BitTorrent is ThoughtCrime

I Love P2P

CC by blogpocket on flickr

Use of BitTorrent is stigmatised, and poses potential administrative cost and liability risk for anyone who uses it. Since BitTorrent is the most effective ways to distribute large files – especially by individuals, and small businesses who can’t afford much infrastructure – this limits technical options that many people have. Academic analysis of copyright infringement and the surrounding ecosystem may even require such direct data analysis.

This taboo ties the hands of many, even when the protocol is used for legitimate purposes. If an academic wants to conduct investigations which have strong fair use defences, these costs and risks may result in personal or institutional aversion to such research. This has the effect of chilling discussion and investigation of P2P technology, and the related public policy issue of copyright infringement.

***

Earlier this week, some friends and I were academically musing about when the new Harry Potter movie would make into the publicly available torrents. We decided to imagine that there were no internal leaks, and that nobody untrustworthy would get access to it until the night that it was shown.Spoiler alert: it actually dropped 16th, before the premier, completely scuppering our guesses.

We imagined that various scene projectionists would then strike. A projectionist is the ultimate outside insider. They’re not part of the hard core of the chain of movie custody, and don’t face a lot of vetting. However, a line-out cable and a camera mounted next to the projector make for a very convincing analogue copy.

We imagined the camera’s storage being handed off at the end of the first midnight showing. Some quick cuts, and the video is perfect. Allow an hour or two to encode the video to the desired quality, and we imagined Potter’s latest antics would hit a topsite no later than 4am on the release date. Over the next few hours, it’s propagated about the scene, and posted to some private BitTorrent trackers. Someone downloads it there, and posts it to a public tracker. 10am was our guess.

Naturally, we wanted to verify these estimates, so we headed to a public torrent search engine and indexing site (BtJunkie.org, in our case) to see whether anything had been posted. We discovered a selection of torrents, posted at different times, with various different community ratings of authenticity.

One of those we looked at was this one, which at the time had no helpful comments. We were initially a little puzzled: the community ratings indicated authenticity, but the only media file was an iso disk image: a rather strange format for a freshly encoded movie. As the comments currently indicate, this is probably a copy of the tie-in video game, not the original movie, but we didn’t have this helpful information at the time.

The obvious way to find out what sort of file this is is to read the nfo: an accompanying text file from the releaser which explains the torrent, provides attribution to scene groups &c. Nfo files are essentially the human-readable metadata for a torrent. However, we realised that there’s no “safe” way to read the nfo file. In order to get the file, one needs to download the torrent file, and start it in a BitTorrent client.

All modern BitTorrent clients have the ability to prioritise parts of a torrent, and select which of the contained files to download, and which not to. In our case, we only wanted the nfo file, which would not be copyright infringement, since that file is freely distributed by its original author. However, attempting to download it would have been fraught with hazards. Even if we only connected for the seconds or minutes needed to get that tiny 3KB file, or IP address would have been listed with the tracker, and on the DHT, and many other peers would learn it. Worse still, some well-meaning peer might try to send us a piece of the file that we didn’t want, resulting in real, copyrighted material stored in our cache until it was discarded.

The copyright enforcement/investigation agents lurking in the swarm may well have been able to find our address, and – thanks to their typically rather lax procedures for verifying that suspecs are actually infringing, we could have faced some inconvenient consequences. If we lived under a regime with three-strikes “graduated response”, such an accusation might have severed our connection. At the very leat, we might have to engage in some discussion with our netowrk services provider, explaining what was going on.

To me, this seems a little crazy. It’s quite reasonable to talk about, and investigate copyright infringement, without participating in it. In this case, the pertinent information needed to understand the situation could only be obtained by connecting to an partially infringing torrent, in order to get the non-infringing metadata. While this act is totally acceptable on its own, it presents a very real administrative cost and liability risk for anyone who does it.

Why is this? Copyright enforcers are negligently lax in their practices, employing techniques which they know will sweep innocents up in their dragnet. Network service providers are often (though, with many notable exceptions) quick to assume that the word of such agents is reliable. Networks, including the underlying IPv4 architecture, and the BitTorrent applications that run on top of it, are poor at preserving individual anonymity.

Bottom line: connecting to a BitTorrent swarm is dangerous per se, and this fact results in the prior restraint of legitimate discussion and investigation oregarding such systems.

Advertisements

About flamsmark

I do privacy at Mozilla. Years of security have left me incurably paranoid. Tech, policy, security, privacy, & anonymity are good. Open is better. GPG: 80AF07D3
This entry was posted in Commentary, Features and tagged , , , , , , , , , , , , , , , . Bookmark the permalink.

What're your thoughts?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s