copyright 2005 1 p2p technology and its legal and policy implications roger clarke xamax consultancy...
TRANSCRIPT
Copyright2005
1
P2P Technologyand Its Legal and Policy Implications
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor at U.N.S.W., A.N.U., Uni. of Hong Kong
http://www.anu.edu.au/people/Roger.Clarke/...
.../II/P2P-LegPol-0507 {.html, .ppt}
Baker & McKenzie Cyberspace Law & Policy Centre
U.N.S.W., 27 July 2005
Copyright2005
2
P2P Technologyand Its Legal and Policy
Implications
Themes
• Where It Came From; and What It Is
• How It’s Different• What It Can Be Used For• What It Is Used For• Its Implications• Copyright-Owner Adaptation
Copyright2005
5
Client-Server Architecture1980s Onwards
Intra-OrganisationalServer
Softwarein
LargeCentral
Host
ClientSoftware
inSmall
RemotePC
PCsin
LocalArea
Network
Copyright2005
6
Client-Server Architecturemid-1980s Onwards, esp. mid-1990s
Onwards Internet-Mediated
Serverin
Host
Clientin
Workstation
Clientin
Workstation
Clientin
Workstation
Clientin
Workstation
Clientin
Workstation
Clientin
Workstation
Serverin
Host
Serverin
Host
Copyright2005
7
Key Developments Since the Mid-1990s
• Workstation Capacity (now rivals Hosts)• Workstation Diversity
desktops, laptops, handhelds, smartcards, ...phones, PDAs, cameras, ...fridges, carburettors, ... RFID tags, ...
• Broadband Connectivity (now widespread)This enables dispersion and replicationof devices capable of providing services
• Wireless Connectivity (rapidly increasing)This enables Mobilitywhich means Devices change networkswhich means their IP-addresses change
Copyright2005
8
Wireless Comms Using Electromagnetic Radiation
• Wide Area Networks – Satellite (Geosynch, Low)GS is Large footprint, very high latency (c. 2 secs)
• Wide Area Networks – Cellular (to 20km per cell)1 – Analogue Cellular, e.g. AMPS, TACS2 – Digital Cellular, e.g. GSM, CDMA3 – ‘3G’, e.g. GSM/GPRS and W-CDMA
• Wide Area Networks – ‘WiMax’, IEEE 802.16• Local Area Networks – ‘WiFi’ (10-100 m radius)
e.g. IEEE 802.11x esp. 11b,g / Apple Airport• Personal Area Networks (1-10 metres)
e.g. Bluetooth (or beamed infra-red)
Copyright2005
9
P2P – The Motivation
• “P2P is class of applications that take advantage of resources (storage, processing capacity, content, human presence) available at the edges of the Internet”
• A program is both Client and Server:• a workstation provide services to others
e.g. a music playstation can be a mixer too• So Workstations also acts as Hosts
Copyright2005
10
Multiply-Connected Topology / P2P Architecture
1970s but esp. Late 1990s Onwards Internet-Mediated
Copyright2005
11
P2P – Towards a Technical Definition
P2P is a network architecture in which each node
is capable of performing each of the functions
necessary to support the network
and in practice many nodes do perform many of the functions
Copyright2005
12
The Essential Nature of P2P• In principle, Every Device is a Client and a Server• In practice, Many Devices perform Server-functions• Collaboration is inherent• Clients can find Servers• ‘Single Points-of-Failure’ / Bottlenecks / Chokepoints
are avoided by means of networking dynamics • Enough Devices with Enough Resources participate as
Servers for discovery, and as Servers for services• 'Free-Riding' / 'Over-Grazing' of the 'Commons'
is restrained through software and psych. features
Copyright2005
13
Why P2P Is Attractive• Much-Reduced Dependence on individual devices
and sub-networks (no central servers)• Robustness not Fragility (no single point-of-failure)• Resilience / Quick Recovery (inbuilt redundancy)• Much-Improved Scalability (proportionality)• Improved Servicing of Highly-Peaked Demand
(more devices on the demand-side implies there are also more server-resources)
• Resistance to Denial of Service (D)DOS attacks (no central servers)
Copyright2005
14
P2P Applications1. Of Long Standing
• ARPANET services generally, from 1969, which were built over a peer-to-peer architecture
• message transfer agents, since 1972 (SMTP), which perform both server and client functions
• USENET since 1979, now Internet Netnews• Fidonet file / message transfer system, since 1984• Domain Name System (DNS), since 1984,
a collaborative scheme, each server also a client
Copyright2005
15
Recently-Emerged P2P Applications2. Processing Services (cf. Grid
