Spook firm readies Virgin Media filesharing probes
'Witch-measuring not witch-finding'
The corridors at Detica's central London "Nerve Centre" are lined with portraits of the heroes of Bletchley Park, Britain's World War Two code-breaking powerhouse.
The black and white gallery acted as an reminder of the secret government business where the firm makes most of its money when The Register visited recently. We were there to discuss Detica's uncharacteristically public new venture, however: a bravely-timed saunter onto the illegal filesharing battlefield.
The BAE-owned firm has been engaged by Virgin Media to measure the level of music copyright infringement on its network via peer-to-peer protocols, on a trial basis beginning "by the end of this year". Detica plans to do this by inserting Deep Packet Inspection (DPI) probes into the ISP's network and looking inside a copy of users' traffic.
"There's not going to be many, because they're expensive," said Dan Klein, Detica's media accounts director, and the man in charge of the trial.
Nevertheless, it's planned the system, CView, will examine 40 per cent of the traffic sent and received by Virgin Media's four million subscribers. Those 1.6 million-or-so customers at any one time won't know their traffic is being examined and won't be able to opt out.
CView will look for three types of filesharing traffic: eDonkey, Gnutella and BitTorrent. Each is identifiable by the header data that routes each packet as it travels across the internet. Most ISPs already measure traffic passing through their networks this way, allowing them to manage bandwidth across web browsing, streaming, filesharing and other applications.
CView will go several major steps further though. Once it has identified a eDonkey, Gnutella or BitTorrent session, it will strip out the IP address of the user from each packet, replacing it with a randomly-generated unique identifier and pulling out an "acoustic fingerprint". The processed material will be sent on to a central server run by Detica to be matched against a database of acoustic fingerprint of copyright songs provided by a third party.
Klein wouldn't identify the database Detica will use during the trial, but the same technology is on offer from Audible Magic, Gracenote and Shazam.
From there a series of statistics will be generated. Reports will tell Virgin Media how much of the peer-to-peer traffic infringes copyright and what the most popular tracks and albums are.
The reports will be delivered weekly, or monthly, or even quarterly, Klein said. It's one of many details of the trial yet to be decided. "We don't know who's going to end up paying for this," he added.
Perhaps most importantly, at least at first, CView will measure how the overall level of copyright infringement via peer-to-peer networks responds to Lord Mandelson's letter-writing campaign. If the Digital Economy Bill is passed in what remains of this Parliament, those observed by rights holder groups sharing copyright material could start receiving statutory warnings in the post from their ISP as soon as April.
A year later a system of "technical measures" - bandwidth restrictions, blocked protocols and disconnections for the most persistent - imposed on ISPs by Ofcom, is likely to follow. If successful in trial, CView will allow Virgin Media to monitor how its customers respond to the regime, although it will not be involved in idenfiying infringers.
This page was corrected to reflect the fact that the acoustic fingerprint of the P2P traffic is taken by the CView box, not by the patten matching server as originally stated.
Sponsored: Becoming a Pragmatic Security Leader