Intellect or Insanity, Jonathan Klinger's Blog

This Wednesday I’ll speak in CloudCon 2011, instead of a regulatory lecture, I decided to focus about a technological solution to a legal problem, which I believe might be elegant. I’d appreciate it if you could join me at CloudCon or just come over to say hi.

0. The Cloud and Your Information.
On the verge of the Age of Intelligent Machines, Cloud Computing brings a new era for data processing. The Cloud holds more and more information, where data owners and data subjects lose physical control over it. If the old-world model was that data was about the end-user was held by the service provider, which processed and brought the data to the end-user, the cloud model allows the service provider to hold the information for the end-user at the quarters of 3rd parties. For this brief lecture, we’ll use Dropbox as an example, but when Dropbox’s examples fail, we’ll move on to others. In brief, Dropbox is a storage service which remotely backups your information on Amazon’s S3 Servers automatically. When you Install Dropbox, you use at least one more CSP (Cloud Service Provider) and are subject to its terms.

1. Shared Hosting, Shared Computing, Shared Control [meaning: The Problem];
Now, who has control over your information? Dropbox’s privacy policy suggests that “Dropbox cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process“; also, Amazon S3′s privacy policy which states that “We release account and other personal information when we believe release is appropriate to comply with the law; enforce or apply our Conditions of Use and other agreements“. Meaning, both Amazon and Dropbox shall abide to law enforcement requests and provide information if a court says so. Generally speaking, this is a good thing.

Let’s take this into proportions, however: Let’s say that I produce Lemonade and have a trade secret: the recipe; I store it in my Dropbox folder, as i need to provide access to several employees and I want it to be backed up securely. Now, my biggest competitor wants to access my Lemonade recipe. He goes to court, and with a good attorney gets an Anton Piller Order (an order allowing him to seize my assets held by a third party before any legal process is in progress); the order is based on his claims that I stole the recipe and the court rules, ex-parte that Dropbox should grant him access to my files. This is done because my competitor’s claim was that Dropbox itself holds the files. Dropbox receives the order and does not know how to treat it: it is unable to understand whether I am the actual owner of the file or stole it, and has to provide the files to my competitor: an order is an order.

There are two material differences that come to mind between cases where I hold the information and where the ISP holds it, and such difference explain the problems of using cloud storage for such sensitive information: (1) If I held the material, the execution of each order had to be with knowledge of such order because the files were stored at my quarters and under my control [see, for example, RCA 1810/10 PCIC v. Kaplan, where a shared hosting provided was requested to reveal the email accounts of one of its users without their knowledge]; (2) The CSP has a rational indifference as to disclosing my information, as if it does not, it might incur liability. Israeli Courts ruled in several cases that active participation and interest in not removing content even after knowledge of infringement may incur liability [For example, C 176992/09 Eti Abramov v. Aviv Frenkel, C 32986/03 Buschmitz v. Refuah]. Therefore, the when you post information on the cloud, you are at risk that your information might be sought by other parties.

The question is whether it is technically possible to do so? meaning, could CSPs access your files? let’s say that, legally, Dropbox’s terms allow such use, and that other CSPs (such as google as providing email services) already ordered to reveal a user’s IP address (C 4854/07 Berlomenfeld v. Google) and disabled access to other accounts. Moreover, Dropbox (and let’s see Dropbox as an example) designed the architecture, it has the ability to recover my files and to recover my password, meaning that it can always bypass its internal security mechanisms.

2. Loss of Centralization;

Now, as we see it, when we discuss CSPs, we know that the control has to move from one centralized user to many distributed players, where each has the ability to disclose the information. At least prima facia, the CSP is considered as a 3rd party that either retains the information or processes it. In such cases, the Israeli Law, Technology and Information Authority has issued a draft set of regulations regarding processing by 3rd parties or outsourcing services.

Now, if I hold sensitive information on 3rd parties, and some of it is held on the cloud, then I have to make sure that my CSPs adhere to a privacy policy that protects my information. For example, if I am a lawyer, I have to notify Dropbox that I am one and that all my information is protected under an attorney-client privilege so that when they receive such Anton-Piller orders, they’ll refuse and defend me. Moreover, I have to make sure that my CSP shall not divulge any personal, private or sensitive information to any 3rd party either with or without my consent.

