Tech Wars: P-to-P Friends, Foes Struggle

WASHINGTON -- The duel between peer-to-peer file-sharing fans and their opponents who want to protect copyrighted materials is turning into a high-tech arms race, as each side boosts the stakes with digital weaponry.

The race has escalated recently, with the government pressuring universities and the Recording Industry Association of America sending brochures to Fortune 1000 companies, both urging a stop to illegal file sharing. The RIAA is also taking legal action, suing several P-to-P sites and trying to force ISPs to reveal identities of customers who frequent P-to-P sites. The confrontation is only intensifying.

Digital Deterrents

Both fans and foes of P-to-P activity are turning to technological deterrents.

Universities and businesses that want to stop their users from engaging in file sharing on the likes of Kazaa or Morpheus have cracked down, monitoring network traffic or strengthening firewalls. But they are also finding that firewalls and filters that block certain content from entering a network are becoming ineffective, says Dr. John Hale, the director of the Center for Information Security at the University of Tulsa.

P-to-P service users are responding with technological weapons of their own, hiding messages to blend with other traffic and varying the communication ports they use to evade these devices.

"Ultimately, end-to-end encryption of communication channels will make it virtually impossible for system administrators and Internet service providers to monitor network traffic," Hale says.

In response, technology to stop illegal sharing of copyrighted material is going through its first evolution. The Center for Information Security is analyzing alternate strategies, including working within the P-to-P network with new strategies like file spoofing and interdiction. One advantage is that the copyright holder can control both of those strategies without the cooperation of an ISP or an administrative presence on the network, Hale says.

Tech Tricks and Traps

File spoofing involves uploading even more material to the P-to-P network; it calls for flooding it with decoy downloads created with the approval of the copyright owner.

It appears to be one of the most effective and legally viable methods of preventing P-to-P sharing, Hale says. Spoofing makes it hard to find real media in a P-to-P search because the decoys, which may be ads or low-quality media, can vastly outnumber the pirated versions, Hale says.

For the most part, file spoofing is being kept low profile. Musicians typically don't admit they're hiring techies to spoof, so it's hard to tell how widespread the practice is, Hale says. Rap singer Eminem and the band The Bare Naked Ladies are among those known to spoof, he adds.

For more than a year, the technical consulting firm Overpeer has distributed hundred of millions of files every month on the leading P-to-P networks, says Mark Morgenstern, chief executive officer. He says the company is very successful at intervening for their clients to protect copyrighted music, games, video, and software. He measures their success by how often users access Overpeer files when apparently seeking pirated content.

Overpeer also keeps a low profile; the company's Web site offers no information but a street address in New York City and an e-mail address. Morgenstern emphasizes that Overpeer's clients are the copyright holders, and its work is protecting copyrighted material.

Chris Hoofnagle, deputy counsel for the Electronic Privacy Information Center, says that spoofing probably isn't illegal. Congress considered--but did not pass--a bill stating that copyright holders have the right to take such measures.

Swamping the Search

A second tactic of P-to-P foes, interdiction, targets the search process. It repeatedly requests media on a P-to-P network, starving out other searches by occupying the request line so others cannot access it.

EPIC's Hoofnagle questions the legality of this tactic. The method resembles a denial-of-service attack, which involves bombarding a specific Web server with so many requests for information that it can't keep up and crashes. A denial-of-service attack is illegal under the Computer Fraud and Abuse Act, Hoofnagle says.

However, Hale says such countermeasures are probably inevitable, since other efforts to thwart P-to-P network operations do not work. Even when companies and universities try to stop their users from accessing P-to-P sites, the deterrents are not always effective; of course, home users with broadband access have no IT departments trying to block their moves.

The Center for Information Security has been building tools, but not executing them, while they evaluate the potential downsides and hidden dangers, Hale says.

P-to-P networking itself is not a bad thing, because it could sustain network activity if one part of a network fails, Hale adds. There is a "real potential in raising it up, in creating peer groups that have something to say, which can share interests," he says. "In legal uses, peer-to-peer networking could be the next wave in computing, proving that it is more than a breeding ground for pirated music."