Wednesday, January 23, 2008

Where the buffalo roam

AT&T CEO Randall Stephenson "told a conference at the World Economic Forum that the company is looking at monitoring peer-to-peer file-sharing networks, one of the largest drivers of online traffic but also a common way to illegally exchange copyright files" just a few days after Direction of National Intelligence Mike McConnell suggested the US government needed unfettered access to information flowing over the Internet to protect national security. A coincidence?

Great minds -- but also lesser minds -- tend to think alike. The other way in which information can flow without using Internet protocols, though it may use the same telecommunications infrastructure, is through peer to peer networking. Peer to peer networking is the premier way to create a darknet, "a private virtual network where users connect only to people they trust."



Although file sharing has been the principle historical use for darknets, -- to share movies, music and similar types of content -- the same system can be used to move around information. The backchannel that is used to move around the latest hit can in principle be used to move around instructions for making bombs.

Peer to peer networks were perceived, for a variety of reasons, as being a means to bypass the virtual checkpoints that might be set up on the Internet. Because information was exchanged between individual computers, peer to peer networking theoretically offered protection from the threat of suit by copyright owners because there was no central point, such as a "download server" to sue. But in practice, implementations like Napster created central and vulnerable points in order to provide an easy way for users to find content. Such directories then became vulnerable to legal action.

One of the systems which has consciously traded off ease of use for greater invisibility was Gnutella. In that networking system, each computer knew the way to at least one other peer to peer node. In other words, it knew at least one "friend". Whenever it wanted to find something, it would send a request to its "friends". If the "friend" had the resource it would send it back, but if it didn't, it would in turn pass along the request to whatever other "friends" it had.

In practice, this method of searching on the Gnutella network was often unreliable. Each node is a regular computer user; as such, they are constantly connecting and disconnecting, so the network is never completely stable. Also, the bandwidth cost of searching on Gnutella would grow exponentially to the number of connected users, often saturating connections rendering slower nodes useless. Therefore, search requests would often be dropped, and most queries reached only a very small percentage of the network.

In other words, there was no way of knowing what the resources were available without passing along a chain of messages. If some of the peers were offline the trail ended there. And as the quote above shows, if the answer to a question could not be found fairly quickly, the request would be dropped. Peer to peer networks offered greater invisibility but at the price of inconvenience. The economics of security dictate that ceteris paribus the greater the degree of protection, the higher the cost, either in terms of money, time or inconvenience. Eventually, even Gnutella began to consider implementing some form of central directory to remove bottlenecks, using "ultrapeers", creating a point of vulnerability once again.

But organizations like al-Qaeda, which are not interested in surfing for music or the latest video, can use peer to peer networks to great advantage. Their key networks don't need to be scalable. The number of their nodes is purposely kept small. In order to broadcast messages to the wider world, terrorist networks only need a node on their darknet which can connect to the wider Internet along which messages can be discovered and passed much more quickly. Therefore, any organization which is willing to accept the inconvenience required by networking schemes like Gnutella can obtain a huge degree of protection from garden variety Internet sleuths. As Wikipedia notes:

One of the benefits of having Gnutella so decentralized is to make it very difficult to shut the network down and to make it a network in which the users are the only ones who can decide which content will be available. Unlike Napster, where the entire network relied on the central server, Gnutella cannot be shut down by shutting down any one node and it is impossible for any one company to control the contents of the network, which is also due to the many free software Gnutella clients which share the network.

Which brings us back to Mike McConnell and AT&T. Although McConnell's threat to access Google's search histories may sound like a great way to track down threats it has definite limitations. One of those limitations is that it won't catch those who use darknets based on certain kinds of peer to peer networking. This is where AT&T potentially comes in. Although peer to peer networks can outflank Internet protocols and live outside its system, they cannot easily bypass the physical communications system. Darknet messages must still travel the wires, microwave links, satellite broadcasts, etc unless they are to revert to physical transport by courier. What may be invisible to Google might still be detectable by the phone company. So when Randall Stephenson says his company is "looking at monitoring peer-to-peer file-sharing networks" it's not just the music pirates that have to look out.

Even shutting down piracy has strategic implications. Countries like China have built themselves on the foundation of bootlegged intellectual property. But the Wild West frontier days of the information universe are ending. The marshals are riding the range.

