Upload
marissa-casey
View
220
Download
3
Tags:
Embed Size (px)
Citation preview
Analysis of technical measures to suppress online copyright infringementStakeholder Dialogue on Illegal Uploading and Downloading
Brussels 02nd June 2010
Malcolm [email protected]
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Solving copyright infringement online
Demand-led solution is required New business models that give consumers timely, affordable
and convenient access to digital content legally HADOPI-style disconnection is disproportionate and
contrary to the Digital Agenda Network based technical measures are inappropriate
on technical, legal, economic, and social policy grounds
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Technical objections to network-based measures
Ineffective Cannot significantly inhibit infringing behaviour amongst
those that infringe Harmful to the network
Can reduce network speed, create congestion Introduces new points of vulnerability, reduces network
resilience Tendency for overblocking
Harmful to innovation Reduces network flexibility
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Harmful to innovation: undermining the end-to-end principle
The end-to-end principle is a basic organising principle of the Internet It says that intelligence occurs at the network edges, not in the
core routers It permits technological development, including invention of
web, VoIP, etc Requiring blocking at the network level undermines the end-
to-end principle and the capacity for invention Arguably, it invites network operators to subvert the end-to-
end principle further
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Harmful to the network Three ways network speed is harmed:
1. Direct processing overhead2. Architectural constraints frozen in place3. Diversion of investment and innovation
Network resilience is undermined Introduces new potential points of failure Blocking systems are an attractive target Greatly increased attack surface
Now operating at application layer Blocklist itself is vulnerable, and not only to technical attacks
Tendency to overblocking (depends on technique)
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Inherent inefficacy of network-based measuresas a policy response to
online copyright infringement
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Protection
Compliance
– Help the users to avoid material that they do not wish to encounter
– Prevent users from accessing material that they are actively seeking
Context:Purposes of Content Blocking 1
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Context:Purposes of Content Blocking 2
Protection User does not want to access blocked material User will not deliberately subvert blocking system User’s normal usage will usually not strain the blocking
system by introducing difficult cases Compliance
User wishes to access blocked material User may deliberately subvert blocking system
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Examples
Protection Protecting families from accidentally stumbling across
child pornography sites Protecting bank customers from phishing sites
Compliance Prevent people infringing copyright Preventing people gambling online Preventing religious extremists exchanging views
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Does blocking work?
How hard is it to avoid so-called “mandatory” blocking?
Even if there are counter-measures to blocking, is it still a significant barrier to infringement?
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Analysis methodology
Specify distinct levels of expertise “proficiency levels”
Identify avoidance techniques for each technical measure
Ascertain proficiency level required to employ avoidance technique
Compare required proficiency level to engage in infringement with required level to employ avoidance technique
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Proficiency levels required for avoidanceVERY HIGH Advanced network software research
HIGH Good understanding of networking principles. Basic software development skills.
MODERATE Can search for and find obscure or complex software. Can follow complex instructions. Capable of imagining secondary uses of “dual-purpose” software.
LOW Aware of common applications e.g. peer-to-peer. Capable of following written instructions to download, install and use such software.
VERY LOW Can use web browser, e-mail. Cannot set up own computer to use Internet
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Methodologies of Blocking
End-user filtering DNS poisoning Web Proxy filtering IP blocking Hybrid IP blocking/proxy filter Network-based deep packet inspection & filtering Alternatives to blocking
Removal at source / Disconnection Demand-led solutions
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Avoiding Blocking Systems 1
Surreptitious by-pass by PC user (MODERATE to VERY HIGH expertise)
• End User Filters
– Use different ISP’s DNS resolver (LOW expertise)
– Removal by PC owner (LOW expertise)
– DNS-SEC will make this obsolete
– Run your own DNS resolver (MODERATE expertise)– Avoid or confuse DNS (MODERATE expertise)
• DNS poisoning
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Avoiding Blocking Systems 2
All methods except DPI and End-User Filters– Use Peer-to-Peer (LOW expertise); only provides access to
content, not applications such as gambling sites
– “Anonymizer.com” style tunnel (VERY LOW expertise)
– Create your own encrypted tunnel (MODERATE expertise)
– Confuse the blocking system with technical attacks1 (MODERATE to VERY HIGH expertise, variable effectiveness)
1Simple examples include URL Character encoding, web file-path traversal with “..” etc
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Avoiding Blocking Systems 3
Network-based Deep Packet Inspection Avoidance technique: use file transfer software that
employs encryption
Requires: install peer-to-peer software (LOW expertise) Requires no additional expertise for those who are already
installing such software•Encryption is increasingly built-in and automatic•In software that does not employ yet encryption (or another effective technique), the user would simply experience this as software failure and can simply select a new product that “works”.
