Slashdot Mirror
Virgin Media To Trial Filesharing Monitoring In UK
Shokaster writes "The Register reports that Virgin Media are to begin monitoring file sharing using a deep packet inspection system, CView, provided by Deltica, a BAE subsidiary. The trial will cover about 40% of customers, although those involved will not be informed. CView's deep packet inspection is the same technology that powered Phorm's advertising system. Initially Virgin Media's implementation will focus on music sharing and will inspect packets to determine whether the content is licensed or unlicensed, based on data provided by the record industry. Virgin Media emphasised that records will not be kept on individual customers and that data on the level of copyright infringement will be aggregated and anonymised."
Deep packet inspection? All sounds like a porn operation to me.
I have a friend who's an amateur musician and devices (his mobile phone) have started to deny him the ability to play his own music due to it being "unlicensed".
How the hell do these clowns expect to be able to figure out what's unauthorised copying?
Quick, everyone start sharing Barry Manilow songs.
obfuscated connection in 3..2...1
27th May 2010
Just 6 months after the announcement to monitor their network for illegal filesharers, Virgin Media has seen a dramatic decline in subscribers.
90% of their top tier customers (renting 20Mb/sec) have canceled their subscriptions
This figure is similar (82%) for their 10Mb/sec tier
Furthermore, the cost of the controversial detection methods (Deep Packet Inspection) has meant that the company has had to increase monthly subscription costs across all tiers by 10-20%
This has seen decline (albeit much smaller, at 47%) in their lowest tier of service
"Virgin Media executive director of broadband, Jon James, told ZDNet UK on Thursday that the trial will go live "within days". He added that the use of such traffic-monitoring technology was part of its distribution deal with media company Universal." http://news.zdnet.co.uk/security/0,1000000189,39906062,00.htm
Which is worse: All data being free, including data you don't personally like? Or regimes of data control?
If they thought DPI was expensive, wait until they try real-time decryption
Here's a bit of a dilemma, they crack down on filesharing, yet run a free usenet server for their customers with alt.binaries included with 5 days retention.
Will they issue a takedown to themselves?
I'm pretty sure that it has already started. Today, my torrents were so slow that I was considering checking to see if other people were having problems too.. I visit /. and lo and behold, I see this story. Could be a coincidence, but compared to more usual speeds? Hmm, makes me wonder.
I guess I'll fill in some space down here because slashdot will not likely let me post a subject-only comment, but seriously, what more needs to be said? I can't believe they are even saying that with a straight face. Governments barely have anyone or anything to answer two when they lie to people. Businesses like Virgin media most certainly do not. The only thing that their bullshit proves is that they are aware of what the public response will be and that they are afraid of it at some level.
Good. This will put the pressure on filesharers that's long been needed to finally encourage everyone to switch to encrypted protocols. :D
there BIG LACK of HD is killing off subscribers as well and this maybe to topper as people will give faster internet for FULL INTERNET.
Ok. They're monitoring their customers for illegal file sharing, even going so far as to identify whether or not the copied material has been licensed by the copyright holders. Does this not make them guilty of contributory infringement? They are providing the networks which allow users to infringe copyright. They know that infringement is taking place via their deep packets inspection, down to the level of individual acts of infringement. Then they are destroying data which can identify infringers, but they continue to provide them with networks service. How is this legal?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Everything.
This won't work, most modern bittorrent clients use encryption by default now anyway. Shame they don't just save the money and spend it on upgrading their infrastructure instead...
This is how the loudness war is killing music.
Judging by their behaviour they should probably rebrand themselves Whore Media.
That's all, no long post about rights,ethics and shitty ISP's. Terminating my line tomorrow, I am done with this stupid company.
I, for one, welcome our copyright-infringement-detecting overlords.
Suck it, pirates.
The project is solely designed to bolster the corporate/industry agenda. Their lack of intent to immediately prosecute show their intent is to datamine to build up their overall case.
Even if it was found that 95% of the traffic was legitimate they would hold up the 5% as proof of the devastating loss to their profits and will ask for more severe legislation and fiscal relief in tough economic times.
Until governments and real people understand the recording industry's practice of not paying the artists in a "normal" arrangement this will continue endlessly.
