Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
Privacy The Internet Your Rights Online

Will ISPs Be Driven To Spy On Their Customers? 133

Posted by timothy
from the won't-be-a-long-drive dept.
bs0d3 writes "In regards to the new 'voluntary' graduated response deal (where no one really knows how ISPs will track and accuse customers of copyright infringement), according to CNN, it may be the ISP directly spying on their customers. 'But now that they're free from individual blame, there's also the strong possibility that the ISPs will be doing the data monitoring directly. That's a much bigger deal. So instead of reaching out to the Internet to track down illegally flowing bits of their movies, the studios will sit back while ISP's "sniff" the packets of data coming to and from their customers' computers.' This could be a problem for people who use U.S.-based internet services. If the U.S. wants to be an internet savvy country, they still need the competition in the marketplace that's always been missing, and a digital bill of rights that isn't a sneaky anti-piracy measure."
This discussion has been archived. No new comments can be posted.

Will ISPs Be Driven To Spy On Their Customers?

Comments Filter:
  • short answer (Score:5, Informative)

    by roman_mir (125474) on Sunday July 08, 2012 @03:23PM (#40584859) Homepage Journal

    yes

  • by Anonymous Coward

    Computers are fast enough... there's barely any CPU overhead anymore.

    • by kesuki (321456)

      there are a few problems with saying isps have to monitor everything non politicians transmit. because of course the law won't apply to them or their corporate buddies. first off is encryption. encryption is only vulnerable on the host when it is about to encrypt data, except in the bizzare case where two computers use the same encryption keys, and access to both streams encrypting the same data, and then it is like a lucky shot to correlate the data and bring it to the attention of users looking for that

  • "a digital bill of rights that isn't a sneaky anti-piracy measure."

    Dream on.
    I regularly dream of leaving this industry because of nonsense like this.

    • by DarkOx (621550)

      Don't I know the feeling. I am saving up, hopefully a few years from now I can move to Maine and run a Christmas tree farm. I am getting tired of even thinking about this nonsense.

  • by SuricouRaven (1897204) on Sunday July 08, 2012 @03:28PM (#40584913)
    Freenet will get more users!
  • by stanlyb (1839382) on Sunday July 08, 2012 @03:29PM (#40584923)
    Really? Anyone? Really believes that the ISP are protecting you? Your privacy? With claws and fangs?
    • by ATMAvatar (648864) on Sunday July 08, 2012 @03:52PM (#40585105) Journal

      I don't think anyone believed that many (if any) ISPs were fighting the good fight, as it were. The assumption was more that ISPs are typical businesses, which do not incur costs unless required to do so. Setting up infrastructure and staff to monitor subscriber traffic costs money and effort. Without some well-defined, monetary gain in doing so, ISPs simply won't bother.

      So to answer your title - no, most ISPs probably haven't monitored traffic already, because it was a waste of time and resources to do so.

      • Exactly, the only monitoring ISPs will do is due to either government mandated crap, or government-sponsored lawsuits (RIAA/MPAA) due to their horribly outdated intellectual "property" laws.
      • Actually, at the last local industry expo I went to, the Sonicwall rep told me about their really new, really expensive, ISP grade router that came complete with deep packet inspection, white and black lists, and real-time data stream analysis. So I could push it to my clients to "stop those pirates downloading warez and movies".
        Companies don't spend any more than they have to, true. But smart companies plan for shifts in the market, and having to spy on their users definitely is a market shift. Buy the equ

      • by stanlyb (1839382)
        Except if they want to force you to not use your bandwidth, or your cap limit, or this or that site that are producing a lot of traffic, or with other words, the ISP business is the only one that does not give 100% of your speed, and does encourages you to NOT use your cap limit. In fact, it is even worst, when they promote for example 3MBs, with 30GB limit, what they mean is that the regular Joe would use only 1/10th of this speed and only 1/10th of this limit. As a result, if their cable has the maximum c
    • by cultiv8 (1660093)

      With claws and fangs?

      Get the holy hand grenade!

