The Darknet and the Future of Content Distribution

Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman Microsoft Corporation1 Abstract
We investigate the darknet a collection of networks and technologies used to share digital content. The darknet is not a separate physical network but an application and protocol layer riding on e isting networks. ! a"ples of darknets are peer#to#peer file sharing$ CD and D%D copying$ and key or password sharing on e"ail and newsgroups. The last few years have seen vast increases in the darknet&s aggregate bandwidth$ reliability$ usability$ si'e of shared library$ and availability of search engines. (n this paper we categori'e and analy'e e isting and future darknets$ fro" both the technical and legal perspectives. We speculate that there will be short#ter" i"pedi"ents to the effectiveness of the darknet as a distribution "echanis"$ but ulti"ately the darknet#genie will not be put back into the bottle. (n view of this hypothesis$ we e a"ine the relevance of content protection and content distribution architectures.

1 (ntroduction
)eople have always copied things. (n the past$ "ost ite"s of value were physical ob*ects. )atent law and econo"ies of scale "eant that s"all scale copying of physical ob*ects was usually unecono"ic$ and large#scale copying +if it infringed, was stoppable using police"en and courts. Today$ things of value are increasingly less tangible- often they are *ust bits and bytes or can be accurately represented as bits and bytes. The widespread deploy"ent of packet#switched networks and the huge advances in co"puters and codec#technologies has "ade it feasible +and indeed attractive, to deliver such digital works over the (nternet. This presents great opportunities and great challenges. The opportunity is low#cost delivery of personali'ed$ desirable high#.uality content. The challenge is that such content can be distributed illegally. Copyright law governs the legality of copying and distribution of such valuable data$ but copyright protection is increasingly strained in a world of progra""able co"puters and high#speed networks. For e a"ple$ consider the staggering burst of creativity by authors of co"puter progra"s that are designed to share audio files. This was first populari'ed by /apster$ but today several popular applications and services offer si"ilar capabilities. CD#writers have beco"e "ainstrea"$ and D%D#writers "ay well follow suit. 0ence$ even in the absence of network connectivity$ the opportunity for low#cost$ large#scale file sharing e ists.

1.1 The Darknet

Throughout this paper$ we will call the shared ite"s +e.g. software progra"s$ songs$ "ovies$ books$ etc., objects. The persons who copy ob*ects will be called users of the darknet$ and the co"puters used to share ob*ects will be called hosts. The idea of the darknet is based upon three assu"ptions1tate"ents in this paper represent the opinions of the authors and not necessarily the position of Microsoft Corporation.
1

1. 2ny widely distributed ob*ect will be available to a fraction of users in a for" that per"its copying. 3. 4sers will copy ob*ects if it is possible and interesting to do so. 5. 4sers are connected by high#bandwidth channels. The darknet is the distribution network that e"erges fro" the in*ection of ob*ects according to assu"ption 1 and the distribution of those ob*ects according to assu"ptions 3 and 5. 6ne i"plication of the first assu"ption is that any content protection syste" will leak popular or interesting content into the darknet$ because so"e fraction of users##possibly e pertswill overco"e any copy prevention "echanis" or because the ob*ect will enter the darknet before copy protection occurs. The ter" 7widely distributed8 is intended to capture the notion of "ass "arket distribution of ob*ects to thousands or "illions of practically anony"ous users. This is in contrast to the protection of "ilitary$ industrial$ or personal secrets$ which are typically not widely distributed and are not the focus of this paper. 9ike other networks$ the darknet can be "odeled as a directed graph with labeled edges. The graph has one verte for each user:host. For any pair of vertices +u$v,$ there is a directed edge fro" u to v if ob*ects can be copied fro" u to v. The edge labels can be used to "odel relevant infor"ation about the physical network and "ay include infor"ation such as bandwidth$ delay$ availability$ etc. The vertices are characteri'ed by their ob*ect library$ ob*ect re.uests "ade to other vertices$ and ob*ect re.uests satisfied. To operate effectively$ the darknet has a s"all nu"ber of technological and infrastructure re.uire"ents$ which are si"ilar to those of legal content distribution networks. These infrastructure re.uire"ents are1. facilities for in*ecting new ob*ects into the darknet +input, 3. a distribution network that carries copies of ob*ects to users +trans"ission, 5. ubi.uitous rendering devices$ which allow users to consu"e ob*ects +output, ;. a search "echanis" to enable users to find ob*ects +database, <. storage that allows the darknet to retain ob*ects for e tended periods of ti"e. Functionally$ this is "ostly a caching "echanis" that reduces the load and e posure of nodes that in*ect ob*ects. The dra"atic rise in the efficiency of the darknet can be traced back to the general technological i"prove"ents in these infrastructure areas. 2t the sa"e ti"e$ "ost atte"pts to fight the darknet can be viewed as efforts to deprive it of one or "ore of the infrastructure ite"s. 9egal action has traditionally targeted search engines and$ to a lesser e tent$ the distribution network. 2s we will describe later in the paper$ this has been partially successful. The drive for legislation on "andatory water"arking ai"s to deprive the darknet of rendering devices. We will argue that water"arking approaches are technically flawed and unlikely to have any "aterial i"pact on the darknet. Finally$ "ost content protection syste"s are "eant to prevent or delay the in*ection of new ob*ects into the darknet. =ased on our first assu"ption$ no such syste" constitutes an i"penetrable barrier$ and we will discuss the "erits of so"e popular syste"s. We see no technical i"pedi"ents to the darknet beco"ing increasingly efficient +"easured by aggregate library si'e and available bandwidth,. 0owever$ the darknet$ in all its transport#layer e"bodi"ents$ is under legal attack. (n this paper$ we speculate on the technical and legal future of the darknet$ concentrating particularly$ but not e clusively$ on peer#to#peer networks. The rest of this paper is structured as follows. 1ection 3 analy'es different "anifestations of the darknet with respect to their robustness to attacks on the

infrastructure re.uire"ents described above and speculates on the future develop"ent of the darknet. 1ection 5 describes content protection "echanis"s$ their probable effect on the darknet$ and the i"pact of the darknet upon the". (n sections ; and <$ we speculate on the scenarios in which the darknet will be effective$ and how businesses "ay need to behave to co"pete effectively with it.

