Sunday, December 13, 2009

Spying begins on UK web users; Short Sharp Science Blog, 12/9/09

Paul Marks, Short Sharp Science Blog; Spying begins on UK web users:

"We reported last week on plans to enforce copyright law by forcing internet service providers to spy on consumers to detect and report every piece of copied music, movies, e-books, games and software.

Now one UK ISP, Virgin Media, is trialling some of the technology needed to do that on about 1.6 million of its customers.

Provided by Detica, a subsidiary of defence firm BAE Systems, the system is being used to try and gauge the size of the alleged piracy problem.

CView, as the system is known, will take a snapshot of the scale of peer-to-peer music transfers over a few months.

It will do so by copying every packet of data that passes by, and looking for the digital signatures of data transferred using the popular bittorrent, gnutella, and edonkey file sharing protocols.

Whenever it finds a data packet that matches, it will extract the code these protocols use to identify the contents of the packet.

CView will then compare that code with a database of "musical fingerprints" to identify any music being shared, allowing it to work out if the data packet infringes copyright.

As a result, Virgin will find out how much file-sharing traffic is infringing copyright, and what the most-pirated tracks and albums are, the Register reports.

CView won't be able to finger individual users, because the IP addresses that identify each computer's connection will be stripped from every packet. But some Virgin customers are worried about the potential for it to be used for snooping at a later date.

CView's technology could conceivably be used to identify people accessing certain data, for example.

Or it could block certain content, in much the same way as China's "great firewall".

The anonymisation of the data in Virgin's assessment phase, and the fact that no humans see it, should mean the technology does not count as illegal interception, says Richard Clayton at the University of Cambridge's security lab.But he says on the security group's blog that "it may take some case law before anyone can say for sure"."

No comments: