Slashdot Mirror
Tool To Allow ISPs To Scan Every File You Transmit
timdogg writes "Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."
This will cause huge latency issues and cost beaucoup bandwidth. ISPs would be shooting themselves in the foot if they did this with all traffic. OTOH, I could see laws requiring such tools for P2P traffic -- in fact that may well be inevitable, with the **AA's "ruling class" status these days.
Caveat Utilitor
This could have an upside....
ends with the MPAA and RIAA suing you for your mp3s and .mpgs.
Careful What You Wish For....
"The tool can 'check every file passing through an Internet provider's network -- every image, every movie, every document attached to an e-mail or found in a Web search -- to see if it matches a list of illegal images.' "
How exactly is this going to be accomplished? The equipment cost must be staggering and would consume allot of power. Way to conserve electricity, I thought we were trying to reduce the amount of power the Internet consumes. Does also this remove the common carrier status of ISP's?
I hope this never comes to fruition.
Wasn't that the Aussie spyware company attached to Sharman Networks/KaZaA?
Before it got raided, I mean?
I call shenanigans.
Can it decrypt SSL/SSH in real time?
extern warranty;
main()
{
(void)warranty;
}
So what happens when the malware guys decide to have their malware fire off images that are on this list of banned files/images?
Suppose that their 'smart' and have the image embeded in the malware (or otherwise obscured). the malware sits there for a while and infects as many systems as possible... then the SPAM event happens. With this crap... I mean "wonderful, keep-our-kids-safe" software kicks in and drags even more of the internet down, who's gonna pick up the tab?
I know... have the **AA morons... I mean overlord masters, sign an iron-clad agreement to pick up that tab and I'll gladly get infected. :|
Except... I don't really feel like being arrested for having been infected by perverted malware. :(
When those around you are loosing their heads while you are keeping yours, maybe you've misunderstood the situatiuation.
... what is going to prevent this proverbial snowball from building into a full-blown avalanche? I guess it has already become one to some extent... I can't recall a time in history when the WORLDS rights and privacy were as stripped and neglected as it is now, and then everyone suddenly got their right to privacy and freedom back. Despite its amazing capabilities, technology sure has put us into an interesting position when in the hands of people like "Brilliant Digital Entertainment" ... yeah, real brilliant. Crackheads.
Ok, on really simple protocols, like HTTP or FTP, maybe - but most, if not all, p2p traffic is safe, i think. This is of course because of the chunky nature of transmission - you can't really tell what part of the file went through your pipe just by looking at it, and since parts are sent at random, you cannot rebuild the file with your chunks without guiding information, be it a torrent file, a list of parts for emule, or whatever else there is. And you need the whole file to get your hash-check. That's one. Two: encryption totally kills the effort, as the ISP can in no way examine your file without interfering with your transfer, and SSL exists solely to protect you from this.
Even if my line of thinking is really misguided here, this would require lots and lots of processing power - i mean, on a routing line with a hundred users on one end, it's thousands of hash-checks to be made for every stupid rebuilt file - both processes of course painfully CPU-eating, unless you want false-positives, since you didn't bother to use a proper hashing algorithm.
All in all, this looks to me like a terrible waste of money.
"We are the music makers, and we are the dreamers of dreams [...]."
shhh.. don't tell the government..
Time to make a utility that puts a file into an encrypted 7Zip archive, with the password stored in some reversable encryption method (encrypt the password with all zeroes as a key 1 million to 2 million times), so it would take x CPU seconds on some hardware to decrypt it.
This would allow files to still go across the net without requiring passwords or keys, but prevent utilities like this from just passively obtaining traffic, just due to the CPU cycles involved.
Of course, just stuffing a password in the comments field works too, but with a decent text parser, it can be extracted.
Its just more of the same cat and mouse game. The real crooks will not be affected while Joe ISP User will lose his privacy even more.
According to the Wikipedia entry on Australian copyright law "[...]Brilliant Digital Entertainment in Australia were raided for copyright violations[...]" in 2004.
It looks like someone switched sides but taking a closer look they only seem to be in charge of the adware that came with Kazzaa, so I guess they were always evil.
Not only that, but it says that it works against movies.
The ISP downloads the entire 1-5GB file, hashes it, compares the hash, and then if it passes sends the file on to the user?