3 The !volution of the Darknet

We classify the different "anifestations of the darknet that have co"e into e istence in recent years with respect to the five infrastructure re.uire"ents described and analy'e weaknesses and points of attack. 2s a syste"$ the darknet is sub*ect to a variety of attacks. 9egal action continues to be the "ost powerful challenge to the darknet. 0owever$ the darknet is also sub*ect to a variety of other co""on threats +e.g. viruses$ spa""ing, that$ in the past$ have lead to "inor disruptions of the darknet$ but could be considerably "ore da"aging. (n this section we consider the potential i"pact of legal develop"ents on the darknet. Most of our analysis focuses on syste" robustness$ rather than on detailed legal .uestions. We regard legal .uestions only with respect to their possible effect- the failure of certain nodes or links +vertices and edges of the graph defined above,. (n this sense$ we are investigating a well known proble" in distributed syste"s.

3.1 !arly 1"all#Worlds /etworks

)rior to the "id 1>>?s$ copying was organi'ed around groups of friends and ac.uaintances. The copied ob*ects were "usic on cassette tapes and co"puter progra"s. The rendering devices were widely#available tape players and the co"puters of the ti"e see Fig. 1. Content in*ection was trivial$ since "ost ob*ects were either not copy protected or$ if they were e.uipped with copy protection "echanis"s$ the "echanis"s were easily defeated. The distribution network was a 7sneaker net8 of floppy disks and tapes +storage,$ which were handed in person between "e"bers of a group or were sent by postal "ail. The bandwidth of this network albeit s"all by today&s standards was sufficient for the ob*ects of the ti"e. The "ain li"itation of the sneaker net with its "echanical transport layer was latency. (t could take days or weeks to obtain a copy of an ob*ect. 2nother serious li"itation of these networks was the lack of a sophisticated search engine. There were li"ited atte"pts to prosecute individuals who were trying to sell copyrighted ob*ects they had obtained fro" the darknet +co""ercial piracy,. 0owever$ the darknet as a whole was never under significant legal threat. @easons "ay have included its li"ited co""ercial i"pact and the protection fro" legal surveillance afforded by sharing a"ongst friends. The si'es of ob*ect libraries available on such networks are strongly influenced by the interconnections between the networks. For e a"ple$ schoolchildren "ay copy content fro" their 7fa"ily network8 to their 7school network8 and thereby increase the si'e of the darknet ob*ect library available to each. 1uch networks have been studied e tensively and are classified as 7interconnected s"all#worlds networks.8 A3;B There are several popular e a"ples of the characteristics of such syste"s. For e a"ple$ "ost people have a social group of a few score of people. !ach of these people has a group of friends that partly overlap with their friends& friends$ and also introduces "ore people. (t is esti"ated that$ on average$ each person is connected to every other person in the world by a chain of about si people fro" which arises the ter" 7si degrees of separation8.

These findings are re"arkably broadly applicable +e.g. A3?B$A5B,. The chains are on average so short because certain super#peers have "any links. (n our e a"ple$ so"e people are gregarious and have lots of friends fro" different social or geographical circles.. We suspect that these findings have i"plications for sharing on darknets$ and we will return to this point when we discuss the darknets of the future later in this paper. The s"all#worlds darknet continues to e ist. 0owever$ a nu"ber of technological advances have given rise to new for"s of the darknet that have superseded the s"all# worlds for so"e ob*ect types +e.g. audio,.

3.3 Central (nternet 1ervers

=y 1>>C$ a new for" of the darknet began to e"erge fro" technological advances in several areas. The internet had beco"e "ainstrea"$ and as such its protocols and infrastructure could now be relied upon by anyone seeking to connect users with a centrali'ed service or with each other. The continuing fall in the price of storage together with advances in co"pression technology had also crossed the threshold at which storing large nu"bers of audio files was no longer an obstacle to "ainstrea" users. 2dditionally$ the power of co"puters had crossed the point at which they could be used as rendering devices for "ulti"edia content. Finally$ 7CD ripping8 beca"e a trivial "ethod for content in*ection. The first e"bodi"ents of this new darknet were central internet servers with large collections of M)5 audio files. 2 funda"ental change that ca"e with these servers was

the use of a new distribution network- The internet displaced the sneaker net at least for audio content. This solved several proble"s of the old darknet. First$ latency was reduced drastically. 1econdly$ and "ore i"portantly$ discovery of ob*ects beca"e "uch easier because of si"ple and powerful search "echanis"s "ost i"portantly the general#purpose world# wide#web search engine. The local view of the s"all world was replaced by a global view of the entire collection accessible by all users. The "ain characteristic of this for" of the darknet was centrali'ed storage and search a si"ple architecture that "irrored "ainstrea" internet servers. Centrali'ed or .uasi#centrali'ed distribution and service networks "ake sense for legal online co""erce. =andwidth and infrastructure costs tend to be low$ and having custo"ers visit a co""erce site "eans the "erchant can display adverts$ collect profiles$ and bill efficiently. 2dditionally$ "anage"ent$ auditing$ and accountability are "uch easier in a centrali'ed "odel. 0owever$ centrali'ed sche"es work poorly for illegal ob*ect distribution because large$ central servers are large single points of failure- (f the distributor is breaking the law$ it is relatively easy to force hi" to stop. !arly M)5 Web and FT) sites were co""only 7hosted8 by universities$ corporations$ and (1)s. Copyright#holders or their representatives sent 7cease and desist8 letters to these web#site operators and web# owners citing copyright infringe"ent and in a few cases followed up with legal action A1<B. The threats of legal action were successful attacks on those centrali'ed networks$ and M)5 web and FT) sites disappeared fro" the "ainstrea" shortly after they appeared.

