Turnbull's piracy crackdown and the fate of VPNs

Australians are waging a pitched battle with foreign multinationals seeking to control trade and maintain pricing mechanisms that put local consumers at a disadvantage.

Fed on a diet of geo-blocking, slow content delivery and price gouging Australian consumers have opted to strike back through means that the content industry wants to label illegal.

Online piracy has become the nebulous other, an intractable enemy that is seemingly undermining the bulwarks of our creative industries.

In response, the Abbott government has once again opted to take a path that’s guaranteed to deliver maximum pain for very little gain.

The poorly drafted Copyright Amendment (Online Infringement) Bill 2015 joins the recent spate of rushed legislation that’s replete with technical inaccuracies and imposes vague technical definitions at a time when the focus should be on privacy, security and ensuring there is open and fair participation by Australian business and consumers in the global digital economy.

The proposed crackdown on online pirates is likely to stem the tide to some extent but downloading content from unauthorised channels isn’t going to disappear.

Any succour that the foreign multi-nationals hope to gain from the government’s vague legislation is likely to be short lived as the battle will take a new form due to the inherent weaknesses in the government’s legislation and the ever changing technologies that can be used to circumvent copyright enforcement related legislation.

The landmark Dallas Buyers Club piracy case along with the influx of streaming content providers (Netflix, Stan, Presto) has galvanised the attention on issues of access and the extent to which copyright holders can push the envelope on targeting pirates.

Rights holders have so far targeted consumers utilising peer-to-peer communications and a service that has evolved over past decades to become known today as torrents. But consumer behaviour hasn’t remained static. As consumers increasingly connect to torrents using Virtual Private Network (VPN) (VPNs) or Tor to increase their privacy, the battlelines are shifting.

The empire strikes back

Global media giants are likely to ramp up their battle against VPN providers now that WikiLeaks has outed Sony Corporation for pressuring Netflix to block international customers utilising VPNs to circumvent geo-blocking. In fact, there was a specific mention of Australia in Sony’s plea to Netflix.

Meanwhile, HBO Now has sent email to non-US customers stating that they will be cut off on April 21. According to Fairfax reports, the HBO email states "It has come to our attention that you may have signed up for and viewed video content on the HBO NOW streaming service from outside of the authorised service area (the United States, including D.C. and certain US territories)."

"We would like to take this opportunity to remind you that the HBO NOW streaming service is only available to residents of the United States, for use within the United States. Any other access is prohibited by our Terms of Use."

HBO Now appears to have used credit card payment details to identify customers outside the US and has asked customers to contact HBO Now to verify their location.

It’s sign of renewed vigour from an industry keen on barriers but by targeting VPN providers the media giants are unlikely to achieve anything other than increase their legal bills, increase customer internet access charges and further enrage consumers.

It’s important to remember that the VPN is the latest in a long line of technologies that have been used in the battle and any reduction in VPN use would only see a rise in the use of one of the many alternate technologies that could be employed.

Reasonable steps

The Coalition's copyright amendment bill includes a remedy for online infringement which is for the Federal Court to grant an injunction to “require the carriage service provider to take reasonable steps to disable access to the online location.”

The lack of a precise technical definition in the draft bill for the term “reasonable steps” means that a copyright rights holder could potentially convince a court to order a carriage service provider to block access to communication services that facilitate different forms of information transmission over the network rather than just blocking the online location that hosts the illegal material.

The Communications Minister Malcolm Turnbull states on his policy-faq blog that "While content providers often have in place international commercial arrangements to protect copyright in different countries or regions, which can result in 'geo-blocking', circumventing this is not illegal under the Copyright Act.”

The growing use of broad and ill-defined non-technical language within technically oriented legislation and regulation is increasing and bodes ill for the public.

Navigating the VPN maze

In the unlikely event that Australians utilising VPNs to access US streaming media providers are identified, once the courts force the hands of streaming companies, VPN providers and carriage service providers to release customer details, the victory will a hollow one for the rights holders.

