Monitoring P2P Networks

Interesting paper: "Challenges and Directions for Monitoring P2P File Sharing Networks or Why My Printer Received a DMCA Takedown Notice":

Abstract -- We reverse engineer copyright enforcement in the popular BitTorrent file sharing network and find that a common approach for identifying infringing users is not conclusive. We describe simple techniques for implicating arbitrary network endpoints in illegal content sharing and demonstrate the effectiveness of these techniques experimentally, attracting real DMCA complaints for nonsense devices, e.g., IP printers and a wireless access point. We then step back and evaluate the challenges and possible future directions for pervasive monitoring in P2P file sharing networks.

Webpage on the research.

Posted on August 22, 2008 at 12:08 PM • 21 Comments

Comments

clvrmnkyAugust 22, 2008 1:04 PM

Well, I know one way to get a takedown notice: run an anonymizer like Tor. If someone runs BitTorrent, and you happen to be the exit node, it's your IP and port that gets nabbed.

SethAugust 22, 2008 1:14 PM

But in that case, you're actually handling the traffic being complained about. What they did is more like claiming to be sharing a file whose name matches that of a popular song (though its contents are something different) and getting a takedown notice from the song's publisher.

BillyAugust 22, 2008 1:18 PM

In the case of tor, it wouldn't matter. You would not be liable so long as you weren't aware of it at the time. You are functioning as a common carrier/service provider. Running a TOR node actually helps you (If you allow people to exit through your node) because it brings plausible deniability to EVERYTHING you do online since there is NO WAY to prove you did it or a TOR user.

EricAugust 22, 2008 1:53 PM

@Billy,

Shouldn't you include an "IANAL" in your post? You're offering legal advice that looks problematic to me.

IANAL. Looking up "common carrier" on Wikipedia, though, I see this:

"A common carrier is a business that transports people, goods, or services and offers its services to the general public UNDER LICENSE OR AUTHORITY PROVIDED BY A REGULATORY BODY." [emphasis added]

Perhaps I'm wrong. Perhaps you an cite case law where "functioning as a common carrier" yet not being a common carrier, was worth much?

AlAugust 22, 2008 2:23 PM

Another thing you can do is run an open wireless network for your "plausible deniability" angle.

Does that work Bruce? ;-)

AlexAugust 22, 2008 2:29 PM

@ Bill, @ Al,

All depends on the jurisdiction you are in. In the Netherlands neither gives you plausible deniability: you are responsible for what runs through your system unless you can show who 'misused' it, simple as that.
That being said, the enforcement is not even near tackling this.

Bozidar SpirovskiAugust 22, 2008 2:39 PM

Ladies and Gentlemen commenters - you are embarking on a road not taken by RIAA. Their hunters are using a "shotgun principle" - even if it smells like an infringement (and computers don't smell) just send a cease and desist order. I used to be an administrator of a web server where a user published his own music, fully owning the copyright. Simply because the song was named "jazz no7", I got the cease and desist order, and it was jazz number with elements of ethnic music. They didn't even have the sense to play the freely downloadable song before listing it as infringement!

Spirovski Bozidar
http://www.shortinfosec.net

SaschaAugust 22, 2008 2:43 PM

@Alex
You're right. It actually does strongly depend on the jurisdiction.

In germany, we have a paragraph called "Störer Haftung" by which you can be made liable just because you offered a place (or system, carrier, etc) which might help other people commiting crimes.

Offering a tor proxy or a unprotected wlan falls into this law, so when somebody commits a crime using your proxy or wlan, you most likely will be responsible for that and will get charged

Fake51August 22, 2008 3:28 PM

@eric:
He's not offering legal advice - that's something lawyers do and they typically charge for it. He's just voicing his beliefs on the matter, just like people normally do on blogs, so he shouldn't include any disclaimers - on the contrary, anybody reading it should be intelligent enough to know that it's a comment on a blog and nothing. If you're too stupid to see that, you deserve what you get for taking something like this at face-value.

