On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu



Wednesday, 28 July 2010

Trials by Virgin Media of copyright tracking CView delayed

EXCLUSIVE: Virgin Media has delayed its plans for a "full public trial" of controversial copyright-infringement monitoring technology CView.

CView is a monitoring system created by Detica, a subsidiary of the defence, security and aerospace company BAE, which uses deep packet inspection (DPI) technology that the makers claim can detect whenever certain copyrighted works, such as music, are being shared on a computer network.

Virgin Media and Detica both claim that no personal information is gathered or stored, and that the system would be used solely to monitor the extent of illegal file-sharing on their network.

A Virgin Media spokesperson told me this morning that the situation was complicated, and that Virgin Media (as with all ISPs) has to take into account the current legislatory framework as well as striking an appropriate balance between copyright holders and their customer's needs.

The spokesperson would not be drawn on the future, explaining that Virgin Media's initial decision to trial the technology stemmed from a proactive approach in fulfilling the ISP's likely obligation in the then embryonic Digital Economy Bill.  Even though the Bill passed into law in April, many aspects of the implementation are yet to be defined by Ofcom and subject parliamentary review, leaving a great deal of uncertainty for ISPs.

Jim Killock, executive director of the Open Rights Group spoke last night at an open session of the All Party Parliamentary Group on the Digital Economy to express concerns about the likely privacy impact of large-scale surveillance and evidence gathering by private organisations required to detect infringement and drive the provisions in the Digital Economy Act.  The measures required to detect and prevent infringement are seen by many as disproportionate to tackle what is in effect a minor civil offence.

The use of CView and other similar technology is hugely controversial:- privacy and rights campaigners and some academics and legal commentators argue that such systems could fall foul of one or more laws, including the Regulation of Investigatory Powers Act 2000 and the Privacy and Electronic Communications Regulations 2003.

As I've commented in previous posts, large-scale copyright infringement is a huge problem across many industries; from music to books, films and software and there are no clear answers to the basic problem that it is nearly impossible using current technologies - at least without impinging Articles 8 and 10 of the ECHR - to identify beyond reasonable doubt specific individuals responsible for the infringement.

I strongly believe mass surveillance is not the answer, but there is now strong entrenchment in all sides of this debate and it's easy to see that progress could be hampered by the hostility which is clearly visible between certain individuals in opposing camps.

But my 20-minute interview with Virgin Media this morning gave cause for optimism as the spokesperson was extremely well informed and knowledgeable about both the detailed technology and the legal and rights issues, indicating the seriousness with which such issues are now taken and perhaps acknowledging many of the concerns I and others have been raising over the last 3 years.

I was left with the strong impression that Virgin Media are working very hard to strike an appropriate balance, although I of course note that I was talking to a public relations professional whose job centres around selling a positive image!

I'm still concerned that Virgin Media and many other ISPs including British Telecom (BT) in their trial of the Phorm advertising system haven't seemed in the past to share my view that my communications data is mine and mine alone.  It's my private data, not a large resource available to be mined by the music industry and/or sold to advertisers.

But I'm encouraged when ISPs are willing to enter into discussions and attend meetings as Virgin Media and at least one other large service provider did at Westminster last night, and  I'm optimistic that open sessions will give those who work in the tech industry like myself, as well as rights campaigners and bloggers (like myself), a chance to explain the problems we see with the current legislation.

The Digital Economy Act came into existence at least partly because of the sheer simplicity of the argument by rights holders.  People were disregarding the law - and it was costing the creative industry money.

I don't dispute this argument - that online infringement has in all likelihood lead to lost revenues from sales of traditional media, but I do believe the Act is a deeply-flawed piece of legislation.

But the arguments against the Digital Economy Act are about as complicated as any legilator has to deal with.  They cover complex legal areas, including European law; the ever-evolving capabilities of internet technology as well as philosophical and moral arguments on privacy, freedom of expression and proportionality of justice.

With such a richly-textured opposing viewpoint it's little wonder that those campaigning against the Act have so far had reasonably little success persuading those who originally supported it to change their mind, leading to the inevitable frustrations expressed so succinctly online (and usually directed at key figures within the BPI and UK Music, to name two institutions).

Clearly the only way forward is for all sides to engage with each other.  And in addition I'd also like to see institutions like the BPI engaging directly with technical experts from e.g. the Open Rights Group before demanding action from MPs.

I'd also like to see the BPI - a body representing the music industry - to involve recognised technical experts when they approach institutions like the British Library, universities and colleges to offer guidance on the kind of measures which might be needed to meet these institutions' obligations under the Digital Economy Act.

@JamesFirth

5 comments:

  1. Thank you James for the heads-up on their (Virgin Media) current situation. I guess if they do decide to go ahead with this CView we should all put our spare dosh into shares of companies offering VPN like services? :)

    TTFN.

    ReplyDelete
  2. I am following this with interest and you make some very valid points which I generally agree with... this needs fair and open discussion.

    However, I am struggling to actually see what the problem is. A large ISP wants to run Deep Packet Inspection on the their network to find out what traffic there is and where it's going.... That's just good common sense, in fact I would be more upset if they didn't do this on a huge network such as theirs.

    We know the the highways agency monitor traffic usage on their roads to try and avoid bottlenecks etc, this is fine and to be expected. We know that they also do more advanced monitoring using CCTV or even people at the side of the road to categorise cars/lorries and now many people are in them. Last month I was pulled over on a local road for a census where they asked me where I was travelling too and from as well as "general information" questions such as my sex, age and the papers I read.

    We are all asking for this sort of government data to be opened up and made public and I believe that it is already possible for advertising agencies to buy this data and could use it for putting up billboards for certain demographics along a particular route. So, how is that different to what is now happening in the online world?

    ReplyDelete
  3. Hi Dan, I agree with you to some extent but when it goes beyond what is strictly needed to plan and maintain a network I feel such technology is needlessly intrusive and in some situations open to abuse.

    I'm a bit bipolar on privacy issues such as this, I often don't see the harm in an initial proposal but then what often follows is a gradual creep - "we already have the system in place to track that, so why not..."

    Incidentally I think bipolar also sums up the human race generally. Half the time we crave privacy and the rest of the time we're seeking attention. But just because we're often happy to share doesn't mean we don't also value privacy in communications.

    ReplyDelete
  4. hi dogsbody

    dogsbody said:"I am struggling to actually see what the problem is. A large ISP wants to run Deep Packet Inspection on the their network to find out what traffic there is and where it's going.... That's just good common sense, in fact I would be more upset if they didn't do this on a huge network such as theirs."


    it pretty simple really, if you are of the "view that my communications data is mine and mine alone. It's my private data" and i hope most end users do think that once its explained to them.

    and given that perspective You Must consider that data throughput to be YOUR Copyrighted and intellectual property.

    now the ISP's are placing themselves in the position of intercepting this personal data stream for their commercial profit, without paying a fee to the rights holder I.E You.

    and we all know that commercial profit from pirated data, be it raw data, or a derivative work without permission is a criminal offence, the UK laws say so.

    the traditional Shallow Packet traffic Inspection management is a totally different animal to Deep Packet Interception as your only looking at the headers in SPI not the actual data inside as DPI is doing....

    ReplyDelete
  5. Current packet inspection most certainly looks right through the packet, not just the headers, depending on what's required.

    I'd have a look at something like Procera Networks for more information on this, they have it all quite openly there.

    Poorly encrypted Bittorrent likewise is identified both through header and payload. These appliances can do it all, the only question is whether the ISP wants them to and whether or not it keeps the data.

    ReplyDelete

Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.