AT&T Announces Plans to Filter Copyright Content

An anonymous reader writes "The LA Times reports that AT&T has announced plans to work with the Hollywood movie studios and major recording labels to implement new content filtering systems on their network. The plans raise many troubling legal issues including privacy concerns, false positive filtering, and liability for failure to filter."

Oh good...

I was wondering when they were going to give up their common carrier status. Now they can all go to jail for monopoly!

ISPs are not common carriers.

ISPs are not common carriers. There is a difference between voice and data, according to (stupid) law.

Communications Decency Act Section 230

AT&T may not be a "Common Carrier" with respect to data, but it is (was) provided immunity by Section 230 of the Communications Decency Act [wikipedia.org]:

No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.

In analyzing the availability of the immunity offered by this provision, courts generally apply a three-prong test. A defendant must satisfy each of the three prongs to gain the benefit of the immunity:

1. The defendant must be a "provider or user" of an "interactive computer service."
2. The cause of action asserted by the plaintiff must "treat" the defendant "as the publisher or speaker" of the harmful information at issue.
3. The information must be "provided by another information content provider," i.e., the defendant must not be the "information content provider" of the harmful information at issue.

Re:Communications Decency Act Section 230

It seems to me to be more along the lines of, there's no real legal need for AT&T to do this, as they're already immune to prosecution by copyright holders if users transmit copyrighted information across their networks. Thus, the only reason they would have to implement something like this involves the crisp, green lining in their pockets getting a bit thicker.

But IANAL either, so the cycle of speculation continues.

Re:Oh good...

The real question is have is how is this supposed to make them money? Any investors that find out about this should be throwing a shitfit, and replacing anyone involved with this. Decisions like this look to make AT&T LOSE more money than they gain. Time spent on a such a dumbassed idea, pissed off customers, lawsuits when they fail to filter, lawsuits for filtering the wrong content, etc. This makes beyond no sense.

Re:Ouch.

Yeah, I don't get that either. They can have the absolute best filtering software in the world, and it will all go tits up the moment the client encrypts his communications. The users will continue to swap pirated material, and AT&T will find itself on the legal hook for it.

I mean, how stupid can you get?

Re:Ouch.

This will render ecommerce impossible, and I'm sure that if they go to that extent, they'll block VPN and ssh, which will make a home internet connection useful only for instant messaging, viewing porn, and arguing endlessly on slashdot. ;)

Re:Ouch.

what are you talking about? We don't endlessly argue on slashdot!!! Everything here is nice and polite.

Try Again

I think you meant to say, "Everything here is nice and polite, jackass."

Re:Ouch.

(T)hey'll block VPN and ssh, which will make a home internet connection useful only for instant messaging, viewing porn, and arguing endlessly

Bingo. That's the whole idea. This internet thing has been nothing but a headache to those in power anyway. You get foul-mouthed hippie bloggers who say bad things about our sainted politicians, you have web sites that actually help people find the lowest prices on products, and there are even ways for people on the internet to send messages that are hard to eavesdrop. We can't have that, now, can we?

The ideal internet for the people who run things would be a place where people shop, watch movies and TV (but only what they pay for) and buy songs from iTunes and msTunes and sonyTunes and warnerTunes. It's OK for folks to talk to one another, as long as they do it over a clear channel (say!) and they can post pictures of their dogs and babies but not police beating protesters or (God forbid!) that troublemaker Michael Moore.

Once this mess of an internet gets straightened out, people will have all the freedom they could want, as long as it's within these reasonable parameters.

Oh, I forgot: THE CHILDREN! THE CHILDREN!

Re:Ouch.

Yeah? And what would people switch to? Dialup?

For example, where I live the only broadband I can get is Comcast. If they fucked over the customers like AT&T I'd have no other choice.

How do you really detect in real time?

Real time is the KEY here. They promise to block and not to just detect.

Sure, you can detect ssh, etc, known protocals and block them.

But if today the server encripted an MP3 file with rot13 no computer would automatically detect it as an mp3. And tomarow they just do it different. Tomarrow they make a jpg out of it. Change the extention and Bob's your uncle.

An application is written that everytime it starts it downloads a plugin with todays encription standard. There is no way they could even think of keeping up without breaking things for there customers on a daily basis.

Re:Ouch.

Exactly. By the time AT&T gets anywhere with filtering, BitTorrent clients will come with encryption enabled by default and will all select a random set of ports.

Is AT&T suggesting they can somehow go up against an encrypted, data-heavy connection using random ports? Or even well-known ports like 443? You can't very well just block long transfers, either. If you do that, P2P clients will be programmed to cycle connections, only transmitting one MB or such per connection before resetting.

Best to build for the capacity you sell to your users. If you can't handle what you sold, downgrade their plans, raise prices, or install new lines.

I'm not for piracy at all, but the ISPs should stay out of criminal and civil matters altogether until they have a public order from a judge instructing them otherwise.

Re:Ouch.

