P2P Data Not Private, But It Could Be

Frequent correspondent Bennett Haselton writes with a forward-looking response to a recent ruling that peer-to-peer network participants have little privacy interest in files stored on their computer and that they have made available via P2P. Writes Bennett: "A court rules that law enforcement did not improperly 'search' defendants' computers by downloading files that the computers were sharing via P2P software. This seems like a reasonable ruling, but such cases may become rare if P2P software evolves to the point where all downloads are routed anonymously through other users' computers." Read on for the rest.

The police had used an automated P2P search tool to find evidence that child pornography was being shared from the defendants' computers, and then used that evidence to obtain probable cause warrants for searching their computers (where they subsequently found child porn being stored, and the defendants were charged accordingly). Last Friday, District Court Judge Christina Reiss ruled that the P2P search tool did not violate the defendants' 4th Amendment rights against unreasonable search, as they had argued.

I'm all for strong privacy rights and the right to exclude evidence at trial that was gathered improperly, but it's hard to see how the defendants thought they had a leg to stand on here. When you share a file on a P2P network where other users can download directly from your computer, by definition you are advertising that you have that file. Now, some of the time you might be sharing that file not out of the goodness of your heart, but because you're required to share the file in order to earn "credits" that you can use to continue your own downloads (BitTorrent requires sharing for this reason). But even then, you would still know that you were sharing the file (unless you really never realized how file sharing software works, but since it's actually called "file sharing software", that's kind of on you).

However, as I wrote in January, there's no reason why popular P2P programs couldn't re-route each download through a different user's connection, so that if you were downloading a file from another computer's IP address, you would never know if the file resided on that computer's hard drive. Obviously I'm not endorsing the use of such software by creeps like the ones who were arrested; I'm saying that regardless of how we feel about it, it's inevitable that proxified re-routed connections will become the de facto standard for P2P file sharing, if the following conditions remain true:

• It remains legal to run the software at all. This seems like a reasonable assumption in a mostly-free country like the U.S., where although piracy is illegal, file-sharing programs like BitTorrent are still legal even if they are frequently used for piracy.

• A user cannot be held liable for unknowingly forwarding data packets on behalf of someone else, even if the data packets comprise an illegal file (whether it's child pornography or a pirated movie).

• Bandwidth continues to get faster and cheaper. Today, if you download a 100-megabyte file by routing your download through three other users' computers, it will usually be much slower and more inconvenient than if you'd downloaded the file directly. In a few years, you won't notice the difference.

• If the police raid a suspect's house and seize their computer, if they see that the computer has an encrypted partition, the suspect can invoke their Fifth Amendment right to refuse to give the police the decryption password. You know how I feel about that, but the latest rulings on the question seem to affirm that you can refuse to decrypt your hard drive for law enforcement. So a good P2P client for "illicit" file trading would come with built-in support for an encrypted hard drive partition, where all saved files would be stored. (The software would probably come with a "kill switch" that you could use to instantly dismount your encrypted partition if you heard a knock on your door, and a five-minute inactivity timeout after which the drive would dismount automatically.)

In that previous article, I described a protocol in which any time a P2P user X (the "downloader") downloaded a file from another P2P user Y (the "sharer"), the connection would be routed through the computer of at least one "go-between" user Z (and possibly a chain of users Z1, Z2,... Zn). Each of the go-betweens simply downloads bytes from the next computer "up" the chain and sends those bytes on to the next computer "down" the chain, and none of the go-betweens know how far the chain extends in either direction. Because of the design of the protocol, from the point of view of any of the go-betweens, there is only a 40% chance that the computer they're downloading from, is the original "sharer." (See the January article for details on how this would be achieved.)

Now, does the analysis change if your adversary is the FBI looking for child pornographers, rather than the MPAA looking for movie pirates? Here are the variables that I think matter:

• The standard of proof to punish you is higher. In a civil lawsuit, the MPAA would only have to prove their case against you by a "preponderance of the evidence" (i.e. greater than 50%); to obtain a criminal conviction, the court would have to prove your guilt "beyond a reasonable doubt." However in both cases, if all that the court knows is that the defendant's computer was identified as passing along bits and bytes of an illegal file, and the court understands that there's only a 40% chance that the computer owner actually possessed the illegal file, then this falls below the standard of proof in both cases. (Of course, this is contingent on no other evidence turning up to implicate you. If the police raid your house and find child pornography printouts lying around your desk, then so much for the "40% chance of guilt" figure.)

