Network surveillance is a persistent issue that privacy advocates warn about on a regular basis. In the face of Edward Snowden’s disclosures, the public has often been concerned about how, when, and why corporations disclose information to policing, security, and intelligence services. Codenamed projects like PRISM, NUCLEON, and MAINWAY, combined with the shadowy nature of how data is collected and used, makes Snowden’s very serious revelations a hot topic to talk, write, and think about.

However, it’s important to recognize that the corporations that are entrusted with significant amounts of our personal information often independently analyze and process our information in ways that we don’t expect. In this post I discuss a patent that AT&T received a little over a year ago to analyze the personal communications of its subscribers to catch instances of copyright infringement. I begin by outlining providing information concerning AT&T’s patent. From there, I discuss other companies’ efforts to develop and deploy similar systems in Europe to shed more light on how AT&T’s system might work. This post concludes by considering a range of reasons that might have driven AT&T to file for their patent, and notes why it’s important to place patents within the broader policy ecosystem that telecommunications companies operate within instead of analyzing such patents in isolation.

AT&T’s Copyright Detection Patent

In the United States, the analysis of data packets might become even more invasive if a patent that AT&T received in 2012 is any indication. The patent is named “Real-time detection in ISP transmissions,” and it outlines how the company would monitor data packets for material that could infringe on copyright. AT&T recognizes the challenge in alleviating infringing behaviour, writing:

Pursuing the illegal distributors of such materials is problematic because the users are often numerous and diffuse and individual legal action against multiple small users is expensive — as well as unsympathetic from a public relations standpoint when the users turn out to be teenagers or others whose motives are seldom to make a criminal profit.

The present invention preferably uses a currently available real-time network data management device which is capable of analyzing the complete flow of data packets in a data stream.[1]

If the content of the identified data stream is a positive match with a database item, e.g., is a copyright infringement, then a responsive action is taken.

In effect, AT&T has patented a system that does what network neutrality advocates have warned about for over a decade, a system that enables a private company to deploy network equipment to massively, pervasively, and ‘transparently’ interdict its subscribers’ communications to scan for, and act on, specific content flows. The system outlined by AT&T isn’t new, however: other companies in Europe have already developed and toyed with similar ‘solutions’ to identify and impede copyright infringement on ISPs’ networks.

Past Art and the Case Abroad

AT&T’s proposed means of engaging in copyright detection and infringement bears strong parallels to techniques that have been developed by network management vendors, such as the German company ipoque. ipoque wrote in a corporate whitepaper, titled “Copyright Protection in the Internet,” that their deep packet inspection equipment could monitor for copyright infringing content and subsequently take action on it. The company, however, makes explicit the challenges linked with such practices.

First, deep packet inspection equipment can be used to conduct fingerprint analysis of data in transit. Such an analysis entails comparing facets of a file to data packets coursing through an ISP’s infrastructure to prospectively identify packets carrying copyright infringing material(s). However, such tactics cannot analyze encrypted .zip or other compressed files. ipoque concluded that:

Fingerprinting systems do not operate in real-time and cannot be deployed on a large scale. They do not work with encrypted communication or encrypted files. Still, fingerprinting can be useful for an offline search of particular files and the involved IP addresses in captured network traffic. In addition, its ability to correlate modified copies with the original file can be used to build a more complete database of file hashes, which can then be used with file hash-based measures…[2]

Alternately, such analysis equipment can engage in hash-based identification and blacklisting. This approach demands deriving unique hashes from files and recomposing files in transit such that they can be compared against the hash list; after getting a ‘hit’ the traffic manager can take action against the files in question. ipoque, back in 2009, warned:

Traffic managers are capable to maintain file hash databases with at least one million entries and to selectively block or allow individual file transfers. While both black- and whitelisting are in theory possible, only blacklisting would be politically viable. Whitelisting, i.e., the controlled admission of validated files only, would be a serious infringement of freedom of speech making it all but politically impossible.

