There have been several reports about the next stage in the War on Piracy (must avoid making off-topic comments about the inherent stupidity of declaring armed hostilities against abstract concepts). I am talking of course about “Operation In Our Sites” (must not comment about some poor smug bureaucrat who thought the pun was funny). [...]]]>

Root servers

There have been several reports about the next stage in the War on Piracy (must avoid making off-topic comments about the inherent stupidity of declaring armed hostilities against abstract concepts). I am talking of course about “Operation In Our Sites” (must not comment about some poor smug bureaucrat who thought the pun was funny). This new project from the U.S. Immigration and Customs Enforcement (ICE) is designed to execute domain name seizure warrants against websites engaged in movie piracy. In other words, ICE will ask a court to issue a warrant against these websites, and these will have their domain names removed.

How is it possible to remove a domain name you may ask? The clue is in the structure of internet governance of domain names. ICANN, the governing body coordinating the international domain name system, is a private corporation with ties to the U.S. Department of Commerce. Because of this, a court order delivered in the United States against a registrar can knock out a domain name by re-assigning it in the domain name system. This action will not remove the server from the internet, but it will disassociate the IP address of the web server where the site is hosted with the domain name people use to access it. If the site is not hosted in the United States, then it is possible that it will remain working, but it will be slightly more difficult for people to find it.

What is the effect of the seizure? Say you type the name of one of the affected sites in your browser (say, www.thepiratecity.org), you will get a screen with a copyright warning and nothing else. The site will still be hosted in its server, but the world has no way of knowing this IP address. Perhaps it will be shared through blogs, mailing lists and other viral means, but it will not be found through search engines.

This is a tremendously effective strategy in the short-term, but it is doomed to failure in the long-term. The main thing is that these sites have not been completely taken off the internet, they are still hosted somewhere. It is possible that these sites may be driven to darknets and other services that do not necessarily rely on the DNS system. But what is more likely to happen is that other services will spring up to carry the slack. What cannot be underestimated is the fickle nature of file-sharers, they will move on to a new site as soon as the last one was shut down.

It is perhaps an indication of how times have changed that the content industries have won some decisive legal battles in court against Limewire, isoHunt and the PirateBay, yet these have not prompted the same level of scrutiny that previous cases have.

The reason for this is quite simple. Whoever thinks that the legal victories [...]]]>

Wishful thinking?

It is perhaps an indication of how times have changed that the content industries have won some decisive legal battles in court against Limewire, isoHunt and the PirateBay, yet these have not prompted the same level of scrutiny that previous cases have.

The reason for this is quite simple. Whoever thinks that the legal victories against these services will dent P2P usage is seriously deluded. Limewire for example belongs to an era long gone in file-sharing terms, it was the client-based model of P2P which provided a centralised home for infringement, and therefore it was an easy target for litigation. isoHunt and the Pirate Bay are where the file-sharing action is, but these services are not at all similar to clients such as Limewire.

Take isoHunt for example, it is a torrent indexing site which does not host the torrents, it merely links users to where torrents can be found. The injunction against the service has definitely crippled the service in the U.S., although it is hosted in the United States Canada. The injunction was very specific about the nature of the service, and it found that the site’s owners “engaged in purposeful, culpable expression and conduct aimed at promoting infringing uses of the websites.” However, the service is still running, and I was able to find links to infringing torrents as of writing this post. Yet even if isoHunt is taken down tomorrow, there are still several services waiting in the wings.

Similarly, The Pirate Bay appears to be unsinkable. After being taken down by injunctions against their servers in Germany, the Pirate Bay resurfaced with bandwidth provided by the Swedish Pirate Party. In a game of cyber-cat and cyber-mouse, the Pirate Bay continues to laugh in the face of injunctions, and its loyal and technologically savvy base seems determined to maintain the iconic service running come what may. And yet again, there can be little doubt that if the Pirate Bay disappeared tomorrow, others would take its place.

