June 14, 2007

AT&T's Internet Monitoring Plans

Greetings. News stories (such as this example), are appearing widely about an AT&T plan to try block pirated content at the network level.

The implications of this sort of network snooping are immense. One might assume that a primary target will be file sharing technologies. But to actually pick out particular content from those streams would imply the need to actually examine and characterize the payload of files to locate and block potentially offending music and/or video content.

AT&T will no doubt suggest that this activity is akin to virus and spam filtering of e-mail for their customers. This would be a specious analogy. Spam filtering can usually be controlled by the user, and virtually all AT&T mail processing can be avoided by their customers if AT&T servers are not used.

However, it sounds as if AT&T is planning a network monitoring regime that would not be dependent on the use of AT&T servers. What's more, the "benefits" of this monitoring would not be directed to the customers whose traffic is being monitored, but rather for the benefit of unrelated third parties.

"Fingerprinting" of content for anti-piracy purposes is not always unacceptable. For example, Google/YouTube is reportedly starting tests of a copyrighted material characterization blocking system. Since users submitting videos to YouTube are doing so with the expectation of that content being hosted there, it is not unreasonable for YouTube to avoid hosting pirated materials whenever practicable.

However, AT&T's proper role in this context (among an ever smaller number of ISP choices) is simply to move customer data traffic between points, not to be a content policing agent for third-party commercial interests, or a mass data conduit for government interests without appropriate legal authority, for that matter. The traffic under discussion, based on news reports about the AT&T plans so far, would typically not be directed to AT&T servers, and should not be subject to content inspection by AT&T, in the absence of specific targeted court orders or the like.

We can get into a discussion of if and how common carrier considerations play into any of this anymore, and how encryption (and attempts to control and suppress encryption) will enter the mix, but the very fact that these AT&T plans have gotten this far is extremely disturbing.

Finally, perhaps the most illuminating aspect of this situation is a statement by James W. Cicconi, an AT&T senior vice president, who is quoted as saying that AT&T wouldn't look at the privacy and other legal issues involved until after a monitoring technology has been chosen.

That pretty much says it all.


(Updated 9/22/07 to replace stale link.)

Posted by Lauren at June 14, 2007 06:50 AM | Permalink
Twitter: @laurenweinstein
Google+: Lauren Weinstein