The Darknet and the Future of Content Distribution

Peter Biddle, Paul England, Marcus Peinado, and Bryan Willman

Microsoft Corporation
1
Abstract
We investigate the darknet a collection of networks and technologies
used to share digital content. The darknet is not a separate physical
network but an application and protocol layer riding on eisting
networks. !a"ples of darknets are peer#to#peer file sharing$ CD and
D%D copying$ and key or password sharing on e"ail and newsgroups.
The last few years have seen vast increases in the darknet&s aggregate
bandwidth$ reliability$ usability$ si'e of shared library$ and availability of
search engines. (n this paper we categori'e and analy'e eisting and
future darknets$ fro" both the technical and legal perspectives. We
speculate that there will be short#ter" i"pedi"ents to the effectiveness
of the darknet as a distribution "echanis"$ but ulti"ately the darknet#
genie will not be put back into the bottle. (n view of this hypothesis$ we
ea"ine the relevance of content protection and content distribution
architectures.
1 (ntroduction
)eople have always copied things. (n the past$ "ost ite"s of value were physical
ob*ects. )atent law and econo"ies of scale "eant that s"all scale copying of physical
ob*ects was usually unecono"ic$ and large#scale copying +if it infringed, was stoppable
using police"en and courts. Today$ things of value are increasingly less tangible- often
they are *ust bits and bytes or can be accurately represented as bits and bytes. The
widespread deploy"ent of packet#switched networks and the huge advances in co"puters
and codec#technologies has "ade it feasible +and indeed attractive, to deliver such digital
works over the (nternet. This presents great opportunities and great challenges. The
opportunity is low#cost delivery of personali'ed$ desirable high#.uality content. The
challenge is that such content can be distributed illegally. Copyright law governs the
legality of copying and distribution of such valuable data$ but copyright protection is
increasingly strained in a world of progra""able co"puters and high#speed networks.
For ea"ple$ consider the staggering burst of creativity by authors of co"puter
progra"s that are designed to share audio files. This was first populari'ed by /apster$ but
today several popular applications and services offer si"ilar capabilities. CD#writers have
beco"e "ainstrea"$ and D%D#writers "ay well follow suit. 0ence$ even in the absence
of network connectivity$ the opportunity for low#cost$ large#scale file sharing eists.

1.1 The Darknet
Throughout this paper$ we will call the shared ite"s +e.g. software progra"s$ songs$
"ovies$ books$ etc., objects. The persons who copy ob*ects will be called users of the
darknet$ and the co"puters used to share ob*ects will be called hosts.
The idea of the darknet is based upon three assu"ptions-
1
1tate"ents in this paper represent the opinions of the authors and not necessarily the
position of Microsoft Corporation.
1. 2ny widely distributed ob*ect will be available to a fraction of users in a for"
that per"its copying.
3. 4sers will copy ob*ects if it is possible and interesting to do so.
5. 4sers are connected by high#bandwidth channels.
The darknet is the distribution network that e"erges fro" the in*ection of ob*ects
according to assu"ption 1 and the distribution of those ob*ects according to assu"ptions
3 and 5.
6ne i"plication of the first assu"ption is that any content protection syste" will leak
popular or interesting content into the darknet$ because so"e fraction of users##possibly
epertswill overco"e any copy prevention "echanis" or because the ob*ect will enter
the darknet before copy protection occurs.
The ter" 7widely distributed8 is intended to capture the notion of "ass "arket
distribution of ob*ects to thousands or "illions of practically anony"ous users. This is in
contrast to the protection of "ilitary$ industrial$ or personal secrets$ which are typically not
widely distributed and are not the focus of this paper.
9ike other networks$ the darknet can be "odeled as a directed graph with labeled
edges. The graph has one verte for each user:host. For any pair of vertices +u$v,$ there is
a directed edge fro" u to v if ob*ects can be copied fro" u to v. The edge labels can be
used to "odel relevant infor"ation about the physical network and "ay include
infor"ation such as bandwidth$ delay$ availability$ etc. The vertices are characteri'ed by
their ob*ect library$ ob*ect re.uests "ade to other vertices$ and ob*ect re.uests satisfied.
To operate effectively$ the darknet has a s"all nu"ber of technological and
infrastructure re.uire"ents$ which are si"ilar to those of legal content distribution
networks. These infrastructure re.uire"ents are-
1. facilities for in*ecting new ob*ects into the darknet +input,
3. a distribution network that carries copies of ob*ects to users +trans"ission,
5. ubi.uitous rendering devices$ which allow users to consu"e ob*ects +output,
;. a search "echanis" to enable users to find ob*ects +database,
<. storage that allows the darknet to retain ob*ects for etended periods of ti"e.
Functionally$ this is "ostly a caching "echanis" that reduces the load and
eposure of nodes that in*ect ob*ects.
The dra"atic rise in the efficiency of the darknet can be traced back to the general
technological i"prove"ents in these infrastructure areas. 2t the sa"e ti"e$ "ost atte"pts
to fight the darknet can be viewed as efforts to deprive it of one or "ore of the
infrastructure ite"s. 9egal action has traditionally targeted search engines and$ to a lesser
etent$ the distribution network. 2s we will describe later in the paper$ this has been
partially successful. The drive for legislation on "andatory water"arking ai"s to deprive
the darknet of rendering devices. We will argue that water"arking approaches are
technically flawed and unlikely to have any "aterial i"pact on the darknet. Finally$ "ost
content protection syste"s are "eant to prevent or delay the in*ection of new ob*ects into
the darknet. =ased on our first assu"ption$ no such syste" constitutes an i"penetrable
barrier$ and we will discuss the "erits of so"e popular syste"s.
We see no technical i"pedi"ents to the darknet beco"ing increasingly efficient
+"easured by aggregate library si'e and available bandwidth,. 0owever$ the darknet$ in
all its transport#layer e"bodi"ents$ is under legal attack. (n this paper$ we speculate on
the technical and legal future of the darknet$ concentrating particularly$ but not eclusively$
on peer#to#peer networks.
The rest of this paper is structured as follows. 1ection 3 analy'es different
"anifestations of the darknet with respect to their robustness to attacks on the
infrastructure re.uire"ents described above and speculates on the future develop"ent of
the darknet. 1ection 5 describes content protection "echanis"s$ their probable effect on
the darknet$ and the i"pact of the darknet upon the". (n sections ; and <$ we speculate
on the scenarios in which the darknet will be effective$ and how businesses "ay need to
behave to co"pete effectively with it.
3 The !volution of the Darknet
We classify the different "anifestations of the darknet that have co"e into eistence
in recent years with respect to the five infrastructure re.uire"ents described and analy'e
weaknesses and points of attack.
2s a syste"$ the darknet is sub*ect to a variety of attacks. 9egal action continues to
be the "ost powerful challenge to the darknet. 0owever$ the darknet is also sub*ect to a
variety of other co""on threats +e.g. viruses$ spa""ing, that$ in the past$ have lead to
"inor disruptions of the darknet$ but could be considerably "ore da"aging.
(n this section we consider the potential i"pact of legal develop"ents on the darknet.
Most of our analysis focuses on syste" robustness$ rather than on detailed legal
.uestions. We regard legal .uestions only with respect to their possible effect- the failure
of certain nodes or links +vertices and edges of the graph defined above,. (n this sense$ we
are investigating a well known proble" in distributed syste"s.
3.1 !arly 1"all#Worlds /etworks
)rior to the "id 1>>?s$ copying was organi'ed around groups of friends and
ac.uaintances. The copied ob*ects were "usic on cassette tapes and co"puter
progra"s. The rendering devices were widely#available tape players and the co"puters of
the ti"e see Fig. 1. Content in*ection was trivial$ since "ost ob*ects were either not copy
protected or$ if they were e.uipped with copy protection "echanis"s$ the "echanis"s
were easily defeated. The distribution network was a 7sneaker net8 of floppy disks and
tapes +storage,$ which were handed in person between "e"bers of a group or were sent
by postal "ail. The bandwidth of this network albeit s"all by today&s standards was
sufficient for the ob*ects of the ti"e. The "ain li"itation of the sneaker net with its
"echanical transport layer was latency. (t could take days or weeks to obtain a copy of an
ob*ect. 2nother serious li"itation of these networks was the lack of a sophisticated search
engine.
There were li"ited atte"pts to prosecute individuals who were trying to sell
copyrighted ob*ects they had obtained fro" the darknet +co""ercial piracy,. 0owever$ the
darknet as a whole was never under significant legal threat. @easons "ay have included
its li"ited co""ercial i"pact and the protection fro" legal surveillance afforded by
sharing a"ongst friends.
The si'es of ob*ect libraries available on such networks are strongly influenced by the
interconnections between the networks. For ea"ple$ schoolchildren "ay copy content
fro" their 7fa"ily network8 to their 7school network8 and thereby increase the si'e of the
darknet ob*ect library available to each. 1uch networks have been studied etensively and
are classified as 7interconnected s"all#worlds networks.8 A3;B There are several popular
ea"ples of the characteristics of such syste"s. For ea"ple$ "ost people have a social
group of a few score of people. !ach of these people has a group of friends that partly
overlap with their friends& friends$ and also introduces "ore people. (t is esti"ated that$ on
average$ each person is connected to every other person in the world by a chain of about
si people fro" which arises the ter" 7si degrees of separation8.
These findings are re"arkably broadly applicable +e.g. A3?B$A5B,. The chains are on
average so short because certain super#peers have "any links. (n our ea"ple$ so"e
people are gregarious and have lots of friends fro" different social or geographical
circles..
We suspect that these findings have i"plications for sharing on darknets$ and we will
return to this point when we discuss the darknets of the future later in this paper.
The s"all#worlds darknet continues to eist. 0owever$ a nu"ber of technological
advances have given rise to new for"s of the darknet that have superseded the s"all#
worlds for so"e ob*ect types +e.g. audio,.
3.3 Central (nternet 1ervers
=y 1>>C$ a new for" of the darknet began to e"erge fro" technological advances in
several areas. The internet had beco"e "ainstrea"$ and as such its protocols and
infrastructure could now be relied upon by anyone seeking to connect users with a
centrali'ed service or with each other. The continuing fall in the price of storage together
with advances in co"pression technology had also crossed the threshold at which storing
large nu"bers of audio files was no longer an obstacle to "ainstrea" users. 2dditionally$
the power of co"puters had crossed the point at which they could be used as rendering
devices for "ulti"edia content. Finally$ 7CD ripping8 beca"e a trivial "ethod for content
in*ection.
The first e"bodi"ents of this new darknet were central internet servers with large
collections of M)5 audio files. 2 funda"ental change that ca"e with these servers was the
use of a new distribution network- The internet displaced the sneaker net at least for
audio content. This solved several proble"s of the old darknet. First$ latency was reduced
drastically.