3. Protecting Yourself from Your CSP;
How can one protect himself from his CSP? Theoretically, there are a few suggestions for Encrypted Cloud Storage (for example, Kamara et al, “Cryptographic Cloud Storage“) which offer theoretical, yet to be implemented, method of encrypting information on the cloud. Generally speaking, their proposal is that “Before uploading data to the cloud, Alice uses the data processor to encrypt and encode the documents along with their metadata (tags, time, size, etc.), then she sends them into the cloud. When she wants to download some documents, Alice uses the TG to generate a token and a decryption key“.

Another technological option is to encrypt the virtual machine’s drive or to use encrypted file systems on cloud storage. Another option is to use an encryption software, such as TrueCrypt on your cloud storage service (such as Dropbox); however, such a solution may be problematic as Dropbox cannot access your filesystem and might have to back up your entire folder each time you change each and every one of your files.

A different approach may be to establish a secret sharing mechanism where the information may be distributed on several different clouds, each holding only a portion of the information (such as in Parakh et al, Recursive Secret Sharing for Distributed Storage and Information Hiding).

However,  these solutions are theoretical and have yet to be implemented by organizations or storage services as an integral part of their scope of services (maybe, apart from this one).

4. Solution[s];

Let’s discuss solutions as well. We need to form a strict set of rules of how to define a cloud system as privacy enabled. Our requirements are that the CSP shall allow: (1) seamless access to the set of files; (2) indexing and searching; (3) sharing parts of the information with 3rd parties; (4) reporting on each authorized and unauthorized access.

Mounting an encrypted virtual filesystem allows three out of the four: access, indexing and reporting. However, in order to share the information with 3rd parties, access to the filesystem has to be granted to the CSP (especially in order to allow sharing, see Y unqi Ye et al, Dependable and High Performance Cloud Storage). The other option is to encrypt each file differently (with different symmetric keys for each file so that no problems with sharing the files exist); however, such option shall not allow search and indexing (or require a central key database), therefore allowing three out of the four conditions.

Even if we assume that the encryption is symmetric, and that each sharespace between  users receives different symmetric keys, then we cannot define the solution as seamless, as in order to convert files from a privatespace to sharespace a client-side conversion of the files is required, as well as when files are copied from a private folder to the shared folder (also, a keyserver is required).

Let’s take, for the solution, Adi Shamir‘s secret sharing mechanism (Shamir, How to share a secret) and for the purpose of this solution define our efficient threshold as one (1) user. In such case, we define the shared folders with at least three cryptographic keys (one for the folder, to be shared with anyone, and one for each user) in such way, each user could read or write to the folder seamlessly, he could also index and search using his key (and the shared key), share the information with others (by adding another key).

Implementing secret sharing in such a case (which was yet to be tested) may allow enhanced privacy with the flexibility of sharing the information through networks and users.

5. Conclusions.

We have yet to implement a technological solution to a legal problem we might face in the near future. The much unrequired loss of control over data stored in the cloud, especially sensitive information, is inevitable nowadays due to current architecture, CPU and bandwidth limits and other problems.

However, theoretically and with a little hassle, an encryption based model may be implemented in order to allow storage of information on remote servers (i.e cloud) where the CSP cannot access the files but the end user may share such files with 3rd parties of his choice.

The recent Australian decision in Roadshow Films Pty Ltd v iiNet Limited (No. 3) [2010] FCA 24 was more than satisfactory to most of the users and Internet Service Providers. In summary, the Australian Federal Court ruled that an Internet Service Provider is not liable for its users’ copyright infringement as it does not encourage or authorise such downloads. iiNet was sought in court for enabling BitTorrent traffic and not barring its users from sharing files.

While the 200 page decision is more than interesting, one should note that the court had more than a challenge when needed to explain how BitTorrent actually infringes copyright. Copyright law has a requirement that the copying be of a substantial part of the work (s. 14, Australian Copyright Act). Therefore, a BitTorrent client, which provides small chunks of a file does not provide, copy or make available a substantial part, as any of the parts transferred may be irrelevant and insatisfactory in regards to copyright infringement (see more about BitTorrent at Stephen Knox, Diarmaid O’Cearuil, Nicola Scott Holland and Ljiljana Skrba, BitTorrent).

