June 24, 2024

Inside Clouseau's Brain: Dissecting SafeMedia's Outlandish Technical Claims

I wrote in April about the over-the-top marketing claims of the “anti-piracy” company SafeMedia. (See Is SafeMedia a Parody?) The company’s marketing materials claim that its comically named product, “Clouseau,” can do what is provably impossible. Having both a professional and personal interest in how such claims come to be made, I wanted to learn more about how Clouseau actually worked. But the company, unsurprisingly, did not provide that information.

Now we have two more clues. First, SafeMedia founder Safwat Fahmy was actually invited to testify before a congressional hearing, where he provided written testimony. Second, I got hold of a white paper that SafeMedia salespeople are giving to prospective customers. Both documents give some technical information about Clouseau.

[CORRECTION (June 26): Mr. Fahmy was not actually invited to testify, and he did not appear before the committee, according to the committee’s own web site about the hearing. All he did was submit written testimony, which absolutely anyone is allowed to do. I was misled by a SafeMedia press release. I should have known better than to rely on those guys.]

The documents contradict each other in several ways. For example, Mr. Fahmy’s testimony says that Clouseau “detects and prohibits illegal P2P traffic while allowing the passage of legal P2P such as BitTorrent” (page 5). But the white paper says that BitTorrent is illegal and was blocked every time by Clouseau in their tests (page 6 and Appendix A).

Similarly, the white paper says, “In a series of tests conducted by us, Clouseau did not block any normal packets including web HTTP(S) and VPN (ipSec and PPTP).” (page 5) (HTTPS and VPN protocols are standard ways of using encryption to hide the content of communications.) But Mr. Fahmy’s congressional testimony says that “Clouseau is fully effective at forensically discriminating between legal and illegal P2P traffic with no false positives … whether encrypted or not” (page 7) which implies that it must block some HTTPS and VPN traffic.

One thing the documents seem to agree on is that Clouseau operates by trying to detect and block certain protocols, rather than looking at the material being transmitted. That is, it doesn’t look for infringing content but instead declares certain protocols to be illegitimate and then tries to block them. Which is a problematic design because many protocols are used for both infringing and noninfringing purposes. Some protocols, like BitTorrent see lots of noninfringing use and lots of infringing use. So Clouseau will get many cases wrong, whether it blocks BitTorrent or not – a problem the company apparently gets around by claiming to block BitTorrent and claiming not to block it.

How does the company square its protocol-blocking design with its claim to block illegal content with complete accuracy? Apparently they just redefine the term “illegal” to be co-extensive with the set of things their product blocks. In other words, the company’s legal claims seem to be just as implausible as its technical claims.

[UPDATE (Oct. 5, 2007): I hear rumors that SafeMedia is telling people that they offered me or my group access to a Clouseau device to study, but we refused. For the record, this is false.]


  1. Hey Junk Media,

    Why do you say the owner is a con artist and bouncing paychecks?

    That was a very interesting remark.

  2. The company is going under anyways.
    The owner is a con artist and bouncing paychecks!
    All the P2P networks have to do is email a server login in and tone down there signatures in the TCP packet and clouseau is done!

    The gizmo works for now on most but WASTE is a perfect example of the type of changes needed to go right past this gizmo!

  3. sounds like the LockDown software that was a scam. see Steve Little’s battle with the company on his pchelp site. he was sued over comments he made after reviewing the software.

  4. It does. Gnutella’s actual file transfers use HTTP, although the search/indexing protocol is separate.

    Of course, one evil thing they could do is block HTTP inbound to port 80 of a home user’s machine and block HTTP outbound to ports other than 80. The majority of web traffic is unimpeded, but their customers then have to be good little consumers and not usurp the privileged few who are permitted to produce and distribute. Then things are nice and regimented with everyone knowing their place again like back in the pre-internet days of broadcast radio and television and other read-only media, with the media controlled by the few again.


    All of this (and protocol obfuscation ala Azureus) is really fighting a symptom. What’s needed is net neutrality — no, what’s needed is for internet providers to have to provide a pipe with no strings attached (save the bill and speed and volume caps), and then pay no attention to what bits are being sent through that pipe. (Hosting providers and the like would have some responsibilities, such as responding to takedown requests; an ISP providing a pipe and hosting would have to treat the hosting stuff as hosting and not obstruct the pipe, except in content- and protocol-agnostic ways such as speed limiting it.)

  5. I guess it’s time for a P2P client that uses the HTTP protocol. That way providers could either block HTTP, and the whole web, or not block it. Or they would have to do packet inspection (and the definition which packets are ‘illegal’). Why doesn’t such a protocol exists yet?

  6. Well, it is quite clear that they will lie about the fact that their product blocks legal p2p traffic, in order to get their product installed.

    There are, I presume some laws about fraudulent testimony before Congress, and given this information, those who lied to Congress should be prosecuted.

    If those who lied are not prosecuted, it means that we do not live in a rules based society, and that justifies direct actions against the fascists.

  7. Brad Dickinson says

    I suppose Army of Martyrs will be the next to testify before Congress:

  8. Er, you seem to have been hacked. There is a long list of ED links at the bottom of this page.

    Are you on Dreamhost? http://mezzoblue.com/archives/2007/06/05/unsettling/

  9. i don’t follow the implication that clouseau must block https/vpn traffic — are there p2p protocols that run over https or vpn?

  10. Benny: the link was fixed, it seems; it works for me as well now.

  11. I don’t see an Appendix B on the whitepaper.

    [Sorry, that should have said Appendix A. It’s fixed now. — Ed]

  12. Link works fine for me.

  13. The “white paper” link seems to be empty…