Slashdot Mirror
New Tool Promises To Passively ldentify BitTorrent Files
QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.
I'm assuming this has no chance of defeating encrypted connections?
Reviewing just the first hour of video games.
For the record, I have a rule in my iptables that specifically turns off the "evil bit" in any of outgoing packets. Thank God for Linux! =)
And my $200 24 port gigabit switch from Dell will do it. And that's a cheap piece of crap. For the 3 of you who don't already know, You specify one port on the switch to receive a copy of all traffic on the entire switch, a vlan or a specific port. Then you can hook etherial to that port and monitor all of the traffic without modifying the original. OOOOhhhh, magic eh?
Anyway, even after I RTFA, I still didn't see anything that this thing does that my cheap port and a P2 running etherial couldn't do.
Do not meddle in the affairs of sysadmins, for they are subtle, and quick to anger.
I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
More restrictions on content? More encryption.
Better cracking techniques? Better encryption.
Tyrannical government? Revolution.
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
If you make breathing illegal, only criminals with breath.
-Rick
"Most people in the U.S. wouldn't know they live in a tyrannical state if it walked up and grabbed their junk." - MyFirs
From the article:
Then the system looks at the files' hash, a unique identifying code used to coordinate the simultaneous download of hundreds of file fragments by different users. If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved.
I mean, you could easily scrape some torrent sites for hashes, but it seems like this system would be fairly easy to circumvent. All you'd have to do is come of with some system for changing the hash on a peer-specific basis.
So, you're telling me that, given a set of hashes corresponding to "Prohibited content" and access to all the packets moving across a network, you can detect prohibited content? Why, it's a miracle of science!
Seriously, this is news? It has been possible, with the complicity of the router or physical access to the wire, to unobtrusively and undetectably tap a network since forever. That isn't news. And being able to identifiy files whose hashes you have ahead of time? Also not news, especially since bittorrent uses hashes extensively itself, and was never designed for subtlety or concealment.
I realize that Technology Review lost interest in technology years ago, and now spends most of its time fellating venture capitalists; but this is pathetic.
They SHOULD. As long as they do not alter or supply content themselves.
The whole concept of common carrier was to account for services such as ISPs. Of course telephone systems were the first real examples, but the concept is still the same: a communications channel, where a service can carry those communications from point to point, without altering, supplying, or monitoring content.
I know of no logical reason why ISPs should not be "common carriers". They are ideal candidates to be. As long as they keep their fat fingers off the content.
And THEY should be in support of the concept, because if they cannot claim the "common carrier defense" (i.e., no responsibility for content), then they have some very heavy legal liability issues that common carriers do not have to deal with.
He probably read page 2 of the article,.
How would you start lobbying congress about making it reality? Common Carrier status in exchange for Net Neutrality.
When the phone companies switch to a fully IP based network like BT is doing over here in the UK, will they lose the common carrier status?
The difference between Telco & ISP is so thin these days already that i'm surprised the law has never been updated.
I'm not asking you specifically, just anyone who might know.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
So... they invented packet sniffing?
"In prison you just have to shut your eyes and take it. Here you have to shut your eyes and give it."
And if they did that, we could start having the tracker negotiate SSL keys for us. If they tried going after the tracker traffic, we could make that HTTPS. If they started faking the certs, we could move to OpenDNS or install a "trusted" torrent root cert. That is a battle they could not win.
Live today, because you never know what tomorrow brings
In theory, they could attack encryption with man-in-the-middle during the key exchange
In theory, isn't this (or shouldn't this) all be illegal under wiretapping laws anyway?
As a private citizen I don't have the right to start monitoring my neighbors phone calls (even if those calls are broadcast into my house without encryption) just because I suspect she is dealing drugs. What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
The short story: There's more to being a common carrier than lack of liability, and ISPs don't want it. ISPs have liability protections under USC 17512 which are very strong and thus under heavy lobbying attack, but they are *not* repsponsible for content today. Read it yourself, it's surprisingly clear.
Live today, because you never know what tomorrow brings
He probably read page 2 of the article,.
Ouch! Wow, do I feel like a retread.
Oh well. Allow me to turn this around and make it the website's fault instead of mine: who the hell decided that such a short article needed to be split into two pages? This isn't a print medium. Have they never heard of the scrollbar?
I'll go away now.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
New York State Penal Law:
250.05 Eavesdropping.
A person is guilty of eavesdropping when he unlawfully engages in wiretapping, mechanical overhearing of a conversation, or intercepting or accessing of an electronic communication.
Eavesdropping is a class E felony.
I want peace on earth and goodwill toward man.
We are the United States Government! We don't do that sort of thing.
That's a lot of "we could"s. How about just using the global OpenPGP WoT, and stopping the problem in its tracks?
Once you have a distributed authentication system (which is what lets you exchange keys safely), email is just one of the applications you can build on it. Sounds like you guys have another. Whatever. The more things it's used for (the more people who connect to the WoT) the better it works for everyone.
Quit building a redundant but also specialized infrastructure, and instead, join the original.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Usenet probably counts as a cache under section 512(b) of the DMCA; as long as ISPs process takedown notices correctly they have no liability. Also see ALS Scan v. Remarq. IANAL.
