Researcher maps out plan to target BitTorrent uploaders

[David Farber <dave () farber net>]

Begin forwarded message:

From: dewayne () warpspeed com (Dewayne Hendricks)
Date: February 18, 2008 6:26:40 PM EST
To: Dewayne-Net Technology List <xyzzy () warpspeed com>
Subject: [Dewayne-Net] Researcher maps out plan to target BitTorrent  
uploaders

[Note:  This item comes from friend Charles Brown.  DLH]

From: Charles Brown <cbrown () flyingcircuit com>
Date: February 18, 2008 3:11:35 PM PST
To: Dewayne Hendricks <dewayne () warpspeed com>
Subject: Researcher maps out plan to target BitTorrent uploaders

I would like to pose a rhetorical question.  Why can't the case be  
made, as is being done in the EU's Article 29 hearings, that the  
privacy of an individual's IP address is analogous to protections  
afforded by the 4th Amendment of the US Constitution?  There will be  
enough IP addresses for every individual alive once IPv6 rolls  
around.  It seems to me, this could be a double-edge sword if  
individuals have no privacy protection afforded by the Constitution in  
this regard.

Beyond BitTorrent and other P2P apps, it seems obvious that current  
practices have, and will continue to have, dangerous implications for  
privacy abuse.  Obviously, many P2P apps do not infringe copyright  
laws.  This whole approach of filing 'cease and desist orders' and  
then later determining what kind of P2P traffic is actually involved,  
is clearly abusive.  Is "shoot first and ask questions later" a right  
under the US legal system, or copyright law?

Google and their ilk claim they can store and watch anything you do  
online, at least in 18-month buckets.   That's why I have elected not  
to use any of their services, and why I think the advertising revenue  
model as the principal market driver lacks longevity.  Companies  
selling consumer information and advertising metrics don't make good  
bedfellows.  The inherent nature of their business model mitigates  
against the privacy granted in the 4th Amendment (my interpretation),  
whatever they might state in their privacy policy.  Will be people  
care once they understand what they are giving up?  Do they care about  
identify theft?  Yes, I believe so.

The proclivities of businesses like Google are toward dominance and  
monopoly,  a la Microsoft.  Or at least duopoly, because just like the  
telecom market, it's even supported in the US Congress.

It does seem that the stakes are much higher here than a Microsoft  
monopoly of OS and Office Suite software.

Charlie


Researcher maps out plan to target BitTorrent uploaders

Original Link: <http://arstechnica.com/news.ars/post/20080217-researcher-maps-out-plan-to-target-bittorrent-uploaders.html 
>

By Iljitsch van Beijnum | Published: February 17, 2008 - 09:50PM CT

On his Random Thoughts blog, security researcher Nicholas Weaver  
speculates about how ISPs, particularly AT&T, could aid the fight  
against copyright infringement. His proposal to map torrent  
participants to IP addresses and verify that those addresses are  
uploading copyrighted material will be controversial, even if it is  
workable.

Weaver's first observation is that "AT&T probably has a huge incentive  
to block pirated traffic" because, apparently, 5 percent of its users  
use 50 percent of the bandwidth. Weaver continues to observe that it's  
extremely easy to get a hold of pirated content on the Internet. Legal  
campaigns against BitTorrent search sites have resulted in some small  
successes, but sites like The Pirate Bay continue to taunt the  
copyright industry with the likes of a Valentine-inspired sharing is  
caring slogan.

Weaver's solution?

All that is necessary is that the MPAA or their contractor  
automatically spiders for torrents. When it finds torrents, it  
connects to each torrent with manipulated clients. The client would  
first transfer enough content to verify copyright, and then attempt to  
map the participants in the Torrent.

The MPAA can then use an automated mechanism to inform the ISPs in  
question, which can then block the IP address of the BitTorrent user  
for a short time. This would work much better than wide-scale deep  
packet inspection. As noted before, routers have a hard enough time  
just routing the packets.

So what about this torrent mapping approach? Can it work, and would it  
be an attractive move for the MPAA to make?

Basic operation shouldn't be a problem. The idea behind BitTorrent is  
that a large file, such as a Divx-encoded movie, is partitioned in  
256KB to 2MB parts. People download the parts they don't have yet, and  
at the same time upload the parts that they do have to others. Because  
everyone is both downloading and uploading at the same time, the total  
bandwidth of a BitTorrent "swarm" is huge, and the software is fairly  
good at making sure the uploading and downloading is tit for tat.

Traditionally, BitTorrent uses a "tracker," a central server that  
keeps track of everyone downloading a certain file. However, newer  
BitTorrent clients also use Dynamic Hash Tables, a mechanism that  
makes it possible to publish and find information (such as torrent  
participants) without a central server. In both cases a client  
application needs to find other machines to connect to, so it would be  
trivially easy for an organization like the MPAA to hook into that and  
siphon off the list of IP addresses of people participating in a  
torrent.

[snip]


-------------------------------------------
Archives: http://www.listbox.com/member/archive/247/=now
RSS Feed: http://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com