3.5 )eer#to#)eer /etworks

The reali'ation that centrali'ed networks are not robust to attack +be it legal or technical, has spurred "uch of the innovation in peer#to#peer networking and file sharing technologies. (n this section$ we e a"ine architectures that have evolved. !arly syste"s were flawed because critical co"ponents re"ained centrali'ed +/apster, or because of inefficiencies and lack of scalability of the protocol +gnutella, A1DB. (t should be noted that the proble" of ob*ect location in a "assively distributed$ rapidly changing$ heterogeneous syste" was new at the ti"e peer#to#peer syste"s e"erged. !fficient and highly scalable protocols have been proposed since then A>B$A35B. 2.3.1. Napster /apster was the service that ignited peer#to#peer file sharing in 1>>> A1;B. There should be little doubt that a "a*or portion of the "assive +for the ti"e, traffic on /apster was of copyrighted ob*ects being transferred in a peer#to#peer "odel in violation of copyright law. /apster succeeded where central servers had failed by relying on the distributed storage of ob*ects not under the control of /apster. This "oved the in*ection$ storage$ network distribution$ and consu"ption of ob*ects to users. 0owever$ /apster retained a centrali'ed database3 with a searchable inde on the file na"e. The centrali'ed database itself beca"e a legal target A1<B. /apster was first en*oined to deny certain .ueries +e.g. 7Metallica8, and then to police its network for all copyrighted content. 2s the si'e of the darknet inde ed by /apster shrank$ so did the nu"ber of users. This illustrates a general characteristic of darknets- there is positive feedback between the si'e of the ob*ect library and aggregate bandwidth and the appeal of the network for its users.
/apster used a far" of weakly coupled databases with clients attaching to *ust one of the server hosts.
3

2.3.2. Gnutella The ne t technology that sparked public interest in peer#to#peer file sharing was Enutella. (n addition to distributed ob*ect storage$ Enutella uses a fully distributed database described "ore fully in A15B. Enutella does not rely upon any centrali'ed server or service a peer *ust needs the () address of one or a few participating peers to +in principle, reach any host on the Enutella darknet. 1econd$ Enutella is not really 7run8 by anyone- it is an open protocol and anyone can write a Enutella client application. Finally$ Enutella and its descendants go beyond sharing audio and have substantial non#infringing uses. This changes its legal standing "arkedly and puts it in a si"ilar category to e"ail. That is$ e"ail has substantial non#infringing use$ and so e"ail itself is not under legal threat even though it "ay be used to transfer copyrighted "aterial unlawfully.

3.; @obustness of Fully Distributed Darknets

Fully distributed peer#to#peer syste"s do not present the single points of failure that led to the de"ise of central M)5 servers and /apster. (t is natural to ask how robust these syste"s are and what for" potential attacks could take. We observe the following weaknesses in Enutella#like syste"s Free riding 9ack of anony"ity 2.4.1 Free Riding )eer#to#peer syste"s are often thought of as fully decentrali'ed networks with copies of ob*ects unifor"ly distributed a"ong the hosts. While this is possible in principle$ in practice$ it is not the case. @ecent "easure"ents of libraries shared by gnutella peers indicate that the "a*ority of content is provided by a tiny fraction of the hosts A1B. (n effect$ although gnutella appears to be a peer#to#peer network of cooperating hosts$ in actual fact it has evolved to effectively be another largely centrali'ed syste" see Fig. 3. Free riding +i.e. downloading ob*ects without sharing the", by "any gnutella users appears to be "ain cause of this develop"ent. Widespread free riding re"oves "uch of the power of network dyna"ics and "ay reduce a peer#to#peer network into a si"ple unidirectional distribution syste" fro" a s"all nu"ber of sources to a large nu"ber of destinations. 6f course$ if this is the case$ then the vulnerabilities that we observed in centrali'ed syste"s +e.g. FT)#servers, are present again. Free riding and the e"ergence of super#peers have several causes)eer#to#peer file sharing assu"es that a significant fraction of users adhere to the so"ewhat post#capitalist idea of sacrificing their own resources for the 7co""on good8 of the network. Most free#riders do not see" to adopt this idea. For e a"ple$ with <F kbps "ode"s still being the network connection for "ost users$ allowing uploads constitutes a tangible bandwidth sacrifice. 6ne approach is to "ake collaboration "andatory. For e a"ple$ Freenet AFB clients are re.uired to contribute so"e disk space. 0owever$ enforcing such re.uire"ents without a central infrastructure is difficult. ! isting infrastructure is another reason for the e istence of super#peers. There are vast differences in the resources available to different types of hosts. For e a"ple$ a T5 connection provides the co"bined bandwidth of about one thousand <F kbps telephone connections.

