The Air Force Institute of Technology has come up with a new way to passively monitor BitTorrent traffic.

The system works by passively monitoring all traffic flowing toward users, and then recognizing the BitTorrent header in packets. Once the system sees such a header, it takes the hash of the file and compares it to a list of known "bad" hashes. If there is a match, the system logs it for further investigation.

Reportedly, the system uses FPGAs (field programmable gate arrays), which are chips that can be configured to perform different functions. This may suggest that the system is built to be very fast, but as the sniffing capability tops out at 100Mbps, it looks like the designers simply used FPGAs as a convenient system-on-a-chip. Even a five-year old PC can perform light to moderate traffic-sniffing duties at 1Gbps speeds in software.

Big Content would of course be on cloud nine if ISPs could be convinced to install devices like this—and the argument that kicking pirates off the network would free up a lot of bandwidth may go a long way toward convincing them. On the other hand, inspecting the content of a user's traffic in this way has serious privacy implications, and is likely to fall afoul of the law in some countries.

Another issue facing such systems is creating a comprehensive set of hashes of copyrighted files in real time. It would very likely be easier to have the sniffers simply log all hashes, then figure out which are the offending ones later. But all of this is moot, as the system is easily thwarted by encrypting BitTorrent traffic, which already happens for some 25 percent of BitTorrent traffic today.

Ultimately, it's not clear that a system like this addresses a real need. The Achilles heel of BitTorrent is the need for the peers participating in the file transfer to find each other. Traditionally this is done through a centralized tracker that provides each peer with addresses of other peers, but modern BitTorrent clients can also perform this function in peer-to-peer fashion.