The problem: People who have not participated in filesharing via Bittorrent are being hit by copyright violation claims.
There are no data on the extent of the problem and very inadequate defenses.
Most computer literate people, and many TV-only folks, know there is a filesharing surveillance industry out there that affects millions of people across Europe.
There are no data on the extent of the problem and very inadequate defenses.
Most computer literate people, and many TV-only folks, know there is a filesharing surveillance industry out there that affects millions of people across Europe.
Internet
users may come face to face with a law firm that handles the
collection of “damages” for deep pocket clients from the movie,
music and games industries.
Any
web search will yield lots of stories about legal woes related to
filesharing, especially the very popular Bittorrent protocol.
My
question when I delved into the topic was, what protection against
unjustified threats of lawsuits exist for consumers?
On
the legal side, the answer is: few, and you really need the help of a
lawyer to avoid paying up to 1000 Euros for an alleged 2 minute
upload of a movie – the numbers are from a recent documented
example out of Germany.
A
visit to a lawyer in Germany will easily set you back about 200
Euros. And you are still likely to be pestered by demands for payment
for years.
If
you dare question the surveillance technology, the law firm is much
more likely to take you to court, because the law governing liability
for the internet connection favors them and they will have a couple of high powered techies tell the judge it is totally accurate.
On
the technical side, it is even worse: next to nothing.
Of
course, there are tools to protect you to some degree if you actively
use Bittorrent. BTGuard or a VPN are the most frequently mentioned
protections.
For
internet users willing to go to extreme lengths to protect their connection,
there is logging of all internet traffic. This requires money and
serious skills.
Yet, for the vast majority of users, making sure half way decent passwords
are used for the router administration and the WiFi function is about
as secure as life gets.
So,
we thought about ways to help protect innocent users, people who may
never have heard of Bittorrent.
While
there is no “technical solution to a non-technical problem”, we
wanted something that could accomplish two things:
1)
Make it less likely to be without any defense at all if and when a
letter claiming alleged infringement arrives.
2)
Is not invasive, and respect the privacy of users.
After
some thinking, we came up with an “active beacon”.
As
the name indicates, this would be a piece of software that “blinks”.
It would establish connections to the Bittorrent network at regular
or slightly irregular intervals for nothing more than a handshake and
log some connection details, especially the exact time and the IP
address and port of the counterpart. For more considerations, see the
end of this post **.
Then
it would go silent until the next iteration.
This
simple device would try to counter the two pieces of data in
standard infringement claims that are unrelated to the claimed
content (movie, game, etc.) but critical.
Ideally,
router manufacturers would have this as an in-built feature. This
would pose the question of how to store the data for later use. A
friendly, free cloud hoster would be ideal, with a small cost to
privacy. Since the device is the router, not an individual connected
machine, many people would be willing to do this. For the rest of us, syslog would help.
Of
course, expect police to be curious in some high profile murder case
or the like. But there may be limited value in knowing that a router
was on.
The
next best implementation would be on the part of operating systems
companies.
Adding
a fairly simple service or demon would be trivial.
The
final possibility would be user installs. This might be on only one
machine in a home network but still make it a bit harder for the law
firm to prove a violation.
In
the best case defense scenario, the user could look at the log and
prove that there was another connection to a Bittorrent network
client on that very port on the date and at the time in question.
Wide
adoption of a beacon solution by routing manufacturers would
potentially make spurious copyright infringement claims less likely.
For every single case in which a user could counter their tech with a technical record of his or her own, the surveillance company reputation would suffer. Some of the uncertainty now on the user would be shifted onto the surveillance folks.
And in some countries, users might then be able to sue them for damages, especially if beacon data are stored by a third party.
**
For the tech savvy, yes, we are aware that a simple handshake on a
single port is not what we would ideally want because the very
flexible DHT clients can negotiate ports and the number of available
ports is large. Beacons might have to perform a number of
connections, to increase the logged ports.
The
beacon would not upload or download files. If that’s not possible,
a simple plain text file with a “we are the good guys” might do,
but people with much deeper knowledge of Bittorrent than me need to
figure things out.
For
router manufacturers, sorting out and blocking Bittorrent is a
headache. If they only see a stream of data, potentially encrypted,
they cannot be sure they are seeing Bittorrent. With so many ports
potentially useable by DHT clients, it is even worse.
For protection of active Bittorrent users, a protocol extension with a "Have you seen me" feature might be useful.
However, sending out a help call like "have you been connected to my IP address on that date at that time" would suffer from the DHCP effect. The address might have changed, and the user might not have a record.
For protection of active Bittorrent users, a protocol extension with a "Have you seen me" feature might be useful.
However, sending out a help call like "have you been connected to my IP address on that date at that time" would suffer from the DHCP effect. The address might have changed, and the user might not have a record.
No comments:
Post a Comment