• Print

The wiretapping accusation against P2P and copyright filtering: evidence that we need more user/provider discussion

I would by no means argue with

celebrated law expert Paul Ohm

when he suggests that cable companies and other ISPs might be breaking
the federal wiretap law by doing deep packet inspection.
This was the recent news from a

WIRED reporter

blogging from

Computers Freedom & Privacy
.

I will leave it up to the lawyers to decide whether the wiretap law
was passed with the intent to keep providers from reducing traffic
that strains their bandwidth, or from complying with
requests from movie studios to prevent the unauthorized exchange of
first-run films. I’ll also let lawyers decide whether the ISPs are
shielded by exemption that allows them to protect their service.

But I can’t help observing that the same kinds of deep inspection that
Ohm decries (and that permits China and other governments to censor
content) is also used for spam and virus filtering. Superficial
traffic analysis could perhaps, someday, identify spam and viruses,
but it’s currently critical to check for the signatures of malicious content. Would
Professor Ohm like to personally handle the 2000% increase in email
he’d get if he forced his ISP to stop filtering?

On the other hand, I wonder whether web mail services such as Hotmail,
Yahoo! and Google would be guilty of wiretapping if they check
traffic. After all, they are not delivering traffic to another system
as Comcast is; they are terminating the traffic on their own systems,
where their users access it. I’d think they have a much stronger
defense, partly because the data is technically on their own systems,
and partly through the claim that they need to run filters to protect
these systems from viruses, or even just excessive traffic.

These dilemma suggest to me that the relationship between ISPs (or
mail service providers) and customers has to change, and perhaps that
the wiretap statute has to adapt. What we want is that most perplexing
of legal solutions: to screen out malicious behavior and impacts that
users don’t like, while leaving positive and desired behavior alone.

Many have called on providers to publish (at least in broad terms)
what kinds of filtering their doing, and to make it explicit parts of
their contracts with users. To extend this idea, users could
explicitly request what they want blocked.

It could be done on a fine-grained level; for instance, you could
implicitly grant your ISP a right to filter out Korean messages
(assuming you don’t understand Korean and consider the messages spam)
by checking a box on your service agreement that says, “Please block
anything containing Korean characters.” Or it could be done on a more
coarse-grained level, by granting your provider the discretion to look
for viruses.

Laws regarding notice and consent would make it harder for providers
to toss in practices that users don’t want. They could still do so by
insisting on it as part of their contracts. My suggestion is that we
revamp our philosophy about filtering. That would still leave the
difficult task of balancing adequate notice and consent with the need
of ISPs to respond with agility to every-changing conditions.

tags: , , , , , ,
  • Jacob Rideout

    It is interesting to note, that for email at least, content filtering is waning. The major ISPs are moving to reputation based systems. The systems that exist now are IP based, but as authentication takes off (SenderID, DKIM, etc …) Domain based reputation will become more important. A large part of the email sender reputation is user based: the “this is spam” buttons that are becoming more common. We are moving to a email world that functions more like the loan/credit industries rather than parcel delivery.

  • http://www.praxagora.com/andyo Andy Oram

    Jacob: thanks for the information. I’ll make it a habit to use my “Report as Junk” button on the mail client when appropriate. The value of getting educated users to cooperate around spam reporting was part of an article I wrote from a reputation conference, and is related to the general theme of a book I recently reviewed, “The Future of the Internet.”

  • http://paulohm.com Paul Ohm

    Although Ryan Singel did a very good job summarizing my comments at CFP, because he was distilling a fifteen minute presentation into three quotes, he had to leave out a lot of detail.

    ISPs have two principal defenses in the wiretap laws: “protection of rights and property” and user “consent.” Spam and virus filtering probably falls with “rights and property” for most ISPs. (Although I’m not yet convinced that a Tier 1/backbone providing ISP can make that claim). Filtering to detect the illegal transfer of copyrighted works seems like a harder argument to make under “rights and property” and Charter’s website monitoring to serve better ads (read: make more money) is a far cry from rights and property.

    I’m writing this all up in a forthcoming law review article, which I hope to post to my website (paulohm.com) later this summer.

  • Michael R. Bernstein

    This seems wrong headed. Spam filtering largely happens at the edge (typically in the receiving mail server), and does not typically use deep packet inspection (it doesn’t need to. there is no point in sending a mailserver any email that isn’t in the clear). There are appliances that do this sort of inspection for high volume recipients, but it is still happening at the network edge.

    The fact that this edge is (for consumers) typically hosted by the ISP doesn’t make it less of an edge service.

    Of course, ISP’s would *like* us to consider email to be a close-to-the-backbone service, and frequently engage in blocking SMTP traffic on port 25 that does not go through their servers to combat the plague of windows spam-zombie machines inflicted upon the internet as a whole, but it is still, architecturally, a service at the edge of the internet.

    If ISP’s are in fact doing deep packet inspection of email that is merely crossing their network, it’s the first I’ve heard of it, and it likely would also fall afoul of wiretapping laws.

  • http://www.praxagora.com/andyo/ Andy Oram

    You’re right, Michael, I shouldn’t have used “deep packet inspection” for spam/virus filtering because the filtering doesn’t happen at the router; it happens in the email server or an attached system. The data that ISP is looking through is the user data, but it’s email only. The deep packet inspection should refer to the P2P throttling.