P2P Data Not Private, But It Could Be

Frequent correspondent Bennett Haselton writes with a forward-looking response to a recent ruling that peer-to-peer network participants have little privacy interest in files stored on their computer and that they have made available via P2P. Writes Bennett: "A court rules that law enforcement did not improperly 'search' defendants' computers by downloading files that the computers were sharing via P2P software. This seems like a reasonable ruling, but such cases may become rare if P2P software evolves to the point where all downloads are routed anonymously through other users' computers." Read on for the rest.

The police had used an automated P2P search tool to find evidence that child pornography was being shared from the defendants' computers, and then used that evidence to obtain probable cause warrants for searching their computers (where they subsequently found child porn being stored, and the defendants were charged accordingly). Last Friday, District Court Judge Christina Reiss ruled that the P2P search tool did not violate the defendants' 4th Amendment rights against unreasonable search, as they had argued.

I'm all for strong privacy rights and the right to exclude evidence at trial that was gathered improperly, but it's hard to see how the defendants thought they had a leg to stand on here. When you share a file on a P2P network where other users can download directly from your computer, by definition you are advertising that you have that file. Now, some of the time you might be sharing that file not out of the goodness of your heart, but because you're required to share the file in order to earn "credits" that you can use to continue your own downloads (BitTorrent requires sharing for this reason). But even then, you would still know that you were sharing the file (unless you really never realized how file sharing software works, but since it's actually called "file sharing software", that's kind of on you).

However, as I wrote in January, there's no reason why popular P2P programs couldn't re-route each download through a different user's connection, so that if you were downloading a file from another computer's IP address, you would never know if the file resided on that computer's hard drive. Obviously I'm not endorsing the use of such software by creeps like the ones who were arrested; I'm saying that regardless of how we feel about it, it's inevitable that proxified re-routed connections will become the de facto standard for P2P file sharing, if the following conditions remain true:

• It remains legal to run the software at all. This seems like a reasonable assumption in a mostly-free country like the U.S., where although piracy is illegal, file-sharing programs like BitTorrent are still legal even if they are frequently used for piracy.

• A user cannot be held liable for unknowingly forwarding data packets on behalf of someone else, even if the data packets comprise an illegal file (whether it's child pornography or a pirated movie).

• Bandwidth continues to get faster and cheaper. Today, if you download a 100-megabyte file by routing your download through three other users' computers, it will usually be much slower and more inconvenient than if you'd downloaded the file directly. In a few years, you won't notice the difference.

• If the police raid a suspect's house and seize their computer, if they see that the computer has an encrypted partition, the suspect can invoke their Fifth Amendment right to refuse to give the police the decryption password. You know how I feel about that, but the latest rulings on the question seem to affirm that you can refuse to decrypt your hard drive for law enforcement. So a good P2P client for "illicit" file trading would come with built-in support for an encrypted hard drive partition, where all saved files would be stored. (The software would probably come with a "kill switch" that you could use to instantly dismount your encrypted partition if you heard a knock on your door, and a five-minute inactivity timeout after which the drive would dismount automatically.)

In that previous article, I described a protocol in which any time a P2P user X (the "downloader") downloaded a file from another P2P user Y (the "sharer"), the connection would be routed through the computer of at least one "go-between" user Z (and possibly a chain of users Z1, Z2,... Zn). Each of the go-betweens simply downloads bytes from the next computer "up" the chain and sends those bytes on to the next computer "down" the chain, and none of the go-betweens know how far the chain extends in either direction. Because of the design of the protocol, from the point of view of any of the go-betweens, there is only a 40% chance that the computer they're downloading from, is the original "sharer." (See the January article for details on how this would be achieved.)

Now, does the analysis change if your adversary is the FBI looking for child pornographers, rather than the MPAA looking for movie pirates? Here are the variables that I think matter:

• The standard of proof to punish you is higher. In a civil lawsuit, the MPAA would only have to prove their case against you by a "preponderance of the evidence" (i.e. greater than 50%); to obtain a criminal conviction, the court would have to prove your guilt "beyond a reasonable doubt." However in both cases, if all that the court knows is that the defendant's computer was identified as passing along bits and bytes of an illegal file, and the court understands that there's only a 40% chance that the computer owner actually possessed the illegal file, then this falls below the standard of proof in both cases. (Of course, this is contingent on no other evidence turning up to implicate you. If the police raid your house and find child pornography printouts lying around your desk, then so much for the "40% chance of guilt" figure.)

• In a civil trial, the defendant can be called to the stand and made to answer questions (unlike a criminal trial, where the defendant can refuse to testify under the Fifth Amendment). So even if the MPAA's lawyer knew there was only a 40% chance that they had sued the right defendant, they could ask the defendant under oath, "Did you download this movie?" (Or they could sue 10 defendants at once, and argue, correctly, that on average about 4 of those defendants were probably guilty.) The defendant could invoke their Fifth Amendment rights and refuse to answer, however, in a civil trial, the court is free to consider this refusal to be evidence weighing in favor of the defendant's guilt. In theory, a defendant could simply say "No," and there would be no way to prove they were lying. In practice, the MPAA's lawyer might try to intimidate a defendant into confessing, telling them that the worst that can happen to them if they confess is just a monetary judgment, but if they lie under oath they could go to jail, etc.

• The punishment for getting caught for possession of child pornography is much more severe. I'm not sure if this changes the analysis though. It's not a case of "a 40% chance of losing a lawsuit vs. a 40% chance of going to jail." If the court in both cases can never establish your guilt with a probability of more than 40%, then since that's not enough to get a criminal conviction or a civil judgment, you actually have a 0% chance of losing in either case, provided you don't make any other errors (leaving illegal printouts by your computer), and provided the court actually understands that the "evidence" only establishes about a 40% chance of your guilt.

• The cost of being accused of possessing child pornography is much higher, even if you ultimately win in court. If the MPAA sues you for downloading a pirated movie (even if they know there's only a 40% chance they've got the right person), that would probably just increase your street cred among your friends. If you're a middle-aged computer nerd accused of downloading child pornography, not so much. Even if you're ultimately acquitted, your reputation will probably be ruined.

This last point suggests the only "attack" that I can think of that law enforcement could use successfully against this protocol. The police know in advance that if they arrest someone for transmitting an illegal file from their IP address, and if the defendant refuses to testify and the defendant's hard drive is encrypted, the state won't be able to get a conviction since there's only a 40% chance that the defendant was actually in possession of the file. However, if the defendant's life will be ruined by going to trial anyway, law enforcement could use this as a bludgeon to scare people away from even running the P2P protocol. Saying, in essence, "We're going to go out and do searches for illegal files to download, and we will file charges against any person whose IP address re-transmits an illegal file to us. Even though we know we won't be able to get a conviction, we'll ruin the lives of anyone we can identify in this way, so that's the risk that you're taking by installing this software, even if you yourself don't do anything illegal."

Whether this attack would be effective, depends on whether the courts would tolerate these kinds of "intimidation" prosecutions, where the law enforcement knows going in that they can never establish more than a 40% chance of the defendant's guilt (and hence no chance of conviction unless the defendant "cracks"), but they press charges anyway. I would call that an abuse of state power, and say that any prosecutor who knowingly pursues a losing case should be fired and compensation should be paid to the victim, but the courts might not see it that way, especially if the prosecutor finds a way to work the phrase "child porn" into every sentence.