Slashdot Mirror

← Back to Stories (view on slashdot.org)

P2P Data Not Private, But It Could Be

Posted by timothy on from the don't-tell-eve dept.

Frequent correspondent Bennett Haselton writes with a forward-looking response to a recent ruling that peer-to-peer network participants have little privacy interest in files stored on their computer and that they have made available via P2P. Writes Bennett: "A court rules that law enforcement did not improperly 'search' defendants' computers by downloading files that the computers were sharing via P2P software. This seems like a reasonable ruling, but such cases may become rare if P2P software evolves to the point where all downloads are routed anonymously through other users' computers." Read on for the rest.

The police had used an automated P2P search tool to find evidence that child pornography was being shared from the defendants' computers, and then used that evidence to obtain probable cause warrants for searching their computers (where they subsequently found child porn being stored, and the defendants were charged accordingly). Last Friday, District Court Judge Christina Reiss ruled that the P2P search tool did not violate the defendants' 4th Amendment rights against unreasonable search, as they had argued.

I'm all for strong privacy rights and the right to exclude evidence at trial that was gathered improperly, but it's hard to see how the defendants thought they had a leg to stand on here. When you share a file on a P2P network where other users can download directly from your computer, by definition you are advertising that you have that file. Now, some of the time you might be sharing that file not out of the goodness of your heart, but because you're required to share the file in order to earn "credits" that you can use to continue your own downloads (BitTorrent requires sharing for this reason). But even then, you would still know that you were sharing the file (unless you really never realized how file sharing software works, but since it's actually called "file sharing software", that's kind of on you).

However, as I wrote in January, there's no reason why popular P2P programs couldn't re-route each download through a different user's connection, so that if you were downloading a file from another computer's IP address, you would never know if the file resided on that computer's hard drive. Obviously I'm not endorsing the use of such software by creeps like the ones who were arrested; I'm saying that regardless of how we feel about it, it's inevitable that proxified re-routed connections will become the de facto standard for P2P file sharing, if the following conditions remain true:

  • It remains legal to run the software at all. This seems like a reasonable assumption in a mostly-free country like the U.S., where although piracy is illegal, file-sharing programs like BitTorrent are still legal even if they are frequently used for piracy.

  • A user cannot be held liable for unknowingly forwarding data packets on behalf of someone else, even if the data packets comprise an illegal file (whether it's child pornography or a pirated movie).

  • Bandwidth continues to get faster and cheaper. Today, if you download a 100-megabyte file by routing your download through three other users' computers, it will usually be much slower and more inconvenient than if you'd downloaded the file directly. In a few years, you won't notice the difference.

  • If the police raid a suspect's house and seize their computer, if they see that the computer has an encrypted partition, the suspect can invoke their Fifth Amendment right to refuse to give the police the decryption password. You know how I feel about that, but the latest rulings on the question seem to affirm that you can refuse to decrypt your hard drive for law enforcement. So a good P2P client for "illicit" file trading would come with built-in support for an encrypted hard drive partition, where all saved files would be stored. (The software would probably come with a "kill switch" that you could use to instantly dismount your encrypted partition if you heard a knock on your door, and a five-minute inactivity timeout after which the drive would dismount automatically.)

In that previous article, I described a protocol in which any time a P2P user X (the "downloader") downloaded a file from another P2P user Y (the "sharer"), the connection would be routed through the computer of at least one "go-between" user Z (and possibly a chain of users Z1, Z2,... Zn). Each of the go-betweens simply downloads bytes from the next computer "up" the chain and sends those bytes on to the next computer "down" the chain, and none of the go-betweens know how far the chain extends in either direction. Because of the design of the protocol, from the point of view of any of the go-betweens, there is only a 40% chance that the computer they're downloading from, is the original "sharer." (See the January article for details on how this would be achieved.)

