1. Copyright 2005 1 P2P Technology and Its Legal and Policy Implications Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor at U.N.S.W., A.N.U., Uni. of Hong Kong http://www.anu.edu.au/people/Roger.Clarke/....../II/P2P-LegPol-0507 {.html,.ppt} Baker & McKenzie Cyberspace Law & Policy Centre U.N.S.W., 27 July 2005

2. Copyright 2005 2 P2P Technology and Its Legal and Policy Implications Themes Where It Came From; and What It Is How Its Different What It Can Be Used For What It Is Used For Its Implications Copyright-Owner Adaptation

3. Copyright 2005 3 Star Topology / Master-Slave Architecture 1950s Onwards

4. Copyright 2005 4 The ARPANets Peer-to-Peer Topology 1969 Onwards Multi-Organisational

5. Copyright 2005 5 Client-Server Architecture 1980s Onwards Intra-Organisational

6. Copyright 2005 6 Client-Server Architecture mid-1980s Onwards, esp. mid-1990s Onwards Internet-Mediated

7. Copyright 2005 7 Key Developments Since the Mid- 1990s Workstation Capacity (now rivals Hosts) Workstation Diversity desktops, laptops, handhelds, smartcards,... phones, PDAs, cameras,... fridges, carburettors,... RFID tags,... Broadband Connectivity (now widespread) This enables dispersion and replication of devices capable of providing services Wireless Connectivity (rapidly increasing) This enables Mobility which means Devices change networks which means their IP-addresses change

8. Copyright 2005 8 Wireless Comms Using Electromagnetic Radiation Wide Area Networks – Satellite (Geosynch, Low) GS is Large footprint, very high latency (c. 2 secs) Wide Area Networks – Cellular (to 20km per cell) 1 – Analogue Cellular, e.g. AMPS, TACS 2 – Digital Cellular, e.g. GSM, CDMA 3 – 3G, e.g. GSM/GPRS and W-CDMA Wide Area Networks – WiMax, IEEE 802.16 Local Area Networks – WiFi (10-100 m radius) e.g. IEEE 802.11x esp. 11b,g / Apple Airport Personal Area Networks (1-10 metres) e.g. Bluetooth (or beamed infra-red)

9. Copyright 2005 9 P2P – The Motivation P2P is class of applications that take advantage of resources (storage, processing capacity, content, human presence) available at the edges of the Internet A program is both Client and Server: a workstation provide services to others e.g. a music playstation can be a mixer too So Workstations also acts as Hosts

10. Copyright 2005 10 Multiply-Connected Topology / P2P Architecture 1970s but esp. Late 1990s Onwards Internet-Mediated

11. Copyright 2005 11 P2P – Towards a Technical Definition P2P is a network architecture in which each node is capable of performing each of the functions necessary to support the network and in practice many nodes do perform many of the functions

12. Copyright 2005 12 The Essential Nature of P2P In principle, Every Device is a Client and a Server In practice, Many Devices perform Server-functions Collaboration is inherent Clients can find Servers Single Points-of-Failure / Bottlenecks / Chokepoints are avoided by means of networking dynamics Enough Devices with Enough Resources participate as Servers for discovery, and as Servers for services 'Free-Riding' / 'Over-Grazing' of the 'Commons' is restrained through software and psych. features

13. Copyright 2005 13 Why P2P Is Attractive Much-Reduced Dependence on individual devices and sub-networks (no central servers) Robustness not Fragility (no single point-of-failure) Resilience / Quick Recovery (inbuilt redundancy) Much-Improved Scalability (proportionality) Improved Servicing of Highly-Peaked Demand (more devices on the demand-side implies there are also more server-resources) Resistance to Denial of Service (D)DOS attacks (no central servers)

14. Copyright 2005 14 P2P Applications 1. Of Long Standing ARPANET services generally, from 1969, which were built over a peer-to-peer architecture message transfer agents, since 1972 (SMTP), which perform both server and client functions USENET since 1979, now Internet Netnews Fidonet file / message transfer system, since 1984 Domain Name System (DNS), since 1984, a collaborative scheme, each server also a client

15. Copyright 2005 15 Recently-Emerged P2P Applications 2. Processing Services (cf. Grid Computing) Pattern-Searching of Data (e.g. SETI@home) Data-Space Searching, in particular as part of a collaborative key-discovery process (e.g. EFF's DES cracking project) Numerical Methods, large-scale / brute-force (e.g. fluid dynamics experiments, meteorology) Gaming, multi-player, networked Message Transfer: conferencing/chat/instant messaging cooperative publishing