1econdly$ and "ore i"portantly$ discovery of ob*ects beca"e "uch easier because of
si"ple and powerful search "echanis"s "ost i"portantly the general#purpose world#
wide#web search engine. The local view of the s"all world was replaced by a global view
of the entire collection accessible by all users. The "ain characteristic of this for" of the
darknet was centrali'ed storage and search a si"ple architecture that "irrored
"ainstrea" internet servers.
Centrali'ed or .uasi#centrali'ed distribution and service networks "ake sense for
legal online co""erce. =andwidth and infrastructure costs tend to be low$ and having
custo"ers visit a co""erce site "eans the "erchant can display adverts$ collect profiles$
and bill efficiently. 2dditionally$ "anage"ent$ auditing$ and accountability are "uch easier
in a centrali'ed "odel.
0owever$ centrali'ed sche"es work poorly for illegal ob*ect distribution because
large$ central servers are large single points of failure- (f the distributor is breaking the law$
it is relatively easy to force hi" to stop. !arly M)5 Web and FT) sites were co""only
7hosted8 by universities$ corporations$ and (1)s. Copyright#holders or their
representatives sent 7cease and desist8 letters to these web#site operators and web#
owners citing copyright infringe"ent and in a few cases followed up with legal action A1<B.
The threats of legal action were successful attacks on those centrali'ed networks$ and
M)5 web and FT) sites disappeared fro" the "ainstrea" shortly after they appeared.
3.5 )eer#to#)eer /etworks
The reali'ation that centrali'ed networks are not robust to attack +be it legal or
technical, has spurred "uch of the innovation in peer#to#peer networking and file sharing
technologies. (n this section$ we ea"ine architectures that have evolved. !arly syste"s
were flawed because critical co"ponents re"ained centrali'ed +/apster, or because of
inefficiencies and lack of scalability of the protocol +gnutella, A1DB. (t should be noted that
the proble" of ob*ect location in a "assively distributed$ rapidly changing$ heterogeneous
syste" was new at the ti"e peer#to#peer syste"s e"erged. !fficient and highly scalable
protocols have been proposed since then A>B$A35B.
2.3.1. Napster
/apster was the service that ignited peer#to#peer file sharing in 1>>> A1;B. There
should be little doubt that a "a*or portion of the "assive +for the ti"e, traffic on /apster
was of copyrighted ob*ects being transferred in a peer#to#peer "odel in violation of
copyright law. /apster succeeded where central servers had failed by relying on the
distributed storage of ob*ects not under the control of /apster. This "oved the in*ection$
storage$ network distribution$ and consu"ption of ob*ects to users.
0owever$ /apster retained a centrali'ed database
3
with a searchable inde on the file
na"e. The centrali'ed database itself beca"e a legal target A1<B. /apster was first
en*oined to deny certain .ueries +e.g. 7Metallica8, and then to police its network for all
copyrighted content. 2s the si'e of the darknet indeed by /apster shrank$ so did the
nu"ber of users. This illustrates a general characteristic of darknets- there is positive
feedback between the si'e of the ob*ect library and aggregate bandwidth and the appeal
of the network for its users.
3
/apster used a far" of weakly coupled databases with clients attaching to *ust one of the
server hosts.
2.3.2. Gnutella
The net technology that sparked public interest in peer#to#peer file sharing was
Enutella. (n addition to distributed ob*ect storage$ Enutella uses a fully distributed
database described "ore fully in A15B. Enutella does not rely upon any centrali'ed server
or service a peer *ust needs the () address of one or a few participating peers to +in
principle, reach any host on the Enutella darknet. 1econd$ Enutella is not really 7run8 by
anyone- it is an open protocol and anyone can write a Enutella client application. Finally$
Enutella and its descendants go beyond sharing audio and have substantial non#infringing
uses. This changes its legal standing "arkedly and puts it in a si"ilar category to e"ail.
That is$ e"ail has substantial non#infringing use$ and so e"ail itself is not under legal
threat even though it "ay be used to transfer copyrighted "aterial unlawfully.
3.; @obustness of Fully Distributed Darknets
Fully distributed peer#to#peer syste"s do not present the single points of failure that
led to the de"ise of central M)5 servers and /apster. (t is natural to ask how robust these
syste"s are and what for" potential attacks could take. We observe the following
weaknesses in Enutella#like syste"s-
Free riding
9ack of anony"ity
2.4.1 Free Riding
)eer#to#peer syste"s are often thought of as fully decentrali'ed networks with copies
of ob*ects unifor"ly distributed a"ong the hosts. While this is possible in principle$ in
practice$ it is not the case. @ecent "easure"ents of libraries shared by gnutella peers
indicate that the "a*ority of content is provided by a tiny fraction of the hosts A1B. (n effect$
although gnutella appears to be a peer#to#peer network of cooperating hosts$ in actual fact
it has evolved to effectively be another largely centrali'ed syste" see Fig. 3. Free riding
+i.e. downloading ob*ects without sharing the", by "any gnutella users appears to be
"ain cause of this develop"ent. Widespread free riding re"oves "uch of the power of
network dyna"ics and "ay reduce a peer#to#peer network into a si"ple unidirectional
distribution syste" fro" a s"all nu"ber of sources to a large nu"ber of destinations. 6f
course$ if this is the case$ then the vulnerabilities that we observed in centrali'ed syste"s
+e.g. FT)#servers, are present again. Free riding and the e"ergence of super#peers have
several causes-
)eer#to#peer file sharing assu"es that a significant fraction of users adhere to the
so"ewhat post#capitalist idea of sacrificing their own resources for the 7co""on good8 of
the network. Most free#riders do not see" to adopt this idea. For ea"ple$ with <F kbps
"ode"s still being the network connection for "ost users$ allowing uploads constitutes a
tangible bandwidth sacrifice. 6ne approach is to "ake collaboration "andatory. For
ea"ple$ Freenet AFB clients are re.uired to contribute so"e disk space. 0owever$
enforcing such re.uire"ents without a central infrastructure is difficult.