    • by Kjella (173770) on Sunday July 08, 2012 @04:11PM (#40585237) Homepage

      Really? Anyone? Really believes that the ISP are protecting you? Your privacy? With claws and fangs?

      No, I think they're covering their own asses by making sure they know absolutely nothing about anything I do or don't do. If they start flagging copyright infringements for one company I'm sure they'll get sued by a bunch of other companies for secondary infringement or criminal negligence or being co-conspirators as they let all the other infringements pass. And not just copyright infringement but everything else too, the user is sending SPAM and they let it pass? Sue the ISP. Internet fraud? Sue the ISP. Hacking? Sue the ISP. If anyone can show the ISP "knew" the customer was doing something illegal but continued the subscription to turn a profit, they could get in all sorts of legal shit. Either you're reading the bits or you're not, you can't both do that and claim ignorance at the same time.

    • by nurb432 (527695)

      Only if it means they will lose all their customers by not acting would they do something to protect us.

    • by pantaril (1624521)

      Really? Anyone? Really believes that the ISP are protecting you? Your privacy? With claws and fangs?

      Well can't speak for all ISP's but i for one work for small local ISP (cca 50k customers) and we try to protect our customers as much as possible. Often police try to get some info about our users without proper court order and we reject them regulary. Also, i made a decision when i started to work there that i would not support any censorship attempts if they are not required by law and would quit the job if the management ever tried to introduce such practises

      Also at least in europe and australia, there a

  • On port 82, too! Hopefully you'll get some comments over there...

  • by Anonymous Coward

    more like anti-privacy

  • by Anonymous Coward

    This is the most blatantly sensationalist piece of shit article I've seen in recent memory. The time article they source pretty much explains it all:

    An Internet user downloading media illegally gets flagged by the copyright holder

    Implying that nothing is changing, the media companies will continue outsourcing the scraping of public bittorrent swarms and notify ISP's that one of their IP's was sharing x content at y time and ISP's will send a letter based on who was addressed that IP at the time informing you why it's wrong.
    The only thing that might change is that they'll probably give y

  • Why? (Score:3, Informative)

    by Mathias616 (2612957) on Sunday July 08, 2012 @04:02PM (#40585173)
    I can understand why the RIAA and MPAA would be interested in this happening, by why would an ISP want to do this? The act of monitoring the activity of their customers requires a lot of dedication to packet capturing and inspection which would cost a lot of money. From a business standpoint, embarking on this conquest to monitor every single customer is a bad idea because no revenue will be generated by doing this. The only reason I can think of for ISP's to do this is that they are being paid to do so by the RIAA and MPAA, that is the only way they would spend money on this program when it does not generate more revenue from their customers. So what is happening here is two big industries are paying members of another industry to violate the privacy of their customers for financial gain. I wonder where we will see this next if this succeeds. Perhaps the porn industry will pay ISP's to track their customers porn habits so that they can effectively market to those individuals. There is a wide variety of possibilities so long as they isn't illegal. You could argue that pirating is illegal and that is why this differs from other situations, but who the hell made the RIAA and MPAA into legal institutions? They aren't getting court orders to have ISP's snoop on customers, there is no court system here.
    • by nurb432 (527695) on Sunday July 08, 2012 @05:16PM (#40585753) Homepage Journal

      That just gets passed along to the consumer.

      • I would love to see simple fluorescent fliers start to show up in everyone's cable bills:

        Your bill has increased by $xx due to purchasing infrastructure required for the government monitoring of all your online activities and communications. Have a nice day.
    • by Eil (82413)

      I can understand why the RIAA and MPAA would be interested in this happening, by why would an ISP want to do this? The act of monitoring the activity of their customers requires a lot of dedication to packet capturing and inspection which would cost a lot of money.

      Not really. I work for a company that sells solutions to ISPs (and others) for detailed analysis of the traffic on their network, right down to the application level. Unless you're subscribed to some local mom-and-pop DSL provider, your ISP alrea

  • by gavron (1300111) on Sunday July 08, 2012 @04:02PM (#40585177)

    Fact:
    First, there is no law requiring any action on the part of any ISP.
    Disclosure: I participate in running an ISP, but not one of the ones involved in this.