I think that would break almost every kind of application, and could easily be used to swamp the downstream of the ISP by making requests and then dropping the connection.
And then what about hash collisions, or programs that aren't web browsers?
If I have nothing to hide, don't search me
Comment removed based on user account deletion
They're claiming they'll man-in-the-middle p2p users to disable encryption. Major problems there.
They're using a hash for the images/movies. Alter the image tags, or change a pixel, you've beat it. The more they ignore diffs, the more false positives they'll get.
There's my five seconds of thought on the efficacy/ethics of this. If you manage to solve all those problems, come back and I'll give it another five seconds. See you in ten years.
But hey, once it's in place they can use it for the *AA! Which is really what this is about, more free handouts to obsolete business models.
This is fantastic, since the amount of money required by an ISP to implement this will sink them. This will filter all "idiot" ISPs, who think they are rulers of the internet.
is to have ISPs scan all downloading files to make sure they do not contain malware or viruses so we don't have so many botnet zombies around the web from idiots opening britneysex.exe
When will people say NO to their overzealous pious government types?
When is too much invasion of privacy?
http://www.torproject.org/
but it would determine whether a file is digitally identical to one on the child-porn list
So if this thing does perform a hash on a file, then changing one small part of it would completely alter the result. Presumably there's more to it than that - otherwise anyone wanting to post an image (that was on a list - there's nothing that limits this to kiddie porn) would make a near-identical copy and the whole detection system becomes worthless.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
Well I'll be damned! THATS why every time I try to listen to shoutcast my ISP (centurytel)
kicks me off. Maybe if I listened to a station they liked?
Google can't figure out how to organize photos, asking us to help TAG them ( especially searching for kitty porn!) We can hack any software, website, no security can stop committed people... so once again we'll inconvenience EVERYONE except the people who DO trade kitty porn.
So ngrep, in other words? It's not as though this is particularly new or exciting technology.
If so, I'm going to need tor or something! All day I've been looking for a cat to adopt.... am I sick? The security business preys on fear, and a false illusion of safety.... ridiculous...
Can it decrypt SSL/SSH in real time?
According to the article they use man-in-the-middle attacks. This is probably quite easy if the server is using self-signed certs.
The problem with all the hysteria around child pornography is that it's too easy to frame someone. A little research, five minutes alone with your computer, and an anonymous phone call are all someone needs to ruin your life and reputation.
Let me be perfectly clear: Even if you're completely innocent, this is a serious threat to you. If someone decides to frame you, you won't be able to prove your innocence, and it won't matter even if you can. That's unacceptable. Yes, child porn is bad, but a society where anyone can anonymously destroy anyone else is much, much worse.
so once again we'll inconvenience EVERYONE except the people who DO trade kitty porn.
"kitty porn"...won't anyone think of the cats?
This can be filed in the Really Dumb Idea bin. It would be so easy to make a server that always alters images/movies by a few random bits to defeat hash checks. However, if the RIAA would pay me M$10, then I'll gladly make them yet another copyright infraction detection scheme...
Excuse me, but please get off my Pennisetum Clandestinum, eh!
I'm categorizing this as "alarmist crap". Unless it's done clandestinely, there would be lawsuits, and as many have already stated in comments here, there's almost no chance that it could foil encrypted transfers, and there's a likelihood that it doesn't work at all. Not getting worried until I hear that it's actually being implemented.
There are fundamental problems with this.
First the police database would grow.
All people wanting to bypass this would have to do is append a few characters to a file, or compress it. They could easily make a single file into a million files with there techniques alone. They can modify the files them selves by slightly changing color values. That creates a million more files. Now comes the nasty part.
They've flooded the police database, now the original file is a billion files, a billion hashes. What is the probability of many accidental hash collisions with innocent files. Soon you will have problems sending all kinds of stuff.
Not to mention the exponential growth of hardware requirements on everyones part.
What we really need is a tool to collect and monitor elected official's e-mail and attachments, even if they are submitted from a non-government e-mail account.
How much would you bet that the MPAA and RIAA are going to try to get laws passed that require ISPs to install and use this software?
Fight Spammers!
Even faster, rar the movie. Or if its already rarred/zipped/whatever, split it into parts. If already in parts, group them in an outer archive. Whatever really. Unless they're going to try and decompress any archive containers, you don't have to re encode or edit frames of videos.
