Forgot your password?
typodupeerror
Businesses Communications The Internet

AT&T's Plan to Play Internet Cop 272

Posted by Zonk
from the sorry-i-was-surfing-too-fast-occifer dept.
Ponca City, We Love You writes "Tim Wu has an interesting (and funny) article on Slate that says that AT&T's recent proposal to examine all the traffic it carries for potential violations of US intellectual property laws is not just bad but corporate seppuku bad. At present AT&T is shielded by a federal law they wrote themselves that provides they have no liability for 'Transitory Digital Network Communications' — content AT&T carries over the Internet. To maintain that immunity, AT&T must transmit data 'without selection of the material by the service provider' and 'without modification of its content' but if AT&T gets into the business of choosing what content travels over its network, it runs the serious risk of losing its all-important immunity. 'As the world's largest gatekeeper,' Wu writes, 'AT&T would immediately become the world's largest target for copyright infringement lawsuits.' ATT's new strategy 'exposes it to so much potential liability that adopting it would arguably violate AT&T's fiduciary duty to its shareholders,' concludes Wu."
This discussion has been archived. No new comments can be posted.

AT&T's Plan to Play Internet Cop

Comments Filter:
  • by ProteusQ (665382) <dontbother@[ ]here.com ['now' in gap]> on Thursday January 17, 2008 @10:05AM (#22080338) Journal
    We all send copyrighted emails to one another under a license that does not allow AT&T to retransmit the contents without written permission. We then start a class-action lawsuit. IANAL, but that ought to slay the dragon if the judge agrees that the case has merit.
    • by techpawn (969834)

      We all send copyrighted emails to one another under a license that does not allow AT&T to retransmit the contents without written permission.

      Hasn't the argument flashed on here that once something is created it's copywriten? Or would the timestamp [wikipedia.org] from the email server create a poor man's copy write [wikipedia.org] and therefor they'd be violating a copywrite anyway.

  • by petes_PoV (912422) on Thursday January 17, 2008 @10:06AM (#22080344)
    Last time this story came up (last week?) there were a lot of comments about common carrier status and how this proposal could endanger that.

    Nothing new here

    • Re: (Score:3, Insightful)

      by liquidpele (663430)
      I think the point here is that AT&T is trying to have their cake and eat it too. They want the same law to apply, even if they start filtering. That's bad bad bad. The really bad thing for me is I choose between AT&T or Comcast. Guess it's back to carrier pidgins?
    • by Anonymous Coward on Thursday January 17, 2008 @11:07AM (#22081144)
      about common carrier status

      And as many replies stating that AT&T's internet service is not common carrier, dammit! They lobbied hard to make sure it was that way, because maintaining common carrier status is fucking expensive (what, you think having a dialtone every single time you pick up your phone without having a window where the phone company can say "ok! nobody make a call, we're going to reboot some switches!" is cheap?!), and because violating the common carrier rules doesn't mean you "lose common carrier status", it means you go to jail. Think about that, some guy at the post office reading your mail doesn't mean the post office stops being a common carrier, it means the guy goes to jail.

      This is why they have to have special laws with exceptions written just for them that protect them from being sued!
  • Two can play in this stupid game.
  • Encryption... (Score:5, Insightful)

    by eggoeater (704775) on Thursday January 17, 2008 @10:07AM (#22080368) Journal
    Aside from the problem "fiduciary duty", it's also pointless.
    True, most traffic is not encrypted, but with encryption technology more accessible than ever I think that the whole effort will be a waste of resources.

    I can imagine whole sub-networks cropping up that uses VPN, exchanging traffic with immunity to AT&T's traffic analysis.

    • that doesn't work, all they have to know is that some ip address is serving up copyrighted material on a given port and shut of that port for that server.

      What we need is something that cryptographially switches the ports around and the server all to have a copy of a few books from project gutenberg so the ISP can't be sure it the material is copyrighted or not.
      • Re:Encryption... (Score:5, Informative)

        by AKAImBatman (238306) <akaimbatman@gmai ... m minus language> on Thursday January 17, 2008 @10:22AM (#22080570) Homepage Journal

        that doesn't work, all they have to know is that some ip address is serving up copyrighted material on a given port and shut of that port for that server.

        I think you misunderstand how a Virtual Private Network works. The first thing you must understand is that there is not spoon^W ports. Once you realize that there are no ports, then you only need to route packets over a secure channel that's indistinguishable from valid business. Is this user networking with his small-business employer, or a pirate spreading illegal wares? Impossible to tell from the traffic itself.
        • Re: (Score:3, Interesting)

          by Shakrai (717556) *

          Impossible to tell from the traffic itself.

