A Delphi question on the changing shape of Piracy

[spindlegirl]

I read an article somewhere that most file-sharing takes place off line, people swapping USB keys or microsd cards .... this is pretty much just an on-line form of the same thing, I expect.

[JoeD]

Quote:

Originally Posted by Ralph Sir Edward

Only if a key to a file is widely disseminated, would then the copyright holders be able to find out about the piracy.

There is no key to widely disseminate if they use public keys. The only way copyright holders would be able to decrypt the distributed movies/games etc would be if they or a company working for them obtain membership of the group.

If groups operate on a basis of only admitting new members if a founder vouches for them, or several existing members (which can be done anonymously via key signing), then it could be hard for copyright firms to get anyone into the groups and once they issue a few take-downs, the group would simply split and reform with a new web of trust.

However, all said and done, as mentioned in my above post, without suitable software support and even with it, groups will likely have to remain small to avoid someone getting in who shouldn't and take-downs ensuing. That may help keep piracy at existing levels or inline with in person sharing.

I don't see it causing any more harm than existing piracy methods do.

[Elfwreck]

Quote:

Originally Posted by Ralph Sir Edward

What I am asking is - With a easy-to-use (and cheap) combination of cloud storage and strong encryption, it would make it virtually impossible for for copyright holders to be able to know even if their copyright is being violated, on a small scale.

If this were the *first* cloud storage being offered, or if it grows quickly to dominate the industry, it could cause a shift in how filesharing is most commonly done, with the result of media companies getting even more hysterical about it. However, unless this cloud integrates smoothly with both Facebook and Twitter, it's going to be yet-another-obscure-techie-thing and most people who share files will continue doing what they do now: emailing each other attachments, uploading large things to MegaSuperWhatever, and handing USB drives around the office. Some of them will torrent--but the majority of people involved in small-scale sharing have no idea how to operate torrents.

If it's more complicated than Dropbox, it's not going to be a game-changer. If it's *as* complicated as Dropbox, it's not going to be a game-changer; people will wonder why they should bother signing up for yet another service and learn yet another interface.

The hacker types have always known how to exchange data, in amounts large or small, and stay under the radar. Bringing that ability a bit closer to the surface won't change their activities nor filesharing levels. It's only when filesharing gets easy and popular among the non-techie public that real change happens, and that depends on the technical details and costs of the service.

[murraypaul]

Quote:

Originally Posted by Ralph Sir Edward

What I am asking is - With a easy-to-use (and cheap) combination of cloud storage and strong encryption, it would make it virtually impossible for for copyright holders to be able to know even if their copyright is being violated, on a small scale.

Only if a key to a file is widely disseminated, would then the copyright holders be able to find out about the piracy.

Today, things like search engines allow millions people to find out about the availability of I.P., and be able to access it. This includes the pirates and the copyright holders both. Under the system coming into place, nobody other than the people with the decryption key would even know what a file is and what's in it.

This, to me, seems to be a game-changer. It's not that it couldn't be done before, but if there is simple, one stop shopping (so to speak), it will be as if the sneakernet just went online....

Sounds pretty similar to private BitTorrent trackers.

[6charlong]

I don't think it would work but I'm sure the plan is illegal if only because it would not work unless they removed DRM before uploading. No new laws needed.

The second problem is that it would garner way too much unwanted attention. It makes a perfect way to publish bomb making instructions or other criminal activities. Police, anti-terrorist and state intelligence agencies would demand access to a list of all users on the system, their point of origin etc.. Sooner or later a court order would be issued to grant access to someone claiming infringement.

[Darqref]

From what I've read of the original proposal, the whole point of the service is for the service to use an encryption that they themselves cannot break - therefore cannot provide the content to authorities even if provided with a search warrant, since they won't hold the decryption key. While the user may control the resulting decryption keys, I don't believe they can specify the ENcryption key, which makes it hard to specify someone else's public key at the start of the cycle.

Unless there's an encryption within another encryption, with the whole private/public keys on the inside of whatever other encryption the service uses, but you're still left with a specific key for the file which must be distributed to allow someone else to use the file.

While I won't say it's impossible, I think this particular service won't easily enable the public/private key groups discussed above. It WILL enable the service to be strict about take-down notice requirements.