    Fact:
    Some large national carriers have agreed to do some things. "Agreed" and "partnership" have no legal meaning. "An agreement is yet to be signed." is in the OP's link and that gives us an idea that in the future there MAY be an agreement. For now, should it happen, it's voluntary.

    Fact:
    No law of any jurisdiction in the United States currently requires any ISP to provide any content monitoring. The only requirements close to that are to allow Law Enforcement access should they have the right to it -- CALEA [askcalea.net].

    Opinion:
    It would be counter to the AOL decision [aol.com] (Zeran v AOL) that an ISP is responsible for either monitoring content, taking action based on content, or being liable for content or failing to take action based on content. That's a fourth-circuit decision that makes it likely that any ISP that doesn't want to join the "partnership" with the MPAA/RIAA can easily not opt-in to their program. Note that I didn't say "opt-out" because that would beg the question of whether there's a requirement to join.

    Looking forward, I can guess that our "friends" in the MPAA/RIAA will continue their program to CHANGE THE LAW through spending lots of money, lobbying, using the influence of former senator Dodd, etc. If they can get the law to require ISPs to do so, and thereby trump the 4th circuit's AOL decision, then there will be a concern.

    However, as Sonic.net's CEO Dane Jasper said [tinyurl.com] ISPs should keep as little logs as possible, preferably under two weeks. That would make it difficult unless they are doing real-time DPI, analysis, investigation, and sending out C&D letters for any of this to have meaning.

    While the resources necessary for ISPs to provide access under CALEA are minimal ("Here's your Ethernet port, have a nice day, Feds") the requirement to do DPI for hundreds of gigabits-per-second of data is beyond onerous -- if even achievable. Consider -- it's not just that an ISP has to monitor their "upstream" pipes, but also customer-to-customer. The amount of bandwidth inside each ISP's core is immense.

    Sorry to be long-winded, but having read the other responses, I see a lot of D&G and nay-saying. I agree that the landscape is pretty harsh, and the earth is getting scorched. I see hope because I see that we have defeated SOPA, PIPA, ACTA, (and yes I know the TPP is still alive) and we can likely continue to teach our congressional non-representatives that when the majority of the country doesn't want something ... it's likely not something they should support in our name.

    Ehud

    • Re: (Score:3, Insightful)

      by jftitan (736933)

      If I had any point, I would have given them all to you in some form or fashion. Thanks for your input, and you clearly have insight as to what this 'agreement' really means.

      I have heard random opinions about this situation, and most of them resemble your opinion as well. ISP will not be directly monitoring User's traffic, do so, violates a few other laws in palce. the AOL case, is a prime example WHY we will not have ISPs jumping onto the bandwagon to help MPAA/RIAA prosecute customers. From

    • "No law of any jurisdiction in the United States currently requires any ISP to provide any content monitoring. The only requirements close to that are to allow Law Enforcement access should they have the right to it -- CALEA."

      Fact: CALEA applies only to telephony; to date, it does not apply to the internet at all.

      Congress has introduced some bills that would make CALEA -- or something very like it -- apply to the Internet. So far without success.

      • by gavron (1300111) on Sunday July 08, 2012 @05:40PM (#40585921)

        CALEA applies to Internet communication.

        Pen/Trace - asking for email headers and IP headers but not content.
        Full detail - asking for actual dump of bidirectional communication from a specific IP address or address-range.

        See ISPs can be requested to forward all traffic... [harvard.edu]
        or a company that helps ISPs comply... [netequalizer.com]
        or this has been a law since 2007... [dslreports.com]

        To find these things check out this link [tinyurl.com].

        Fact: I appreciate your copying my style. However, when doing so, please ensure that after the word "Fact:" comes a fact.

        Ehud

        • I appreciate that you appreciate my sarcasm.

          However, my comment assumed the CONTEXT that you used in your own comment; your reply abandoned that context.