Computing)• Pattern-Searching of Data (e.g. SETI@home)• Data-Space Searching, in particular as part
of a collaborative key-discovery process (e.g. EFF's DES cracking project)
• Numerical Methods, large-scale / brute-force(e.g. fluid dynamics experiments, meteorology)
• Gaming, multi-player, networked• Message Transfer:
• conferencing/chat/instant messaging• cooperative publishing
Copyright2005
16
Recently-Emerged P2P Applications
3. Access to Digital Objects• Software fixes/patches• Software releases• Virus Signatures• Announcements, e.g. of
technical and business information, entertainment, sports results, promotional messages, advertisements
• News Reports, by news organisations, and by members of the public
• Emergency Services traffic• Backup and Recovery• Games Data, e.g. scenes
and battle configurations• Archived Messages, for
conferencing/chat/IM, and cooperative publishing
• Learning Materials, in various formats
• Entertainment Materials, in various formats
Copyright2005
17
The Predominant Use 1998-2005
• Consumer sharing of entertainment materials:
• recorded music, in MP3 and other formats
• video, as bandwidths increase
• Copyright-owning corporations assert, with substantial evidence, that a large proportion of those file-transfers is being performed in breach of copyright law
Copyright2005
18
Indicators of Scale• In Sep 2002, 31m Americans used P2P to share music• In 2003, FastTrack peaked at 5.5m users and 60% of
the market, then fell due to publicity about lawsuits• By 2004:
• P2P data volumes estimated at 10% of traffic (Web 50%, all email incl. spam 3%)
• simultaneous users c. 10m• c. 50 m searches per day• FastTrack still had 4m users (40% of market)
and enabled access to 2m files, >10 terabytes• 50% of files audio, 25% video, 25% other
Copyright2005
19
P2P Networks and Protocols
http://en.wikipedia.org/wiki/Peer-to-peer#Networks.2C_protocols_and_applications
BitTorrent network: ABC, Azureus, BitAnarch, BitComet, BitSpirit, BitTornado, BitTorrent, BitTorrent++, BitTorrent.Net, G3 Torrent, mlMac, MLDonkey, QTorrent, SimpleBT, Shareaza, TomatoTorrent (Mac OS X) [2], TorrentStormeDonkey network: aMule (Linux, Mac OS X, others), eDonkey2000, eMule, LMule, MindGem, MLDonkey, mlMac, Shareaza, xMule, iMesh Light, ed2k (eDonkey 2000 protocol)FastTrack protocol: giFT, Grokster, iMesh (and its variants stripped of adware including iMesh Light), Kazaa by Sharman Networks (and its variants stripped of adware including: Kazaa Lite, K++, Diet Kaza and CleanKazaa), KCeasy, Mammoth, MLDonkey, mlMac, PoisonedFreenet network: Entropy (on its own network), Freenet, FrostGnutella network: Acquisitionx (Mac OS X), BearShare, BetBug, Cabos, CocoGnut (RISC OS) [3], Gnucleus Grokster, iMesh, gtk-gnutella (Unix), LimeWire (Java), MLDonkey, mlMac, Morpheus, Phex Poisoned, Swapper, Shareaza, XoloXGnutella2 network: Adagio, Caribou, Gnucleus, iMesh, MLDonkey, mlMac, Morpheus, Shareaza, TrustyFilesJoltid PeerEnabler: Altnet, Bullguard, Joltid, Kazaa, Kazaa LiteNapster network: Napigator, OpenNap, WinMX
Applejuice network: Applejuice Client, Avalanche, CAKE network: BirthdayCAKE the reference implementation of CAKE, Direct Connect network: BCDC++, CZDC++, DC++, NeoModus Direct Connect, JavaDC, DCGUI-QT, HyperCast [4], Kad Network (using Kademila protocol): eMule, MindGem, MLDonkey, LUSerNet (using LUSerNet protocol): LUSerNet, MANOLITO/MP2P network: Blubster, Piolet, RockItNet, TVP2P type networks: CoolStreaming, Cybersky-TV, WPNP network: WinMXOther networks: Akamai, Alpine, ANts P2P, Ares Galaxy, Audiogalaxy network, Carracho, Chord, The Circle, Coral[5], Dexter, Diet-Agents, EarthStation 5 network, Evernet, FileTopia, GNUnet, Grapevine, Groove, Hotwire, iFolder[6], konspire2b, Madster/Aimster, MUTE, Napshare, OpenFT (Poisoned), P-Grid[7], IRC @find and XDCC, used by IRC clients including: mIRC and Trillian, JXTA, Peersites [8], MojoNation, Mnet, Overnet network, Peercasting type networks: PeerCast, IceShare - P2P implementation of IceCast, Freecast, Scour, Scribe, Skype, Solipsis a massively multi-participant virtual world, SongSpy network, Soulseek, SPIN, SpinXpress, SquidCam [9], Swarmcast, WASTE, Warez P2P, Winny, AsagumoWeb, OpenExt, Tesla, soribada, fileswapping, XSC
Copyright2005
20