!isting infrastructure is another reason for the eistence of super#peers. There are
vast differences in the resources available to different types of hosts. For ea"ple$ a T5
connection provides the co"bined bandwidth of about one thousand <F kbps telephone
connections.
2.4.2 Lack of Anonymity
4sers of gnutella who share ob*ects they have stored are not anony"ous. Current
peer#to#peer networks per"it the server endpoints to be deter"ined$ and if a peer#client
can deter"ine the () address and affiliation of a peer$ then so can a lawyer or govern"ent
agency. This "eans that users who share copyrighted ob*ects face so"e threat of legal
action. This appears to be yet another eplanation for free riding.
There are so"e possible technological workarounds to the absence of endpoint
anony"ity. We could i"agine anony"i'ing routers$ overseas routers$ ob*ect
frag"entation$ or so"e other "eans to co"plicate the effort re.uired by law#enforce"ent
to deter"ine the original source of the copyrighted bits. For ea"ple$ Freenet tries to hide
the identity of the hosts storing any given ob*ect by "eans of a variety of heuristics$
including routing the ob*ect through inter"ediate hosts and providing "echanis"s for easy
"igration of ob*ects to other hosts. 1i"ilarly$ Mne"osyne A1?B tries to organi'e ob*ect
storage$ such that individual hosts "ay not know what ob*ects are stored on the". (t is
con*ectured in A1?B that this "ay a"ount to co""on#carrier status for the host. 2 detailed
analysis of the legal or technical robustness of these syste"s is beyond the scope of this
paper.
2.4.3 Attacks
(n light of these weaknesses$ attacks on gnutella#style darknets focus on their ob*ect
storage and search infrastructures. =ecause of the prevalence of super#peers$ the gnutella
darknet depends on a relatively s"all set of powerful hosts$ and these hosts are pro"ising
targets for attackers.
Darknet hosts owned by corporations are typically easily re"oved. 6ften$ these hosts
are set up by individual e"ployees without the knowledge of corporate "anage"ent.
Eenerally corporations respect intellectual property laws. This together with their
reluctance to beco"e targets of lawsuits$ and their centrali'ed network of hierarchical
"anage"ent "akes it relatively easy to re"ove darknet hosts in the corporate do"ain.
While the structures at universities are typically less hierarchical and strict than those
of corporations$ ulti"ately$ si"ilar rules apply. (f the .co" and .edu T1 and T5 lines were
pulled fro" under a darknet$ the usefulness of the network would suffer drastically.
This would leave D19$ (1D/$ and cable#"ode" users as the high#bandwidth servers
of ob*ects. We believe li"iting hosts to this class would present a far less effective piracy
network today fro" the perspective of ac.uisition because of the relative rarity of high#
bandwidth consu"er connections$ and hence users would abandon this darknet.
0owever$ consu"er broadband is beco"ing "ore popular$ so in the long run it is probable
that there will be ade.uate consu"er bandwidth to support an effective consu"er darknet.
The obvious net legal escalation is to bring direct or indirect +through the affiliation,
challenges against users who share large libraries of copyrighted "aterial. This is already
happening and the legal threats or actions appear to be successful ADB. This re.uires the
collaboration of (1)s in identifying their custo"ers$ which appears to be forthco"ing due
to re.uire"ents that the carrier "ust take to avoid liability
5
and$ in so"e cases$ because of
corporate ties between (1)s and content providers. 6nce again$ free riding "akes this
attack strategy far "ore tractable.
(t is hard to predict further legal escalation$ but we note that the DMC2 +digital
"illenniu" copyright act, is a far#reaching +although not fully tested, ea"ple of a law that
is potentially .uite powerful. We believe it probable that there will be a few "ore rounds of
5
The Church of 1cientology has been aggressive in pursuing (1)s that host its copyright
"aterial on newsgroups. The suit that appeared "ost likely to result in a clear finding$ filed
against /etco"$ was settled out of court. 0ence it is still not clear whether an (1) has a
responsibility to police the users of its network.
technical innovations to sidestep eisting laws$ followed by new laws$ or new
interpretations of old laws$ in the net few years.
2.4.4 Conclusions
2ll attacks we have identified eploit the lack of endpoint anony"ity and are aided by
the effects of free riding. We have seen effective legal "easures on all peer#to#peer
technologies that are used to provide effectively global access to copyrighted "aterial.
Centrali'ed web servers were effectively closed down. /apster was effectively closed
down. Enutella and Ga'aa are under threat because of free rider weaknesses and lack of
endpoint anony"ity.
9ack of endpoint anony"ity is a direct result of the globally accessible global ob*ect
database$ and it is the eistence of the global database that "ost distinguishes the newer
darknets fro" the earlier s"all worlds. 2t this point$ it is hard to *udge whether the darknet
will be able to retain this global database in the long ter"$ but it see"s see"s clear that
legal setbacks to global#inde peer#to#peer will continue to be severe.
0owever$ should Enutella#style syste"s beco"e unviable as darknets$ syste"s$ such
as Freenet or Mne"osyne "ight take their place. )eer#to#peer networking and file sharing
does see" to be entering into the "ainstrea" both for illegal and legal uses. (f we
couple this with the rapid build#out of consu"er broadband$ the dropping price of storage$
and the fact that personal co"puters are effectively establishing the"selves as centers of
ho"e#entertain"ent$ we suspect that peer#to#peer functionality will re"ain popular and
beco"e "ore widespread.
