• On CBS MoneyWatch: 6 Things Never to Post on Facebook
September 4, 2007 12:06 PM PDT

Is Comcast's BitTorrent filtering violating the law?

by Chris Soghoian

Disclaimer: I am not a lawyer. I'm a cybersecurity Ph.D. student and take classes in the Indiana University law school, but this in no way makes me a legal expert. CaveatlLector.

Within the last few weeks, there have been a number of reports by Comcast customers claiming that their BitTorrent downloads and uploads have been capped--or worse, blocked. TorrentFreak recently reported that Comcast, a major U.S. cable company, is using an application from Sandvine to throttle such connections.

Comcast LolCat

(Credit: Comcast and LolCat Buildr)

Many ISPs routinely filter the traffic on their networks. Many forbid customers from running e-mail servers or Web servers, and when the ISP detects that a customer's computer has been hacked, they often sever the Internet connection until the machine has been patched. Thus, the fact that a major ISP is now filtering yet another class of Internet traffic should not be major news--except for two factors: BitTorrent traffic accounts for upwards of 25 percent of U.S. Internet traffic, and the techniques used by Comcast are essentially the same as those used by the Great Firewall of China.

Before we get deeply into this issue, let us step back for a brief and high-level lesson in TCP/IP and Internet filtering technologies. Most Internet applications communicate via TCP, a protocol that uses a three-way handshake to establish a connection.

The very first step in a three-way handshake involves the client sending a SYN packet to the receiving party. Modern firewalls block this packet for banned types of traffic--that is, they prevent the recipient from receiving it, and as such, the connection can never be established. Your home firewall does this, as well as those used by Comcast and other ISPs to prevent you from sending millions of e-mail spam messages from their network.

Assuming that the SYN packet goes through, the three-way handshake is allowed to happen, then the two hosts will be able to begin communicating. Your ISP can still kill the connection later, should it wish to, merely by blocking the transmission of future packets.

According to TorrentFreak, Comcast is not doing this. They are instead sending a reset (or RST) packet to the Comcast customer, pretending to be from the host at the end of the BitTorrent connection. This RST packet is the TCP equivalent of stating "I don't want to talk to you anymore, please terminate the connection." It is extremely important to note that when Comcast creates and sends this packet, it does not identify itself as the the source of packet, but instead impersonates one of the parties involved in the BitTorrent connection. This is where things get rather shady.

Last year, researchers from Cambridge University analyzed the Great Firewall of China and found that it used falsified RST packets to terminate connections that matched keyword filters. They were able to determine that users could evade the Chinese government's censorship system by ignoring these reset packets.

Ok, so the Chinese government and Comcast are using the same censorship techniques. Why should we care? The Chinese government doesn't have to pay attention to U.S. law, but Comcast, being a U.S. company, does.

Many states make it illegal for an individual to impersonate another individual. New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "[impersonate] another and [do] an act in such assumed character with intent to obtain a benefit or to injure or defraud another." (See: NY Sec. 190.25: Criminal impersonation in the second degree). I do not believe that it would be too difficult to prove that Comcast obtains a benefit by impersonating others to eliminate or reduce BitTorrent traffic. Less torrent data flowing over their network will lead to an overall reduction in their bandwidth bill, and thus a huge cost savings.

New York is not the only state with such a law. Several other states including Connecticut and Alabama have similar laws on the books. Should any state AG's office decide to go after Comcast, it is quite possible that Comcast could be looking at a world of regulatory pain.

Comcast is perfectly within its right to filter the Internet traffic that flows over its network. What it is not entitled to do is to impersonate its customers and other users, in order to make that filtering happen. Dropping packets is perfectly OK, while falsifying sender information in packet headers is not.

