Slashdot Mirror
New Tool Promises To Passively ldentify BitTorrent Files
QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.
And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?
Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
If I read the article correctly, what they're really doing is looking at the BitTorrent infohash, which is used when communicating with the tracker and other peers to identify the torrent. (The infohash uniquely identifies the torrent.) Having a different infohash for each peer would require significant BitTorrent reengineering, I would think.
However, it's defeated by encryption, cannot legally be used in the U.S. or Europe by ISPs, and relies on a blacklist of illicit torrents.
TFA confirms it, near the end of the second page. It also only currently works at 100 megabits/second.
I'm assuming this has no chance of defeating encrypted connections?
The article explicitly says it cannot recognize encrypted files as the method cannot identify them with a hash. Although, I doubt anyone could think of a good way to ID files in encrypted BitTorrent.
I thought my summary submitted this morning did a better job describing this but you should note that this has some key things to overcome before it can be used:
They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.
My work here is dung.
The short story: There's more to being a common carrier than lack of liability, and ISPs don't want it. ISPs have liability protections under USC 17512 which are very strong and thus under heavy lobbying attack, but they are *not* repsponsible for content today. Read it yourself, it's surprisingly clear.
Live today, because you never know what tomorrow brings
New York State Penal Law:
250.05 Eavesdropping.
A person is guilty of eavesdropping when he unlawfully engages in wiretapping, mechanical overhearing of a conversation, or intercepting or accessing of an electronic communication.
Eavesdropping is a class E felony.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
Usenet probably counts as a cache under section 512(b) of the DMCA; as long as ISPs process takedown notices correctly they have no liability. Also see ALS Scan v. Remarq. IANAL.
This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).
This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.
The only notable thing about this article is that it points out how clueless tech journalists really are.
You think I don't understand this?
If you read the content of USC 17512 yourself, you will see that it addresses exactly the same kind of protections that I stated, and that if they do alter or supply the content, they lose the protection of the law. While this does not directly pertain to actual, "official" common carrier status, this is still often referred to as the "common carrier defense", since the principal is exactly the same. Why did YOU not know that?
In any case, since that is out of the way: what are these other reasons that you assert are the cause of ISPs not wanting to be common carriers? That is more to the point.
"Another drawback is that the system cannot cope with encrypted files."
Even the article mentions that anyone doing something they want to hide is more likely to check the "encrypted only" checkbox. I work on NetSpective WebFilter, which has been passively identifying encrypted protocols that try to hide themselves like encrypted BitTorrent (both standard and Azureus), Skype, and UltraSurf for years. It also lets you choose to block any of these protocols you don't want on your network.
"If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved."
Maintaining a list of hashes is not a new idea, as they seem to claim. It was abandoned because the list is insanely painful to manage, and it is insanely easy to get around. These guys aren't even trying to provide a list, which might be worth something (until the hackers put in the time to work around it). They're just sniffing/logging the hashes, which is child's play and worth almost nothing.
I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.
The "safe harbor" provisions of the DMCA create a situation for ISPs that gives them common carrier status in all but name. So yes, people should stop saying "give up their common carrier status", and instead say "fail to meet the conditions of DMCA Safe Harbor".
If a job's not worth doing, it's not worth doing right.
They still have liability if they supply, alter, or control the content in any way. As long as the content is supplied by others, and remains unaltered and uncensored, then there is no liability.
Oh, yes, that is another important point. Censorship or moderation of a forum is de facto control of content, which generally means that the censor has legally assumed liability (or at least some of the liability) for that content.
For example, in a libel case involving an AOL online chatroom, both the poster of the alleged libel and AOL were named as defendants. AOL tried to wiggle out of the suit by claiming immunity via the "common carrier defense", but the judge did not allow that because they moderated the chatroom, which means they actively controlled the content.
If you read the article, you know the answer to these questions.
They plan to sniff for the hash, of course, and compare it to a list of hashes for "forbidden files".
It's not new technology - the same approach is used in China (according to the article).
And no, I don't think this is legal in the EU (not yet at least), and certainly not in the U.S., as it requires sniffing through everybody's stuff, regardless of what they're downloading.
From TFA
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
/ducks for reading TFA