For example, sampling, such as in Girl Talk’s videos may sometimes be considered fair use, at least by the artist and it does not, at most times, sample a substantial part of the original work. BitTorrent, at least here, creates a material challenge to explain how a particular user copies a substantial part, as a user does not actually create a substantial copy. However, the court went on, and explain, in a rather meticulous way, how it sees BitTorrent as creating a copy of a substantial part of the work:

The Court finds that it is the wrong approach to focus on each individual piece of the file transmitted within the swarm as an individual example of an ‘electronic transmission’. The BitTorrent system does not exist outside of the aggregate effect of those transmissions, since a person seeks the whole of the file, not a piece of it. In short, BitTorrent is not the individual transmissions, it is the swarm. (…) The correct approach is to view the swarm as an entity in itself. The ‘electronic transmission’ act occurs between the iiNet user/peer and the swarm, not between each individual peer. One-on-one communications between peers is the technical process by which the data is transferred, but that does not mean that such level of detail is necessarily what the communication right in s 86(c) focuses upon.

Viewing the swarm as a copy of a work is an interesting initiative. It sits side-by-side with the legal problems which cloud computing may face, but the swarm is not an entity, it does not have a right for expression nor does it have an understanding of fair use, it cannot use legal defenses (such as the doctrine of first sale) in creating such copies and cannot be sanctioned monetarily. So who could be sought after?

Theoretically, let’s see a swarm for a popular .torrent, such as a movie: while some users may pirate content (according to a recent dubious study, the some is 99%), we can acknowledge that at least some of the people sharing a file have a good reason to do so. We can assume that at least a small portion actually bought the content and are downloading this copy as it is more comfortable to use on their computer (due to DRM restrictions, let’s say), some are actually selling their legal copy to a friend and using a private p2p .torrent to convey the first sale doctrine (Like Vernor v. Autodesk), some are conveying a copy as a fair use right, to create a derivative work in a research or for personal study of the work, and some are creating a digital archive or researching network behaviour.

Seeking out legal action against a swarm is problematic. You do not have an actual person which infringes, but a computer connected to a network; this computer could have been configured to automatically download content, for example, download automatically any popular movie using The Pirate Bay’s top 100, such download does not contain any human intervention and therefore is not an  act of infringement, as infringement has to be done by a real person.

Now, let’s assume that the person actually views the movie. At least the Israeli and US Copyright Acts do not contain a provision prohibiting use, just copying. So, theoretically, such automated mean may be exempt from copyright infringement for personal use. In this very improbable case, no copyright infringement occurs in the swarm, and the swarm may be a copy, but not a copyright infringement.

Around a month ago I went to court to discuss a case which I counsel with another attorney. The case was quite simple: The plaintiff claimed that the defendant, which we represented, took from its website the technical specifications of a gadget and copied it alongside a phrase describing the gadget. Altogether we represented three defendants which were sought by the same plaintiff (and there was a total of 20 defendants) for 100,000 ILS (~30,000 US$) each.

When arriving to the pre-trail, the plaintiff’s counsel explained to us (and to another counsel sitting on behalf of another defendant) that he is willing to settle, and there is a ongoing rate for settlement. The Judge, which was sympathetic for our interesting legal claims, that copyright could not be asserted on technical specifications, facts or ideas (PCA 8304/09 Bezeq v. Dapei Zahav, C 37759/07 Elisha Shochat v. Maariv), and that the phrase itself was lacking originality and too short to be copyrightable (Hebrew post of copyrighted tweets, CA (TA) 178/79 Hallinger v. Estheron, DR, 1980(2) 45) offered that we settle anyway. She claimed, righteously, that the settlement offer was low enough that it justifies settlement in order to avoid litigation.

And the judge was right: settling the case was lower than the cost of the lawyers in the process and would have been also lower than if it turned out that our clients were right and would have been granted attorney’s fees pursuant to dismissal of the case. Meaning that the copyright bully won: it won a nice sum for something he isn’t entitled to, just because the litigation cost was lower.

