8

Recently the USA passed a law requiring ISPs to spy on their customers' internet connections to check for illegal file sharing. I assume that they would do this by sniffing packets, but doesn't this all go down the drain if packets are encrypted?

I'm trying to think of how they can detect this kind of activity if packets are encrypted.

I suppose that when the encryption key is sent over a BitTorrent client, the ISP could intercept the key and then see everything.

Would that be feasible?

Other than that, they could rely on general usage statistics, such as "this guy uses a ton of bandwidth especially during nighttime. He is probably sharing files illegally."

Would they take action on such weak evidence?

Ali Ahmad
  • 4,784
  • 8
  • 35
  • 61
Rob
  • 89
  • 1
  • 3
  • Simple they use DPI. Most people don't use a secure encrypted connection when downloading a torrent. The don't do this because every person connected to them would have to use it, which also means, more processing power is used and of course the speed can be affected. The Law is designed to prevent 99% group not the 1%. – Ramhound Jan 17 '13 at 16:58

4 Answers4

8

You've got most of the likely approaches mentioned in your question but here's a couple of points on them.

  • Usage. This is the easiest way to start blocking traffic, and what the a lot of ISPs seem to go with most. Have a "fair use" policy which is based on bandwidth and then start taking action against users to go significantly over it. Unfortunately in a lot of cases this happens even when the ISP is advertising "unlimited" broadband.
  • Protocol Analysis. This can be used to detect what people are doing and if the ISP is blocking a specific protocol (e.g. bittorrent) or looking for transfers of specific files, they can use this to do it. As you mention it doesn't work if they can't see the detail of what's transferred.
  • Encryption, if correctly implemented, it can block attempts to view the contents of traffic. One thing to note (especially where it's a law enforcement based intercept) is that the intercepting party may be able to do a Man-In-The-Middle attack without it being obvious (if they can get a key signing certificate from a certificate authority). This depends very much on the program used and how it implements the encryption.
  • Endpoint Analysis. If the ISP can't see what traffics being transferred they can look at who you're communicating with. Of course Bittorrent is P2P so it may not be obvious but I guess it would be possible to profile whether traffic was using a P2P protocol as against a standard HTTP connection. Also if they can build up a list of all the nodes sharing a specific illegal file then I guess they could say "he communicated with all these nodes, so it's likely he shared the file", whether that argument would fly is likely down to the specifics of the law and the court...
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
3

I assume that they would do this by sniffing packets, but doesn't this all go down the drain if packets are encrypted? I'm trying to think of how they can detect this kind of activity if packets are encrypted.

I suppose that when the encryption key is sent over a BitTorrent client, the ISP could intercept the key and then see everything. Would that be feasible?

If encryption keys were sent in clear over the internet, I think we would have bigger problems than the government spying on our torrents. There's this neat thing called public-key cryptography which solves this problem. Properly implemented cryptography cannot be defeated passively simply by observing packets (no matter how hard you wish for it) without years of mathematical analysis (cryptanalysis).

But I doubt most of the people torrenting in the USA encrypt their torrent activity. In fact, I'd bet than less than 2% do it. Whether it is cost-effective to hunt after those 2% is up to the government (hint: it's not).

So, yes, it all goes down the drain if communications are properly encrypted, but it doesn't matter here. The goal is not to stop 100% of illegal file sharing - just enough to make an example (and get money).

Other than that, they could rely on general usage statistics, such as "this guy uses a ton of bandwidth especially during nighttime. He is probably sharing files illegally." Would they take action on such weak evidence?

Someone downloading terabytes of data every month would probably get more attention than some granny using her computer to send two emails every year, but they certainly would need more evidence before any sort of action can be taken. And in any case, if you are illegally downloading files and the FBI knock at your door, you can probably invoke the fifth as revealing your activities would qualify as self-incrimination without the support of prior evidence (disclaimer: IANAL).

That said, such evidence can be obtained from "suspects" without them knowing, even though it might be technically illegal it has been known to happen (such as eavesdropping on someone's computer display - which is not encrypted and clearly shows the torrents going on) or snapshotting his hard drive while he's off buying groceries or something. A false sense of security is worse than no security.

Torrents also have an additional problem, being p2p. If someone you connected to to download your stuff is incriminated, they can potentially trace that to you, using this as evidence...

Overall I doubt this law will be heavily enforced, really. The logistics required to scan for illegal sharing on a national scale are immense and it will probably be very inefficient and miss a lot of stuff. The ISP's will uphold this regulation in the laziest way possible and a couple people might get convicted and made an example of, then everybody will forget about it, most likely.

Community
  • 1
Thomas
  • 460
  • 4
  • 13
  • 1
    Thanks. Why do you suppose such a low percentage of people encrypt their data? It is a fairly accessible setting on the most popular BitTorrent clients. Would it affect data transfer bandwidth? From what I understand there would be some extra encryption/decryption computation at the endpoints and that seems like a minor concern especially since the bottleneck is usually network bandwidth. – Rob Dec 01 '12 at 08:00
  • @Rob Ignorance, mostly. Most people don't know about encryption, or think it doesn't help them, or mistakenly believe it slows down their downloads (it doesn't). There's been some progress in educating users but it hasn't reached out much so far, so I really do not believe most torrent clients are set to use encryption. I could, of course, be wrong. – Thomas Dec 01 '12 at 08:05
0

This is intriguing me too and, although I still have questions about it, I found out that there are two easy ways to detect people downloading and sharing illegal content:

  • as you download illegal content, you also start sharing it with other people (that's the way torrenting works). If one of those people downloading from you is the Big Brother, they now know your IP address and know that you're sharing illegal content. Considering they can ask your ISP for your identification (I guess that depends on your country's laws), they can go after you;

  • the Big Brother could also provide their own content illegally as bait, waiting for people to come and get it. Once you're one of those people, you're theoretically screwed as well.

Both approaches require that the Big Brother can map your IP to you, meaning your ISP has to hand them your information. Although I consider that wrong (after all, you're paying your ISP for their services, trusting that your information won't be shared without your consent), I guess each country will have its own laws about that kind of information sharing.

I'm not totally sure that's the way they do it, but these are certainly two ways they could be doing it.

Lucio Paiva
  • 101
  • 2
0

The goal of that law is to force the ISP to face their own responsability. If their clients share illegal files, if they can know it, and do nothing, then they are guilty.

The rationale behind that, is that the place where it is easier to analyze a client traffic is the ISP. But they are not really interested in doing that unless a client starts to eat too much bandwidth in which case they just lower the bandwidth on that specific access, whether it is for illegal data or not.

I would not be a coin that they use AI on encrypted packets to try to guess whether it could be illegal. They just have to say in that case it was encrypted so I could not guess what it was. It should be enough for them not to be responsable for anything. But if you download tons of copyrighted videos from unencrypted torrents, they cannot ignore it and will have to report it to the legal authorities. They do not like to lose a client, but if what they earn with you is less than what they will be charged by legal action, no doubt that they will report your actions!

On a more technical point of view, illegal file sharing often involve hosting a torrent on your own machine and advertising about it. If they can see a lot of upload from your connection and if by simply trying to connect to your machine they can see illegal content, I suppose that this is enough to constitute a serious hint for illegal action, and the legal authorities can use it to knock at your door...

Serge Ballesta
  • 25,636
  • 4
  • 42
  • 84