• In a civil trial, the defendant can be called to the stand and made to answer questions (unlike a criminal trial, where the defendant can refuse to testify under the Fifth Amendment). So even if the MPAA's lawyer knew there was only a 40% chance that they had sued the right defendant, they could ask the defendant under oath, "Did you download this movie?" (Or they could sue 10 defendants at once, and argue, correctly, that on average about 4 of those defendants were probably guilty.) The defendant could invoke their Fifth Amendment rights and refuse to answer, however, in a civil trial, the court is free to consider this refusal to be evidence weighing in favor of the defendant's guilt. In theory, a defendant could simply say "No," and there would be no way to prove they were lying. In practice, the MPAA's lawyer might try to intimidate a defendant into confessing, telling them that the worst that can happen to them if they confess is just a monetary judgment, but if they lie under oath they could go to jail, etc.

• The punishment for getting caught for possession of child pornography is much more severe. I'm not sure if this changes the analysis though. It's not a case of "a 40% chance of losing a lawsuit vs. a 40% chance of going to jail." If the court in both cases can never establish your guilt with a probability of more than 40%, then since that's not enough to get a criminal conviction or a civil judgment, you actually have a 0% chance of losing in either case, provided you don't make any other errors (leaving illegal printouts by your computer), and provided the court actually understands that the "evidence" only establishes about a 40% chance of your guilt.

• The cost of being accused of possessing child pornography is much higher, even if you ultimately win in court. If the MPAA sues you for downloading a pirated movie (even if they know there's only a 40% chance they've got the right person), that would probably just increase your street cred among your friends. If you're a middle-aged computer nerd accused of downloading child pornography, not so much. Even if you're ultimately acquitted, your reputation will probably be ruined.

This last point suggests the only "attack" that I can think of that law enforcement could use successfully against this protocol. The police know in advance that if they arrest someone for transmitting an illegal file from their IP address, and if the defendant refuses to testify and the defendant's hard drive is encrypted, the state won't be able to get a conviction since there's only a 40% chance that the defendant was actually in possession of the file. However, if the defendant's life will be ruined by going to trial anyway, law enforcement could use this as a bludgeon to scare people away from even running the P2P protocol. Saying, in essence, "We're going to go out and do searches for illegal files to download, and we will file charges against any person whose IP address re-transmits an illegal file to us. Even though we know we won't be able to get a conviction, we'll ruin the lives of anyone we can identify in this way, so that's the risk that you're taking by installing this software, even if you yourself don't do anything illegal."

Whether this attack would be effective, depends on whether the courts would tolerate these kinds of "intimidation" prosecutions, where the law enforcement knows going in that they can never establish more than a 40% chance of the defendant's guilt (and hence no chance of conviction unless the defendant "cracks"), but they press charges anyway. I would call that an abuse of state power, and say that any prosecutor who knowingly pursues a losing case should be fired and compensation should be paid to the victim, but the courts might not see it that way, especially if the prosecutor finds a way to work the phrase "child porn" into every sentence.

Pretty nice long article

[Anonymous Coward]

We know you hate freedom and anonymity Bennet Assholeton. You are an expert in exactly 0 fields. Shut up and go away.

Re:

[Fwipp]

I like to picture him as Benny Hasselhoff, David's slightly deranged uncle who keeps somehow finding out about and showing up at family holidays.

Re:

[Anonymous Coward]

Yeah, that's right, let's compare copyright infrigement and school shootings, the differences are marginal. And if you look at it, there are much less victims of school shootings than of copyright infrigement.

Re:

[Impy the Impiuos Imp]

The Internet already transfers illegal stuff, and everyone, including ISP owners, knows it. Yet they are safe because it is not their responsibility to do packet inspection. Indeed, it may (and should) be illegal for spying reasons. So there is some safe harbor stuff going on already.

People have the right, in the US anyway, to encrypt stuff as part of free speech. Outlawing a highly-protected thing like speech because it can be used illegally, which also squashes legal use, tends to fall on deaf ears at

Re:

[lgw]

If you're discussing privacy and P2P, and don't mention Freenet, you're doing it wrong. While Freenet suffers from the network effect (nothing there because people don't use it a vice versa), if privacy should become paramount, Freenet is there waiting. Everything encrypted everywhere, and extremely good assurance of anonymity on upload as long as you don't signal the importance of a given upload until it's done. It's probably the best platform going for leaking stuff the government would be unhappy abou

Re:

[Jane Q. Public]

Not JUST Freenet.

Probably of even more relevance are OneSwarm, and BitTorrent Sync, which both use the BitTorrent protocol and already route data anonymously. (Definitely for OneSwarm, and I am pretty sure BitTorrent Sync does too.)

I could be wrong, but I thought Freenet used a different protocol.

Re:

[lgw]

Freenet is it's own thing. It's a P2P system where everything is encrypted, and you provably have no knowledge of what your box is sharing, so it's a somewhat different P2P architecture.

It's also had a decade of serious crypto review. Though, realistically, if you're just hiding from the MPAA some BT hack that "looks secure to me" is likely all you need, since it makes you no longer the low hanging fruit - but then so does a VPN to somewhere sane.