          Fact:
          No law of any jurisdiction in the United States currently requires any ISP to provide any content monitoring. The only requirements close to that are to allow Law Enforcement access should they have the right to it -- CALEA [askcalea.net].

          According to the EFF (which has actually been involved in litigation of this matter, and is a source I trust far more than your liberal University professors or journalists), CALEA does NOT require monitoring of content, which was the matter under discussion. CALEA only requires recording of header data: times of activity, etc.

          But the context here was

    • by pgn674 (995941)

      "An agreement is yet to be signed." is in the OP's link and that gives us an idea that in the future there MAY be an agreement.

      That article is from June 23, 2011. A final agreement called the Momorandum of Understanding [copyrightinformation.org] (PDF) was written on July 6, 2011. It's an agreement between MPAA, RIAA, AT&T, Verizon, Comcast, Cablevision, and Time Warner Cable. I don't know if it was actually signed on the lines, and I haven't heard of anyone leaving or entering the agreement.

      • by gavron (1300111)

        MoUs are nonbinding and have no force of law.

        Nobody can "leave" or "enter" an agreement. They are either "bound by it" by executing it, or they are not.
        Something that hasn't been signed by the parties can hardly be called a "final agremenet".

        Cheers,

        Ehud

    • by Kr1ll1n (579971)

      I also work for an ISP, which has roughly 2m subscribers, and can validate what the OP has stated to be true, with one caveat;

      It is not unreasonable for an ISP to dedicate SAN infrastructure for the purpose of storing IP's, outbound connections, and source ports (where Carrier Grade NAT is in place) due to the humungous revenue stream it generates. Basically, ISP's are allowed to charge the *AA cartels for logs when they request them. The last number I had heard where I work was roughly 30k a month revenue

  • The UK is leading the charge once again in destroying freedom and democracy http://www.channel4.com/news/black-boxes-to-monitor-all-internet-and-phone-data [channel4.com] , with their plan to install "black boxes" in all internet providers.. it's for your protection you see, so many nasty terrorists out there http://www.dailymail.co.uk/news/article-2134333/Why-allowed-spy-Facebook-Twitter-Whitehall-intelligence-chief.html [dailymail.co.uk] If you don't allow your internet connection to be spied up, you'll be killed....do you want that? htt [dailymail.co.uk]

  • What is this future tense bullshit? They already do. If they didn't spy on you, how would they know what you were browsing/downloading to issue the 'strikes' now available to them?

    • They depend on external monitoring companies, which in turn are hired by the copyright holders.

      1. Copyright holder hires investigator company.
      2. Investigator company finds some infringers (Easily done)
      3. Investigator company contacts infringer's ISP on copyright holder's behalf.
      4. ISP looks through their logs to see who had the specified IP at the specified time.
      5. Strike.
      • Which amounts to allowing a third party to interfere in my private contract, without my consent... which is very much against the most basic contract law.
  • Wheres the beef? (Score:3, Interesting)

    by WaffleMonster (969671) on Sunday July 08, 2012 @04:29PM (#40585399)

    The CNN link is an opinion piece where the author dreams up a scenario of ISP content inspection not supported by any external evidence.

    I can sit on my lazy ass all day and dream shit up too. This does not mean I should be expected to be taken seriously.

    Where is the actual evidence this is being implemented or even seriously contemplated by any stakeholder?

    In the interim I'm just going to sit back and wait for the lawsuits to start flying against ISPs for cutting off their paying customers without due process.

  • by no-body (127863) on Sunday July 08, 2012 @04:36PM (#40585455)
    The other is the back-doors on every incoming hub http://www.cablemap.info/ [cablemap.info]
  • Has everybody somehow forgotten the ruling of several years ago? Comcast was forced by the government to stop its deep packet inspection that it used for throttling traffic.

    If it goes that route again, it's just going to get slapped down again.
    • by nurb432 (527695)

      Its a different situation, one the feds approve of, due to the mass payoffs ( err, donations ) of the *AAs.

      • "Its a different situation, one the feds approve of, due to the mass payoffs ( err, donations ) of the *AAs."