3.< 1"all Worlds /etworks @evisited
(n this section we try to predict the evolution of the darknet should global peer#to#peer
networks be effectively stopped by legal "eans. The globally accessible global database
is the only infrastructure co"ponent of the darknet that can be disabled in this way. The
other enabling technologies of the darknet +in*ection$ distribution networks$ rendering
devices$ storage, will not only re"ain available$ but rapidly increase in power$ based on
general technological advances and the possible incorporation of cryptography. We stress
that the networks described in this section +in "ost cases, provide poorer services than
global network$ and would only arise in the absence of a global database.
(n the absence of a global database$ s"all#worlds networks could again beco"e the
prevalent for" of the darknet. 0owever$ these s"all#worlds will be "ore powerful than
they were in the past. With the widespread availability of cheap CD and D%D readers and
writers as well as large hard disks$ the bandwidth of the sneaker net has increased
dra"atically$ the cost of ob*ect storage has beco"e negligible and ob*ect in*ection tools
have beco"e ubi.uitous. Further"ore$ the internet is available as a distribution
"echanis" that is ade.uate for audio for "ost users$ and is beco"ing increasingly
ade.uate for video and co"puter progra"s. (n light of strong cryptography$ it is hard to
i"agine how sharing could be observed and prosecuted as long as users do not share
with strangers.
(n concrete ter"s$ students in dor"s will establish darknets to share content in their
social group. These darknets "ay be based on si"ple file sharing$ D%D#copying$ or "ay
use special application progra"s or servers- for ea"ple$ a chat or instant#"essenger
client enhanced to share content with "e"bers of your buddy#list. !ach student will be a
"e"ber of other darknets- for ea"ple$ their fa"ily$ various special interest groups$
friends fro" high#school$ and colleagues in part#ti"e *obs +Fig. 5,. (f there are a few active
super#peers # users that locate and share ob*ects with 'eal # then we can anticipate that
content will rapidly diffuse between darknets$ and relatively s"all darknets arranged
around social groups will approach the aggregate libraries that are provided by the global
darknets of today. 1ince the legal eposure of such sharing is .uite li"ited$ we believe that
sharing a"ongst socially oriented groups will increase unabated.
1"all#worlds networks suffer so"ewhat fro" the lack of a global databaseH each user
can only see the ob*ects stored by his s"all world neighbors. This raises a nu"ber of
interesting .uestions about the network structure and ob*ect flow-
What graph structure will the network haveI For ea"ple$ will it be connectedI
What will be the average distance between two nodesI
Eiven a graph structure$ how will ob*ects propagate through the graphI (n
particular$ what fraction of ob*ects will be available at a given nodeI 0ow long
does it take for ob*ects to propagate +diffuse, through the networkI

Juestions of this type have been studied in different contets in a variety of fields
+"athe"atics$ co"puter science$ econo"ics$ and physics,. 2 nu"ber of e"pirical studies
seek to establish structural properties of different types of s"all world networks$ such as
social networks A3?B and the world#wide web A5B. These works conclude that the dia"eter
of the ea"ined networks is s"all$ and observe further structural properties$ such as a
power law of the degree distribution A<B$ 2 nu"ber of authors seek to "odel these
networks by "eans of rando" graphs$ in order to perfor" "ore detailed "athe"atical
analysis on the "odels A3B$ACB$A31B$A33B and$ in particular$ study the possibility of efficient
search under different rando" graph distributions A1CB$A1>B. We will present a .uantitative
study of the structure and dyna"ics of s"all#worlds networks in an upco"ing paper$ but to
su""ari'e$ s"all#worlds darknets can be etre"ely efficient for popular titles- very few
peers are needed to satisfy re.uests for top#3? books$ songs$ "ovies or co"puter
progra"s. (f darknets are interconnected$ we epect the effective introduction rate to be
large. Finally$ if darknet clients are enhanced to actively seek out new popular content$ as
opposed to the user#de"and based sche"es of today$ s"all#worlds darknets will be very
efficient.
5 (ntroducing Content into the Darknet
6ur analysis and intuition have led us to believe that efficient darknets in global or
s"all#worlds for" ## will re"ain a fact of life. (n this section we ea"ine rights#
"anage"ent technologies that are being deployed to li"it the introduction rate or
decrease the rate of diffusion of content into the darknet.
5.1 Conditional 2ccess 1yste"s
2 conditional#access syste" is a si"ple for" of rights#"anage"ent syste" in which
subscribers are given access to ob*ects based +typically, on a service contract. Digital
rights "anage"ent syste"s often perfor" the sa"e function$ but typically i"pose
restrictions on the use of ob*ects after unlocking.
Conditional access syste"s such as cable$ satellite T%$ and satellite radio offer little or
no protection against ob*ects being introduced into the darknet fro" subscribing hosts. 2
conditional#access syste" custo"er has no access to channels or titles to which they are
not entitled$ and has essentially free use of channels that he has subscribed or paid for.
This "eans that an invest"ent of KL1?? +at ti"e of writing, on an analog video#capture
card is sufficient to obtain and share T% progra"s and "ovies. 1o"e C2 syste"s provide
post#unlock protections but they are generally cheap and easy to circu"vent.
Thus$ conditional access syste"s provide a widely deployed$ high#bandwidth source
of video "aterial for the darknet. (n practice$ the large si'e and low cost of C2#provided
video content will li"it the eploitation of the darknet for distributing video in the near#ter".