Re:

[Jane Q. Public]

Freenet is it's own thing. It's a P2P system where everything is encrypted, and you provably have no knowledge of what your box is sharing, so it's a somewhat different P2P architecture.

It's also had a decade of serious crypto review.

OneSwarm is also completely encrypted. It uses the BitTorrent protocol, but it's nothing like BitTorrent downloading. Content is distributed, encrypted, throughout the network.

According to the designers at University of Washington, it is not even theoretically possible to tell what network nodes are storing any given piece of data, much less which one(s) are sending it to you.

While OneSwarm hasn't been around for quite a decade yet, it's still got some years under its belt and the creators have a good

Re:

[lgw]

Same idea as Freenet then. Has OneSwarm had at least some public review and papers on attacks published at conferences? What the creators say about crypto-anything doesn't signify, of course, but if the crypto-geeks have been beating on it then that's pretty cool.

Re:

[Jane Q. Public]

Well, the authors have published papers and given speeches at conferences. I don't know if anyone else has written about it.

http://www.oneswarm.org/about.html [oneswarm.org]

Re:

[Pichu0102]

There's a nice program out there called Retroshare that is essentially DC++ with friend to friend encrypted connections, along with a slew of other features. Two people share their PGP public keys with each other, connect, and choose what files they want to share, and with who they want to share them. It's very nice, but not many people I know use it.

Re:

[mlts]

We have encountered exactly this situation with TOR. TOR is quite cool to use, but there is a big difference between using it versus running an exit node.

It would be the same with a P2P program. If a couple nodes are brutally made examples of with criminal/civil actions due to other people's stuff coming out, said program will end up completely disused.

Re:

[fluffythedestroyer]

unless it's different with ISP but a computer received that IP from the dhcp pool, so to the ISP's view, it belongs to the ISP and not the person since the ISP pays for the IP address and they "lend" that "service" to their customers. If the MPAA says anything different, then they need a cisco network course to be honest. What I just said is just simple logic and anyone with an ounce of knowledge in networks will probably say I'm at least right (or half right cause /. loves to argue lol).

Re:

[znrt]

the purpose of all this drama is to scare off the end user. with isps that's one totally different relationship, no crowd control involved whatsoever, just business.

Re:

[bws111]

Show us the exact case(s) where someone has been convicted solely on the basis of IP address and no other evidence at all.

Re:

[bennetthaselton]

You wouldn't need to get a conviction based on an IP address. All you'd need would be to get a warrant to arrest the computer owner and search their computer. At that point their life may as well be ruined anyway even prior to the conviction (as is probably the case with Jeffrey Feldman), and if they find incriminating evidence on your computer, you'll be convicted as well.

The protocol I'm describing, would mitigate that, since law enforcement would lack probable cause to think that you *possessed* a fil

Re:

[devman]

Which they wouldn't know until after they confiscate your gear and otherwise walk all over your life. No thanks.

Utter and Complete Bullshit

[MarkvW]

The 4th Amendment protects people, but it also has a place protection component. The Supreme Court has been explicit about this.

If you enter into my home or place of business without a warrant (or exigent circumstances) and fiddle bits on my computer, then you are violating the Constitution.

If you buy the Court's reasoning, then the feds could move data (stored by me on behalf of another) from one hard drive of mine to another without a warrant.

Re:

[Ravaldy]

They don't need a warrant if the information is publicly available.

Re:

[theripper]

The state doesn't need a warrant or exigent circumstances to enter your home or place of business if you invite them in, which is what you do when you offer files on p2p networks.

Re:

[theripper]

If thats true then leaving your wireless network open also means your inviting people to use it and thus users of your network can't be charged with hacking.

And you shouldn't be charged with hacking, just like you aren't charged with grand theft auto if you take an ulocked car that had keys in the ignition.

A user of a file sharing program may not have the intend to share his files.

That is not how peer to peer software works, for the most part. The onus is on the user to not share things they don't want to share, anything that's shared is shared to the whole world, government agents included.

I agree with the content of your second paragraph.

Re:

[Jane Q. Public]

And you shouldn't be charged with hacking, just like you aren't charged with grand theft auto if you take an ulocked car that had keys in the ignition.

You might be charged with hacking, but you wouldn't be convicted by an honest court. Federal law (in fact just about the only decent provision of the DMCA) gives safe harbor to those who "offer internet services" but are not themselves involved in the illegal activity in question.

The law doesn't specify that only certain classes are protected, like corporations or ISPs. Everybody enjoys protection under this law. Otherwise, you wouldn't have hotspots in coffee shops. They'd all be too afraid of liability

Re:

[devman]

The resulting investigation itself would be enough of a deterrent. Having your equipment seized for examination and possibly interrogated yourself is one hell of an inconvenience, not to mention paying a lawyer. Even if you do end up being let go, it will still cost you time and money, and lots of both.

