AT&T Announces Plans to Filter Copyright Content

An anonymous reader writes "The LA Times reports that AT&T has announced plans to work with the Hollywood movie studios and major recording labels to implement new content filtering systems on their network. The plans raise many troubling legal issues including privacy concerns, false positive filtering, and liability for failure to filter."

Oh good...

I was wondering when they were going to give up their common carrier status. Now they can all go to jail for monopoly!

ISPs are not common carriers.

ISPs are not common carriers. There is a difference between voice and data, according to (stupid) law.

Communications Decency Act Section 230

AT&T may not be a "Common Carrier" with respect to data, but it is (was) provided immunity by Section 230 of the Communications Decency Act [wikipedia.org]:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

In analyzing the availability of the immunity offered by this provision, courts generally apply a three-prong test. A defendant must satisfy each of the three prongs to gain the benefit of the immunity:

1. The defendant must be a "provider or user" of an "interactive computer service."
2. The cause of action asserted by the plaintiff must "treat" the defendant "as the publisher or speaker" of the harmful information at issue.
3. The information must be "provided by another information content provider," i.e., the defendant must not be the "information content provider" of the harmful information at issue.

Re:Communications Decency Act Section 230

It seems to me to be more along the lines of, there's no real legal need for AT&T to do this, as they're already immune to prosecution by copyright holders if users transmit copyrighted information across their networks. Thus, the only reason they would have to implement something like this involves the crisp, green lining in their pockets getting a bit thicker.

But IANAL either, so the cycle of speculation continues.

Re:Oh good...

The real question is have is how is this supposed to make them money? Any investors that find out about this should be throwing a shitfit, and replacing anyone involved with this. Decisions like this look to make AT&T LOSE more money than they gain. Time spent on a such a dumbassed idea, pissed off customers, lawsuits when they fail to filter, lawsuits for filtering the wrong content, etc. This makes beyond no sense.

Re:Ouch.

Yeah, I don't get that either. They can have the absolute best filtering software in the world, and it will all go tits up the moment the client encrypts his communications. The users will continue to swap pirated material, and AT&T will find itself on the legal hook for it.

I mean, how stupid can you get?

Re:Ouch.

This will render ecommerce impossible, and I'm sure that if they go to that extent, they'll block VPN and ssh, which will make a home internet connection useful only for instant messaging, viewing porn, and arguing endlessly on slashdot. ;)

Re:Ouch.

what are you talking about? We don't endlessly argue on slashdot!!! Everything here is nice and polite.

Try Again

I think you meant to say, "Everything here is nice and polite, jackass."

Re:Ouch.

(T)hey'll block VPN and ssh, which will make a home internet connection useful only for instant messaging, viewing porn, and arguing endlessly

Bingo. That's the whole idea. This internet thing has been nothing but a headache to those in power anyway. You get foul-mouthed hippie bloggers who say bad things about our sainted politicians, you have web sites that actually help people find the lowest prices on products, and there are even ways for people on the internet to send messages that are hard to eavesdrop. We can't have that, now, can we?

The ideal internet for the people who run things would be a place where people shop, watch movies and TV (but only what they pay for) and buy songs from iTunes and msTunes and sonyTunes and warnerTunes. It's OK for folks to talk to one another, as long as they do it over a clear channel (say!) and they can post pictures of their dogs and babies but not police beating protesters or (God forbid!) that troublemaker Michael Moore.

Once this mess of an internet gets straightened out, people will have all the freedom they could want, as long as it's within these reasonable parameters.

Oh, I forgot: THE CHILDREN! THE CHILDREN!

Re:Ouch.

Yeah? And what would people switch to? Dialup?

For example, where I live the only broadband I can get is Comcast. If they fucked over the customers like AT&T I'd have no other choice.

How do you really detect in real time?

Real time is the KEY here. They promise to block and not to just detect.

Sure, you can detect ssh, etc, known protocals and block them.

But if today the server encripted an MP3 file with rot13 no computer would automatically detect it as an mp3. And tomarow they just do it different. Tomarrow they make a jpg out of it. Change the extention and Bob's your uncle.

An application is written that everytime it starts it downloads a plugin with todays encription standard. There is no way they could even think of keeping up without breaking things for there customers on a daily basis.

Re:Ouch.

Exactly. By the time AT&T gets anywhere with filtering, BitTorrent clients will come with encryption enabled by default and will all select a random set of ports.

