Will ISPs Be Driven To Spy On Their Customers? 133
bs0d3 writes "In regards to the new 'voluntary' graduated response deal (where no one really knows how ISPs will track and accuse customers of copyright infringement), according to CNN, it may be the ISP directly spying on their customers. 'But now that they're free from individual blame, there's also the strong possibility that the ISPs will be doing the data monitoring directly. That's a much bigger deal. So instead of reaching out to the Internet to track down illegally flowing bits of their movies, the studios will sit back while ISP's "sniff" the packets of data coming to and from their customers' computers.' This could be a problem for people who use U.S.-based internet services. If the U.S. wants to be an internet savvy country, they still need the competition in the marketplace that's always been missing, and a digital bill of rights that isn't a sneaky anti-piracy measure."
Just use SSL for everything (Score:2, Insightful)
Computers are fast enough... there's barely any CPU overhead anymore.
Re:You mean they don't do it already? (Score:5, Insightful)
Really? Anyone? Really believes that the ISP are protecting you? Your privacy? With claws and fangs?
No, I think they're covering their own asses by making sure they know absolutely nothing about anything I do or don't do. If they start flagging copyright infringements for one company I'm sure they'll get sued by a bunch of other companies for secondary infringement or criminal negligence or being co-conspirators as they let all the other infringements pass. And not just copyright infringement but everything else too, the user is sending SPAM and they let it pass? Sue the ISP. Internet fraud? Sue the ISP. Hacking? Sue the ISP. If anyone can show the ISP "knew" the customer was doing something illegal but continued the subscription to turn a profit, they could get in all sorts of legal shit. Either you're reading the bits or you're not, you can't both do that and claim ignorance at the same time.
Re:Just use SSL for everything (Score:4, Insightful)
In any sane world this would be sarcasm, but you never know these days.
Re:Short answer: No (the correct answer) (Score:3, Insightful)
If I had any point, I would have given them all to you in some form or fashion. Thanks for your input, and you clearly have insight as to what this 'agreement' really means.
I have heard random opinions about this situation, and most of them resemble your opinion as well. ISP will not be directly monitoring User's traffic, do so, violates a few other laws in palce. the AOL case, is a prime example WHY we will not have ISPs jumping onto the bandwagon to help MPAA/RIAA prosecute customers. From a business perspective, it would be detrimental for ISPs to be caught "snitching' on their users.
The moment a ISP is labeled as a 'snitch', customers may change in droves to competition, thus killing a ISP in the process. I highly doubt this, because if Warner Brother wanted to go after its viewers and customers, then Time Warner would have been sending notices of impending doom to customers long ago. When ISP are forced to monitor customers' traffic, it will be FORCED. Non-compliance would result in fines, and penalties from the Government. Currently the government isn't the group of people trying to punish others right now.
Again this is about partnership. MPAA/RIAA being allowed direct investigation connection through the ISP. With this passing, it would only cheapen the process in which the RIAA/MPAA uses to catch users and send infringement letters.
would cost a lot of money (Score:5, Insightful)
That just gets passed along to the consumer.
Re:Just use SSL for everything (Score:5, Insightful)
I think most ISP have enough common sense not to try that. All it would take is for some 3rd party DNS provider to stuff a NAT statement into their iptables such that 80 -> 53. Doing DNS on TCP is not to much overhead for modern hardware.
At that point they'd have to start doing inspection to make sure all 80 traffic looks like http. That would even get somewhat more complicated if the SSL port were used. Its game over once people implement local stub DNS resolvers that actually call a web service somewhere over https to do queries.
Unless ISP are prepared to essentially deploy Websense or something like it with SSL intercept and block any protocol including VPNs etc, that is not http, https, possibly ftp, and does not appear to some other protocol implemented on top of those its impossible. I don't think consumers would stand for it.
*What do mean I can't connect to my companies VPN?
*WOW and all my old games wont work any more, I have to buy new ones that use webservices and have shit latency thru your proxy!
*No more VOIP
That dog won't hunt.