16. Copyright 2005 16 Recently-Emerged P2P Applications 3. Access to Digital Objects Software fixes/patches Software releases Virus Signatures Announcements, e.g. of technical and business information, entertainment, sports results, promotional messages, advertisements News Reports, by news organisations, and by members of the public Emergency Services traffic Backup and Recovery Games Data, e.g. scenes and battle configurations Archived Messages, for conferencing/chat/IM, and cooperative publishing Learning Materials, in various formats Entertainment Materials, in various formats

17. Copyright 2005 17 The Predominant Use 1998-2005 Consumer sharing of entertainment materials: recorded music, in MP3 and other formats video, as bandwidths increase Copyright-owning corporations assert, with substantial evidence, that a large proportion of those file-transfers is being performed in breach of copyright law

18. Copyright 2005 18 Indicators of Scale In Sep 2002, 31m Americans used P2P to share music In 2003, FastTrack peaked at 5.5m users and 60% of the market, then fell due to publicity about lawsuits By 2004: P2P data volumes estimated at 10% of traffic (Web 50%, all email incl. spam 3%) simultaneous users c. 10m c. 50 m searches per day FastTrack still had 4m users (40% of market) and enabled access to 2m files, >10 terabytes 50% of files audio, 25% video, 25% other

19. Copyright 2005 19 P2P Networks and Protocols http://en.wikipedia.org/wiki/Peer-to- peer#Networks.2C_protocols_and_applications BitTorrent network: ABC, Azureus, BitAnarch, BitComet, BitSpirit, BitTornado, BitTorrent, BitTorrent++, BitTorrent.Net, G3 Torrent, mlMac, MLDonkey, QTorrent, SimpleBT, Shareaza, TomatoTorrent (Mac OS X) [2], TorrentStorm eDonkey network: aMule (Linux, Mac OS X, others), eDonkey2000, eMule, LMule, MindGem, MLDonkey, mlMac, Shareaza, xMule, iMesh Light, ed2k (eDonkey 2000 protocol) FastTrack protocol: giFT, Grokster, iMesh (and its variants stripped of adware including iMesh Light), Kazaa by Sharman Networks (and its variants stripped of adware including: Kazaa Lite, K++, Diet Kaza and CleanKazaa), KCeasy, Mammoth, MLDonkey, mlMac, Poisoned Freenet network: Entropy (on its own network), Freenet, Frost Gnutella network: Acquisitionx (Mac OS X), BearShare, BetBug, Cabos, CocoGnut (RISC OS) [3], Gnucleus Grokster, iMesh, gtk- gnutella (Unix), LimeWire (Java), MLDonkey, mlMac, Morpheus, Phex Poisoned, Swapper, Shareaza, XoloX Gnutella2 network: Adagio, Caribou, Gnucleus, iMesh, MLDonkey, mlMac, Morpheus, Shareaza, TrustyFiles Joltid PeerEnabler: Altnet, Bullguard, Joltid, Kazaa, Kazaa Lite Napster network: Napigator, OpenNap, WinMX Applejuice network: Applejuice Client, Avalanche, CAKE network: BirthdayCAKE the reference implementation of CAKE, Direct Connect network: BCDC++, CZDC++, DC++, NeoModus Direct Connect, JavaDC, DCGUI-QT, HyperCast [4], Kad Network (using Kademila protocol): eMule, MindGem, MLDonkey, LUSerNet (using LUSerNet protocol): LUSerNet, MANOLITO/MP2P network: Blubster, Piolet, RockItNet, TVP2P type networks: CoolStreaming, Cybersky-TV, WPNP network: WinMX Other networks: Akamai, Alpine, ANts P2P, Ares Galaxy, Audiogalaxy network, Carracho, Chord, The Circle, Coral[5], Dexter, Diet- Agents, EarthStation 5 network, Evernet, FileTopia, GNUnet, Grapevine, Groove, Hotwire, iFolder[6], konspire2b, Madster/Aimster, MUTE, Napshare, OpenFT (Poisoned), P-Grid[7], IRC @find and XDCC, used by IRC clients including: mIRC and Trillian, JXTA, Peersites [8], MojoNation, Mnet, Overnet network, Peercasting type networks: PeerCast, IceShare - P2P implementation of IceCast, Freecast, Scour, Scribe, Skype, Solipsis a massively multi-participant virtual world, SongSpy network, Soulseek, SPIN, SpinXpress, SquidCam [9], Swarmcast, WASTE, Warez P2P, Winny, AsagumoWeb, OpenExt, Tesla, soribada, fileswapping, XSC