The sa"e can not be said of the use of the darknet to distribute conditional#access
syste" broadcast keys. 2t so"e level$ each head#end +satellite or cable T% head#end,
uses an encryption key that "ust be "ade available to each custo"er +it is a broadcast,$
and in the case of a satellite syste" this could be "illions of ho"es. C2#syste" providers
take "easures to li"it the usefulness of eploited session keys +for ea"ple$ they are
changed every few seconds,$ but if darknet latencies are low$ or if encrypted broadcast
data is cached$ then the darknet could threaten C2#syste" revenues.
We observe that the eposure of the conditional access provider to losses due to
piracy is proportional to the nu"ber of custo"ers that share a session key. (n this regard$
cable#operators are in a safer position than satellite operators because a cable operator
can narrowcast "ore cheaply.
5.3 D@M 1yste"s
2 classical#D@M syste" is one in which a client obtains content in protected +typically
encrypted, for"$ with a license that specifies the uses to which the content "ay be put.
!a"ples of licensing ter"s that are being eplored by the industry are 7play on these
three hosts$8 7play once$8 7use co"puter progra" for one hour$8 etc.
The license and the wrapped content are presented to the D@M syste" whose
responsibility is to ensure that-
a, The client cannot re"ove the encryption fro" the file and send it to a peer$
b, The client cannot 7clone8 its D@M syste" to "ake it run on another host$
c, The client obeys the rules set out in the D@M license$ and$
d, The client cannot separate the rules fro" the payload.
2dvanced D@M syste"s "ay go further.
1o"e such technologies have been co""ercially very successful the content
scra"bling syste" used in D%Ds$ and +broadly interpreted, the protection sche"es used
by conditional access syste" providers fall into this category$ as do newer D@M syste"s
that use the internet as a distribution channel and co"puters as rendering devices. These
technologies are appealing because they pro"ote the establish"ent of new businesses$
and can reduce distribution costs. (f costs and licensing ter"s are appealing to producers
and consu"ers$ then the vendor thrives. (f the licensing ter"s are unappealing or
inconvenient$ the costs are too high$ or co"peting syste"s eist$ then the business will
fail. The DivM 7D%D8 rental "odel failed on "ost or all of these "etrics$ but C11#
protected D%Ds succeeded beyond the wildest epectations of the industry.
6n personal co"puters$ current D@M syste"s are software#only syste"s using a
variety of tricks to "ake the" hard to subvert. D@M enabled consu"er electronics devices
are also beginning to e"erge.
(n the absence of the darknet$ the goal of such syste"s is to have co"parable
security to co"peting distribution syste"s notably the CD and D%D so that
progra""able co"puters can play an increasing role in ho"e entertain"ent. We will
speculate whether these strategies will be successful in the 1ect. <.
D@M syste"s strive to be =6=! +break#once$ break everywhere,#resistant. That is$
suppliers anticipate +and the assu"ptions of the darknet predict, that individual instances
+clients, of all security#syste"s$ whether based on hardware or software$ will be subverted.
(f a client of a syste" is subverted$ then all content protected by that D@M client can be
unprotected. (f the break can be applied to any other D@M client of that class so that all of
those users can break their syste"s$ then the D@M#sche"e is =6=!#weak. (f$ on the
other hand$ knowledge gained breaking one client cannot be applied elsewhere$ then the
D@M syste" is =6=!#strong.
Most co""ercial D@M#syste"s have =6=!#eploits$ and we note that the darknet
applies to D@M#hacks as well. The C11 syste" is an ee"plary =6=!#weak syste".
The knowledge and code that co"prised the De#C11 eploit spread uncontrolled around
the world on web#sites$ newsgroups$ and even T#shirts$ in spite of the fact that$ in principle$
the Digital Millenniu" Copyright 2ct "akes it a cri"e to develop these eploits.
2 final characteristic of eisting D@M#syste"s is renewability. %endors recogni'e the
possibility of eploits$ and build syste"s that can be field#updated.
(t is hard to .uantify the effectiveness of D@M#syste"s for restricting the introduction
of content into the darknet fro" eperience with eisting syste"s. !isting D@M#syste"s
typically provide protection for "onths to yearsH however$ the content available to such
syste"s has to date been of "ini"al interest$ and the content that is protected is also
available in unprotected for". The one syste" that was protecting valuable content +D%D
video, was broken very soon after co"pression technology and increased storage
capacities and bandwidth enabled the darknet to carry video content.
5.5 1oftware
The D@M#syste"s described above can be used to provide protection for software$ in
addition other ob*ects +e.g. audio and video,. 2lternatively$ copy protection syste"s for
co"puter progra"s "ay e"bed the copy protection code in the software itself.
The "ost i"portant copy#protection pri"itive for co"puter progra"s is for the
software to be bound to a host in such a way that the progra" will not work on an
unlicensed "achine. =inding re.uires a "achine (D- this can be a uni.ue nu"ber on a
"achine +e.g. a network card M2C address,$ or can be provided by an eternal dongle.
For such sche"es to be strong$ two things "ust be true. First$ the "achine (D "ust
not be 7virtuali'able.8 For instance$ if it is trivial to "odify a /(C driver to return an invalid
M2C address$ then the software#host binding is easily broken. 1econd$ the code that
perfor"s the binding checks "ust not be easy to patch. 2 variety of technologies that
revolve around software ta"per#resistance can help here A;B.
