August 14, 2003 4:00 AM PDT
In refugee camp, a P2P outpost
Dubbed Earthstation 5, the new file-swapping network is openly flouting international copyright norms at a time when many older peer-to-peer companies are trying to establish themselves as legitimate technology companies. One of the brashest of a new generation of file-trading networks, it is serving as a new test case for the ability of high-tech security measures and international borders to preserve privacy on the Net.
As the deadline looms this month for what will likely be thousands of copyright lawsuits filed by the Recording Industry Association of America (RIAA) against individual computer users, anxious file swappers are turning to this and other new services in hopes of avoiding legal consequences. In EarthStation 5's case, it is returning industry legal threats with bravado.
"We're in Palestine, in a refugee camp," said Ras Kabir, the service's co-founder. "There aren't too many process servers that are going to be coming into the Jenin refugee camp. We'll welcome them if they do."
On its face, Earthstation 5 appears to be at the leading edge of the movie and music industry's next nightmare--copyright-flouting networks based in a territory without strong intellectual property laws, with security built in that protects users from scrutiny. Indeed, the company is confident enough in its territorial immunity that it even streams and offers downloads of full albums and first-run movies like "Terminator 3" and "Tomb Raider" directly from its own servers, an activity that has previously resulted in lawsuits and the prompt disappearance of predecessors.
As an unabashed advocate of unrestricted file swapping, the company may also serve to undermine recent conciliatory efforts of older peer-to-peer companies. Companies such as Kazaa parent Sharman Networks have tried to open negotiations with the recording and film industries in hopes of ultimately reaching a legal compromise. Several groups of peer-to-peer companies have opened trade associations and lobbying branches in Washington, D.C., aiming to show they are legitimate parts of the technology economy.
P2P's little secret
File swappers hoping to hide
from the prying eyes of copyright
enforcers face a tough choice.
Like others in a new generation of file-sharing networks such as Blubster and Filetopia, Earthstation 5 bills itself primarily as an anonymous service. That's helped all of them draw computer users anxious to escape the high-profile recording industry campaign to find, identify and ultimately sue thousands of individuals trading music on networks such as Kazaa and Morpheus.
Trouble is, the claims to anonymity are as highly controversial as the services themselves.
"We have yet to see a P2P network where we have not been able to target individuals who are infringers," said Matt Oppenheim, senior vice president of the RIAA. "This is marketing hype of the worst kind. It is playing on the fears of others, encouraging them to engage in behavior that will get them into a boatload of trouble."
Out of the West Bank
According to Earthstation 5 founder Kabir, the company was formed after a conversation with his brother Nasser in Ramallah two years ago, as Napster was circling toward its nadir. Over time, they won the financial backing of investors in Israel, Saudi Arabia and Russia, who have asked to remain anonymous. Those funds were used in part to pay contract programmers, largely in Russia, to help build the basic software.
The 35-year-old Kabir, who speaks fluent English, says he is Palestinian but spent much of his childhood in Manchester, England, with his mother. He now has homes in Jenin and elsewhere in Palestine, where Earthstation 5 is based, he said.
He's now making sweeping claims for the success of the service: that it has been translated into more than a dozen languages, ranging from Turkish to Chinese, which has helped it be downloaded more than 22 million times--a number that would put it on track to rival the reach of file-swapping giant Kazaa.
Like much else in the gray areas of Internet file swapping, much of this is hard to confirm in detail. Nor are claims always genuine in this industry. In April, a Netherlands-based company that calls itself "The Honest Thief," which similarly advertised file sharing beyond the reach of American law, turned out to be a hoax.
Internet addresses Earthstation 5 uses point to Israeli hosting company SpeedNet, which did not return requests for comment. The file-swapping company's domain name itself is registered to an address in "Jenin refugee Camp #23," although that does not prove its actual location there.
The company's Web site gives an address in Gaza, as does the contact information for another Net address used by the service.
According to Download.com, a popular software aggregation site News.com publisher CNET Networks operates, the English version of Earthstation 5 has been downloaded just 25,500 times, with far fewer instances of other languages. Kabir said most of his downloads come from other sites or from the company's own site.
The software itself does not include a way to verify the number of people online at any given time.
Is secure really secure?
If the story of a refugee camp-based network that's flying in the face of international copyright norms is compelling, it is ultimately the strength of the technology itself that will determine the success of the service or of any of its new generation of rivals.
By comparison to more established services, Earthstation 5 is difficult to use and buggy. It claims to use a series of different technologies--most of which are similar to nascent efforts by rivals--in order to keep its users' identities safe.
tools are legal
In a stunning court victory, a judge dismisses
much of the record industry and movie studios'
lawsuit against Streamcast and Grokster.
First, it uses a different Web protocol, called UDP (for User Datagram Protocol), to transmit much of its information. This is harder to detect and track to a single computer than is TCP (Transmission Control Protocol), which is used by most file-swapping services and Web functions.
The company adds SSL (Secure Sockets Layer) encryption--the same technology that prevents hackers from seeing password or credit card numbers being sent to e-commerce sites--to protect data in transit. And finally, it encourages users to search and even transfer files through proxy servers, the electronic equivalent of using a middleman to exchange goods. That way, anybody who tries to download files will see only the Net address of the proxy server doing the relaying, not the person originally sharing files, according to the company.
None of these methods is a perfect guarantor of anonymity. Nor does the company provide enough real detail on its security to satisfy others in the privacy business.
"If I'm going to lay my anonymity on the line, I would want to see all the details about how a system works," said Ian Clarke, founder of Freenet, a yearslong project dedicated to producing a genuinely anonymous file-swapping and Net publishing system. "This is an issue we think about a lot. When we have people in China who could go to jail or worse for using Freenet, we want to make sure that we're not exaggerating those claims and what level (of anonymity) they afford."
Companies dedicated to scouring file-swapping networks for infringements say proxy servers could help people be temporarily anonymous, but they have flaws as well. A server could, for example, be a "honey pot," a trap set up by a group like the RIAA or MPA that will in fact do nothing to preserve privacy.
Kabir said his company runs several of its own proxy servers and encourages people to swap files through these. But if the service becomes extremely popular, with hundreds of gigabytes going through the service every day, running anonymous proxies would likely become prohibitively expensive and impractical.
"Right now, the proxy features in just about every P2P client don't work well. They end up slowing downloads and aren't highly utilized," said Travis Hill, director of engineering for BayTSP, a company that works for record companies and movie studios to find copyright infringements online. "But if and when they do start being used effectively--if proxy operators are allowing their machines to distribute copyrighted material--copyright owners will start notifying them and pursuing them also."
The U.S. copyright community has previously shown some restraint in dealing with infringing issues in the Middle East. File-swapping firm iMesh, based in Israel, is one of the oldest and most popular of the post-Napster networks and has thus far escaped lawsuits altogether.
Even if the RIAA and MPA can't go to Israel or the Palestinian territories to have the company's servers shut down, they do have options inside the United States. They've previously filed lawsuits against major U.S. backbone Internet service providers to block access to Web addresses that offer copyrighted material online and have said they are willing to do so again.
For now, Kabir and his brother are worrying just as much about maintaining a functioning technology operation in an area where suicide bombings and military reprisals are still a way of life. The company has talked to militant Palestinians as well as Israelis and has gotten the go-ahead to operate without being drawn into the ongoing conflict as much as possible, he says.
"We have met with the organizations on our side, met with the leadership, and we said we just want to support ourselves and support Palestinians," Kabir said. "Everyone thought we were nuts. But we all came to agreement. We're entitled to eat, too."