Regulators are mulling assurances from Virgin Media that its planned trial system to monitor the level of illegal filesharing on its network will not harm customers' privacy. "We've been engaging with all the relevant bodies, including Ofcom, the ICO and the EC, to ensure they have the information they need to make an informed …
They are going to assume that all bit torrent traffic is illegal files being transfered? Not to forget of course the world of warcraft updater uses bit-torrent to transfer its massive patches, or that spotify uses peer-to-peer to keep data usage down on its servers. Statistics will obviously be fixed so they can show what the government want them to say.
A lot of online games now use torrents for patching, EVE Online and the Allods Online beta are recent examples I've come across in addition to WoW.
That's not what DPI is for. Any fool can identify bittorrent traffic by looking at the port numbers and the first few bytes of each packet, but DPI should be able to catagorise what is being carried in the bittorrent stream. This should mean that they can work out that Ubuntu 9.10 is OK, but Avatar is not.
But I'm not sure you need to use DPI for this (at least with torrents), as all you need to do is join the leechers, and grab the first few blocks to work out what is in the torrent. Of course, if this was known to be being done, you build an image that is a mix of copyrighted material sandwiched between something that is not, but that just makes it an arms race between the community and the ISP's. And before anybody starts talking encrypted torrents, remember that to be usable, the leecher has to be able to decrypt what they have downloaded, or else it is not worth doing.
But I am worried by "40 per cent of Virgin Media customers will be monitored for illegal music sharing, but those involved won't be told". I would suggest that there is a "yet" to be added at the end.
Wish them luck
I wish them luck with those trials. From my experience around 3/4 of all BitTorrent transfers are already encrypted, that will only push remaining 1/4 to do the same. Which will have added benefit of making everything even darker for them.
It's funny how much cash music studios waste, instead of searching for different business model...
Well no, as stated in the article they believe CView will use DPI and "acoustic" signatures or something similar. Not just all P2P traffic. I don't know, you could at least read it before coming out with reactionary nonsense.
How can the system differentiate between a song being illegally downloaded and the same song being legally downloaded (e.g. by Spotify)? It's the same song, with the same acoustic pattern. Unless Spotify traffic, etc is encrypted, but they'll probably just lump encrypted P2P traffic in with "illegal" traffic. Also, they'll likely inflate the numbers by counting P2P packets twice (i.e. once during the upload stage and again during the download stage).
"CView cannot identify customers or store data"
Hahahahaha do they think we are stupid ?
unfortunately yes they do
...in many cases rightfully so. Esp. when it comes to lawmakers it's the most productive POV.
Just in case anyone's wondering whether they will be part of the 40%...
The number of ex Telewest/Blueyonder customers makes up around 40% of VM's customer base. It is this portion of the network they are planning to monitor.
How does this play out if your client only accepts encypted bitorrent connections? And what about magnet links? Does that approach make fileshare monitoring harder for them to track?
Salmon Live In Trees And Eat Pencils
How can that attempt at a document be classed as any kind of detailed submission? The claims of anonymisation are the same as those made by Phorm. Anonymisation techniques aren't anything like as effective as people like Phorm & Virgin Media would have you believe.
Then there's the obvious scope creep. Just because someone says "We won't store your data or identify you from it" doesn't mean they won't at some point later than that statement. Virgin Media wanted to partner with Phorm and is obsessed by "monetizing the intelligence" so can you really believe them?
And jlike Phorm, nowhere is there any legal argument to confirm that this scheme is fully compliant with UK and EU law.
I look forward to Privacy International taking Virgin Media to court and seeing what Beancounter Berkett has to say. Especially why this scheme is legal when Phorm's was not.
After the Phorm debacle it's no surprise Virgin are treading carefully.
Mind you, the only real reason I can see for them wanting to do this kind of monitoring is to figure out a strategy for converting that traffic into extra zeros on their bottom line.
@AC 12:57 - did you read to the end?
Virgin Media are not entitled to do this
They are not entitled to process traffic data (routing/billing info) without consent.
They are not entitled to process the content of communications **at all** without explicit consent from both parties, or a warrant.
What they are doing is simply illegal (see PECR reg 7/8, and RIPA).
It doesn't matter what cunning they employ after they've intercepted the data illegally. Illegally intercepting private/confidential communications, without consent or a warrant is still a crime.
..... but to get consent from BOTH parties would mean they could only monitor traffic between their own customers. Also is ignoring a letter explicit consent or implicit as you seem to suggest, especially if there is no proof you received it.
Sensible people don't use bittorrent or eWonky and such like to download music and such like though do they... can CView see through encrypted tunnels?
And are they saying they select a group of customers for monitoring but then magically have no way of knowing who they selected?!? Or is it selected parts of their network? Either way I guess it makes little difference as it would be difficult to make the data impossible to trace back to a user.
Given Virgin's other business interests it's hardly surprising they are taking this route though is it!
