Friday, June 06, 2008

Investigating P2P Enforcement

The University of Washington has just published a new report on the processes being used by the entertainment industry to track down and prosecute file sharers on P2P networks. The authors purport to be surprised by their findings. They suggest:
  • Practically any Internet user can be framed for copyright infringement today.
    By profiling copyright enforcement in the popular BitTorrent file sharing system, we were able to generate hundreds of real DMCA takedown notices for computers at the University of Washington that never downloaded nor shared any content whatsoever.

    Further, we were able to remotely generate complaints for nonsense devices including several printers and a (non-NAT) wireless access point. Our results demonstrate several simple techniques that a malicious user could use to frame arbitrary network endpoints.

  • Even without being explicitly framed, innocent users may still receive complaints.
    Because of the inconclusive techniques used to identify infringing BitTorrent users, users may receive DMCA complaints even if they have not been explicitly framed by a malicious user and even if they have never used P2P software!
  • Software packages designed to preserve the privacy of P2P users are not completely effective.
    To avoid DMCA complaints today, many privacy conscious users employ IP blacklisting software designed to avoid communication with monitoring and enforcement agencies. We find that this software often fails to identify many likely monitoring agents, but we also discover that these agents exhibit characteristics that make distinguishing them straightforward.

While our experiments focus on BitTorrent only, our findings imply the need for increased transparency in the monitoring and enforcement process for all P2P networks to both address the known deficiencies we have exposed as well as to identify lurking unknown deficiencies.

More details about our findings and our experimental methodology are available in our online FAQ. A more thorough treatment is available in our technical report."

Brad Stone at the NYT says:

"The paper finds that there is a serious flaw in how these trade groups finger alleged file-sharers. It also suggests that some people might be getting improperly accused of sharing copyrighted content, and could even be purposely framed by other users.

In two separate studies in August of 2007 and May of this year, the researchers set out to examine who was participating in BitTorrent file-sharing networks and what they were sharing. The researchers introduced software agents into these networks to monitor their traffic. Even though those software agents did not download any files, the researchers say they received over 400 take-down requests accusing them of participating in the downloads.

The researchers concluded that enforcement agencies are looking only at I.P. addresses of participants on these peer-to-peer networks, and not what files are actually downloaded or uploaded—a more resource-intensive process that would nevertheless yield more conclusive information.

In their report, the researchers also demonstrate a way to manipulate I.P. addresses so that another user appears responsible for the file-sharing."

No comments: