Tool To Allow ISPs To Scan Every File You Transmit 370
timdogg writes "Brilliant Digital Entertainment, an Australian software company, has grabbed the attention of the NY attorney general's office with a tool they have designed that can scan every file that passes between an ISP and its customers. The tool can 'check every file passing through an Internet provider's network — every image, every movie, every document attached to an e-mail or found in a Web search — to see if it matches a list of illegal images.' As with the removal of the alt.binary newgroups, this is being promoted under the guise of preventing child porn. The privacy implications of this tool are staggering."
Re:Huh? (Score:5, Interesting)
TFA says they're going to use hash values. This will take a stateful packet inspection filter to catch, but the amount of state is only enough do the hash, and they can throw it away if it doesn't match anything on the blacklist.
While hashing seems easy enough to get around, I think the real thing they're looking for is a repeated pattern of someone sending blacklisted images. If you send/receive thousands of images, there's a good chance that you'll screw up and maybe a dozen of them won't get resampled (or use some other trick) to change the hash value. you'll pop up on a screen someplace, they'll get a search warrant, and you are busted.
Re:Won't work. (Score:5, Interesting)
They claim they can scan Gnutella and BitTorrent.
Gnutella I don't know, but BitTorrent, almost certainly.
The common forms of BitTorrent encryption uses a "shared secret". The shared secret for BitTorrent is a 20-byte key known as the "infohash". This infohash is ALSO used as the unique hash to uniquely identify a given set of files. So its ALWAYS given to the tracker, and if the tracker isn't using SSL, that means its in the clear.
Making the encryption in BitTorrent almost laughably insecure. It's good enough to block non-stateful packet filters. It's not good enough to prevent people from listening in.
As for getting a file hash with BitTorrent, that's even easier.
It does it for them.
The ".torrent" file contains a list of hashes. They don't even need to look at the file contents.
I dunno about other P2P systems, but BitTorrent is definitely not safe from this.
Re:Starts with porn... (Score:2, Interesting)
Re:Won't work. (Score:3, Interesting)
Actually, it gets worse than that. Say that I have an "illegal" image that I want to transmit to you. All I would have to do is embed it in a random frame of some 700 MB DivX movie. Then, not only do files have to be checked, but every frame of every video too.
And the age-old question of "is this MP3 file legal"? That is an example of an uncomputable question.
More likely, this is intended for idiots who don't use encrypted connections. But people who don't have the brains to use encryption are probably going to be apprehended by law enforcement anyway before they can do too much law-breaking. So in other words, invest in massive infrastructure for pretty much nothing.
Re:Probably just for P2P (Score:5, Interesting)
One step further: make a file that has the same hash value of a "bad" file. This is trivial, especially if the file doesn't need to be valid for any application. If all that is checked is a hash of the traffic, then the actual contents of the file are meaningless.
So, this software will allow law enforcement to ruin your life (any implication crime involving sex and/or kids will do that, guilty or not), by simply seeing an unknown party send you a block of unintelligible data that happens to have the same hash as "pr0n." Great.
Anyone up for making an automated hash-spoofing packet forger? I'm sure something similar has already been done. With the speed of current connections, one could probably get the entire human race indicted for child pornography in under a week.
Re:Huh? (Score:3, Interesting)
Did anyone do that "out of order packet" hack for the linux kernel yet? The idea is you send 99% of the packets in the correct order but 1% of the time you swap the order around. It does nasty things for programs like this. Also someone needs to look at claims of this software compared to what it does and let them know where they are in breach of local truth in advertising laws.
Hash Collisions (Score:1, Interesting)
There are fundamental problems with this.
First the police database would grow.
All people wanting to bypass this would have to do is append a few characters to a file, or compress it. They could easily make a single file into a million files with there techniques alone. They can modify the files them selves by slightly changing color values. That creates a million more files. Now comes the nasty part.
They've flooded the police database, now the original file is a billion files, a billion hashes. What is the probability of many accidental hash collisions with innocent files. Soon you will have problems sending all kinds of stuff.
Not to mention the exponential growth of hardware requirements on everyones part.
Re:Probably just for P2P (Score:3, Interesting)
Re:Probably just for P2P (Score:3, Interesting)
I'm not sure whether there's any major prestigious prize given out in the field of crypto, but if there is, you just won it. Please publish!
Re:Probably just for P2P (Score:4, Interesting)
Encrypted files on the peer-to-peer network could not be decrypted by CopyRouter, but the company claims it can fool the sender's computer into believing that the recipient was requesting an unencrypted and uncompressed file.
So basically what they do, is if your bittorrent client requests the files in encrypted format, they intercept that and instead request them unencrypted. They aren't decrypting the file, they are just asking for an unencrypted transmission of the file. If the file is in an encrypted zip file, then there is no way that they could see the actual files being transmitted.
Re:Brilliant Digital Entertainment? (Score:4, Interesting)
I was about to bring up that point. KaZaA was linked to BDE (maybe a parent company or something). I'm not too sure of the exact relationship, but there definitely was one there.
Now correct me if I'm wrong, but wasn't one of the defenses in the KaZaA court case the fact that they couldn't tell what files users were sharing, therefore they claim they weren't responsible for the distribution of copyrighted material? If this was the case, BDE's new "we can tell what you're sending/receiving" crap could land an A-Bomb worth of trouble in someone's lap.
What about hash collisions? (Score:3, Interesting)
Seems to me that if a user attempts to download a file that happens to have the same hash as a "known bad" file, they could be in for a world of hurt unless the system does verification of some kind. And if the verification step is conducted manually rather than automatically -- in the interest of expediency, of course -- what do you bet the odds are that some law enforcement types aren't going to be bothered with niceties like actually checking that some file is indeed prohibited material?
Try mounting your own defense when you are systematically blocked from obtaining a copy of the file that you attempted to download in the first place. (Yes, surely our hypothetical user's attorney could find this file, even if they needed to use an ISP outside the country to do it. This assumes that Joe User has an attorney and can afford to mount a defense.)
A malicious actor could craft a file that will generate a hash collision with some known prohibited file, and if the sender/creator is suitably crafty and hides his tracks, such techniques could be easily used to grief our hypothetical user with virtually no chance of reprisal against the originator of the bogus file.
Re:Huh? (Score:2, Interesting)
your points are interesting but not convincing.
first, out-of-order on 1% of the packets means that a lot of files that require less than 100 packets will still get through in order. and upping the percentage is a fool's game: (a) there's no reason a small image won't fit in one or two 1500 byte packets and (b) if enough people do this (or any other TCP-level hack) they can just add some smarts to the content filter, or choose a hash that doesn't depend (as much) on order.
your second point about truth in advertising laws seems like a blind alley. you'd have to actually be a customer who bought the software, used it, and had major problems with it, in order to have standing to file suit. and it's going to be difficult to get a prosecutor to go after a company that's trying to stop the spread of c.p. so you'd have to pay the legal bills yourself. finally, once you get in front of the judge, what are you gonna do, complain that you were *able* to send c.p., admitting in open court that you've done something illegal?
Re:Probably just for P2P (Score:2, Interesting)
Re:Probably just for P2P (Score:3, Interesting)
Re:Probably just for P2P (Score:3, Interesting)
Re:Probably just for P2P (Score:3, Interesting)
Electronic versus snail (Score:3, Interesting)
Re:Probably just for P2P (Score:3, Interesting)
From what I understand from dabbling in ISP-ism back in the mid-90's, the only common carrier protection a ISP enjoys is for a USENET server; a court ruling established that USENET had common carrier protection, therefore a ISP could not be prosecuted for what was on a NNTP server, unless they attempted to censor it; if they attempted to censor it, that would imply that anything illegal that got transmitted was purposefully allowed to remain on the server. The only protection is to just ignore it unless it is brought to your attention.
What a GREAT time for Freenet 0.5 (which WORKS) to be on its last legs, fighting for it's life against Freenet 0.7 (which doesn't actually WORK).
At least Tor and I2P are still going strong.
Re:One question (Score:3, Interesting)
Exactly. They claim that the can search "every document attached to an e-mail .. -- to see if it matches a list of illegal images. Apparently, they have never heard of SMTP-TLS, POP3S, etc.. Or perhaps they have and they are just like many others -- selling snake oil.
SMTP-TLS and POP3S are pretty bad examples, because they secure the connection but you're still likely to be talking to a mail server that you don't control, and therefore can't guarantee isn't connected to such a thing.
That being said, this is yet another case of "Product which doesn't need to exist and offers little to no real benefit being sold to idiots with some superficially-plausible benefit." Spend any length of time working as a systems manager and you'll see dozens of these.
Right now my favourites are products which make it possible to manage a whole network full of computers at any level from "Make this change to every PC in the business" through "Make this change to this subset of PCs" down to "Just this specific PC". 90% of them require an Active Directory domain.