They actually use an army of low-wage Chinese and Indian workers to scan all that data. It's cost effective, but the side effect is that in a few years millions of Asians, who might otherwise have become normal, productive, law-abiding citizens of their respective countries, will instead have become deranged pedophiles.
...and take up a collection to pay the spammers to send a regular smattering of these files in their usual spam loads. ...and both overwhelm the filter and crush the ISP NAPs. ...and express our displeasure at the rapidly coming destruction of probable cause on the Internet.
Because we know that shortly after the 'authorities' can do this, they will be asking to investigate the intended recipients, on the premise that they have 'probable cause'.
I can't hardly tell the difference between the NY Attorney General and the RIAA any more. No, kiddie pr0n is not good and I condemn it. But we give up a lot when we give up the rights granted so long ago. Stick to the stings, guys, and try to avoid deliberately incriminating innocent people, ok?
Damn, what political party can I be a member of now... They all suck.
deleting the extra space after periods so i can stay relevant, yeah.
Why not snoop every phone call, open and scan every piece of snail mail, record every conversation?
Oh, because people realize that doing that would be contrary to our laws and ethics, but get some sort of paralysis every time somebody brings up child porn and the Internet?
Yeah... thought so. It's the same exact thing, but try convincing people of that.
FTA: ... This is done by changing the underlying protocol settings that establish how the sender and recipient exchange the file. This trickery, unknown to either the sender or recipient, would make it possible for CopyRouter to see the underlying files, calculate a hash value and compare the files to the list of illegal files.
Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file.
Now I read that like this: I want to download a driver that is compressed. The app however, asks the server for an uncompressed version of the file. I think that's impossible.
Scenario 2: I ask for an encrypted file from my online storage provider. This app can then send a request that I wanted to download it unencrypted. This is also impossible as it was uploaded encrypted in the first place.
This is done by changing the underlying protocol settings
What? Send it as plain text? What protocol settings?
Either the explanation FTA is shit or I'm missing something.
Don't be apathetic. Procrastinate!
Where Global Big Brother Watches YOU!
Ya know.. That is not as funny as it use to be..
Bringing liberty to the masses. - http://freetalklive.com/
this is the beginning of big brother. soon if this is allowed to happen everything will be approved (xkcd.com/129) content there will be no limit to censorship it will be worse than the Nazis. this must never be allowed to exist, i call upon the entire internet to find a way to counter this. we hacked the wii we can break this now nerds CHARGE.
this would pretty much eliminate /b/ on 4chan
Does this mean I can't read 4chan anymore?
I was never a big Tool fan anyway, although I don't quite understand why a band gets to tell an ISP what to do.
You know what? In a dozen years of actively surfing porn, I've never encountered kiddie porn in the wild. This great big threat to all mankind so severe that we all need to put woolly pullovers over all our electronic gear and filter all telecommunications is simply and plainly crap. It's a ruse.
There are some people who want to control everyone else. They want to control what you see, what you hear, and as much as is humanly possible, what you think. They want to monitor us all (but not themselves, of course) and make us all cookie-cutter little clones who all think the same harmless little thoughts and are all scared of their authority.
F * U * C * K them.
Anyone telling you this sort of "protection" is necessary is deluded or a liar. Either way, such people should be ignored or in extreme cases, put somewhere they cannot bring harm to others.
Seems to me that if a user attempts to download a file that happens to have the same hash as a "known bad" file, they could be in for a world of hurt unless the system does verification of some kind. And if the verification step is conducted manually rather than automatically -- in the interest of expediency, of course -- what do you bet the odds are that some law enforcement types aren't going to be bothered with niceties like actually checking that some file is indeed prohibited material?
Try mounting your own defense when you are systematically blocked from obtaining a copy of the file that you attempted to download in the first place. (Yes, surely our hypothetical user's attorney could find this file, even if they needed to use an ISP outside the country to do it. This assumes that Joe User has an attorney and can afford to mount a defense.)
A malicious actor could craft a file that will generate a hash collision with some known prohibited file, and if the sender/creator is suitably crafty and hides his tracks, such techniques could be easily used to grief our hypothetical user with virtually no chance of reprisal against the originator of the bogus file.
And just send them back and forth through any ISP that uses this. Would be funny to watch them try to figure it out.
And good luck trying to teach a jury about hash collisions.