Now, does the analysis change if your adversary is the FBI looking for child pornographers, rather than the MPAA looking for movie pirates? Here are the variables that I think matter:

  • The standard of proof to punish you is higher. In a civil lawsuit, the MPAA would only have to prove their case against you by a "preponderance of the evidence" (i.e. greater than 50%); to obtain a criminal conviction, the court would have to prove your guilt "beyond a reasonable doubt." However in both cases, if all that the court knows is that the defendant's computer was identified as passing along bits and bytes of an illegal file, and the court understands that there's only a 40% chance that the computer owner actually possessed the illegal file, then this falls below the standard of proof in both cases. (Of course, this is contingent on no other evidence turning up to implicate you. If the police raid your house and find child pornography printouts lying around your desk, then so much for the "40% chance of guilt" figure.)

  • In a civil trial, the defendant can be called to the stand and made to answer questions (unlike a criminal trial, where the defendant can refuse to testify under the Fifth Amendment). So even if the MPAA's lawyer knew there was only a 40% chance that they had sued the right defendant, they could ask the defendant under oath, "Did you download this movie?" (Or they could sue 10 defendants at once, and argue, correctly, that on average about 4 of those defendants were probably guilty.) The defendant could invoke their Fifth Amendment rights and refuse to answer, however, in a civil trial, the court is free to consider this refusal to be evidence weighing in favor of the defendant's guilt. In theory, a defendant could simply say "No," and there would be no way to prove they were lying. In practice, the MPAA's lawyer might try to intimidate a defendant into confessing, telling them that the worst that can happen to them if they confess is just a monetary judgment, but if they lie under oath they could go to jail, etc.

  • The punishment for getting caught for possession of child pornography is much more severe. I'm not sure if this changes the analysis though. It's not a case of "a 40% chance of losing a lawsuit vs. a 40% chance of going to jail." If the court in both cases can never establish your guilt with a probability of more than 40%, then since that's not enough to get a criminal conviction or a civil judgment, you actually have a 0% chance of losing in either case, provided you don't make any other errors (leaving illegal printouts by your computer), and provided the court actually understands that the "evidence" only establishes about a 40% chance of your guilt.

  • The cost of being accused of possessing child pornography is much higher, even if you ultimately win in court. If the MPAA sues you for downloading a pirated movie (even if they know there's only a 40% chance they've got the right person), that would probably just increase your street cred among your friends. If you're a middle-aged computer nerd accused of downloading child pornography, not so much. Even if you're ultimately acquitted, your reputation will probably be ruined.

This last point suggests the only "attack" that I can think of that law enforcement could use successfully against this protocol. The police know in advance that if they arrest someone for transmitting an illegal file from their IP address, and if the defendant refuses to testify and the defendant's hard drive is encrypted, the state won't be able to get a conviction since there's only a 40% chance that the defendant was actually in possession of the file. However, if the defendant's life will be ruined by going to trial anyway, law enforcement could use this as a bludgeon to scare people away from even running the P2P protocol. Saying, in essence, "We're going to go out and do searches for illegal files to download, and we will file charges against any person whose IP address re-transmits an illegal file to us. Even though we know we won't be able to get a conviction, we'll ruin the lives of anyone we can identify in this way, so that's the risk that you're taking by installing this software, even if you yourself don't do anything illegal."

Whether this attack would be effective, depends on whether the courts would tolerate these kinds of "intimidation" prosecutions, where the law enforcement knows going in that they can never establish more than a 40% chance of the defendant's guilt (and hence no chance of conviction unless the defendant "cracks"), but they press charges anyway. I would call that an abuse of state power, and say that any prosecutor who knowingly pursues a losing case should be fired and compensation should be paid to the victim, but the courts might not see it that way, especially if the prosecutor finds a way to work the phrase "child porn" into every sentence.

59 comments

  1. Pretty nice long article by Anonymous Coward · · Score: 1

    We know you hate freedom and anonymity Bennet Assholeton. You are an expert in exactly 0 fields. Shut up and go away.

    1. Re:Pretty nice long article by Fwipp · · Score: 2

      I like to picture him as Benny Hasselhoff, David's slightly deranged uncle who keeps somehow finding out about and showing up at family holidays.

    2. Re:Pretty nice long article by Anonymous Coward · · Score: 1

      Yeah, that's right, let's compare copyright infrigement and school shootings, the differences are marginal. And if you look at it, there are much less victims of school shootings than of copyright infrigement.

    3. Re:Pretty nice long article by Impy+the+Impiuos+Imp · · Score: 1

      The Internet already transfers illegal stuff, and everyone, including ISP owners, knows it. Yet they are safe because it is not their responsibility to do packet inspection. Indeed, it may (and should) be illegal for spying reasons. So there is some safe harbor stuff going on already.

      People have the right, in the US anyway, to encrypt stuff as part of free speech. Outlawing a highly-protected thing like speech because it can be used illegally, which also squashes legal use, tends to fall on deaf ears at the Supreme Court.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    4. Re:Pretty nice long article by Anonymous Coward · · Score: 0

      either the software will become illegal to use, or running the software puts you at risk of prosecution if anything illegal happens because of it.

      Or the third option: performance suffers, most people decide to not bother with it, and the small number of places to reroute your traffic leaves the data vulnerable. Just like Tor, which isn't illegal, but has its own list of issues. In fact, why not just run your p2p program through Tor? No new software needed.

    5. Re:Pretty nice long article by lgw · · Score: 2

      If you're discussing privacy and P2P, and don't mention Freenet, you're doing it wrong. While Freenet suffers from the network effect (nothing there because people don't use it a vice versa), if privacy should become paramount, Freenet is there waiting. Everything encrypted everywhere, and extremely good assurance of anonymity on upload as long as you don't signal the importance of a given upload until it's done. It's probably the best platform going for leaking stuff the government would be unhappy about.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    6. Re:Pretty nice long article by Jane+Q.+Public · · Score: 1

      Not JUST Freenet.

      Probably of even more relevance are OneSwarm, and BitTorrent Sync, which both use the BitTorrent protocol and already route data anonymously. (Definitely for OneSwarm, and I am pretty sure BitTorrent Sync does too.)

      I could be wrong, but I thought Freenet used a different protocol.

    7. Re:Pretty nice long article by lgw · · Score: 1

      Freenet is it's own thing. It's a P2P system where everything is encrypted, and you provably have no knowledge of what your box is sharing, so it's a somewhat different P2P architecture.

      It's also had a decade of serious crypto review. Though, realistically, if you're just hiding from the MPAA some BT hack that "looks secure to me" is likely all you need, since it makes you no longer the low hanging fruit - but then so does a VPN to somewhere sane.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    8. Re:Pretty nice long article by Anonymous Coward · · Score: 0

      Never heard of one swarm. Thanks for the heads up...gonna look into it now.

      Hopefully it has more practical application and userbase than gnunet (which won't be hard, because being better than worthless doesn't take much)

      Freenet is cool and all, and has a surprising amount of decent p2p on it even for those of us who don't wanna touch kids, but it's slow as fuck unless you can give it about a TB of monthly bandwidth, not to mention the thing is written in fucking Java...that bastion of security and efficiency.

      Fuck bittorrent sync. Bittorrent inc is run by ass kissing douchebags. utorrent 2.2.1 for life bitches!!!

    9. Re:Pretty nice long article by Anonymous Coward · · Score: 0

      Three minutes on the forums confirms that ONESWARM IS DEAD and has been for at least a year.

      Freenet it is, then. Unless someone can make DC++ work over i2p, which would give us the ability to self police at the hub level.

    10. Re:Pretty nice long article by Pichu0102 · · Score: 1

      There's a nice program out there called Retroshare that is essentially DC++ with friend to friend encrypted connections, along with a slew of other features. Two people share their PGP public keys with each other, connect, and choose what files they want to share, and with who they want to share them. It's very nice, but not many people I know use it.

    11. Re:Pretty nice long article by Jane+Q.+Public · · Score: 1

      Freenet is it's own thing. It's a P2P system where everything is encrypted, and you provably have no knowledge of what your box is sharing, so it's a somewhat different P2P architecture.

      It's also had a decade of serious crypto review.

      OneSwarm is also completely encrypted. It uses the BitTorrent protocol, but it's nothing like BitTorrent downloading. Content is distributed, encrypted, throughout the network.

      According to the designers at University of Washington, it is not even theoretically possible to tell what network nodes are storing any given piece of data, much less which one(s) are sending it to you.

      While OneSwarm hasn't been around for quite a decade yet, it's still got some years under its belt and the creators have a good pedigree.