But this case is not rare when you look into copyrights: around once a week I’m addressed by persons who received notice due to publication of copyrighted images in their website (usually the same plaintiff by different attorneys), even though some of the cases were fair use, and others lacked any commercial value, the attorneys ask for sums which are a hundred times greater than the sum paid for the image in the free market. For example, Tess Scheflan sought Ynet, Israel’s biggest website (C 58032/07 Tess Scheflan v. Yedioth Internet) for publishing images she published originally on PicShare and was awarded 28,000 ILS, even though the image would have been bought, legally, for no more than a few hundred ILS.

And why was all this required as an introduction? In order to explain why The RIAA offer to Jammie Thomas to diminish their awards granted by half was a strategic move made to hurt users. Thomas is a single mother who was sought by the RIAA for publication of 17 songs through Kaaza. The court first decided that Thomas should pay 9,250$ per song as the jury of her peers found that Thomas made several songs available to the public and infringed the RIAA’s copyrights; but Thomas appealed the ruling.

In the Appeal the District Court ruled that making a work available to the public is not copyright infringement (06-1496 Thomas v. Capitol) and returned the case to the federal court for retrial. In the retrial, the jury ruled that Thomas actually was involved in wilful infringement and awarded the RIAA a sum of 1,920,000$ (04-CV-1497 Capitol v. Thomas).

Thomas appealed this ruling (again) and the district court ruled that the awards granted were unconscionable and exceed any sum a reasonable jury may award (04-cv-1497 Virgin Records of America v. Thomas). The District court conclusion was that the awards should be reduced from 80,000US$ per song to 2,250US$, three times the minimum damages to be awarded by a court; as as the damage was unclear, high awards aren’t adequate.

Even though the court ruled 54,000US$ in damages, the RIAA generously offered Thomas an offer she can’t refuse: remove and revoke the appeal, and we’ll request lower damages, to be donated to a worthy cause.

And why would Thomas decline the offer? she was in a similar situation like the defendants I represented; Her personal interest may rise substantially had she refrain from creating a precedent which will hurt copyright holders (and this isn’t the first time Thomas refused to settle). Thomas knows what we all knew: the RIAA sends threatening letters where they scare innocent file sharers with millions of dollars in damages, as in the case of Joel Tenenbaum who lost a case against the RIAA and as to pay 675,000$.

Now, you must understand that there are law offices which send pre-suit notices and take the same strategy; where claims for fair use, lack of liability, criticism and others arise, they’ll refuse to answer but will leave silently, just in order to avoid a precedent saying they cannot threat others and request outrageous sums for using images in blogs. We need public defendants, people who will go to court just for the sake of not bending when a copyright troll comes in and say the truth: we are facing bullies.

[Published in Hebrew]

0. Abstract
Do Israeli Internet Service Providers throttle, delay or block peer-to-peer traffic? This question has been spreading in Israeli forums and file-sharing networks, and has introduced theories from attempts to sell enhanced Internet packages to copyright infringement monitoring. This research, which was conducted between April and September 2009, was meant to check whether the claim was true. Using simple free tools we decided to inspect the legality of DPI and traffic shaping in Israel and whether it exists.

Our findings were that there is direct and deliberate interference in P2P traffic by at least 2 out of the 3 major ISPs and that this interference exists by both P2P caching and P2P blocking. The tests, conducted by independent volunteers, were directed by myself and with the assistance of Ynet’s staff, who published a Hebrew summary.
1. Background:
Peer-to-peer (P2P) file transfer protocols have been in common use since the advent of networked computing, but their rising profile (as well as the controversy surrounding them) began with the introduction of P2P sharing of copyrighted materials. Initially used for sharing small music files and applications, P2P today is a legitimate and widely used system for the distribution of any electronic media, and multiple gigabyte files are commonly shared amongst users from around the world. Whilst some researches imply that there is a slight decrease in the growth of P2P (Allot, 2009), P2P is still the Killer Internet Application, responsible for 21% of the Average Mobile Traffic Cell and in charge of an estimate of 70% (ReadWriteWeb, 2006.12.06) of the global Internet traffic during 2006, accounting for around 25% on some networks (PlusNet, 2008.07.17), but according to more detailed reports, accounting for more than 50% of the network’s traffic (ipoQue, 2009, TorrentFreak 2009.02.18).