Is AT&T suggesting they can somehow go up against an encrypted, data-heavy connection using random ports? Or even well-known ports like 443? You can't very well just block long transfers, either. If you do that, P2P clients will be programmed to cycle connections, only transmitting one MB or such per connection before resetting.

Best to build for the capacity you sell to your users. If you can't handle what you sold, downgrade their plans, raise prices, or install new lines.

I'm not for piracy at all, but the ISPs should stay out of criminal and civil matters altogether until they have a public order from a judge instructing them otherwise.

Re:Ouch.

Well, given block/chunk size in bittorrent clients, they should recover from any sporadic disconnects after 1-2 blocks are transferred, will have an increased overhead in terms of new connections, but should still work... I also have to agree that AT&T should stay out of content blocking... I know that if I hosted britney_spears.mp3, which turned out to be a commentary file, and it was blocked, I might have something to sue about... AT&T is opening a can of worms on the legitimate side alone.. I know for a fact I wouldn't use AT&T for services before, let alone now.

Encrypt everything

They can have the absolute best filtering software in the world, and it will all go tits up the moment the client encrypts his communications

Yes, P is right. Now we should start writing free, low-strength, fast encrytion/decryption software. Nothing that requires the NSA to break, but just enough to make it economically impractical for ATT to decrypt.

Re:Encrypt everything

Why write low-strength encryption software when high-strength software already exists and is plenty fast? Why do people just assume that high-strength cryptography has to be unacceptably slow?

For years I've routinely encrypted as much of my communications as I can (e.g., when I control both ends of the connection) and the overhead is completely invisible.

Re:Encrypt everything

Why use weak crypto?

To avoid triggering some kind of knee-jerk reaction from the US govenrment intelligence agencies.

I'm assuming that if ATT goes to the NSA and says "Please help us pass a law that says that stuff can't be encrypted" and the NSA sees low-grade crpyto they will reply "You pussies, we solved that stuff in kindergarden". But if they see high-level crypto, they may start screaming "national security" and do something that is stupid, unconstitutional, or both.

Re:Encrypt everything

Can't you see how depressing this kind of reasoning is? That you - hell, we, my country is no better - live in a place where your first thought is "despite the perfectly good, high strength, fast encryption we've got, lets make a dodgy kludge one to avoid confrontation with the government." In a true democracy, the government is an extension, a physical manifestation, of the will of the people. There should never be a situation where the people have to make concessions to the government. Of course, if the majority of people were against encryption, that would be a different matter. And might even happen, as the current world governments wield the word terrorist like a weapon and steal liberties in the name of security, whilst the masses applaud. And, this argument assumes that America is a true democracy, which is quite laughable, but an entirely different discussion.

Re:Ouch.

Because there is no money to be made by saving the children.

Re:Ouch.

As I understand it, the telcos aren't common-carriers with regards to so-called "data services" anyway, so they can perfectly well get away with this. Granted the distinction between a voice service and a data service is technologically non-existent anymore, but from a legal perspective it's still very important (as it happens, I have AT&T's Callvantage VoIP service at home ... which set of laws would apply to AT&T in the case?) That's part of the law that does need to be changed, I think.

Now, whether or not they'll have many customers when it's all over is another story. The moment my ISP starts making decisions for me about what I can and cannot download is the day I find another provider. If there aren't any other providers, then I'm going to drive to Washington, D.C. (probably none of us will be able to actually board aircraft at that point), grab Orrin Hatch and a few other select Congresspeople by their lapels and shake some sense into them.

What's amazing about this is the level of influence the media companies are able to wield, in both the government and private sectors. Honestly, they must have some part of their organization whose only job it is to dig up dirt on Congressmen and corporate CEOs. Otherwise I can't see why AT&T would just roll over on this.

Re:Ouch.

The safe harbor provision of the DMCA applicable to carriers (there are different provisions for hosts and caches) requires, in part, that, for its protection to be available, that the "transmission, routing, provision of connections, or storage" of material be carried out "without selection of the material by the service provider". (17 U.S.C. Sec. 512(a)(2))

I don't know if there is any case law yet on this, but at first blush it would seem that the more selectivity the carrier applies to what content is allowed and what is blocked, the less clear it is that they are within the protection of the safe harbor. And while it might seem paradoxical that the carrier could become more liable for copyright infringement for blocking some infringing materials, there is a good reason for this—it makes a carrier choose whether it wants copyright to be the responsibility of the users (and thus, it is "hands off"), or whether it wants to seek the potential rewards (in terms of favorable details with copyright holders to monitor and enforce) along with the potential costs (in terms of liability to those whose rights are violated despite the carrier's intervention) of taking a "hands on" policy.

