Debunking Audible Magic — Again
By EFF Staff Technologists Chris Palmer and Seth Schoen
20 July 2004
Last week, EFF published Audible Magic — No Silver Bullet for P2P Infringement, a paper analyzing the weaknesses of Audible Magic's CopySense™ appliance for thwarting copyright infringement on peer-to-peer (P2P) networks. Audible Magic responded to the analysis in a letter defending its product. Below, we respond to the letter, rebutting its claims point-by-point.
Audible Magic: "Our CopySense appliance does not report or intercede on email, FTP, or even HTTP traffic."
There's no technical reason why it couldn't be made to do so. As copyright infringers and legitimate file sharers find the gaps in CopySense's coverage, they will exploit these gaps. CopySense™ will have to adapt, and that will mean monitoring FTP, HTTP and email traffic, as well as other communication technologies like instant messaging.
Audible Magic: "From a user perspective we feel this is a much less invasive approach from a privacy point of view - stop the transfer instead of focusing on monitoring the users."
Audible Magic's whitepaper mentions monitoring users as one of CopySense's three primary functions (see page 2). While CopySense™ can implement other policies, it's disingenuous for Audible Magic to suggest that this is not a "focus" of the product -- especially since "log and report" is first on the list of policies it can implement.
Additionally, the whitepaper claims that it can "shape P2P bandwidth consumption." However, this is impossible to achieve unless the device is interposed between the two communicating computers at the IP layer, or comprises (part of) the link layer fabric -- for example, you would need a CopySense™ device to act as an Ethernet switch or bridge. There is no indication, and indeed every counter-indication, that CopySense™ in its current form is intended to or is able to work this way.
Audible Magic: "We also object to the premise that a network owner, especially a business, loses the right to control their network."
This is a straw man. EFF never said that anyone should lose the right to control her network. We said that CopySense™ is not an effective way to control a network, because it isn't.
Audible Magic: "With regard to the specifics of the article, the author makes a common error, that is comparing today's product with some theoretical possible future. What the author did by omission is validate that our product solves today's problem."
MUTE, WASTE, and Freenet are among the P2P file-sharing applications that encrypt the data transfer. They exist today.
Additionally, there are various cheap and easy ways to add encryption to existing applications, such as OpenSSL and Stunnel.
It is shortsighted for Audible Magic to refer to the use of widely understood encryption technology as "theoretical" -- especially when encryption is already available in file-sharing applications today.
Moreover, Audible Magic's reply misses the point of our critique. Investing in a technology like CopySense™ is a significant sunk cost for most universities and ISPs, both in terms of budgetary allocations as well as time and labor resources. With most educational institutions facing strained budgets and administrative hiring freezes, the last thing they need is to waste time installing and learning a system that will become obsolete soon after leaving the showroom.
Audible Magic: "With regard to the theoretical future, the author implies that creating a robust encrypted system is ‘trivial.' However, as the hacker community has proven with DRM, developing an unbreakable system is far from a trivial undertaking."
DRM and encryption for privacy are different in a crucial way. When Alice uses encryption to hide a message from an eavesdropper Eve, she encrypts it in a way only Bob can read. With DRM systems, the sender of the message (the movie or music studio) has to encrypt the message (i.e., a movie or song) in a way that the recipient Bob can decrypt in one scenario, but not another. In effect, DRM assumes Bob and Eve are the same person. DRM systems try to hide the message from the very people they are sending it to! This is as impossible as it sounds.
On the other hand, encryption for privacy works, works well, and is widespread. Much of it is available for free. If Audible Magic knows how to break encryption technologies such as SSL, it should reveal the vulnerabilities so that they can be fixed -- and help protect the millions of people who are already relying on these techniques to protect information such as financial data. (Although encryption for privacy has sometimes suffered from defects in implementation, it would be more than surprising to experts in the field if a company such as Audible Magic could break contemporary encryption systems on a whim.)
Audible Magic: "With regard to the other alleged weakness of the TCP reset. The author again assumes that it will be a trivial matter to get the operating system vendors, particularly Microsoft, to integrate the feature into the operating system."
As noted in our original article, protecting against spoofed TCP RSTs is hard and will never be perfect. But CopySense's entire attack depends on this mechanism, and it too cannot be perfect. Eventually, operating systems (especially open-source operating systems) will find ways to work around CopySense. Because TCP RST security is already a concern for other reasons, operating system developers have an existing incentive to try to solve this problem, even if they've never heard of CopySense. This means that CopySense™ relies on a particular quirk of network implementation that developers are already trying to fix.
A prerequisite for highly reliable filtering/blocking is the interposition of the filtering device between communicants. Unless Audible Magic relaxes its engineering requirement that CopySense™ not add latency to a network, it can't filter perfectly. And if the company relaxes its engineering requirements, it will lose customers (fewer potential customers will want to add more latency to their network).
Audible Magic: "The current appliance happens to use the TCP Reset to accomplish this today. There are many other technical methods of blocking transfers. Again, we have strategies to deal with them should they ever prove necessary. This is why we recommend our customers purchase a software support agreement [that] provides for these enhancements that keep their purchase up-to-date and protect their investment."
Translation? Audible Magic knows that spoofing TCP RST packets is a brittle mechanism, and intends to fix it. But you have to pay extra for that fix.
Ultimately, CopySense™ will have to migrate to a traditional IP router/firewall or Ethernet switch/bridge mechanism. This will result in a device that adds latency to network connections, breaking a primary design goal and removing a major selling point for the product.
In any case, strong encryption will still stymie CopySense™.