Peer to Peer traffic consists of illegal downloads of files, voice over IP calls, instant messaging and other decentralized communication. The element common to all P2P services is the lack of economical benefit to the ISP from the client’s use of P2P. According to recent studies, P2P users consume more traffic (Arstechnica, 2008.07.04), and when traffic caps are used Internet Service Providers (ISPs) benefit and earn more from P2P use (Arstechnica, 2008.05.07).
Since 2007, claims that Israeli ISPs are blocking P2P traffic have been spread all over the Israeli Web. More recently, a report by Vuze Inc, a popular service utilizing P2P in order to provide its users with high definition video content over the BitTorrent protocol found that all three major Israeli ISPs block P2P traffic to some degree . (8.13% for Smile012, 18.51%  for Bezeqint and 14.06% for Netvision). During 2009, complaints against the three major Israeli ISPs (inspected in our research) were brought to the media and were dismissed by the ISPs. Bezeq International claimed that it does not interfere with  P2P traffic and called the claims ‘baseless’ (Ynet, 2009.03.29), whereas a year earlier it claimed that it is the only company that does not block P2P (Ynet, 2007.12.05 ). Smile012 dismissed Torrentleech’s claims that it blocks P2P traffic (Ynet, 2008.01.24, Torrentleech FAQ) and Netvision-Barak dismissed the claim that it de-prioritizes P2P traffic, claiming that such activity was impossible, and were it possible, it would block all child-pornography and offensive content (Ynet, 2007.05.27). However, and even though such formal announcements were made, many reports on informal conversations with customer support representatives who have acknowledged the problem. Another recent report was that Bezeq International was actually amending .torrent files in order to add the Bezeq International Tracker and save on outbound bandwidth (Torrentfreak, 2009.04.19 ); However, Bezeq International’s CEO rejected the claim and stated to Amitai Ziv, from TheMarker that “I will not operate an illegal video library on my servers, even if my competitors do that” (TheMarker, 2009.08.05).
For example, a person claiming to be an ex-Netvision customer support representative claims that they block P2P traffic originating outside of Israel (BGU Forum, 2009.03.26 ), an informal and anonymous executive in one of Israel’s ISPs stated that due to excessive outbound traffic costs, ISPs block P2P traffic (Haaretz, 2008.05.06 ); however, until now there was no extensive research to inspect any of these claims.

1.1 Legal framework
Israeli ISPs operate under a specific license which requires them (Israel has 39 licensees, 2009 numbers, general license example) Clause 5.4.1 to the general license states that the License Holder’s activity shall not interfere with the free competition in the telecom market or harm the public interest. Moreover, clause 29 to the Israeli Telecommunication Act (1982) specifies that interfering or blocking of electronic communication over a public network is a criminal ofence. Therefore, even without any net-neutrality regulation (see, for example, Tal Zarsky’s 2009 lecture during the ISOC conference ), Israel has the appropriate regulation to interfere with attempts to prioritize network packets and to withhold other packets.

Recent letters from the Telecommunication Ministry’s CEO (CEO Letter, 2009.07.15) explicitly stated to all telecom providers to avoid interfering with all traffic and especially Skype (TheMarker 2009.07.15); whilst some ISPs claim otherwise and state that there is no legal obligation for network neutrality (Themarker 2009.07.27), Our belief is that under the current legal status, without prior explicit consent by the End-User, network neutrality must be imposed at the strictest form in order to ensure impunity from liability for End-Users’ file sharing (MGM v. Grokster). The Israeli draft for the Electronic Commerce Act (Government Bills, 2008.01.14) exempts ISPs from Caching if they had not modified the packets (Clause 9). Moreover, Clauses 7-10 exempt liability if, and only if, the ISP had not manipulated any packet.

