the Right to Corporate Profit, and completely immune from prosecution if they happen to miss something.
It'll happen, and the typical "America, Fuck Yeah" voter will grin and gleefully agree that it's for the Good of the Nation, and if you're innocent you should have nothing to hide anyway, so what's the big deal?
The legislators who draft and vote for the bill, meanwhile, will be hailed as patriots and re-elected, again and again, for Protecting the Motherland while simultaneously paying lip-service to smaller government and less federal intrusion into our private lives.
I abhor the fact that my daughter is going to grow up in this pathetic shell that America is today.
AT&T is already facing a mortal threat because it helped Bush/Cheney spy on every phonecall on its network for at least 5 years, in blatant violation of the FISA. Those crimes should get Bush/Cheney impeached (and it just might) - AT&T would be an even huger casualty. That's why it (and its also guilty "competitors" like Verizon - but not Qwest, which refused) is pulling in all its favors in the Congress (especially in the Senate), to get amnesty/immunity for having broken that essential law so much and so badly.
If it gets away with those many and flaming FISA violations, AT&T will write new laws to allow, even encourage, more spying like this one.
But if AT&T doesn't get amnesty (even if it convinces a court that it isn't liable for breaking the FISA, because "the devil^WExecutive made me do it"), then maybe it will be stopped. Not just from spying, but from doing whatever it damn pleases to prey on America, both regular people and the many people who've been trying for several years now to compete with new technologies like VoIP and other open networks.
Death to AT&T. Maybe a lawsuit right up its heat exhaust will do the trick.
--
make install -not war
Nothing new. Just the usual corporate policy of "Why aim for the sky when you can shoot yourself in the foot?"
GAAH! MY PRINTER IS ON FIRE!!! PUT IT OUT! PUT IT OUT!
Try getting dry loop DSL, it's even worse.
AT&T does offer dry loop, but they won't admit it, and most of their call center drones don't know that it exists. I ordered it a few months back, and after being transferred all over the place just to find someone that would admit that it existed and knew how to set it up, I finally got someone to actually hook it up.
After I got my first bill, I jumped online and set up automatic payment, and everything was fine. Then, two months later, I get a nastygram saying my bill was overdue. The notice had a completely different account number. So, I call AT&T and tell them I'm getting double billed with two account numbers for the same service. Two hours of transfers later, I get a lady who tells me that this happens "ALL the time" and agrees to close the past due account and credit back the charges.
A week later, my DSL is disconnected. Of course, when they closed that one account, they disconnected the service as well. After another couple of hours on the phone, I finally got my DSL turned back on under (I hope) the right account number. Good times.
Your post outlines a possible means by which AT&T will stop bit-torrent traffic. It seems workable and realistic, and AT&T may very implement it (despite the obvious ramifications: e.g. if they block everything listed on PirateBay they will block many sanctioned/legal file transfers).
But the P2P community will fight back. It will become an arms race. For example:
-Trackers inject all kinds of bogus data into the trackers, crafted so that humans skip over it but automated crawlers choke on the massive amount of data (and RST packets!) they must deal with. For added fun, the bogus data includes IPs of legitimate company services, so AT&T will be interfering with, e.g. Blizzard downloads.
-ISPs adjust their software to differentiate "real torrents" from "fake torrents."
-Trackers begin accumulating lists of IP addresses and other signatures that detect the ISP bots, and feed them bogus data.
-ISPs use their control of IP blocks to fake requests from different IPs.
-P2P software starts ignoring RST packets, and uses a different (encrypted) protocol to open/close sessions.
-ISPs give up sending RST-floods, and instead drop all packets.
-Trackers implement algorithms that keep track of "user contribution" based on swarm participation (transmitting valid packets), and block/throttle clients with no "reputation." This makes it difficult for the ISPs bot to browse the torrent listing without actively participating in valid torrenting.
-ISPs switch to checking what IP addresses a person connects to, and simply stalls any connection (all traffic) that connects to a tracker site.
-Trackers switch entirely to TOR: they have no public IP address or domain name. All tracking requests go through TOR routing using the ".onion" pseudo-TLD.
And so on...
My point is this is a crazy arms race, and one should not enter that kind of battle until analyzing all the possible counter-attacks. And the difference here is that hackers will view this as a challenge, whereas AT&T will be spending literally millions of dollars implementing technologies that become invalidated over and over.
