AT&T Announces Plans to Filter Copyright Content

An anonymous reader writes "The LA Times reports that AT&T has announced plans to work with the Hollywood movie studios and major recording labels to implement new content filtering systems on their network. The plans raise many troubling legal issues including privacy concerns, false positive filtering, and liability for failure to filter."

Ouch.

[Short Circuit]

The plans raise many troubling legal issues including privacy concerns, false positive filtering, and liability for failure to filter

...and loss of common-carrier status.

No surprise here

[jpetts]

This is not surprising in the least. AT&T has a dishonourable history of sticking it to the consumer whenever anyone asks them to.

Most notable is the current lawsuit against them alleging collusion with the NSA in massive illegal domestic wiretapping [eff.org].

ISPs are not common carriers.

[Anonymous Coward]

ISPs are not common carriers. There is a difference between voice and data, according to (stupid) law.

piratebay blocked

[seven of five]

I wasn't looking for anything in particular, but when I put the url of piratebay in my browser a blocking service page came up. First time I saw anything like this. I get DSL in Chicago thru, I guess it's AT&T now...

This is all well and good if it's like a parental control thing but I'm a 50 year old paying customer and I'm not used to getting flipped off by my ISP. I suppose I should be looking over my shoulder.

Re:Ouch.

[loners]

The Safe Harbor provision of the DMCA.

AT&T is NOT AT&T, it is SBC.

[Futurepower(R)]

AT&T is not AT&T now, because the name was sold [att.com] to an abusive west coast telephone company named SBC.

My understanding is that everything else of value in the original AT&T was sold piece-by-piece, and SBC bought mostly just the name. My understanding is that the SBC trademark was worse than useless because the company is so abusive. So, the managers bought another name.

Apparently, for $16 Billion SBC got AT&T's VOIP [businessweek.com] customers, and the AT&T name.

AT&T's VOIP customers were Sheila and Gerald Funk, who have since moved to Elbonia. Wait... That last sentence my contain an error.

So, what we are seeing is SBC mismanagement under a new name. Soon just saying the name AT&T will cause people to become upset.

Communications Decency Act Section 230

[michaelmalak]

AT&T may not be a "Common Carrier" with respect to data, but it is (was) provided immunity by Section 230 of the Communications Decency Act [wikipedia.org]:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

In analyzing the availability of the immunity offered by this provision, courts generally apply a three-prong test. A defendant must satisfy each of the three prongs to gain the benefit of the immunity:

1. The defendant must be a "provider or user" of an "interactive computer service."
2. The cause of action asserted by the plaintiff must "treat" the defendant "as the publisher or speaker" of the harmful information at issue.
3. The information must be "provided by another information content provider," i.e., the defendant must not be the "information content provider" of the harmful information at issue.

Re:SSL For All My Friends!

[Aoreias]

SSL can't stop a man-in-the-middle attack without certificates signed by third party both participants trust. ISPs, by their very definition, are in the perfect place to perform a man-in-the-middle attack. What would be much more effective is symmetric encryption on files, with the encryption key stored in an attached CAPTCHA.

You don't have to make it impossible for ISPs to see what is being transferred, only make it so hard that it's no longer economically feasible for them to do so.

Re:SSL For All My Friends!

[ortholattice]

This is not correct. You can have your own private certificate server on the same server as Apache is on, and a man-in-the-middle attack will not work. The only problem is that it is a nuisance for the user to click through the "Accept this certificate" screen, but the user only has to do it once.

How do you think SSH works? There is no third-party certificate server, and man-in-the-middle certainly can't defeat it.

To install a private certificate server under Apache is trivial; see for example my post [slashdot.org]. (On Windows, it is a little more complex, as that post indicates.)

The purpose of the third-party certificate is to provide some degree of trust that you are going to the web site you think you are, so that you can have some confidence that you aren't submitting your credit card number to an imposter. If all you are interested in is encryption and the prevention of man-in-the-middle interception, SSL with a private certificate server will work fine. The encryption is accomplished via public key cryptography, which allows you to exchange the private key used for the encrypted session. A third party is not required for public key cryptography to work.

Re:Ouch.

[DragonWriter]

The safe harbor provision of the DMCA applicable to carriers (there are different provisions for hosts and caches) requires, in part, that, for its protection to be available, that the "transmission, routing, provision of connections, or storage" of material be carried out "without selection of the material by the service provider". (17 U.S.C. Sec. 512(a)(2))

I don't know if there is any case law yet on this, but at first blush it would seem that the more selectivity the carrier applies to what content is allowed and what is blocked, the less clear it is that they are within the protection of the safe harbor. And while it might seem paradoxical that the carrier could become more liable for copyright infringement for blocking some infringing materials, there is a good reason for this—it makes a carrier choose whether it wants copyright to be the responsibility of the users (and thus, it is "hands off"), or whether it wants to seek the potential rewards (in terms of favorable details with copyright holders to monitor and enforce) along with the potential costs (in terms of liability to those whose rights are violated despite the carrier's intervention) of taking a "hands on" policy.

Re:AT&T is NOT AT&T, it is SBC.

[Anonymous Coward]

The New AT&T: http://video.google.com/videoplay?docid=-200478575 9717366066 [google.com]

Re:Fairly easy to by-pass filtering

[Phil Karn]

And when they do, the end-points will start signing their key exchanges. Or they'll play the port-hopping game. Or they'll find any of dozens of other ways to obscure the fact that they're doing a Diffie-Hellman key exchange.

As for traffic filtering and shaping, the battle between ISP and user will end only when they agree on QoS markings and policies that are advantageous to both. This can happen.

Re:Ouch.

[sudog]

They already have. Encrypted data is just as easy to profile as unencrypted. They can just block that too. You'll have to waste bandwidth to create subliminal channels and by that point there will *be* no point. People have some pretty strange notions of what encryption can actually buy them. I think it's actually steganography that you are implying will somehow magically save you from AT&T filtering. But it won't.

Re:ISPs are not common carriers.

[Anonymous Coward]

The distinction was made before broadband back in the days of dial-up modems. Then ISP's purchased services from common carriers. The phone companies wanted ISP's designated common carriers so they could charge ISP's by the minute for access to the phone company's network literally killing off ISP's and giving the phone companies a monopoly on access to the Internet. The FCC disagreed and designated ISP's information services.