Moreover, Deep Packet Inspection (DPI) as executed by several of the Israeli ISPs, may be considered illegal wiretapping, as it is defined in the Israeli Wiretapping Act, as “Listening to another person’s conversation, interception or copying of another person’s conversation, and all with an apparatus”; DPI may also be considered Interfering with Computer Data under the Computer Act or illegal entry to computer information. DPI occurs when an apparatus listens to the End-Users’ packets, inspects their content and according to their content manipulates them or passes them to their destination. Unlike regular routing, that only “reads” the target address and sends the packet to its destination, DPI manipulates the packet, without the End-Users’ explicit consent and may be considered illegal. The Israeli Courts continuously ruled that inspecting one’s traffic and personal files consists as a crime under the Computer Act (CA 1126/06 Lerman v. State, where Lerman installed a Trojan horse; C 40206/06 State v. Pilosof). In Pilosof, the District Court of Tel-Aviv ruled that “Inspecting the Email message in the electronic range should be made with a broad perspective on the email’s traffic from its dispatch until its arrival to its destination, therefore, intercepting a message on the ISP’s computer is “real time” interception whilst the data is transferred and prior to the termination of computer communication (…) Accepting the state’s view might lead to an unwanted result where the ISP may not be prohibited from copying and reading the messages intended for his clients, as the intrusion occurs on his computers”.

Therefore, while traffic manipulation may inflict liability on ISPs when they manipulate traffic knowingly that such traffic is copyright infringing (even if manipulation means slowing down), we believe that it is illegal for Israeli ISPs to manipulate traffic.

1.2 Comcast’s FCC ruling.
Unlike Israel, the US struggle for network neutrality and against file sharing throttling began in the early 2000s (Tim Wu: Network Neutrality, Broadband Discrimination ) and has been brought to the attention of the FCC, which ruled that its role is to preserve the open nature of the Internet (FCC 2005 ). However, only in 2008, after Comcast, the 2nd largest ISP in the US was caught throttling P2P traffic (Gigaom 2008.07.11 ), the FCC had to examine whether blocking (or delaying) P2P traffic was in accordance with US regulation.

The FCC’s ruling (FCC, 2008 ) stated that Comcast may not limit or delay any peer to peer traffic, claiming that it was unlawful intervention in competition and against the public interest: “This practice is not “minimally intrusive” but invasive and outright discriminatory. Comcast admits that it interferes with about ten percent of uploading peer-to-peer TCP connections, and independent evidence shows that Comcast’s interference may be even more prevalent. In a test of over a thousand networks over the course of more than a million machine-hours, Vuze found that the peer-to-peer TCP connections of Comcast customers were interrupted more consistently and more persistently than those of any other provider’s customers. Similarly, independent evidence suggests that Comcast may have interfered with forty if not seventy-five percent of all such connections in certain communities” (…) “On its face, Comcast’s interference with peer-to-peer protocols appears to contravene the federal policy of “[promoting] the continued development of the Internet” because that interference impedes consumers from “[running] applications . . . of their choice,” rather than those favored by Comcast, and that interference limits consumers’ ability “to access the lawful Internet content of their choice,” including the video programming made available by vendors like Vuze. Comcast’s selective interference also appears to discourage the “development of technologies” — such as peer-to-peer technologies — that “maximize user control over what information is received by individuals . .. who use the Internet” because that interference (again) impedes consumers from “run[ning] applications . . . of their choice,” rather than those favoured by Comcast”.

The question now is whether Israeli ISPs do limit or even block traffic (where the delaying of packets equals blocking, see Comcast Ruling, pp. 26-27) and whether the Israeli regulator interferes with such activity. Moreover, as Israel has an oligopoly of three ISPs with no actual competition (further aggravated by a duopoly of Network Service Providers in Bezeq and Hot), there may be a case for antitrust inquries and not only inquries by the Telecommunication ministry.

2. The Test

In order to examine whether P2P traffic was blocked, we began the experiment with two tools developed by other parties. The first is the open-source Switzerland tool, developed by the EFF. “Switzerland is an open source, command-line software tool designed to detect the modification or injection of packets of data by ISPs. Switzerland detects changes made by software tools believed to be in use by ISPs such as Sandvine and AudibleMagic, advertising systems like FairEagle, and various censorship systems. Although currently intended for use by technically sophisticated Internet users, development plans aim to make the tool increasingly easy to use” (EFF, 2008). Switzerland was released following the FCC ruling and was the tool that the EFF used in order to prove the claim that Comcast was indeed throttling P2P traffic (TorrentFreak, 2008 ).

