Kazaa's spying potential revealed

Witnesses in Australia's Federal Court have have said the software 'could have been designed to spy on users'
Written by Kristyn Maslog Levis, Contributor

A witness in the ongoing civil trial against peer-to-peer software provider Sharman Networks has added weight to testimony last week that logs can be maintained to trace users who are exchanging unlicensed music online using the Kazaa software.

Professor Leon Sterling, chair of Software Innovation and Engineering for the Department of Computer Science and Software Engineering in the University of Melbourne, said today in the Federal Court in Sydney statistics about the activity of users in a distributed system -- such as Kazaa -- are "capable of being collected and reported to a system operator in the same way as statistics about the usage of a single Web site are able to be collected and reported".

"The technology for collecting these statistics has become very sophisticated. In the case of the Web sites, it now allows capture of information beyond the numbers of users visiting the site, to their source location, the amount of time that they spent on a page, the files downloaded and even to where their cursor was located when they viewed the Web page [over files that are not ultimately downloaded]," Sterling said.

He added that although he was unable to identify whether user statistics were collected by the developers of Kazaa about Kazaa users, he thinks that the application "could have been designed in order to do this".

"Kazaa Media Desktop [KMD] could easily collect statistics that could be gathered at supernodes if it does not do so already," Sterling said.

A supernode contains a list of some of the files made available by other Kazaa users and where they are located. Kazaa users with the fastest Internet connections and the most powerful computers become the supernodes. When user performs a search, Kazaa first searches the nearest supernode to the user and sends the user immediate results.

"The fact that the system is distributed -- as opposed to a centralised system -- does not change this design opportunity and there are software tools available that could have been incorporated into KMD to do this. It is a design choice not to, not an inherent comment about the application or the lack of central information. Even in the case of a high volume distributed system such as Google, statistics are collected".

He went on to say that information could be collected in the form of activity logs -- a standard device used by operators of networks to record information about network traffic.

"These logs can even be used to identify and track the individual activities of single user, by recording details about the person’s browsing and identity, though means such as a network MAC address, which is the unique machine identifier where the source file is present."

"In my view, the designers of Kazaa system intended the use of Kazaa to be the sharing of music files such as MP3 files, as a primary use even if it is not the only use."

Sterling added that the interface of the Kazaa system "provides no warning regarding potential copyright infringement from sharing music files" despite encouraging the users to share files.

He added that warnings regarding intellectual property exist at the bottom of the online version but these warnings are "not placed in a way that will make users take notice of or think about the copyright issue".

"In my view, it would be relatively straightforward for there to be some form of copyright warning placed prominently within the interface to the Kazaa application… and the designers of the Kazaa application have made a conscious decision not to place those warnings".

Sterling said that certain measures could be implemented to make users more aware of copyright issues and discourage sharing of files that infringe copyright.

He said Sharman Networks can add an explicit authorisation step before letting a Kazaa user to upload a file to the "My Shared Folder". The step could ask the user to check the box to indicate that they are authorised to make the file available. He also said that the designers could make the integrity rating more clearly reflect whether the copy was authorised and have that part of the information displayed to users. Designers can also add a link to copyright regulations of the country where the user is resident.

However, during cross examination by Sharman Networks counsel Mark Leeming, Sterling admitted that he hasn’t thought about how long or how practical it will be to implement the suggestions he raised. He added that he only "got a sense of what would be possible with the system" by going through Kazaa’s online guide.

Sterling also said he has not downloaded or used the Kazaa software.

Kristyn Maslog-Levis reported from Sydney for ZDNet Australia. For more ZDNet Australia stories, click here.

Editorial standards