    12. Re:Pretty nice long article by lgw · · Score: 1

      Same idea as Freenet then. Has OneSwarm had at least some public review and papers on attacks published at conferences? What the creators say about crypto-anything doesn't signify, of course, but if the crypto-geeks have been beating on it then that's pretty cool.

      --
      Socialism: a lie told by totalitarians and believed by fools.
    13. Re:Pretty nice long article by Jane+Q.+Public · · Score: 1

      Well, the authors have published papers and given speeches at conferences. I don't know if anyone else has written about it.

      http://www.oneswarm.org/about.html

  2. Thx BFF timothy by Anonymous Coward · · Score: 0

    Read on for the rest.

    Thanks for the heads-up, timothy. All the years I've been here I just stopped at the summary.

    1. Re:Thx BFF timothy by Anonymous Coward · · Score: 0

      I didn't even get to the summary. I got to 'Bennett Haselwhatever' and came to the comments for the flamewar.

  3. Good luck with that... by Anonymous Coward · · Score: 0

    Here in the US, the courts have already decided that one's IP address is that person (thus convictions for CP possession even though there is none present, many RIAA/MPAA wins against defendants, etc.)

    Just an open Wi-Fi access point can get one arrested and thrown into a PMITA prison (and due to the crime, maximum security classification.)

    1. Re:Good luck with that... by fluffythedestroyer · · Score: 1

      unless it's different with ISP but a computer received that IP from the dhcp pool, so to the ISP's view, it belongs to the ISP and not the person since the ISP pays for the IP address and they "lend" that "service" to their customers. If the MPAA says anything different, then they need a cisco network course to be honest. What I just said is just simple logic and anyone with an ounce of knowledge in networks will probably say I'm at least right (or half right cause /. loves to argue lol).

    2. Re:Good luck with that... by bws111 · · Score: 2

      Show us the exact case(s) where someone has been convicted solely on the basis of IP address and no other evidence at all.

    3. Re:Good luck with that... by Anonymous Coward · · Score: 0

      Do the ISPs actually 'own' the IP addresses though? I think that changed at some point. If you got your IP address range prior to a certain date you might be able to claim you own it. However after a certain date there were rules and an organization to manage issuance of IP addresses ranges. The end user in the same way is temporarily in control of that IP address. In a sense they 'own' it no more or less than how your ISP owns your IP address.

    4. Re:Good luck with that... by znrt · · Score: 1

      the purpose of all this drama is to scare off the end user. with isps that's one totally different relationship, no crowd control involved whatsoever, just business.

    5. Re:Good luck with that... by bennetthaselton · · Score: 1

      You wouldn't need to get a conviction based on an IP address. All you'd need would be to get a warrant to arrest the computer owner and search their computer. At that point their life may as well be ruined anyway even prior to the conviction (as is probably the case with Jeffrey Feldman), and if they find incriminating evidence on your computer, you'll be convicted as well.

      The protocol I'm describing, would mitigate that, since law enforcement would lack probable cause to think that you *possessed* a file on your computer, simply because your computer had passed the bytes along.

    6. Re:Good luck with that... by devman · · Score: 1

      Which they wouldn't know until after they confiscate your gear and otherwise walk all over your life. No thanks.

  4. Utter and Complete Bullshit by MarkvW · · Score: 3, Interesting

    The 4th Amendment protects people, but it also has a place protection component. The Supreme Court has been explicit about this.

    If you enter into my home or place of business without a warrant (or exigent circumstances) and fiddle bits on my computer, then you are violating the Constitution.

    If you buy the Court's reasoning, then the feds could move data (stored by me on behalf of another) from one hard drive of mine to another without a warrant.

    1. Re:Utter and Complete Bullshit by Ravaldy · · Score: 1

      They don't need a warrant if the information is publicly available.

    2. Re:Utter and Complete Bullshit by theripper · · Score: 1

      The state doesn't need a warrant or exigent circumstances to enter your home or place of business if you invite them in, which is what you do when you offer files on p2p networks.

    3. Re:Utter and Complete Bullshit by Anonymous Coward · · Score: 0

      Ha! Last six words aren't needed there in their minds.

    4. Re:Utter and Complete Bullshit by bws111 · · Score: 1

      Actually, what the courts have been explicit about is the concept of reasonable expectation of privacy. Both of those bold words are important. If you have papers kept in a desk drawer in your house, then it is reasonable to expect those papers to be private. 4th amendment applies and a warrant is needed to get those papers. If, on the other hand, you keep those same papers in a desk drawer in your office, then you may not have a reasonable expectation that they are private because others (ie your employer) have legal access to that drawer. If the employer had legal access to the drawer and saw your papers, the police or court could ask him about those papers, and no warrent would be needed for that. In that case, the 4th amendment may not apply.

      If you want something to be treated as private, then it is entirely up to you to make it private. If you do something incredibly stupid like make the data available on the internet to anyone who asks, there is no way you can claim that the data is private. YOU are the one who exposed it. You may WISH it was private, but it isn't, and nobody is required to obey your wishes.

    5. Re:Utter and Complete Bullshit by Anonymous Coward · · Score: 0

      Yup, if you place a banner on your house that says:

      Get your weed here, great prices

      they do not need a warrant to read that sign. They can then use that sign as evidence to get a warrant.

      This sounds much like what they did in this case, they 'walked down streets' (ie perused P2P networks) looking for anyone advertising CP. They then used the advertisement of CP as evidence to get a warrant. Onion routing would make this sort of thing much more difficult.

    6. Re:Utter and Complete Bullshit by Anonymous Coward · · Score: 0

      If thats true then leaving your wireless network open also means your inviting people to use it and thus users of your network can't be charged with hacking. A user of a file sharing program may not have the intend to share his files. He/she may only want to obtain files from others (with or without permission is irrelevant because a user breaking one law is not sufficient to convict on another law, so the government can't excuse themselves from invading your privacy because you invaded that of another).

      This specific case doesn't really concern me. I'll accept the argument that if you share files on a typical P2P network today that you can be identified and there is no expectation of privacy from government snooping. What concerns me is when the government is permitted to exploit holes to gain unauthorized access to systems (freedom hosting is the perfect example). Freedom hosting is a really good example because not only did they commit a crime for which the government shouldn't be able to get a warrant (that is a warrant to exploit holes) they also performed mass surveillance by infecting peoples computers who accessed sites (not all of which were illegal) hosted by them and who had committed no crime. I'm sure every Tor user probably accessed a freedom hosted site at some point. The reason that warrants which authorize exploiting a system should be void are the facts that such access changes the system in unpredictable ways depending on the contents of the system. It's contaminating evidence and every “computer forensics” expert who thinks otherwise is unqualified (that's probably 99.99% to 100%). Of course there are other problems with computer forensics in that the unpredictable nature due to the number of variables involved ensure you can't know if a search for 'Kill a Mock' was actually performed or if what came before and after is just garbage. But the prosecutions going to argue and the computer forensics is going to back them up that this was to search for how to kill his best friend named Mock. In reality it may have been a search for “To Kill a Mockingbird” (which is the name of a famous book).

    7. Re:Utter and Complete Bullshit by theripper · · Score: 1

      If thats true then leaving your wireless network open also means your inviting people to use it and thus users of your network can't be charged with hacking.

      And you shouldn't be charged with hacking, just like you aren't charged with grand theft auto if you take an ulocked car that had keys in the ignition.

      A user of a file sharing program may not have the intend to share his files.

      That is not how peer to peer software works, for the most part. The onus is on the user to not share things they don't want to share, anything that's shared is shared to the whole world, government agents included.

      I agree with the content of your second paragraph.

    8. Re:Utter and Complete Bullshit by complete+loony · · Score: 1

      If I connect to a web server and request a html page, using the published HTTP standard, without any tricks to bypass user authentication. And the server obligingly gives me the content I asked for, have I invaded the privacy of the server? Have I trespassed?

      Of course not.

      How is using an established P2P standard to request content from your home PC any different?

      --
      09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
    9. Re:Utter and Complete Bullshit by Jane+Q.+Public · · Score: 1

      And you shouldn't be charged with hacking, just like you aren't charged with grand theft auto if you take an ulocked car that had keys in the ignition.