"a tool they have designed that can scan every file that passes between an ISP and its customers."
Unless they do a man-in-the-middle attack, they can't view encrypted files.
Just run everything over an SSL session. If they even dare to decrypt my SSL session with my bank, they'd be in very serious trouble.
Comment removed based on user account deletion
Any politician who supports the use of such tools has lost my vote. Period.
Won't this just cause people to produce new child pornography that isn't getting filtered yet? C'mon guys. Which is more important, stopping guys from fapping to images of children or stopping the actual harm being inflicted upon the children? Christ almighty, I can't believe how there isn't an intelligence requirement to get power in this world.
What day is it? Could you please tell me?
Not really, I suppose it is a charged subject. If you have kids, it's really scary... Well child molesters or porn traders still have a LOT more rights than terror suspects.... Please vote Nov 4th!
Lots of speculation can be solved by spending a few minutes with the details at http://msnbcmedia.msn.com/i/msnbc/Sections/NEWS/PDFs/081016_copyrouter.pdf (the link in the article was subtle).
This is a deep packet PROCESSING application (not INSPECTION). Given a chance to change the requests in flight, one could remove compression and encryption. Yes it's evil to remove the encryption from the initial request (change to a NULL encryption method) and it can be expensive to remove compression but boy does it make this sort of detection easier.
As others have noted, changing the file even a bit causes a new hash. This tool will catch the lazy/stupid/naive bad guys trading child porn and the like.
According to the slideshow, the results themselves are modified. Any smart person, if looking for child porn or whatever content is being restricted, can simply configure their client to ignore the specific hash(es) for the replacement files.
From the article:
"Can software fool encryption schemes?
Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file."
This means that if you are requesting a legitimate file that SHOULD BE ENCRYPTED it may be transmitted in the clear. Oh my! Can you say law suit? Sure you can!
The race isn't always to the swift... but that's the way to bet!
All my FTP sites are currently encrypted.
Fuck them, fuck the aussies and fuck jew york.
Fuck spicago as well.
(racist comments I can't claim ownership of, but also can't remember what movie they came from)
--Toll_Free
This is not going to be very difficult to defeat. Sure, there's encryption, but even for the slightly-less-than-completely-paranoid types, the solution is not very difficult.
When you consider the problem the scanner has to solve, and the algorithm that will most likely be used (Google Boyer-Moore string matching for an intro...), the solution becomes almost trivial.
Software like this exists to satisfy the "due diligence" aspect of running a business. I'm still surprised that people take this seriously. I mean, how long has warez been around? Has any technical or legal measure ever prevented people from getting the bits they were looking for? It will make things difficult for the average user, and I'm not to keen on the spy-on-everyone, the-sky-is-falling-terrorists-are-everywhere mentality. But ultimately, it means very little for the astute user. The implications for changing society to accept constant surveillance are more worrisome, though.
The society for a thought-free internet welcomes you.
I'm no programmer, but wouldn't it be possible to make a program that randomly changes a few bits in a file every time it's up/downloaded? I know that wouldn't work for programs, (unless they were in a compressed archive, with an area of the file specifically set aside for "randomness" - another application entirely, but still doable?) but for a 2 hour video, a few pixels misplaced here or there wouldn't be a big deal?
Note --- this is a bit off the cuff, so I won't say I'm committed to this solution, but....that said:
You know -- the only way to stop this is to stop the insanity. If someone feels they have to catch child porn, then I move to make child porn legal in a free society.
Lets make the *acts* illegal, not pictures, or stories, or images, or cartoons, or thoughts of acts.
This is especially important as computer images become more realistic -- since at some point -- we'll be able to produce "child porn" (by some definition), but it will be entirely in someone's mind -- imaginary and nothing more than an imaginary creation -- yet there will no records of the model's background, nothing to prove their age -- because they would be computer constructs.
On the other hand -- suppose you just ban the material on "looks" -- who decides who looks too young to be with whom? If the images are not of real people, what is the crime? And how will the crime be "evaluated". In "real life" people's ages are hard enough to pin down -- with a bit (or alot) of makeup, real people can look much older or younger -- so how could anyone even begin to think they can come up with some 'fair' way to decide the ages of images of computer characters?
As for real child molesters -- or those who really sexually abuse children -- willful, convicted guilt: castration/ova-ectomy (besides any prison term).