Re:Loss of Common Carrier Status? Why?

Spam filters like Spamassassin actually work remarkably well. Why? Because spam recipients, by definition, are unwilling. The users, filter maintainers, blacklist operators, ISPs and sometimes even the government are all willing to cooperate to a common goal.

It's an entirely different story when you have two resourceful parties who want to communicate and will deploy all sorts of resourceful defenses and countermeasures -- starting with end-to-end encryption -- to ensure that they can continue to communicate. Stopping spam is absolutely trivial by comparison.

It'll be neat...

... when AT+T takes down an iTMS download of a purchased movie for being a copy. Which, of course, it would be. Merely one being paid for correctly.

Easily defeated

Just put everything in a passworded protected archive. Hell, I bet you could even skip the password protected part, since opening every archive that comes across the wire would be prohibitively slow.

So much for my business

I had been considering switching from Comcast to AT&T as soon as DSL became available at my house... so much for that idea.

Encryption forever!

Re:So much for my business

I had been considering switching from Comcast to AT&T as soon as DSL became available at my house... so much for that idea.

Talk about a choice between Giant Douchebag and Turd Sandwich...

No surprise here

This is not surprising in the least. AT&T has a dishonourable history of sticking it to the consumer whenever anyone asks them to.

Most notable is the current lawsuit against them alleging collusion with the NSA in massive illegal domestic wiretapping [eff.org].

Dinosaur Managers: Please Retire!

We need to wait for all those dinosaur top managers to retire.

Practically every business I know is managed by someone who started managing before the personal computer revolution. It surprises me, but in more than a decade they don't seem to have learned anything. They hit blindly without understanding what they are doing, or even caring what they are doing.

We are seeing in our culture HUGE disrespect for technically knowledgeable people. The wild imaginings of someone who knows nothing are considered better than the counsel of those who have learned how things work.

Re:Dinosaur Managers: Please Retire!

We are seeing in our culture HUGE disrespect for technically knowledgeable people. The wild imaginings of someone who knows nothing are considered better than the counsel of those who have learned how things work.

We're talking about a culturally pervasive issue, though. Although I hate to bring it into a discussion here for various obvious reasons, Al Gore's Truth movie raises this point quite significantly. We have nothing but contempt for the only people actually qualified to make decisions on a scientific basis in this country.

Frankly, I blame this on religion, which has a stranglehold on many aspects of our existence here.

AT&T is NOT AT&T, it is SBC.

AT&T is not AT&T now, because the name was sold [att.com] to an abusive west coast telephone company named SBC.

My understanding is that everything else of value in the original AT&T was sold piece-by-piece, and SBC bought mostly just the name. My understanding is that the SBC trademark was worse than useless because the company is so abusive. So, the managers bought another name.

Apparently, for $16 Billion SBC got AT&T's VOIP [businessweek.com] customers, and the AT&T name.

AT&T's VOIP customers were Sheila and Gerald Funk, who have since moved to Elbonia. Wait... That last sentence my contain an error.

So, what we are seeing is SBC mismanagement under a new name. Soon just saying the name AT&T will cause people to become upset.

SSL For All My Friends!

If Firefox and Apache both made HTTPS their default protocol instead of HTTP, AT&T wouldn't be able to invade any of our private traffic that happens to get routed over their WANs. Then they'd have only their Net Doublecharge, preferential routing between IPs paying their extortion fees, to work against us, and that gambit will likely get killed by the government that otherwise protects AT&T's resurgent monopoly.

If we act now, while we still can, before AT&T and their telco/cableco cartel shuts us down.

Re:SSL For All My Friends!

If we act now, while we still can, before AT&T and their telco/cableco cartel shuts us down.

We're almost convinced, but I think we need a few more random bold tags before it can happen...

Re:SSL For All My Friends!

This is not correct. You can have your own private certificate server on the same server as Apache is on, and a man-in-the-middle attack will not work. The only problem is that it is a nuisance for the user to click through the "Accept this certificate" screen, but the user only has to do it once.

How do you think SSH works? There is no third-party certificate server, and man-in-the-middle certainly can't defeat it.

To install a private certificate server under Apache is trivial; see for example my post [slashdot.org]. (On Windows, it is a little more complex, as that post indicates.)

