Senator: Let's monitor P2P for illegal files
WASHINGTON--A prominent Senate Democrat on Wednesday said federal and local police should use custom software to monitor peer-to-peer networks for illegal activity, and he wants to spend $1 billion in tax dollars to help make that happen.
At an afternoon Senate Judiciary subcommittee hearing about child exploitation on the Internet, Sen. Joe Biden (D-Del.) said he was under the impression it's "pretty easy to pick out the person engaged in either transmitting or downloading violent scenes of rape, molestation" simply by looking at file names. He urged use of those techniques by investigators to help nab the most egregious offenders.
The software, dubbed "Operation Fairplay," was developed two years ago by Special Agent Flint Waters in the Wyoming Attorney General's Office, who, by Biden's description, is considered an expert in the field. The application is currently being used by all of the regional Internet Crimes Against Children (ICAC) task forces nationwide and internationally, Waters told the panel.
Waters describes the system as a "comprehensive computer infrastructure," housed in Wyoming, that grants law enforcement officers a "big picture" of what sort of child pornography file transfers are going on across the country. It's able to help investigators conduct undercover operations involving peer-to-peer file-sharing applications, chat rooms, Web sites, and mobile telephones, Waters said.
No one's trying to demonize those technologies, Waters said. "Blaming this problem on peer-to-peer innovation is like blaming the interstate highway system when someone uses it to transport drugs," he said.
But in 2008 alone, investigators using Fairplay have "seen" more than 1,400 IP addresses tied to swapping child pornography files on at least 100 different occasions, Waters said. He didn't say how he identified what he viewed as child pornography, which can include photographs of fully-clothed teenagers taken with their parents' consent. In addition, as critiques of a 1995 law review article pointed out, trying to guess the contents of a file based on its name can be a problematic process.
Based on Waters' statements to the committee, the system appears to work like this: Investigators log onto peer-to-peer file-sharing networks as any other person would and search for files containing certain keywords that are likely to indicate child pornography is involved. Then they download the files--frequently videos, sometimes as long as 20 to 30 minutes, with names like "children kiddy underage illegal.mpg" and much more obscene--to their own machines. They're able to use the Fairplay software to obtain the IP address of the file's sender and, in some cases, display its geographic location in map form.
Once armed with an IP address and date and time of the download, investigators can subpoena the Internet service provider for more information, such as name and address of the subscriber who was assigned it at that moment. "It's not necessarily the suspect but it tells us the physical location to start," Waters said. (He didn't say whether any wiretaps were conducted to monitor ongoing file swapping.)
Investigators use the IP addresses to keep track of offenders on a "daily" basis, Waters told CNET News.com during a break at the hearing. But in about half its cases, for purposes of longer-term tracking, the software captures "unique serial numbers" from the person's computer and keeps a tally of how many allegedly illicit files that particular user is trading.
Waters provided the committee with a chart that said, for example, law enforcement had "seen" one user in Pennsylvania exchanging those files 2,792 times, one New Jersey user swapping them 1,182 times, and so on. It wasn't clear whether the so-called serial number corresponded to IP address, P2P username, or something else, and Waters wouldn't elaborate.
"It's unique to the computer, that's as far as I'll go," Waters added, saying he didn't want to divulge more details that suspects could use to circumvent detection. "We're able to get it when they're transferring child pornography."
So far, investigators have recorded more than 642,000 "unique serial numbers" that can be traced to the United States and another 650,000 of them that cannot be traced to a particular country, with the number of unique serial numbers rising steadily each month since "widespread capturing" of the details began in October 2005.
In addition to tracking the senders of the files, investigators use Fairplay to track the files themselves through their hash values or digital signatures. In one case, investigators found that an image of a toddler who'd been "horribly abused" was available in more than 1 million places around the world, Waters said.
Lt. Robert Moses, unit commander of the Delaware State Police High Technology Crimes Unit, told the committee that the software has been instrumental in allowing law enforcement to "proactively" identify criminals who possess and distribute child pornography, helping lead to arrests and prosecutions.
Grier Weeks, executive director of an anticrime nonprofit association known as the National Association to Protect Children, said the system has "revolutionized law enforcement" in the child pornography area.
Biden and Sen. Jeff Sessions (R-Ala.), the committee's ranking member, said they were troubled that because of limited resources, investigators are able to take on less than 2 percent of what they called "known" cases of child-pornography trafficking via the Internet. Biden said he also isn't pleased to see that the FBI currently has only 32 agents working in its "Innocent Images" unit, which focuses on child pornography. Still, Biden said he isn't out to "exaggerate" the problem and acknowledged that some of those cases may involve "accidental" exchanges of illicit material.
Biden pushed for passage of a bill known as the Combating Child Exploitation Act. It would authorize more than $1 billion over the next eight years to hire 250 new federal agents devoted to Internet crimes against children, provide additional funding to regional computer forensics labs, and give out more federal grants to the regional Internet Crimes Against Children (ICAC) task forces. The House of Representatives passed a companion bill in October.
"We can get our arms around it, the worst aspect of it," he said, "if we provide the resources."
Sessions cautioned the law enforcement officials to be smart about obtaining search warrants in such investigations. "You can't just go peruse everybody's computer," he said. "You train the officers in what is legal and established and approved and how to get warrants when they need a warrant?"
Waters said he "didn't know of any cases where (requests for warrants) had been overturned."
News.com's Declan McCullagh contributed to this report
So if I were a child predator, wouldn't it stand to reason that pushing files out with innocuous-sounding names would be a quick and ready countermeasure?
I mean, the paedoes may be sick and disgusting, but assuming they're stupid isn't exactly going to stop them.