That way -- people and think whatever they wanna think -- and we through the book on them on a real-world, physical violation.
I'm just thinking this child-porn thing is the fine-wedge that is going to be used to crap on every bit of privacy and right that could be left in this world.
-l
They government has been doing this the whole time.
Comment removed based on user account deletion
capital punishment doesn't stop other capital crimes, so why would your idea work?
This whole "stop child porn" crusade simply makes me sick. Not because I like child porn, I personally find the idea quite unpleasent, but because people who crusade against child porn are putting their own desire to express righteous indignation above the interest of the very kids they claim to be interested in protecting.
For instance it turns out that 99% or so of child molestation is committed by family/friends and trusted community members. When you pass really harsh punishments against child porn/molestation and demand these perverts be alienated rather than phrasing it as treatment parents/relatives become more reluctant to bring their sucpiscions to the authorities. If you think you might be helping nice uncle Joe get over his sickness you are going to be a lot more willing to credit the possibility that something isn't right than if you know that the mere suggestion (even if you are wrong) may keep him from ever holding a decent job again.
It gets even worse. We know that someone with sexual urges towards children is much more likely to act on them if he lacks a social support network, a good job, social respect etc.. Thus by yanking all these things away from people who look at child porn we may be increasing the chances they will actually molest someone.
Moreover, by criminalizing an activity you lower the barrier between that activity and more extreme behavior. For instance criminalizing marijuanna meant that pot smokers ended up coming into contact with harder core drug dealers and criminals who they would have never associated with if the law hadn't created this bridge. So by criminalizing the mere possesion (of course sale or creation) of child porn we may be making it easier for guys to make the transition from just looking to taking action (after all society is telling them what they are already doing is just as bad).
Do I know if any of these effects is significant? No, of course not. But the point is that neither do any of the people who are righteously demanding we enforce these tough laws. The people who really care about the kids are the ones demanding we collect data before we legislate. The ones calling for something to be done in outraged tones are selfishly putting their own emotional needs over the welfare of the children they claim to care about.
If you liked this thought maybe you would find my blog nice too:
OK, why are they being allowed to treat electronic content differently from sealed letters and packages? Do they steam open your letters and parcels to see if anything contentious is being sent? No, and I'll bet that's because it is unconstitutional... so why are they treating electronic delivery differently? There should be massive protests against this... no way should they be able to use the protecting you from child-porn line either... With snail mail, they have to get a warrant to intercept and open your mail and packages... the same should apply for electronic content...
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
TFA states that they claim to be able to scan inside encrypted files too - in real time! - which is downright bullshit!
This tool will not work against SSL connections, VPN- or SSH tunnels or just plain old encrypted P2P or TOR networks. Those protocols are designed to detect and defeat man-in-the-middle attacks like this would be. Even the NSA cannot break strong encryption in reasonable time, let alone real time (as far as we know anyway).
It can only - as AOLs equivalent tool does - work against plain text emails and similar, and as it is a hash scanner, altering a single bit in a banned image or its file name would fool it.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
Aren't both sides using the same argument here? "[Newsgroups|new tool] can be used for [child porn|privacy invasion], therefore it should be banned."
so when some big group of people agree on something that is already a group-think and any possibility that they got to this point by actually using their brains for thinking is excluded?
Makes for a great news media sound bite, but what they've done is implemented Idea #2 of the Six Dumbest Ideas in Computer Security. Still, as long as it drives up their public visibility and stock price, who cares whether it works or not.
"...Internet service providers could easily be seen by the public as "overreaching," making it harder to get public support for efforts of law enforcement. What's needed, said the group's executive director, Grier Weeks, is for cops to investigate the leads they already have..."
and
"The Department of Justice and all 50 attorneys general are sitting on a mountain of evidence leading straight to the doors of child pornography traffickers," Weeks said. "We could rescue hundreds of thousands of child sexual assault victims tomorrow in America, without raising any constitutional issues whatsoever. But government simply won't spend the money to protect these children. Instead of arrests by the Federal Bureau of Investigation, the child exploitation industry now faces Internet pop-ups from the Friendly Bus Investigators. That was always the fundamental difference between the Biden bill and the McCain bill. Biden wanted to fund cops to rescue children. McCain wanted to outsource the job."