I'm not an encryption expert, but I have used my fair share of VPN gear and tunneling software.
Mathematician friends of mine tell me that most modern encryption methods put brute-force cracking well out of range of the most modern computing hardware - even distributed cracking is extremely difficult with a sufficiently large key size.
So if modern encryption techniques are so secure, what is to stop everyone from encrypting all their traffic?
Once that happens, how does AT&T propose to filter traffic it can not examine?
-ted
We run a medium sized network. We monitor our folks. We can also view their screen.
Something I've noticed happening a few times which I thought was interesting. I can see the screen & url that the person is looking at, and it has very questionable content.
I pull the URL from my logs and go to that page and it serves up an entirely different site.
Sort of like the webpage that has a breakout game that looks like you are working in Excel, escalation has many fronts. If you make it difficult for people to get the content one way, they find a different way. While we dis-allow e-mail for personal use while at work, and blocked webmail - people can now surf the Internet on their phones.
Why spend all this money on a war? Why not adjust the cost of a CD or DVD to be more in line with what the multitude will pay?
How is it a DVD costs $12.99
http://www.bestbuy.com/site/olspage.jsp?id=31042&skuId=3776596&type=product&ref=06&loc=01&ci_src=17588969&ci_sku=3776596
But the same CD costs $12.99?
http://www.bestbuy.com/site/olspage.jsp?id=124207&skuId=2830565&type=product&ref=06&loc=01&ci_src=17588969&ci_sku=2830565
Shouldn't the CD be cheaper? I know I'd go back to buying CD's if they price were $5.
Step 1: Create something.
Step 2: Sue AT&T when it's inevitably pirated.
Step 3: Profit!
My sci-fi novel, Ghost Thief, is now available from Amazon.com.
In a nutshell, a "man-in-the-middle" attack is no more to be feared than a "dictionary" attack on a password: the attack only works if the security is implemented poorly. In the same way that you wouldn't say, "They use a password? How useless --simply do a dictionary attack!", you would not say, "Encryption? Just do a man-in-the-middle attack!"For the same reason that they warn you when you change your password: "Your password is too short!" or "Your password is dictionary-guessable!" etc. Why would it bother doing that if dictionary attacks aren't possible?
You said:This is a common question about public key encryption. I'm going to quote my own post:
Hope that clarifies things for anyone who's still confused about WHY public key encryption works. The GP poster is correct.
404555974007725459910684486621289147856453481154 in hex is "You sank my Battleship?"
[GPG key in journal]
I have been saying for a while that our corporatist government and their partners in crime will not tolerate the freedom and openness on the internet much longer.
It's ability to bypass the propaganda and behavior control traditionally handled by TV news and (now corporate) newspapers; the ability for people to organize worldwide and share information and files in real time; obviously the IP debate - all of this is the antithesis of where government and corporations are pushing societies in every other aspect of our lives.
They want to turn the net into an interactive place much like a cross between early AOL and the home shopping network....They will snoop on everything you do, download, view, etc.
You've already seen the endless barrage of stuff in the media about "how dangerous the internet is" lurking with pedophiles and terrorists, viruses and those who want to steal your identity; when in reality none of those things are real threats if you take the most basic of precautions.
It may take a catalyzing event, like a virus that shuts down a financial network or turns off a power grid or plays a part in some "terrorist attack." They may even try to require that everything you do online is stamped with a virutal confirmable ID that you have to renew like a drivers license.
This is coming, make no mistake about it. The only hope we have to prevent it is to fight fiercely on both the corporate front (against non net neautrality, because if they can't legislate it directly, they'll do it in a defacto manner) and against laws like S1959 which criminalize thoughtcrime and dissent; make organizing a boycott and other such actions a crime and involve the internet.
So if modern encryption techniques are so secure, what is to stop everyone from encrypting all their traffic?
Once that happens, how does AT&T propose to filter traffic it can not examine?
Your ISP: the ultimate man in the middle. You want real security, hand deliver your public key to all your contacts after first encrypting *it*. With a one-time pad. Which you then proceed to burn. And eat the ashes.
Seeing as ATT is already filtering all the traffic for the NSA I don't see that it would be much harder to add this layer.
Welcome to the American Stasi.