The purpose of the third-party certificate is to provide some degree of trust that you are going to the web site you think you are, so that you can have some confidence that you aren't submitting your credit card number to an imposter. If all you are interested in is encryption and the prevention of man-in-the-middle interception, SSL with a private certificate server will work fine. The encryption is accomplished via public key cryptography, which allows you to exchange the private key used for the encrypted session. A third party is not required for public key cryptography to work.

Won't work.

It won't work. If they block P2P, people will use a different port. If they search traffic for P2P, people will use encryption. If they look at traffic analysis, people will figure out how to disguise traffic patterns. And so on.

And by people, I mean that a few clever hackers will implement it and everyone will just use it (kind of like bittorrent).

Of course, they could start by blocking youtube... that'll make them really popular.

Well, the figure for losses about bootlegs I can kind of believe. After all you have to pay cash for a bootleg, and that is real money which isn't going to the copyright holder. The figure for online piracy seems like one of those bogus ones. It is only a loss if the person would otherwise have paid. I doubt that they have a good way of measuring that.

And finally, can we PLEASE get some accuracy in the titles. Everything (bar public domain) is under copyright. If they filtered out copyright content, there would be nothing left for the customers. How would they even find the public domain content without any search engine's copyrighted front (and filtered) page?

Do we really need more laws?

Unless you believe that companies (AT&T, Google, MS) and government agencies (Big Brother) have a right to listen in on every conversation you have, review every site you visit, and examine every transaction you make, then either don't let them or stop complaining.

Instead of sending everything by postcard, send everything by envelope (encrypted), and stop expecting every lawyer, politician, company, government agency, and identity thief to respect your privacy.

So I'd better make other plans

to get my holiday movies from North Africa to my relatives on NewATT?

I'm guessing they're not going to like a file transfer of casablanca.mov

Time for Telecommunications Monopolies to End

If AT&T is going to start watching every single thing its users does and the users have no recourse whatsoever, I say it is time to end the monopoly that cable and wired ISPs and phone companies have in most areas and let competition reign. If I had the choice between a company that is going to spy on me and give anything they think is suspicious to the RIAA/MPAA or paying a few extra bucks to a company that will truly honor my privacy, the choice would be extremely easy.

Instead, I'm stuck with one cable company and one DSL company servicing my area. Thanks, local government.

piratebay blocked

I wasn't looking for anything in particular, but when I put the url of piratebay in my browser a blocking service page came up. First time I saw anything like this. I get DSL in Chicago thru, I guess it's AT&T now...

This is all well and good if it's like a parental control thing but I'm a 50 year old paying customer and I'm not used to getting flipped off by my ISP. I suppose I should be looking over my shoulder.

Odd thought

The article doesn't mention AT&T as an ISP. It merely states they plan on filtering this content as it runs across their network. Well, the bad news is that most ISP data in the US traverses the AT&T network in the form of optical longhaul systems ( Read that Sonet ) at some point in it's journey. Your ISP leases lines from Company X who, in turn, leases their lines from AT&T. Is similar to when your WoW session is hit with a lag storm and you start yelling at your ISP to ' FIX YOUR SH*T ', when it's actually an optical level issue on lines owned by someone else that is taking the data longhaul across the country. Sprint, AT&T, whatever ) Given the technology that allowed the NSA to split the optical signal so they could watch traffic, I wonder if they're considering applying their ' filtering ' technology in the same manner. In other words, would they act as big brother over all the data packets that travel ' their ' pipes and filter anything they feel is necessary ?

You do understand...

...that in many countries, when a carrier censors content, it automatically loses "common carrier" status and becomes liable for what it carries. In other words, AT&T probably can't be sued right now for movies on their lines, but if they censor those lines and miss something - however accidental - they are liable. In the UK, carriers have been sued into bankrupcy after losing common carrier status. I don't know if this is true in the US, but if it is and someone wants to go digging for gold, they would be doing everyone a huge favour.

PC Level Monitoring

This almost sounds like a setup ' see, we tried, but you cant do it on the network side we need legistlative help'. Then congress mandates an 'approved/trusted' OS+connection software+local monitoring software to get online. ( and of course new hardware to go with it so you cant disable anything 'bad' while offline either )

If you try to conect with anything other then the above either it doesnt work, or you get reported for an 'attempted circumvention'.

Scary times ahead.

Clearly not thinking...