This is the conundrum facing the content industries. Do they continue allocating resources to fighting the unbeatable P2P hydra, or do they give up and invest in other business models? It may surprise some people that I feel sorry for copyright owners. I strongly believe that creators have a right to remuneration, and I can empathise with some of the arguments put forward by authors who see their livelihoods affected. But then again, many of us following and chronicling the copyfight have been urging the industry to explore new business models, as it is unlikely that they will win this war in the courts. They will win many legal battles, but the war has been lost for many years now. The usual reference to clichés involving genies, bottles and boxes apply.

I do not expect some sectors of the content industries to give up, and I am heartened by signs that some people do get it, and know that the markets have shifted, and revenue streams are to be found elsewhere. How many pyrrhic victories will it take for the rest of the industry to decide that the battle lies elsewhere?

So, what many suspected has come to pass, our deepest fears confirmed and one of the worst possible texts adopted. The Digital Economy Bill has gone through the wash-up process in the very last day of this Parliament. I am expecting others to go into the detail of [...]]]>

The Dark Lord of the Sith never rests

So, what many suspected has come to pass, our deepest fears confirmed and one of the worst possible texts adopted. The Digital Economy Bill has gone through the wash-up process in the very last day of this Parliament. I am expecting others to go into the detail of what is actually in the Bill soon enough, this morning I feel neither the inclination nor the will to go through the document. However, just browsing through the online version of the Bill, it seems like the final text is not up yet, as it still contains clause 43 on orphan works, which I believe was dropped last night.

What I want to comment on is something deeper, and perhaps more important in the long run than that arising from the letter of the law.  The UK Parliament has been suffering since the expenses scandal broke last year. Public perception of politicians is at the lowest point in this country, just at the same time as they call a general election. So what do they do to regain the trust of the people? Pass a controversial piece of legislation with the most undemocratic process possible, with minimal discussion, while being witnessed by thousands of constituents who have no other recourse than being thoroughly disgusted and disillusioned by the entire process.

One of the things that has struck me the most about the debate is the amount of public sentiment that it has generated. It has been discussed in Radio 4′s Now Show (relevant clip here), it has been the subject of a Panorama investigation, and a very critical clip from the Culture Show. A call to tell MPs to give the Bill proper oversight prompted a staggering letter-writing campaign of 20,000 people. During the debates, thousands tuned in to the BBC’s website to watch the proceedings live, and the Twitter stream #debill describing the third debate accumulated thousands of tweets, and became the second trending topic worldwide, as people in other countries became interested as well and retweeted what was happening in the UK. My own tweets about the Digital Economy Bill got retweeted from people in Colombia, India, Australia, Mexico and the United States, just to name a few. The public outcry on Twitter was such that the #debill hashtag beat Manchester United and Justin Bieber as trending topics.

Something important and wonderful was happening online. This is the type of democratic engagement that politicians supposedly dream of. They want our votes, they want us to care, they want us to be involved. Unless it is about something that has already been decided and negotiated by the powers-that-be, in that case we just become a nuisance, part of an annoying self-referential minority that can be easily ignored. It’s back to business as usual. It is precisely this disconnect between genuine public interest and the vested interest of powerful lobbyists what is destroying democracy. When people tuned in to watch the debate online, they could witness with their own eyes just how undemocratic the entire system is. Letters do not matter, what matters is the sickening toadying MP making reference to Feargal Sharkey’s Undertones, while sycophantily winking at him in the stands.

However, politicians anger geeks at their own peril. We are packing code, and we ain’t afraid to use it. Already there has been a beautiful mash-up (or whash-up, geddit?) singing that Creativity is the Enemy. Thousands of Twitter users have signed up to oppose the Bill. There is already a list of who voted No, and a staggering website with an indication of who was present during the second reading of the Bill. I do not expect the geeks to take this one lying down.

