Schneier on Security
A blog covering security and security technology.
« Improvements in Face Recognition |
| Lock-In »
February 11, 2008
How the MPAA Might Enforce Copyright on the Internet
Interesting speculation from Nicholas Weaver:
All that is necessary is that the MPAA or their contractor automatically spiders for torrents. When it finds torrents, it connects to each torrent with manipulated clients. The client would first transfer enough content to verify copyright, and then attempt to map the participants in the Torrent.
Now the MPAA has a "map" of the participants, a graph of all clients of a particular stream. Simply send this as an automated message to the ISP saying "This current graph is bad, block it". All the ISP has to do is put in a set of short lived (10 minute) router ACLs which block all pairs that cross its network, killing all traffic for that torrent on the ISP's network. By continuing to spider the Torrent, the MPAA can find new users as they are added and dropped, updating the map to the ISP in near-real-time.
Note that this requires no wiretapping, and nicely minimizes false positives.
Debate on idea here.
Posted on February 11, 2008 at 1:24 PM
• 37 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
How is the copyright check automated? Much pirated content will have been encoded or re-encoded to compress for distribution; you'd have to essentially play it back and try some sort of fuzzy match against a frame grab database. The database would have to be large, and avoiding false negatives could be work; supposing a free work uses the same free library footage as a non-free work?
The rest seems like it might work well. To be honest, the continued existence of open piracy is something of a surprise to me; I suspect the future lies in interconnected closed networks.
5 minute fix: distribute everything as encrypted ZIP files, give password in some obvious-to-humans way, like a ZIP comment that says something like: "teh pazwurd iz: aich ee el el oh". Or a text file that's part of the torrent. or a GIF that's part of the torrent with the password hand drawn in MS Paint. Any of these can be done in
Some concerns I have about such a system:
- What if somebody discovers how to trick the system into accepting block requests from somebody other than the copyright holder?
- What about governments insisting that its own lists of prohibited content be enforced, either in secret (national security, censorship of critical speech, etc.), or via court order (concerning the enforcement of civil lawsuits)? Once the ability to do so exists, the temptation to do so may be irresistible.
- I'd still be concerned about false positives, however rare: how do I get my torrents unblocked if the MPAA just happens to download the one section in my video that legally constitutes fair use?
PS - The preceding "anonymous" message was posted by me.
@John Ridley: You have to make sure the download is one zip file, not multiple zip fragments. And the actual files that make up the material are zipped again within the first zip. Now the entire first zip must be downloaded in order to extract the 2nd zip, and a partial download will not be un-zippable.
Now the "copyright check" system will have to download the lot before it can check, because a fragment won't help. The DMCA forces the complainer to have actually checked that their copyright is violated when the law is invoked, so theoretically a complain based on just file name without content checking is unlawful.
Wouldn't the MPAA would have a legal problem? Not all copyright infringing material available on torrent sites is owned by members of the MPAA. As soon as they download (and redistribute) copyrighted material that belongs to someone other than the MPAA they are as much an infringer as the people they attempt to block. Even if they only grabbed a small amount needed for the analysis, they have this problem.
The potential for abuse from such a system is mindboggling. No matter how much they would love to save money, I find it hard to believe that any major ISP would hand over so much control to a third party with a history of malevolence towards its own customers and a history of getting things badly wrong when fighting copyright infringement.
its sort of humorous as i read the article (and subsequent threads) because apparently, all of the sudden, bittorrent is the only way files are distributed.
files (copyrighted or not) pass across the network through "the path of least resistance". as soon as one method to pass data is effectively blocked, another technology / protocol / communication channel is created.
yes, it sounds like part of this could work for a while given the current method of distribution, but it does not sound like a great long term plan, just a decent short step measure from an mpaa perspective.
@Michael Ash: "I find it hard to believe that any major ISP would hand over so much control to a third party with a history of malevolence towards its own customers and a history of getting things badly wrong"
Surely an ISP with its own history of malevolence towards it subscribers would go for such a policy. If Comcast was willing to forge RST packets, surely they'd consider doing it for a small cut^H^H^Hpayment from the RIAA....
Sometimes it takes a week to pull down a solid archive. Who has that kinda time but college kids? Unless... the MPAA is using college interns to find copyright violations!