Information will become one of the important commodities of the 21st century. Consequently intellectual property, information control, meta-information (information about information) will comprise the new strategic geography of the coming decades. It will be around these points that nations and organizations will clash, as in centuries past men fought for Little Round Top, Midway or airspace over London. The information revolution began by offering its rebels the vista of unlimited freedom. Ironically it may end by providing unlimited surveillance.

11 Comments:

Blogger pelted said...

Not on topic, but there's an op-ed over at American Prospect that, in my mind, basically admits that the coming Democratic draw-down of troops is a way to create failure in Iraq:

"Putting Petraeus at Central Command would have an added benefit for a Democratic president: he would be tasked with overseeing a plan to draw troops down from Iraq, thereby making him complicit in the undoing of his chief political advantage."

Go back and read that in context.

http://www.prospect.org/cs/articles?article=petraeus_12

Am I reading that wrong or what?

1/23/2008 04:56:00 PM  
Blogger Wretchard said...

One would think that "failure in Iraq" is primarily required by the Democrats to gain the White House. Once in the White House, a failure in Iraq will have no further utility than to appease the perverse desires of their leftist base who want a failure in Iraq for its own sake.

Of course, not everything unfolds logically. Jimmy Carter should have taught history that. And what will happen after Hillary or Barack get the Oval Office -- if the do -- I cannot predict. It would be nice if we could bound their actions by rationality, but there is no guarantee of that.

1/23/2008 05:21:00 PM  
Blogger Keith said...

There is no small effort being undertaken to provide an anonymity infrastructure on the internet. A number of pieces exist and, as you say, can and are being used by terrorists. Peer-to-peer networks are one form of private association but there are several others. (e.g. There are anonymous web routing technologies combined with encryption that can make an individual's web browsing history impossible to track.)

It is unlikely, IMO, that the government and security organizations are going to handle this effectively. Primarily the problem relates to their relative slowness to adapt. The obstacles parallel, in some ways, the obstacles faced by the RIAA in enforcing copyright laws. Information dissemination on digital infrastructures can be changed too easily.

China has done interesting things to elicit a more organic effort to use the internet as a strategic information source. Their efforts to harness the collective efforts and expertise of the hacker community are well documented.

I suspect there are a number of Americans who would gladly roll up their sleeves and get involved in solving some of these problems but there is sufficient legal ambiguity regarding actions that could be taken to deal with these problems, that capable individuals are reluctant to stick their necks out. If congress were actually serious about the war, they would pass legislation that turned American citizens free to contribute to the war in a way that would yield greater adaptability and a flood of interesting public information.

But some of the techniques required to gather this kind of information and deal with the anonymity technologies you describe are, at best, legally ambiguous.

1/23/2008 05:48:00 PM  
Blogger whiskey_199 said...

Wretchard -- Dems have promised their base to inflict a defeat on America as being "good for Amerikkka!" and will have to deliver it. Not just in Iraq but Afghanistan and Iran and Pakistan.

Of course that will cost America greatly but that's the whole idea.

Of course a President Hillary or Obama would demand an immediate surrender.

1/23/2008 06:40:00 PM  
Blogger Mad Fiddler said...

Last night my sibling and I caught a news item about a woman who, seeing what she thought was an ad to hire a replacement for her at work, went to her job site and spent a few weekend hours deliberately deleting important files and disrupting the computer system.

Evidently she went to a good deal of trouble to destroy some seven year's worth of files she judged critical to the office's ability to fulfill its contracts. The files she destroyed in just a few hours of tantrum represent something like two-and-a-half MILLION dollars worth of work.

Turns out the woman's employer had not been planning to fire her; the help-wanted ad had been intended to expand the company. Happily, the company had some backup system that allowed them to recover lost files, and resume operations without apparent delay.

Still, the woman had done her damnedest to put the company out of business. It's as callous as if she'd burned up a company's records in an incinerator.

Of course, this sort of thing has been going on since cuneiform strokes on mud tablets.

When I worked in Silicon Valley, companies going through serial spasms of layoffs would routinely de-activate the access passwords and entrance key cards, the day before they were scheduled to be informed of their termination. If there had been any hint of disgruntlement, the employee would be not even be allowed back in the building --- the employee's desk would be emptied into boxes by security staff, to be collected at the company entrance.