[Jhonmik]

Hello everyone I am new here please guide me how I go ahead.Thanks

[Greg Anos]

Quote:

Originally Posted by Darqref

From what I've read of the original proposal, the whole point of the service is for the service to use an encryption that they themselves cannot break - therefore cannot provide the content to authorities even if provided with a search warrant, since they won't hold the decryption key. While the user may control the resulting decryption keys, I don't believe they can specify the ENcryption key, which makes it hard to specify someone else's public key at the start of the cycle.

Unless there's an encryption within another encryption, with the whole private/public keys on the inside of whatever other encryption the service uses, but you're still left with a specific key for the file which must be distributed to allow someone else to use the file.

While I won't say it's impossible, I think this particular service won't easily enable the public/private key groups discussed above. It WILL enable the service to be strict about take-down notice requirements.

That's my point. If someone posts an 8 GB file labeled "My Hawaii Vacation in HD" and it is heavily encrypted, how will anybody the uploader hasn't authorized know whats in the file? It could be the latest movie in the Cinema, or an 8 GB library. Or who knows what?

If it is so simple all you do is punch the upload button and save the returning key file, I think this will remove the "risk" from small scale piracy over the internet, increasing the reach (in space, if not in quantity) of the "pass the USB file" type of piracy.

But I could be wrong.

[JoeD]

Quote:

Originally Posted by Darqref

From what I've read of the original proposal, the whole point of the service is for the service to use an encryption that they themselves cannot break - therefore cannot provide the content to authorities even if provided with a search warrant, since they won't hold the decryption key. While the user may control the resulting decryption keys, I don't believe they can specify the ENcryption key, which makes it hard to specify someone else's public key at the start of the cycle.

It's possible they could just be enabling strong symetric encryption to be used. They themselves would not know the pass or key used to encrypt the file and can't decode it. However, that would really be little different to anyone encrypting a file today, uploading to dropbox or any other file locker and then sending the password out to the group (or using a pre-arranged password)

Quote:

Unless there's an encryption within another encryption, with the whole private/public keys on the inside of whatever other encryption the service uses, but you're still left with a specific key for the file which must be distributed to allow someone else to use the file.

I'm not sure how much you know about pub/priv key encryption, but since many on here may not be familiar with it, even if you are, I'll post a bit more detail anyway.

In short, even if the host is aware of the public keys for every one of their users, they still could not decrypt/determine what any given file on their service is.

I'm not sure about the details of this particular service, I don't know who it is that's come up with the idea, so if anyone wishes to provide a link to any technical information (assuming any exists) I'll give it a read.

That said, usually with public key encryption each user generates a private key/public key pair. They keep the private key private and distribute the public key to any/all who may want to send them an encrypted email/file/data.

The file itself is encrypted with a randomly created password that's just for that file and the file can only be decrypted if you know that random password, which obviously nobody can know as it's random (symmetric encryption)

So, the person who does the encryption of the file, also encrypts the random password using the public keys of each person they want to allow to decrypt it. Once public keys have been obtained by whoever needs to upload a file (a one time process), there's nothing that needs distributing other than the encrypted file and future files to the internet as a whole. Only those people who's public keys were used to encrypt the random password have any real hope of ever knowing the contents of the file.

In the case of a cloud service, that would mean encrypted files could be uploaded to it and stored without the host been able to know what the contents are nor know that another 50 files on their service are also the same movie.

This is all something that could be done with existing cloud services or even p2p, however, in all cases the issue is the complexity involved. The problem the service faces is making the process of getting the public keys from other internet users whom you wish to allow to decrypt the file, without making the mistake of admitting someone who enforced copyright infringement into the group.

If the software provides any way to do that in a trivial manner, then from that moment on, there's little copyright holders can do, as they'll have no way of knowing if one file or another is the latest hit album or movie or just random bytes of junk.

Quote:

While I won't say it's impossible, I think this particular service won't easily enable the public/private key groups discussed above. It WILL enable the service to be strict about take-down notice requirements.

As mentioned above, I'm not aware of the specifics of the service, I'd appreciate a link to any relevant technical info though, then I can revise my assumptions on how it could work.

For the service to be any different to what is currently possible, they'd need to make the distribution of public keys to others trivial. Everything beyond that could be largely made transparent to the end users.

[JoeD]

Quote:

Originally Posted by Ralph Sir Edward

That's my point. If someone posts an 8 GB file labeled "My Hawaii Vacation in HD" and it is heavily encrypted, how will anybody the uploader hasn't authorized know whats in the file? It could be the latest movie in the Cinema, or an 8 GB library. Or who knows what?