Christopher Soghoian delves into the areas of security, privacy, technology policy and cyber-law. He is a student fellow at Harvard University's Berkman Center for Internet and Society , and is a PhD candidate at Indiana University's School of Informatics. His academic work and contact information can be found by visiting www.dubfire.net/chris/. He is a member of the CNET Blog Network, and is not an employee of CNET. Disclosure.
Recent posts from Surveillance State
YouTube's new 'nocookie' feature continues to serve cookies
Is the White House changing its YouTube tune?
Recovery.gov blocked search engine tracking
Obama's BlackBerry brings personal safety risks
White House expands use of search-blocking code
Activists call for a mashup-friendly Recovery.gov
White House yanks 'YouTube' from privacy policy
White House acts to limit YouTube cookie tracking
Add a Comment (Log in or register) (9 Comments)
  • prev
  • next
Comcast and Filtering
by cyto_daoc October 19, 2007 8:49 AM PDT
I am wondering if Comcast is starting to infringe on anticompetitive behavior. The companies that they are being blocked/throttled might be able to make a stand based on this.

I think BitTorrent should goto the FTC and have a chat with them about this. This is really stopping them from competing in an open and fair marketplace.
Reply to this comment
by Ronaldscheer December 13, 2007 6:47 PM PST
''Many states make it illegal for an individual to impersonate another individual. New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "[impersonate] another and [do] an act in such assumed character with intent to obtain a benefit or to injure or defraud another''
After reading the article and the comments I have come to the conclusion to start this discussion about Torrent-software in The Netherlands as well. I would like to share this information with you all. I use the website of a non-profit organisation www.geschilonline.nl. Soon all the text will be in english as well. Have fun exploring the site, leave your comments and we can all learn a lot. Regards,
Ronald Scheer
by dackl February 3, 2008 10:21 PM PST
BitTorrent is a freeware protocol used by a large number of (generally freeware) file-sharing clients... They don't have a 'company' behind them, and most of the 'clients' make any commercial profits off of ad space on download websites...

We aren't dealing with a Napster, Limewire, or Kazaa type system that has a corporation behind the product...
by gmtheace November 27, 2007 3:37 PM PST
test
Reply to this comment
by reliablehosting.com December 15, 2007 12:02 PM PST
Comcast uses Sandvine type routers to throttle, these are easily bypassed with using a VPN account like at <a class="jive-link-external" href="http://www.strongvpn.com" target="_newWindow">http://www.strongvpn.com</a> . Many VPN solutions are popping up now to bypass it, I wonder what Comcast will do to stop these.
Reply to this comment
by Reactor89 December 21, 2007 12:19 AM PST
Comcast can't stop VPN services I don't think they would try.

Reasoning is that if the Comcast understood the encryption on a valid VPN server they would have to be hacking those systems which is illegal, no matter what the intension.

Second is my assumption that if your using BitTorrent you don't want to spend money on things that should be payed for if you legally want to own them. This is why I can't see most BitTorrent users paying $25 a mouth keep using BitTorrent when you could be using that money to buy content legally anyway unless they are really hardcore pirater.

Yet I still think Comcast is chasing ghosts. There is already encrpition available for BitTorrent and if Comcast as much as touches that encryption the law suits will start flying. It's only a matter of time.
by baytapes January 17, 2008 7:28 PM PST
I work for Comcast and I'm outraged that they are doing this. I don't think their Sr. Level Management understands that there are a lot of perfectly legal files transferred via bit torrent. I can understand them not wanting a few people to eat up the bandwith but there are other ways to handle an issue like this without Throttling everyone who uses bit torrent.
Reply to this comment
by blacklogic1 May 8, 2008 8:44 PM PDT
There are so many to choose from.
VPN Service from Blacklogic
<a class="jive-link-external" href="http://www.blacklogic.com" target="_newWindow">http://www.blacklogic.com</a>
Reply to this comment
by switchvpn April 27, 2010 10:29 PM PDT
SwitchVPN.com Best VPN Solution. No provider Logs / Unblock all websites and VOIP / High Speed / Openvpn Support / 2048 Bit Encryption /


Special Discount
Coupon : SWITCH50
50% Discount.


Thank you
Reply to this comment
(9 Comments)
  • prev
  • next
advertisement

About Surveillance State

Christopher Soghoian delves into the areas of security, privacy, technology policy and cyber-law. He is a student fellow at Harvard University's Berkman Center for Internet and Society, and is a PhD candidate at Indiana University's School of Informatics. His academic work and contact information can be found by visiting www.dubfire.net/chris/. He is a member of the CNET Blog Network and is not an employee of CNET. Disclosure.

Add this feed to your online news reader

Surveillance State topics