We live in a perpetual kitten-trust vulnerability at the civil level. The government may be going to extraordinary lengths to protect ITS computer systems, but our increasing expectation of and reliance on networked-total-universal-access-to-everything-at-once-all-the-time-forever makes protecting us from evil-doers chancier by the day.

1/23/2008 11:57:00 PM  
Blogger LarryD said...

On the discussion at Slashdot about the AT&T remarks it was pointed out that such monitoring would void AT&T's common carrier status, laying them open to a huge world of liability.

Trying to monitor the Internet has the filter-water-from-a-firehose problem.

Ref. Cooley. "It was not immediately clear whether Cooley was terminated from the company. However, according to the police report, she told authorities she would never return to the business."

I hope she at least feels ashamed of herself.

1/24/2008 06:05:00 AM  
Blogger BigLeeH said...

One can draw interesting parallels between the way the "War on Drugs" makes the "War on Terror" more difficult (by injecting cash into various terrorist organizations that smuggle drugs on the side -- see Afghanistan) and the way the online intellectual property wars complicate the War on Terror's cyber-war front.

Whatever one may think of the entertainment industries legal efforts to put the genie back in the bottle it is difficult to deny that their efforts have led to an online "privacy" arms race. The large market demand for convenient, undetectable information sharing (to avoid the copyright police) has provided an incentive for the development of ever-darker networks where the content is protected by strong cryptography. These networks themselves can be detected at the physical layer but the large number of connections makes it difficult to pick out likely subjects for investigation. Properly encrypted, a dirty bomb schematic and a dirty picture look pretty much the same on the wire.

This problem is compounded by the differing goals of the entertainment industry and the intelligence community. The entertainment industry seeks to throttle the communications channels by very publicly attacking users of the network -- as users of the network -- hoping to make people fearful of using the network at all. But the intelligence community does not want the users to know that their communications are being monitored and will often put off acting on information gained from such monitoring until a plausible alternate source for the information can be found.

1/24/2008 08:48:00 AM  
Blogger Walter said...

Wretchard - I consider this a very bad path to tread. Before drifting into some other concerns.. begin by consider engineers like myself who earn a living via the internet. This includes IP and research discussions with my Patent Lawyer, various firms and universities and the military.

Now are these AT&T snoops going to be bonded? Are they going to be US Citizens with some sort of security clearance to read anything?

Are they to be trusted? Can I trust any firm today not to rob me? Consider deeply before a quick response. As an outsourced older engineer I have no trust in US big biz. Not one ounce. I see them as crooks and robbers. Living in the Chicago suburbs I see government employees as just as crooked. In fact I already have serious problems with the trustworthiness of the the imported patent examiners (not native born citizens).
This move will be view by me as big corp fascism trying to exploit me under a pretense of civil defense.

Now.. in addition I see it as a move to kill LINUX and GNU software along with anything not made by a big corp.

1/24/2008 09:26:00 PM  
Blogger j willie said...

Larry D,

On the discussion at Slashdot about the AT&T remarks it was pointed out that such monitoring would void AT&T's common carrier status, laying them open to a huge world of liability.

The folks at slashdot "obviously don't know their telecom regulatory stuff - why should they, it has nothing to do with their daytime jobs writing software code.

For the record, the FCC, in its glorious, unmitigated wisdom, in 2005 declared that Internet Service provided over DSL, cable or powerlines is an "information service" and therefore NOT a "telecommunications service". As an providers of information service, the RBOC's (now ATT, Verizon and Qwest) are exempt from common carrier obligations imposed by Title II of the Communications Act of 1934 as amended in 1996.

In typical self contradicting, illogical but logical, mode, the FCC also determined that Internet services ARE telecommunications services with respect to CALEA (in a nutshell - govt wiretapping).

So, the big telco's have zero common carrier obligations with respect to broadband Internet, but bigtime CALEA obligations, which makes Wretchard's post dead on (as usual).