Re:

[bws111]

Actually, what the courts have been explicit about is the concept of reasonable expectation of privacy. Both of those bold words are important. If you have papers kept in a desk drawer in your house, then it is reasonable to expect those papers to be private. 4th amendment applies and a warrant is needed to get those papers. If, on the other hand, you keep those same papers in a desk drawer in your office, then you may not have a reasonable expectation that they are private because others (ie your emplo

Re:

[complete loony]

If I connect to a web server and request a html page, using the published HTTP standard, without any tricks to bypass user authentication. And the server obligingly gives me the content I asked for, have I invaded the privacy of the server? Have I trespassed?

Of course not.

How is using an established P2P standard to request content from your home PC any different?

Already exists

[stewsters]

However, as I wrote in January, there's no reason why popular P2P programs couldn't re-route each download through a different user's connection, so that if you were downloading a file from another computer's IP address, you would never know if the file resided on that computer's hard drive.

You could build a network if you have friends using retroshare. Or you could torrent over i2p like the cool kids. I think i responded similarly last time this guy posted.

Re:

[ultranova]

Or you could just use Freenet [freenetproject.org]. It's slow, but it's specifically designed for anonymous, censorship-resistant file sharing, and since every node stores file chunks, every node will help the network even if run by a sick weirdo who's only interested in discussing the philosophy of ethics on Frost [sourceforge.net].

Re:

[ultranova]

Another solicitor for Freenet. This is a major kiddie porn network. They are always looking for more disk space.

We can take for given that any anonymous, censorship-resistant network will contain objectionable material of any imaginable kind. That is unavoidable; you cannot design a computer algorithm that protects good content from being censored by bad people yet lets good people censor bad content. Not even a fully sapient AI could do this, since it might simply disagree with you on what is or is not ba

Please.

[TrumpetPower!]

Please stop giving air to this ignorant blowhard.

Just stop.

Now.

KTHXBAI

b&

Apples and Bananas

[s.petry]

I'm really not sure why all this crap is being stung together. I can already establish a tunnel between my computer and another computer, so P2P networks can already be "secured" in a reasonable way for reasonable use. If the police tried to break into that line, it's called wire tapping. If they have no warrant, evidence gathered is mutable to not admissible (depending on jurisdiction and crimes).

In the case of the pr0n operators, they were not just sharing files between sick friends. They were adverti

Re:

[Burz]

1) The 'who' and 'when' of the data exchanges is still being watched, and you might be surprised how much of that can be used as justification under the slippery legal concept of "probable cause". Yes, you may well be innocent anyway, but that doesn't prevent them from using the system over and over again to harass you.

2) They've already established a trend of admitting evidence that would normally require a warrant. [nytimes.com]

3) P2P carries more than just entertainment or files broadcast as available to everyone, and

Re:

[s.petry]

I get what you are stating, perhaps I didn't do a good enough job explaining why I have a problem with TFA. The presumption that you should be able to have publicly available data be private is a contradiction.

It's kind of like claiming I want a public web site to be private access. The two things are both possible, but you don't get both at the same time (I realize this is a simple scenario, making it abstract does not change the point).

P2P takes numerous forms. TFA covers an incident with only one of t

child porn in every sentence.

[rewindustry]

as you promised. admit i only scanned your article...

i think i smell a wumpus.

I2P (P2P re-routing) is already here

[Burz]

But its used for a lot more than just bittorrent. [geti2p.net] Its a network anonymity layer (a bit like Tor) with the important difference that everyone re-routes traffic by default and so creates the expectation of bandwidth-sharing... Nodes which don't share bandwidth might experience problems getting their own traffic forwarded.

So the task of routing packets is itself carved up among participating nodes in a decentralized P2P fashion. This has four really good side effects:

1) One's own traffic gets mixed-in with a lot of other encrypted packets

2) A much greater degree of decentralization than Tor making the network more resistant to attack

3) Nodes are more likely to behave and cooperate, as many sorts of attacks will show up as leeching

4) The flexibility to handle many different types of applications, even torrents, without staggering under the load.

I'd say that what I2P lacks is a nice user interface; Its currently stuck in a clunky 2000-ish web interface. Most of us would love to see someone with UI design skill get involved.

Oh Christ.

[korbulon]

This guy again? He's like that over-friendly, know-it-all co-worker from your dad's office who would come to your parents' Christmas party and try to show off his worldliness (in spite of his role as a custodial engineer, just so you know) but in the end made you feel uncomfortable and socially awkward even though you were only six.

GNUnet

[SinaSa]

Try out GNUnet, it's pretty much exactly the architecture the author describes.