Virgin Media To Trial Filesharing Monitoring In UK 280
Shokaster writes "The Register reports that Virgin Media are to begin monitoring file sharing using a deep packet inspection system, CView, provided by Deltica, a BAE subsidiary. The trial will cover about 40% of customers, although those involved will not be informed. CView's deep packet inspection is the same technology that powered Phorm's advertising system. Initially Virgin Media's implementation will focus on music sharing and will inspect packets to determine whether the content is licensed or unlicensed, based on data provided by the record industry. Virgin Media emphasised that records will not be kept on individual customers and that data on the level of copyright infringement will be aggregated and anonymised."
How do they know? (Score:5, Insightful)
I have a friend who's an amateur musician and devices (his mobile phone) have started to deny him the ability to play his own music due to it being "unlicensed".
How the hell do these clowns expect to be able to figure out what's unauthorised copying?
Re:How do they know? (Score:3, Insightful)
It's nice to see the military industrial complex involved in the music industry's problem.
Six months from now (Score:4, Insightful)
27th May 2010
Just 6 months after the announcement to monitor their network for illegal filesharers, Virgin Media has seen a dramatic decline in subscribers.
90% of their top tier customers (renting 20Mb/sec) have canceled their subscriptions
This figure is similar (82%) for their 10Mb/sec tier
Furthermore, the cost of the controversial detection methods (Deep Packet Inspection) has meant that the company has had to increase monthly subscription costs across all tiers by 10-20%
This has seen decline (albeit much smaller, at 47%) in their lowest tier of service
Re:Six months from now (Score:4, Insightful)
Only in your fantasies. Nothing will change. They'll keep the same subscriber level, and if there's any changes in level it will be due to deteriorating economic conditions.
Face it: the average schlub doesn't give a rat's ass about the security of their internet connection from the ISP itself. In their thoughts: "Why should I? I've got nothing to hide!"
Time to encrypt everything. (Score:5, Insightful)
Re:Six months from now (Score:1, Insightful)
I agree with the AC above me, and moreover: not only do people not care, but they don't generally even *know*. They don't understand the issues involved and have about as much understanding of their network connection as my cat has of internal combustion engines.
Plus, there's often not much choice. Where I live there's exactly ONE choice for broadband. Some of my friends have two, both fairly evil. What does one do when all the available choices suck?
Re:Time to encrypt everything. (Score:5, Insightful)
Re:Time to encrypt everything. (Score:2, Insightful)
And by "aggregated and anonymised", they mean they will send all the records to the record labels grouped by address. They won't even send the DSL subscribers name to the record label. Promise.
Re:Time to encrypt everything. (Score:5, Insightful)
if they suspect people of committing a crime, they should get a warrant.
But that would involve due process and presumption innocence, and well, we can't have that now. What's next? Right to a fair trial?
No one believes the promise of anonymity (Score:4, Insightful)
I guess I'll fill in some space down here because slashdot will not likely let me post a subject-only comment, but seriously, what more needs to be said? I can't believe they are even saying that with a straight face. Governments barely have anyone or anything to answer two when they lie to people. Businesses like Virgin media most certainly do not. The only thing that their bullshit proves is that they are aware of what the public response will be and that they are afraid of it at some level.
Could this cause legal problems for them? (Score:5, Insightful)
Encrypt (Score:5, Insightful)
Everything.
Re:Time to encrypt everything. (Score:4, Insightful)
They aren't allowed to listen to your phone calls, wy the hhell should they be allowed to look at your data
Yeah, and look at how well governments followed that law http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy [wikipedia.org]
Any human rights documents from any western country (UK, US, Canada, etc) are quickly becoming no more than toilet paper.
The only way we have to stop them is to make it physically impossible for them to trample our rights. Encryption is one way we can stop this abuse of power. Laws only get us so far when "national security" is on the line.
This won't work (Score:2, Insightful)
Re:Could this cause legal problems for them? (Score:3, Insightful)
Re:Time to encrypt everything. (Score:3, Insightful)
But unless client and server agree on a private key in advance, by offline means, a Man in the Middle can still proxy the key negotiation and access the plaintext.
Implied (Score:3, Insightful)
For Now. Later? Who knows.
That'll violate their immunity (Score:1, Insightful)
The inability to inspect cargo is the principle behind common carrier status. If they can inspect their traffic for copyright infringement then they can police their traffic for everything else.
Re:What sort of overhead would be need to encrypt (Score:2, Insightful)
openssl speed aes-128-cbc aes-256-cbc
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes
aes-128 cbc 93137.34k 124663.87k 140590.61k 144921.90k 145808.33k
aes-256 cbc 60556.97k 91740.58k 103621.96k 107994.02k 108521.49k
Those benchmarks are on a 3 year old CPU (single core only). Hence encryption is not a limiting factor for end users - instead, network bandwidth is the limiting factor. I'd argue that encryption isn't a limiting factor for mass data surveillance either. In public anonymous networks without any sort of trust between users, encryption is not overly beneficial.