          Don't most (all?) VPN systems rely on public-key cryptography and thus vulnerable to man in the middle attacks? It might not be possible to do a MITM attack against your VPN to work (presumably you have some system in place to verify the encryption keys) but how are you going to prevent it on a p2p network when you have no way to verify the keys of the hosts you are communicating with? A piratebay-type certificate registry hosted in a country that isn't friendly to copyright law? What happens when the

          • No. IPSEC can use several methods, and key are exchanged out of band. (Or e-mailed if you are sloppy) Now PPtP, or the McDonalds of VPN, is less secure, but it is generally not used for router to router tunnels. IPSEC is, and it is supported in most commercial firewalls, and most FOSS firewall projects. (like m0n0wall)
            • by Shakrai (717556) *

              and key are exchanged out of band

              Unless "out of band" means exchanged through some other path then AT&T then I fail to see how that helps us.

              I'm not denying that there are ways to securely exchange encryption keys with someone -- but you can't exchange them over an untrusted network without some sort of way to verify it. This won't stop piracy (I'm sure the warez groups can securely exchange keys) but it will render p2p as we know next to useless.

              Your typical bittorrent client will establish connections with dozens or hundreds of

              • Unless "out of band" means exchanged through some other path then AT&T then I fail to see how that helps us.

                Wow... Just wow... http://en.wikipedia.org/wiki/Out-of-band [wikipedia.org]

                And the original poster was saying "I can imagine whole sub-networks cropping up that uses VPN, exchanging traffic with immunity to AT&T's traffic analysis." To me that says a small private network between a few friends where everyone shares there content. Something Like I have a VPN to John, Steve, and Bill's house, and we a
                • by Shakrai (717556) *

                  Wow... Just wow... http://en.wikipedia.org/wiki/Out-of-band [wikipedia.org]

                  Mind pointing out which section of that answers my question, because I don't see it? If you are transferring the keys across the internet then they are vulnerable to being intercepted and replaced with a different key. I fail to see how you stop this without a trusted source that can sign (or otherwise vouch for) the encryption keys used for that session.

                  • Re: (Score:3, Informative)

                    by houstonbofh (602064)
                    Mind pointing out which section of that answers my question, because I don't see it? If you are transferring the keys across the internet then they are vulnerable to being intercepted and replaced with a different key. I fail to see how you stop this without a trusted source that can sign (or otherwise vouch for) the encryption keys used for that session.

                    How about the first paragraph... "Out-of-band is a technical term with different uses in communications and telecommunication. It refers to communicati
                    • by Shakrai (717556) *

                      OOB communications would be a thumb drive, shipping a configured router, telling you the shared key over the phone (not AT&T phone), or a properly encrypted e-mail.

                      And therein you have completely missed the point.

                      If you and I wish to communicate without AT&T eavesdropping on us, we can find a secure way to exchange our keys. I've never disputed that. How exactly do you purpose to securely exchange keys with the hundreds of peers that you will communicate with during the typical p2p session?

                  • Re: (Score:3, Interesting)

                    by cheater512 (783349)
                    It would be nearly impossible to pluck someone's public key from the terrabytes of data they process and then swap it with their own.

                    Looking for copyrighted material is one thing. Grabbing anything which could be a public key is another.
              • Re:Encryption... (Score:5, Insightful)

                by rudeboy1 (516023) on Thursday January 17, 2008 @11:10AM (#22081192)
                I wouldn't sweat it. If this sort of policy comes to pass, I'm sure it will take all of about a month for Azureus or whoever to write a modification to the BitTorrent concept, allowing for VPN style connections between peers. Yes, I imagine this would be complicated to set up from a programming stance, but releasing a patch with most largely available BT clients would immediately transform BT as we know it, and would send all these pro-DRM groups back to the drawing board for a while. IANAP, but in concept this seems to be the next logical step anyway.
                This is the nature of the internet. The people that innovate in this field are problem solvers, often with a penchant for resiting authority and control. Whenever something like this happens, no matter how detailed or iron-clad the barrier is, someone eventually (or rapidly, more often than not) finds a way to overcome it. Bad code on CDs cause PCs to be unable to read them? Take a felt tip pen and mark the last 1/8" of the disk. DRM protection on DVDs? Here's about 2 MB of code that will overcome any known keys. It's all a matter of time.
                • by Shakrai (717556) *

                  'm sure it will take all of about a month for Azureus or whoever to write a modification to the BitTorrent concept, allowing for VPN style connections between peers

                  You missed the point of my posts. That VPN is a moot point if you don't have a way to verify the key that you are using to encrypt the data. What stops AT&T from conducting man in the middle [wikipedia.org] attacks against your encrypted bittorrent sessions?

                  • Re: (Score:3, Insightful)

                    by ashridah (72567)
                    This is actually pretty easy. We already have a 'trusted' single point here. The Tracker.

                    If the tracker starts using SSL, and has valid certificates, then there's no risk of man in the middle there (assuming the CA hasn't been compromised, and let's face it, we could easily set up our own for this purpose...). If we extend the tracker protocol to handle the key exchange for us as well, then we have a *secure* key exchange system, that AT&T cannot intercept, filter or screw with, without being relatively
          • Re:Encryption... (Score:5, Interesting)

            by kebes (861706) on Thursday January 17, 2008 @11:05AM (#22081120) Journal
            If AT&T actually goes so far as to automate man-in-the-middle and spoof all cryptographic key exchanges so that they can decrypt and analyze encrypted content... things are going to get interesting.

