Bright Nets == Dark Futures (for the RIAA, at least)

July 1, 2008

I hadn’t heard of this implementation before — or the term “brightnet” — but the general idea is to split up files into randomly XOR’d chunks, and then share those chunks via P2P.  (I think some of the blocks are also pure random data, to confuse things further.)  This means a single collection of blocks can generate multiple files, and there’s no way to know from the outside which you want.

The technique thwarts the BitTorrent attack where you know someone has the file by the mere fact that you can download it from them.  In this model, merely being able to download a block from a peer doesn’t mean the peer has all the other blocks of that file, nor does it mean that that peer is using the block for illegal purposes. The same exact block could be used to legally construct a public domain song, or illegally construct an unlicensed copy of a copyrighted song.

Anyway, just more proof (as if we needed it) that the end of copyright is near.  It’ll still exist on the books, but just become increasingly unenforceable — one of those quaint anachronisms that we’ll scoff at while reminiscing with our grandchildren.

-david

PS: I alluded to this concept in a post to a mailing list on 6/26, but I had no idea any implementation was so advanced.  My original post follows, and is in response to a poster claiming that even without the “making available” argument, the RIAA has plenty of tools to wage its anti-pirate campaign:

This seems to depend on three things:

1) Licensed copies can be distinguished from unlicensed copies.

2) It’s possible to know who you downloaded a given file from.

3) Running a P2P service is generally regarded as shady activity

All these might be generally true now, but I think the trends work against all three.  Once an enforcement regime that depends on any or all of the above comes into force, the pirates will just switch systems.

Granted, I think you’re right: with enough work and forensic analysis and circumstantial evidence you’ll be able to prove it to a jury.  But it’ll get really expensive to do this — especially because pirate systems no longer advertise everything you’ve ever downloaded, and thus it’s impossible to distinguish between a one-time and hard-core pirate (without just downloading an incredible amount of pirated material and looking for repeat offenders — though with changing IP addresses and no permanent identifier, that gets hard).

The upshot is it might be a rather Pyrrhic strategy where the cost of suing a group of people exceeds the damages you get from the subset of people you win against.

—-

Though not super related, it’s a fun exercise to think how to develop a system that evades the above 3 forensic trails.  I’d toss out:

1) Converge pirate networks on perfect duplicates of legitimate copies that are available somewhere online.  Even if there are commercials embedded, come up with “metadata” that notes where the commercials are and program players to automatically skip over them.  Create MP3 ripping tools that explicitly create binary identical files even when ripped by different people, thereby enabling the argument that you ripped it and threw the CD away.

2) Use onionskin routing to obscure the trail to the actual host of the content.  Use file sharding such that everybody hosts a tiny fraction but nobody hosts the whole thing.  XOR file shards such that the only way you can get a particular file shard is to combine two entirely different ones, so nobody is hosting even subsets of the file directly.

3) Build a P2P system that has both legitimate and illegitimate purposes.  Have it implicitly “share” your entire hard drive, but it only actually responds to files with a given hash (thus any private information is implicitly protected because nobody knows its hash).

Taken all together, (1) makes your pirated content look potentially legitimate, (2) hides you when others download from you, and (3) lets you argue you’re not a pirate but just enjoying a legitimate P2P network and — golly, you didn’t know it could be use for piracy!  None of these are rock-solid defenses, but it’s not really protecting against a rock-solid attack, either.  The RIAA campaigns today are at best a break-even endeavor (when all the destruction of public sentiment is weighed in as a cost) — if the cost could be magnified 2x, 5x, or 10x, then even they will give up.

-david

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: