May 24

Andy Oram

Andy Oram

The wiretapping accusation against P2P and copyright filtering: evidence that we need more user/provider discussion

I would by no means argue with celebrated law expert Paul Ohm when he suggests that cable companies and other ISPs might be breaking the federal wiretap law by doing deep packet inspection. This was the recent news from a WIRED reporter blogging from Computers Freedom & Privacy.

I will leave it up to the lawyers to decide whether the wiretap law was passed with the intent to keep providers from reducing traffic that strains their bandwidth, or from complying with requests from movie studios to prevent the unauthorized exchange of first-run films. I'll also let lawyers decide whether the ISPs are shielded by exemption that allows them to protect their service.

But I can't help observing that the same kinds of deep inspection that Ohm decries (and that permits China and other governments to censor content) is also used for spam and virus filtering. Superficial traffic analysis could perhaps, someday, identify spam and viruses, but it's currently critical to check for the signatures of malicious content. Would Professor Ohm like to personally handle the 2000% increase in email he'd get if he forced his ISP to stop filtering?

On the other hand, I wonder whether web mail services such as Hotmail, Yahoo! and Google would be guilty of wiretapping if they check traffic. After all, they are not delivering traffic to another system as Comcast is; they are terminating the traffic on their own systems, where their users access it. I'd think they have a much stronger defense, partly because the data is technically on their own systems, and partly through the claim that they need to run filters to protect these systems from viruses, or even just excessive traffic.

These dilemma suggest to me that the relationship between ISPs (or mail service providers) and customers has to change, and perhaps that the wiretap statute has to adapt. What we want is that most perplexing of legal solutions: to screen out malicious behavior and impacts that users don't like, while leaving positive and desired behavior alone.

Many have called on providers to publish (at least in broad terms) what kinds of filtering their doing, and to make it explicit parts of their contracts with users. To extend this idea, users could explicitly request what they want blocked.

It could be done on a fine-grained level; for instance, you could implicitly grant your ISP a right to filter out Korean messages (assuming you don't understand Korean and consider the messages spam) by checking a box on your service agreement that says, "Please block anything containing Korean characters." Or it could be done on a more coarse-grained level, by granting your provider the discretion to look for viruses.

Laws regarding notice and consent would make it harder for providers to toss in practices that users don't want. They could still do so by insisting on it as part of their contracts. My suggestion is that we revamp our philosophy about filtering. That would still leave the difficult task of balancing adequate notice and consent with the need of ISPs to respond with agility to every-changing conditions.

Previous  |  Next

0 TrackBacks

TrackBack URL for this entry:

Comments: 5

  Jacob Rideout [05.25.08 11:13 AM]

It is interesting to note, that for email at least, content filtering is waning. The major ISPs are moving to reputation based systems. The systems that exist now are IP based, but as authentication takes off (SenderID, DKIM, etc ...) Domain based reputation will become more important. A large part of the email sender reputation is user based: the "this is spam" buttons that are becoming more common. We are moving to a email world that functions more like the loan/credit industries rather than parcel delivery.

  Andy Oram [05.26.08 09:20 AM]

Jacob: thanks for the information. I'll make it a habit to use my "Report as Junk" button on the mail client when appropriate. The value of getting educated users to cooperate around spam reporting was part of an article I wrote from a reputation conference, and is related to the general theme of a book I recently reviewed, "The Future of the Internet."

  Paul Ohm [05.26.08 12:27 PM]

Although Ryan Singel did a very good job summarizing my comments at CFP, because he was distilling a fifteen minute presentation into three quotes, he had to leave out a lot of detail.

ISPs have two principal defenses in the wiretap laws: "protection of rights and property" and user "consent." Spam and virus filtering probably falls with "rights and property" for most ISPs. (Although I'm not yet convinced that a Tier 1/backbone providing ISP can make that claim). Filtering to detect the illegal transfer of copyrighted works seems like a harder argument to make under "rights and property" and Charter's website monitoring to serve better ads (read: make more money) is a far cry from rights and property.

I'm writing this all up in a forthcoming law review article, which I hope to post to my website ( later this summer.

  Michael R. Bernstein [05.26.08 04:00 PM]

This seems wrong headed. Spam filtering largely happens at the edge (typically in the receiving mail server), and does not typically use deep packet inspection (it doesn't need to. there is no point in sending a mailserver any email that isn't in the clear). There are appliances that do this sort of inspection for high volume recipients, but it is still happening at the network edge.

The fact that this edge is (for consumers) typically hosted by the ISP doesn't make it less of an edge service.

Of course, ISP's would *like* us to consider email to be a close-to-the-backbone service, and frequently engage in blocking SMTP traffic on port 25 that does not go through their servers to combat the plague of windows spam-zombie machines inflicted upon the internet as a whole, but it is still, architecturally, a service at the edge of the internet.

If ISP's are in fact doing deep packet inspection of email that is merely crossing their network, it's the first I've heard of it, and it likely would also fall afoul of wiretapping laws.

  Andy Oram [05.28.08 07:31 AM]

You're right, Michael, I shouldn't have used "deep packet inspection" for spam/virus filtering because the filtering doesn't happen at the router; it happens in the email server or an attached system. The data that ISP is looking through is the user data, but it's email only. The deep packet inspection should refer to the P2P throttling.

Post A Comment:

 (please be patient, comments may take awhile to post)

Type the characters you see in the picture above.