"Will ISP's Begin Spying on Users?"
July 6th, 2012
This month, if everything goes according to schedule, your Internet service provider may begin monitoring your account, just to make sure you aren't doing anything wrong with it -- like sharing copyrighted movie or music files. While we might all agree that copyright holders need to be protected, we may not all be equally happy about all of our communications being checked for violations. People and businesses who are not doing anything illegal may still have some things they wish to hide from their Internet access providers.
Under normal circumstances, your Internet service provider, or ISP, tries to protect you and your data from spying eyes. Cablevision, Time Warner Cable (an independent company no longer directly affiliated with TimeWarner, the parent of CNN and this site) and Comcast utilize all sorts of software to keep the connections between our modems and their servers safe. They also encourage us to keep our home networks secure from eavesdroppers.
But what are we supposed to do when the eavesdropper is the ISP itself?
This is the most disturbing question raised by a new alliance among America's biggest ISPs and media giants such as Disney, Sony and Fox, which is to go into effect this month. The effort, dubbed theCenter for Copyright Information, hopes to combat the illegal downloading and sharing of movies and music by monitoring it at the source - your computer.
Until now, it was up to movie and music companies to figure out when their stuff was being illegally shared. This was a little tricky, because files aren't stored on just one user's computer. Hundreds or thousands of sharers have bits and pieces of stolen files, for downloaders to reassemble into songs or movies.
So movie companies have been searching online for copies of their own movies, identifying the locations of everyone from whom they received a bit of data. Then they contact the Internet service providers, who send letters of warning to subscribers' homes.
A number of clever workarounds, including certain kinds of encryption or the use of "proxy" servers in other countries, have helped advanced users of file-sharing software stay one step ahead of the movie companies. If a file sharer appears to be working out of New Guinea, say, the movie studio can't rely on a friendly ISP to find an illegal downloader here in the United States.
As I understand the new agreement and subsequent comments, which are about as cryptic as a copy-protected DVD, ISP's have agreed to implement a standardized "graduated response plan" through which offending users are warned, restricted and eventually cut off from the Internet for successive violations. The companies are supposed to be developing systems that keep track of all this, so that the letters and usage restrictions happen automatically. The fact that they are all agreeing to participate makes it harder for any one company to win the disgruntled customers of those who have been disciplined by another.
But now that they're free from individual blame, there's also the strong possibility that the ISPs will be doing the data monitoring directly. That's a much bigger deal. So instead of reaching out to the Internet to track down illegally flowing bits of their movies, the studios will sit back while ISP's "sniff" the packets of data coming to and from their customers' computers. While they're simply claiming to be protecting copyright holders, ISPs have a lot to gain from all this as well.
For instance, in many cases the Internet subscriber might have no knowledge of the infraction that the ISP detects. A houseguest might log onto one's home network simply to check e-mail. Because his sharing software might be running in the background (even when he's not downloading files himself) he is in effect sharing his own movie files wherever he goes. Your ISP sniffs the packets, so you are nabbed. The same is true for those of us who run "open networks" so that neighbors and others nearby can get free Internet access when they need it. (In the old days, that used to be considered polite.)
Once sharing a network connection becomes a legal liability, our already privatized access channels will become less a community resource. And the ISP's will have the pleasure of selling individual subscriptions to neighbors who used to share.
Worse, subscribers will be losing their expectation of privacy from their own service providers. While most of us aren't too worried about someone at an Internet provider seeing our messages to Aunt Sophie, businesses, law firms or hospitals who use the Internet to communicate privileged information might have more reservations.
If monitoring of data streams becomes de rigueur, what's to stop an ISP (or a particularly unscrupulous or bribable employee) from monitoring its competitors' communications? Admittedly, such scenarios are only as outlandish as the possibility that Murdoch newspapers could successfully bribe Scotland Yard.
As Internet security expert Josh Klein explained to me, "Honestly, the prohibition made more sense than this." To protect his own data, he already uses servers outside the United States, and fears other companies may soon feel the need to do the same: "The risk of losing their 'net [access] because someone accidentally streamed the wrong thing is a business prerogative significant enough to tunnel all their traffic to a country that provides sensible data privacy laws. How much long after that until the rest of the company gets off-shored?"
Whether the agreement promises to unleash such demons has yet to be seen. For the time being, though, the practice of preventing abuse by restricting peer-to-peer activity appears doomed only to escalate the arms race between consumers and their producers.
The longer term solution would be to develop an appropriate social contract: conducting ourselves online under the same civilized behavioral norms that keep us from, say, stealing stuff from one another's homes even though we could probably get away with it. It's not really that hard, and it's worth figuring out before the privilege of free interaction is taken away from us - along with any expectation of privacy.
Only by strengthening people's ability to distinguish between sharing and stealing will we be able to build a society capable of surviving our networks.