We believe that binding software to a host is a "ore tractable proble" than protecting
passive content$ as the for"er only re.uires ta"per resistance$ while the latter also
re.uires the ability to hide and "anage secrets. 0owever$ we observe that all software
copy#protection syste"s deployed thus far have bee broken. The definitions of =6=!#
strong and =6=!#weak apply si"ilarly to software. Further"ore$ software is as "uch
sub*ect to the dyna"ics of the darknet as passive content.
; )olicing 0osts
(f there are subverted hosts$ then content will leak into the darknet. (f the darknet is
efficient$ then content will be rapidly propagated to all interested peers. (n the light of this$
technologists are looking for alternative protection sche"es. (n this section we will
evaluate water"arking and fingerprinting technologies.
;.1 Water"arking
Water"arking e"beds an 7indelible8 invisible "ark in content. 2 plethora of sche"es
eist for audio:video and still i"age content and co"puter progra"s.
There are a variety of sche"es for eploiting water"arks for content#protection.
Consider a rendering device that locates and interprets water"arks. (f a water"ark is
found then special action is taken. Two co""on actions are-
1, Restrict behavior For ea"ple$ a bus#adapter "ay refuse to pass content
that has the 7copy once8 and 7already copied once8 bits set.
3, Re!uire a license to play- For ea"ple$ if a water"ark is found indicating that
content is rights#restricted then the renderer "ay de"and a license indicating
that the user is authori'ed to play the content.
1uch syste"s were proposed for audio content for ea"ple the secure digital "usic
initiative +1DM(, A1FB$ and are under consideration for video by the copy#protection
technical working group +C)TWE, A13B.
There are several reasons why it appears unlikely that such syste"s will ever beco"e
an effective anti#piracy technology. Fro" a co""ercial point of view$ building a water"ark
detector into a device renders it strictly less useful for consu"ers than a co"peting
product that does not. This argues that water"arking sche"es are unlikely to be widely
deployed$ unless "andated by legislation. The recently proposed 0ollings bill is a step
along these lines A11B.
We contrast water"ark#based policing with classical D@M- (f a general#purpose
device is e.uipped with a classical D@M#syste"$ it can play all content ac.uired fro" the
darknet$ and have access to new content ac.uired through the D@M#channel. This is in
stark distinction to reduction of functionality inherent in water"ark#based policing.
!ven if water"arking syste"s were "andated$ this approach is likely to fail due to a
variety of technical inade.uacies. The first inade.uacy concerns the robustness of the
e"bedding layer. We are not aware of syste"s for which si"ple data transfor"ations
cannot strip the "ark or "ake it unreadable. Marks can be "ade "ore robust$ but in
order to recover "arks after adversarial "anipulation$ the reader "ust typically search a
large phase space$ and this .uickly beco"es untenable. (n spite of the proliferation of
proposed water"arking sche"es$ it re"ains doubtful whether robust e"bedding layers for
the relevant content types can be found.
2 second inade.uacy lies in unrealistic assu"ptions about key "anage"ent. Most
water"arking sche"es re.uire widely deployed cryptographic keys. 1tandard
water"arking sche"es are based on the nor"al cryptographic principles of a public
algorith" and secret keys. Most sche"es use a shared#key between "arker and detector.
(n practice$ this "eans that all detectors need a private key$ and$ typically$ share a single
private key. (t would be naNve to assu"e that these keys will re"ain secret for long in an
adversarial environ"ent. 6nce the key or keys are co"pro"ised$ the darknet will
propagate the" efficiently$ and the sche"e collapses. There have been proposals for
public#key water"arking syste"s. 0owever$ so far$ this work does not see" practical and
the corresponding sche"es do not even begin to approach the robustness of the
cryptographic syste"s whose na"e they borrow.
2 final consideration bears on the location of "andatory water"ark detectors in client
devices. 6n open co"puting devices +e.g. personal co"puters,$ these detectors could$ in
principle$ be placed in software or in hardware. )lacing detectors in software would be
largely "eaningless$ as circu"vention of the detector would be as si"ple as replacing it
by a different piece of software. This includes detectors placed in the operating syste"$ all
of whose co"ponents can be easily replaced$ "odified and propagated over the darknet.
2lternatively$ the detectors could be placed in hardware +e.g. audio and video cards,.
(n the presence of the proble"s described this would lead to untenable renewability
proble"s ### the hardware would be ineffective within days of deploy"ent. Consu"ers$ on
the other hand$ epect the hardware to re"ain in use for "any years. Finally$ consu"ers
the"selves are likely to rebel against 7footing the bill8 for these ineffective content
protection syste"s. (t is virtually certain$ that the darknet would be filled with a continuous
supply of water"ark re"oval tools$ based on co"pro"ised keys and weaknesses in the
e"bedding layer. 2tte"pts to force the public to 7update8 their hardware would not only be
intrusive$ but i"practical.
(n su""ary$ atte"pts to "andate content protection syste"s based on water"ark
detection at the consu"er&s "achine suffer fro" co""ercial drawbacks and severe
technical deficiencies. These sche"es$ which ai" to provide content protection beyond
D@M by attacking the darknet$ are rendered entirely ineffective by the presence of even a
"oderately functional darknet.
;.3 Fingerprinting
Fingerprint sche"es are based on si"ilar technologies and concepts to water"arking
sche"es. 0owever$ whereas water"arking is designed to perfor" a"priori policing$
fingerprinting is designed to provide a"posteriori forensics.
(n the si"plest case$ fingerprinting is used for individual#sale content +as opposed to
super#distribution or broadcast although it can be applied there with so"e additional
assu"ptions,. When a client purchases an ob*ect$ the supplier "arks it with an
individuali'ed "ark that identifies the purchaser. The purchaser is free to use the content$
but if it appears on a darknet$ a police"an can identify the source of the content and the
offender can be prosecuted.