P2P Multi-Protocol Applications
http://en.wikipedia.org/wiki/Peer-to-peer#Networks.2C_protocols_and_applications
eMule (Edonkey Network, Kad Network) (Microsoft Windows, Linux)aMule (eDonkey network) (Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD, Windows and Solaris Op Environmt)Epicea (Epicea, BitTorrent, Edonkey Network, Overnet, FastTrack, Gnutella) (Microsoft Windows)GiFT (own OpenFT protocol, and with plugins - FastTrack, eDonkey and Gnutella)
and xfactor (uses GiFT) (Mac OS X)Gnucleus (Gnutella, Gnutella2) (Microsoft Windows)Hydranode (eDonkey2000) (Microsoft Windows, Linux, Mac OS X)iMesh (Fasttrack, Edonkey Network, Gnutella, Gnutella2) (Microsoft Windows)Kazaa (FastTrack, Joltid PeerEnabler) (Microsoft Windows)Kazaa Lite (FastTrack, Joltid PeerEnabler) (Microsoft Windows)KCeasy (Gnutella, Ares, giFT)MindGem (Edonkey Network, Kademlia)MLDonkey (BitTorrent, eDonkey, FastTrack, Gnutella, Gnutella2, Kademlia)
(MS Windows, Linux, Mac OS X, Palm OS, Java)mlMac (BitTorrent, eDonkey, FastTrack, Gnutella, Gnutella2)Morpheus (Gnutella, Gnutella2) (Microsoft Windows)Poisoned (FastTrack, Gnutella)Shareaza (BitTorrent, eDonkey, Gnutella, Gnutella2) (Microsoft Windows)WinMX (Napster, WPNP) (Microsoft Windows)XNap (OpenNAP, GiFT, Limewire, Overnet, ICQ, IRC) (Java)Zultrax (Gnutella, ZEPP)
Copyright2005
21
Technical Concerns about P2P
• Address Volatility: old addresses may not work(hence trust based on repetitive dealings is difficult)
• Absence of Central Control, hence risk of anarchy
• Security Challenges:• Malware, embedded or infiltrated• Surreptitious Enlistment (at least potential)• Vulnerability to Masquerade• Vulnerability to Pollution Attacks (decoys)
Copyright2005
22
Business and Government Concerns about P2P
• Address Volatility, plus Inadequate Identifiers, hence:
• respondents are difficult to identify and locate• reduction in user accountability
• Absence of Central Control, hence:• reduction in technology-provider accountability• no single point for a denial of service attack
• Challenge to Authority over Users:• to Copyright-Owners• to Censors
Copyright2005
23
The P2P Battleground – 1998-2005
• MP3
• Napster
• Gnutella, KaZaA, et al.
• CD-quality digital soundin files sized 1 MB/minute
• a central catalogue of a distributed database, to facilitate sharing of MP3 files
• a distributed catalogue of a distributed database, to facilitate sharing of (MP3?) files
Copyright2005
24
Use of the Law to Destroy Napster
1999-2002
• Napster was P2P-with-a-chokepoint, because it relied on a central directory of file-names and host-identities
• Court action resulted in closure of the directory, and hence the collapse of the system as a whole
• Many P2P applications have some central facility that can be attacked in such a manner, including AOL Instant Messenger and ICQ
Copyright2005
25
Categories of P2P
Pure• Functions and objects are distributed across many nodes,
so no one node is critical to the network's operation; so control is very difficult – USENET, Fidonet, Freenet, Gnutella(1)
Compromised / ‘Two-Tier’• Functions and objects are distributed; the index is
substantially but not fully distributed – FastTrack, Gnutella(2)
Hybrid• Functions and objects are distributed; the index is
heirarchical (the DNS) or centralised (Napster, BitTorrent)
Copyright2005
26
Use of the Law to Constrain P2P Generally
2002-
• A critical central service is a chokepoint.If it’s within jurisdictional reach (and the US is highly aggressive in extending its laws beyond its territories), then it can be attacked through the courts
• Gnutella, KaZaA and some other P2P services decentralise their directories as well as their storage
• Court action intended to preclude such P2P services will need gain injunctions against production, dissemination and use of the tools and/or protocols
Copyright2005
27
Challenges for Copyright-Owners
• Unauthorised Reticulation
• Unauthorised Adaptation
• Identification of copyright objects
• Tracking the movement of objects
• Identifying Devices that store those objects and that traffic in them
• Identifying the Person responsible for a breach, with the device used to perform the act that constitutes the breach
• Location of the responsible Person
• Bringing Suit (e.g. jurisdiction)• Collection and Presentation of
