AT&T's Plan to Play Internet Cop 272
Ponca City, We Love You writes "Tim Wu has an interesting (and funny) article on Slate that says that AT&T's recent proposal to examine all the traffic it carries for potential violations of US intellectual property laws is not just bad but corporate seppuku bad. At present AT&T is shielded by a federal law they wrote themselves that provides they have no liability for 'Transitory Digital Network Communications' — content AT&T carries over the Internet. To maintain that immunity, AT&T must transmit data 'without selection of the material by the service provider' and 'without modification of its content' but if AT&T gets into the business of choosing what content travels over its network, it runs the serious risk of losing its all-important immunity. 'As the world's largest gatekeeper,' Wu writes, 'AT&T would immediately become the world's largest target for copyright infringement lawsuits.' ATT's new strategy 'exposes it to so much potential liability that adopting it would arguably violate AT&T's fiduciary duty to its shareholders,' concludes Wu."
Encryption... (Score:5, Insightful)
True, most traffic is not encrypted, but with encryption technology more accessible than ever I think that the whole effort will be a waste of resources.
I can imagine whole sub-networks cropping up that uses VPN, exchanging traffic with immunity to AT&T's traffic analysis.
Not just copyright .... (Score:1, Insightful)
It would suddenly become "if you can police this, you're required to police all of these other things". You can't selectively be enforcing what traffic travels without being responsible for all of the rest.
Hopefully, they'll figure out that if they start being the copyright police for all internet traffic, they're responsible for policing everything. Of course, I'm sure there are people who would like them to be the central censor for everything found objectionable.
Cheers
Comment removed (Score:3, Insightful)
time to fund some campaigns (Score:5, Insightful)
So they will just write another law. Do you really think that will be a problem for them to get a "children's internet safety" law passed. The government has been practically wetting themselves wanting a seemingly legal way to inspect all internet traffic, this is the opportunity. Nevermind "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" because this a non-government entity.
Re:Encryption... (Score:2, Insightful)
Sure about that? What's to stop them from using man in the middle attacks to decrypt the communications? Are we going to have a certificate registry for pirated material? Not very likely.
Another Reason Why AT&T is EVIL..... (Score:4, Insightful)
The real point of the move....; (Score:4, Insightful)
They just want to block file sharers!
The corporate weasels just dressed this up in a load of crud about copyrioght protection, protecting kittens from microwaves and otherwise keeping the planet safe for CEOs who havent yet earned thier first billion.
Thye dont need any fancy technoligy to do this -- just a list of port numbers.
How and Why AT&T probably wants to do this... (Score:5, Insightful)
Time-Warner cable supposidly has 50% of the bandwidth used by 5% of the users. Who wants to bet that of this bandwidth, it is almost all pirated material?
The strength of piracy on the Internet is the ease of getting the pirated material, and the ease of distribution. Thus pirated material must be easy to find. So all the MP/RI-AA has to do is find it, and do something about it. Rather than playing Whak-A-Mole on Torrent tracker servers (which are largely offshore), with ISP cooperation from AT&T it becomes possible to play Whak-A-Mole on the users of the torrents themselves...
So the MP/RI-AA or their contractor surfs the Torrent sites, and connects to the torrents with a manipulated client, verifies that a particular torrent is a copyright violation, maps the users of the torrent, and then sends an automated list of the nodes to the ISP saying "This graph is bad, any edge between two nodes in this graph should be killed", and the ISP simply RST-flood any edge in the graph which crosses its network, or just put in a router ACL to drop that pair for a while. Because the strength of the system relies on it being public and P2P, the MP/RI-AA can easily get this information.
AT&T has multiple incentives to cooperate, and can probably do it safely. It has a second party (MP/RI-AA or a company they create/contract for) do the deciding, so they dont' have the liabliity.
It keeps the content providers happy for when they are negotiating their compete-with-iTunes/Netflix video on demand and cable TV services.
It keeps the content providers from pushing through very draconian legislation, or at least draconian legislation you aren't happy with. (It can F-up your competitors, but thats just a bonus)
Its very easy to implement (short-lived router ACLs which are automatically injected and revoked).
And it drops their bandwidth bills by 30-50% by eliminating a large amount of deliberately-noncacheable (both politically and because of bittorrent encryption) traffic.
I wouldn't take it as a guarentee, but I'd almost be willing to bet that AT&T does something like this in the next year. Who wouldn't leap at a chance to reduce your costs by 30%, keep a group of "partners" you have to deal with happy, and without any real work on your part (just an SNMP-manager program)?
This won't stop closed-world pirates, but those are far less annoying to the ISPs simply because there are so many fewer of them, and less important to the MP/RI-AA because they are less likely to be users you can convert to paying customers if you make the illegal content sources unusable.
Re:Another Reason Why AT&T is EVIL..... (Score:5, Insightful)
Remember, this is the same American public which allows (even cheers for) the FCC to decide what you can and can't see and hear.
Here's how it'll go down... (Score:5, Insightful)
And all the legislators will nod their heads and murmur to each other "hey, yeah, they've got a point," while a bag of money passes quietly underneath their tables, and voila, they're allowed -- hell, probably required by the government -- to monitor all traffic and report any and all Violations of the Right to Corporate Profit, and completely immune from prosecution if they happen to miss something.
It'll happen, and the typical "America, Fuck Yeah" voter will grin and gleefully agree that it's for the Good of the Nation, and if you're innocent you should have nothing to hide anyway, so what's the big deal?
The legislators who draft and vote for the bill, meanwhile, will be hailed as patriots and re-elected, again and again, for Protecting the Motherland while simultaneously paying lip-service to smaller government and less federal intrusion into our private lives.
I abhor the fact that my daughter is going to grow up in this pathetic shell that America is today.
Re:Encryption... (Score:5, Insightful)
This is the nature of the internet. The people that innovate in this field are problem solvers, often with a penchant for resiting authority and control. Whenever something like this happens, no matter how detailed or iron-clad the barrier is, someone eventually (or rapidly, more often than not) finds a way to overcome it. Bad code on CDs cause PCs to be unable to read them? Take a felt tip pen and mark the last 1/8" of the disk. DRM protection on DVDs? Here's about 2 MB of code that will overcome any known keys. It's all a matter of time.
Re:How and Why AT&T probably wants to do this. (Score:5, Insightful)
But the P2P community will fight back. It will become an arms race. For example:
-Trackers inject all kinds of bogus data into the trackers, crafted so that humans skip over it but automated crawlers choke on the massive amount of data (and RST packets!) they must deal with. For added fun, the bogus data includes IPs of legitimate company services, so AT&T will be interfering with, e.g. Blizzard downloads.
-ISPs adjust their software to differentiate "real torrents" from "fake torrents."
-Trackers begin accumulating lists of IP addresses and other signatures that detect the ISP bots, and feed them bogus data.
-ISPs use their control of IP blocks to fake requests from different IPs.
-P2P software starts ignoring RST packets, and uses a different (encrypted) protocol to open/close sessions.
-ISPs give up sending RST-floods, and instead drop all packets.
-Trackers implement algorithms that keep track of "user contribution" based on swarm participation (transmitting valid packets), and block/throttle clients with no "reputation." This makes it difficult for the ISPs bot to browse the torrent listing without actively participating in valid torrenting.
-ISPs switch to checking what IP addresses a person connects to, and simply stalls any connection (all traffic) that connects to a tracker site.
-Trackers switch entirely to TOR: they have no public IP address or domain name. All tracking requests go through TOR routing using the ".onion" pseudo-TLD.
And so on...
My point is this is a crazy arms race, and one should not enter that kind of battle until analyzing all the possible counter-attacks. And the difference here is that hackers will view this as a challenge, whereas AT&T will be spending literally millions of dollars implementing technologies that become invalidated over and over.
This is only going to get worse, and it's wrong. (Score:4, Insightful)
It's ability to bypass the propaganda and behavior control traditionally handled by TV news and (now corporate) newspapers; the ability for people to organize worldwide and share information and files in real time; obviously the IP debate - all of this is the antithesis of where government and corporations are pushing societies in every other aspect of our lives.
They want to turn the net into an interactive place much like a cross between early AOL and the home shopping network....They will snoop on everything you do, download, view, etc.
You've already seen the endless barrage of stuff in the media about "how dangerous the internet is" lurking with pedophiles and terrorists, viruses and those who want to steal your identity; when in reality none of those things are real threats if you take the most basic of precautions.
It may take a catalyzing event, like a virus that shuts down a financial network or turns off a power grid or plays a part in some "terrorist attack." They may even try to require that everything you do online is stamped with a virutal confirmable ID that you have to renew like a drivers license.
This is coming, make no mistake about it. The only hope we have to prevent it is to fight fiercely on both the corporate front (against non net neautrality, because if they can't legislate it directly, they'll do it in a defacto manner) and against laws like S1959 which criminalize thoughtcrime and dissent; make organizing a boycott and other such actions a crime and involve the internet.
Re:Encryption... (Score:3, Insightful)
If the tracker starts using SSL, and has valid certificates, then there's no risk of man in the middle there (assuming the CA hasn't been compromised, and let's face it, we could easily set up our own for this purpose...). If we extend the tracker protocol to handle the key exchange for us as well, then we have a *secure* key exchange system, that AT&T cannot intercept, filter or screw with, without being relatively obvious.
Then we just have a per-peer key that we generate (even if it's relatively weak, it'd still be far more effort than could be reasonably expended to decypher it by brute force), then even if ATT attaches to the same tracker, they STILL can't get at the content.
The main problem here is that the tracker becomes more cpu-heavy, and trackers already tend to be fairly over utilized
ash
Re:we've already done this to death (Score:2, Insightful)
you can't put AT&T in jail. but you should be able to hold the people who run AT&T personally responsible for anything illegal the corporation does.