Sunday, August 27, 2006

Spying on the net?

The Herald has an article on the Motion Picture Association's apparent deployment of a system which can "track internet searches".

There are a number of ways they could be doing this:

1. Tapping Internet traffic, either on peered networks or at an NZ ISP.

2. Placing spyware on individual computers,

3. Obtaining details of searches from Google and others.

4. Placing spoof sites and possibly paid advertising on search engines and then monitoring where the hits come from.

5. They're bluffing.

1 & 2 are plain illegal - section 216B of the Crimes Act prohibits the interception of private communications (which a search request clearly is).

3 would seem to run counter to Google's privacy policy (at least) and would also possibly contravene the Privacy Act.

4 wouldn't be illegal, but possibly also wouldn't be effective. They'd probably get a lot of hits on "lord of the rings torrent" - but that wouldn't be proof of anything. My guess is that this is the most likely methodology, apart from (5).

It will be interesting to see if any more emerges on this.


Antarctic Lemur said...

They could be searching Bit Torrent tracker sites, or using a custom-designed BT client to initiate the downloading process of known copyrighted works available from Bit Torrent sites, then documenting the IP of seeds etc.

Gut feeling says they're full of crap.

Rich said...

Yes, thats possible.

There is a sharing architecture that would defeat that. On machines with a TCG-compatible security coprocessor (like my new laptop), it is possible to run "black-box" applications that cannot be altered.

One could envisage a modified BT that encrypted all requests, with seeds simply ignoring a request that had not been correctly encrypted and signed. The effect would be that the mechanics of the torrent download (and hence the seeds) could not be discerned from outside.

You could find the seed addresses by traffic analysis - but making the client download and seed dummy (non-copyright) files would obscure even this approach.

Of course a main driving factor for TCG technology is to facilitate DRM - it would be ironic if this were turned against the copyright enforcers.