File hash-based measures do work effectively with unencrypted and public sharing services. Encrypted communication and private file sharing networks can only be controlled by criminalistic methods involving a high effort. However, the vast majority of copyright infringements happen in open services, as the public availability is the key success factor for such services.[3]

Presumably, based on how AT&T described the workings of their patent, they envision adopting a hash-based mechanism. This approach was almost taken up by a British ISP, Virgin, when the company flirted with the CView copyright detection system. CView was designed to poll how much infringing material was coursing across Virgin’s network by performing full-file analysis. Such analysis was not ‘live’ but, instead, was conducted on files that were temporarily copied to a storage network. It isn’t entirely clear that Virgin’s system was ever truly launched[4] but, regardless, there was genuine interest in pursuing this mode of surveillance and data packet interdiction.

Ultimately, what AT&T is proposing is not necessarily a new idea, though it may be moderately new in the American context. However, before we assume that the patent indicates a forthcoming plot on AT&T’s part to massively monitor the Internet it’s important to put the company, and this patent, in a broader policy context.

Making Sense of AT&T’s Patent

In the case of AT&T, it’s not clear that their patent will necessarily lead to specific actions taken against their subscribers’ communications. Prying into the content of communications, regardless of the reasons, could run afoul of the ECPA and wiretapping laws that gutted efforts to deploy deep packet inspection-driven behavioural advertising systems.[5] However, American ISPs routinely speak out of both sides of their mouths: on the one hand, ISPs want to remain ‘neutral’ carriers so that they don’t have to police their networks on behalf of third-parties, and on the other hand, ISPs assert that meddling with their subscribers’ data traffic constitutes ISPs exercising their first amendment speech rights.[6] It’s challenging to see how these two positions can be squared; it’s entirely possible that AT&T might want to engage in content surveillance if it was in their own corporate interests, and not required by third-parties.

So, what does AT&T’s patent herald? On the one hand, it could be seen as a defensive effort: the patent could be used to preclude copyright groups from pushing forward with technologies like those envisioned in AT&T’s patent by refusing to license the technology. Such a position could cohere with the company’s 2010 filing on network-based copyright enforcement, when it wrote:

Private entities are not created or meant to conduct the law enforcement and judicial balancing act that would be required; they are not charged with sitting in judgment of facts; and they are not empowered to punish alleged criminals without a court order or other government sanction. Indeed, the liability implications of ISPs acting as a quasi-law-enforcement/judicial branch could be enormous. The government and the courts, not ISPs, are responsible for intellectual property enforcement, and only they can secure and balance the various property, privacy, and due process rights that are at play and often in conflict in this realm.[6]

Alternately, AT&T might use the patent to enhance the company’s competitive position should American ISPs be required to aggressively police their networks for copyright infringement. To clarify, AT&T could use their patent to make money from licensing it to either equipment vendors or other American ISPs, or it could refuse to license its patent and thus force its competitors to adopt a more expensive or challenging mechanism to monitor for copyright.

In effect, we cannot look at AT&T’s patent in isolation of other companies’ technical accounts of filtering for copyright, without considering the history in invasive DPI-driven snooping in the United States, or without thinking about the copyright battle lines in the US. It’s incredibly important to look at how past art has accounted for what the company is trying to do: what are the likely deficiencies with any such monitoring practice? how does the patent fit into ISPs’ (often adversarial) relationships with content owners? how could the patent be used to delimit the capacities of equipment vendors or other ISPs from adopting ‘solutions’ paralleling AT&T’s own patented systems?

AT&T’s patents rightly raise red flags, but we need to look beyond the most obvious (and nefarious!) red flags: when examining corporate surveillance prospects we need to reflect on the full range of reasons behind the practice. Only in taking this broader, and often more nuanced, view are we likely to come closer to the truth of what is actually going on, and why. And, if we don’t get closer to the specific truth of the situation, at least we can better understand the battleground and likely terms of the conflict.