Some reasoning why:
1) You can rotate your taps between your customers so that they may only be monitored twice a year for a day at a time. You're still going to catch MANY people this way. And for the stated purpose of this system they're installing, they're apparently only after statistics (I doubt anyone is stupid enough to believe this though). For statistical (and scare tactic) purposes, taking small samples from different customers at different times is just as effective as maintaining a 24/7 tap on everyone's connection.
2) The eavesdropper can bulk purchase cheap dedicated ASIC chips that are optimised for decryption of encrypted file sharing traffic. End users have to put up with CPUs that are designed for other purposes and thus they have to spend more per encrypted byte than the eavesdroppers do per decrypted byte.
3) Imagine an eavesdropper that plants 1000's of fake monitoring peers onto the network. These peers would be indistinguishable to you from other legitimate anonymous peers on the other side of the world. These fake monitoring peers would behave exactly like any other legitimate peer would, except that they make a record of who is downloading files.
No matter what technical solution you use (such as encryption), at the end of the day you're still communicating and sharing with random anonymous people on the internet. You haven't established any sort of trust with them. Without trust, that other party in your communication could just as likely be a fake monitoring peer.
In Other News... (Score:5, Insightful)
All public and private communications of all executives of companies in the UK valued at 500 million or more will be monitored for illegal, unethical, and undesired behaviour.
"If we had only known what certain Wall Street bankers had been up to the world could have avoided financial losses in the trillions. In a world of high speed communication and free flowing capital, the expectations of privacy have to be balanced against the interests of all stakeholders." said noted expert florescent_beige.
Re:Six months from now (Score:2, Insightful)
Re:More details here: (Score:5, Insightful)
Such as, e.g., a facility to allow *every* broadband customer to be informed of and if they so choose to view *all* the information being gathered about themselves, and allow *any* of this data to be edited for accuracy by the customer, and allow *all* of this data to be deleted from *all* their servers if the customer decides to end the contract with Virgin at any time, etc.
Moreover, I presume that Virgin Media have ensured that the nature of the data they do collect is technically necessary for the provision of their ISP service to each customer, and not simply a gratuitous and illegal collection of data that is requested for a completely independent purpose set out in a completely different contract with another entity, and to which the customer himself is not actually a party.
These are bad economic times, and it would be a pity if some idle British lawyer were to look a little too closely at this announcement...
Re:Is any form of trivial encryption sufficient? (Score:3, Insightful)
Re:Time to encrypt everything. (Score:2, Insightful)
If we make it technically or financially unfeasible to monitor communications en masse, then Governments will be more reluctant to do it
or... governments will switch to more radical forms of tapping, like pointing a directional microphone at your house...
Re:Six months from now (Score:3, Insightful)
You’re the master of self-fulfilling prophecies aren’t you??
Half the reason that sometimes nothing changes, is the people constantly repeating that, taking all belief of the possiblility out of people.
That again is half the strategy to keep people from rising up.
Because in the end, it’s all in the mind. If ten million people want to rise up, but believe they are the only ones, then it will be much more unlikely that they really do it.
But if ten people believe that they really can change things, they will rise up, and change things. By showing others that they are not the only ones, and thereby starting the avalanche.
Re:Time to encrypt everything. (Score:5, Insightful)
Of course, most of us have nothing to hide
I hear that all the time and it's time to stop this lie by the surveillance fanatics once and for all.
Of course we all have something to hide! It's called our private life. You have no business snooping around in it. Not if you're a cop, not it you're an ISP, not if you're god.
Re:More details here: (Score:3, Insightful)
This is what the banks have been doing for decades. They are happily giving details of your credit card transactions to a privately owned third party company that keeps this record about you and sells digested report about you, popularly known as credit rating, to interested other parties.
If you wish to see the information they collect about you, you have to pay money to them, and correcting wrong information about you (since it otherwise can ruin your life) is not easy or even possible either.
Re:How do you suggest we do this? (Score:3, Insightful)
It is an evolutionary process. Browsers and http servers didn't all support HTTPS from the very beginning, but serious ones gradually accepted it as a critical part of the web infrastructure, and now you wouldn't dream to do ecommerce on HTTP.
The same is slowly happening for other applications where secrecy and data integrity increasingly get to be seen as essential. Pretty much all serious torrent clients already support encryption, but they haven't switched off "legacy" support in their default configurations yet. It will take for a "big country" (like France or the UK) to start seriously enforcing laws through DPI for plaintext-mode to be disabled by default. Then they will start doing the "mediasentry thing", impersonating peers etc etc, which is where webs of trust will come into play. Until someone will come up with a better business model for producing and distributing entertainment, making loads of bucks and showing the old cartels as irrelevant.
We predicted all this a decade ago, and it's happening exactly as we thought it would: centralized nets -> decentralized nets -> decentralized and encrypted nets -> decentralized, encrypted and trusted nets. Cat&mouse will continue. It will take another decade or so to get rid of this particularly evil sort of candlemakers we now call "the entertainment industry", because they wasted the current one on doomed strategies.