We also used Glasnost, which is partially supported by Google and the Max Planck Institute. Glastnost is a part of Measurement Labs and  is an independent java client, running within a browser. Prior to our inspection, Glasnost found that Israeli ISPs are not throttling traffic. In its report, only 3 out of 971 tests were blocked, and out of 17 different ISPs measured in Israel, only 3 blocked P2P. However, these results do not include throttling or shaping. Therefore, we began our experiment without any additional Information.
2.1 EFF’s Switzerland
While we were unable to review the Switzerland logs, mostly due to our failure to coordinate between volunteers’ time to run the scripts, Switzerland assisted us in finding some interesting conclusions. We left a server to seed a .torrent file of a public domain video; our volunteers downloaded and uploaded the file again and again, looking for potential interference by the ISP or RST packets. We were unable to produce any substantial results or conclusions regarding traffic, mostly due to Switzerland’s interface.

However, after a massive number of attempts, we found out that another user is seeding our torrent, from the IP address 212.235.15.36 and not from the libTorrent Client we used (screenshot, screenshot ). We found a mention of such IP address in an Israeli Hardware forum describing it as one of Netvision’s caching servers  (HWZone, 2009). While the IP address is associated with Netvision, we were able to authenticate that a similar IP address is being used in eMule caching (img src) and that 212.235.x.x, which was used in other conversations, are owned by Netvision (whois data). While this is not throttling with user packets, it is considered a severe interference with communication privacy and may be considered intercepting private conversations.

We believe that additional research is required to authenticate whether such activity is taking place in additional ISPs and whether this ISP is caching additional files. Moreover, such caching has severely tampered with our ability to inspect bandwidth throttling, as our inspection of speed was irrelevant once the .torrent and the file were cached on the ISP level.

We also encountered a strange download from a cTorrent download from 213.174.157.6 (screenshot), where we could find slight affiliation with IP addresses that are affiliated with CheckTOR, a company that’s meant to assist copyright holders (Checktor).

2.2 Glasnost Results
We ran Glasnost from different computers and different ISPs, on different occasions and even through random WiFi hotspots, in order to inspect interference with BitTorrent traffic. Glasnost operates in the following manner: it inspects the connection in four different transfers: BitTorrent upload and download over a standard BitTorrent port and over a non-standard port, and TCP upload and download over a standard BitTorrent port and non-standard port. By comparing the TCP and BitTorrent results, information as to whether deep packet inspection occurs, as it prioritizes traffic according to protocol, and by comparing standard to non-standard port information whether port preference occurs.

We conducted at least 8 inspections per ISP and logged them. We compared the results and analyzed them, and our findings were as follows:

2.2.1 Netvision:
Netvision probably operates both deep packet inspection, which we already mentioned when we found that it may cache popular torrents. Our findings where that in standard port uploads, the average ratio of BitTorrent to TCP was 70%, and on non-standard ports it was 81%; however, aggregated ratios (the aggregate of all the upload speeds and download speeds) were 52% on standard ports and 59% on non-standard ports.  In downloads, we encountered similar results, providing an average BT/TCP ratio of 58% on standard ports and 50% on non-standard ports and an aggregate value of 50% on standard ports and 27% non-standard ports.

2.2.2 Bezeq International:
Bezeq International’s results were inconclusive, and because of one inspection, where BitTorrent traffic was 12 times faster than TCP on an upload, the results were inexplicable. Therefore, we omitted this inspection as it was off the standard deviation. Moreover, Bezeqint’s results were inconclusive and could be due to standard deviation in the statistical margin of error, in general, Bezeqint’s BitTorrent traffic was faster than TCP traffic. Our findings where that in standard port uploads, the average ratio of BitTorrent to TCP was 105%, and on non-standard ports it was 69%; aggregated ratios were 104% on standard ports and 52% on non-standard ports.  In downloads, however, the average BT/TCP ratio was 147% on standard ports and 130% on non-standard ports. However, the aggregate download ratio had a value of 137% on standard ports and 36% on non-standard ports. This was caused due to several tests where the ratio on non-standard download ports was below 10%. In these cases, we believe that it may be due to momentary errors and not due to intentional interference.

We can only conclude that uploads on non-standard ports had any discrepancies, and therefore believe that no actual throttling was made.

2.2.3 Internet Zahav / Smile012
Internet Zahav’s results were the hardest to obtain. Nevertheless, we found strong indication of traffic shaping. The amount of results omitted due to blocking of BitTorrent ports was material, and was sufficient to show that some P2P traffic throttling occurs. Moreover, the number of results show zero kilobytes as download speed indicate that some shaping or throttling may be practised during certain hours.