If you follow technology news services and blogs that are vaguely interested in digital rights issues, you must already have heard about ACTA, the Anti-Counterfeiting Trade Agreement. This is a multilateral trade agreement between the EU, the US, Mexico, Canada, Australia, South Korea, New Zealand and a few [...]]]>

"I find your lack of copyright enforcement disturbing"

If you follow technology news services and blogs that are vaguely interested in digital rights issues, you must already have heard about ACTA, the Anti-Counterfeiting Trade Agreement. This is a multilateral trade agreement between the EU, the US, Mexico, Canada, Australia, South Korea, New Zealand and a few others, currently negotiated in secret that is set to tackle copyright infringement issues. As the name indicates, the aim of the agreement is to tackle counterfeiting. However, the most controversial aspect is that various sources have disclosed that the agreement is set to export some of the worst maximalist legislation out there, particularly in an attempt to curb illegal file-sharing. For the most detailed in-depth analysis of what has been happening so far, Michael Geist’s blog is the place to be. Nonetheless, I have been meaning to take stock and write a synopsis of what has happened so far for my own benefit. If you are confused about the various claims and counter-claims, I hope you find this useful.

The main problem with ACTA is that the negotiations have been closed. Secrecy leads to fear, fear leads to hate, hate leads to anger, anger leads to the Dark Side. One problem that I have noticed, and which has already been picked up by some defenders of the agreement, is that some of the language attacking ACTA seems to be rather overboard. This is an agreement that will end Web 2.0 services, it will eradicate the Internet as we know it and replace it with an alien reptilian replicant. So I have decided to go through what we know about the agreement so far. It must be pointed out that this is the perfect time to take stock, the next round of negotiations is coming up in April, so if there is something to be worried about, we should make a fuss right now.

So what do we really know about the agreement? Relatively little. Because of the secret negotiations, we only have had some leaks here and there. I will not recount the history of the talks (for that, again, I refer you to Michael Geist), but I will only mention that the agreement has been in negotiation since 2008, and that, as mentioned, the process has been shrouded in secrecy. Had it not been for some whistleblowers like Geist, ACTA would now be in an almost final stage with little or no public oversight whatsoever. Whatever one may think about some of the more colourful and fanciful speculation out there, the spotlight cannot hurt, ad we will not be taken by surprise.

So, what does the text say? The most important leak so far came in mid-February, and it was precisely what we were hoping to see, namely Article 2.17: Enforcement procedures in the digital environment (pdf here). The text starts out in a seemingly innocuous manner:

“Each Party shall ensure that enforcement procedures, to the extent set forth in the civil and criminal enforcement sections of this Agreement, are available under its law so as to permit effective action against an act of, trademark, copyright or related rights infringement which takes place by means of the Internet, including expeditious remedies to prevent infringement and remedies which constitute a deterrent to further infringement.”

This is frustrating, as we do not have the current civil and criminal enforcement sections. There are some earlier proposals out there (here and here), and a European leak with country positions  regarding civil enforcement here, but we do not have a clear idea of what the final text will look like. Two things are worrying however. As EU representatives have mentioned, current European copyright obligations do not mention specifically criminal and civil liabilities, but “adequate legal protection…” Another worrying aspect from the existing civil liability section is that ACTA exports the DMCA’s infamous statutory damage provisions, as it asks other countries to calculate damages in the following manner:

“[I]n determining the amount of damages for infringement of intellectual property rights, its judicial authorities shall consider, inter alia, the value of the infringed good or service, measured by the market price, the suggested retail price, or other legitimate measure of value submitted by the right holder.”

This means that we might see some of the most outrageous American copyright enforcement damages, such as the Jammie Thomas-Rasset and Joel Tenenbaum cases, exported to jurisdictions where damages are nowhere near what is proposed. The other concern is that the civil enforcement section could contain a three-strikes clause. We just do not know yet.

Paragraph 2 is a bit odd. It requires the enactment of third party liability, but this is surely already part of most agreements, so why include it here? My guess is that this is setting up the stage for continuing the war against intermediaries that is being waged at the moment. The language is broad enough as to include almost anything.

Paragraph 3 creates rules that will allow service providers, intermediaries and third parties to operate despite what has been mentioned in paragraph 2. In other words, Paragraph 3 will export American safe harbours and notice and take-down regimes. What bothers me is that Paragraphs 2 and 3 create a noxious environment in which third party liability is the rule, not the exception. Intermediaries will be liable with two exceptions. The first one reads:

“[Each party shall] (a) provide limitations on the scope of civil remedies available against an online service provider for infringing activities that occur by:
(I) automatic technical processes and
(II) the actions of the provider’s users that are not directed or initiated by that provider when the provider does not select the material, and
(III) the provider referring or linking users to an online location when, in cases of subparagraphs (II) and (III), the provider does not have actual knowledge of the infringement and is not aware of the facts or circumstances from which infringing activity is apparent [...]“

So, if you are an intermediary, you have to make sure that all of your processes are automated, that you do not exercise any editorial and selection process whatsoever, and you make your best effort not to know anything that happens with your providers. Otherwise you might be liable. The second exception is:

“(b) condition the applicantion of the provisions of subparagraph (a) on meeting the following requirements:
(I) an online service provider adopting and reasonably implementing a policy to address the unauthorized storage or transmission of materials protected by copyright or related rights except that no Party may condition the limitations in subparagraph (a) on the online service provider’s monitoring its services or affirmatively seeking facts indicating that infringing activity is occurring; and
(II) an online service provider expeditiously removing or disabling access to material or activity, upon receipt of legally sufficient notice of alleged infringement, and in the absence of a legally sufficient response from the relevant subscriber of the online service provider indicating that the notice was the result of a mistake or misidentification. Except that the provisions of (II) shall not be applied to the extent that the online service provider is acting solely as a conduit for transmissions through its system or network.”

As stated, this pretty much exports DMCA notice-and take down. You must have a policy to take down content as soon as you’re told, and must make sure to take down the content ASAP.

Paragraphs 4-6 are also DMCA export provisions, as they make it an obligation to export the DMCA’s anti-circumvention provisions, particularly criminal liability for breaking DRMs. Paragraph 6 specifically talks about rights management information (mostly metadata integrity).

So, what’s the verdict? It’s too early to tell. I will reserve full comment until I get to see a reliable draft of the civil and criminal enforcement sections. So far, I do not particularly like what I have seen. I agree with people like Ben Sheffner and Nate Anderson who comment that what we have seen of ACTA does not affect the United States that much, they already have the mother of all maximalist copyright protection. However, their comments seem rather short-sighted, and tend to forget that there are lots of other countries who will sign the agreement. The provisions are already in US law, so don’t worry, they would come to you anyway in some shape or another.

The problem that I have with exporting DMCA-level of protection is that Americans have a huge counterbalance to those provisions in the shape of Fair Use dcotrine. We do not. We have fair dealing, an exhaustive list of exceptions and defences. We get the DMCA, but without any balance. Why is it that the American copyright system seems keen to export maximalism, but not fair use?

Hopefully, there seems to be some opposition building up this side of the Atlantic. Stay tuned.

Update: The European Parliament has voted in favour of opening up the ACTA negotiation 633-13. Things are getting interesting.

As was mentioned last week, we have been expecting an important ruling with regards to internet service provider (ISP) liability from Australia.  Behold Roadshow Films Pty Ltd v iiNet Limited [2010] FCA 24.  This is a case of tremendous importance [...]]]>

What did you say Skippy? ISPs are not liable for the infringement committed by their customers?

As was mentioned last week, we have been expecting an important ruling with regards to internet service provider (ISP) liability from Australia.  Behold Roadshow Films Pty Ltd v iiNet Limited [2010] FCA 24.  This is a case of tremendous importance because it is one of the first skirmishes in the brewing struggle between content owners and intermediaries (I use the term intermediaries on purpose, as the wider dispute encompasses companies such as Google).

iiNet is an Australian internet provider, which was sued by Australian film producer Roadshow Films, part of the Village Roadshow conglomerate.  However, the real power behind the suit was the weight provided by several Hollywood studios, including Warner, Columbia, 20th Century, and Sony Pictures.  The question at the heart of the proceedings was whether an ISP is to be held liable for the copyright infringement committed by its customers.  Call me cynical, but it seems like the film studios chose Australia as the first place to test this theory because Australian copyright law holds secondary infringement as direct infringement.  In other words, anyone making available copyright works will be held similarly liable, whether they do so directly or indirectly.