            For one thing, I imagine financial institutions are not going to take kindly to that kind of action, and could probably mount a very successful class-action lawsuit.

            The thing about encrypted traffic is that it could be anything, from confidential business data, to financial transactions, to launch-codes, to a screener of a new movie. As crazy as they are, AT&T will not start playing that game.

            The blocking of IP addresses is a more likely counter-attack to widespread encryption, but even then solutions exist (e.g. the TOR network allows routing to servers that have no "non-tor" domain name, so the real IP address is never exposed). It will quickly become a ridiculous arms race...
            • by wurp (51446)
              Either distributed trust networks (e.g. the kind that result from key signing parties and pseudo-transitive key signatures) or central authority trust networks (a la Verisign et al) eliminate the possibility of man in the middle attacks.

              That probably doesn't really impact man in the middle attacks on P2P systems, but it surely does impact MITM attacks on financial institutions.
        • by ACMENEWSLLC (940904) on Thursday January 17, 2008 @11:47AM (#22081748) Homepage
          We run a medium sized network. We monitor our folks. We can also view their screen.

          Something I've noticed happening a few times which I thought was interesting. I can see the screen & url that the person is looking at, and it has very questionable content.

          I pull the URL from my logs and go to that page and it serves up an entirely different site.

          Sort of like the webpage that has a breakout game that looks like you are working in Excel, escalation has many fronts. If you make it difficult for people to get the content one way, they find a different way. While we dis-allow e-mail for personal use while at work, and blocked webmail - people can now surf the Internet on their phones.

          Why spend all this money on a war? Why not adjust the cost of a CD or DVD to be more in line with what the multitude will pay?

          How is it a DVD costs $12.99
          http://www.bestbuy.com/site/olspage.jsp?id=31042&skuId=3776596&type=product&ref=06&loc=01&ci_src=17588969&ci_sku=3776596 [bestbuy.com]

          But the same CD costs $12.99?
          http://www.bestbuy.com/site/olspage.jsp?id=124207&skuId=2830565&type=product&ref=06&loc=01&ci_src=17588969&ci_sku=2830565 [bestbuy.com]

          Shouldn't the CD be cheaper? I know I'd go back to buying CD's if they price were $5.

    • Re: (Score:2, Insightful)

      by Shakrai (717556) *

      but with encryption technology more accessible than ever I think that the whole effort will be a waste of resources

      Sure about that? What's to stop them from using man in the middle attacks to decrypt the communications? Are we going to have a certificate registry for pirated material? Not very likely.

      • Sure about that? What's to stop them from using man in the middle attacks to decrypt the communications? Are we going to have a certificate registry for pirated material? Not very likely.

        Not necessary. The DMCA provides this wonderful protection:


        " 1201. Circumvention of copyright protection systems

        "(a) Violations Regarding Circumvention of Technological Measures.--(1)(A) No person shall circumvent a technological measure that effectively controls access to a work protected under this title.


        Now I just need
        • by Shakrai (717556) *

          I don't have that much faith in AT&T following the law. Even if there isn't an escape clause, they'll lobby to have one put in the minute somebody tries to apply the DMCA against them. Hell, this is the company that's trying to get retroactive immunity for breaking the law.

          Somebody needs to establish a central certificate registry for individuals. Then build something at the network layer (easy as cake in Linux, probably doable in Windows as well) that checks that registry before communicating with

          • That is a fantastic idea. The only problem is that the "bad guys" would have equal access to that DB, and would be able to manipulate it, rendering it useless. The Man would be able to listen in just as before, just having to go through one extra step to do it.
            • by Shakrai (717556) *

              Eh, you'd have to do it like any other certificate registry and you'd have to trust the registry itself. This is no different from how it works today -- there just isn't an (affordable) system in place to do it on an individual level yet. The current system also works on a protocol level -- I'm thinking of a transparent end-to-end system at Level 3 [wikipedia.org]. I think this was actually one of the original goals behind IPSec, but it never took off for whatever reason.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I can imagine whole sub-networks cropping up that uses VPN, exchanging traffic with immunity to AT&T's traffic analysis.
      Stop imagining [anonet.org]. It's small, but perfectly formed and functional. Please mod up.
  • by axus (991473) on Thursday January 17, 2008 @10:10AM (#22080402)
    AT&T obviously has some deep government connections, they've got senators thinking that what's good for AT&T is good for America. They wrote the previous law, they can unwrite it. The trick will be how to include themselves and exclude their competitors... and I'm sure they'll try to stick people with open wifi ports too.
    • I don't understand how anyone can object to the previous law. If you build a method of transfering information, you are not liable for what people send over it. Should gun makers be liable for what people do with their products?

