Privacy Abuse by Technology

The RIAA using Internet Service Providers to hunt down IP "pirates" are going to do it without search warrants. There is no way for the RIAA or any other copyright owner to know when piracy is going on without subverting the privacy of the ISP customer.

The RIAA using Internet Service Providers to hunt down IP "pirates" are going to do it without search warrants. There is no way for the RIAA or any other copyright owner to know when piracy is going on without subverting the privacy of the ISP customer. Without knowing what data is being transmitted up and down the ISP connection, the RIAA, or the Motion Picture Academy or any other corporate entity will not be able to get a search warrant in the first place. College students have already been subjected to this sort of scrutiny by their network provider, usually their own college. If the RIAA manages to subvert enough ISPs, they can "own" all the file-swapping users on the Internet simply because they will have all the ISPs in their pocket.

Internet service providers the RIAA subverts will issue new privacy policies their users will have to click-through. There will be a paragraph or two that will surrender the user's rights to have his data connections kept private. With those paragraphs the ISP will be able to monitor your business without a wiretap warrant. If your ISP is not very profitable or has been having financial problems, a little monetary inducement paid to the ISP will aid the RIAA to get what they want. The ISP becomes the paid stooge of the RIAA.

Obviously the lowest level of monitoring will simply be looking for file titles for songs and movies. You can do that with a file browser. The RIAA needs to induce the ISP to do the filename searches at the very least to identify potential pirates. Everybody's digital traffic gets looked at in this stage of the search. The ISP will clone the data stream and capture it onto a separate system to analyze the traffic off-line looking for file titles.

Traffic analysis will identify file-swapping servers. Examining TCP protocol behavior will reveal Bit-torrent servers and clients. Doing a DNS lookup of the remote connected IP address reveals whether the address is a registered website. If its not, the ISP has just identified another potential pirate. There will be an immediate ID of both parties if the ISP owns both ends of the IP connection. Size of the files reveals potential music or movie thefts. Examining the embedded file header reveals the type of file especially in Windows/DOS file formats.

Assuming that the ISP reports its suspicions to the RIAA, potentially a match can be made to the IP address with another ISP's report for the remote connection. All it takes is a computer program running match checks. Report the IP address with a date and time stamp and the ISP can spit out the user identity and address based on their logon files.

The next mechanism the ISP will use is signature analysis, the same way anti-virus software works. By looking for a string of characters in the traffic passing through the user connections to the ISP, pirates will be identified. The "virus signature" will be some digital watermark embedded in the music or movie file. This will catch the idiots that didn't re-sample the music or movie file and uploaded it unaltered from the CD or DVD.

Users storing data files in on-line storage space is another opportunity for the ISP to "rat-out" its customers. Data mining is a lot easier when the data is not moving around. Having the data stored on a hard drive somewhere within the ISP's control allows detailed string searching to go on during "quiet" time for the ISP. In fact, it is an excellent way for catching stupid pirates. This is how Suzy the 14 year old fictional pirate in a previous blog gets caught. Offer free "in-the-cloud" storage space to your users and then run your search engines on the files stored there. Everything gets time and date stamped when the file is stored, built-in evidence logging!

With the economy in the tank and new user accounts likely to plateau, the ISPs are going to be looking for opportunities to make a little more cash or to buy new equipment upgrades. Getting "blood money" from the RIAA or the movie industry might be one way for them to fluff up their bottom line. Don't expect much help from the courts either. The precedent has already been set. Microsoft's EULA has been successfully defended and every software or service user agreements since then allows for a "click-through" sealing the contract.

It will take a number of lost court cases to set enough precedents to force the RIAA and similar ilk to disconnect from the ISPs meanwhile individual rights have been eroded again. Expect to see this soon if it hasn't already happened.

---added note

I just had a deja-WTF moment. Back on November 29th I ranted right here about Cloud computing opening the doors for the "a------ in Hollywood to attach themselves like remoras to the ISPs." Its happened already, just a few days ago! I have no idea if I picked it up from what I was reading on websites or what. If I was paranoid, I'd think they're reading my email already. That's the deja-WTF part of it.

Its scary when you realize that you can think just like people you despise. I do not have a problem with copyrighted material being protected. I have a problem with the methods the copyright owners use to trample all over the rights of people who are NOT infringing their copyright. They have no business looking through my email, my files or my web browsing.