Filtering sounds so wholesome. As with filtered water, Internet filtering backers suggest that their products simply keep the sludge from passing through, and who wants to drink unfiltered sludge? The big difference between the two kinds of filtering is that sludge can't use 128-bit keys and AES encryption to hide its sludgy nature; Internet traffic can. It's a key problem for any Internet filtering regime, including the one being studied right now by AT&T. Once strong encryption is slapped on Internet traffic, the effectiveness of filters drops off dramatically.

At a Washington, DC, tech conference last week, RIAA boss Cary Sherman suggested that Internet filtering was a super idea but that he saw no reason to mandate it. Turns out that was only part of the story, though; Sherman's a sharp guy, and he's fully aware that filtering will prompt an encryption arms race that is going to be impossible to win... unless users somehow install the filtering software on their home PCs or equipment.

Last night, Public Knowledge posted a video clip from the conference that drew attention to Sherman's other remarks on the topic of filtering, and what he has to say is downright amazing: due to the encryption problem, filters may need to be put on end users' PCs.

The issue of encryption "would have to be faced," Sherman admitted after talking about the wonders of filtering. "One could have a filter on the end user's computer that would actually eliminate any benefit from encryption because if you want to hear [the music], you would need to decrypt it, and at that point the filter would work."

This means moving the filter out of the network and onto the edges (local machines), since it's at the edges that decryption and playback occurs. But who would voluntarily install software that would continually scan incoming P2P streams for copyrighted material after that material has been decrypted? Or software that would watch every song you played and tried to figure out if it was legit?

Sherman knows it's a tough sell. "Why would somebody put that on their machine?" he asked rhetorically. "They wouldn't likely want to do that."

No... they wouldn't. But Sherman's idea is that customers install filtering software such as virus scanners all the time because they see a tangible benefit to it. Apparently, they are supposed to realize the same benefit from installing a filter that flags as illegal the very music that they are trying to download.

This is clearly not going to happen, so Sherman has another idea. He appears to suggest installing the filter in a customer's cable or DSL modem, which wouldn't act as anything more than a network filter (the encryption and decryption happens on the PC). There's also some talk of putting the filtering tech into "applications" such as P2P apps, but again, this seems unlikely, especially for the open-source ones. Maybe he hopes to get OS vendors on board?

The entire scheme has about as much chance of success as my 2008 bid for the White House (write-in Anderson for President in November!). The only way to make it work is to mandate the filters or have ISPs mandate that users install them to get on the Internet. The consumer backlash from such a plan would be like the force of a thousand supernovas, and it's hard to visualize this happening.

What's most incredible about all of this is that the RIAA and some ISPs (namely AT&T) are seriously moving ahead with a filtering regime despite their own admissions that it won't work. Filters might work, they might allow for fair use, and they could conceivably be built in such a way as to maintain privacy, but it just wouldn't matter. Filtering as a concept is ultimately doomed by encryption unless the "filters" simply block entire protocols altogether, and talking about the consumer benefits of installing RIAA-approved filtering software is just another sign of how ludicrous the entire debate has become.

It's time to find a better solution with more than a short-term chance of success.