This my friends is about the money! The U.S. Government and Brilliant Digital (ironic business name!) both know this won't work. Brilliant Digital see this as a market to exploit and make millions of dollars. The U.S. Government get a "cheap" way of "dealing" with child pornography and a perception from the general public as "something being done".
I'm sure the Government know about Brilliant Digital's dubious past but the percieved "benefits" are too good to miss.
It's a win-win for both parties!
I have children myself and I find developments like this horrifying.
Someone does not become a paedophile by looking at images on the internet, it's deeper and more complex then this - blocking content will not cure the problem or reduce related crimes in any way.
The last quoted paragraph sends chills down my spine and really makes me angry.
Children can be rescued if the funding is available but a company like Brilliant Digital will recieve the funding instead and the problem is never solved - people are made richer instead.
I really mean Think of the children
They'll search for it, they're pretty much guaranteed to turn up something questionable, and it's pretty much guaranteed than the police/company have already seen it, flagged it as illegal, and hashed it.
If questionable content really was impossible to find, why would they bother hashing it to look for duplicate copies? That they see any potential benefit says they plan to hinder the use significantly by stopping just well-known files.
It can't even work against encrypted bittorrent, which is pretty standard thanks to ISPs mucking with p2p users.
The Internet is basically a series of web browsers.
"It doesn't cost enough, and it makes too much sense."
Encrypt everything.
Why don't we just kill all the children. That way, we can be 100% sure that they aren't being abused.
/eh. Getting pretty sick of all the censorship that's getting pushed and passed under the flag of "protecting children"
Skiffy is Spiffy, but Ort is tort.
Imagine a net where we wouldn't know Saddam had no weapons of mass destruction.
Imagine a net where we wouldn't know the three WTC centre buildings were taken down by demolition.
Imagine a net where we wouldn't know of Israel's ethnic cleansing of palestine.
Imagine a net where we wouldn't know that the accusations made against Iran are bogus.
Imagine a net where we wouldn't know of the Coup in Venezuala sponsored by the CIA.
Imagine a net where we wouldn't know about Abu Ghraib.
Imagine a net where we wouldn't know about Extraordinary rendition, torture and murder of innocents.
Imagine a net where we wouldn't know about warrantless wiretapping and domestic spying.
Imagine a net where we wouldn't know about the USS Liberty.
Child pornography is NOT the focus of implementing these systems - it is putting into place the mechanisms that will allow some future government to clamp down on information of their crimes and those of their allies and take another small step towards the totalitarian state.
first of all files are long and not transferred as one piece, to do what they want to do your download wouldnt start until the ISP had recieved the entire file, say goodbye to streaming video, say hello to up to double download speed. Plus ISP cant possibly afford such massive, high-speed, buffering to even attempt it. You couldnt do it on disk cause it would sow it down even more, they would have to have rooms of 128GB ram servers that do nothing but hash files.
Also, this could very easily be circumvented. The unloader or P2P programs only have to introduce 1 bit of change and the hash would be differnt, this is why Youtube has to manually take down the same thing a bunch of times.
Sigh. My late great-uncle might disagree with you about that. He taught the subject for nearly 40 years at the Univ. of Minnesota. I think he was dean of the law school before he retired.
I will say that it is accurate to say that there is very little in the way of international law that developed out of the efforts of a parliamentary like body. Instead, virtually all of it is defined by treaty.
Back on topic. I'm not aware of any treaty that defines a common definition of the term "common carrier." Nor am I aware of any UN resolution to that effect. That pretty much covers the usual options, doesn't it? :)
... ISPs aren't currently responsible for what travels across their network. If they adopt this technology, won't they take one step closer to being held liable for the content passing through their networks?
Where are those six votes going to come from? Nobody in their right mind wants this.
No, actually they're assuming the hash ios sent in stream, and they're cashing only the hash itself, and comparing it to a list of known hashes.
Simple, and efficient. Unfortunately, there are about a bizillion ways to obfuscate the hash, including simply not sending it at all, packetizing the file into multiple smaller downloads with multiple hashes, encrypting the file on any level, changing a single pixel in the image, adding a random microsecong long gap of silence at the beginning or end of an MP3 or movie, and hundreds of other options, and none of this even requires a change in protocols used, which is probably the easiest way...
There is no contest in life for which the unprepared have the advantage.
