New Tool Promises To Passively ldentify BitTorrent Files

QuietR10t writes "A new technique has been developed for detecting and tracking illegal content transferred using the BitTorrent file-trading protocol. According to its creators, the approach can monitor networks without interrupting the flow of data and provides investigators with hard evidence of illicit file transfers. 'Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,' says Schrader." I wonder if it can specifically identify legal content, too.

Carrier Status?

[oahazmatt]

So, if for instance, Verizon or AT&T start using this tool, does that mean they lose common carrier status?

Encryption?

[hansamurai]

I'm assuming this has no chance of defeating encrypted connections?

Encrypted traffic...

[bleh-of-the-huns]

Till they come up with a good way to figure out whats going across the network encrypted, they will just be wasting their time.

Wait, wait, slow down there...

[fuzzyfuzzyfungus]

So, you're telling me that, given a set of hashes corresponding to "Prohibited content" and access to all the packets moving across a network, you can detect prohibited content? Why, it's a miracle of science!

Seriously, this is news? It has been possible, with the complicity of the router or physical access to the wire, to unobtrusively and undetectably tap a network since forever. That isn't news. And being able to identifiy files whose hashes you have ahead of time? Also not news, especially since bittorrent uses hashes extensively itself, and was never designed for subtlety or concealment.

I realize that Technology Review lost interest in technology years ago, and now spends most of its time fellating venture capitalists; but this is pathetic.

Re:Carrier Status?

[Jane Q. Public]

They SHOULD. As long as they do not alter or supply content themselves.

The whole concept of common carrier was to account for services such as ISPs. Of course telephone systems were the first real examples, but the concept is still the same: a communications channel, where a service can carry those communications from point to point, without altering, supplying, or monitoring content.

I know of no logical reason why ISPs should not be "common carriers". They are ideal candidates to be. As long as they keep their fat fingers off the content.

And THEY should be in support of the concept, because if they cannot claim the "common carrier defense" (i.e., no responsibility for content), then they have some very heavy legal liability issues that common carriers do not have to deal with.

Re:Encrypted traffic...

[Kjella]

And if they did that, we could start having the tracker negotiate SSL keys for us. If they tried going after the tracker traffic, we could make that HTTPS. If they started faking the certs, we could move to OpenDNS or install a "trusted" torrent root cert. That is a battle they could not win.

Re:hmm

[OSDever]

I believe that falls under "Tyrannical government? Revolution."

Re:Encrypted traffic...

[Shakrai]

In theory, they could attack encryption with man-in-the-middle during the key exchange

In theory, isn't this (or shouldn't this) all be illegal under wiretapping laws anyway?

As a private citizen I don't have the right to start monitoring my neighbors phone calls (even if those calls are broadcast [wikipedia.org] into my house without encryption) just because I suspect she is dealing drugs. What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?

Re:Completely Biased and Worthless

[azgard]

Or, everybody will become a criminal.

Re:Encryption?

[El Torico]

I've seen commercial boxes that you can already buy that do a lot more than this and faster. He made a big deal about it not disturbing the network, but that's a standard feature. Unless this thing is dirt cheap or something, I don't really see the application.

I think that the manufacturer will try to pimp this as an "IP Compliance Product" to ISPs and madly lobby every politician they can bribe, err, I mean donate to.

Re:Encrypted traffic...

[headbulb]

He was talking about using a man in the middle attack. Both parties think they are talking to eachother.

It doesn't matter if the tracker sends us a SSL key for us if a man in the middle attack can be used. The only way to be sure the key isn't altered is to get that key directly from the source. How you do that is up to you.

There isn't much that is open about "OpenDNS". OpenDNS is a bad solution for a non-issue problem. Please stop advertising for them.

What we should be fighting for is for isp's to be common carriers. Then there really isn't a market for this type of monitoring hardware. Other then for some company firewall.

Re:Completely Biased and Worthless

[Anonymous Coward]

Logic Fail. If everyone becomes a criminal, then it is still true that the only people who are breathing will be criminals.

Re:Encrypted traffic...

[iminplaya]

What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?

The government. You know, those crazy baldheads that keep getting reelected all the time? You gotta vote for the right lizard.