Wow. Automated denial of service bot. Just create a torrent that lies to the MPAA probe about who is on the torrent. Have the torrent cleaim that the victim's IP address is downloading "illegal" bits. Let the bot do the rest.
If the RIAA used the same system, could you get them to block each other?
I'm not sure why what you propose is necessary; my suggestion was just to keep them from AUTOMATING this process. If they can't automatically find the password to the archive, they can't verify the contents.
If you mean they might do it by filename, I assume they're not doing that or they wouldn't even have to go this far; you can just pull the torrent tracker and find the filenames of an unarchived torrent.
If you do want to hide the filenames, use RAR; it supports encrypting the directory information. It's a way better format anyway.
Its just another example of the arms race, MPAA vs some programmers, and thus some of their content's consumers.
Sure, with today's torrent technology, such an approach might even be feasible.
But, how about with tomorrow's revised torrent protocol, once this approach has been addressed as a security threat? Any bets on how long it would take to revise the torrent protocol?
This "nicely minimizes false positives" only if you assume that the check if the work is distributed without copyright holder's permissions is performed. This is a big assumption -- labels' track record suggest the exact opposite. Current practice is to do very fuzzy matching of file names only.
Like some of the "academic" solutions proposed to defeat spam, I have doubts that this system will work in the real world.
For a start, it requires ISPs to implement a new system which has a definite cost but is of no benefit to them or their customers. The MPAA will also need all ISPs to cooperate for it to work - thats *all* ISPs in the world. Good luck with that.
Another problem is, what about fair use? If the MPAA is given this power, history suggests they will use it to block even uses of their material that would be permitted under fair use. Technically that would be a "false positive".
On the flip side, such a scheme, if introduced, would probably hasten the decline of the dominance of US culture. Movies from other countries would benefit from the promotional value of being spread across the Internet, whereas US-made ones would miss out.
I'm afraid to say that even if such system were built, it would be much faster for the MPAA to just make a fast and vaguely accurate guess (lots of false positives) and send out the same email to the ISPs demanding that all traffic from all those IPs be shut down.
Also whats to stop MPAA denial of service email messages demanding that many false IPs be shut down. If enough fakes were sent, it could drive the ISPs out of business if they complied (say 80% of the Comcast IP space). So now we need either tightly couple all ISP's automated router config APIs to any content creator's scanning system who might wish to object or implement a digitally signed notification system.
Even if those steps were implemented, unless we discriminated against non-RIAA and MPAA members, you'd have to allow any content creator to do this. If we did allow this, how do we prove that creator X actually owns detected song/movie X? Can I release a personally owned short movie, get my open source content spider going and then send messages for any film, even if i don't really have the right to object?
What if i'm lying about the detection? Do ISPs now have the requirement to personally check every claimed torrent and validate the contractual ownership rights for any piece of content in addition to the identity of the blocking requester?
Sounds like a whole lot of work for the ISPs to act as unpaid investigators for the MPAA and RIAA and a bunch of tricky to secure IT systems that grant 3rd parties access to the ISPs most critical systems.
As a major ISP's former Network & Security Architect (DirectvBB/Telocity) , I would no longer be able to guarantee the reliability of the networks I was responsible for. Even If I was excused from blame for outages caused by this system, I'd sure want our ISP paid a LOT to try and manage the complexity and work involved in securing it.
All of us can probably think up nasty router command insertion attacks based any automated blocking system and I would want to be sure we weren't vulnerable. There is a reason most modern ISP non-emergency router programming is done during scheduled deployment windows, after a Q/A check and is deployed both by hand (accountability for the techs) and on a separate non-Internet connected network, It's more reliable and secure.
Tying these Key ISP systems into 3rd party's systems over the Internet, especially ones who's interests diverge so far from our own, seems to be just asking for trouble.
(Note: Human based validation and router configuration is not feasible for the same cost reasons the MPAA isn't doing it).
Also as said above, even if we went to the trouble to implement it it should be relatively easy to bypass it. Heck even a click-through agreement on the torrent holder's part saying that only non-MPAA/RIAA agents may access, would make the data gained in-admissible and unusable much less considering the countless technical ways to block content valid fingerprinting detection.
isn't this exactly what Bay TSP does now?
Hm... I unsubscribed from NNSquad a while ago, and won't subscribe for sake of a single posting now, so I'll resort to saying it here:
this method would just migrate more users toward invite-only, closed trackers. It wouldn't stop copyright-infringing BitTorrent traffic, it would only send it into more stealth.
