

NEW HAVEN, Connecticut – Internet service providers that monitor their networks for copyright infringement or bandwidth hogs may be committing felonies by breaking federal wiretapping laws, a panel said Thursday.

University of Colorado law professor Paul Ohm, a former federal computer crimes prosecutor, argues that ISPs such as Comcast, AT&T and Charter Communications that are or are contemplating ways to throttle bandwidth, police for copyright violations and serve targeted ads by examining their customers' internet packets are putting themselves in criminal and civil jeopardy.

"These ISPs are getting close to the line of illegality and may be violating the law," Ohm told conference goers at the Computers, Freedom and Privacy conference Thursday.

Charter's proposed test of a system that eavesdrops on the URLs its customers visit, in order to serve them targeted ads, has already spurred a powerful Congressman to question whether the scheme would violate the Cable Act. For its part, Comcast's heavy-handed throttling of peer-to-peer sharing by sending fake stop messages to its customers has the Federal Communications Commission holding hand-wringing public hearings over whether it should ban the practice as being inconsistent with its open network principles.

But Ohm thinks the legal quandary is simpler. These schemes all seem to violate the Wiretap Act, a federal statute banning eavesdropping that comes with criminal and civil penalties. That law has some exceptions for service providers to monitor content, but only when necessary to deliver service, or to protect the company's "rights and property."

In fact, Ohm thinks network system administrators could themselves be in legal trouble, just for following orders from their bosses to install monitoring devices.

"Not only is this a five-year felony, it also has individual accountability," Ohm said. "The sys admin could be sued individually and prosecuted individually If you are asked by your manager to go and do this kind of monitoring, you yourself may be legally exposed."

Fellow panelist Michael McKeehan, a director of Internet and Technology Policy for Verizon, said his company shares the same legal concerns, which is why it has explicitly said it has no plans to build filters to look for copyright infringers, as AT&T has it is interested in doing.

"As far as copyright filtering at the net level goes, Verizon is not doing it," McKeehan said. "We see significant legal and policy issues that need study."

He cited privacy issues with monitoring customers, increased liability if the filtering solution misses something and the possibility of falsely identifying a legitimate file transfer with an illicit one, and the possibility that filters will lead to a encryption war with file sharing software, which is already turning to crypto to hide p2p packets from Comcast's filters.

"Do we want to deputize the middle man in this process?" McKeehan asked, sceptically.

Not surprisingly, the panel did not include anyone from an ISP that is filtering or talking about filtering packets. Those ISPs skipped even an FCC hearing in Stanford last month.

But surprisingly, the head lawyer for Intel's System Technology Lab, Brad Biddle did show up, registering Intel's disapproval of network filters – especially mandated ones – on the grounds they could slow innovation and even eventually trickle down to hardware makers.

"If you filter for copyright content at the network level, why not filter at the device level?" Biddle asked. "The next step is to have devices screen for watermarks."

Devices and services like the SlingBox, which lets people view their cable television connection using remote devices, could easily be collateral damage of network copyright filters.

"If they aren't going to be allowed to evolve, we all lose," Biddle said.

The movie and music industry is pushing hard to have states and federal government require filters on university networks, and successfully got Tennessee to pass a law earlier this month that would require schools to beef up content filtering any year that a school got more than 50 copyright infringement notices, according to panelist Steven Worona of EDUCAUSE, which represents university IT departments.

"The RIAA would love to have filter mandates – state or federal," Worona said, calling universities easy, but wrong targets.

"We are the only ISPs that are trying to inform clients or customers that what they are trying to do is illegal," Worona said.

When asked whether Verizon tried to numerically identify known child pornography images, McKeehan said it had given up on a trial of software to check email attachments, in part because the technology can be defeated by changing a single pixel in the image or slightly resizing it.

"They may be perverts but they are not stupid," McKeehan said.

But Ohm isn't convinced that lawmakers will see it that way, and forsees a bill requiring filtering for child pornography – an issue sometimes called the skeleton key to the Constitution.

"Once you have a mandate built into the law and you give an order that they build in the surveillance architecture, then it is a shorter walk to get Congress to extend that mandate," Ohm said.

(Image: State of California)

See Also: