Sorcerers apprentice at ATT: Security and privacy and reliability collide again

AT&T considers reading all the packets that cross its lines. Quite an interesting proposal. Tim Wu’s take

The prospect of AT&T, already accused of spying on our telephone calls, now scanning every e-mail and download for outlawed content is way too totalitarian for my tastes. But the bizarre twist is that the proposal is such a bad idea that it would be not just a disservice to the public but probably a disaster for AT&T itself. If I were a shareholder, I’d want to know one thing: Has AT&T, after 122 years in business, simply lost its mind?

The inspiration for Tim Wu’s article is a discussion described in NY Times.

“What we are already doing to address piracy hasn’t been working. There’s no secret there,” said James Cicconi, senior vice president, external & legal affairs for AT&T.

Mr. Cicconi said that AT&T has been talking to technology companies, and members of the M.P.A.A. and R.I.A.A., for the last six months about carrying out digital fingerprinting techniques on the network level.

“We are very interested in a technology based solution and we think a network-based solution is the optimal way to approach this,” he said. “We recognize we are not there yet but there are a lot of promising technologies. But we are having an open discussion with a number of content companies, including NBC Universal, to try to explore various technologies that are out there.”

It’s doubtful that anyone at AT&T has raised serious concerns about the civil liberties implications of such technology, and I’d be surprised if there was not some happy contemplation of all the marketing data that could be gathered – but the security implications are also interesting. AT&T is essentially contemplating a universal “man-in-the-middle” assault on the internet communications of all of its customers. Bob sends a message to Sue and the message gets opened in some network center between the two of them, inspected, read, logged, and possibly decrypted (because, surely, they have anticipated that the evil file sharers will use encryption). The logs and saved copies are immediately interesting targets for hackers. The data itself is tempting for ATT to abuse – or for enterprising employees to privatize (of course, we assume there will safeguards as elaborate as those banks use to protect themselves against rogue traders!). The snooping devices on the network are interesting targets. The presence of such devices will introduce timing quirks that are identical to those produced by free-lance man-in-the-middle attackers. In fact, the very idea is a gold-mine of potential security, shall we say, limitations.

As a digital content creator, I have a problem with piracy. I do not want people to be copying the proprietary software I create and circulating copies without paying me. I don’t want people copying the open-source software I create without putting the appropriate copyright statements and notices on the copies. I am not one of the “free information” utopians who long for a glorious future in which software developers can sell T-shirts and pass the hat to make a living. But many of the worst types of engineering failures are caused by the “sorcerers apprentice” or “neglected off-switch” error. Good system designers wrestle with trade-offs – reliability and features versus speed, power consumption versus computing power, size versus heat, and so on. They are acutely conscious of the possibility that a fix may itself introduce a new problem: “Solving” the problem of unlicensed material passing over a network by ripping a giant gaping hole in network security is, to put it mildly, not good system engineering.