        Yes, it's a different situation, but that does not change the law. Deep packet inspection is illegal. It doesn't matter WHY you are doing it, unless it's called for by a judicial warrant.

        • by 1s44c (552956)

          Yes, it's a different situation, but that does not change the law. Deep packet inspection is illegal. It doesn't matter WHY you are doing it, unless it's called for by a judicial warrant.

          You misunderstand. It's illegal if You or I do it, it's not illegal if any part of the government does it.

    • Funny how often I have gotten modded "over-rated" or sometimes "troll", and then received a reply to by a certain Anonymous Coward.

      Hint, guy: You aren't as anonymous as you seem to think.
  • To those who think that it's not all that bad and it's just voluntary, etc. etc.: this is a sliding scale. This is how it starts. Just sending a few notices to naughty customers. It will end in full-blown surveillance: deep packet inspection and anything that smells like encryption to other-than-whitelisted-approved-sites will be dropped.
    • by 1s44c (552956)

      I knew it was all going to turn to shit the first time I saw an advert on the internet.

      Should the governments of the world start blocking encrypted connections there will be no choice but to replace the internet with something better. A worldwide mesh net might be possible by then.

  • At that point they'd have to start doing inspection to make sure all 80 traffic looks like http. That would even get somewhat more complicated if the SSL port were used. Its game over once people implement local stub DNS resolvers that actually call a web service somewhere over https to do queries.cong ty dich vu bao ve [baoveviettien.vn] hanh tinh cung cap dich vu bao ve [baoveviettien.vn] chuyen nghiep, Cong ty bao ve [planetsecurity.vn] dia diem ngan hang, cong trinh, co quan, van phong, biet thu, nha rieng, van chuyen tien, tai san, tu diem ca nhac, giai
  • by Anonymous Coward

    We need an official Tor discussion forum.

    I didn't see this issue mentioned in Roger's *latest* notes post, so for now, mature adults should visit and post at one or both of these unofficial tor discussion forums, these tinyurl's will take you to:

    ** HackBB:
    http://www.tinyurl.com/hackbbonion [tinyurl.com]

    ** Onion Forum 2.0
    http://www.tinyurl.com/onionforum2 [tinyurl.com]

    Each tinyurl link will take you to a hidden service discussion forum. Tor is required to visit these links, even though they appear to be on the open web, they will lead

  • by Anonymous Coward

    * https://www.eff.org/pages/switzerland-network-testing-tool [eff.org]
    * https://www.eff.org/testyourisp [eff.org]

    Switzerland Network Testing Tool

    "Is your ISP interfering with your BitTorrent connections? Cutting off your VOIP calls? Undermining the principles of network neutrality? In order to answer those questions, concerned Internet users need tools to test their Internet connections and gather evidence about ISP interference practices. After all, if it weren't for the testing efforts of Rob Topolski, the Associated Press,

  • But seriously, I think you mean "even more than they are currently FORCED to do?" ISPs are currently forced by law in many countries to keep certain records of their clients and to monitor certain content. This is only going to increase, not decrease. And in the US there is the "Patriot Act" which says "All your base is belong to us." So what was the question again?
  • I'm behind 7 proxies...and several VPN's.
  • Deep packet inspection is already happening in the UK. Don't believe me? Try a telnet to port 80 on a webserver you control from a domestic UK internet connection. Then enter 'HTTP \nHOST piratebay.org\n' Your connection gets hijacked at that point and the server sees a faked reset from your IP.

    Don't have a webserver? Try any website instead but if you use your own you can tcpdump both sides of the connection to see the hijacking happening.

    Between this, email and telephone snooping, stop and search without

  • I wonder how this would fit in with corporate customers of the participating ISPs and the loss of business hours that could occur, since even if nobody is falsely accused by mistake, a lot of these copyright issues are subjective and are subject to the judicial system.

    Could the participating ISPs be held liable if a company's business is disrupted through no fault of their own (or if the company has a case and is willing to take the issue to court)?

Are you having fun yet?

Working...