Friday, February 24, 2017

Could “active Bittorrent beacons” help against abuse by the copyright surveillance industry?

The problem: People who have not participated in filesharing via Bittorrent are being hit by copyright violation claims.
There are no data on the extent of the problem and very inadequate defenses.
 
Most computer literate people, and many TV-only folks, know there is a filesharing surveillance industry out there that affects millions of people across Europe.

Internet users may come face to face with a law firm that handles the collection of “damages” for deep pocket clients from the movie, music and games industries.

Any web search will yield lots of stories about legal woes related to filesharing, especially the very popular Bittorrent protocol.

My question when I delved into the topic was, what protection against unjustified threats of lawsuits exist for consumers?

On the legal side, the answer is: few, and you really need the help of a lawyer to avoid paying up to 1000 Euros for an alleged 2 minute upload of a movie – the numbers are from a recent documented example out of Germany.

A visit to a lawyer in Germany will easily set you back about 200 Euros. And you are still likely to be pestered by demands for payment for years.

If you dare question the surveillance technology, the law firm is much more likely to take you to court, because the law governing liability for the internet connection favors them and they will have a couple of high powered techies tell the judge it is totally accurate.

On the technical side, it is even worse: next to nothing.

Of course, there are tools to protect you to some degree if you actively use Bittorrent. BTGuard or a VPN are the most frequently mentioned protections.

For internet users willing to go to extreme lengths to protect their connection, there is logging of all internet traffic. This requires money and serious skills.

Yet, for the vast majority of users, making sure half way decent passwords are used for the router administration and the WiFi function is about as secure as life gets.

So, we thought about ways to help protect innocent users, people who may never have heard of Bittorrent.

While there is no “technical solution to a non-technical problem”, we wanted something that could accomplish two things:

1) Make it less likely to be without any defense at all if and when a letter claiming alleged infringement arrives.
2) Is not invasive, and respect the privacy of users.

After some thinking, we came up with an “active beacon”.

As the name indicates, this would be a piece of software that “blinks”. It would establish connections to the Bittorrent network at regular or slightly irregular intervals for nothing more than a handshake and log some connection details, especially the exact time and the IP address and port of the counterpart. For more considerations, see the end of this post **.

Then it would go silent until the next iteration.

This simple device would try to counter the two pieces of data in standard infringement claims that are unrelated to the claimed content (movie, game, etc.) but critical.

Ideally, router manufacturers would have this as an in-built feature. This would pose the question of how to store the data for later use. A friendly, free cloud hoster would be ideal, with a small cost to privacy. Since the device is the router, not an individual connected machine, many people would be willing to do this. For the rest of us, syslog would help.
Of course, expect police to be curious in some high profile murder case or the like. But there may be limited value in knowing that a router was on.

The next best implementation would be on the part of operating systems companies.
Adding a fairly simple service or demon would be trivial.

The final possibility would be user installs. This might be on only one machine in a home network but still make it a bit harder for the law firm to prove a violation.

In the best case defense scenario, the user could look at the log and prove that there was another connection to a Bittorrent network client on that very port on the date and at the time in question.

Wide adoption of a beacon solution by routing manufacturers would potentially make spurious copyright infringement claims less likely. 

For every single case in which a user could counter their tech with a technical record of his or her own, the surveillance company reputation would suffer. Some of the uncertainty now on the user would be shifted onto the surveillance folks.

And in some countries, users might then be able to sue them for damages, especially if beacon data are stored by a third party.



** For the tech savvy, yes, we are aware that a simple handshake on a single port is not what we would ideally want because the very flexible DHT clients can negotiate ports and the number of available ports is large. Beacons might have to perform a number of connections, to increase the logged ports.



The beacon would not upload or download files. If that’s not possible, a simple plain text file with a “we are the good guys” might do, but people with much deeper knowledge of Bittorrent than me need to figure things out.



For router manufacturers, sorting out and blocking Bittorrent is a headache. If they only see a stream of data, potentially encrypted, they cannot be sure they are seeing Bittorrent. With so many ports potentially useable by DHT clients, it is even worse. 

For protection of active Bittorrent users,  a protocol extension with a "Have you seen me" feature might be useful.
However, sending out a help call like "have you been connected to my IP address on that date at that time" would suffer from the DHCP effect. The address might have changed, and the user might not have a record. 

No comments:

Post a Comment