This is a lengthy and complex ruling, but it is remarkable that it has fallen upon a judge that seems to get the importance of the ruling in the wider context, and also who got the technical complexities involved.  Cowdroy J has managed to wade through the technical issues with exceptional clarity, and has produced a ruling that should become an instant classic.  The judge accurately identifies that the case hinges on two simple questions.  Have the iiNet customers infringed copyright directly?  The answer is yes.  Has iiNet authorised the copyright infringement of its users by failing to take steps to stop it from happening? Here the answer is no. The reasoning behind the negative answer is set out clearly:

“12. Firstly, in the law of authorisation, there is a distinction to be drawn between the provision of the ‘means’ of infringement compared to the provision of a precondition to infringement occurring. The decisions in Moorhouse, Jain, Metro, Cooper and Kazaa are each examples of cases in which the authorisers provided the ‘means’ of infringement. But, unlike those decisions, I find that the mere provision of access to the internet is not the ‘means’ of infringement. There does not appear to be any way to infringe the applicants’ copyright from the mere use of the internet. Rather, the ‘means’ by which the applicants’ copyright is infringed is an iiNet user’s use of the constituent parts of the BitTorrent system. iiNet has no control over the BitTorrent system and is not responsible for the operation of the BitTorrent system.
13. Secondly, I find that a scheme for notification, suspension and termination of customer accounts is not, in this instance, a relevant power to prevent copyright infringement pursuant to s 101(1A) [...]
14. Thirdly, I find that iiNet simply cannot be seen as sanctioning, approving or countenancing copyright infringement. The requisite element of favouring infringement on the evidence simply does not exist. The evidence establishes that iiNet has done no more than to provide an internet service to its users. This can be clearly contrasted with the respondents in the Cooper and Kazaa proceedings, in which the respondents intended copyright infringements to occur, and in circumstances where the website and software respectively were deliberately structured to achieve this result.
15. Consequently, I find that the applicants’ Amended Application before me must fail.”

This conclusion is both astute and well informed, as it takes into account the very clear distinction between an internet service provider, and the producer of software designed specifically to authorise copyright infringement, such as Kazaa.  Cowdroy J goes in detail through some of the most relevant aspects of the technology, namely the intricacies of Bittorrent transactions, and also whether the identification of customers is reliable.  To me one of the most important parts of the ruling is that we get a very clear legal explanation of the Bittorrent protocol:

“70. To use the rather colourful imagery that internet piracy conjures up in a highly imperfect analogy, the file being shared in the swarm is the treasure, the BitTorrent client is the ship, the .torrent file is the treasure map, The Pirate Bay provides treasure maps free of charge and the tracker is the wise old man that needs to be consulted to understand the treasure map.
71. Whilst such an analogy grossly oversimplifies the situation it will suffice for present purposes. It demonstrates that all of the constituent parts of the BitTorrent protocol must work together before a person can access the file sought. In this judgment the Court will refer to all the constituent parts together as the ‘BitTorrent system’.
72. Such analogy also demonstrates that a number of deliberate steps are required to be taken by a person to bring about the means to infringe the applicants’ copyright. The person must download a BitTorrent client like Vuze, seek out .torrent files related to copyright material from websites, and download those .torrent files and open them in their BitTorrent client. Thereafter, the person must maintain connection to the internet for as long as is necessary to download all the pieces. The length of this downloading process will depend on the size of the file, the number of peers in the swarm and the speed of those peers’ internet connections.”