As a former telecom industry executive and lifelong Republican presidential voter, i have been very bothered by the Bush administration's lax telecom industry oversight. Under Kevin Martin, Bush's FCC Chairman appointee, the FCC has facilitated the concentration of market power by ATT & Verizon, basically denuded all their non-cable industry competition and allowed these two companies to become dominant providers of domestic and international Internet access facilities (high capacity, long-haul backbones, peering facilities and last mile network connections). It would not surprise me at all if sometime post 9/11, but no later than 9/31, the Bush admin determined that it had to have telco cooperation in order to effectively monitor terrorist communications traversing US domiciled peering/switching facilities owned by these two telcos. I would not doubt that some sort of deal was made with Whitaker and Seidenberg to facilitate their concentration of the industry via acquisitions and provide enormous and lucrative (as well as highly confidential) contracts in exchange for unfettered access to the traffic traversing their primary peering nodes (network facilities where large numbers of domestic and international ISP's exchange Internet traffic). It's obviously in the government's best interest to have fewer players to deal with, rather than more, so the industry rollups worked to everyones' advantage.

While the last paragraph is nothing but speculation, it definitely has the characteristics of Occam's Razor in explaining the above and many other aspects of the otherwise puzzling developments within the communications industry since 2001.

So, if the above speculation were to be true, who would the executives of ATT and Verizon answer to, their shareholders or the US govt?

Lastly, as Keith notes above, encrypted P2P networks remain very difficult for anyone - NSA, CIA, Chinese, etc. - to penetrate. In fact, end-to-end encryption - from the file on the originating hard disk/flash drive through all layers of the network to an encrypted file on another computer at the end of the transmission - is well within the capabilities of any new PC today (and especially those with dual cores).

1/24/2008 09:35:00 PM  
Blogger Walter said...

Another point is covered in this link:
http://torrentfreak.com/alchemist-author-pirates-own-books-080124/
about an author whose worldwide sales of printed books went from peanuts to millions after pirating his own books on to P2P links.

It was a great marketing move and showed how the existing marketing systems are BUGGY WHIP MANUFACTURERS trying to save their dying business models with draconian protectionist laws that are akin to high import duties.

1/25/2008 08:10:00 AM  
Blogger Bill said...

“Although peer to peer networks can outflank Internet protocols and live outside its system, they cannot easily bypass the physical communications system.” - Wretchard

I think peer to peer (P2P) packets of information rely on IP routing and live "inside the system" just as much as any other network communication. It’s just that a common application server does not manage them.

“Lastly, as Keith notes above, encrypted P2P networks remain very difficult for anyone - NSA, CIA, Chinese, etc. - to penetrate. In fact, end-to-end encryption - from the file on the originating hard disk/flash drive through all layers of the network to an encrypted file on another computer at the end of the transmission - is well within the capabilities of any new PC today (and especially those with dual cores).” - Larry D,

This isn’t my specialty, but I think that with NSA access to Internet routers (as Larry D notes consolidation abets) one compromised P2P client (a terrorist’s PC) potentially illuminates his whole clandestine network.

One does not have to immediately understand the content of P2P encrypted packets to distinguish them from others. Once a single client is identified as a known terrorist, NSA software could monitor packet traversal from it though each node it is directed to. In a matter of seconds, the whole terrorist network is lit up like a Christmas tree. From there the NSA can monitor everything going in and out of each of their PCs, enabling us to identify the user and perhaps the location.

A single terrorist may not even need to be identified first. Traffic from P2P software certainly has a pattern, identified by the propagation of packets. With unfettered access to the Internet's primary routers and powerful tools at NSA's disposal, all encrypted traffic using P2P software could be put in focus. Common investigative techniques would narrow down the networks of concern for further investigation. Monitoring all Internet use from those nodes would further establish their potential use by terrorists. After that, those little P2P "communities" go under a microscope.

Using P2P software in that light becomes a catastrophic security weakness because each message is highlighted by the tools used to conceal its content, identifying every member of the community with "clearance" to receive a messages along its way to one or more members with a “need to know”. Then as members contact other cells, other P2P networks are identified and the whole organization is exposed.

I'm not sure I should even be publicly speculating about this. Anyone with inside information certainly should not add their bit.

1/27/2008 07:51:00 AM  

Post a Comment

Links to this post:

Create a Link

<< Home


Powered by Blogger