Re:Encryption?

[Dreadneck]

They seriously need to overcome these obstacles before illegal file sharers should worry about it being used to target people.

I strongly disagree. People need to start raising hell about this Big Brother bullshit now. Technology like this operates under the assumption that ALL users are criminals until proven innocent and blatantly violates the 4th amendment(in the U.S. at least).

Furthermore, does anyone here honestly believe that this type of technology will only be used to stop copyright infringement and kiddie porn? This technology smacks of oppression and the quashing of political dissent.

Re:It's called Port Mirroring

[tijsvd]

Two points.

One: the mirror port (aka span port) on your switch does not buffer the traffic, and will drop packets in any spike. That's true even for expensive Cisco switches. To get all traffic, you need a network tap on a line.

Two: getting the traffic isn't hard. It's basic sniffing. Analysing the traffic in realtime is what matters.

Obsolete from the start

[EdIII]

It also means that it's impossible for users to tell if a network is being monitored

"Our system differs in that it is completely passive, meaning that it does not change any information entering or leaving a network,"

This is nothing new and it's just meaningless marketing drivel. It's impossible to tell that *any* network is being monitored. It's not like you could buy an electronic device in a spy shop that can detect network monitoring. Throttling and "traffic management" are different since that is changing the network traffic.

There is only one type of network that can prevent a 3rd party from being able to copy the network traffic. Quantum communications provides that type of infrastructure by making it *impossible* to read the traffic without destroying it.

It's not like network monitoring is really a problem anyways. If you want privacy then just use encryption.

"Our system does not modify traffic in any way, nor does it interfere in the delivery of traffic either in or out of a network,"

Ohhh, you mean it's useless right? Everyone involved knows that a large amount of torrent traffic is infringing on various copyrights. The goal of the ISPs is to protect their profit margins. They sell unlimited but expect limited. They don't care whether traffic is illicit or not, just that it does not interfere with their business models. The MAFIAA is interested in the contents of the traffic and could care less about network congestion and bandwidth issues. Until the ISPs actually start caring about content, the goals of these two groups are not the same.

Enter Net Neutrality. Only when it is in the financial interests of ISPs to care about content will they start to listen to the MAFIAA. Obviously they could not reach an agreement since the MAFIAA is going to the whores in various legislatures to trade our freedoms for the protection of a few group's business models.

Note, that I don't support piracy on principle. However, I will not give up my rights to privacy and anonymity to protect someone else's copyrights either.

Schulze adds that the approach relies on having an up-to-date list of illegal files. "The system has to update a huge list of file hashes frequently," he says. "Somebody has to qualify the hashes as copyright infringements or other criminal content."

That sounds really easy doesn't? Of course there are only a few dozen really popular public trackers out there they can scrape the thousands and thousands of new torrents each day to update their tables. Don't forget about all the private trackers either that add a file or two that changes the hash to be different from the public torrents containing some of the same files.

Yep. This should be really easy. I can't possibly see how this task could not be reasonably accomplished with just a few salaried personnel on daily basis.

From a legal standpoint, Schulze says that privacy may be a more significant problem. "Neither the U.S. nor any European country would allow [anyone] to install a device that inspects the traffic of every user just to stop Internet piracy," he says. "In this approach, every user is considered to be suspicious."

I laughed so hard I almost peed myself at this point. Legal viewpoints change more frequently than the weather. If there is enough pressure from private interests in the U.S and abroad I don't think a little thing like privacy will stop them.

Even if the legal framework were to allow the technology, it is not quite ready to go. Tests of the system, details of which will be published later this year in a book called Advances in Digital Forensics V, showed that it was effective at detecting 99 percent of illicit files, but only at speeds of 100 megabits per second.

I just knew there was a p

Re:Encrypted traffic...

[Anonymous Coward]

The word "unlawfully" means that it all depends on who is holding the money.

Re:Yawn

[DMoylan]

>cannot legally be used in the U.S. or Europe

when has that ever stopped anybody?

Re:Not yet

[Moryath]

Yes but by splitting to two pages he made sure he "served" the ads twice, so gets paid for twice as many "pageviews..."