2.4.2 Lack of Anonymity 4sers of gnutella who share ob*ects they have stored are not anony"ous. Current peer#to#peer networks per"it the server endpoints to be deter"ined$ and if a peer#client can deter"ine the () address and affiliation of a peer$ then so can a lawyer or govern"ent agency. This "eans that users who share copyrighted ob*ects face so"e threat of legal action. This appears to be yet another e planation for free riding. There are so"e possible technological workarounds to the absence of endpoint anony"ity. We could i"agine anony"i'ing routers$ overseas routers$ ob*ect frag"entation$ or so"e other "eans to co"plicate the effort re.uired by law#enforce"ent to deter"ine the original source of the copyrighted bits. For e a"ple$ Freenet tries to hide the identity of the hosts storing any given ob*ect by "eans of a variety of heuristics$ including routing the ob*ect through inter"ediate hosts and providing "echanis"s for easy "igration of ob*ects to other hosts. 1i"ilarly$ Mne"osyne A1?B tries to organi'e ob*ect storage$ such that individual hosts "ay not know what ob*ects are stored on the". (t is con*ectured in A1?B that this "ay a"ount to co""on#carrier status for the host. 2 detailed analysis of the legal or technical robustness of these syste"s is beyond the scope of this paper. 2.4.3 Attacks (n light of these weaknesses$ attacks on gnutella#style darknets focus on their ob*ect storage and search infrastructures. =ecause of the prevalence of super#peers$ the gnutella darknet depends on a relatively s"all set of powerful hosts$ and these hosts are pro"ising targets for attackers. Darknet hosts owned by corporations are typically easily re"oved. 6ften$ these hosts are set up by individual e"ployees without the knowledge of corporate "anage"ent. Eenerally corporations respect intellectual property laws. This together with their reluctance to beco"e targets of lawsuits$ and their centrali'ed network of hierarchical "anage"ent "akes it relatively easy to re"ove darknet hosts in the corporate do"ain. While the structures at universities are typically less hierarchical and strict than those of corporations$ ulti"ately$ si"ilar rules apply. (f the .co" and .edu T1 and T5 lines were pulled fro" under a darknet$ the usefulness of the network would suffer drastically. This would leave D19$ (1D/$ and cable#"ode" users as the high#bandwidth servers of ob*ects. We believe li"iting hosts to this class would present a far less effective piracy network today fro" the perspective of ac.uisition because of the relative rarity of high# bandwidth consu"er connections$ and hence users would abandon this darknet. 0owever$ consu"er broadband is beco"ing "ore popular$ so in the long run it is probable that there will be ade.uate consu"er bandwidth to support an effective consu"er darknet. The obvious ne t legal escalation is to bring direct or indirect +through the affiliation, challenges against users who share large libraries of copyrighted "aterial. This is already happening and the legal threats or actions appear to be successful ADB. This re.uires the collaboration of (1)s in identifying their custo"ers$ which appears to be forthco"ing due to re.uire"ents that the carrier "ust take to avoid liability5 and$ in so"e cases$ because of corporate ties between (1)s and content providers. 6nce again$ free riding "akes this attack strategy far "ore tractable. (t is hard to predict further legal escalation$ but we note that the DMC2 +digital "illenniu" copyright act, is a far#reaching +although not fully tested, e a"ple of a law that is potentially .uite powerful. We believe it probable that there will be a few "ore rounds of
The Church of 1cientology has been aggressive in pursuing (1)s that host its copyright "aterial on newsgroups. The suit that appeared "ost likely to result in a clear finding$ filed against /etco"$ was settled out of court. 0ence it is still not clear whether an (1) has a responsibility to police the users of its network.
5

technical innovations to sidestep e isting laws$ followed by new laws$ or new interpretations of old laws$ in the ne t few years.

2.4.4 Conclusions 2ll attacks we have identified e ploit the lack of endpoint anony"ity and are aided by the effects of free riding. We have seen effective legal "easures on all peer#to#peer technologies that are used to provide effectively global access to copyrighted "aterial. Centrali'ed web servers were effectively closed down. /apster was effectively closed down. Enutella and Ga'aa are under threat because of free rider weaknesses and lack of endpoint anony"ity. 9ack of endpoint anony"ity is a direct result of the globally accessible global ob*ect database$ and it is the e istence of the global database that "ost distinguishes the newer darknets fro" the earlier s"all worlds. 2t this point$ it is hard to *udge whether the darknet will be able to retain this global database in the long ter"$ but it see"s see"s clear that legal setbacks to global#inde peer#to#peer will continue to be severe. 0owever$ should Enutella#style syste"s beco"e unviable as darknets$ syste"s$ such as Freenet or Mne"osyne "ight take their place. )eer#to#peer networking and file sharing does see" to be entering into the "ainstrea" both for illegal and legal uses. (f we couple this with the rapid build#out of consu"er broadband$ the dropping price of storage$ and the fact that personal co"puters are effectively establishing the"selves as centers of ho"e#entertain"ent$ we suspect that peer#to#peer functionality will re"ain popular and beco"e "ore widespread.

3.< 1"all Worlds /etworks @evisited

(n this section we try to predict the evolution of the darknet should global peer#to#peer networks be effectively stopped by legal "eans. The globally accessible global database is the only infrastructure co"ponent of the darknet that can be disabled in this way. The other enabling technologies of the darknet +in*ection$ distribution networks$ rendering devices$ storage, will not only re"ain available$ but rapidly increase in power$ based on general technological advances and the possible incorporation of cryptography. We stress that the networks described in this section +in "ost cases, provide poorer services than global network$ and would only arise in the absence of a global database. (n the absence of a global database$ s"all#worlds networks could again beco"e the prevalent for" of the darknet. 0owever$ these s"all#worlds will be "ore powerful than they were in the past. With the widespread availability of cheap CD and D%D readers and writers as well as large hard disks$ the bandwidth of the sneaker net has increased dra"atically$ the cost of ob*ect storage has beco"e negligible and ob*ect in*ection tools have beco"e ubi.uitous. Further"ore$ the internet is available as a distribution "echanis" that is ade.uate for audio for "ost users$ and is beco"ing increasingly ade.uate for video and co"puter progra"s. (n light of strong cryptography$ it is hard to i"agine how sharing could be observed and prosecuted as long as users do not share with strangers. (n concrete ter"s$ students in dor"s will establish darknets to share content in their social group. These darknets "ay be based on si"ple file sharing$ D%D#copying$ or "ay use special application progra"s or servers- for e a"ple$ a chat or instant#"essenger client enhanced to share content with "e"bers of your buddy#list. !ach student will be a "e"ber of other darknets- for e a"ple$ their fa"ily$ various special interest groups$ friends fro" high#school$ and colleagues in part#ti"e *obs +Fig. 5,. (f there are a few active super#peers # users that locate and share ob*ects with 'eal # then we can anticipate that content will rapidly diffuse between darknets$ and relatively s"all darknets arranged around social groups will approach the aggregate libraries that are provided by the global darknets of today. 1ince the legal e posure of such sharing is .uite li"ited$ we believe that sharing a"ongst socially oriented groups will increase unabated. 1"all#worlds networks suffer so"ewhat fro" the lack of a global databaseH each user can only see the ob*ects stored by his s"all world neighbors. This raises a nu"ber of interesting .uestions about the network structure and ob*ect flow-

