Tool To Allow ISPs To Scan Every File You Transmit

timdogg writes "Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."

Probably just for P2P

[clang_jangle]

FTFA:

Here's how CopyRouter would work, according to the company's slide show: A law enforcement agency would make available a list of files known to contain child pornography. Such files are commonly discovered in law enforcement raids, in undercover operations and in Internet searches that start with certain keywords (such as "pre-teens hard core"). Police officers have looked at those files, making a judgment that the children are clearly under age and that the files are illegal in their jurisdiction, before adding them to the list. Each digital file has a unique digital signature, called a hash value, that can be recognized no matter what the file is named, and without having to open the file again. The company calls this list of hash values its Global File Registry.
Whenever an Internet user searched the Web, attached a file to an e-mail or examined a menu of files using file-sharing software on a peer-to-peer network, the software would compare the hash values of those files against the file registry. It wouldn't be "reading" the content of the files -- it couldn't tell a love note from a recipe -- but it would determine whether a file is digitally identical to one on the child-porn list. If there were no match, the file would be provided to the user who requested it. But if there were a match, transmission of the file would be blocked. The users would instead receive another image or movie or document, containing only a warning screen.
The makers of CopyRouter claim that it can even be used to defeat encryption and compression of files in the Internet's Wild West: the peer-to-peer file-sharing tools such as Gnutella and BitTorrent.

This will cause huge latency issues and cost beaucoup bandwidth. ISPs would be shooting themselves in the foot if they did this with all traffic. OTOH, I could see laws requiring such tools for P2P traffic -- in fact that may well be inevitable, with the **AA's "ruling class" status these days.

Starts with porn...

[Izabael_DaJinn]

ends with the MPAA and RIAA suing you for your mp3s and .mpgs.

Brilliant Digital Entertainment?

[Anonymous Coward]

Wasn't that the Aussie spyware company attached to Sharman Networks/KaZaA?

Before it got raided, I mean?

I call shenanigans.

Won't work.

[Xtense]

Ok, on really simple protocols, like HTTP or FTP, maybe - but most, if not all, p2p traffic is safe, i think. This is of course because of the chunky nature of transmission - you can't really tell what part of the file went through your pipe just by looking at it, and since parts are sent at random, you cannot rebuild the file with your chunks without guiding information, be it a torrent file, a list of parts for emule, or whatever else there is. And you need the whole file to get your hash-check. That's one. Two: encryption totally kills the effort, as the ISP can in no way examine your file without interfering with your transfer, and SSL exists solely to protect you from this.

Even if my line of thinking is really misguided here, this would require lots and lots of processing power - i mean, on a routing line with a hundred users on one end, it's thousands of hash-checks to be made for every stupid rebuilt file - both processes of course painfully CPU-eating, unless you want false-positives, since you didn't bother to use a proper hashing algorithm.

All in all, this looks to me like a terrible waste of money.

Evil

[Anonymous Coward]

According to the Wikipedia entry on Australian copyright law [wikipedia.org] "[...]Brilliant Digital Entertainment in Australia were raided for copyright violations[...]" in 2004.
It looks like someone switched sides but taking a closer look they only seem to be in charge of the adware that came with Kazzaa, so I guess they were always evil.

Re:useless

[corsec67]

Not only that, but it says that it works against movies.

The ISP downloads the entire 1-5GB file, hashes it, compares the hash, and then if it passes sends the file on to the user?

I think that would break almost every kind of application, and could easily be used to swamp the downstream of the ISP by making requests and then dropping the connection.

And then what about hash collisions, or programs that aren't web browsers?

Re:Probably just for P2P

[Anonymous Coward]

The parent is an example of typical slashdot idiocy. ISPs aren't common carriers. Though my karama will end up a smoking crater for breaking with the established GroupThink, so I'm making this post anonymously.

The immunity ISPs currently enjoy in the US come from various other safe harbor laws (i.e. Â230; DMCA). The constant slashdot drone of "ohhh.. ISPs can't suppress my free speech: common carrier common carrier!" is both entirely incorrect and dangerous, since it causes the geek squad to under-estimate the risks and the importance of things like net neutrality.

Re:One question

[whoever57]

Can it decrypt SSL/SSH in real time?

Exactly. They claim that the can search "every document attached to an e-mail .. -- to see if it matches a list of illegal images. Apparently, they have never heard of SMTP-TLS, POP3S, etc.. Or perhaps they have and they are just like many others -- selling snake oil.

Re:Starts with porn...