  • by AltGrendel (175092) <ag-slashdot@nOspAM.exit0.us> on Thursday January 17, 2008 @10:10AM (#22080404) Homepage
    Good luck with that.

    No, really. I mean it

    • by rudeboy1 (516023)
      You know, one of their main buildings is right next to my office. Maybe I could walk over there with a sword and...

          Nah, maybe not. I've seen how those "guy walks into office wielding sword" news stories usually go. Don't tase me bro.
  • by Original Replica (908688) on Thursday January 17, 2008 @10:13AM (#22080430) Journal
    at present AT&T is shielded by a federal law they wrote themselves

    So they will just write another law. Do you really think that will be a problem for them to get a "children's internet safety" law passed. The government has been practically wetting themselves wanting a seemingly legal way to inspect all internet traffic, this is the opportunity. Nevermind "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" because this a non-government entity.
    • by rudeboy1 (516023)
      I hear you, but the consumer has some pretty good lobbying groups going for him these days too. Check out savetheinternet.com [savetheinternet.com]. You have these guys largely to thank for the fight for net neutrality thus far.
      I'm not one for protests or taking part in debates, so I show support by donating. I give these guys and stealthisfilm.com [stealthisfilm.com] a little $$ now and then, because they speak in a voice that can be heard better than mine. It's a lot more effective than online petitions, but should also be used in conjunction
    • by steelfood (895457) on Thursday January 17, 2008 @11:57AM (#22081910)
      So they will just write another law.

      One that will force every backbone owner to filter traffic. Because if one can do it, all of them can.

      And henceforth, it will be named: The Great Firewall Act.

      It doesn't have to be implemented directly by the government to be oppressive.
      • Re: (Score:3, Interesting)

        by Kjella (173770)

        And henceforth, it will be named: The Great Firewall Act.
        More like the General Electronic Standard Transfer Analysis Permission Order. To fit the acronym it'd have to be an executive order by Bush instead, but I'm sure that can be arranged...
  • Dammit! I've been planning on looking into switching to AT&T DSL in the near future. I currently have a local cable provider for Internet and TV. The Internet access is OK, but the TV (specifically the HD content) quality sucks bad. Plus it's local so it don't even have the clout like Comcast to improve their offerings.

    I've been looking into switching to AT&T DSL and a satellite provider to try and save money and get a better product. The DSL looks like it would be about $15/month cheaper, and
    • Don't switch to AT&T DSL.

      That company is evil. You're bills will be wrong. If you think you are saving $15 a month, you'll actually be saving more like $5, because of random fees and charges. Customer service will be incredibly slow and rude. Not to mention that even AT&T's Fiber service is capped at 6mbps.

      Don't use AT&T. I tried out AT&T DSL about two months ago, just to see if they had improved.

      Short story? I now have ongoing billing dispute with them, even though I only had service for 3
      • Re: (Score:3, Interesting)

        by eln (21727)
        Try getting dry loop DSL, it's even worse.

        AT&T does offer dry loop, but they won't admit it, and most of their call center drones don't know that it exists. I ordered it a few months back, and after being transferred all over the place just to find someone that would admit that it existed and knew how to set it up, I finally got someone to actually hook it up.

        After I got my first bill, I jumped online and set up automatic payment, and everything was fine. Then, two months later, I get a nastygram sayi
    • by acoustix (123925) on Thursday January 17, 2008 @10:26AM (#22080624) Homepage
      This issue isn't just limited to AT&T customers. It affects everyone because AT&T is a tier 1 provider, meaning that they provide backbone access for several ISPs. They are looking to sniff *all* traffic, not just traffic of their DSL customers.

      Nick
    • Oh, you don't have to switch to AT&T. Just keep your current provider - as soon as AT&T gets this working, everybody else will follow suit.

    • All consumer providers will have the same issues. AT&T and Comcast will continue to try an top each other in screwing the customer. To avoid this, you will either need to go to a business class provider (like Logix or C-Beyond) and pay a lot more, or invest in encryption. I have several clients with all of the above services. At home I use AT&T, and I trust them about as much as i trust a crack addicted stripper.
      • by rudeboy1 (516023)
        I know it's a small step, but take a stand against this crap when you have the opportunity. I wrote a nice polished (with the help of one of the lawyers I work with((admin at a law firm)) )letter and submitted it as a comment in the FCC investigation into Comcast's shady practices. If you have any bad dealings with Comcast, this is a good opportunity to make yourself heard at a top level. Your suggesting that there is nothing that can be done to prevent this from happening. I suggest that we as a commun
    • Think bigger than that. Even if they aren't your ISP nor the ISP of whoever you want to talk to, your traffic will very likely flow through pipes they own. It's respectable to boycott them for this but it isn't going to keep them from watching much of what you do online.
  • by HangingChad (677530) on Thursday January 17, 2008 @10:16AM (#22080470) Homepage

    When really stupid ideas start seeing the light of day. That means most of the management team has insulated themselves from criticism by surrounding themselves with toadies and have, effectively, separated themselves from any semblance of reality.