Well, given block/chunk size in bittorrent clients, they should recover from any sporadic disconnects after 1-2 blocks are transferred, will have an increased overhead in terms of new connections, but should still work... I also have to agree that AT&T should stay out of content blocking... I know that if I hosted britney_spears.mp3, which turned out to be a commentary file, and it was blocked, I might have something to sue about... AT&T is opening a can of worms on the legitimate side alone.. I know for a fact I wouldn't use AT&T for services before, let alone now.

Encrypt everything

They can have the absolute best filtering software in the world, and it will all go tits up the moment the client encrypts his communications

Yes, P is right. Now we should start writing free, low-strength, fast encrytion/decryption software. Nothing that requires the NSA to break, but just enough to make it economically impractical for ATT to decrypt.

Re:Encrypt everything

Why write low-strength encryption software when high-strength software already exists and is plenty fast? Why do people just assume that high-strength cryptography has to be unacceptably slow?

For years I've routinely encrypted as much of my communications as I can (e.g., when I control both ends of the connection) and the overhead is completely invisible.

Re:Encrypt everything

Why use weak crypto?

To avoid triggering some kind of knee-jerk reaction from the US govenrment intelligence agencies.

I'm assuming that if ATT goes to the NSA and says "Please help us pass a law that says that stuff can't be encrypted" and the NSA sees low-grade crpyto they will reply "You pussies, we solved that stuff in kindergarden". But if they see high-level crypto, they may start screaming "national security" and do something that is stupid, unconstitutional, or both.

Re:Encrypt everything

Can't you see how depressing this kind of reasoning is? That you - hell, we, my country is no better - live in a place where your first thought is "despite the perfectly good, high strength, fast encryption we've got, lets make a dodgy kludge one to avoid confrontation with the government." In a true democracy, the government is an extension, a physical manifestation, of the will of the people. There should never be a situation where the people have to make concessions to the government. Of course, if the majority of people were against encryption, that would be a different matter. And might even happen, as the current world governments wield the word terrorist like a weapon and steal liberties in the name of security, whilst the masses applaud. And, this argument assumes that America is a true democracy, which is quite laughable, but an entirely different discussion.

Re:Ouch.

Because there is no money to be made by saving the children.

Re:Ouch.

As I understand it, the telcos aren't common-carriers with regards to so-called "data services" anyway, so they can perfectly well get away with this. Granted the distinction between a voice service and a data service is technologically non-existent anymore, but from a legal perspective it's still very important (as it happens, I have AT&T's Callvantage VoIP service at home ... which set of laws would apply to AT&T in the case?) That's part of the law that does need to be changed, I think.

Now, whether or not they'll have many customers when it's all over is another story. The moment my ISP starts making decisions for me about what I can and cannot download is the day I find another provider. If there aren't any other providers, then I'm going to drive to Washington, D.C. (probably none of us will be able to actually board aircraft at that point), grab Orrin Hatch and a few other select Congresspeople by their lapels and shake some sense into them.

What's amazing about this is the level of influence the media companies are able to wield, in both the government and private sectors. Honestly, they must have some part of their organization whose only job it is to dig up dirt on Congressmen and corporate CEOs. Otherwise I can't see why AT&T would just roll over on this.

Re:Ouch.

The safe harbor provision of the DMCA applicable to carriers (there are different provisions for hosts and caches) requires, in part, that, for its protection to be available, that the "transmission, routing, provision of connections, or storage" of material be carried out "without selection of the material by the service provider". (17 U.S.C. Sec. 512(a)(2))

I don't know if there is any case law yet on this, but at first blush it would seem that the more selectivity the carrier applies to what content is allowed and what is blocked, the less clear it is that they are within the protection of the safe harbor. And while it might seem paradoxical that the carrier could become more liable for copyright infringement for blocking some infringing materials, there is a good reason for this—it makes a carrier choose whether it wants copyright to be the responsibility of the users (and thus, it is "hands off"), or whether it wants to seek the potential rewards (in terms of favorable details with copyright holders to monitor and enforce) along with the potential costs (in terms of liability to those whose rights are violated despite the carrier's intervention) of taking a "hands on" policy.

Re:Loss of Common Carrier Status? Why?

Spam filters like Spamassassin actually work remarkably well. Why? Because spam recipients, by definition, are unwilling. The users, filter maintainers, blacklist operators, ISPs and sometimes even the government are all willing to cooperate to a common goal.

It's an entirely different story when you have two resourceful parties who want to communicate and will deploy all sorts of resourceful defenses and countermeasures -- starting with end-to-end encryption -- to ensure that they can continue to communicate. Stopping spam is absolutely trivial by comparison.

It'll be neat...

... when AT+T takes down an iTMS download of a purchased movie for being a copy. Which, of course, it would be. Merely one being paid for correctly.

Easily defeated

Just put everything in a passworded protected archive. Hell, I bet you could even skip the password protected part, since opening every archive that comes across the wire would be prohibitively slow.

So much for my business

I had been considering switching from Comcast to AT&T as soon as DSL became available at my house... so much for that idea.

Encryption forever!