Just to underline that point, consider the following statement in court:
"But, your honor, I read on a blog somewhere that running Tor means you don't get into trouble for what other people do using your connection. You cannot possibly think of finding me guilty."

So please, stop asking others to include disclaimers, start educating the stupid.

Regards
Fake

bionzAugust 22, 2008 4:59 PM

In the case you run Freenet, does a DMCA notice would potentially mean that all Freenet users are potentially infringers too?

a boy named sueAugust 22, 2008 5:17 PM

"a common approach for identifying infringing users is not conclusive"

yeah, no kidding. since when does a shoot first, ask questions later strategy intend to be fair or accurate?

the vigilante style of justice carried out by angry corporate executives is because they are ok with a low conviction ratio

a) they have an itch to scratch -- it feels good to them to attack someone, even the innocent

b) intimidation and fear is their real hope because they know no other way to prop up their inefficient empires

SkippernAugust 22, 2008 5:56 PM

The waste number of false positives shows that the tests are too inconclusive, and the number of ways to produce even more false positives such as described in the article shows that the value of the evidence derived from it is close to non-existing.

I see two reactions from this if I was to be put in the spotlight from this kind of activity:
1) MPAA or other enforcing agencies to produce evidence of actual copyright infridgement. This includes identification of end user hardware
2) Counter-sue MPAA or other enforcing agencies for false accusations.

leaky electronic devices smell funnyAugust 22, 2008 11:40 PM

"there is NO WAY to prove you did it or a TOR user."

1. trojaned system
2. keylogger
3. acoustic monitoring
4. other video/audio bug
5. tempest van [eck]
6. the "friend" who is really an informer (old friend from school long ago suddenly come back from the blue to see you and is REALLY interested in being your friend again?), the cute woman who struck up a conversation with you out of the blue and now she's interwoven in your life
7. etc

there's always a way

ripAugust 23, 2008 8:24 AM

Its like drug testing, the screening tests are about 70 percent accurate so they say. you can get fired for failing a screening test, poppy seeds on a bagel will do it. Mythbusters did a show on it.
the money is in selling the inaccurate tests. the lawyers for Riaa are just making money, pay no attention to their bombast.

John David GaltAugust 23, 2008 6:57 PM

This sounds very much like the debate over red-light cameras. (Red-light cameras are controversial in the US because they must violate either the constitutional principle that you are innocent until proven guilty, or the standard principle that a driver is the only one responsible for his behavior. In states that have RLCs, police (or private RLC operators) send a ticket to the car owner; then the law either holds him responsible no matter who was driving, or requires him to report the identity of the driver.)

Both RLCs and file-sharing are types of cases where the only easy method of enforcing the law (maybe even the only practical method) requires these "end runs" around the presumption of innocence. My take on both is that that principle must be upheld at all costs, so both the traffic cops and MPAA/RIAA can go **** up a rope, at least until they find new enforcement methods consistent with the presumption of innocence.

Jared LesslAugust 24, 2008 10:41 AM

> In germany, we have a paragraph called "Störer Haftung" by which you can be made liable just because you offered a place (or system, carrier, etc) which might help other people commiting crimes.

How do the postal service, cab drivers, and auto rentals not get hit with this all the time then?

somebodyAugust 24, 2008 11:00 AM

You can write a trojan and "infect" your system, the trojan will open a port and wait for commands, and can do anything with your system. But before gaining access the "user" must identify himself by a password.

char* hash = "somerandomhash";

if (hash == hash_it(given_password))
{
// give access
}

Since nobody can pass the control, your system is secure, but nobody can prove that there is no "somebody" there who knows the password and did the bad thing.

Clive RobinsonAugust 25, 2008 4:46 AM

@ Jared Lessl,

"How do the postal service, cab drivers, and auto rentals not get hit with this all the time then?"

That is what the "common carrier" principle is about. In the case of communications and transportation companies it is a primary service they "offer to all without prejudice" that is considered to be "for the common good" not for illegal purposes. As this "service to all" principle entailes responsability to those you offer the service to in most countries this requires the service provider to be licenced by an appropriate authority to ensure they are competent to offer the service.

Where as a service provider you are allowed to "show prejudice" then your liability starts. As you are alowed to refuse to supply the service without accountability, therfore it is assumed that you will be able to recognise suspicious activity and decline to supply the service.

The other end of the scale is where you are "aiding and abetting" in that a "reasonable person" would know that what they where doing was assisting a crime (think money laundering, receiving stolen goods etc).

The problem is if you are accused then you will have to (if you are lucky) convince a jury of your peers that the service you where offering was primarily for the common good.

If you are unluky you will have to convice a biased ajudicator (judge/magistrate/sherif) who in turn is influenced by "the supposadly great and the good" (a public authority or Government Department) who "are supposed to take a disinterested view" (but frequently have political agenders), then in that case "may your god help you" because nobody else will...

openNodesAugust 25, 2008 7:31 AM

@Sascha and others...

I have a open node, because my flatmate can't use windows and can't log in when there is a password. There are about 4 open nodes that are clearly meant to be open in my area. Most cafes provide *open* (not just free) wireless nodes.

about 5 people regularly use my network and I really don't have a problem with it. I can't see that liability will be worse that being nice to the criminal neibour. If you can't know, you don't just assume all are breaking the law....

Has there been any legal cases of this in court? In Germany? in Austria?

@Clive Robinson
Is the common carrier something that is in Europe as well , legally I mean.

@rip
Getting science "facts" from Myth Busters is like getting legal advice from a blog.

dot tilde dotAugust 25, 2008 8:27 AM

@opennodes:

there has been the case of a granny running an open node who lost her case although she could prove to the court that she wasnt running p2p software herself.

i am not sure about whether you'd have to retain connection data of your open node under the new data retention legislation (vorratsdatenspeicherung).

ianal, tinla, yada yada, hooray.

.~.

Clive RobinsonAugust 26, 2008 1:36 AM

@ opennodes,

"Is the common carrier something that is in Europe as well , legally I mean"

The concept of "common carrier" and the legislation to enforce it is in the U.K. and although I cannot speak for all areas of Europe in the EEU/EEA it would appear to be so as well. This is due to the number of EU Directives attempting to get uniformaty of legislation in the TeleComms market.

Briefly ;) the EC/EU Directives get their "authority" through the EC/EU Treaty (of Rome/Lisbon/where ever it was last updated) simply refered to as "The Treaty". Due to the Status of "The Treaty" (ie it trumps National legislation) the "agreed text" of all Directives has to be brought into "Member State" national legislation to a timetable set out in the Directive. In the case of the U.K. this is usually by Statutory Instrument.

One of the first articles of "The Treaty" is about the liberalisation of the "Common Market" (see "The Treaty" text, which can be found via the EU web server "europa.eu").

One significant "Market Area" that has been seen by "The Council" and "The Parlment" of Europe as being in need of uniform legislation is electrical and electronic products and the services (telecommunications) they provide. This market segment was the one that is seen as having most national legaslitive impediments to the goal of "free trade" in the "Common Market".

To that end the RTTE Directive was approved back at the turn of the last century and the legislation had to be implemented in 2000. One interesting area within it was the "right to connect" "Telecommunications Terminal Equipment" which effectivly removed a significant impediment to the rapidly developing telecommunications market and in turn opened this previously Nationaly highly restricted and regulated market to international competition.

In the U.K. This was via the RT&TTE legislation (S.I. 2000:730) and two subsiquent amendments in 2003. The amendments clearly show how the U.K. Has put all of it's "Regulatory Authority" in this area into the hands of a semi independent organisation OfCom that effectivly makes it judge jury arbiter and police in this area. And the U.K. Gov has given OfCom unprecidented powers that are seen with envy by just about all other U.K. Gov organisations. However even with those powers they are seen to significantly fail in their statutory duties and this has given rise to Political problems for them. Obviously the "extrodinary powers" has given OfCom the ability to abuse their position as they see fit with little "let or hinderance" to remove the Political problems via extreamly questionable means...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..