/P
1 Billion Can Go A Long Way To Other Not So Important Things Like....Healthcare, Schools, Maybe Our Economyyy
I can see spending the money on protecting children from pervs but really how much is going to be devoted to stopping Joe Smoe from downloading MC Hammers Greatest Hits
Common...
This wont protect people from pervs.. any more than drug laws protect drug users. The reason is the people who are seeking this stuff (like willing drug users) already believe it's illegal and do it anyway. The fact that its illegal does not stop them. You think *extra* laws will make any difference to pedo's who are already harshly punished if caught?
Everyone knows all the scary **** is not out on p2p anyhow but on Tor's .onion network. The real creeps will just fine a way around the system leaving legitimate people using P2P to be the subject of these serial numbers and investigations.
Joe Biden is a moron.. no worse.. a very powerful moron.
it's name, files are commonly mislabelled.
Secondly, just because someone downloads such a file doesn't mean they had any
interest in it's content. They might have made a mistake, been after something else,
or downloaded something poorly labelled. Also is the problem of identifying
someone by an IP address, these days with NAT multiple people can share an IP
address. In addition if someone has a wireless network.., if hacked or unsecured, that
would be the preferred way of a clever pedophile to try and get child porn.
Thirdly, and most importantly. It is absurd in a democracy that someone can be
arrested merely for watching a video or a picture. They should go after the people
making the videos, they are committing the child abuse. Even child abuse doesn't
give the government an excuse to act like a totalitarian state and decide it has a right
to censor things on the internet!
There are several possibilities. Gnutella for example, assigns a unique id to each packet and uses a numerical id called the file index for file requests. It could also be a hash, which are in use by several p2p protocols.
And it does not require a warrant.
Oh, that's right, no government workers have committed crimes.
bwahahaha
The government can't even find a balanced budget, how can they find illegal files?
Oh but that is an issue not politician wants to address...
KieranMullen
http://360Oregon.com
to be created. This to me sounds no different than the NSA
spying program. Basically stating that they review every
communication on the internet/fiber network, and selectively prosecuting individuals is not constitutionally acceptable in my
opinion. And take the case were they find other incriminating
evidence on something like insider trading, would they than
prosecute that case as well. I guess Joe Biden is in league with
the Bush Administration at least on the issue of questionable
federal actions as of late.
authorize any sort of domestic eavesdropping it seems. It's all
back to ATT v Hepting which is bs. The DHS has their little pet
project for the community to spy on each other's networks with
the Neighborhood Network Watch (www.dhsnnw.org/hnap.html).
The pretense for the existence of this group is of course
"terrorism". Yeah, that's the other sure fire winner for any type
of broad sweeping sweeping eavesdropping. Biden's thing just
seems like another on a long list of moves to just surveil all
network traffic.
However, I'm glad that it seems like he gets that MAC addresses, IP numbers, and things like that can be faked. You can't just barge in on someone based on an IP numbers alone. I'm also glad he understands the technology isn't the problem. It's the criminals using it in the wrong way that is the problem.
I don't know what this "serial number" is, but it can probably be faked too. We just don't know which number he's talking about.
However, the smartest thing they're doing is monitoring the connection over time to collect the evidence they need. They're not just saying oh this IP was being used this must be our guy. A little caution can go a long way.
I highly doubt their method is fool proof though. I wouldn't want to be the one that gets falsely accused of having child porn. Life as you know it would be over from simply being accused.
Without knowing all the details I have to say I'm still not sure they should be tracking people through P2P since it is possible to fake your ID on the net. I know they can't track most spammers down so I have to wonder how accurate their methods really are.
But how I can judge the risks if I'm not being told everything about their methods? I can't I have no way to form an absolute opinion.
However, if there is some unique number that your computer generates such as the ID number that Pentium III chips generated their for a bit then I bet there are a whole bunch of privacy advocates that would love to jump down somebody's throat about it.
While it could be used for good, such a thing could be used to uniquely identify you amongst spammers, scammers, and phishers too. I'm against child porn, but aren't they a minority? Shouldn't our main concern be protecting the privacy of the majority? Like I said, can't say without knowing the details. I don't like the people being left in the dark, but I don't like child abusers either. So, what to do?
I wonder if they'll have to reveal their methods at trial as a part of discovery.
Then make them all hand write any legislation they wish to vote for. That's the end of those ten thousand pages bills that nobody understands.
Of course we live in a world where the government taps your phone lines, but if we tap their phone lines we're going to prison for a long, long, long, long long time.
Strange huh?
C|NET placed a smiling photo of Joe Biden for what? This picture isn't neutral, it's a positive picture. I tell you, C|NET places a lot of pictures to fit into the stories that it spins.
This is a journalistic malpractice.
Biden is a crook dressed in a white suit.
- what is it with comp fact illiterates making decisions?
- by joebloe3000 April 18, 2008 10:28 PM PDT
- Seriously... What is it with senators who most likely don't know anything about technology and their need to find issues and go to town on em.
- Like this Reply to this comment
-
-
- by johnsunvalley November 21, 2008 1:15 AM PST
- http://www.babatek.com
- Like this
-
Showing 1 of 2 pages (43 Comments)The idea is not wrong, but the inability to understand that you simply can't control online activity like that is wrong.
File names? Seriously... Encrypted files, hashes, private networks etc etc. You're catching a few idiots, you're not catching anyone that knows anything, if at all.
There will be another revolution soon and it'll have to do with the fact that knowledge is power and now knowledge can be duplicated and shared for free instantly without boundaries. The same thing happened with the press, same will happen with copyright and the net and everything relating to the net.
The idea isn't wrong (protecting kids) but the way they want to go at it so totally wrong. 1 billion to get a bunch of people to infiltrate p2p networks is a waste of tax payers money.