Today I submitted written testimony that will be included in the record of last week’s House hearings on the Berman-Coble bill.

I’ve been reading what various Washington people are saying about the Berman-Coble peer-to-peer hacking bill. Many people agree that if the bill is passed, a sort of arms race will develop between the p2p-disrupters and the p2p-developers. The disrupters will deploy a new technology to foil p2p networks; the developers will cook up a countermeasure; and the cycle will continue. The likely course of this arms race is one question that people want to consider in evaluating the effects of the Berman-Coble bill.

This is a nontrivial technical question, and most Washington folks – on both sides of the Berman-Coble issue – say that they don’t know the answer. There’s nothing wrong with that. We can’t expect people to have close at hand the answers to complex questions outside their expertise, and if you don’t know the answer to a question, it’s better to say, “I don’t know” than to pretend that you do know. So I don’t mind when people treat the answer as unknown.

What does bother me is when they treat it as unknowable, as if there were nothing anyone could do to get the answer.

The fact is that there are people who analyze situations like this for a living. Other computer security arms races, like the one between virus authors and antivirus companies, are well characterized. We know pretty precisely what the antivirus folks can and cannot expect to achieve. Nobody has a perfect crystal ball, but there is a lot we can say technically about how the Hollywood vs. p2p arms race will come out. Yet some people in Washington don’t seem too interested in finding out.

The written version of Randy Saaf’s testimony at yesterday’s Berman-Coble hearings is now available. It is longer than his oral statement and answers a key technical question.

Saaf runs a company called Media Defender (MD) that tries to disrupt p2p networks on the behalf of copyright holders. All of the speakers at the hearings agree that the steps that MD uses now are legal. The key question was this: What do MD and Hollywood want to do that would be legalized by Berman-Coble?

The only example that anybody could give was a method that Saaf (misleadingly) calls “interdiction.” He gave a vague description of it yesterday, and I wrote that it “sounds to me like a classic denial of service attack.”

Saaf’s written testimony offers more detail:

Interdiction only targets uploaders of pirated material. The way it targets them is to simply download the pirated file. MediaDefender’s computers hook up to the person using the P2P protocol being targeted and download the pirated file at a throttled down speed. MediaDefender’s computers just try to sit on the other computers’ uploading connections as long as possible, using as little bandwidth as possible to prevent others from downloading the pirated content….

Interdiction works by getting in front of potential downloaders when someone is serving pirated content using a P2P network. When MediaDefender’s computer’s see someone making a copyrighted file available for upload, our computers simply hook into that computer and download the file. The goal is not to absorb all of that user’s bandwidth but block connections to potential downloaders. If the P2P program allows ten connections and MediaDefender fills nine, we are blocking 90% of illegal uploading.

That’s a denial of service attack, folks. The attack operates not by exhausting the target’s bandwidth, but by exhausting the number of connections it can make simultaneously. Connection-exhaustion attacks are a well recognized from of denial of service; other examples of such attacks include so-called “SYN flooding.”

It appears that common p2p software limits the number of connections it will service at one time. By occupying the available connections, the “interdiction” attack prevents new connections from being made. The effect is to cut off all uploads from the attacked p2p program (but not from the rest of the computer).

Note that this blocks access to all uploads from the p2p program, including uploads of noninfringing files.

There are various simple countermeasures that the p2p vendors could – and presumably will – adopt to frustrate this attack. One thing they could do is to lift their self-imposed limit on the number of connections their program will accept. If they do this, then an “interdiction” attack would have to occupy all of the machine’s connections, thus blocking all uploads of any kind, by any program, from the machine.

Interesting legal commentary by Chris Sprigman at FindLaw, on the legal status of reverse engineering in relation to software licenses.

[link credit: FurdLog]