Slashdot Mirror
Virgin Media To Trial Filesharing Monitoring In UK
Shokaster writes "The Register reports that Virgin Media are to begin monitoring file sharing using a deep packet inspection system, CView, provided by Deltica, a BAE subsidiary. The trial will cover about 40% of customers, although those involved will not be informed. CView's deep packet inspection is the same technology that powered Phorm's advertising system. Initially Virgin Media's implementation will focus on music sharing and will inspect packets to determine whether the content is licensed or unlicensed, based on data provided by the record industry. Virgin Media emphasised that records will not be kept on individual customers and that data on the level of copyright infringement will be aggregated and anonymised."
Deep packet inspection? All sounds like a porn operation to me.
I have a friend who's an amateur musician and devices (his mobile phone) have started to deny him the ability to play his own music due to it being "unlicensed".
How the hell do these clowns expect to be able to figure out what's unauthorised copying?
Quick, everyone start sharing Barry Manilow songs.
27th May 2010
Just 6 months after the announcement to monitor their network for illegal filesharers, Virgin Media has seen a dramatic decline in subscribers.
90% of their top tier customers (renting 20Mb/sec) have canceled their subscriptions
This figure is similar (82%) for their 10Mb/sec tier
Furthermore, the cost of the controversial detection methods (Deep Packet Inspection) has meant that the company has had to increase monthly subscription costs across all tiers by 10-20%
This has seen decline (albeit much smaller, at 47%) in their lowest tier of service
"Virgin Media executive director of broadband, Jon James, told ZDNet UK on Thursday that the trial will go live "within days". He added that the use of such traffic-monitoring technology was part of its distribution deal with media company Universal." http://news.zdnet.co.uk/security/0,1000000189,39906062,00.htm
Which is worse: All data being free, including data you don't personally like? Or regimes of data control?
If they thought DPI was expensive, wait until they try real-time decryption
Here's a bit of a dilemma, they crack down on filesharing, yet run a free usenet server for their customers with alt.binaries included with 5 days retention.
Will they issue a takedown to themselves?
I guess I'll fill in some space down here because slashdot will not likely let me post a subject-only comment, but seriously, what more needs to be said? I can't believe they are even saying that with a straight face. Governments barely have anyone or anything to answer two when they lie to people. Businesses like Virgin media most certainly do not. The only thing that their bullshit proves is that they are aware of what the public response will be and that they are afraid of it at some level.
Ok. They're monitoring their customers for illegal file sharing, even going so far as to identify whether or not the copied material has been licensed by the copyright holders. Does this not make them guilty of contributory infringement? They are providing the networks which allow users to infringe copyright. They know that infringement is taking place via their deep packets inspection, down to the level of individual acts of infringement. Then they are destroying data which can identify infringers, but they continue to provide them with networks service. How is this legal?
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
Everything.
Judging by their behaviour they should probably rebrand themselves Whore Media.
"Virgin Media emphasised that records will not be kept on individual customers and that data on the level of copyright infringement will be aggregated and anonymised."
For Now. Later? Who knows.
openssl speed aes-128-cbc aes-256-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 93137.34k 124663.87k 140590.61k 144921.90k 145808.33k
aes-256 cbc 60556.97k 91740.58k 103621.96k 107994.02k 108521.49k
Those benchmarks are on a 3 year old CPU (single core only). Hence encryption is not a limiting factor for end users - instead, network bandwidth is the limiting factor. I'd argue that encryption isn't a limiting factor for mass data surveillance either. In public anonymous networks without any sort of trust between users, encryption is not overly beneficial.
Some reasoning why:
1) You can rotate your taps between your customers so that they may only be monitored twice a year for a day at a time. You're still going to catch MANY people this way. And for the stated purpose of this system they're installing, they're apparently only after statistics (I doubt anyone is stupid enough to believe this though). For statistical (and scare tactic) purposes, taking small samples from different customers at different times is just as effective as maintaining a 24/7 tap on everyone's connection.
2) The eavesdropper can bulk purchase cheap dedicated ASIC chips that are optimised for decryption of encrypted file sharing traffic. End users have to put up with CPUs that are designed for other purposes and thus they have to spend more per encrypted byte than the eavesdroppers do per decrypted byte.
3) Imagine an eavesdropper that plants 1000's of fake monitoring peers onto the network. These peers would be indistinguishable to you from other legitimate anonymous peers on the other side of the world. These fake monitoring peers would behave exactly like any other legitimate peer would, except that they make a record of who is downloading files.
No matter what technical solution you use (such as encryption), at the end of the day you're still communicating and sharing with random anonymous people on the internet. You haven't established any sort of trust with them. Without trust, that other party in your communication could just as likely be a fake monitoring peer.
All public and private communications of all executives of companies in the UK valued at 500 million or more will be monitored for illegal, unethical, and undesired behaviour.
"If we had only known what certain Wall Street bankers had been up to the world could have avoided financial losses in the trillions. In a world of high speed communication and free flowing capital, the expectations of privacy have to be balanced against the interests of all stakeholders." said noted expert florescent_beige.
Equine Mammals Are Considerably Smaller
You're assuming that the RIAA/MPAA/ISP's/governments care about the law -- they don't.
"The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants." ~Thomas Jefferson
If they can tell what files I'm sending over an encrypted VPN link, then they have some impressive technology indeed.
At the risk of being branded a tinfoil-hat wearing nutcase, my employer used to use CIPE for a VPN between two offices. At the time I started, CIPE had already been discredited as being fundamentally insecure but nobody really thought it was going to be intercepted unless you had pissed off a government somewhere.
Then we had a problem. SIP traffic of any description going over that VPN link didn't make it across. (Kind of important when your employer produces SIP software).
Everything else made it fine. And there wasn't a firewall on the traffic going over the VPN. But SIP? Nope, ethereal on both ends proved that what went in one end didn't make it out the other - and it wasn't random packet loss. Just one protocol. The only plausible explanation we could think of was that someone was intercepting and decrypting traffic in real time and filtering what they didn't like.
We stopped using CIPE shortly after that.
Most clients use encryption by default, but will accept plaintext incoming connections yes. It's fairly easy to configure your torrent client to only allow encrypted connections if you are feeling paranoid.
Deep packet inspection does not extend to joining swarms with a modified client. At least I'd hope not...
This is how the loudness war is killing music.
It is an evolutionary process. Browsers and http servers didn't all support HTTPS from the very beginning, but serious ones gradually accepted it as a critical part of the web infrastructure, and now you wouldn't dream to do ecommerce on HTTP.
The same is slowly happening for other applications where secrecy and data integrity increasingly get to be seen as essential. Pretty much all serious torrent clients already support encryption, but they haven't switched off "legacy" support in their default configurations yet. It will take for a "big country" (like France or the UK) to start seriously enforcing laws through DPI for plaintext-mode to be disabled by default. Then they will start doing the "mediasentry thing", impersonating peers etc etc, which is where webs of trust will come into play. Until someone will come up with a better business model for producing and distributing entertainment, making loads of bucks and showing the old cartels as irrelevant.
We predicted all this a decade ago, and it's happening exactly as we thought it would: centralized nets -> decentralized nets -> decentralized and encrypted nets -> decentralized, encrypted and trusted nets. Cat&mouse will continue. It will take another decade or so to get rid of this particularly evil sort of candlemakers we now call "the entertainment industry", because they wasted the current one on doomed strategies.
-- Let's go Viridian.