The other remarkable part of the ruling is that we get a very detailed insight into the technology involved in the detection of repeat infringers.  The applicants use a Bittorrent client called DtecNet, which singles out infringing torrents identified by the content owners, and starts downloading from the participant sharers in the swarm.  The agent downloads a full copy of the file to establish that this is indeed an infringing copy, and then identifies IP addresses in the iiNet network.  The agent would then download one piece of the full file from a specific IP address, and would continue to download a piece every 24 hours from the same address.  This technical operation was able to establish that there were indeed iiNet customers sharing infringing files repeatedly, but here is where one of the most interesting findings takes place.  Cowdroy J accurately points out that the infringement is much less widespread than previously beieved, and particularly, seemed to express doubt as to the efficiency of matching IP addresses with specific customers.  Another interesting technical issue that came to bear on the liability issue was the fact that the applicants were trying to paint a picture that a large portion of an infringer’s broadband use would be dedicated to illegal filesharing, while the evidence was to the contrary.

Turning to the legal aspects, one of the most important questions in the ruling is whether each time a user connects to the internet it should be considered as a fresh count of making the work available to the public, or whether the first action, namely downloading the .torrent file and seeding it, would be one single count.  Cowdroy J opines:

“310. [..] The Court finds that it is the wrong approach to focus on each individual piece of the file transmitted within the swarm as an individual example of an ‘electronic transmission’. The BitTorrent system does not exist outside of the aggregate effect of those transmissions, since a person seeks the whole of the file, not a piece of it. In short, BitTorrent is not the individual transmissions, it is the swarm. It is absurd to suggest that since the applicants’ evidence only demonstrates that one piece of a file has been downloaded by the DtecNet Agent from each iiNet user (in some cases more than one, but not many more), the applicants cannot prove that there have been ‘electronic transmissions’ by iiNet users of the applicants’ films. But it is equally absurd to suggest that each and every piece taken by the DtecNet Agent from an iiNet user constitutes an individual ‘electronic transmission’ infringement.
311. The correct approach is to view the swarm as an entity in itself. The ‘electronic transmission’ act occurs between the iiNet user/peer and the swarm, not between each individual peer. One-on-one communications between peers is the technical process by which the data is transferred, but that does not mean that such level of detail is necessarily what the communication right in s 86(c) focuses upon. While the DtecNet evidence cannot prove directly that an iiNet user has ‘electronically transmitted’ a film to the swarm (it can only show that the data has been ‘electronically transmitted’ to the DtecNet Agent acting as a peer in the swarm) the evidence is sufficient to draw an inference that in most cases iiNet users have done so. “

There are many other legal aspect treated, most of them are specific to Australian copyright law.  The most relevant from an international perspective, and one that has been highlighted elsewhere, is that the ruling seems to seriously attack the viability of three-strikes approaches to copyright infringement.  Firstly, there is a lengthy discussion about the legal reliability of evidence obtained by agents acting on behalf of the copyright owners, when by definition those agents are licensed by the owner to undertake actions that would otherwise be infringing, namely, collect copies from the internet.  Secondly, there is the troublesome issue of how such evidence should be suspect in the first place.   Cowdroy J says:

“631. [...] the Court finds that it would not be appropriate to construe the safe harbour provisions such that there is an expectation on the [ISP] to terminate its subscribers at the request of a person who does not swear to the truth of his statement, and is an employee of an organisation whose precise legal status vis-à-vis the relevant copyright owners and exclusive licensees is not at all clear. Allegations of copyright infringement are serious charges which are potentially defamatory. Further, AFACT (the Australian copyright enforcement agency) enjoys no status as an authority invested with power to issue legally enforceable directions.”

This paragraph should be printed out and handed out to the Lords currently discussing the Digital Economy Bill (wink, wink, ORG).  We cannot possibly build a system of punishment that relies entirely on suspect accusations without any legal recourse.  The very principles of fairness and due process of law are at stake here.

What a refreshing ruling from Down Under.  Unfortunately, another copyright case from the land where women glow and men plunder has overshadow this more important development.

I just smiled and gave me a vegamite sandwich.

