Slashdot Mirror

← Back to Stories (view on slashdot.org)

Tool To Allow ISPs To Scan Every File You Transmit

Posted by timothy on from the in-case-they-run-out-of-human-tools dept.

timdogg writes "Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."

13 of 370 comments (clear)

  1. Probably just for P2P by clang_jangle · · Score: 5, Informative
    FTFA:

    Here's how CopyRouter would work, according to the company's slide show: A law enforcement agency would make available a list of files known to contain child pornography. Such files are commonly discovered in law enforcement raids, in undercover operations and in Internet searches that start with certain keywords (such as "pre-teens hard core"). Police officers have looked at those files, making a judgment that the children are clearly under age and that the files are illegal in their jurisdiction, before adding them to the list. Each digital file has a unique digital signature, called a hash value, that can be recognized no matter what the file is named, and without having to open the file again. The company calls this list of hash values its Global File Registry.
    Whenever an Internet user searched the Web, attached a file to an e-mail or examined a menu of files using file-sharing software on a peer-to-peer network, the software would compare the hash values of those files against the file registry. It wouldn't be "reading" the content of the files -- it couldn't tell a love note from a recipe -- but it would determine whether a file is digitally identical to one on the child-porn list. If there were no match, the file would be provided to the user who requested it. But if there were a match, transmission of the file would be blocked. The users would instead receive another image or movie or document, containing only a warning screen.
    The makers of CopyRouter claim that it can even be used to defeat encryption and compression of files in the Internet's Wild West: the peer-to-peer file-sharing tools such as Gnutella and BitTorrent.

    This will cause huge latency issues and cost beaucoup bandwidth. ISPs would be shooting themselves in the foot if they did this with all traffic. OTOH, I could see laws requiring such tools for P2P traffic -- in fact that may well be inevitable, with the **AA's "ruling class" status these days.

    --
    Caveat Utilitor
    1. Re:Probably just for P2P by Hyppy · · Score: 5, Interesting

      Even better... What happens if you send traffic to a user with one of the "bad files" in it? They don't need to have a connection open in order for you to send a jpeg to them. Even if the user's computer simply drops the unknown data, the ISP will pick it up in their scan. If all the software does is scan the hash values of images transferred over common protocols, I seriously doubt that it goes and checks to see if the user actually REQUESTED it before crying foul.

      One step further: make a file that has the same hash value of a "bad" file. This is trivial, especially if the file doesn't need to be valid for any application. If all that is checked is a hash of the traffic, then the actual contents of the file are meaningless.

      So, this software will allow law enforcement to ruin your life (any implication crime involving sex and/or kids will do that, guilty or not), by simply seeing an unknown party send you a block of unintelligible data that happens to have the same hash as "pr0n." Great.

      Anyone up for making an automated hash-spoofing packet forger? I'm sure something similar has already been done. With the speed of current connections, one could probably get the entire human race indicted for child pornography in under a week.

    2. Re:Probably just for P2P by dat+cwazy+wabbit · · Score: 5, Insightful

      You would still lose the election.

    3. Re:Probably just for P2P by Pax681 · · Score: 5, Funny

      You would still lose the election.

      but would he lose his erection?

    4. Re:Probably just for P2P by DerekLyons · · Score: 5, Insightful

      The parent is an example of typical slashdot idiocy. ISPs aren't common carriers. Though my karama will end up a smoking crater for breaking with the established GroupThink, so I'm making this post anonymously.

      Yet, for all your noise and handwaving - you fail to establish that an ISP isn't a common carrier.

    5. Re:Probably just for P2P by Baton+Rogue · · Score: 5, Insightful

      I think he's referring to MD5 Collisions where you can make a completely different file that matches the same MD5 hash of another file.
      But if all they are doing is comparing hash files, couldn't you just as easily change the resolution of the file, or insert a couple different bits around to change the file slightly, which ends up with a completely different hash?

    6. Re:Probably just for P2P by svank · · Score: 5, Insightful

      But if all they are doing is comparing hash files, couldn't you just as easily change the resolution of the file, or insert a couple different bits around to change the file slightly, which ends up with a completely different hash?

      Yup. That, along with good encryption, means the bad guys get around this easily, while innocent bystanders are caught up by hash collisions.

    7. Re:Probably just for P2P by PopeRatzo · · Score: 5, Insightful

      but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file.

      That's not hostile, much. As is common in our corporatocracy, here's a company that starts from the assumption that their customers are their enemy. So now we're going to pay our ISPs to "fool" our computers. Some "customer service" huh?

      No thank you.

      How about this: We pay you, and you give us bandwidth and stay the fuck out of our business. If we're using too much bandwidth, then spell it out in our contract and charge us more, so we can choose to give our business to someone else.

      --
      You are welcome on my lawn.
    8. Re:Probably just for P2P by TapeCutter · · Score: 5, Informative

      "My ISP is AT&T. They're not a common carrier?

      The AC is correct in what he is saying about common carriers. Check out the registered company name of your ISP and I will wager that it is not AT&T but rather a subsiduary of AT&T (ie: a seperate company in the eyes of the law).

      This is how the telco's in Australia with common carrier status get around the rule against sniffing the line, eg: Australia's "Telstra" is not an ISP but "Telstra Big Pond" is an ISP. Since common carrier rules are international I dare say AT&T do exactly the same thing.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
  2. You know, it really makes me wonder... by genw3st · · Score: 5, Insightful

    ... what is going to prevent this proverbial snowball from building into a full-blown avalanche? I guess it has already become one to some extent... I can't recall a time in history when the WORLDS rights and privacy were as stripped and neglected as it is now, and then everyone suddenly got their right to privacy and freedom back. Despite its amazing capabilities, technology sure has put us into an interesting position when in the hands of people like "Brilliant Digital Entertainment" ... yeah, real brilliant. Crackheads.

  3. Evil by Anonymous Coward · · Score: 5, Informative

    According to the Wikipedia entry on Australian copyright law "[...]Brilliant Digital Entertainment in Australia were raided for copyright violations[...]" in 2004.
    It looks like someone switched sides but taking a closer look they only seem to be in charge of the adware that came with Kazzaa, so I guess they were always evil.

  4. Re:Huh? by fred+fleenblat · · Score: 5, Interesting

    TFA says they're going to use hash values. This will take a stateful packet inspection filter to catch, but the amount of state is only enough do the hash, and they can throw it away if it doesn't match anything on the blacklist.

    While hashing seems easy enough to get around, I think the real thing they're looking for is a repeated pattern of someone sending blacklisted images. If you send/receive thousands of images, there's a good chance that you'll screw up and maybe a dozen of them won't get resampled (or use some other trick) to change the hash value. you'll pop up on a screen someplace, they'll get a search warrant, and you are busted.

  5. Re:Won't work. by Anonymous Coward · · Score: 5, Interesting

    They claim they can scan Gnutella and BitTorrent.

    Gnutella I don't know, but BitTorrent, almost certainly.

    The common forms of BitTorrent encryption uses a "shared secret". The shared secret for BitTorrent is a 20-byte key known as the "infohash". This infohash is ALSO used as the unique hash to uniquely identify a given set of files. So its ALWAYS given to the tracker, and if the tracker isn't using SSL, that means its in the clear.

    Making the encryption in BitTorrent almost laughably insecure. It's good enough to block non-stateful packet filters. It's not good enough to prevent people from listening in.

    As for getting a file hash with BitTorrent, that's even easier.

    It does it for them.

    The ".torrent" file contains a list of hashes. They don't even need to look at the file contents.

    I dunno about other P2P systems, but BitTorrent is definitely not safe from this.