Touring the digital through type

Tag: P2P (Page 2 of 2)

The Business of Infringing Content

CreepycopyrightinfringementWhen people are about to download content from the ‘net that is copywritten, many often ask ‘will I get caught doing this?’ For many, the response is ‘no’ and then continue to download that episode of Seinfeld or whatever. Given that there are so many people downloading, and that record companies in the US have claimed to have abandoned filing new lawsuits against individuals, then things (in North America) appear to be getting better.

At issue, however, is that filing lawsuits is big money, and in Europe especially it looks like Digiprotect has moved in to assume first-mover advantage. Digiprotect gets “the legal rights from the companies to distribute these movies to stores, and with these rights we can sue illegal downloaders. Then we take legal action in every country possible, concentrating on the places where such action will be profitable” (Source). They avoid demanding too much money from infringers, on the basis that few judges like the idea of imposing million dollar fines on individuals – usually opting for suits demanding in the vicinity of 500 Euros. This amount of money ‘teaches’ individuals and provides enough money to keep the employees paid. No staff member has a fixed salary – they are paid according to the ‘cases’ that are won. The actual method of determining the financial burdens are based on the business expenses, profit, and money to be distributed to artists. In effect, the company sets up a honeypot and then sues whomever it is profitable to sue.

Continue reading

Beyond Fear and Deep Packet Inspection

securitybooksOver the past few days I’ve been able to attend to non-essential reading, which has given me the opportunity to start chewing through Bruce Schneier’s Beyond Fear. The book, in general, is an effort on Bruce’s part to get people thinking critically about security measures. It’s incredibly accessible and easy to read – I’d highly recommend it.

Early on in the text, Schneier provides a set of questions that ought to be asked before deploying a security system. I want to very briefly think through those questions as they relate to Deep Packet Inspection (DPI) in Canada to begin narrowing a security-derived understanding of the technology in Canada. My hope is that through critically engaging with this technology that a model to capture concerns and worries can start to emerge.

Question 1: What assets are you trying to protect?

  • Network infrastructure from being overwhelmed by data traffic.

Question 2: What are the risks to these assets?

  • Synchronous bandwidth-heavy applications running 24/7 that generate congestion and thus broadly degrade consumer experiences.

Question 3: How well does security mitigate those risks?

Continue reading

Background to North American Politics of Deep Packet Inspection

crtc566The CRTC is listening to oral presentations concerning Canadian ISPs’ use of Deep Packet Inspection (DPI) appliances to throttle Canadians’ Internet traffic. Rather than talk about these presentations in any length, I thought that I’d step back a bit and try to outline some of the attention that DPI has received over the past few years. This should give people who are newly interested in the technology an appreciation for why DPI has become the focus of so much attention and provide paths to learn about the politics of DPI. This post is meant to be a fast overview, and only attends to the North American situation given that it’s what I’m most familiar with.

Massive surveillance of digital networks took off as an issue in 2005, when the New York Times published their first article on the NSA’s warrantless wiretapping operations. The concern about such surveillance brewed for years, but (in my eyes) really exploded as the public started to learn about the capacities of DPI technologies as potential tools for mass surveillance.

DPI has been garnering headlines in a major way in 2007, which has really been the result of Nate Anderson’s piece, “Deep packet inspection meets ‘Net neutrality, CALEA.” Anderson’s article is typically recognized as the popular news article that put DPI on the scene, and the American public’s interest in this technology was reinforced by Comcast’s use of TCP RST packets, which was made possible using Sandvine equipment. These packets (which appear to have been first discussed in 1981) were used by Comcast to convince P2P clients that the other client(s) in the P2P session didn’t want to communicate with Comcast subscriber’s P2P application, which led to the termination of the data transmission. Things continued to heat up in the US, as the behavioural advertising company NebuAd began partnering with ISPs to deliver targeted ads to ISPs’ customers using DPI equipment. The Free Press hired Robert Topolski to perform a technical analysis of what NebuAd was doing, and found that NebuAd was (in effect) performing a man-in-the-middle attack to alter packets as they coursed through ISP network hubs. This report, prepared for Congressional hearings into the surveillance of Americans’ data transfers, was key to driving American ISPs away from NebuAd in the face of political and customer revolt over targeted advertising practices. NebuAd has since shut its doors. In the US there is now talk of shifting towards agnostic throttling, rather than throttling that targets particular applications. Discrimination is equally applied now, instead of honing in on specific groups.

In Canada, there haven’t been (many) accusations of ISPs using DPI for advertising purposes, but throttling has been at the center of our discussions of how Canadian ISPs use DPI to delay P2P applications’ data transfers. Continue reading

Thoughts: P2P, PET+, and Privacy Literature

p2pwindowPeer-to-peer (P2P) technologies are not new and are unlikely to disappear anytime soon. While I’m tempted to talk about the Pirate’s Bay, or ‘the Pirate Google‘ in the context of P2P and privacy, other people have discussed these topics exceptionally well, and at length. No, I want to talk (in a limited sense) about the code of P2P and how these technologies are (accidentally) used to reflect on what privacy literature might offer to the debate concerning the regulation of P2P programs.

I’ll begin with code and P2P. In the US there have been sporadic discussions in Congress that P2P companies need to alter their UIs and make it more evident what individuals are, and are not, sharing on the ‘net when they run these programs. Mathew Lasar at Ars Technica has noted that Congress is interested in cutting down on what is termed ‘inadvertent sharing’ – effectively, members of Congress recognize that individuals have accidentally shared sensitive information using P2P applications, and want P2P vendors to design their programs in a way that will limit accidental sharing of personal/private information. Somewhat damningly, the United States Patent and Trademark Office declared in 2006 that P2P applications were “uniquely dangerous,” and capable of causing users “to share inadvertently not only infringing files, but also sensitive personal files like tax returns, financial records, and documents containing private or even classified data” (Source).

Continue reading

Newer posts »