Fingerprinting P2P pirates

For months, the digital equivalent of a postal censor has been sorting through virtually all file-swapping traffic on the University of Wyoming's network, quietly noting every trade of an Eminem song or "Friends" episode.

Read more about file swapping

The technology, provided by Los Gatos, Calif., company Audible Magic, isn't yet blocking individual file trades. But that's the next step. As the company begins testing its service with more universities, corporations and small Internet service providers during next few weeks and months, this peer-to-peer monitoring and blocking technology threatens to open the next front in the online piracy wars.

With the capacity to look inside every bit of data that flows over a network--whether it's part of a song being illegally traded or a personal e-mail--this new generation of antipiracy technology is sure to prove controversial. But some administrators at universities and corporations--deluged by peer-to-peer traffic that continues to overwhelm their networks--say they're ready for this sweeping step.

"I don't really want to be looking that closely at what people are doing, and you'd probably just as soon not have me looking either," said Brad Thomas, a network specialist at the University of Wyoming who is helping manage the Audible Magic project. "But it's getting to be the only way to control our bandwidth."

For years now, the online antipiracy war has been more of a legal battle than a technological one. Record labels and movie studios have relied more on court rulings than on their own technical innovations to stop companies such as Napster, Audio Galaxy and Scour; and while those and other companies have stopped their activities, the overall quantity of online trading has abated little if at all.

Many of the technological ideas for stopping piracy have focused on traditional digital rights management, or DRM, which essentially locks a song or movie to a specific piece of hardware, or otherwise restricts how it can be used. This has proven controversial, because the technology is often susceptible to hackers cracking through the protections, and because it has had little effect in stemming trades of millions of unprotected MP3 files through services such as Kazaa.

Nor have those tools proved much help to universities, which found their networks bearing the brunt of file-swapping traffic early in Napster's rise. With fast connections and the technical savvy to set up the applications, students became a cornerstone of the early file-swapping community and remain so today. Many schools found that half or more of their network bandwidth was being used by applications such as Napster, Kazaa or Gnutella.

Traffic-management tools such as those produced by Packeteer have helped considerably. These tools prioritize data flows, so that e-mail and distance learning applications can travel without speed limits, while bandwidth allocated to Kazaa can be reduced to a trickle, for example. Thomas has used those tools at Wyoming, limiting all Kazaa users at any given time to a total of 1 megabit of bandwidth--a tiny sum if shared among dozens or scores of people downloading and uploading at any given time.

Some colleges, companies and even small ISPs have also tried to block the "ports"--a computer's equivalent of a door reserved for specific types of data--used by file-swapping applications. Modern file-swapping programs automatically bounce between ports until they find an open door, making this tactic ineffective, however.

Napster song-blocking redux?
Audible Magic's tools are among the first of a new generation that threatens to go much deeper inside the data stream, allowing a network operator to see exactly what files are being transferred.

The software lives inside a router or gateway to the broader Internet. As it is currently configured, it creates a copy of all the traffic flowing past, identifies those bits that are using FTP (file transfer protocol) or the Gnutella technology, and then re-creates those files to identify them.

The resulting reports have given Wyoming a look at what its students are actually trading and in what quantities. In one 24-hour period, for example, the most popular file traded using the Gnutella network was an MP3 by rap artist "Big Tymers," which passed the network monitor 188 times.

Audible Magic is taking the program to a next round of beta tests with another university, a corporation and a small ISP during the next month, CEO Vance Ikezoye said.

The next step for the technology is actually blocking songs and other content, instead of just monitoring--much the same way that Napster wound up filtering songs under court order in the waning days of its service. Audible Magic has a music "fingerprint" library that it says can reliably identify more than 3.5 million different audio files. In theory, songs could be blocked as the data passes the network monitor and is compared against this database of fingerprints.

"We believe that what this does is transform network devices to be content-intelligent," Ikezoye said. "That will be important. You can't just say, 'Let's block peer-to-peer.'"

In practice, this is potentially an enormous computing job that has yet to be tested on a wide scale. Blocking files means that someone has to come up with a list of files to block. Record companies have been loathe to perform that role, a massive undertaking that would require the listing of virtually every copyrighted work ever recorded, and that blocking services such as Audible Magic were updated as new songs were released.

Moreover, the computing power necessary to monitor, identify and block the millions of songs that could traverse a university network in the course of a month would be enormous and expensive, critics say.

Napster's experience in 2001 has been the biggest experiment in song filtering to date. People quickly found ways around the simplest ways of song filtering, and when Napster tried to integrate song fingerprint recognition into the filters, hurdles emerged that quickly saw the company shut its doors altogether.

The fingerprint recognition tools, provided in part by Audible Magic competitor Relatable, did block copyrighted songs, but also wound up "overblocking" so completely that even non-copyrighted files were stopped. Concurrently, sources said at the time, a few copyrighted songs that did continue to slip through, endangering Napster's status in the courts.

Moreover, privacy concerns stemming from this kind of network monitoring would likely be deep and immediate. Already the Electronic Privacy Information Center (EPIC), a Washington, D.C.-based lobbyist group, has blasted the recording industry's calls for deeper network traffic monitoring at universities.

"Monitoring the content of communications is fundamentally incompatible with the mission of educational institutions to foster critical thinking and exploration," EPIC wrote in an open letter to universities in November 2002, which followed a Recording Industry Association of America letter to more than 2,000 university presidents. "Such a level of monitoring is not only impracticable; it is incompatible with intellectual freedom."

Finally, innovations among peer-to-peer software developers themselves could limit the use of the monitoring tools. Most file-swapping communications today are unencrypted, or transmitted relatively openly over the Net. If monitoring and blocking tools were widely introduced, new software programs could easily develop ways to encrypt or scramble the data in transmission in order to make it unrecognizable by Audible Magic's tools or other databases.

"Clearly that's a problem," said Ikezoye, adding that his company still would have markets in this eventuality. "It's always a concern, particularly from private corporations, to have encrypted data flowing out of your network. We definitely see an opportunity in corporations."