I've been thinking about this. It's our fault, the IT community's, that this sort of thing can go on. We once had the argument that strong crypto was outlawed from export. But once that limitation was removed from the US it really became our fault that all these sniffable protocols are still out there.
My sarcasm detector didn't go off, so, to me, it seems that you are quite serious.
You are completely wrong, as both of them are part of the "protect the children" rhetoric/bullshit. They both co-sponsored this load of bullshit (KIDSPA). The fact that the next president of the US is going be so completely devoid of reason to support such a thing is scary.
This is what happens after more than a decade of conservative majority rule in a puritanical country. Republicans use the term "kiddie porn" the way they accuse Democrats of using "mother's health"; as an all-purpose phrase to get across any evil legislation they want.
I would have nothign to worry about. I would just copyright some random POS and send it through the internets, then send my attack dogs... i mean lawyers... claiming the ISP violated my copyrights by copying the file to look at it. Then I would claim they had to pay damages. Then if I won I would keep sending the same file over and over and sue again in multiples. I know you think this does not work, but if Blizzard can pull some sort of copyright BS with the maker of glider, which was the stupidest copy right rational ever, then anything is possible.
It's interesting to see you saying this, because it seems like every fifth post I see is someone saying the same type of thing... Wait, does that make complaints about "/. group-think" slashdot group-think?
*head explodes*
Resistance is futile. Your technological distinctiveness will be added to our own. You will become one with the morgue
Something they don't seem to mention... how many bits are their hashes, and how many files do they intend to look for? God knows there have to be tens of millions of kiddie porn images out there, and the numbers just get higher if they want to track music and movies too. Set that against the billions and billions of files sent over the internet. I hope they have a really long hash, or they just might get some unintentional collisions.
I don't reply to ACs
Heh, you're right "common carrier" does not seem to be explicitly defined by treaty (ie: it's more of a tradition than a rule) - found this on the WIPO site...
"63 The concept of a "common carrier," dating from 16th century English common law, captures private entities that perform public functions. Since at least the middle ages, most significant carriers of communications and commerce have been regulated as common carriers. Common carrier rules have resolved the disputed issues of duty to serve, nondiscrimination, and interconnection. Facilities such as railroads, telegraphs and telephone companies were obliged either by common law or by legislation to implement an equal "duty to serve" regime. The history of common carrier duties illuminates three reasons supporting the imposition (and the occasional elimination) of those requirements. Common carrier duties have been imposed variously upon theories of de facto and de jure monopoly, on the theory that the enterprise had become "essential," and upon theories that the enterprise was publicly concerned in a particular manner (See James B. Speta, A Common Carrier Approach to Internet Interconnection, 54 Fed. Comm. L.J. 225 (2002) (surveying the history of common carriers and arguing that the same reason justify a general interconnection obligation for Internet carriers)."
And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
Comment removed based on user account deletion
I think what they are saying is that since your ISP will run their software they will have the ultimate "man in the middle" attack.
You will request a file to be compressed and encrypted, your ISP will intercept that request and modify it to request the file in the clear and uncompressed. As they get the file they will have to compress and encrypt it before passing it on to you so that you will be none the wiser.
The race isn't always to the swift... but that's the way to bet!
You know what really bothers me the most? There's a lack of context.
I can send you off to www.mysite.com/mypage.html and plastered on there can be a blacklisted pic. I can advertize it as a funny pic, you don't know, you wont know until you see it. Now obviously a SITE like that wont stay up for long, but posted on a big site quick enough you can frame many many people who had no intent.
Additionally with sites like 4chan. I'm sure a lot of 16-17 year olds go through that site but they look like they could be 18+, you can't really tell, and there's no way to be sure. If one of the pics posted on there is blacklisted, bam that's a lot of people who though they were looking at an 18 year old and soon are pegged w/ this problem.
The real issue is INTENT, did the offended INTEND to see kiddie pron? 9/10 cases, probably not. The difference is, did you close the page? or save the pic? and no level of government bullshit shy of tapping your pc is going to come close to detecting that.
It's like buying shoes, and then later the police come to your door and arrest you for buying shoes that were stolen. You didn't buy them BECAUSE they were stolen... but the govm't isn't willing to make the distinction.
Actually it might download the first 100kb or something and check that hash for all we know. I doubt they download the full file.
09F911029D74E35BD84156C5635688C0
+2 Troll is Slashdot's way of saying groupthink is confused