Forensic Investigator Outlines BitTorrent Detection Technology 193
NewYorkCountryLawyer writes "In one of the many BitTorrent download cases brought by pornographic film makers, the plaintiff — faced with a motion to quash brought by a "John Doe" defendant — has filed its opposition papers. Interestingly, these included a declaration by its 'forensic investigator' (PDF), employed by a German company, IPP, Limited, in which he makes claims about what his technology detects, and about how BitTorrent works, and attaches, as an exhibit, a 'functional description' of his IPTracker software (PDF)."
GUID (Score:3, Interesting)
It is not possible that an allocated GUID is allocated to another user again.
I would look into this. As it is written it sounds, at least, misleading. Even if it is true this GUID thing for all P2P protocols (which I sincerely doubt), I would say that it should be spoofable directly or indirectly (compromising the machine if public key cryptography is used).
Read their software specs (Score:5, Interesting)
I've read their software specs. Seems they have some typo,
The data can only be decoded and used by the responsible lawyer, only his software contains the deciphering method and this one one in this case also secret (called "public") key.
Seems at least that one typo. At least I *hope* that's a typo.
... it is not possible that an allocated GUID is allocated to another user again.
Same could be said about MACs, and cell phone ID numbers. No one ever clones those!!!
So it seems, by their reasoning, if you go on a P2P network and clone someone else's GUID, well, then I guess the other party must be guilty, no?
Seems that even if you use Bittorrent or similar to only download Linux distros or even WoW patches, someone can just clone that and use it and then they will just send the innocent the bill?
Does The IPP Company Exist? (Score:5, Interesting)
Does this so-called "IPP" company in fact exist at all? I've had a cursory glance on Google, but didn't find much of interest.
German companies are not called Limited or Ltd. if they are indeed "governed by German law", as claimed in the court declaration. Under German law it should be called "IPP GmbH". I would normally assume a "Ltd." company was based in the UK, on one of their islands or somewhere far away from Europe in general.
IPP seems to be a fairly common name in the German business register (Unternehmensregister), but none of them seem to be the company in question? Does anyone out there have further information?
Plausible Deniability... (Score:5, Interesting)
So in all of these cases, as a technical person, I can't help but wonder how they're connecting an IP address to positive evidence of a specific person's deliberate action. There are countless plausible scenarios where a person can own a number (IP address) involved in a crime and yet not themselves be aware of or involved in said crime. Some examples are:
In all of these scenarios, the crime could have been committed without any knowledge of the defendant. In some of these scenarios, the defendant has little-to-no chance to detect or thwart the crime. How does any lawyer convince any judge or jury that the person on trial committed a crime in light of this?
From a defensive point of view, what is the minimum number of compromises that one should run in their own network to provide themselves with sufficient plausible deniability from this type of thing?
Furthermore, from an activist's point of view, imagine someone built a malware variant that monitored browser usage (Google, Facebook, etc.) for movie names and automatically downloads movie titles that were mentioned to a secret directory? I've now got a piece of malware that automatically, without any user knowledge or intervention, downloads illegal files that that user is interested in. What if the malware downloads new movie releases instead by monitoring public release knowledge bases [wikipedia.org] for titles? Is being infected by such a malware enough for innocence? If enough people are thusly infected would the entire concept of using IP subpoenas for prosecution fall apart?
Just food for thought. I'd really like to know how someone can be held criminally-liable unless the prosecution caught them using the illegal file or captured an attributable confession.
Re:I2P/Freenet (Score:5, Interesting)
Which is why some p2p software, such as WASTE, has modes where it will always load links wether or not there is real traffic.
If the arms race goes on, we'll end up with a constantly saturated internet with only random connections sending apparent random data, leaving any actual signal indistinguishable and drowned out by the massive amounts of random noise.
Re:Plausible Deniability... (Score:2, Interesting)
Heh, I wrote your hypothetical "malware" for myself as a useful piece of software. Checks the Rotten Tomatoes new on DVD RSS feed, discards anything with a rotten score, uses Torrentz search API to search for a variety of strings, prioritizes blu-ray rip over DVD rip, more seeds over less seeds, user "verified" torrents over non-verified torrents, tries to weed out common strings that denote non-English languages "ITA", uses release year to resolve ambiguities, and then feeds the magnet link into uTorrent via Web UI.
I get a bunch of great new movies every week, including stuff I haven't even heard of. Accuracy rate is >=90% and when it does backfire, it generally just downloads another movie.
And then another script I wrote is triggered when the torrent is done downloading, unzips if necessary, and moves the movie files to the appropriate directory.
Re:I2P/Freenet (Score:5, Interesting)
No, it really, really isn't. You apparently don't know the first thing about freenet, yet feel that you somehow know enough to spout off about it. If I insert a file into freenet, it is split into many parts and distributed randomly to other freenet nodes. When someone requests that content, there is a reasonable chance that they won't get even one chunk of data from my computer. Monitoring all of the traffic between nodes buys you almost exactly nothing.