Two words: Peer Guardian.
Oh this is funny.
If you can (and you can) get the IP of (say) google.com into that block list, and the world will be after the MPAAs blood.
Or better yet, the root servers, or ... or ...
This is such a dangerous game, that any ISP doing it would come under legal threats from it's own customers.
Believe it or not, just by round-robining a few choice online banks, auctions, search engines and websotes you could massively disrupt the internet. Banks in particular *rely* on online access, as their high-street and telephone systems cannot handle the load when internet banking goes down. (Ironically, they don't use 'bankers algo' on their resources :-) )
Isn't this granting the MPAA the right to determine what is or isn't copyright infringement, acting as judge and jury? Also, do we really believe that the MPAA will be honest in its attempts to protect copyright? If I'm not associated with the MPAA, will the MPAA be granted the right to determine when my copyright is broken and take action without my permission (and would that violate my right to private property)?
What if this system is opened up so that others, not just the MPAA, are able to use it to protect against copyright infringements? What assurances do we have that all of them will be honest and accurate? False takedown notices have already occurred with the DMCA, so why not with this system?
The courts should remain the entity that determines what is or is not a copyright violation and to impose injunctions. The courts are imperfect, but they're better than a system such as this.
Aside from the numerous arguments about this from a policy standpoint, this seems like it's something that would choke the routers. For a large torrent, with say 500 users on it, you now have 25,000 rules that a router has to run through. Multiply by say a hundred torrents stopped by this (very conservative), and you have 2.5 million pairs of IP addresses to block. This seems highly unrealistic.
Use 'ANts P2P' instead of Bittorrent.
This is vigilantism, plain and simple.
If one client of the torrent is using Tor then the Tor exit nodes' ISPs will be the ones doing the blocking and the client will just move to a new exit node.
As long as the timeout is short (10 minutes) then you could just hop around exit nodes, staying ahead of the IP block and re-using them once they are unblocked.
That's on the assumption that all the ISPs of the exit node operators honour the MPAA's request to block that IP address pair.
Not only is this infeasible to implement but it's also not difficult to circumvent.
Also, it would be easy to create little honeypot torrents and collectively make a list of RIAA/MPAA IP addresses, which will then be blacklisted by the clients.
Let them have some of there own poison, or actually, a lot of it, since their machines are outnumbered something like 1 to 1000.
Another option would be to force the ISPs to stop doing this, simply by DDoSing the system. Just have a lot of systems share the same fake files. The number of router rules would go up with the square of the number of nodes, so... good luck!
By the way, what a machine A is downloading not one by two or more files from machine B, only one of which is (allegedly) owned by a member of the MPAA. The router rule would probably block all traffic between the two IP addresses, including all non-infringing traffic. Wouldn't that cause any legal issues?
Beside the numerous remarks about the technical reasons why this system is plain stupid...
...why is there not outcry about the fact that a private body (MPAA) is able to tell another private body (ISPs) what to do with the service contracts they have with OTHER people. Without getting a court order or even contacting the police.
They just tell the ISPs to disconnect peoples network connections and that should be OK? And the ISPs do it, and that would be OK, too?
@ Valdis Kletnieks
The fact that some ISPs also hate their customers isn't necessarily significant. Try to beat up the bully's victim for him, and chances are you get to be the new victim. Just because they do it themselves doesn't mean they'll want to turn the operation over to some fruity Hollywood executives.
A quick comment that's actually an opinion. I actually like this idea. It's better than the "John Doe" IP address sweep that's presently being used.
