Tool To Allow ISPs To Scan Every File You Transmit

timdogg writes "Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."

Re:Huh?

[fred fleenblat]

TFA says they're going to use hash values. This will take a stateful packet inspection filter to catch, but the amount of state is only enough do the hash, and they can throw it away if it doesn't match anything on the blacklist.

While hashing seems easy enough to get around, I think the real thing they're looking for is a repeated pattern of someone sending blacklisted images. If you send/receive thousands of images, there's a good chance that you'll screw up and maybe a dozen of them won't get resampled (or use some other trick) to change the hash value. you'll pop up on a screen someplace, they'll get a search warrant, and you are busted.

Re:Won't work.

[Anonymous Coward]

They claim they can scan Gnutella and BitTorrent.

Gnutella I don't know, but BitTorrent, almost certainly.

The common forms of BitTorrent encryption uses a "shared secret". The shared secret for BitTorrent is a 20-byte key known as the "infohash". This infohash is ALSO used as the unique hash to uniquely identify a given set of files. So its ALWAYS given to the tracker, and if the tracker isn't using SSL, that means its in the clear.

Making the encryption in BitTorrent almost laughably insecure. It's good enough to block non-stateful packet filters. It's not good enough to prevent people from listening in.

As for getting a file hash with BitTorrent, that's even easier.

It does it for them.

The ".torrent" file contains a list of hashes. They don't even need to look at the file contents.

I dunno about other P2P systems, but BitTorrent is definitely not safe from this.

Re:Starts with porn...

[travbrad]

Or if you've watched a DVD. .VOB files are basically just MPEG2 with some extra data for menus, chapters, etc

Re:Won't work.

[caffeinemessiah]

i mean, on a routing line with a hundred users on one end, it's thousands of hash-checks to be made for every stupid rebuilt file

Actually, it gets worse than that. Say that I have an "illegal" image that I want to transmit to you. All I would have to do is embed it in a random frame of some 700 MB DivX movie. Then, not only do files have to be checked, but every frame of every video too.

And the age-old question of "is this MP3 file legal"? That is an example of an uncomputable question.

More likely, this is intended for idiots who don't use encrypted connections. But people who don't have the brains to use encryption are probably going to be apprehended by law enforcement anyway before they can do too much law-breaking. So in other words, invest in massive infrastructure for pretty much nothing.

Re:Probably just for P2P

[Hyppy]

Even better... What happens if you send traffic to a user with one of the "bad files" in it? They don't need to have a connection open in order for you to send a jpeg to them. Even if the user's computer simply drops the unknown data, the ISP will pick it up in their scan. If all the software does is scan the hash values of images transferred over common protocols, I seriously doubt that it goes and checks to see if the user actually REQUESTED it before crying foul.

One step further: make a file that has the same hash value of a "bad" file. This is trivial, especially if the file doesn't need to be valid for any application. If all that is checked is a hash of the traffic, then the actual contents of the file are meaningless.

So, this software will allow law enforcement to ruin your life (any implication crime involving sex and/or kids will do that, guilty or not), by simply seeing an unknown party send you a block of unintelligible data that happens to have the same hash as "pr0n." Great.

Anyone up for making an automated hash-spoofing packet forger? I'm sure something similar has already been done. With the speed of current connections, one could probably get the entire human race indicted for child pornography in under a week.

Re:Huh?

[thogard]

Did anyone do that "out of order packet" hack for the linux kernel yet? The idea is you send 99% of the packets in the correct order but 1% of the time you swap the order around. It does nasty things for programs like this. Also someone needs to look at claims of this software compared to what it does and let them know where they are in breach of local truth in advertising laws.

Hash Collisions

[Anonymous Coward]

There are fundamental problems with this.

First the police database would grow.

All people wanting to bypass this would have to do is append a few characters to a file, or compress it. They could easily make a single file into a million files with there techniques alone. They can modify the files them selves by slightly changing color values. That creates a million more files. Now comes the nasty part.

They've flooded the police database, now the original file is a billion files, a billion hashes. What is the probability of many accidental hash collisions with innocent files. Soon you will have problems sending all kinds of stuff.

Not to mention the exponential growth of hardware requirements on everyones part.

Re:Probably just for P2P

[Achromatic1978]

Could be worse, could be Girls Gone Wild a bunch of semi-consenting drunken teenagers showing their breasts. "Here's my boobs!" Daddy is proud, I am sure.

Re:Probably just for P2P

[meringuoid]

One step further: make a file that has the same hash value of a "bad" file. This is trivial

I'm not sure whether there's any major prestigious prize given out in the field of crypto, but if there is, you just won it. Please publish!

Re:Probably just for P2P

[Baton Rogue]

After I RTFA, I got my answer.

Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file.

So basically what they do, is if your bittorrent client requests the files in encrypted format, they intercept that and instead request them unencrypted. They aren't decrypting the file, they are just asking for an unencrypted transmission of the file. If the file is in an encrypted zip file, then there is no way that they could see the actual files being transmitted.

Re:Brilliant Digital Entertainment?

[therufus]

I was about to bring up that point. KaZaA was linked to BDE (maybe a parent company or something). I'm not too sure of the exact relationship, but there definitely was one there.