Our findings were that in standard port uploads, the average ratio of BitTorrent to TCP was 81%, and on non-standard ports it was 107%; aggregated ratios were 77% on standard ports and 103% on non-standard ports.  In downloads, we encountered similar results, providing an average BT/TCP ratio of 74% on standard ports and 118% on non-standard ports and an aggregate value of 90% on standard ports and 80% on non-standard ports.

These results indicate that throttling occurs only on standard ports, and on non-standard ports no throttling is inflicted on traffic. This may be due to either DPI or non-DPI interference.

2.2.4 Table:

Indication of low BT/TCP ratio shows DPI or throttling of TCP, differences between standard and non-standard ports show potential throttling based on ports.

3. Conclusions
Our findings are that at least 2 of the 3 major ISPs perform manipulation on traffic, and especially peer-to-peer traffic. We were able to show that deep packet inspection and P2P-caching is performed by at least one ISP and that another one probably operates some kind of preference on specific ports.

We believe that P2P-caching is the most troublesome of all activities and that it should be inspected by the regulatory authorities. Moreover, we believe that further research is required to show actual use of restricting technologies and the use of RST packets or other mechanisms. While we could not determine which technologies are being used, we believe that the use of such technologies could be used to block competition, free-speech and allow wiretapping of voice over ip conversations. The use of preferring technologies should be regarded as restriction of access and be stopped.

0.

By the order of the court, the formal Defendants 2-3, the Israeli ISPs, have blocked access to the Defendant’s website, Ynet, following it’s publication of slandering content claiming that Plaintiff engaged in sexual activity with a herd of sick sheep. The Publication, made by an anonymous commenter, was taken down. However, according to the plaintiff, a man with great reputation, the system’s internal architecture enables comments including slander, and therefore, until blocked, it must be shut down.

1.
This how a redundant article may appear in one of the Israeli News Sites in a year or so, after they do not go out against wrongfully decided court decisions such as OCR 3485/08 NM v. Eli Amar. The Decision, given two weeks ago and published today on Ynet determines that Israeli Internet Service Providers shall block access to a website enabling users to engage in file-sharing, since it, allegedly, provides likes to torrents. (See also, C 167/07 NMC v. Amar)

2.
This is not the only decision with exists in the current era. New Sound Interactive, requested that Israeli ISPs block access to PaNet, a website which allegedly infringes its copyright. These requests came to Israel after a busy month in fighting world censorship. First of all, a Danish court ordered a Danish ISP to block access to the popular file-sharing site The Pirate Bay (what only increased its traffic); Later on, access was blocked from WikiLeaks when a temporary injunction was given against the domain registrar, which was only remove following intervention from the EFF and ACLU.

3.
And what is so problematic with the Court’s decision? first of all, it has no legal grounds (the decision itself was given like in the Wikileaks case, with the Defendant’s consent). Not the Israeli Copyright Order nor the civil torts act or the Copyright Act acknowledge an Injunction blocking Users from accessing a website in this level, as the users are not a party to the process nor is the ISP a hosting provider. The ISP is simply granting access to a website which only provides links for users to use in file sharing programs. The Users themselves chose to infringe copyright. (and until today no court decision was given claiming links to files stored elsewhere deem as liability for copyright infringement).

4.
The real problem is the problem cause. If until now we faced chosen censorship which enables voluntary censorship (meaning that we may chose to prevent blocking), this blocking is involuntary and absolute. Copyright infringing sites are first, of course, as their plaintiffs have financial interests here.

5.
[Unfortunately] there is no organisation claiming to block child pornography sites in the name of child protection nor is there any extreme Jewish group calling to block nazi websites. The real reason file sharing sites were first is the major financial gain from censoring it. Today it’s file sharing, tomorrow? all the internet ports of a file sharing websites.These are, unfortunately the great problems of the web
: Child pornography, gambling and copyright infringement. What do they have in common? we all know. The same people whose name would be hurt will seek injunctive relief later on, and slowly all the websites will be taken down Censorship may be obsolete, as there is no need for internet without free speech.

6.
This is a fight for our freedom. This is my war.

(Originally published in Hebrew) (Please Digg this story)