Re:So much for my business

I had been considering switching from Comcast to AT&T as soon as DSL became available at my house... so much for that idea.

Talk about a choice between Giant Douchebag and Turd Sandwich...

No surprise here

This is not surprising in the least. AT&T has a dishonourable history of sticking it to the consumer whenever anyone asks them to.

Most notable is the current lawsuit against them alleging collusion with the NSA in massive illegal domestic wiretapping [eff.org].

Dinosaur Managers: Please Retire!

We need to wait for all those dinosaur top managers to retire.

Practically every business I know is managed by someone who started managing before the personal computer revolution. It surprises me, but in more than a decade they don't seem to have learned anything. They hit blindly without understanding what they are doing, or even caring what they are doing.

We are seeing in our culture HUGE disrespect for technically knowledgeable people. The wild imaginings of someone who knows nothing are considered better than the counsel of those who have learned how things work.

Re:Dinosaur Managers: Please Retire!

We are seeing in our culture HUGE disrespect for technically knowledgeable people. The wild imaginings of someone who knows nothing are considered better than the counsel of those who have learned how things work.

We're talking about a culturally pervasive issue, though. Although I hate to bring it into a discussion here for various obvious reasons, Al Gore's Truth movie raises this point quite significantly. We have nothing but contempt for the only people actually qualified to make decisions on a scientific basis in this country.

Frankly, I blame this on religion, which has a stranglehold on many aspects of our existence here.

AT&T is NOT AT&T, it is SBC.

AT&T is not AT&T now, because the name was sold [att.com] to an abusive west coast telephone company named SBC.

My understanding is that everything else of value in the original AT&T was sold piece-by-piece, and SBC bought mostly just the name. My understanding is that the SBC trademark was worse than useless because the company is so abusive. So, the managers bought another name.

Apparently, for $16 Billion SBC got AT&T's VOIP [businessweek.com] customers, and the AT&T name.

AT&T's VOIP customers were Sheila and Gerald Funk, who have since moved to Elbonia. Wait... That last sentence my contain an error.

So, what we are seeing is SBC mismanagement under a new name. Soon just saying the name AT&T will cause people to become upset.

SSL For All My Friends!

If Firefox and Apache both made HTTPS their default protocol instead of HTTP, AT&T wouldn't be able to invade any of our private traffic that happens to get routed over their WANs. Then they'd have only their Net Doublecharge, preferential routing between IPs paying their extortion fees, to work against us, and that gambit will likely get killed by the government that otherwise protects AT&T's resurgent monopoly.

If we act now, while we still can, before AT&T and their telco/cableco cartel shuts us down.

Re:SSL For All My Friends!

If we act now, while we still can, before AT&T and their telco/cableco cartel shuts us down.

We're almost convinced, but I think we need a few more random bold tags before it can happen...

Re:SSL For All My Friends!

This is not correct. You can have your own private certificate server on the same server as Apache is on, and a man-in-the-middle attack will not work. The only problem is that it is a nuisance for the user to click through the "Accept this certificate" screen, but the user only has to do it once.

How do you think SSH works? There is no third-party certificate server, and man-in-the-middle certainly can't defeat it.

To install a private certificate server under Apache is trivial; see for example my post [slashdot.org]. (On Windows, it is a little more complex, as that post indicates.)

The purpose of the third-party certificate is to provide some degree of trust that you are going to the web site you think you are, so that you can have some confidence that you aren't submitting your credit card number to an imposter. If all you are interested in is encryption and the prevention of man-in-the-middle interception, SSL with a private certificate server will work fine. The encryption is accomplished via public key cryptography, which allows you to exchange the private key used for the encrypted session. A third party is not required for public key cryptography to work.

Won't work.

It won't work. If they block P2P, people will use a different port. If they search traffic for P2P, people will use encryption. If they look at traffic analysis, people will figure out how to disguise traffic patterns. And so on.

And by people, I mean that a few clever hackers will implement it and everyone will just use it (kind of like bittorrent).

Of course, they could start by blocking youtube... that'll make them really popular.

Well, the figure for losses about bootlegs I can kind of believe. After all you have to pay cash for a bootleg, and that is real money which isn't going to the copyright holder. The figure for online piracy seems like one of those bogus ones. It is only a loss if the person would otherwise have paid. I doubt that they have a good way of measuring that.

And finally, can we PLEASE get some accuracy in the titles. Everything (bar public domain) is under copyright. If they filtered out copyright content, there would be nothing left for the customers. How would they even find the public domain content without any search engine's copyrighted front (and filtered) page?

Do we really need more laws?

Unless you believe that companies (AT&T, Google, MS) and government agencies (Big Brother) have a right to listen in on every conversation you have, review every site you visit, and examine every transaction you make, then either don't let them or stop complaining.

Instead of sending everything by postcard, send everything by envelope (encrypted), and stop expecting every lawyer, politician, company, government agency, and identity thief to respect your privacy.

So I'd better make other plans

to get my holiday movies from North Africa to my relatives on NewATT?

I'm guessing they're not going to like a file transfer of casablanca.mov