What graph structure will the network haveI For e a"ple$ will it be connectedI What will be the average distance between two nodesI Eiven a graph structure$ how will ob*ects propagate through the graphI (n particular$ what fraction of ob*ects will be available at a given nodeI 0ow long does it take for ob*ects to propagate +diffuse, through the networkI

Juestions of this type have been studied in different conte ts in a variety of fields +"athe"atics$ co"puter science$ econo"ics$ and physics,. 2 nu"ber of e"pirical studies seek to establish structural properties of different types of s"all world networks$ such as social networks A3?B and the world#wide web A5B. These works conclude that the dia"eter of the e a"ined networks is s"all$ and observe further structural properties$ such as a power law of the degree distribution A<B$ 2 nu"ber of authors seek to "odel these networks by "eans of rando" graphs$ in order to perfor" "ore detailed "athe"atical analysis on the "odels A3B$ACB$A31B$A33B and$ in particular$ study the possibility of efficient search under different rando" graph distributions A1CB$A1>B. We will present a .uantitative study of the structure and dyna"ics of s"all#worlds networks in an upco"ing paper$ but to su""ari'e$ s"all#worlds darknets can be e tre"ely efficient for popular titles- very few peers are needed to satisfy re.uests for top#3? books$ songs$ "ovies or co"puter progra"s. (f darknets are interconnected$ we e pect the effective introduction rate to be large. Finally$ if darknet clients are enhanced to actively seek out new popular content$ as opposed to the user#de"and based sche"es of today$ s"all#worlds darknets will be very efficient.

5 (ntroducing Content into the Darknet

6ur analysis and intuition have led us to believe that efficient darknets in global or s"all#worlds for" ## will re"ain a fact of life. (n this section we e a"ine rights# "anage"ent technologies that are being deployed to li"it the introduction rate or decrease the rate of diffusion of content into the darknet.

5.1 Conditional 2ccess 1yste"s

2 conditional#access syste" is a si"ple for" of rights#"anage"ent syste" in which subscribers are given access to ob*ects based +typically, on a service contract. Digital rights "anage"ent syste"s often perfor" the sa"e function$ but typically i"pose restrictions on the use of ob*ects after unlocking. Conditional access syste"s such as cable$ satellite T%$ and satellite radio offer little or no protection against ob*ects being introduced into the darknet fro" subscribing hosts. 2 conditional#access syste" custo"er has no access to channels or titles to which they are not entitled$ and has essentially free use of channels that he has subscribed or paid for. This "eans that an invest"ent of KL1?? +at ti"e of writing, on an analog video# capture card is sufficient to obtain and share T% progra"s and "ovies. 1o"e C2 syste"s provide post#unlock protections but they are generally cheap and easy to circu"vent. Thus$ conditional access syste"s provide a widely deployed$ high#bandwidth source of video "aterial for the darknet. (n practice$ the large si'e and low cost of C2#provided video content will li"it the e ploitation of the darknet for distributing video in the near#ter". The sa"e can not be said of the use of the darknet to distribute conditional#access syste" broadcast keys. 2t so"e level$ each head#end +satellite or cable T% head#end, uses an encryption key that "ust be "ade available to each custo"er +it is a broadcast,$

and in the case of a satellite syste" this could be "illions of ho"es. C2#syste" providers take "easures to li"it the usefulness of e ploited session keys +for e a"ple$ they are changed every few seconds,$ but if darknet latencies are low$ or if encrypted broadcast data is cached$ then the darknet could threaten C2#syste" revenues. We observe that the e posure of the conditional access provider to losses due to piracy is proportional to the nu"ber of custo"ers that share a session key. (n this regard$ cable#operators are in a safer position than satellite operators because a cable operator can narrowcast "ore cheaply.

5.3 D@M 1yste"s

2 classical#D@M syste" is one in which a client obtains content in protected +typically encrypted, for"$ with a license that specifies the uses to which the content "ay be put. ! a"ples of licensing ter"s that are being e plored by the industry are 7play on these three hosts$8 7play once$8 7use co"puter progra" for one hour$8 etc. The license and the wrapped content are presented to the D@M syste" whose responsibility is to ensure thata, The client cannot re"ove the encryption fro" the file and send it to a peer$ b, The client cannot 7clone8 its D@M syste" to "ake it run on another host$ c, The client obeys the rules set out in the D@M license$ and$ d, The client cannot separate the rules fro" the payload. 2dvanced D@M syste"s "ay go further. 1o"e such technologies have been co""ercially very successful the content scra"bling syste" used in D%Ds$ and +broadly interpreted, the protection sche"es used by conditional access syste" providers fall into this category$ as do newer D@M syste"s that use the internet as a distribution channel and co"puters as rendering devices. These technologies are appealing because they pro"ote the establish"ent of new businesses$ and can reduce distribution costs. (f costs and licensing ter"s are appealing to producers and consu"ers$ then the vendor thrives. (f the licensing ter"s are unappealing or inconvenient$ the costs are too high$ or co"peting syste"s e ist$ then the business will fail. The DivM 7D%D8 rental "odel failed on "ost or all of these "etrics$ but C11# protected D%Ds succeeded beyond the wildest e pectations of the industry. 6n personal co"puters$ current D@M syste"s are software#only syste"s using a variety of tricks to "ake the" hard to subvert. D@M enabled consu"er electronics devices are also beginning to e"erge. (n the absence of the darknet$ the goal of such syste"s is to have co"parable security to co"peting distribution syste"s notably the CD and D%D so that progra""able co"puters can play an increasing role in ho"e entertain"ent. We will speculate whether these strategies will be successful in the 1ect. <. D@M syste"s strive to be =6=! +break#once$ break everywhere,#resistant. That is$ suppliers anticipate +and the assu"ptions of the darknet predict, that individual instances +clients, of all security#syste"s$ whether based on hardware or software$ will be subverted. (f a client of a syste" is subverted$ then all content protected by that D@M client can be unprotected. (f the break can be applied to any other D@M client of that class so that all of those users can break their syste"s$ then the D@M#sche"e is =6=!#weak. (f$ on the other hand$ knowledge gained breaking one client cannot be applied elsewhere$ then the D@M syste" is =6=!#strong. Most co""ercial D@M#syste"s have =6=!#e ploits$ and we note that the darknet applies to D@M#hacks as well. The C11 syste" is an e e"plary =6=!#weak syste". The knowledge and code that co"prised the De#C11 e ploit spread uncontrolled around