Also (or alternatively), other built-in avoidance techniques
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Beyond peer-to-peer Private, password-protected download sites
Easy to establish (VERY LOW expertise) Essentially infinite pool of sites
No limit to number of sites any individual can establish, at least until individual is brought to justice
Pool of opponents is entire file-sharing community Immune to blocking until infiltrated
Location unknown to enforcers; encryption defeats DPI Number of unknown locations is unknowable Cannot appear on blocking list until location is known
Long life before being infiltrated Swift recovery time once infiltrated
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Conclusion of analysis
Network-based measures are inherently ineffective All known measures have well known counter-measures
Counter-measures are intrinsic not implementation-dependent Counter-measures are as easy or even easier to employ than
it is to infringe in the first place Q.E.D., those people already infringing cannot be dissuaded
by such technical “barriers” to infringement It is unreasonable to expect ISPs to deploy inherently
ineffective measures Especially considering other objections
Supporting Annex
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
End User Filtering
Methodology Software installed on each PC prevents access to certain
materials Financial Costs
Varies; from bundled product to around €50 per PC Falls on customer
Non-financial costs Choice of sites to block can be questionable Classification of sites can be questionable
20
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
End User Filtering 2
Features Commonly targets web, e-mail Rarely targets Games, IM, Peer-to-Peer etc Vibrant commercial market means state of the art is
continually advancing Customer has choice of a wide range of reasons for sites to
be blocked (e.g. pornography, violent imagery, gambling, racism, even “lack of educational value”)
21
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Web Proxy Filtering
Methodology All web traffic passed through a proxy cache, which
selectively refuses access to particular web pages Financial Costs
Very high (€100,000s for an ISP with 50,000 customers) Non-financial costs
Can slow down network traffic Can reduce network reliability But no overblocking
22
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Web Proxy Filtering 2
Features Centralised mandatory blocking of all web traffic
Generally, limited block-list from a qualified source e.g. court, IWF Does not block non-web traffic
23
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
DNS Poisoning 1
DNS is the system that translate human-readable addresses into machine-readable Internet protocol addresses Example DNS address: www.google.com Corresponding IP address: 216.239.59.147
Every ISP provides a “DNS resolver” to look up these translations for its customers. Each customer configures their PC to use their ISP’s DNS resolver as
part of the process of connecting to that ISP Whenever they visit a new website (or use any other Internet
resource), their PC contacts the DNS resolver to discover the IP address to contact
Customer could instead configure their PC with any other DNS resolver, e.g. from an American ISP or one they run themselves
24
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
DNS Poisoning 2
Methodology ISP configures DNS resolver to lie about existence of sites
to be blocked Financial costs
Low (Can be less than €5000 per ISP) Non-financial costs
Massive over-blocking, as a whole domain is blocked (e.g. all of MySpace, Geocities, terra.es etc)
Surprisingly difficult to implement without errors25
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
DNS Poisoning 3
Features Blocks more than just web; But non-use of DNS by site operators can limit
effectiveness; and Over-blocking is a serious problem, and can cause
user rejection
26
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
IP Address Blackholing 1
Methodology ISP prevents all traffic from routing to specified IP
addresses Financial costs
Depends on length of block list Non-financial costs
High level of overblocking due to shared web space (e.g. all of MySpace, Geocities, terra.es etc)
27
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
IP Address Blackholing 2
Features Blocks access for all protocols Over-blocking is again a serious problem Danger of unintended outcomes
e.g. Pakistan YouTube incident
28
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
IP Blackhole/Proxy Hybrid (“Cleanfeed”)
Methodology Use the same technology for IP-based blocking to route only
selected traffic to a web proxy; the web proxy decides what to block
Again, web proxy element means only blocks web sites Financial Cost
Less than full proxy, but still substantial Non-financial costs
Over-blocking greatly reduced compared with IP address blackholing 2
9
EUROPEAN INTERNET SERVICES PROVIDERS ASSOCIATION
Encryption and peer-to-peer
Can peer-to-peer file-sharing be protected by encryption without defeating its purpose? Encryption can defeat DPI Manual enforcement at edges can act post TLS decryption
DTECNET/Media Sentry approach Only works for transport-layer encryption, not encrypted payloads
IP address thereby obtained can be used for enforcement But DPI still cannot break encryption tunnel
Technically possible to spot (and block) all activity by same IP address (super-HADOPI)
Still not possible to identify similar transfers by this or other IP addresses