Evidence sufficient to win even civil, let alone criminal cases
• Proposing Interventions that could be awarded by court injunction
Copyright2005
28
P2P Architecture’sResilience and Robustness
• The removal of a device as a result of the execution of a warrant or injunction is indistinguishable from other forms of denial of service attack
• But in John Gilmore’s words:“The Internet treats censorship as damage, and routes around it”
Copyright2005
29
Copyright-Owner Fightback Phases
• Legal – Lawsuits and Publicity• Political – Copyright Expansionism• Technological – Digital Rights
Management• Reduction of the Power at the Edges• New Business Models
Copyright2005
30
What’s Different about Copyright Objects Now, and in the Future
• Digital not physical / Bits not atoms• Copying is intrinsic to transmission• Copying is performed by the consumer
=> Consumers now need a copyright licence
• Copies for personal use are indistinguishablefrom copies for re-sale, and copies for adaptation
• Copiability and Adaptability are intrinsic=> Appropriation is a virtue, but still
a vice
Copyright2005
31
Copyright Expansionism• Accidental extension through buffers, cache• Lawyers’ ‘nastygrams’ and misuse of process• Lobbying for, and Enactment of, Laws:
• extending copyright laws• criminalising hitherto civil law breaches• enlisting law enforcement agency support• transferring enforcement costs to the State
• DMCA-based Gaoling, no bail, delayed charges, charges withdrawn once chilling effect achieved
• Embedment in Marketspace Mechanismsof Existing, Expanded and Imagined Rights
Copyright2005
32
Digital Rights Management Technologies
Passive Technologies
• Object-Protection under the owner's control• Object-Protection while it is in transit• Means of Tracing Rogue Copies:
• 'Watermarking' technology (to uniquely identify the publication)
• 'Fingerprinting' technology (to uniquely identify the particular copy)
• Object-Protection under a licensee’s control
Copyright2005
33
Digital Rights Management Technologies
Active Technologies – 1 of 2
• Notification to the licensee of their rightsat the time that the object is accessed
• Identification of licensees• Authentication of identities• Destruction / Disablement of the data object
in the event of licence expiry or breach(cf. the sterility gene in proprietary GM crops)
Copyright2005
34
Digital Rights Management Technologies
Active Technologies – 2 of 2
• Enforcement Mechanisms, client-side• Prevention, e.g. preclude actions that
breach permissions for printing display• Recording of actions that exercise
permissions under the licence• Recording of (attempts to) breach the
licence, e.g. making copies beyond the limit
• Reporting of (attempts to) breach the licence
Copyright2005
35
Ways to Reduce the Power at the Edge
• Make workstations ‘diskless’ or ‘thin’• Prevent software from being stored, and require
users to download a copy each time it is used (the Application Service Provider – ASP – model)
• Connect remote devices via asymmetric links, high-bandwidth downwards, low upwards (SDSL’s 1:1 ratio cf. ADSL and cable’s 2:1, 4:1 and even 8:1)
• Insert in every consumer-device:• identifiers• location and tracking technology
• Upgrade / Replace the Internet Protocol Suite
Copyright2005
36
A More Constructive Closed Approach
• Identify customers’ price resistance-point(by finding out ‘what the market will bear’)
• Set prices accordingly(and thereby sustain payment morality)
• Discourage and prosecute breaches where the purpose is commercial
• Take no action over breaches by consumers(time-shifting, format-change, sharing?)
• A Case Study:• Apple iTunes charges USD 0.99 per
track!??
Copyright2005
39
Domain Name System (DNS)
• Devised in 1983 to:• separate (domain-)name from
(IP-)address• make it easier for humans, e.g.
xamax.com.au cf. 203.20.62.21 • A dispersed set of interconnected devices
thatmaintains an index of names-and-addresses
Copyright2005
40
Moving Outside the DNS
• The DNS was devised when each Host had a stable IP-address, and was seldom unavailable
• If nodes are unstableor IP-addresses change rapidlythen apps need something other than the DNS
• Workstations aren’t always availableand Mobile Workstations change IP-address
• So many P2P applications don’t use the DNS