Every post on Slashdot is copyrighted -- it's a creative form of expression in a fixed medium (namely bits on a disk somewhere). Yet here they are... How can that be? It's because the posters are granting a public license to view their work, implicitly by placing it in a public forum.

The fact of the matter is that the vast majority of the content flowing through AT&T's networks are copyrighted. It's not sufficient that a work is copyrighted, but rather that the exchange itself is a violation of copyright. But how can the computer know? If you have a license to the work through some asset purchase, it's not infringing; if you have a license agreement that grants certain rights to obtain/distribute copies, it's not infringement; if you are using the content for academic research, the purpose of criticism, or in parody, it's not infringing. So, how is their computer system to know, a priori, of the legal arrangements, or your intent to use a work? What if you live in a jurisdiction that doesn't recognize the copyright (e.g., it may be public domain because the copyright expired in your jurisdiction).

The point is that it's technically not feasible to police copyrights. AT&T may be inerefering with network traffic on behalf of a third party for fun and profit, but they are most certainly not protecting copyrights. It's a little disingenuous.

How can they possibly judge intent?

How is it that they think they can judge intent? Even if they're only going to look at major Hollywood productions, how do they know that a given transmission is pirated, and not the exact same transmission, but with license agreements in place to allow the distribution? What's the difference between a download from iTunes Store and a download from another host online? Are they going to maintain a whitelist of "legitimate" sites that can distribute copyrighted material?

Nevermind the fact that if they're going to start protecting the interests of the major studios, why aren't they going to "protect" the interests of the rest of us? How do they know the difference between me uploading my photography to my website and someone else sending copies around that infringe on my copyrights?

The entire concept is ridiculous. There is technically no difference between a legal and an illegal transfer. It's all in the offline licenses and agreements that have (or have not) been made.

Legal - I think not

I am British - but what right does AT&T have to invade an Americans privacy?

Isn't privacy protected in the Bill of Rights - or has that all gone out the window now, since 911?

I thought that even the police have to get a judge to authorize a warrant to search - and only if there is reasonable grounds against an individual (not the populace of whole country).

Why is this not like the US Postal Service looking in your mail or DHL opening your packages to see if you have anything illegal - without a search warrant?

Re:Fairly easy to by-pass filtering

Just run some simple encryption, nothing major, just enough to scramble the data and confuse the filters. Hell, ROT13 would probably be enough

No, you'd need to be somewhat cryptographically secure. If you just pay lip-service to the concept, you'll trip off a digital arms war between file sharing and AT&T's filter upgrades. It's better to be secure up front so that AT&T gets the idea that there's no way of enforcing these filters.

It's not that difficult to exchange symmetrical keys using an asymmetrical encryption method. Once those keys are exchanged, you can communicate freely without AT&T being able to eavesdrop. When they finally finish cracking your packets a year or two later, they'll find themselves in big trouble for having lost their common carrier status.

Re:Fairly easy to by-pass filtering

It's not that difficult to exchange symmetrical keys using an asymmetrical encryption method.

Indeed. When I read the documents on the passive optical splitters that AT&T installed for the NSA, it became utterly obvious to me that those of us who developed the present generation of Internet encryption protocols in the 1990s (and I'm one of them) made a big mistake. We were too concerned about major-league threats like active man-in-the-middle attacks and not concerned enough about simple, transparent and totally automatic encryption that would still be 100% effective against passive eavesdropping. Our existing crypto protocols generally require a heavy-duty public-key infrastructure and administrator or user action to generate those keys and get them signed. Most people don't bother, so they just operate in the clear. Had we standardized a simple unkeyed Diffie-Hellman exchange as the starting default with signatures as an option, we could have stopped this kind of massive dragnet eavesdropping in its tracks.

I still think one of the most brilliant developments in practical cryptography was SSH. The idea of simply caching the public key on the first connection and checking to see if it has changed on later connections is vulnerable to a man-in-the-middle attack on that very first connection, but it still solves 99% of the problem with 1% of the effort. That's the proper model for any new effort to routinely encrypt everything, all the time, to make the haystacks as big as we can.

Re:Fairly easy to by-pass filtering

And when they do, the end-points will start signing their key exchanges. Or they'll play the port-hopping game. Or they'll find any of dozens of other ways to obscure the fact that they're doing a Diffie-Hellman key exchange.

As for traffic filtering and shaping, the battle between ISP and user will end only when they agree on QoS markings and policies that are advantageous to both. This can happen.