      You might be charged with hacking, but you wouldn't be convicted by an honest court. Federal law (in fact just about the only decent provision of the DMCA) gives safe harbor to those who "offer internet services" but are not themselves involved in the illegal activity in question.

      The law doesn't specify that only certain classes are protected, like corporations or ISPs. Everybody enjoys protection under this law. Otherwise, you wouldn't have hotspots in coffee shops. They'd all be too afraid of liability.

      Of course, if it weren't for certain other provisions of the DMCA, those explicit protections probably wouldn't be needed anyway...

      In any case, this is one of the reasons EFF highly recommends you keep open "guest networks" through your router. It's a public service, and you are not responsible for other people's crimes.

    10. Re:Utter and Complete Bullshit by Anonymous Coward · · Score: 0

      If you buy the Court's reasoning, then the feds could move data (stored by me on behalf of another) from one hard drive of mine to another without a warrant.

      Yes, IF you run a server which authorizes strangers to do that. Feds are people too (as loathe as I am to admit it) so it you let anonymous Chinese citizens do something, feds should be allowed to do the same thing.

      And that's how these CP people were caught: they didn't care who they traded with. When the feds yelled "anyone got some CP? I sure would love some CP!" they replied "Yes! Here's some CP for ya!" I just don't see how that could be a 4th amendment issue.

    11. Re:Utter and Complete Bullshit by Anonymous Coward · · Score: 0

      If I connect to a web server and request a html page, using the published HTTP standard, without any tricks to bypass user authentication. And the server obligingly gives me the content I asked for, have I invaded the privacy of the server? Have I trespassed?

      No. But that's not what the courts decided in that AT&T case...

    12. Re:Utter and Complete Bullshit by devman · · Score: 1

      The resulting investigation itself would be enough of a deterrent. Having your equipment seized for examination and possibly interrogated yourself is one hell of an inconvenience, not to mention paying a lawyer. Even if you do end up being let go, it will still cost you time and money, and lots of both.

  5. Already exists by stewsters · · Score: 1

    However, as I wrote in January, there's no reason why popular P2P programs couldn't re-route each download through a different user's connection, so that if you were downloading a file from another computer's IP address, you would never know if the file resided on that computer's hard drive.

    You could build a network if you have friends using retroshare. Or you could torrent over i2p like the cool kids. I think i responded similarly last time this guy posted.

    1. Re:Already exists by ultranova · · Score: 1

      Or you could just use Freenet. It's slow, but it's specifically designed for anonymous, censorship-resistant file sharing, and since every node stores file chunks, every node will help the network even if run by a sick weirdo who's only interested in discussing the philosophy of ethics on Frost.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

    2. Re:Already exists by Anonymous Coward · · Score: 0

      Another solicitor for Freenet. This is a major kiddie porn network. They are always looking for more disk space.

    3. Re:Already exists by ultranova · · Score: 2

      Another solicitor for Freenet. This is a major kiddie porn network. They are always looking for more disk space.

      We can take for given that any anonymous, censorship-resistant network will contain objectionable material of any imaginable kind. That is unavoidable; you cannot design a computer algorithm that protects good content from being censored by bad people yet lets good people censor bad content. Not even a fully sapient AI could do this, since it might simply disagree with you on what is or is not bad. So, you need to make a choice: either pedophiles are anonymous or no one is. You need to decide what is a bigger evil, sickos posting pictures of naked children or your government censoring something they don't like. It's one or the other, you can't get rid of both.

      Also, I appreciate the irony that you posted as an AC.

      --

      Forget magic. Any technology distinguishable from divine power is insufficiently advanced.

  6. Please. by TrumpetPower! · · Score: 1, Insightful

    Please stop giving air to this ignorant blowhard.

    Just stop.

    Now.

    KTHXBAI

    b&

    --
    All but God can prove this sentence true.
  7. Re:THESE ARE PAEDOS SO WHO GIVES A FUCK !! by Anonymous Coward · · Score: 0

    edonkey/Emule used to be the big thing before torrents came along and was kept for direct peer to peer transfers (including these nefarious ones) long after the music &movie hunters ran to other more popular transmission mediums.

