X

Is Comcast's BitTorrent filtering violating the law?

Comcast has recently adopted some of the same Internet filtering techniques used by the Great Firewall of China. It turns out that some of these methods may also be illegal under US law.

Chris Soghoian
Christopher Soghoian delves into the areas of security, privacy, technology policy and cyber-law. He is a student fellow at Harvard University's Berkman Center for Internet and Society , and is a PhD candidate at Indiana University's School of Informatics. His academic work and contact information can be found by visiting www.dubfire.net/chris/.
Chris Soghoian
3 min read

Disclaimer: I am not a lawyer. I'm a cybersecurity Ph.D. student and take classes in the Indiana University law school, but this in no way makes me a legal expert. CaveatlLector.

Within the last few weeks, there have been a number of reports by Comcast customers claiming that their BitTorrent downloads and uploads have been capped--or worse, blocked. TorrentFreak recently reported that Comcast, a major U.S. cable company, is using an application from Sandvine to throttle such connections.

Comcast LolCat Comcast and LolCat Buildr

Many ISPs routinely filter the traffic on their networks. Many forbid customers from running e-mail servers or Web servers, and when the ISP detects that a customer's computer has been hacked, they often sever the Internet connection until the machine has been patched. Thus, the fact that a major ISP is now filtering yet another class of Internet traffic should not be major news--except for two factors: BitTorrent traffic accounts for upwards of 25 percentof U.S. Internet traffic, and the techniques used by Comcast are essentially the same as those used by the Great Firewall of China.

Before we get deeply into this issue, let us step back for a brief and high-level lesson in TCP/IP and Internet filtering technologies. Most Internet applications communicate via TCP, a protocol that uses a three-way handshake to establish a connection.

The very first step in a three-way handshake involves the client sending a SYN packet to the receiving party. Modern firewalls block this packet for banned types of traffic--that is, they prevent the recipient from receiving it, and as such, the connection can never be established. Your home firewall does this, as well as those used by Comcast and other ISPs to prevent you from sending millions of e-mail spam messages from their network.

Assuming that the SYN packet goes through, the three-way handshake is allowed to happen, then the two hosts will be able to begin communicating. Your ISP can still kill the connection later, should it wish to, merely by blocking the transmission of future packets.

According to TorrentFreak, Comcast is not doing this. They are instead sending a reset (or RST) packet to the Comcast customer, pretending to be from the host at the end of the BitTorrent connection. This RST packet is the TCP equivalent of stating "I don't want to talk to you anymore, please terminate the connection." It is extremely important to note that when Comcast creates and sends this packet, it does not identify itself as the the source of packet, but instead impersonates one of the parties involved in the BitTorrent connection. This is where things get rather shady.

Last year, researchers from Cambridge University analyzed the Great Firewall of China and found that it used falsified RST packets to terminate connections that matched keyword filters. They were able to determine that users could evade the Chinese government's censorship system by ignoring these reset packets.

Ok, so the Chinese government and Comcast are using the same censorship techniques. Why should we care? The Chinese government doesn't have to pay attention to U.S. law, but Comcast, being a U.S. company, does.

Many states make it illegal for an individual to impersonate another individual. New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "[impersonate] another and [do] an act in such assumed character with intent to obtain a benefit or to injure or defraud another." (See: NY Sec. 190.25: Criminal impersonation in the second degree). I do not believe that it would be too difficult to prove that Comcast obtains a benefit by impersonating others to eliminate or reduce BitTorrent traffic. Less torrent data flowing over their network will lead to an overall reduction in their bandwidth bill, and thus a huge cost savings.

New York is not the only state with such a law. Several other states including Connecticut and Alabama have similar laws on the books. Should any state AG's office decide to go after Comcast, it is quite possible that Comcast could be looking at a world of regulatory pain.

Comcast is perfectly within its right to filter the Internet traffic that flows over its network. What it is not entitled to do is to impersonate its customers and other users, in order to make that filtering happen. Dropping packets is perfectly OK, while falsifying sender information in packet headers is not.