[KillerBob]

You probably have, but they're usually encapsulated in a container format like AVI or MKV. :)

Re:Probably just for P2P

[Klaus_1250]

Hash Values are useless anyway; change 1 pixel in an image and voila, new hash. They could use loose hashes as used for Spam-filtering, but the chances for collisions are higher.

The other issue is of course, it won't work on encrypted connections. It might not even work for obfuscated connections. AFAIK, Authorities are seriously shooting themselves in the foot using these techniques. They will only drive CP and others further underground, to a point that finding and prosecuting the bastards becomes too difficult and expensive.

Re:Huh?

[maugle]

Every time this topic comes up, someone posts something about how this could remove the common carrier status of ISPs.

Repeat after me: ISPs do not have common carrier status.

Re:Probably just for P2P

[conlaw]

Please, folks, remember when you go to vote that both Obama and Biden have taught constitutional law so they at least know that programs such as this one violate the First and Fourth amendments. They may end up with an uphill battle trying to protect the Bill of Rights, but I believe that they'll try.

We must not continue to allow our fundamental rights to be taken away under the rhetoric of "protect the children" and "watch out for the terrorists."

Here endeth my rant for the day.

Re:One question

[unlametheweak]

No. RTFA. CopyRouter merely pretends to be a server and tells the client the client to send data unencrypted. Bittorent just needs to upgrade it's encryption mechanisms.

False positives?

[Isao]

And good luck trying to teach a jury about hash collisions [wikipedia.org].

Re:One answer

[Anonymous Coward]

not quite. they use packet forgery to turn off the encryption request, so it looks like the requester asked that the file be transmitted in plaintext. (and then they cross their fingers and hope noone notices).

this differs from a standard MITM attack: there, the attacker wants the encryption to proceed (in such a way that the attacker gets a copy of the key as well).

Re:Starts with porn...

[Anonymous Coward]

ISO is "international standards organization" you dumbass.
ISO 9660 is a file system.

you know what he meant and i know what you meant. no need to be anal about it.

Re:Probably just for P2P

[Anonymous Coward]

The Teleco side is a common carrier, the ISP end is not.

Re:Probably just for P2P

[TapeCutter]

"My ISP is AT&T. They're not a common carrier?

The AC is correct in what he is saying about common carriers. Check out the registered company name of your ISP and I will wager that it is not AT&T but rather a subsiduary of AT&T (ie: a seperate company in the eyes of the law).

This is how the telco's in Australia with common carrier status get around the rule against sniffing the line, eg: Australia's "Telstra" is not an ISP but "Telstra Big Pond" is an ISP. Since common carrier rules are international I dare say AT&T do exactly the same thing.

Re:Brilliant Digital Entertainment?

[petieAU]

Yep they sure were, and Michael Speck, now head media whore for Brilliant Digital Entertainment, was the head of MIPI, the attack dog of ARIA (Aust RIAA) that took KaZaA to court http://www.crn.com.au/News/14179,kazaa-applies-for-anton-piller-order-to-be-set-aside.aspx [crn.com.au]. It looks like everyone has their price.

Re:Probably just for P2P

[GaryPatterson]

Your ISP will have people who are of various political persuasions working there. Someone will one day think "This customer is a candidate for the election. What are they looking at?"

Before you know it there are leaks and regardless of the outcome for the leaker, the candidate will be hurt and probably lose the election.

It's the same as having every single phone call bugged and recorded. Someone will use it against someone else, or at the absolute minimum, data will end up sold to marketing companies.

Re:Semi-OT: International law.

[TapeCutter]

Heh, you're right "common carrier" does not seem to be explicitly defined by treaty (ie: it's more of a tradition than a rule) - found this on the WIPO site...

"63 The concept of a "common carrier," dating from 16th century English common law, captures private entities that perform public functions. Since at least the middle ages, most significant carriers of communications and commerce have been regulated as common carriers. Common carrier rules have resolved the disputed issues of duty to serve, nondiscrimination, and interconnection. Facilities such as railroads, telegraphs and telephone companies were obliged either by common law or by legislation to implement an equal "duty to serve" regime. The history of common carrier duties illuminates three reasons supporting the imposition (and the occasional elimination) of those requirements. Common carrier duties have been imposed variously upon theories of de facto and de jure monopoly, on the theory that the enterprise had become "essential," and upon theories that the enterprise was publicly concerned in a particular manner (See James B. Speta, A Common Carrier Approach to Internet Interconnection, 54 Fed. Comm. L.J. 225 (2002) (surveying the history of common carriers and arguing that the same reason justify a general interconnection obligation for Internet carriers)."