the tweney report

what you need to know about technology. by d. f. tweney


2002-08-01: Spoofing P2P

Late last week, Congressional representative Howard Berman (D-Calif.) introduced a bill that would give the entertainment industry carte blanche to disable, block, spoof, or otherwise try to bring down peer-to-peer file-trading networks that are trafficking in pirated content [1]. This bill would protect copyright owners from prosecution under existing state or federal anti-hacking laws if they pursue such tactics.

The Berman bill has some disturbing implications, but it's also important to separate the hype from reality. Lots of coverage has presented the Berman bill as a free license to hack into your PC. But as I read it, the text does not permit any kind of hacking into users' actual computers. In fact, the bill explicitly says that it applies only to disruption of the P2P networks, provided that such disruption does not "alter, delete, or otherwise impair the integrity of any computer file or data residing on the computer of a file trader" [2]. Seems pretty clear to me: They can mess with the network, but must stop short of actually harming or hacking users' PCs.

Still, that leaves a lot of options open to copyright holders -- and to the detriment of ordinary Internet users. The bill doesn't specify which disruption technologies are permissible, and that's one big problem. Who knows what techniques the record and movie industries may come up with? And who knows what damage those techniques may cause to PCs, or what collateral effects they may inflict on innocent bystanders?

For now, the two main options open to the content industry are denial-of-service (DoS) attacks and file spoofing.

File spoofing -- intentionally posting misleading, corrupt, or poor-quality files -- has already been happening on P2P networks. In fact, I predicted over a year ago that this would become a major weapon in copyright owners' battles against piracy. In an issue of the Tweney Report published in March 2001, I wrote about the "infinite monkeys" problem: "If an infinite number of copies are available, it's certain that some of those copies will be flawed. . . . In fact, content producers who want to protect themselves might intentionally post altered copies of their content, in order to jam the free channels." [3]

(Side note: I titled that essay "The Real Slim Shady" after a song by Eminem that is itself about imitation, duplication, and MP3 files. Ironically, the essay has since become one of the most popular pages on my Web site, largely because of Google searches for "Slim Shady." I assume those most of those visitors are teenagers looking for Eminem MP3s, and they are probably very disappointed to find a treatise on the future of copyright instead.)

Right now, file spoofing doesn't seem to be a major threat to P2P networks, but that may be simply because it hasn't been undertaken on a large scale yet. There are such a large number of community-minded P2P file traders sharing good-quality files that, in most cases, they overwhelm the number of spoofers. One commentator has said that large-scale spoofing would be like trying to salt a big freshwater lake, one eyedropper at a time [4]. But it's easy to imagine the record labels setting up big banks of PCs dedicated to spoofing files, and ultimately this approach may hurt the overall quality of content on P2P networks enough to drive users towards legitimate sources, where the quality of content is assured. That's assuming that the legitimate sources offer enough content at a low enough price, of course.

Denial-of-service attacks are a more immediate problem, I suspect. The idea is that copyright holders, once they found a copyrighted file on a P2P network, would start downloading it over and over again from banks of distributed PCs. The result would be a massive slowdown in the P2P network (or at least in the availability of that file).

This technique does have potential for collateral damage, because all that traffic could seriously affect the P2P network's ability to deliver legitimate files. It could also create Internet traffic in general. And what happens to bystanders on shared Internet connections, such as a local cable modem loop? If the neighbor is subjected to a DoS attack by the record industry, that might bring down your own Internet connection as well. On the other hand, I don't know of any incidents of actual DoS attacks against P2P networks to date.

Perhaps irked by the scope of powers this bill would give to copyright holders, hackers launched their own DoS attack on the web site of the Recording Industry Association of America (RIAA), the music industry's leading advocacy group and a supporter of Berman's bill [5]. The best response the RIAA could manage was that planning this attack may have diverted some teenagers from sharing files for a few hours.

Finally, the Berman bill gives these powers to any "copyright holders," which, given the broad scope of copyright law, could apply to almost anyone. The result could be a huge number of attacks on P2P networks generally, as everyone, from amateur filmmakers to budding novelists to extremist organizations, tries to stop the distribution of content they consider objectionable or copyright-infringing.

At least Berman's bill, unlike Sen. Fritz Holling's recent bill, does not try to dictate technologies to the marketplace. But it is disturbingly broad, gives too much unchecked power to copyright holders, and is probably not necessary in any event. Sounds like a bad idea to me.


[1] Hollywood hacking bill hits House
"The bill is a nightmare," said Mark Lemley, who teaches intellectual property law at the University of California at Berkeley.

[2] Full text of Berman's proposed bill

[3] The real Slim Shady

[4] Not the Real Slim Shady

[5] Denial of service onslaught cripples music industry site


copyright © 2002 d. f. tweney / tweney media

home | writing | about | search | contact