Really would any engineer just hired at YoyoDyne agree to a 5-10 year exclusive contract, the company immediately deduct all profits off his work to pay off his "advance," be willing to pay for all the publicists, agents, middlemen, nepotism in the exec's office, sycophants of their entourage, etc... Have their evaluation based on popularity polls given by radio/tv/internet which sometimes are skewed with payola.
What is the biggest of the 3 big "sinks" of copyrighted data in the internets - Pirated Binaries, p0rn, or music and associated videos?
We only hear 2 out of three industries most of the time never all three united before the Govenment.
I feel for Prince (whatever his name is now) as he is both artist and producer personally defending his copyrights but most of it is by nameless lawyers on behalf of their clients.
I'd take a few big names to give up a few hours to film some adverts just saying - when you DL my album I thank you, When you pay for that DL I will eventually get paid by the record company so I can pay all the people in the band and that support us in making music (soundstudio, roadies, catering, babysitting, mistress (ahem)...) I encourage you to pay for it and tell your friends to please pay for it else I can not produce more because Im a indentured to the music industry.
For the music industry I meh at their pathetic grasp for money, for the p0rn producers and "artists" I laugh because they can not even do the same thing and are being "driven out of business" will all their copyrighted stuff being the flotsam in the internets.
For torrents, encrypting them to block this sort of thing would appear to be straightforward. Just include the encryption key in the *.torrent file itself. Make it a nice long randomly generated key using lots of bits with whatever freely available encryption algorithm is thought to be the most secure.
What sort of CPU overhead is needed for this kind of encryption processing, though? Would it add up to anything significant on modern 1 GHZ+ multicore CPUs at the current data rates?
"Virgin Media emphasised that records will not be kept on individual customers and that data on the level of copyright infringement will be aggregated and anonymised."
For Now. Later? Who knows.
Remember to take a look at http://slashdot.org/journal/241542/Coolstuffonline-spam for some tips on how to get back at these particular spammers.
The inability to inspect cargo is the principle behind common carrier status. If they can inspect their traffic for copyright infringement then they can police their traffic for everything else.
Nazis did in Germany was legal. DO NOT BUY INTO THE LEGALITY ARGUMENT. If for some reason hell freezes over and Big Music proposes legal limits to the profits they can make out of the changing face of music distribution, then and only then would they begin to have an argument for their 'laws'. I'm not holding my breath.
Not only that, those packets they're "inspecting" could be for anything. If you back up your Mac (including your music collection) to MobileMe, does it flag your file transfers as unauthorized filesharing? What about if you access your files over a VPN? What if you email your favourite music to your Gmail account so you can listen to it from work or on vacation? What if you upload them to your phone to use as a ringtone?
He who lights his taper at mine, receives light without darkening me.
Most bittorrent clients nowadays support encryption though they allow unencrypted legacy connections by default. All anyone using such a client needs to do change two settings, one to force encryption for outgoing connections and the other to only accept encrypted incoming connections. As for overhead, nothing noticable even on this fairly old Athlon box underclocked to 800MHz via SpeedStep/PowerNOW.
The cynic in me thinks it will go this way: They make this announcement today. For the next few months, they do absolutely nothing. Then, they fabricate a bunch of data, and announce that they've determined that 99% of all P2P traffic is protected by copyright. Authorities cowtow, and those "three-strikes" laws get put in place (and enforced) everywhere.
It doesn't matter that the data was faked...they expressly stated that it would all be anonymised and not linked to any specific customer...so how can anyone prove it's been faked?
openssl speed aes-128-cbc aes-256-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 93137.34k 124663.87k 140590.61k 144921.90k 145808.33k
aes-256 cbc 60556.97k 91740.58k 103621.96k 107994.02k 108521.49k
Those benchmarks are on a 3 year old CPU (single core only). Hence encryption is not a limiting factor for end users - instead, network bandwidth is the limiting factor. I'd argue that encryption isn't a limiting factor for mass data surveillance either. In public anonymous networks without any sort of trust between users, encryption is not overly beneficial.
Some reasoning why:
1) You can rotate your taps between your customers so that they may only be monitored twice a year for a day at a time. You're still going to catch MANY people this way. And for the stated purpose of this system they're installing, they're apparently only after statistics (I doubt anyone is stupid enough to believe this though). For statistical (and scare tactic) purposes, taking small samples from different customers at different times is just as effective as maintaining a 24/7 tap on everyone's connection.
2) The eavesdropper can bulk purchase cheap dedicated ASIC chips that are optimised for decryption of encrypted file sharing traffic. End users have to put up with CPUs that are designed for other purposes and thus they have to spend more per encrypted byte than the eavesdroppers do per decrypted byte.
3) Imagine an eavesdropper that plants 1000's of fake monitoring peers onto the network. These peers would be indistinguishable to you from other legitimate anonymous peers on the other side of the world. These fake monitoring peers would behave exactly like any other legitimate peer would, except that they make a record of who is downloading files.
No matter what technical solution you use (such as encryption), at the end of the day you're still communicating and sharing with random anonymous people on the internet. You haven't established any sort of trust with them. Without trust, that other party in your communication could just as likely be a fake monitoring peer.
All public and private communications of all executives of companies in the UK valued at 500 million or more will be monitored for illegal, unethical, and undesired behaviour.
"If we had only known what certain Wall Street bankers had been up to the world could have avoided financial losses in the trillions. In a world of high speed communication and free flowing capital, the expectations of privacy have to be balanced against the interests of all stakeholders." said noted expert florescent_beige.
Equine Mammals Are Considerably Smaller
The way I see it, the problem with encryption is that it's generally computationally expensive and there are bandwidth overheads in performing strong worthwhile encryption. BUT, with the DMCA and other localised laws forbidding cracking of encryption, is strong encryption needed? Is it worth just encrypting things using a trivial dictionary or some such computationally trivial and zero bandwidth overhead system? That way if someone wants to look at the data, they'll need a warrant or else they'd be breaking the law. Is my thinking here valid?
a Man in the Middle can still proxy the key negotiation and access the plaintext.
But wouldn't this be illegal?
Let's leave aside P2P, in which you may or may not have the right to transfer particular copyright material (depending on the material, of course). If you protect your personal communications - in which copyright belongs to you - with a DRM scheme such as a non-trivial encryption, then decrypting it would be an unauthorized circumvention of that DRM. The mechanism used, whether brute-force or Man in the Middle, is merely a technical detail.
It would be an outrage if ISP conditions included signing over your copyright privileges over your own communications, or restricting your ability to use encryption on communication. It would have many repercussions for legally-privileged communications which are often encrypted today. For example, legally privileged communication includes: attorney-client dialog relevant to a trial or investigation; negotiation of proposed terms for a commercial contract; discussion of trade secrets among a group privy to such secrets; exchange of material related to an invention prior to filing a patent.
Legally-privileged communications are not confined to email with attachments. I occasionally have to send fairly large files (up to about 100MB) to my patent attorney; they are sent by ftp and are always encrypted using pre-arranged keys. There is a legal duty to maintain secrecy of an invention prior to filing a patent application. Having an unknown third party who is likely to read all of one's secret communications would grievously undermine this duty.
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
No, not at all. Encryption can be heavy on an Atom, but fine on most other CPUs.
At least 60-70% of torrent traffic is already encrypted, it's on in uTorrent by default, and if you change it to "Forced" and untick accepting legacy connections, it'll always use it. You probably won't notice any noticeable CPU usage; this is 2009, not 1999!
Torrent's obfuscation scheme uses the RC4 stream cipher, RSA-1024 key exchanges and uses the infohash of the .torrent to authenticate the key exchange, if I recall. It's there specifically to deter DPI. There are some possible issues: I don't know what the UDP transport uTP uses (if anything), and I don't know how this affects DHT (it probably doesn't, that's probably in the clear). Also, tracker communication can be by https: and this is probably the right way to do it, but with DHT enabled and people moving to UDP trackers or none at all, it's going the other way.
However, I don't think these boxes are as smart as Sandvine (because they handle much higher volumes). They look at the transfer payloads, and I don't think they look at the .torrent or tracker communications like Sandvine does.
Also, they only handle torrent, eDonkey (does this include KAD or not?) and Gnutella (I don't know if this includes G2). I note eMule's KAD traffic is also often encrypted now, and Gnutella (i.e. Bearshare, Limewire) is full of shit anyway.