Re:Carrier Status?

[tonyray]

The reason ISP's are not common carriers dates back to dial-up modem Internet. The Telco's wanted to charge ISP's by the minute just like they do long-distance carriers for access to their network. The FCC got involved in this and used AOL as a model. AOL had these huge caching servers so AOL customer's web page requests rarely went out onto the Internet; instead they were served from the caches. So the FCC ruled that ISP's were delivering content and were not themselves carriers.

The Telcos are now (with broadband) satisfied with the content provider status as it saves them a lot of headaches, fees and taxes on their own Internet services. Broadband is far closer to a carrier service than a content service, but I don't see thing changing.

Re:Encryption?

[Gerzel]

The reason we go after copyright infringement, kiddie porn(well porn in general as it is always lumped in if at all possible to kiddie porn), and things like majauana is to make as much of the general populace guilty of something that is both against the law and seen as deeply wrong with the person.

Once this is achieved the person can easily be moved to a status of lesser or non-personhood.

Example is a "Sex Offender" law. Such laws are created inevitably to protect children. However, sex offender includes any offense that is deemed sexual in nature. Public nudity, an argument with a spouse that turns violent which may indeed be an isolated incident and as much at fault with the spouse(I'm not talking about someone who regularly beats their spouse), or just pissing on the sidewalk because there is no where else to go for miles. Everyone is lumped in and assumed to behave like the worst offenders in the group, the serial rapists and violent pedophiles.

Re:Encryption?

[Ironica]

I think more accurately, do license plates and the ability for police to look them up assume all drivers are breaking the law?

Re:Encrypted traffic...

[headbulb]

It's funny you just proved my point.

The internet is in an insecure network. How does anyone know if they have a secure connection? Sure they can know this once a private/public key pair has been exchanged. But how do we know that the public key given to us is good if there is man in the middle to intercept the keys between the "trusted groups"

I should have been more descriptive. Without physically exchanging the keys with the other parties there isn't a way for an automated system to know; Without testing, but then the middle man can make it so those tests pass. (A smart human could check)

You're assumption of there being a secure path over an unsecure network is what's wrong. If the keys/certificates can be exchanged in a way of knowing that they havn't been (all) intercepted and then altered Then the encryption would work.

But since there is so much information traversing the network all that I just talked about is theoretical and isn't very probable. Encryption is hairy stuff, since you have to cover all points of possible exploitation.

Do you see what I see? Back to my original point we need our isp's to take on true common carrier status.

Re:Encryption?

[Dreadneck]

You're conflating a privilege - driving an automobile on public roads - with a constitutionally protected right against unwarranted search and seizure of private communications. Even so, if a cop is sitting at a speed trap checking the speed of every vehicle that passes by, then, YES, the assumption is that everyone is breaking the law until proven innocent by the radar gun.

Re:Not yet

[redJag]

Actually, most ad services I've seen don't give you an impression for the same visitor on the same ad on different pages if they are within a certain window of viewing. A lot of ad providers don't even pay for impressions anymore since advertisers are finding less value in internet ad impressions as time goes on. Sometimes you will find a startup ad provider that pays per thousand impressions, but as they go on that value decreases towards zero. Places like Google AdSense only give you the "estimated cash per thousand" which at this point just tells you the same thing as your click thru rating since nearly all revenue is generated on clicks. Click or go home.

Re:ATTN !! Is this a good thing or a bad thing?

[Lucky75]

Can someone please explain to me how they plan to view the files of encrypted traffic without it being illegal?

One would think that if they happen to decrypt anything with copyright protection that it would then violate the DCMA, as per various ridiculous recent rulings of the sort.

...or, you know, just be plain illegal due to attempting to access people's personal files.

Re:Encrypted traffic...

[greenbird]

What gives my ISP the right to start monitoring my packets just because they suspect I'm pirating something?

It's for the children. We must protect the children. Are you one of those evil child porn supporters? If your against this you're a child pornographer.

All you have to do is add this and all politicians will support it and no publication will speak out against it. Haven't you read Mein Kampf?

Re:Completely Biased and Worthless

[Anonymous Coward]

You are a retard.