20. Copyright 2005 20 P2P Multi-Protocol Applications http://en.wikipedia.org/wiki/Peer-to- peer#Networks.2C_protocols_and_applications eMule (Edonkey Network, Kad Network) (Microsoft Windows, Linux) aMule (eDonkey network) (Linux, Mac OS X, FreeBSD, NetBSD, OpenBSD, Windows and Solaris Op Environmt) Epicea (Epicea, BitTorrent, Edonkey Network, Overnet, FastTrack, Gnutella) (Microsoft Windows) GiFT (own OpenFT protocol, and with plugins - FastTrack, eDonkey and Gnutella) and xfactor (uses GiFT) (Mac OS X) Gnucleus (Gnutella, Gnutella2) (Microsoft Windows) Hydranode (eDonkey2000) (Microsoft Windows, Linux, Mac OS X) iMesh (Fasttrack, Edonkey Network, Gnutella, Gnutella2) (Microsoft Windows) Kazaa (FastTrack, Joltid PeerEnabler) (Microsoft Windows) Kazaa Lite (FastTrack, Joltid PeerEnabler) (Microsoft Windows) KCeasy (Gnutella, Ares, giFT) MindGem (Edonkey Network, Kademlia) MLDonkey (BitTorrent, eDonkey, FastTrack, Gnutella, Gnutella2, Kademlia) (MS Windows, Linux, Mac OS X, Palm OS, Java) mlMac (BitTorrent, eDonkey, FastTrack, Gnutella, Gnutella2) Morpheus (Gnutella, Gnutella2) (Microsoft Windows) Poisoned (FastTrack, Gnutella) Shareaza (BitTorrent, eDonkey, Gnutella, Gnutella2) (Microsoft Windows) WinMX (Napster, WPNP) (Microsoft Windows) XNap (OpenNAP, GiFT, Limewire, Overnet, ICQ, IRC) (Java) Zultrax (Gnutella, ZEPP)

21. Copyright 2005 21 Technical Concerns about P2P Address Volatility: old addresses may not work (hence trust based on repetitive dealings is difficult) Absence of Central Control, hence risk of anarchy Security Challenges: Malware, embedded or infiltrated Surreptitious Enlistment (at least potential) Vulnerability to Masquerade Vulnerability to Pollution Attacks (decoys)

22. Copyright 2005 22 Business and Government Concerns about P2P Address Volatility, plus Inadequate Identifiers, hence: respondents are difficult to identify and locate reduction in user accountability Absence of Central Control, hence: reduction in technology-provider accountability no single point for a denial of service attack Challenge to Authority over Users: to Copyright-Owners to Censors

23. Copyright 2005 23 The P2P Battleground – 1998-2005 MP3 Napster Gnutella, KaZaA, et al. CD-quality digital sound in files sized 1 MB/minute a central catalogue of a distributed database, to facilitate sharing of MP3 files a distributed catalogue of a distributed database, to facilitate sharing of (MP3?) files

24. Copyright 2005 24 Use of the Law to Destroy Napster 1999-2002 Napster was P2P-with-a-chokepoint, because it relied on a central directory of file-names and host-identities Court action resulted in closure of the directory, and hence the collapse of the system as a whole Many P2P applications have some central facility that can be attacked in such a manner, including AOL Instant Messenger and ICQ

25. Copyright 2005 25 Categories of P2P Pure Functions and objects are distributed across many nodes, so no one node is critical to the network's operation; so control is very difficult – USENET, Fidonet, Freenet, Gnutella(1) Compromised / Two-Tier Functions and objects are distributed; the index is substantially but not fully distributed – FastTrack, Gnutella(2) Hybrid Functions and objects are distributed; the index is heirarchical (the DNS) or centralised (Napster, BitTorrent)

26. Copyright 2005 26 Use of the Law to Constrain P2P Generally 2002- A critical central service is a chokepoint. If its within jurisdictional reach (and the US is highly aggressive in extending its laws beyond its territories), then it can be attacked through the courts Gnutella, KaZaA and some other P2P services decentralise their directories as well as their storage Court action intended to preclude such P2P services will need gain injunctions against production, dissemination and use of the tools and/or protocols