    Usually the case when you see corporate behavior and wonder, "How could they be that stupid?" Because on their little planet what they're doing makes sense. Just not on this world.

    In my experience it also means upper management has divided themselves into warring camps.

    • by gstoddart (321705)

      Usually the case when you see corporate behavior and wonder, "How could they be that stupid?" Because on their little planet what they're doing makes sense. Just not on this world.

      Of course, one could always be paranoid and start thinking the feds are working with them on this and trying to write in exemptions to the laws for the bug hunt against copyright infringement. After all, they made it illegal to sue them for assisting in widespread eaves-dropping on everyone's communications, so why not get them t

    • by FredFredrickson (1177871) * on Thursday January 17, 2008 @10:22AM (#22080560) Homepage Journal
      It's also a sign- the company has clearly chosen a strategy from the following two:

      1. Side with the consumer. In the end it's their money that will make you surpass your competition.
      2. Side with legislation. You can legislate yourself a consumer base, that's where the money will be.

      It's sad when a company thinks they're so big that they can take option 2. It's fun when option 2 basically kills a company. I wouldn't be surprised if this type of move kills them. Think about it- they're talking about censoring the very basic service that's being offered. It's like they're trying to sell a damaged highway to people, expecting them to take it because the potholes are on purpose. People will vote with their wallets, I hope.
    • Okay, so I'm watching TV on my Verizon FIOS (carried over the internet) and AT&T blocks it (as it goes over their network) because I'm watching a copyrighted movie. Yeah, no problem there.
      • by slykens (85844)
        Okay, so I'm watching TV on my Verizon FIOS (carried over the internet) and AT&T blocks it (as it goes over their network) because I'm watching a copyrighted movie. Yeah, no problem there.

        FIOS Video is not carried on the Internet.

        First, regular FIOS Video, your TV channels, are not even video over IP.

        Second, any video that is IP (an on-demand service, for example) is carried solely on Verizon's internal network. How is T going to block what's on VZ's internal network?

        Really, if you're going to comment a
    • by rwyoder (759998)

      When really stupid ideas start seeing the light of day. That means most of the management team has insulated themselves from criticism by surrounding themselves with toadies and have, effectively, separated themselves from any semblance of reality. Usually the case when you see corporate behavior and wonder, "How could they be that stupid?" Because on their little planet what they're doing makes sense. Just not on this world. In my experience it also means upper management has divided themselves into warr

      • by internic (453511)

        Are we still talking about AT&T, or did the conversation move on to the Dubya administration?

        They're closely [eff.org] related [opensecrets.org]. In fairness, though, AT&T is much more competent than the Bush administration itself, otherwise we might not have much to fear. "We know where the infringing packets are. They're on the internets and north, south, east, and west somewhat."

  • I assume that AT&T carries traffic across their network that doesn't neccessarily start or end with them. Somewhere in the middle? How much would this affect a Verizon subscriber accessing something from a server that's not neccessarily AT&T? Would AT&T likely get the traffic across their network somewhere in the US anyhow? If not, then could the rule be applied:

    "The Net interprets censorship as damage and routes around it."

    I could see a massive boycott of AT&T if this is possible, but I
  • If they start to block stuff and you get sued for upload and download stuff that did not get blocked can you go to court and say AT&T did not block it so it must be ok to freely upload and download it?
  • Way back in the dark ages, before the Internet had cast dial-up online services from the home, Prodigy lost a case over content because they chose to moderate a forum.

    They didn't even argue that controlling content meant responsibility for that content: their defense was that a volunteer paid in kind was not an agent because they were not an employee.
  • Well, they could ... (Score:4, Interesting)

    by Ihlosi (895663) on Thursday January 17, 2008 @10:21AM (#22080540)
    To maintain that immunity, AT&T must transmit data 'without selection of the material by the service provider' and 'without modification of its content'



    Well, neither of the criteria contains any mention of the transfer rate. They could limit "offending" downloads to 1 kB/s.

  • by computersareevil (244846) on Thursday January 17, 2008 @10:23AM (#22080578)
    Listen, they paid enough to get the common-carrier laws written so they would be immune from prosecution. What makes anybody think they won't just buy new laws that allow them to police traffic but still enjoy immunity? They are doing it for the children, after all...
    • by gstoddart (321705)

      Listen, they paid enough to get the common-carrier laws written so they would be immune from prosecution. What makes anybody think they won't just buy new laws that allow them to police traffic but still enjoy immunity? They are doing it for the children, after all...

      Well, they're doing it for the copyright holders.

      Or, did I miss the point where downloading copyrighted material kills babies?

      Not that I disagree that they'd just buy themselves a new law they wrote.