the world on web#sites$ newsgroups$ and even T#shirts$ in spite of the fact that$ in principle$ the Digital Millenniu" Copyright 2ct "akes it a cri"e to develop these e ploits. 2 final characteristic of e isting D@M#syste"s is renewability. %endors recogni'e the possibility of e ploits$ and build syste"s that can be field#updated. (t is hard to .uantify the effectiveness of D@M#syste"s for restricting the introduction of content into the darknet fro" e perience with e isting syste"s. ! isting D@M#syste"s typically provide protection for "onths to yearsH however$ the content available to such syste"s has to date been of "ini"al interest$ and the content that is protected is also available in unprotected for". The one syste" that was protecting valuable content +D%D video, was broken very soon after co"pression technology and increased storage capacities and bandwidth enabled the darknet to carry video content.

5.5 1oftware
The D@M#syste"s described above can be used to provide protection for software$ in addition other ob*ects +e.g. audio and video,. 2lternatively$ copy protection syste"s for co"puter progra"s "ay e"bed the copy protection code in the software itself. The "ost i"portant copy#protection pri"itive for co"puter progra"s is for the software to be bound to a host in such a way that the progra" will not work on an unlicensed "achine. =inding re.uires a "achine (D- this can be a uni.ue nu"ber on a "achine +e.g. a network card M2C address,$ or can be provided by an e ternal dongle. For such sche"es to be strong$ two things "ust be true. First$ the "achine (D "ust not be 7virtuali'able.8 For instance$ if it is trivial to "odify a /(C driver to return an invalid M2C address$ then the software#host binding is easily broken. 1econd$ the code that perfor"s the binding checks "ust not be easy to patch. 2 variety of technologies that revolve around software ta"per#resistance can help here A;B. We believe that binding software to a host is a "ore tractable proble" than protecting passive content$ as the for"er only re.uires ta"per resistance$ while the latter also re.uires the ability to hide and "anage secrets. 0owever$ we observe that all software copy#protection syste"s deployed thus far have bee broken. The definitions of =6=!# strong and =6=!#weak apply si"ilarly to software. Further"ore$ software is as "uch sub*ect to the dyna"ics of the darknet as passive content.

; )olicing 0osts
(f there are subverted hosts$ then content will leak into the darknet. (f the darknet is efficient$ then content will be rapidly propagated to all interested peers. (n the light of this$ technologists are looking for alternative protection sche"es. (n this section we will evaluate water"arking and fingerprinting technologies.

;.1 Water"arking
Water"arking e"beds an 7indelible8 invisible "ark in content. 2 plethora of sche"es e ist for audio:video and still i"age content and co"puter progra"s. There are a variety of sche"es for e ploiting water"arks for content#protection. Consider a rendering device that locates and interprets water"arks. (f a water"ark is found then special action is taken. Two co""on actions are1, Restrict behavior For e a"ple$ a bus#adapter "ay refuse to pass content that has the 7copy once8 and 7already copied once8 bits set.

3,

Re!uire a license to play- For e a"ple$ if a water"ark is found indicating that content is rights#restricted then the renderer "ay de"and a license indicating that the user is authori'ed to play the content.

1uch syste"s were proposed for audio content for e a"ple the secure digital "usic initiative +1DM(, A1FB$ and are under consideration for video by the copy#protection technical working group +C)TWE, A13B. There are several reasons why it appears unlikely that such syste"s will ever beco"e an effective anti#piracy technology. Fro" a co""ercial point of view$ building a water"ark detector into a device renders it strictly less useful for consu"ers than a co"peting product that does not. This argues that water"arking sche"es are unlikely to be widely deployed$ unless "andated by legislation. The recently proposed 0ollings bill is a step along these lines A11B. We contrast water"ark#based policing with classical D@M- (f a general#purpose device is e.uipped with a classical D@M#syste"$ it can play all content ac.uired fro" the darknet$ and have access to new content ac.uired through the D@M#channel. This is in stark distinction to reduction of functionality inherent in water"ark#based policing. !ven if water"arking syste"s were "andated$ this approach is likely to fail due to a variety of technical inade.uacies. The first inade.uacy concerns the robustness of the e"bedding layer. We are not aware of syste"s for which si"ple data transfor"ations cannot strip the "ark or "ake it unreadable. Marks can be "ade "ore robust$ but in order to recover "arks after adversarial "anipulation$ the reader "ust typically search a large phase space$ and this .uickly beco"es untenable. (n spite of the proliferation of proposed water"arking sche"es$ it re"ains doubtful whether robust e"bedding layers for the relevant content types can be found. 2 second inade.uacy lies in unrealistic assu"ptions about key "anage"ent. Most water"arking sche"es re.uire widely deployed cryptographic keys. 1tandard water"arking sche"es are based on the nor"al cryptographic principles of a public algorith" and secret keys. Most sche"es use a shared#key between "arker and detector. (n practice$ this "eans that all detectors need a private key$ and$ typically$ share a single private key. (t would be naNve to assu"e that these keys will re"ain secret for long in an adversarial environ"ent. 6nce the key or keys are co"pro"ised$ the darknet will propagate the" efficiently$ and the sche"e collapses. There have been proposals for public#key water"arking syste"s. 0owever$ so far$ this work does not see" practical and the corresponding sche"es do not even begin to approach the robustness of the cryptographic syste"s whose na"e they borrow. 2 final consideration bears on the location of "andatory water"ark detectors in client devices. 6n open co"puting devices +e.g. personal co"puters,$ these detectors could$ in principle$ be placed in software or in hardware. )lacing detectors in software would be largely "eaningless$ as circu"vention of the detector would be as si"ple as replacing it by a different piece of software. This includes detectors placed in the operating syste"$ all of whose co"ponents can be easily replaced$ "odified and propagated over the darknet. 2lternatively$ the detectors could be placed in hardware +e.g. audio and video cards,. (n the presence of the proble"s described this would lead to untenable renewability proble"s ### the hardware would be ineffective within days of deploy"ent. Consu"ers$ on the other hand$ e pect the hardware to re"ain in use for "any years. Finally$ consu"ers the"selves are likely to rebel against 7footing the bill8 for these ineffective content protection syste"s. (t is virtually certain$ that the darknet would be filled with a continuous supply of water"ark re"oval tools$ based on co"pro"ised keys and weaknesses in the e"bedding layer. 2tte"pts to force the public to 7update8 their hardware would not only be intrusive$ but i"practical.

