[p2pi] Somewhat OT: Anti-piracy strategies and P2P was Re: OT ? : Consultation on legislative options to address illicit P2P file-sharing

Nicholas Weaver <nweaver@ICSI.Berkeley.EDU> Thu, 18 September 2008 14:27 UTC

Return-Path: <p2pi-bounces@ietf.org>
X-Original-To: p2pi-archive@ietf.org
Delivered-To: ietfarch-p2pi-archive@core3.amsl.com
Received: from [] (localhost []) by core3.amsl.com (Postfix) with ESMTP id 1B97A3A6965; Thu, 18 Sep 2008 07:27:02 -0700 (PDT)
X-Original-To: p2pi@core3.amsl.com
Delivered-To: p2pi@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id 70E8A3A6963 for <p2pi@core3.amsl.com>; Thu, 18 Sep 2008 07:27:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.687
X-Spam-Status: No, score=-5.687 tagged_above=-999 required=5 tests=[AWL=0.912, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id gVf1k81of5SJ for <p2pi@core3.amsl.com>; Thu, 18 Sep 2008 07:26:59 -0700 (PDT)
Received: from fruitcake.ICSI.Berkeley.EDU (fruitcake.ICSI.Berkeley.EDU []) by core3.amsl.com (Postfix) with ESMTP id 78F843A6965 for <p2pi@ietf.org>; Thu, 18 Sep 2008 07:26:59 -0700 (PDT)
Received: from [IPv6:::1] (fruitcake []) by fruitcake.ICSI.Berkeley.EDU ( with ESMTP id m8IEQWnN008621; Thu, 18 Sep 2008 07:27:12 -0700 (PDT)
Message-Id: <20384D3E-CDF8-4F50-B273-8D722241C5A4@icsi.berkeley.edu>
From: Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
To: The 8472 <the8472@infinite-source.de>
In-Reply-To: <48D25C90.4020502@infinite-source.de>
Mime-Version: 1.0 (Apple Message framework v929.2)
Date: Thu, 18 Sep 2008 07:26:32 -0700
References: <835B846B-1014-4CEE-9BA3-644D207FC231@multicasttech.com> <48D25C90.4020502@infinite-source.de>
X-Mailer: Apple Mail (2.929.2)
Cc: p2pi@ietf.org, Nicholas Weaver <nweaver@ICSI.Berkeley.EDU>
Subject: [p2pi] Somewhat OT: Anti-piracy strategies and P2P was Re: OT ? : Consultation on legislative options to address illicit P2P file-sharing
X-BeenThere: p2pi@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: P2P Infrastructure Discussion <p2pi.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/pipermail/p2pi>
List-Post: <mailto:p2pi@ietf.org>
List-Help: <mailto:p2pi-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/p2pi>, <mailto:p2pi-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: p2pi-bounces@ietf.org
Errors-To: p2pi-bounces@ietf.org

On Sep 18, 2008, at 6:50 AM, The 8472 wrote:

> Well, from a technical perspective this is trivial, ISPs cannot
> distinguish illegal from legal content, assuming a minimal amount of
> encryption/obfuscation. The content industry could only tell the ISP
> "user XY is doing something illegal, do something about it" and the  
> would have to believe that without being able to verify it. Most
> regulation proposals we currently see are after-the-fact measures,  
> i.e.
> disconnecting the user's internet connection after he has been
> identified and warned about illegal filesharing.
> Not to mention that some ISPs have an interest in preventing illegal
> filesharing on their own as they offer VoD, streaming and similar
> services or are owned by media companies.

Actually, for P2P bulk data (big stuff like movies, rather than small  
stuff like audio), it is possible for the content provider to say not  
that "user X is doing something illegal", but that "Users X, Y, Z, A,  
B, C represents a graph of something illegal, block JUST that  
communication between these pairs of users".  And for open-world  
piracy,  this information can be found and verified by crawling the  
P2P swarm.

The ISP still has to trust that the content provider is telling the  
truth, but this is far more actionable information and information  
that can be distributed and acted on in real time to disrupt the  
pirate flows without significantly impacting other traffic.

> As far as i can see this concerns ALTO in that it should not reveal  
> any
> information about the user and his sharing behavior as it would be a
> singinficant dis-incentive for adoption if any data could be used
> against the users.

The problem is this impacts utility: in order to make a decision you  
have to know some information about the users, and content IDs that  
the user is participating in is significantly important.

But as long as any form of content ID represents a random NONCE  
provided by the P2P coordination mechanism (not a hash, it MUST be a  
NONCE), an opponent could only use it to tie a user to a piece of  
content if the opponent is also able to access the swarm coordination  
mechanism in order to map the meaning of NONCE to content ID.

Thus it would represent an information leak, but it is probably safe  
to assume that if the adversary has access to the P2P coordination  
mechanism sufficient to get the NONCE (necessary to tie a user to a  
piece of content in ALTO), the adversary could also contact the  
coordination mechanism to get a participant list.

> Another issue is that such schemes might drive
> illegal filesharing deeper underground, e.g. onto darknets which  
> provide
> pseudonymity and plausible deniability at the cost of increased
> bandwidth consumption, another network overlay and data being bounced
> through random nodes, which is completely the opposite of what we want
> to achieve.

There are two plausible transitions:  Deniability, and to private  
(closed-world) piracy.

Deniability on distribution is not necessarily going to fly, because  
the big strength of BitTorrent is substantial noninfringing uses.   
Deniability loses much of this benefit: it becomes far easier for  
content providers to argue that the software itself should be blocked:  
that using a deniable P2P file sharing tool is nefarious behavior  
because deniability is not a benefit for LARGE legal content.

The transition to closed-world piracy, however, is actually a win for  
the content providers.  The goal should not be to block all piracy,  
but to up the hastle so that casual users aren't tempted to pirate  
material.  Let the hardcore file sharers exchange information through  
secret torrents, they'd never be customers anyway.  Rather you want  
the casual users however to keep buying DVDs or pay for downloads from  

> Experience shows that fighting filesharing only makes filesharing
> networks more resiliant against attacks.

There are however, limits.  Bulk data P2P is just that, bulk data and  
P2P, and will always be detectable as such.

And open-world piracy is just that, open-world.  If you relax these  
constraints (eg, make it closed-world, or eliminate the bulk data by  
changing it to point-to-point), you can build some real robust  
defenses against a copyright-enforcing adversary.  But you lose a lot  
of the utility present in being bulk data, P2P, and open-world.

p2pi mailing list