    As to the original theme of the post. There is already something that does this sort of thing, Tor. Though from what I've heard it does a less than fantastic job with torrent style file sharing as it isn't exactly intended for that use. So I can understand the desire for an alternate method of transmission.

    Further to that if there is a new version of torrent/emule distribution that catches on "because it's the new & untraceable way to share" despite poor execution of the distribution of connections, then there are going to be a lot of unfortunate & unaware people caught up in the middle of any future prosecution mess. I for one can say "good luck with that" as there no way in hell that I am even going to consider running a program that re-routes other peoples packets if there is a chance of that sort of data passing through my link and leaving me potentially liable for their mis-deeds.

    I've seen some extremely dodgy file names when using emule which I've happily never been curious enough to attempt a download of. Then again I've found a LOT of neat stuff (predominantly software) on those networks that I couldn't find anywhere else. So this concept like any other has it's uses, both for good & bad.

  8. Apples and Bananas by s.petry · · Score: 1

    I'm really not sure why all this crap is being stung together. I can already establish a tunnel between my computer and another computer, so P2P networks can already be "secured" in a reasonable way for reasonable use. If the police tried to break into that line, it's called wire tapping. If they have no warrant, evidence gathered is mutable to not admissible (depending on jurisdiction and crimes).

    In the case of the pr0n operators, they were not just sharing files between sick friends. They were advertising these files to others on a P2P service to anyone that wanted them.

    Now I agree that IP/MAC spoofing, routing through insecure routers, etc.. is possible. That's not what happened here. I have no confidence at all that routing data alone would lead to a warrant, let alone an arrest. They found these guys by P2P services advertising, then tracked them down to arrest them. The nail in the proverbial legal coffin will be admission of their confiscated computers showing that they housed the files being shared. Without all of those things, it would be hard to get to trial. Prosecutors don't go to trial based on hunches or nothing (well, some do but..). They go to trial when they reach a certain level of confidence with a conviction.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Apples and Bananas by Burz · · Score: 1

      1) The 'who' and 'when' of the data exchanges is still being watched, and you might be surprised how much of that can be used as justification under the slippery legal concept of "probable cause". Yes, you may well be innocent anyway, but that doesn't prevent them from using the system over and over again to harass you.

      2) They've already established a trend of admitting evidence that would normally require a warrant.

      3) P2P carries more than just entertainment or files broadcast as available to everyone, and people should have a right to use it. I2P uses P2P modes of transmission to create connections that are private and secure. Does advertising to everyone that you have bandwidth to add to the network make the contents of your system open to investigation? Legalistic definitions of IT methods often go awry (...and usually against the public interest, I might add).

    2. Re:Apples and Bananas by s.petry · · Score: 1

      I get what you are stating, perhaps I didn't do a good enough job explaining why I have a problem with TFA. The presumption that you should be able to have publicly available data be private is a contradiction.

      It's kind of like claiming I want a public web site to be private access. The two things are both possible, but you don't get both at the same time (I realize this is a simple scenario, making it abstract does not change the point).

      P2P takes numerous forms. TFA covers an incident with only one of these scenarios, but claims that all should be technical feasible simultaneously.

      Where nobody bitches or gets prosecuted is a secure tunnel sharing mechanism (or SSH if you prefer). Them and a friend can have a closed link and can share all the pr0n they want, nobody should know. Hell, have a video link and a virtual circle jerk. Good for them.

      The next level would be similar, but covering more than 2 people. This would be like a VPN, or a closed auth HTTPS service requiring key exchanges, etc.. Again, nobody should know unless the owners decided to give keys to someone they didn't know. I think this is what TFA expects of all P2P, without doing the work. It can't be safe, obviously. If they are all on the big ole circle jerk video link, nobody would know unless someone gave away the key to the door.

      Lastly, we have what the TFA has concerned with. A public web site that everyone can see which showed the circle jerk to everyone that looked. The only difference here is that it was not browser based, but required a specific P2P client. Still, it had no controls. The cops saw them all whackin it and busted them. Shame on them for having a circle jerk in a public building with a wide open door! They had two other options that would not have gotten them busted, even though they were doing or dealing with illegal materials.

      --

      -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    3. Re:Apples and Bananas by Anonymous Coward · · Score: 0

      Major exception: Eliot Spitzer
      He went after everyone with impunity.

  9. Re:THESE ARE PAEDOS SO WHO GIVES A FUCK !! by mlts · · Score: 1

    We have encountered exactly this situation with TOR. TOR is quite cool to use, but there is a big difference between using it versus running an exit node.

    It would be the same with a P2P program. If a couple nodes are brutally made examples of with criminal/civil actions due to other people's stuff coming out, said program will end up completely disused.

  10. child porn in every sentence. by rewindustry · · Score: 1

    as you promised. admit i only scanned your article...

    i think i smell a wumpus.

  11. I2P (P2P re-routing) is already here by Burz · · Score: 3, Interesting

    But its used for a lot more than just bittorrent. Its a network anonymity layer (a bit like Tor) with the important difference that everyone re-routes traffic by default and so creates the expectation of bandwidth-sharing... Nodes which don't share bandwidth might experience problems getting their own traffic forwarded.

    So the task of routing packets is itself carved up among participating nodes in a decentralized P2P fashion. This has four really good side effects:

    1) One's own traffic gets mixed-in with a lot of other encrypted packets

    2) A much greater degree of decentralization than Tor making the network more resistant to attack

    3) Nodes are more likely to behave and cooperate, as many sorts of attacks will show up as leeching

    4) The flexibility to handle many different types of applications, even torrents, without staggering under the load.

    I'd say that what I2P lacks is a nice user interface; Its currently stuck in a clunky 2000-ish web interface. Most of us would love to see someone with UI design skill get involved.

    1. Re:I2P (P2P re-routing) is already here by Anonymous Coward · · Score: 0

      The fundamental flaw with the words "P2P" and "Torrent" are that they are linked to piracy and pedophillia, which has seemed to quell development in this area. In the long run, however, different approaches for implementing P2P types of technologies promises to solve a number of problems of centralized compute infrastructure:

      Taking advantages of these benefits will require new thinking about distributed databases and interfaces for riding on top of them

      1. Scalability -- Legitimate companies like Akamai are already looking at how they can scale their media distribution services using P2P protocols.

      2. Reduced Operational Costs -- A distributed database with a P2P communications layer underneath would allow the development of a Facebook like infrastructure without the giant data centers. If I am only sharing updates with a few hundred friends, why should I need to store my updates in a large centralized repository? This dramatic reduction in costs would reduce the business imperative to monetize the user.

      3. Private quantified self -- If I want to track my behaviour, health, and personal life, why not just share this information on my own devices and a few trusted friends. At the same time, I could also opt to participate in larger experiments with others by forwarding a subset of this information to the scientist conducting the experiment.

  12. Financing by Anonymous Coward · · Score: 0

    If you buy the Court's reasoning

    This probably happens a lot.

  13. Only 37 comments on this article by Anonymous Coward · · Score: 0

    Not surprising, TLDR.

  14. Re:THESE ARE PAEDOS SO WHO GIVES A FUCK !! by Anonymous Coward · · Score: 0

    Today it's the pedos. Tomorrow it might be anybody who shares something that casts the government in a light they don't care for.

    Welcome to the slippery slope, my useful idiot friend.

  15. Oh Christ. by korbulon · · Score: 1

    This guy again? He's like that over-friendly, know-it-all co-worker from your dad's office who would come to your parents' Christmas party and try to show off his worldliness (in spite of his role as a custodial engineer, just so you know) but in the end made you feel uncomfortable and socially awkward even though you were only six.

  16. GNUnet by SinaSa · · Score: 1

    Try out GNUnet, it's pretty much exactly the architecture the author describes.

    --
    --
    The last digit of pi is four.
  17. lol by Anonymous Coward · · Score: 0

    aren't you that retard that doesn't think anybody needs 4th amendment rights? Oh, unless it involves child pornography.

  18. Welcome to a decade ago by Anonymous Coward · · Score: 0

    I guess the author has never heard of Perfect Dark (and it's predecessors, Share and Winny), which already work in exactly this manner. With extra bouts of encryption and obfuscation to boot, as well as distributed search.