Now correct me if I'm wrong, but wasn't one of the defenses in the KaZaA court case the fact that they couldn't tell what files users were sharing, therefore they claim they weren't responsible for the distribution of copyrighted material? If this was the case, BDE's new "we can tell what you're sending/receiving" crap could land an A-Bomb worth of trouble in someone's lap.

What about hash collisions?

[LionMage]

Seems to me that if a user attempts to download a file that happens to have the same hash as a "known bad" file, they could be in for a world of hurt unless the system does verification of some kind. And if the verification step is conducted manually rather than automatically -- in the interest of expediency, of course -- what do you bet the odds are that some law enforcement types aren't going to be bothered with niceties like actually checking that some file is indeed prohibited material?

Try mounting your own defense when you are systematically blocked from obtaining a copy of the file that you attempted to download in the first place. (Yes, surely our hypothetical user's attorney could find this file, even if they needed to use an ISP outside the country to do it. This assumes that Joe User has an attorney and can afford to mount a defense.)

A malicious actor could craft a file that will generate a hash collision with some known prohibited file, and if the sender/creator is suitably crafty and hides his tracks, such techniques could be easily used to grief our hypothetical user with virtually no chance of reprisal against the originator of the bogus file.

Re:Huh?

[fred fleenblat]

your points are interesting but not convincing.

first, out-of-order on 1% of the packets means that a lot of files that require less than 100 packets will still get through in order. and upping the percentage is a fool's game: (a) there's no reason a small image won't fit in one or two 1500 byte packets and (b) if enough people do this (or any other TCP-level hack) they can just add some smarts to the content filter, or choose a hash that doesn't depend (as much) on order.

your second point about truth in advertising laws seems like a blind alley. you'd have to actually be a customer who bought the software, used it, and had major problems with it, in order to have standing to file suit. and it's going to be difficult to get a prosecutor to go after a company that's trying to stop the spread of c.p. so you'd have to pay the legal bills yourself. finally, once you get in front of the judge, what are you gonna do, complain that you were *able* to send c.p., admitting in open court that you've done something illegal?

Re:Probably just for P2P

[rohan972]

Perhaps a "young hacker" will find the info and expose it. It's a bit suspicious, for example, that the Palin email "hacker" was the son of one of her political opponents. Let's see what his career and net worth is in 10 years. Whether or not he was doing it on others behalf, I'm sure there would be people available to be the designated hacker for much less money than a lawsuit payout would cost.

Re:Probably just for P2P

[Almahtar]

That's assuming child pornographers are actually their target. If their real target is casual music pirates, this is really effective. Especially if they claim to target someone else.

Re:Probably just for P2P

[Fluffeh]

This is why you firstly don't let them know who you are and secondly make sure that even if they do find out it was hacked proper - byt the time their PR and fixing machine gets switched on, enough people will have been pissed off so that any attempt just makes them look more inept.

Re:Probably just for P2P

[discogravy]

Laugh it up, but the reason Obama got a seat in the senate in 2004 so easily is because his predecessor was forced to step down after his tearful ex told a divorce court that he made her go to a swinger's club with him. On such things the fate of nations hang, sometimes. http://en.wikipedia.org/wiki/Jack_Ryan_(2004_U.S._Senate_candidate) [wikipedia.org]

Electronic versus snail

[advocate_one]

OK, why are they being allowed to treat electronic content differently from sealed letters and packages? Do they steam open your letters and parcels to see if anything contentious is being sent? No, and I'll bet that's because it is unconstitutional... so why are they treating electronic delivery differently? There should be massive protests against this... no way should they be able to use the protecting you from child-porn line either... With snail mail, they have to get a warrant to intercept and open your mail and packages... the same should apply for electronic content...

Re:Probably just for P2P

[paganizer]

From what I understand from dabbling in ISP-ism back in the mid-90's, the only common carrier protection a ISP enjoys is for a USENET server; a court ruling established that USENET had common carrier protection, therefore a ISP could not be prosecuted for what was on a NNTP server, unless they attempted to censor it; if they attempted to censor it, that would imply that anything illegal that got transmitted was purposefully allowed to remain on the server. The only protection is to just ignore it unless it is brought to your attention.
What a GREAT time for Freenet 0.5 (which WORKS) to be on its last legs, fighting for it's life against Freenet 0.7 (which doesn't actually WORK).
At least Tor and I2P are still going strong.

Re:One question

[jimicus]

Can it decrypt SSL/SSH in real time?

Exactly. They claim that the can search "every document attached to an e-mail .. -- to see if it matches a list of illegal images. Apparently, they have never heard of SMTP-TLS, POP3S, etc.. Or perhaps they have and they are just like many others -- selling snake oil.

SMTP-TLS and POP3S are pretty bad examples, because they secure the connection but you're still likely to be talking to a mail server that you don't control, and therefore can't guarantee isn't connected to such a thing.

That being said, this is yet another case of "Product which doesn't need to exist and offers little to no real benefit being sold to idiots with some superficially-plausible benefit." Spend any length of time working as a systems manager and you'll see dozens of these.

Right now my favourites are products which make it possible to manage a whole network full of computers at any level from "Make this change to every PC in the business" through "Make this change to this subset of PCs" down to "Just this specific PC". 90% of them require an Active Directory domain.