Some ISPs are participating in a Copyright Alert System that notifies content authors of violations of their copyright.
I'm concerned how this oversight relates to my private traffic, and what laws and permissions allow this type of monitoring.
Can someone provide technical as how this works and/or what laws allow the related surveillance?
ISPs have never been involved in the process of determining whether or not specific traffic is related to a copyright violation. From a technical perspective the ISP is one of the worst places to implement such a monitoring system. (There is a huge amount of traffic flowing through an ISP, and a huge number of possible copyright violations. At best case that is O(n^2), and if the ISP introduces any amount of "lag" people are going to freak out.)
Apart of the "Copyright Alert System" is the "Center For Copyright Information (CCI)" which states the following:
Under this system copyright holders will notify a participating ISP when they believe their copyrights are being misused online by a specific computer (identified by its Internet Protocol (“IP”) address which indicates the connection to the Internet).
...and this has been going on all along. Copyright holders pay companies (thugs) to search p2p networks looking for people who are sharing their protected content. This produces a list of IP addresses, with a simple WHOIS you can get the ISP's abuse notification email address. This new system is just a more formal channel for reporting abuse.
That being said this whole system is ripe for abuse. It just introduces a DoS condition that is trivial to exploit. You just have to send 6 requests to take down ANY target!
You could take a look at a recent technical paper, The Unbearable Lightness of Monitoring. The authors of that paper talk about how the BitTorrent protocol itself allows people to see what Internet Protocol addresses take part in the P2P downloading aspect of BitTorrent. They also say that they have a way to detect monitoring IP addresses, and say that almost every torrent is now monitored. Research ethics prevent them from naming IP addresses of the monitors, so I guess it's up to someone else to re-implement the monitor-detecting and out some surveillance entities.
Companies (like the much-reviled Cyveillance) exist that claim to monitor for "intellectual property theft". They're secretive, all I know is that they regularly (approximately monthly) download all the files on my little basement-server-website. They lie about who they are, in that they never ask for (and so don't observe) "robots.txt", and that p0f says they run Linux, even when the User Agent says "Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2)".
I'm guessing that a few pretty sketchy companies (like Cyveillance) do some combination of BitTorrent monitoring, website downloading, and monitoring "piracy" related web sites. The sketchy companies will be owned by a movie studio CEO's "cousin" and will be paid a princely sum for somewhat haphazard work. But that's just my opinion.