...is one word.
virgin could well be telling the truth about the product they are having deployed. this does not mean the software won't do other things they know nothing about.
they have plausible truth while the spooks use itto garner all sorts of nice info while being paid to run it on virgin's servers
how's it work?
when they look inside the p2p files, does it have to be a complete file? if someone is pulling down RAR archives from rapidshare or usenet or bittorrent, will it still be able to match the acoustic fingerprint? or doesn't it only work if they're getting an entire mp3 file in one transfer?
is the solution not just to apply some encryption to the source file?
More Like, does it work? (at least, as advertised)
I'm guessing their "Acoustic fingerprint" spiel is BS, pure and simple.
Assembling enough of a file from a datastream to then fingerprint any audio within it and then run checks against a database of known fingerprints (and just how many song fingerprints will this database contain exactly?) all takes CPU, memory etc, and I'll bet they don't have it.
I suspect what they'll really be doing if they are just looking for music, will be based on exposed filenames, traffic to-fro known havens of illegal filesharing (hello rapidshare et al!) and looking for and decoding any tag info found within any intercepted datastreams.
I'm doubly calling it BS, as I'm bloody certain this DPI is going to be used for more than trying to guess what percentage of their p2p traffic is illegal music downloads as there are other ways of guestimating this figure. (Hint: bet certain pdf files I've seen in the wilds of p2pdom will be flagged up for the attention of the Spook squad goons behind the running of this if seen in transit on the network..especially in those areas of the country with a large Muslim population)
The music angle is a smokescreen.
Encrypting the source?, yes, there are a number of Eastern European sites where the torrents pointed to are password protected/encrypted (passwords lurking within the Cyrillic on the websites), but bear in mind that as the *majority* of the users of p2p networks are still pretty clueless when it comes to things like encryption and passwords, there's the issue of distributing the keys/passwords in such a manner as to make it usable for them with minimal pain for everyone (less users , less seeds, slower downloads).
It would be nice if everyone used encryption and password protection on archives and not-so-bloody obvious file names, makes indexing a wee bit harder, but makes snooping harder still.
A citation is needed.....
I call BS on your 'I'm guessing their "Acoustic fingerprint" spiel is BS, pure and simple.'
Ever hold you mobile up to learn the artist... in 1999?
UK Mobile Phone Citation: http://en.wikipedia.org/wiki/Shazam_(service)
They seem to be a little behind the curve
A lot of fileshareing is these days done with sites like rapidshare \ megaupload \ other clones. An awful lot of the content of those sites is in the form of encrypted rar files. Whilst there is a very high likely hood that such files are going to be infringing there's no way to say for sure. So it looks at what proportion of BT traffic is infringing (there was a story here the other day showing the results of doing that at a university in the USA - it was lots) but does nothing for a big chunk of infringing traffic.
Reading the VM pdf file linked to..
And I quote..
' Before providing an overview of how CView works, we would first like to set out the relevant terms and conditions in Virgin Media's customer contracts which provide for this, as follows:
B5(i) "We reserve the right to monitor and control data volume and/or types of traffic transmitted via the interactive services on your Virgin TV and/or Internet access."
G(2): "...you are providing your consent to use your personal information together with other information for the purposes of providing you with the services... [and] profiling your usage..."
Hmm, now why bring up G(2) here if no personal information/data is being gathered/stored?
ISTR the 'profiling your usage' was added to cover their arses regarding the monitoring of the volume of traffic to/fro your IP number for STM purposes..but I may be wrong.
Processing of personal information
The point of G(2) must be this: whether or not Cview keeps personal information, it is disingenuous of VM to imply that they are not processing PI: by sifting through all of the traffic data and content of their subscribers, VM are almost certainly processing personal information. VM would presumably claim that G(2) means that they have consent for this processing.
Deep Pocket Inspection?
'We've been engaging with all the relevant bodies, including Ofcom, the ICO and the EC'.
So pretty much the same folks who did fuck all about Phorm?
With Bittorrent encryption, only the data itself is encrypted. Its still possible to figure out what you're sharing and who you are sharing with. Even if all the data was encrypted, the traffic patterns of bittorrent can easily be detected. Throttling all bittorrent data will mean slowing down legitimate traffic too. I think VM does mirror Ubuntu ISOs so directly downloading those would still be easy.
I would suggest using a VPN service that encrypts all your packets and routes them through a gateway making it much harder to detect. They are available for as little as £5 per month.
Not sure what the deal is here...
I don't think Virgin Media are stupid, some of their staff are really quite knowlegable, unless they don't ask their opinion...
Perhaps they know most P2P traffic on their netwrok is already encrypted, and they are just gooing to say to the government that bugger all traffic is pirated material because they can't see it on their network???
Or perhaps they are trying to get deep packet inspection outlawed so the government can't dictate anything to them about policing their network.
Maybe they expect the trial to be a total failure then they can say they at last tried. Either way my torrent uploads are encrypted so good luck with that. Not that I upload many torrents, mostly use their newsgroup server.
"identify customers" is a red herring
It's an offence to unlawfully intercept traffic, regardless of if you can use that traffic to id a person.
