nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

Spook firm readies Virgin Media filesharing probes

'Witch-measuring not witch-finding'

By Christopher Williams, 7 Dec 2009

The corridors at Detica's central London "Nerve Centre" are lined with portraits of the heroes of Bletchley Park, Britain's World War Two code-breaking powerhouse.

The black and white gallery acted as an reminder of the secret government business where the firm makes most of its money when The Register visited recently. We were there to discuss Detica's uncharacteristically public new venture, however: a bravely-timed saunter onto the illegal filesharing battlefield.

The BAE-owned firm has been engaged by Virgin Media to measure the level of music copyright infringement on its network via peer-to-peer protocols, on a trial basis beginning "by the end of this year". Detica plans to do this by inserting Deep Packet Inspection (DPI) probes into the ISP's network and looking inside a copy of users' traffic.

"There's not going to be many, because they're expensive," said Dan Klein, Detica's media accounts director, and the man in charge of the trial.

Nevertheless, it's planned the system, CView, will examine 40 per cent of the traffic sent and received by Virgin Media's four million subscribers. Those 1.6 million-or-so customers at any one time won't know their traffic is being examined and won't be able to opt out.

CView will look for three types of filesharing traffic: eDonkey, Gnutella and BitTorrent. Each is identifiable by the header data that routes each packet as it travels across the internet. Most ISPs already measure traffic passing through their networks this way, allowing them to manage bandwidth across web browsing, streaming, filesharing and other applications.

CView will go several major steps further though. Once it has identified a eDonkey, Gnutella or BitTorrent session, it will strip out the IP address of the user from each packet, replacing it with a randomly-generated unique identifier and pulling out an "acoustic fingerprint". The processed material will be sent on to a central server run by Detica to be matched against a database of acoustic fingerprint of copyright songs provided by a third party.

Klein wouldn't identify the database Detica will use during the trial, but the same technology is on offer from Audible Magic, Gracenote and Shazam.

From there a series of statistics will be generated. Reports will tell Virgin Media how much of the peer-to-peer traffic infringes copyright and what the most popular tracks and albums are.

The reports will be delivered weekly, or monthly, or even quarterly, Klein said. It's one of many details of the trial yet to be decided. "We don't know who's going to end up paying for this," he added.

Perhaps most importantly, at least at first, CView will measure how the overall level of copyright infringement via peer-to-peer networks responds to Lord Mandelson's letter-writing campaign. If the Digital Economy Bill is passed in what remains of this Parliament, those observed by rights holder groups sharing copyright material could start receiving statutory warnings in the post from their ISP as soon as April.

A year later a system of "technical measures" - bandwidth restrictions, blocked protocols and disconnections for the most persistent - imposed on ISPs by Ofcom, is likely to follow. If successful in trial, CView will allow Virgin Media to monitor how its customers respond to the regime, although it will not be involved in idenfiying infringers.

This page was corrected to reflect the fact that the acoustic fingerprint of the P2P traffic is taken by the CView box, not by the patten matching server as originally stated.

By then the ISP plans to have launched a legal music download service, so could measure whether the new laws help it convert illegal filesharers into paying customers.

Detica's CView presentation also trailed "aspirational" monitoring of iTunes and other legal music services, which might present some interesting questions for UK competition authorities when ISPs enter the record business.

Both Detica and Virgin Media are at pains to emphasis that all CView monitoring will only be possible anonymously and in aggregate.

According to Klein there is "absolutely no way" CView could ever be used to report the IP addresses of individual filesharers. "We believe identifying the consumer is an invasive use of DPI," he said.

"The key thing is the first thing we do is throw away the IP address," agreed Andy Frost, Detica's director of media, who has been working on CView for 18 months, ever since it became clear the government planned to legislate against illegal filesharing. Of course, the firm originally developed its DPI probes for another use, at the behest its biggest customers, the UK intelligence agencies.

When the trial was announced at the end of last month, in comments pages of The Register and elsewhere it prompted repeats of well-worn discussions of how to beat DPI monitoring with encrypted peer to peer. Such concerns over being identified miss the point, at least of CView, said Klein.

"We're not trying to be 100 per cent accurate," he said. "We're taking a statistical view."

Scrambled peer-to-peer packets will be counted to measure changes in the overall level of encryption, but Detica is under no illusions that it will be able to identify what they carry. "It's not realistic and not something we would try," said Klein, a Cambridge engineering graduate.

Despite the assurances of anonymity - perhaps partly because of them - it's undeniable that CView in many ways recalls the Phorm targeted advertising fiasco. Both systems rely on the same DPI technology and both firms claim they comply with all the relevant privacy legislation.

The main difference, likely to limit opposition to CView as currently envisaged, is that with internet users are not to be targeted by the system, and there should be no change to their online experience when it is switched on. Rather, CView will merely measure filesharers as a group. The test for Virgin Media and Detica will be whether, once DPI monitoring of peer-to-peer is in place, they can resist the temptation to exploit it further. ®

The Register - Independent news and views for the tech community. Part of Situation Publishing