      Cheers

      • by canajin56 (660655)
        If they don't stop children from downloading music, the record studios will be FORCED to get a $100,000,000,000,000 judgment against their parents, ruining their potential future and ability to go to a post-secondary institution (unless they manage to get a scholarship while living on the streets). So yes, it's for the children.
  • by untaken_name (660789) on Thursday January 17, 2008 @10:25AM (#22080608) Homepage
    That it's only AT&T doing the looking...for now. Wait until the gov't gets Google on it. Then we're all doomed. We'll actually have to pay for music, movies, and pr0n again. The humanity!
    • by Chirs (87576)
      How do you know that the government doesn't already snoop Google's data?
  • by Anonymous Coward on Thursday January 17, 2008 @10:27AM (#22080634)
    Here's another reason why this company was broken up in the first place back in the 80's! How in the hell did the FCC and the American Public let this slip past us? Now we are dealing with it again. WTF? When will the FCC learn?
    • by computational super (740265) on Thursday January 17, 2008 @10:41AM (#22080834)

      Remember, this is the same American public which allows (even cheers for) the FCC to decide what you can and can't see and hear.

  • by supersnail (106701) on Thursday January 17, 2008 @10:33AM (#22080734)
    "AT&T argues that it must get involved in stopping the flow of pirated content because much of this content is shared using peer-to-peer protocols, which eats up valuable network bandwidth, slowing network connections for many of its customers."

    They just want to block file sharers!

    The corporate weasels just dressed this up in a load of crud about copyrioght protection, protecting kittens from microwaves and otherwise keeping the planet safe for CEOs who havent yet earned thier first billion.

    Thye dont need any fancy technoligy to do this -- just a list of port numbers.

    • by jambarama (784670)
      They don't need any fancy technology to do this -- just a list of port numbers.

      Considering how trivial it is to route P2P traffic over any port you so desire, including port 80 which they certainly aren't going to shut off, I think they know it'll take a little more than a list of ports. Most P2P apps I've seen have this functionality built right in - uTorrent, azureus, eMule, etc. Want to hide your traffic? Encrypt it and run it over port 22.

      But even traffic run in this way is trivial to filter for
  • by nweaver (113078) on Thursday January 17, 2008 @10:37AM (#22080786) Homepage

    Time-Warner cable supposidly has 50% of the bandwidth used by 5% of the users. Who wants to bet that of this bandwidth, it is almost all pirated material?

    The strength of piracy on the Internet is the ease of getting the pirated material, and the ease of distribution. Thus pirated material must be easy to find. So all the MP/RI-AA has to do is find it, and do something about it. Rather than playing Whak-A-Mole on Torrent tracker servers (which are largely offshore), with ISP cooperation from AT&T it becomes possible to play Whak-A-Mole on the users of the torrents themselves...

    So the MP/RI-AA or their contractor surfs the Torrent sites, and connects to the torrents with a manipulated client, verifies that a particular torrent is a copyright violation, maps the users of the torrent, and then sends an automated list of the nodes to the ISP saying "This graph is bad, any edge between two nodes in this graph should be killed", and the ISP simply RST-flood any edge in the graph which crosses its network, or just put in a router ACL to drop that pair for a while. Because the strength of the system relies on it being public and P2P, the MP/RI-AA can easily get this information.

    AT&T has multiple incentives to cooperate, and can probably do it safely. It has a second party (MP/RI-AA or a company they create/contract for) do the deciding, so they dont' have the liabliity.

    It keeps the content providers happy for when they are negotiating their compete-with-iTunes/Netflix video on demand and cable TV services.

    It keeps the content providers from pushing through very draconian legislation, or at least draconian legislation you aren't happy with. (It can F-up your competitors, but thats just a bonus)

    Its very easy to implement (short-lived router ACLs which are automatically injected and revoked).

    And it drops their bandwidth bills by 30-50% by eliminating a large amount of deliberately-noncacheable (both politically and because of bittorrent encryption) traffic.

    I wouldn't take it as a guarentee, but I'd almost be willing to bet that AT&T does something like this in the next year. Who wouldn't leap at a chance to reduce your costs by 30%, keep a group of "partners" you have to deal with happy, and without any real work on your part (just an SNMP-manager program)?

    This won't stop closed-world pirates, but those are far less annoying to the ISPs simply because there are so many fewer of them, and less important to the MP/RI-AA because they are less likely to be users you can convert to paying customers if you make the illegal content sources unusable.

    • by Pyrrus (97830)
      Interesting idea, but I think they'd still be playing whack-a-mole, because they would need to infiltrate every single torrent they want to shut down.
      There are a lot of torrents and a lot of torrent sites, and they'd never be able to keep up.
      • by cliffski (65094)
        True, but every dead link means more frustration for the pirates. People are generally lazy. A lot of people who can do 3 mouse clicks and get a pirated DVD download will just give up and pay for the thing if they have to spend an hour following dead links and downloading half finished torrents before they get something valid. Thats all they need to do.
      • by nweaver (113078)
        If Google can find it, an MP/RI-AA spider could find it and spider the torrent.