Frankly it sounds as though they're being peddled out-of-date, easily-crashable equipment...
Cat and Mouse
Set your phasers on "funky"!
It's Detica not Deltica
Encrypt everything.
That's fine, except slashdot.org:80 doesn't think "jqncugir8o486" looks like a valid HTTP request. I've also had problems on other sites, and with torrenting linux ISOs, world of warcraft, streaming media, SMTP, IRC, instant messaging and many other applications.
I could of course force the other end to decrypt my stuff, but that involves controlling computers I don't own, which means if that's how we play I should expect others to take control of my computers. No. Bad. Very bad. (It's probably also illegal.)
We can only encrypt our communication when we're talking to people who want to decrypt what we send them. Given that this costs CPU cycles (electricity, money), we shouldn't expect profit-driven organizations to do this much; given how complex IT security is and how we want HTTPS to protect our slashdot password, we might come off as paranoid ("why are you making a big deal out of it? It's just another internet forum, why would anyone steal your account, and why do you care so much?"). That makes it a hard sell.
Saying "encrypt everything" is fine, and I think that's what we ought to be doing. But how do we get to there from here?
[RIAA/ISPs/gov doesn't care about the law]
Oh they do! They care about the law so badly they're willing to break it to enforce it, when said enforcement is aligned with their motives---either directly as profit profit, or as part of a strategic profit-enhancing terrorism campaign.
Yes, terrorism---they want you to feel terror (fear) that you might get caught and put through the courtroom meat grinder.
see www.detica.com/ for more info
If enough file sharers use encryption Virgin will report back that DPI is a waste of money. Then we can all move on to the anonymity problem.
To make encryption the norm ordinary people need to enable it.
Sadly the average joe will not even read about this and also tends to ignore things like bug fixes and security patches so the chances of them downloading an update to enable encryption is not high enough.
But maybe the makers of the most successful apps could release a patch that offers potentially improved download speeds (so average users will actually get the thing) and more importantly enables forced encryption, sets it to the default and gives lots of warnings if you disable it. (sneaky I know but hey desperate times). that way the user is as unlikeley to disable encryption as they were to enable it.
If they already do, my apologies. I've been out of the windows p2p world for a long time and transmission comes with encryption enabled by default with my operating system :)
Incidentally, I really hope virgin do publish statistics on the percentage encrypting their traffic!
So instead of trusting an ISP, you have to trust... an ISP?
If the VPN provider is lax and/or manages to dodge the laws and regulations you want to avoid, won't they also be great hosts for your spam/DoS endeavour? Won't the VPN provider be blocked at the sites where the spam/DoS hits? How will it affect latency and bandwidth? Can the internet sustain a substantial number of users doing weird triangular routing (increasing the packet path length)?
I'm not trying to say it's ironclad that VPN'ing won't work. But I think there are some questions one should answer before declaring this to be the long-(or just mid-)term solution for the future.
To trial? To trial?
What's wrong with "to try"?
God, what is happening to our language?
Fata viam invenient.
Don't you know that in the UK you must hand over your encryption keys to the government if asked or face prison?
That law passed long ago before this. So, if you encrypt your data stream, all they have to do is ask for your encryption keys really.
As the island of our knowledge grows, so does the shore of our ignorance.
The EU directive 2002/58/ec does not permit
content monitoring without prior consent.
The world of music copyright is evolving. Monopolies of collecting societies are under pressure. Songwriters complain about a lack of benefit, music users about non-transparent and high tariffs. Collecting societies are old-fashioned. Now is the time for online DIY copyright management. VillaMusicRights is a website in English, Spanish and Dutch, and plays a role as a facilitator in the contacts between songwriters and users of their music. This means you can upload your music and arrange your rights. The music will be stored in a database and users can download it. Downloads for home users are free, but business users have to pay a modest amount of money. Both songwriters and users have to register. Songwriters have to declare to own the rights to the music and users have to declare that they won’t use the music for other purposes than agreed. VillaMusicRights takes care of payments between songwriters and business users and receives a commission in remuneration of the cost of display, advice and transactions. A lot of music genres already are represented in the database, from rock to reggae and from blues to easy listening. Website: http://www.villamusicrights.com/