Your post advocates a
(x) technical ( ) legislative ( ) market-based (x) vigilante
approach to fighting spam^H^H^H^Hcopyright infringement. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)
( ) Spammers can easily use it to harvest email addresses
(x) Mailing lists and other legitimate email uses would be affected
( ) No one will be able to find the guy or collect the money
(x) It is defenseless against brute force attacks
(x) It will stop spam for two weeks and then we'll be stuck with it
(x) Users of email will not put up with it
( ) Microsoft will not put up with it
( ) The police will not put up with it
(x) Requires too much cooperation from spammers
(x) Requires immediate total cooperation from everybody at once
( ) Many email users cannot afford to lose business or alienate potential employers
(x) Spammers don't care about invalid addresses in their lists
(x) Anyone could anonymously destroy anyone else's career or business
Specifically, your plan fails to account for
(x) Laws expressly prohibiting it
(x) Lack of centrally controlling authority for email
(x) Open relays in foreign countries
( ) Ease of searching tiny alphanumeric address space of all email addresses
(x) Jurisdictional problems
( ) Unpopularity of weird new taxes
( ) Public reluctance to accept weird new forms of money
( ) Huge existing software investment in SMTP
(x) Susceptibility of protocols other than SMTP to attack
( ) Willingness of users to install OS patches received by email
(x) Armies of worm riddled broadband-connected Windows boxes
(x) Eternal arms race involved in all filtering approaches
(x) Extreme profitability of spam
(x) Joe jobs and/or identity theft
(x) Technically illiterate politicians
( ) Extreme stupidity on the part of people who do business with spammers
(x) Dishonesty on the part of spammers themselves
(x) Bandwidth costs that are unaffected by client filtering
( ) Outlook
and the following philosophical objections may also apply:
(x) Ideas similar to yours are easy to come up with, yet none have ever
been shown practical
( ) Any scheme based on opt-out is unacceptable
( ) SMTP headers should not be the subject of legislation
(x) Blacklists suck
(x) Whitelists suck
(x) We should be able to talk about Viagra without being censored
(x) Countermeasures should not involve wire fraud or credit card fraud
(x) Countermeasures should not involve sabotage of public networks
(x) Countermeasures must work if phased in gradually
( ) Sending email should be free
(x) Why should we have to trust you and your servers?
( ) Incompatiblity with open source or open source licenses
( ) Feel-good measures do nothing to solve the problem
( ) Temporary/one-time email addresses are cumbersome
(x) I don't want the government reading my email
( ) Killing them that way is not slow and painful enough
Furthermore, this is what I think about you:
( ) Sorry dude, but I don't think it would work.
(x) This is a stupid idea, and you're a stupid person for suggesting it.
(x) Nice try, assh0le! I'm going to find out where you live and burn your
[Okay, so it's not precisely applicable, but close enough that I find it entertaining. Inspired by the post from Kerry Thompson at February 11, 2008 03:22 PM.
Isn't this granting the MPAA the right to determine what is or isn't copyright infringement, acting as judge and jury? Also, do we really believe that the MPAA will be honest in its attempts to protect copyright?
Considering that the MPAA itself has been involved (caught "red handed") in violating other people's copyrights it probably isn't the best entity to be deciding on copyright violations. Due to "unclean hands".
Some concerns I have about such a system:
- What if somebody discovers how to trick the system into accepting block requests from somebody other than the copyright holder?
The MPAA is typically not the copyright holder in the first place. The entity sending the block requests will probably not actually be the MPAA. Effectivly the block request sender is likely to be several steps removed from any actual copyright holder.
It would be kind of ironic if someone impersonating an MPAA approved person was actually a copyright holder...
I see the problem with a system like this as a combination of "impossible to tell what is and isn't real without immense work", and "false positives". A fully automated system is impossible, and the cost of viewing every different .torrent that might have a name that might be something copyrighted within the MPAA would be prohibitive.
While legal problems for ISPs "accidentally" blocking legal torrents are not likely, it has never been good for business to piss off (or on) one's customers.
Far more practical an answer is to simply make BitTorrent illegal. But as alcohol prohibition demonstrated, do that and something else will pop up to take its place.
Word of mouth has always been the best advertising, and a copy of a song or movie may very well be the best way to sell tickets and legitimate copies to people who really like it. Just don't expect the MPAA and RIAA to agree with that idea any time soon.
Yes it might mean that artists and musicians go back to being "starving artists" and public performers selling tickets; it might mean that hundred-million dollar blockbusters like "Waterworld" don't get made, but such is life. Times change. Those who cannot change with them will fail.
I'm sure the people who made a living selling software for the TRS-80 aren't happy with change either. The Buggy-Whip Maker's Union comes to mind, too.
Sadly, entrenched vested interests will do anything to protect their "way of life", even if that way of life has been made obsolete. My hope is that not too many people are crushed in Leviathan's death-throws.
This also sounds like a great tool to be taken advantage of by rival torrent groups (if there are any). Group A could tell an ISP that Group B's traffic is illegal and therefore must be shut down.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.