        If Google can't find it, the pirate users can't find it.

        Oh, on the liability: according to the original article, this messes up one set of liability protection AT&T has, but they might still be able to retreat to the DMCA safe harbor provision, because they actually aren't making a decision about copyright, just enforcing someone else's decision.

        But since they are enforcing someone else's decision, they can probably avoid lia
    • by kebes (861706) on Thursday January 17, 2008 @11:24AM (#22081372) Journal
      Your post outlines a possible means by which AT&T will stop bit-torrent traffic. It seems workable and realistic, and AT&T may very implement it (despite the obvious ramifications: e.g. if they block everything listed on PirateBay they will block many sanctioned/legal file transfers).

      But the P2P community will fight back. It will become an arms race. For example:
      -Trackers inject all kinds of bogus data into the trackers, crafted so that humans skip over it but automated crawlers choke on the massive amount of data (and RST packets!) they must deal with. For added fun, the bogus data includes IPs of legitimate company services, so AT&T will be interfering with, e.g. Blizzard downloads.
      -ISPs adjust their software to differentiate "real torrents" from "fake torrents."
      -Trackers begin accumulating lists of IP addresses and other signatures that detect the ISP bots, and feed them bogus data.
      -ISPs use their control of IP blocks to fake requests from different IPs.
      -P2P software starts ignoring RST packets, and uses a different (encrypted) protocol to open/close sessions.
      -ISPs give up sending RST-floods, and instead drop all packets.
      -Trackers implement algorithms that keep track of "user contribution" based on swarm participation (transmitting valid packets), and block/throttle clients with no "reputation." This makes it difficult for the ISPs bot to browse the torrent listing without actively participating in valid torrenting.
      -ISPs switch to checking what IP addresses a person connects to, and simply stalls any connection (all traffic) that connects to a tracker site.
      -Trackers switch entirely to TOR: they have no public IP address or domain name. All tracking requests go through TOR routing using the ".onion" pseudo-TLD.

      And so on...

      My point is this is a crazy arms race, and one should not enter that kind of battle until analyzing all the possible counter-attacks. And the difference here is that hackers will view this as a challenge, whereas AT&T will be spending literally millions of dollars implementing technologies that become invalidated over and over.
      • by nweaver (113078)
        The arms race favors the MP/RI-AA in this, because in order for a P2P system to work for file exchange, you need to be able to actually get to the peers which have portions of the file.

        You don't just take the tracker at its word, but instead actually verify the nodes. This means the graph is "correct", preventing the joe-job defense.

        You aren't blocking the tracker, but the actual P2P communication within the system.

        And Tor so throttles ones' performance that only the truely paranoid use it for their BitTor
  • by QCompson (675963) on Thursday January 17, 2008 @10:39AM (#22080820)
    Maybe by the time AT&T has it's filtering plan in place, they also hope to have a wide-ranging immunity law passed by Congress that supplants 17 U.S.C. 512. The new law, passed by a Congress that is nearly completely united on their love for telecom companies, would give telecoms complete immunity from any lawsuits while engaged in "efforts to combat copyright violations."

    It looks as if there's a good chance the telecoms will get retroactive immunity for aiding in breaking the law and eavesdropping on customer's communications without warrants; it doesn't seem to be a stretch to imagine that they will plan on their congress-critters to help them out in their fight against digital piracy.
    • There's not much conceptual distance (and virtually no technical distance) between data-mining for copyright violations and data-mining for security violations.

      Maybe NSA plans to let AT&T use a portion of whatever mining tool they've got up in those secret data rooms as payback? Or, maybe AT&T saw what NSA put into those secret rooms, and figured, "oh, so that's how you can filter the entire Internet."
  • This is really about making lots of money in a new market... 'beating the pirates'

    They have seen how MediaDefender has made huge profits out of the rabid desire of the music industry & hollywood to stop the perceived 'theft' of music and movies to illeagal downloads particulary torrents through technological techniques.

    AT&T see themselves in excellent position to tap into this market through traffic monitoring and MediaDefender's recent stock crash after leaked emails reveal they were pwned by

  • by glindsey (73730) on Thursday January 17, 2008 @10:53AM (#22080982)
    AT&T will simply purchase a new law from Congress stating "communications providers are allowed to monitor everything you do and turn you over to the government, but if they happen to miss anything, they are absolutely indemnified." They'll make arguments like "Hey, if the police aren't able to stop a murder from happening, but are shown to be putting forth their best effort to prevent murders, you don't hold the police officer responsible -- so why should we be held responsible if we miss some illegal content?"

    And all the legislators will nod their heads and murmur to each other "hey, yeah, they've got a point," while a bag of money passes quietly underneath their tables, and voila, they're allowed -- hell, probably required by the government -- to monitor all traffic and report any and all Violations of the Right to Corporate Profit, and completely immune from prosecution if they happen to miss something.

