{"id":59,"date":"2008-01-17T23:40:51","date_gmt":"2008-01-18T07:40:51","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/01\/17\/att-investigating-copyrighted-material-network-filter\/"},"modified":"2008-01-17T23:42:21","modified_gmt":"2008-01-18T07:42:21","slug":"att-investigating-copyrighted-material-network-filter","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/17\/att-investigating-copyrighted-material-network-filter\/","title":{"rendered":"AT&T Investigating Copyrighted Material Network Filter"},"content":{"rendered":"

In one of the more interesting stories to come out of the telecom industry in recent weeks, the New York Times<\/a> is reporting that AT&T is currently in the testing phases of developing a network filter that will monitor their networks for copyrighted content. The company is reportedly in talks with content owners such as NBC Universal regarding incentives for the company to filter copyrighted material.<\/p>\n

<\/p>\n

This brings up a host of interesting security related issues regarding the role of network carriers, their legal responsibilities, and the privacy of their end users. The most obvious of such concerns is that ISPs (plural if we consider other related cases such as Comast) are moving toward the active monitoring of the content flowing over their networks. While in the past they have simply provided the pipelines and turned a blind eye to what actually went through them, it appears that may no longer be true.<\/p>\n

As so often seems to be the case with emerging technologies,\u00a0it isn’t the\u00a0research of the technology that is most concerning, but rather the logical path down which such a technology will likely travel. In this case, that path seems to point to ISPs restricting what can and cannot be sent over their networks. Not only does such a scheme seem destined to present a host of practical problems (such as correctly identifying\u00a0what is, and is not, legitimately transmitted content), but it also implies detailed logging of customer network activity. In order for networks to determine whether content is in violation of copyright, they will have to gather a significant amount of information about that content and its ownership. This stands in stark contrast to Comcast’s practice of relatively blindly blocking a specific protocol, as it suggests an awareness of the actual content itself, and not merely its mode of transmission (bittorent). This is a particularly important distinction, as it is the difference between looking at envelopes in someone’s mailbox and opening those letters and reading their contents: one is far more invasive than another.<\/p>\n

What is also\u00a0worrisome is\u00a0the potential loss of\u00a0any remaining sense of anonymity on the Internet. Though\u00a0increasingly difficult to do, one could argue\u00a0it is still possible to browse the\u00a0internet\u00a0over an unencrypted connection with relative privacy if the\u00a0proper measures\u00a0are taken. If ISPs begin monitoring\u00a0individual connections for content,\u00a0the number of proxy servers used or IP masks employed will be meaningless when logging of one’s online activity takes place\u00a0not at the end server\u00a0being contacted but at the end of\u00a0their driveway.\u00a0What isn’t\u00a0clear is where in the network\u00a0content monitoring\u00a0might take place, and whether traffic that neither originates nor terminates on AT&T’s network but instead merely traverses it will also be affected. If so, the impact of the program could be especially large, and those Internet users who aren’t AT&T customers will have little recourse as they will have no control over their data beyond their own ISP.<\/p>\n

The question that begs to be asked then is what will be done if and when copyrighted material is detected on the network, and what will it mean for the integrity of the customer’s data. AT&T has said it will not simply drop offending network traffic, yet surely an investment in monitoring technologies on this scale is not merely for the sake of better traffic characterization, but rather implies an intent to take action when content is flagged. It is hard to imagine a solution that does not curtail the availability of the\u00a0end users’ data to do with as they please.<\/p>\n

In the end, one has to wonder what economic forces must be at play to make AT&T consider taking these measures. Not only will it open up a potentially massive legal liability for the content flowing over their networks (no longer will they be unaware and thus not not responsible), but clearly, based on the reaction customers gave Comcast when news of their networking monitoring leaked, the move will likely\u00a0be hugely unpopular. Considering that AT&T must be well aware of such considerations and is still willing to pay to develop the technology, we can only conclude the gains it expects\u00a0from lower bandwidth utilization and incentives from its media partners must be extensive. Unfortunately, while such measures will likely be a boon for intellectual property rights, it seems equally likely that they will\u00a0have an especially\u00a0negative impact on the\u00a0availability and confidentiality of customers’ data.<\/p>\n","protected":false},"excerpt":{"rendered":"

In one of the more interesting stories to come out of the telecom industry in recent weeks, the New York Times is reporting that AT&T is currently in the testing phases of developing a network filter that will monitor their … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":20,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,9],"tags":[],"class_list":["post-59","post","type-post","status-publish","format-standard","hentry","category-current-events","category-privacy"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/59","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/20"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=59"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/59\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=59"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=59"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=59"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}