27. Copyright 2005 27 Challenges for Copyright-Owners Unauthorised Reticulation Unauthorised Adaptation Identification of copyright objects Tracking the movement of objects Identifying Devices that store those objects and that traffic in them Identifying the Person responsible for a breach, with the device used to perform the act that constitutes the breach Location of the responsible Person Bringing Suit (e.g. jurisdiction) Collection and Presentation of Evidence sufficient to win even civil, let alone criminal cases Proposing Interventions that could be awarded by court injunction

28. Copyright 2005 28 P2P Architectures Resilience and Robustness The removal of a device as a result of the execution of a warrant or injunction is indistinguishable from other forms of denial of service attack But in John Gilmores words: The Internet treats censorship as damage, and routes around it

29. Copyright 2005 29 Copyright-Owner Fightback Phases Legal – Lawsuits and Publicity Political – Copyright Expansionism Technological – Digital Rights Management Reduction of the Power at the Edges New Business Models

30. Copyright 2005 30 Whats Different about Copyright Objects Now, and in the Future Digital not physical / Bits not atoms Copying is intrinsic to transmission Copying is performed by the consumer => Consumers now need a copyright licence Copies for personal use are indistinguishable from copies for re-sale, and copies for adaptation Copiability and Adaptability are intrinsic => Appropriation is a virtue, but still a vice

31. Copyright 2005 31 Copyright Expansionism Accidental extension through buffers, cache Lawyers nastygrams and misuse of process Lobbying for, and Enactment of, Laws: extending copyright laws criminalising hitherto civil law breaches enlisting law enforcement agency support transferring enforcement costs to the State DMCA-based Gaoling, no bail, delayed charges, charges withdrawn once chilling effect achieved Embedment in Marketspace Mechanisms of Existing, Expanded and Imagined Rights

32. Copyright 2005 32 Digital Rights Management Technologies Passive Technologies Object-Protection under the owner's control Object-Protection while it is in transit Means of Tracing Rogue Copies: 'Watermarking' technology (to uniquely identify the publication) 'Fingerprinting' technology (to uniquely identify the particular copy) Object-Protection under a licensees control

33. Copyright 2005 33 Digital Rights Management Technologies Active Technologies – 1 of 2 Notification to the licensee of their rights at the time that the object is accessed Identification of licensees Authentication of identities Destruction / Disablement of the data object in the event of licence expiry or breach (cf. the sterility gene in proprietary GM crops)

34. Copyright 2005 34 Digital Rights Management Technologies Active Technologies – 2 of 2 Enforcement Mechanisms, client-side Prevention, e.g. preclude actions that breach permissions for printing display Recording of actions that exercise permissions under the licence Recording of (attempts to) breach the licence, e.g. making copies beyond the limit Reporting of (attempts to) breach the licence

35. Copyright 2005 35 Ways to Reduce the Power at the Edge Make workstations diskless or thin Prevent software from being stored, and require users to download a copy each time it is used (the Application Service Provider – ASP – model) Connect remote devices via asymmetric links, high-bandwidth downwards, low upwards (SDSLs 1:1 ratio cf. ADSL and cables 2:1, 4:1 and even 8:1) Insert in every consumer-device: identifiers location and tracking technology Upgrade / Replace the Internet Protocol Suite

36. Copyright 2005 36 A More Constructive Closed Approach Identify customers price resistance-point (by finding out what the market will bear) Set prices accordingly (and thereby sustain payment morality) Discourage and prosecute breaches where the purpose is commercial Take no action over breaches by consumers (time-shifting, format-change, sharing?) A Case Study: Apple iTunes charges USD 0.99 per track!??

37. Copyright 2005 37

38. Copyright 2005 38

39. Copyright 2005 39 Domain Name System (DNS) Devised in 1983 to: separate (domain-)name from (IP-)address make it easier for humans, e.g. xamax.com.au cf. 203.20.62.21 A dispersed set of interconnected devices that maintains an index of names-and-addresses

40. Copyright 2005 40 Moving Outside the DNS The DNS was devised when each Host had a stable IP-address, and was seldom unavailable If nodes are unstable or IP-addresses change rapidly then apps need something other than the DNS Workstations arent always available and Mobile Workstations change IP-address So many P2P applications dont use the DNS