(n su""ary$ atte"pts to "andate content protection syste"s based on water"ark detection at the consu"er&s "achine suffer fro" co""ercial drawbacks and severe technical deficiencies. These sche"es$ which ai" to provide content protection beyond D@M by attacking the darknet$ are rendered entirely ineffective by the presence of even a "oderately functional darknet.

;.3 Fingerprinting
Fingerprint sche"es are based on si"ilar technologies and concepts to water"arking sche"es. 0owever$ whereas water"arking is designed to perfor" a"priori policing$ fingerprinting is designed to provide a"posteriori forensics. (n the si"plest case$ fingerprinting is used for individual#sale content +as opposed to super#distribution or broadcast although it can be applied there with so"e additional assu"ptions,. When a client purchases an ob*ect$ the supplier "arks it with an individuali'ed "ark that identifies the purchaser. The purchaser is free to use the content$ but if it appears on a darknet$ a police"an can identify the source of the content and the offender can be prosecuted. Fingerprinting suffers fro" fewer technical proble"s than water"arking. The "ain advantage is that no widespread key#distribution is needed a publisher can use whatever secret or proprietary fingerprinting technology they choose$ and is entirely responsible for the "anage"ent of their own keys. Fingerprinting has one proble" that is not found in water"arking. 1ince each fingerprinted copy of a piece of "edia is different$ if a user can obtain several different copies$ he can launch collusion attacks +e.g. averaging,. (n general$ such attacks are very da"aging to the fingerprint payload. (t re"ains to be seen whether fingerprinting will act as a deterrent to theft. There is currently no legal precedent for "edia fingerprints being evidence of cri"e$ and this case will probably be hard to "ake after all$ detection is a statistical process with false positives$ and plenty of opportunity for deniability. 0owever$ we anticipate that there will be uneasiness in sharing a piece of content that "ay contain a person&s identity$ and that ulti"ately leaves that person&s control. /ote also that with widely distributed water"arking detectors$ it is easy to see whether you have successfully re"oved a water"ark. There is no such assurance for deter"ining whether a fingerprint has been successfully re"oved fro" an ob*ect because users are not necessarily knowledgeable about the fingerprint sche"e or sche"es in use. 0owever$ if it turns out that the deterrence of fingerprinting is s"all +i.e. everyone shares their "edia regardless of the presence of "arks,$ there is probably no reasonable legal response. Finally$ distribution sche"es in which ob*ects "ust be individuali'ed will be e pensive.

< Conclusions
There see" to be no technical i"pedi"ents to darknet#based peer#to#peer file sharing technologies growing in convenience$ aggregate bandwidth and efficiency. The legal future of darknet#technologies is less certain$ but we believe that$ at least for so"e classes of user$ and possibly for the population at large$ efficient darknets will e ist. The rest of this section will analy'e the i"plications of the darknet fro" the point of view of individual technologies and of co""erce in digital goods.

<.1 Technological ("plications

D@M syste"s are li"ited to protecting the content they contain. =eyond our first assu"ption about the darknet$ the darknet is not i"pacted by D@M syste"s. (n light of our first assu"ption about the darknet$ D@M design details$ such as properties of the ta"per# resistant software "ay be strictly less relevant than the .uestion whether the current darknet has a global database. (n the presence of an infinitely efficient darknet which allows instantaneous trans"ission of ob*ects to all interested users even sophisticated D@M syste"s are inherently ineffective. 6n the other hand$ if the darknet is "ade up of isolated s"all worlds$ even =6=!#weak D@M syste"s are highly effective. The interesting cases arise between these two e tre"es in the presence of a darknet$ which is connected$ but in which factors$ such as latency$ li"ited bandwidth or the absence of a global database li"it the speed with which ob*ects propagate through the darknet. (t appears that .uantitative studies of the effective 7diffusion constant8 of different kinds of darknets would be highly useful in elucidating the dyna"ics of D@M and the darknet. )roposals for syste"s involving "andatory water"ark detection in rendering devices try to i"pact the effectiveness of the darknet directly by trying to detect and eli"inate ob*ects that originated in the darknet. (n addition to severe co""ercial and social proble"s$ these sche"es suffer fro" several technical deficiencies$ which$ in the presence of an effective darknet$ lead to their co"plete collapse. We conclude that such sche"es are doo"ed to failure.