Australians would immediately take steps to create financial accounts outside of the US and Australian court jurisdictions and then utilise generic email accounts to join the US streaming media providers.

By utilising two separate VPN service providers it would be possible to create a VPN to a location outside the US and Australian court jurisdictions and from there connect to the streaming media provider. This makes it very difficult for the rights holders or the court to trace the VPN to its origin because most VPN service providers do not retain customer connection records as customers are provided with VPNs utilising different IP addresses every time they connect.

The other advantage of this approach is the rights holders and the media streaming providers would not be able to identify the customer as an Australian.

Ultimately the idea that VPN service providers should be targeted or that VPN traffic can in some way be turned on or off due to a Federal Court injunction is fanciful. Restricting the many types of VPNs would be technically difficult and as one hole is plugged another would open as there are many technologies that can be utilised to circumvent attempts by rights holders to prevent illegal downloads and streaming.

It's all about encryption

The principles underpinning VPNs have been around since the early days of the digital network and it was during the 1990s that many of the concepts used today were formalised. There are many different types of VPNs depending on the protocols and level of security used. Some of the more common VPNs include Point to Point Tunnelling Protocol (PPTP), Layer 2 Tunnelling protocol (L2TP), Generic Routing Encapsulation (GRE), OpenVPN, Secure Sell Tunnelling and IP Security (IPSec).

Rights holders rely on being able to join torrents to see what media is available and where it is coming from and going to. This is the approach currently used to identify people sharing media. Rights holders are finding it difficult to trace traffic from streaming media providers due to VPNs; hence efforts by companies like Sony to enlist the help of media streaming providers to block customers connecting over VPN.

The key to privacy on the network is encryption and when this is combined with fast mesh network concepts there should be improved privacy and security of traffic from source to destination.

In some ways the idea of using dispersed traffic flows, where the original stream is separated and transported using many paths to the destination where it is reformed, is similar to military security concepts and has been facilitated by private mesh traffic redirectors used when people want to become “anonymous”.

As network speed and capacity increases it is only a matter of time before all traffic is encrypted and a fully mesh network is available that distributes traffic onto links based on instantaneous link load rather than the need to ensure stream integrity over a single pathway from source to the destination.

A next generation intelligent mesh network utilising Multi-Protocol Label Switching (MPLS) encrypted Layer “2.5” links could provide scalability and fast network traffic flows. MPLS was first defined in 2001 and has become a key part of the network today because of the ability to forward traffic from point to point in a fast and efficient manner.

The shift to mesh networks that provide improved resilience and reliability in a complex network is a likely development and any threat to existing VPNs that are often transported over MPLS links could increase the pace of technology change.

Firewalls found in most homes today include basic point to point VPN capability, and in the future this functionality is likely to be replaced by encrypted point to point and mesh capability – though whether or not MPLS or some new technology is used is uncertain at this time.

What this means is that customer traffic could be encrypted, sent onto the network, bounced around the country or the world and appear at the destination without a defined pathway. This makes tracing the traffic back to the original source a fool's errand.

The TPP connection?

This is just the tip of the iceberg and further channels are likely to developed as the arms race evolves. Faced with such a scenario one has to wonder why the Abbott government is so keen to introduce legislation that contains vague terminology, is of questionable efficacy and almost certain to lead to poor consumer outcomes.

Unfortunately, both the Coalition and Labor have poor form when it comes to listening to the broader technical community and the copyright bill looks likely to follow the same course as the controversial Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2015.

The measures proposed are just as weak as the data retention legislation, given the failure to address the many ways in which it can be circumvented.

Could it be that the Abbott government is trying to get a tick in the box with the US government as part of the Trans-Pacific Partnership agreement? If so then the cost to Australian consumers looks set to grow while online piracy continues unabated.

Mark Gregory is a Senior Lecturer in the School of Electrical and Computer Engineering at RMIT University.