[Infowarrior] - Is Comcast's BitTorrent filtering violating the law?

[Richard Forno]

Is Comcast's BitTorrent filtering violating the law?
Posted by Chris Soghoian
September 4, 2007 12:06 PM PDT
http://www.cnet.com/8301-13739_1-9769645-46.html

Disclaimer: I am not a lawyer. I'm a cyber-security PhD student and take
classes in the Indiana University law school, but this in no way makes me a
legal expert. Caveat Lector.

Within the last few weeks, there have been a number of reports by Comcast
customers claiming that their BitTorrent downloads and uploads have been
capped or worse, blocked. Torrent Freak recently reported that Comcast, a
major US cable company, is using an application from Sandvine to throttle
such connections.

Many ISPs routinely filter the traffic on their networks. Many forbid
customers from running email servers, web servers, and when the ISP detects
that a customer's computer has been hacked, they often sever the Internet
connection until the machine has been patched. Thus, the fact that a major
ISP is now filtering yet another class of Internet traffic should not be
major news--except for two factors: BitTorrent traffic accounts for upwards
of 25% of US Internet traffic, and the techniques used by Comcast are
essentially the same as those used by the Great Firewall of China.

Before we get deeply into this issue, let us step back for a brief, and
high-level lesson in TCP/IP, and Internet filtering technologies. Most
Internet applications use the TCP protocol to communicate. This protocol
uses a three-way handshake to establish a connection.

The very first step in a three-way handshake involves the client sending a
SYN packet to the receiving party. Modern firewalls block this packet for
banned types of traffic--that is, they prevent the recipient from receiving
it, and as such, the connection can never be established. Your home firewall
does this, as well as those used by Comcast and other ISPs to prevent you
from sending millions of email spam messages from their network.

Assuming that the SYN packet goes through, the three-way handshake is
allowed to happen, then the two hosts will be able to begin communicating.
Your ISP can still kill the connection later, should they wish to, merely by
blocking the transmission of future packets.

According to Torrent Freak, Comcast is not doing this. They are instead
sending a reset (or RST) packet to the Comcast customer, pretending to be
from the host at the end of the BitTorrent connection. This RST packet is
the TCP equivalent of stating "I don't want to talk to you anymore, please
terminate the connection". It is extremely important to note that when
Comcast creates and sends this packet, they do not identify themselves as
the the source of packet, but instead impersonate one of the parties
involved in the BitTorrent connection. This is where things get rather
shady.

Last year, researchers from Cambridge University analyzed the Great Firewall
of China and found that it used falsified RST packets to terminate
connections that matched keyword filters. They were able to determine that
users could evade the Chinese government's censorship system by ignoring
these reset packets.

Ok, so the Chinese government and Comcast are using the same censorship
techniques. Why should we care? The Chinese government doesn't have to pay
attention to US law, but Comcast, being a US company, does.

Many states make it illegal to impersonate others. New York, a state
notorious for its aggressive pro-consumer office of the Attorney General,
makes it a crime for someone to "[impersonate] another and [do] an act in
such assumed character with intent to obtain a benefit or to injure or
defraud another." (See: NY Sec. 190.25: Criminal impersonation in the second
degree). I do not believe that it would be too difficult to prove that
Comcast obtains a benefit by impersonating others to eliminate or reduce
BitTorrent traffic. Less torrent data flowing over their network will lead
to an overall reduction in their bandwidth bill, and thus a huge cost
savings.

New York is not the only state with such a law. Several other states
including Connecticut and Alabama have similar laws on the books. Should any
state AG's office decide to go after Comcast, it is quite possible that
Comcast could be looking at a world of regulatory pain.

Comcast is perfectly within its right to filter the Internet traffic that
flows over its network. What it is not entitled to do, is to impersonate its
customers and other users, in order to make that filtering happen. Dropping
packets is perfectly OK, while falsifying sender information in packet
headers is not.