Things are heating up in the fight against piracy in the UK.  Virgin Media has announced that it will use deep packet inspection (DPI) software to analyse whether its customers are sharing copyright infringing material.  Privacy International has brought this practice to the attention of both the [...]]]>

"These are not the packets you are looking for"

Things are heating up in the fight against piracy in the UK.  Virgin Media has announced that it will use deep packet inspection (DPI) software to analyse whether its customers are sharing copyright infringing material.  Privacy International has brought this practice to the attention of both the European Commission and the Information Commissioner, who are looking into the affair.  But most interestingly, Privacy International has also threatened to report Virgin Media to the Metropolitan Police for contravening the Regulation of Investigatory Powers Act (RIPA, yes, the acronym does sound like a flesh-eating dinosaur, or a killer robot).

It seems clear that Virgin’s DPI system is similar to our old friend Phorm, and the European Commission has already made it clear that it considers such technologies as interception, and that clear customer consent is required in such cases.  I would not be surprised if they have similar objections against Virgin Media’s software.

However, the claim that deep packet inspection might constitute a criminal offence is much more interesting from a legal perspective.  RIPA establishes a criminal offence for the interception of telecommunications.  It defines interception like this:

“For the purposes of this Act, but subject to the following provisions of this section, a person intercepts a communication in the course of its transmission by means of a telecommunication system if, and only if, he—

(a) so modifies or interferes with the system, or its operation,
(b) so monitors transmissions made by means of the system, or
(c) so monitors transmissions made by wireless telegraphy to or from apparatus comprised in the system,

as to make some or all of the contents of the communication available, while being transmitted, to a person other than the sender or intended recipient of the communication.”

There are several elements here, but the most important one is that some or all of the communication must be made available to non-intended receivers, and that such communication must have been interfered with or monitored.  Here is where we need to analyse in more detail what is considered deep packet inspection in order to ascertain if it fulfils the cited definition.  Internet transmissions are not a monolithic set of bits, they are broken up into packets of information; Internet packets (or IP packets), consist of two elements, the header (which describes the information contained in the packet), and the payload (the information itself).  Most packet inspection only looks at the header, and therefore it does not know what type of data may be contained in the payload.  Deep packet inspection looks at the packet information itself to determine if it may match a certain objectionable data profiles, such as viruses, worms, spam, or denial-of-service attacks.  DPI does not look at the semantic meaning of the data, but looks for data profiles, so DPI will in theory know that what you are looking is a picture, but it will not know that you are looking at a lolcat or a Picasso.  However, the uniqueness of information is such that it would be easy to build profiles of usage data that could have serious privacy implications.

Modern DPI systems claim to be able to provide both security and privacy, but as with Phorm, we might be faced with slippery-slope arguments.  Virgin claims that the data is anonymous, and that “CView works at a core-network level, and simply analyses, entirely anonymously, the percentage of data that flows across the network that is copyrighted and being shared unlawfully”.  Nonetheless, a strict reading of the definition in RIPA would lead one to believe that DPI fulfils that definition, and therefore it could be considered interception, and hence a criminal offence.  Nonetheless, the language of the relevant section in RIPA is very broad, so it is hard to determine if the Crown Prosecution and the courts would agree.

What seems clear is that Virgin may have a lengthy legal dispute in its hands if it insists on using DPI.  While they have not stated it, Virgin might be taking this decision in order to pre-empt any potential legal threats as content owners insist more and more on making ISPs liable for illegal content shared in their networks. It will be interesting to see if other ISPs follow Virgin’s lead.

Update: John Halton has usefully pointed out that the Lawful Business Practice Regulations 2000 might apply here. Interesting!

Update 2: And in an inevitable two fingers to surveillance, PirateBay announces its own VPN service.

With sizes of up to 64GB contained in a tiny card the size of a coin, I wonder why the content industries are not concentrating more on such storage devices, and continue to insist that the war on piracy is an online endeavour.  When I can copy my entire music [...]]]> As usual, xkcd makes an excellent point:

With sizes of up to 64GB contained in a tiny card the size of a coin, I wonder why the content industries are not concentrating more on such storage devices, and continue to insist that the war on piracy is an online endeavour.  When I can copy my entire music collection and place it in a small USB key, or a MicroSD card, P2P seems like a hassle.

PS:  Andrew, I copied the Alt text this time