<.3 =usiness in the Face of the Darknet

There is evidence that the darknet will continue to e ist and provide low cost$ high# .uality service to a large group of consu"ers. This "eans that in "any "arkets$ the darknet will be a co"petitor to legal co""erce. Fro" the point of view of econo"ic theory$ this has profound i"plications for business strategy- for e a"ple$ increased security +e.g. stronger D@M syste"s, "ay act as a disincentive to legal co""erce. Consider an M)5 file sold on a web site- this costs "oney$ but the purchased ob*ect is as useful as a version ac.uired fro" the darknet. 0owever$ a securely D@M#wrapped song is strictly less attractive- although the industry is striving for fle ible licensing rules$ custo"ers will be restricted in their actions if the syste" is to provide "eaningful security. This "eans that a vendor will probably "ake "ore "oney by selling unprotected ob*ects than protected ob*ects. (n short$ if you are co"peting with the darknet$ you "ust co"pete on the darknet&s own ter"s- that is convenience and low cost rather than additional security. Certain industries have faced this +to a greater or lesser e tent, in the past. Dongle# protected co"puter progra"s lost sales to unprotected progra"s$ or hacked versions of the progra". 4sers have also refused to upgrade to newer software versions that are copy protected. There are "any factors that influence the threat of the darknet to an industry. We see the darknet having "ost direct bearing on "ass#"arket consu"er ()#goods. Eoods sold to corporations are less threatened because corporations "ostly try to stay legal$ and will police their own intranets for illicit activities. 2dditionally$ the cost#per#bit$ and the total si'e of the ob*ects have a huge bearing on the co"petitiveness of today&s darknets co"pared with legal trade. For e a"ple$ today&s peer#to#peer technologies provide e cellent service .uality for audio files$ but users "ust be very deter"ined or price#sensitive to download "ovies fro" a darknet$ when the legal co"petition is a rental for a few dollars.

@eferences
A1B !. A3B

A5B A;B A<B AFB

ADB ACB A>B

A1?B A11B A13B A15B A1;B A1<B A1FB A1DB

A1CB A1>B A3?B A31B A33B A35B

A3;B

2dar and =. 2. 0uber"an$ Free Riding on #nutella, http-::www.first"onday.dk:issues:issue<O1?:adar:inde .ht"l W. 2iello$ F. Chung and 9. 9u$ Random evolution in massive graphs$ (n )roceedings of the ;3nd 2nnual (!!! 1y"posiu" on Foundations of Co"puter 1cience$ pages <1?P<1>$ 3??1. @. 2lbert$ 0. Qeong and 2.#9. =arabRsi$ $iameter o% the world"wide web$ /ature ;?1$ pages 15?P151$ 1>>>. D. 2ucs"ith$ &amper Resistant 'o%tware, (n )mplementation $ (nfor"ation 0iding 1>>F$ )roceedings- 1pringer 1>>C. 2.#9. =arabRsi$ @. 2lbert$ Emergence o% scaling in random networks$ 1cience 3CF$ pages <?>P<13$ 1>>>. (. Clarke$ 6. 1andberg$ =. Wiley and T. 0ong$ Freenet ( distributed in%ormation storage and retrieval system$ (nternational Workshop on Design (ssues in 2nony"ity and 4nobservability$ 3???. @. Clarke$ ( de%endant class action lawsuit http-::www.kentlaw.edu:perritt:honorsscholars:clarke.ht"l C. Cooper and 2. Frie'e$ ( general model o% web graphs$ )roceedings of !12 3??1$ pages <??#<11$ 3??1. F. Dabek$ !. =runskill$ M. F. Gaashoek$ D. Garger$ @. Morris$ (. 1toica and 0. =alakrishnan$ Building peer"to"peer systems with *hord, a distributed lookup service$ (n )roceedings of the !ighth (!!! Workshop on 0ot Topics in 6perating 1yste"s +0ot61#%(((,$ pages C1PCF$ 3??1. 1. 0and and T. @oscoe$ Mnemosyne peer"to"peer steganographic storage$ (n )roceedings of the First (nternational Workshop on )eer#to#)eer 1yste"s$ 3??3. 1enator Frit' 0ollings$ *onsumer Broadband and $igital &elevision Promotion (ct+ http-::www.cptwg.org http-::www.gnutelladev.co":protocol:gnutella#protocol.ht"l http-::www.napster.co" http-::www.riaa.org http-::www.sd"i.org M. Qavanovic$ F. 2nne tein and G. =er"an$ 'calability )ssues in ,arge Peer"to" Peer -etworks " ( *ase 'tudy o% #nutella $ !C!C1 Depart"ent$ 4niversity of Cincinnati$ Cincinnati$ 60 ;<331 Q. Gleinberg$ /avigation in a s"all world$ /ature ;?F$ 3???. Q. Gleinberg$ 'mall"world phenomena and the dynamics o% in%ormation $ 2dvances in /eural (nfor"ation )rocessing 1yste"s +/()1, 1;$ 3??1. 1. Milgra"$ The s"all world proble"$ )sychology Today$ vol. 3$ pages F?PFD$ 1>FD. M ./ew"an$ 'mall worlds the structure o% social networks $ 1anta Fe (nstitute$ Technical @eport >>#13#?C?$ 1>>>. M. /ew"an$ D. Watts and 1. 1trogat'$ Random graph models o% social networks$ )roc. /atl. 2cad. 1ci. 412 >>$ pages 3<FFP3<D3$ 3??3. (. 1toica$ @. Morris$ D. Garger$ M. F. Gaashoek$ 0. =alakrishnan$ *./R$ ( scalable peer"to"peer lookup service %or internet applications $ (n )roceedings of the 2CM 1(EC6MM 3??1 Conference ')#*/MM"01$ pages 1;>P1F?$ 3??1. D. Q. Watts and 1. 0. 1trogat'$ *ollective dynamics o% small"world networks $ /ature$ 5>5-;;?#;;3$ Qune 1>>C.