This doesn't identify someone downloading a file via bittorrent, it identifies someone downloading a *.bittorrent file (presumably via http).
This is a non-issue. If anyone actually starts using this, trackers will just start using shttp for their torrent files. They're small and (relatively) low traffic, so it would be a negligible performance issue.
The only notable thing about this article is that it points out how clueless tech journalists really are.
who the hell decided that such a short article needed to be split into two pages?
The guy who wants to get a lot of ad revenue by making you see more ads.
Someone should point out to that guy that he put the same ads on both pages.
"You cannot simultaneously prevent and prepare for war." -- Albert Einstein
The reason ISP's are not common carriers dates back to dial-up modem Internet. The Telco's wanted to charge ISP's by the minute just like they do long-distance carriers for access to their network. The FCC got involved in this and used AOL as a model. AOL had these huge caching servers so AOL customer's web page requests rarely went out onto the Internet; instead they were served from the caches. So the FCC ruled that ISP's were delivering content and were not themselves carriers.
The Telcos are now (with broadband) satisfied with the content provider status as it saves them a lot of headaches, fees and taxes on their own Internet services. Broadband is far closer to a carrier service than a content service, but I don't see thing changing.
You think I don't understand this?
If you read the content of USC 17512 yourself, you will see that it addresses exactly the same kind of protections that I stated, and that if they do alter or supply the content, they lose the protection of the law. While this does not directly pertain to actual, "official" common carrier status, this is still often referred to as the "common carrier defense", since the principal is exactly the same. Why did YOU not know that?
In any case, since that is out of the way: what are these other reasons that you assert are the cause of ISPs not wanting to be common carriers? That is more to the point.
"Another drawback is that the system cannot cope with encrypted files."
Even the article mentions that anyone doing something they want to hide is more likely to check the "encrypted only" checkbox. I work on NetSpective WebFilter, which has been passively identifying encrypted protocols that try to hide themselves like encrypted BitTorrent (both standard and Azureus), Skype, and UltraSurf for years. It also lets you choose to block any of these protocols you don't want on your network.
"If a hash matches any stored in a database of prohibited hashes, then the system will make a record of the transfer and store the network addresses involved."
Maintaining a list of hashes is not a new idea, as they seem to claim. It was abandoned because the list is insanely painful to manage, and it is insanely easy to get around. These guys aren't even trying to provide a list, which might be worth something (until the hackers put in the time to work around it). They're just sniffing/logging the hashes, which is child's play and worth almost nothing.
This is a very good point and part of what I was saying. I see no ACTUAL difference between what were once known as "common carriers" and ISPs, EXCEPT that they seem to want to provide content.
However, here in the U.S., the government (the FCC in particular) has historically been adamant about keeping carriers and content separate, largely because of the danger of monopolistic practices on the part of a corporation that was both the content carrier and the content provider. Another concern was that if carriers (which tend to be large and centric) controlled content as well, there would be too much control over services like news, for example. And I see no logical reason that policy should change, considering that the concerns are at least as valid today as back when the policy was first formulated, decades ago.
Usenet probably counts as a cache under section 512(b) of the DMCA; as long as ISPs process takedown notices correctly they have no liability.
alt.binaries.takedownnotices?
Can someone please explain to me how they plan to view the files of encrypted traffic without it being illegal?
...or, you know, just be plain illegal due to attempting to access people's personal files.
One would think that if they happen to decrypt anything with copyright protection that it would then violate the DCMA, as per various ridiculous recent rulings of the sort.
DNA -- National Dyslexic Association
I wish people would stop repeating this urban legend. ISPs do NOT have common carrier status. I wish they did, but they don't.
The "safe harbor" provisions of the DMCA create a situation for ISPs that gives them common carrier status in all but name. So yes, people should stop saying "give up their common carrier status", and instead say "fail to meet the conditions of DMCA Safe Harbor".
If a job's not worth doing, it's not worth doing right.
They still have liability if they supply, alter, or control the content in any way. As long as the content is supplied by others, and remains unaltered and uncensored, then there is no liability.
Oh, yes, that is another important point. Censorship or moderation of a forum is de facto control of content, which generally means that the censor has legally assumed liability (or at least some of the liability) for that content.
For example, in a libel case involving an AOL online chatroom, both the poster of the alleged libel and AOL were named as defendants. AOL tried to wiggle out of the suit by claiming immunity via the "common carrier defense", but the judge did not allow that because they moderated the chatroom, which means they actively controlled the content.
If you read the article, you know the answer to these questions.
They plan to sniff for the hash, of course, and compare it to a list of hashes for "forbidden files".
It's not new technology - the same approach is used in China (according to the article).
And no, I don't think this is legal in the EU (not yet at least), and certainly not in the U.S., as it requires sniffing through everybody's stuff, regardless of what they're downloading.
From TFA
Another drawback is that the system cannot cope with encrypted files. "Today, about 25 percent of BitTorrent traffic is encrypted," says Schulze. If such a tool became widely used, then anyone with something to hide would almost certainly switch to using encryption, he says.
/ducks for reading TFA