If done correctly, they wouldn't be able to.

Quote:

If it is so simple all you do is punch the upload button and save the returning key file, I think this will remove the "risk" from small scale piracy over the internet, increasing the reach (in space, if not in quantity) of the "pass the USB file" type of piracy.

But I could be wrong.

I think you're spot on.

Whether the service returns a key that the user then has to find a way to distribute to all the people they want to allow to decode the file, or whether it uses a public key encryption which can avoid that step, I'm not sure. Either way, the host won't know what the file is unless someone provides them with a decryption key. Only then could they decode the file and know it matches files they've got take-down requests for.

[Format C:]

Quote:

Originally Posted by fjtorres

That is pretty much how software piracy started: back in the early 80's pirate sites were dial-up bulletin boards accessible only by those who got the phone number and password from the operator and/or an existing member. You had to know somebody who knew somebody.
And the "price" of download rights was uploads, usually measured in bytes worth of content.

I did my first illicit donwload in 1984, recording on a tape a Commodore64 game which was transmitted as a modulated whistle by an FM radio station...

can you think a broader pre-internet piracy casting?

[crich70]

Quote:

Originally Posted by JoeD

Exactly.

The only change cloud based/encryption may make, is that the scale of small may be able to grow a little larger.

For example, 5 people send their public keys to an uploader they trust. From then on any new addition to the group only occurs if one of the existing members wants to admit a friend. This could be done by anonymously posting a signed copy of their friends key encrypted using the uploaders private key. The uploader will never know who the new friend is and the new friend will never know who the uploader is (only the original trusted 5 know), however the uploader knows one of the existing core 5 (or several other existing members trust this new member) and starts including their public key in future releases.

It's a piracy spin on the web of trust.

At some point the group may grow too large and a member of a company enforcing copyright manages to be admitted. They can then decrypt all the latest posts and issue take down requests. However, if the group doesn't grow too big, that's less likely to happen and it will only impact that groups releases.

If any members in that group are taking the downloads and re-encrypting them to distribute to another group they're a member of, then a takedown might only impact a handful of people at a time.

However, for this to work on a large scale and replace torrents etc it will need software that makes the process trivial. That could be the weak point if the software is deemed to only be used for copyright infringement (e.g napster) it may be easier to restrict access to that, although that may be easier said than done.

Either way, I don't think it will be any better or worse than the current situation.

Sounds a bit like how they say terrorist cells work as well. One person knows who the top five people are say and they in turn each know a few names and someone in those groups knows a few names and so on. The idea being that as no one knows the whole list of who is who in the group no one person can be forced to reveal the whole group to the authorities. Of course most governments have procedures I imagine that they follow to track down who is who. That said I imagine it's not always easy to track down who uploaded what file to where. I mean say you upload a file to a given server and someone downloads it then uploads it to a different server where a third person finds it and does the same and so forth. It's got to be a real headache tracking the file to its original source I would imagine. And that's without someone renaming it to hide what it is and encrypting it besides. It sounds like a real headache waiting to happen.

[Billi]

Quote:

Originally Posted by Ralph Sir Edward

Now, one of the most (in)famous names in the pirate world is going to set up a world wide Cloud storage with automatic, inherent, strong encryption on the upload.

Are you talking about the latest project Mega by Megaupload-founder Tim Schmitz/Dotcom?

[JoeD]

Quote:

Originally Posted by Billi

Are you talking about the latest project Mega by Megaupload-founder Tim Schmitz/Dotcom?

Had a quick google based on this and it does sound like that's the service we've been discussing.

Not really any details about how it works, other than it'll be usable in a browser and I presume do encryption client side prior to upload. It may be as an earlier poster mentioned, only going as far as doing the encryption and leaving it up to the users how they inform others of the key/file.

Have to wait and see when it goes live or they release some technical details.

[fjtorres]

Quote:

Originally Posted by Format C:

I did my first illicit donwload in 1984, recording on a tape a Commodore64 game which was transmitted as a modulated whistle by an FM radio station...

can you think a broader pre-internet piracy casting?

That is a new one to me.
I knew about tape to tape copying using dual cassette decks but pirate-casting? Interesting...
(Closest I got to that was recording a PBS rock concert simulcast on FM in the pre-stereoTV era.)
Sounds like a neat trick for a spy story or a steampunk conspiracy...