Silence is golden
Anyony fancy an Internet free month? Just say no to the Internet at home for a month and see how they like it. That will put the wind up them. OK the ISP's will still get payed but it will focus their minds on what a world without home use would mean to the bottom line. We the users hold all the real power not some poxy Euro crap government.
That won't help at all.
You have a contract, right?
You pay for your internet in fixed amounts (monthly, quarterly...), right?
All an Internet-free month will do is provide somebody else with lower contention.
If you want to affect their bottom line, bring your contract to a close and sign up with somebody else.
"They are going to assume that all bit torrent traffic is illegal files being transfered? "
No, they going to assume that most popular delivery method for illegal files is Torrent and its ilk. A pretty fair assumption methinks. This is totally different to them assuming that all Torrent traffic is illegal files as we can all write essays to how Torrents are used for legitimate purposes.
"Statistics will obviously be fixed so they can show what the government want them to say."
Or you can stick your finger up in the air and come up with some silly guess.
So... whats your point?
"most popular delivery method for illegal files is Torrent"
"A pretty fair assumption methinks."
Then think again. If memory serves Youtube and the like are first by very far, then comes rapidshare and co., pretty much on par with P2P. No assumption about that: there are been a couple studies on this in the past few years, I'm sure you can find them online if you try.
I call Bull****
DPI is just another set of words that means traffic sniffer with additional logic. All network devices to at least limited packet inspection, how else would they know what to do with it, or out of which interface to route it. Any device that performs QoS digs even deeper, because to prioritize voice calls over web browsing you've got to identify the protocol, and (hopefully) obey the DCP/TOS fields. The first ~56bytes of every packet tell you where, when, what and how about a packet, the only thing they don't always reveal is the wyhy.
How does that work?
How exactly do you determine that a music download is legal or not? by it's source? by it's content?
A few errors
First of all the article seems to suggest they will only be monitoring p2p communication - this isn't actually true. They intercept -all- the comms data from that 40% of the network and then use the DPI to determine whether or not it is peer to peer then they mirror that portion of the traffic for further analysis (or at least that is how I have been told it is going to work).
Secondly, I have seen a lot of press releases from VM saying they have been in discussions with the EC about this - not according to the Commission they haven't. In my discussions with the Commission they told me neither Virgin nor Detica had been in touch with them and I know they have stated the same to at least one journalist as well.
Now to the most important point - under RIPA 2000 it doesn't matter what they do with that data once they have intercepted it - the whole "We anonymise it" argument is simply misdirection - the law states that it is a criminal offence to intercept communications irrespective of how they are then processed, without first having obtained consent from all parties involved in that communication or a court issued warrant.
If I have said it once I have said it 20 times - if Virgin Media deploy this technology Privacy International will make a criminal complaint to the Metropolitan Police - we are not bluffing, we are incredibly serious. For those who think this is an idle threat I should remind you I already have a criminal case filed against Phorm and BT which is currently with the CPS by instruction of the Director of Public Prosecutions.
Unfortunately the inaction on the Phorm case seems to be giving the other players hope of 'getting away with it' - except they didn't count on those pesky kids again :)
Hope you're getting some sleep these days Alex :)
I havent said anything for months.......
.....but Virgin Media is not Branson/Virgin. It is still NTL, they PAID Virgin for the right to use the name when they took over Virgin mobile. The parent Virgin company licensed the name for some shares.
As for asking Ofcom and the rest, if any do provide an answer either way they will leave themselves open to a serious thrashing from the EU. If they say no then they will be forced to take BT and Phorm to task, if they say yes then the European courts will invite them to tea and a huge fine.
A strong correlation between expensive data packages and file-sharing.
Almost as if the only reason people bother spending extra on the larger packages is so that they can download more stuff, more often.
Check 'encryption required' and shazam, Virgin just wasted a lot of money. That's why this anonymous DPI device doesn't bother me too much (but yes, where does it stop...)
Honestly though, when all the theatrics of DPI, the Digital Econemy Bill etc. are over, do you really see illeagle file sharing being hugely affected? Encrypted VPN's, IRC, and of course new emerging technologies will of course make sure freetards are always a step ahead. Which suits me perfectly.
Calm down dear, It's only a commercial...
Who cares whether it works?
I suspect someone just wants it approved for use in principle. Once you have a precedent, you can expand it to do what you really want later.
Once you've cleared any "expectation of privacy" the field is clear for all sort of things, like phorm.
Oh look, our dpi host now has an automated torrent-joining plugin! Now it has a web destination plug-in and we can send information to Google/MS/Apple/Bad guy du jour to help with their search engine/iTunes suggestions.
I'm beginning to feel like Ian Paisley in my reaction to things like this...
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Review Xperia Z3: Crikey, Sony – ANOTHER flagship phondleslab?
- Human spaceships dodge ALIEN BODY skimming Mars
- Downrange Are you a gun owner? Let us in OR ELSE, say Blighty's top cops
- Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know