    It'll happen, and the typical "America, Fuck Yeah" voter will grin and gleefully agree that it's for the Good of the Nation, and if you're innocent you should have nothing to hide anyway, so what's the big deal?

    The legislators who draft and vote for the bill, meanwhile, will be hailed as patriots and re-elected, again and again, for Protecting the Motherland while simultaneously paying lip-service to smaller government and less federal intrusion into our private lives.

    I abhor the fact that my daughter is going to grow up in this pathetic shell that America is today.
  • by Doc Ruby (173196) on Thursday January 17, 2008 @10:54AM (#22081000) Homepage Journal
    AT&T is already facing a mortal threat because it helped Bush/Cheney spy on every phonecall on its network for at least 5 years, in blatant violation of the FISA. Those crimes should get Bush/Cheney impeached (and it just might) - AT&T would be an even huger casualty. That's why it (and its also guilty "competitors" like Verizon - but not Qwest, which refused) is pulling in all its favors in the Congress (especially in the Senate), to get amnesty/immunity for having broken that essential law so much and so badly.

    If it gets away with those many and flaming FISA violations, AT&T will write new laws to allow, even encourage, more spying like this one.

    But if AT&T doesn't get amnesty (even if it convinces a court that it isn't liable for breaking the FISA, because "the devil^WExecutive made me do it"), then maybe it will be stopped. Not just from spying, but from doing whatever it damn pleases to prey on America, both regular people and the many people who've been trying for several years now to compete with new technologies like VoIP and other open networks.

    Death to AT&T. Maybe a lawsuit right up its heat exhaust will do the trick.
  • Policy (Score:3, Funny)

    by Eudial (590661) on Thursday January 17, 2008 @10:59AM (#22081048)
    Nothing new. Just the usual corporate policy of "Why aim for the sky when you can shoot yourself in the foot?"
  • by zerofoo (262795) on Thursday January 17, 2008 @11:41AM (#22081656)
    I'm not an encryption expert, but I have used my fair share of VPN gear and tunneling software.

    Mathematician friends of mine tell me that most modern encryption methods put brute-force cracking well out of range of the most modern computing hardware - even distributed cracking is extremely difficult with a sufficiently large key size.

    So if modern encryption techniques are so secure, what is to stop everyone from encrypting all their traffic?

    Once that happens, how does AT&T propose to filter traffic it can not examine?

    -ted
    • So if modern encryption techniques are so secure, what is to stop everyone from encrypting all their traffic?

      Once that happens, how does AT&T propose to filter traffic it can not examine?

      Your ISP: the ultimate man in the middle. You want real security, hand deliver your public key to all your contacts after first encrypting *it*. With a one-time pad. Which you then proceed to burn. And eat the ashes.

    • Re: (Score:3, Informative)

      what is to stop everyone from encrypting all their traffic?

      To give a very abbreviated answer, the network effect [wikipedia.org] for this has not yet taken off. There has been no technical barrier to widespread encryption for over a decade, but there are two social barriers which remain to be overcome:

      • Education
        In order for you to use crypto, you have to know how it works. Most other technologies are not like this, in that they can just kind of operate in the background. But cryptographic communications operate be
  • I don't have time myself to go looking up the law and trying to figure it out, but could this exclusion affect Comcast for its BitTorrent throttling and RST packet sending?
  • by Jason Levine (196982) on Thursday January 17, 2008 @11:56AM (#22081904)
    Step 1: Create something.
    Step 2: Sue AT&T when it's inevitably pirated.
    Step 3: Profit!
  • by moxley (895517) on Thursday January 17, 2008 @12:38PM (#22082450)
    I have been saying for a while that our corporatist government and their partners in crime will not tolerate the freedom and openness on the internet much longer.

    It's ability to bypass the propaganda and behavior control traditionally handled by TV news and (now corporate) newspapers; the ability for people to organize worldwide and share information and files in real time; obviously the IP debate - all of this is the antithesis of where government and corporations are pushing societies in every other aspect of our lives.

    They want to turn the net into an interactive place much like a cross between early AOL and the home shopping network....They will snoop on everything you do, download, view, etc.

    You've already seen the endless barrage of stuff in the media about "how dangerous the internet is" lurking with pedophiles and terrorists, viruses and those who want to steal your identity; when in reality none of those things are real threats if you take the most basic of precautions.

    It may take a catalyzing event, like a virus that shuts down a financial network or turns off a power grid or plays a part in some "terrorist attack." They may even try to require that everything you do online is stamped with a virutal confirmable ID that you have to renew like a drivers license.

    This is coming, make no mistake about it. The only hope we have to prevent it is to fight fiercely on both the corporate front (against non net neautrality, because if they can't legislate it directly, they'll do it in a defacto manner) and against laws like S1959 which criminalize thoughtcrime and dissent; make organizing a boycott and other such actions a crime and involve the internet.

Thufir's a Harkonnen now.

Working...