Fingerprinting suffers fro" fewer technical proble"s than water"arking. The "ain
advantage is that no widespread key#distribution is needed a publisher can use
whatever secret or proprietary fingerprinting technology they choose$ and is entirely
responsible for the "anage"ent of their own keys.
Fingerprinting has one proble" that is not found in water"arking. 1ince each
fingerprinted copy of a piece of "edia is different$ if a user can obtain several different
copies$ he can launch collusion attacks +e.g. averaging,. (n general$ such attacks are very
da"aging to the fingerprint payload.
(t re"ains to be seen whether fingerprinting will act as a deterrent to theft. There is
currently no legal precedent for "edia fingerprints being evidence of cri"e$ and this case
will probably be hard to "ake after all$ detection is a statistical process with false
positives$ and plenty of opportunity for deniability. 0owever$ we anticipate that there will
be uneasiness in sharing a piece of content that "ay contain a person&s identity$ and that
ulti"ately leaves that person&s control.
/ote also that with widely distributed water"arking detectors$ it is easy to see
whether you have successfully re"oved a water"ark. There is no such assurance for
deter"ining whether a fingerprint has been successfully re"oved fro" an ob*ect because
users are not necessarily knowledgeable about the fingerprint sche"e or sche"es in use.
0owever$ if it turns out that the deterrence of fingerprinting is s"all +i.e. everyone shares
their "edia regardless of the presence of "arks,$ there is probably no reasonable legal
response. Finally$ distribution sche"es in which ob*ects "ust be individuali'ed will be
epensive.
< Conclusions
There see" to be no technical i"pedi"ents to darknet#based peer#to#peer file sharing
technologies growing in convenience$ aggregate bandwidth and efficiency. The legal
future of darknet#technologies is less certain$ but we believe that$ at least for so"e classes
of user$ and possibly for the population at large$ efficient darknets will eist. The rest of this
section will analy'e the i"plications of the darknet fro" the point of view of individual
technologies and of co""erce in digital goods.
<.1 Technological ("plications
D@M syste"s are li"ited to protecting the content they contain. =eyond our first
assu"ption about the darknet$ the darknet is not i"pacted by D@M syste"s. (n light of our
first assu"ption about the darknet$ D@M design details$ such as properties of the ta"per#
resistant software "ay be strictly less relevant than the .uestion whether the current
darknet has a global database. (n the presence of an infinitely efficient darknet which
allows instantaneous trans"ission of ob*ects to all interested users even sophisticated
D@M syste"s are inherently ineffective. 6n the other hand$ if the darknet is "ade up of
isolated s"all worlds$ even =6=!#weak D@M syste"s are highly effective. The interesting
cases arise between these two etre"es in the presence of a darknet$ which is
connected$ but in which factors$ such as latency$ li"ited bandwidth or the absence of a
global database li"it the speed with which ob*ects propagate through the darknet. (t
appears that .uantitative studies of the effective 7diffusion constant8 of different kinds of
darknets would be highly useful in elucidating the dyna"ics of D@M and the darknet.
)roposals for syste"s involving "andatory water"ark detection in rendering devices
try to i"pact the effectiveness of the darknet directly by trying to detect and eli"inate
ob*ects that originated in the darknet. (n addition to severe co""ercial and social
proble"s$ these sche"es suffer fro" several technical deficiencies$ which$ in the
presence of an effective darknet$ lead to their co"plete collapse. We conclude that such
sche"es are doo"ed to failure.
<.3 =usiness in the Face of the Darknet
There is evidence that the darknet will continue to eist and provide low cost$ high#
.uality service to a large group of consu"ers. This "eans that in "any "arkets$ the
darknet will be a co"petitor to legal co""erce. Fro" the point of view of econo"ic
theory$ this has profound i"plications for business strategy- for ea"ple$ increased
security +e.g. stronger D@M syste"s, "ay act as a disincentive to legal co""erce.
Consider an M)5 file sold on a web site- this costs "oney$ but the purchased ob*ect is as
useful as a version ac.uired fro" the darknet. 0owever$ a securely D@M#wrapped song is
strictly less attractive- although the industry is striving for fleible licensing rules$
custo"ers will be restricted in their actions if the syste" is to provide "eaningful security.
This "eans that a vendor will probably "ake "ore "oney by selling unprotected ob*ects
than protected ob*ects. (n short$ if you are co"peting with the darknet$ you "ust co"pete
on the darknet&s own ter"s- that is convenience and low cost rather than additional
security.
Certain industries have faced this +to a greater or lesser etent, in the past. Dongle#
protected co"puter progra"s lost sales to unprotected progra"s$ or hacked versions of
the progra". 4sers have also refused to upgrade to newer software versions that are
copy protected.
There are "any factors that influence the threat of the darknet to an industry. We see
the darknet having "ost direct bearing on "ass#"arket consu"er ()#goods. Eoods sold
to corporations are less threatened because corporations "ostly try to stay legal$ and will
police their own intranets for illicit activities. 2dditionally$ the cost#per#bit$ and the total si'e
of the ob*ects have a huge bearing on the co"petitiveness of today&s darknets co"pared
with legal trade. For ea"ple$ today&s peer#to#peer technologies provide ecellent service
.uality for audio files$ but users "ust be very deter"ined or price#sensitive to download
"ovies fro" a darknet$ when the legal co"petition is a rental for a few dollars.
@eferences
A1B !. 2dar and =. 2. 0uber"an$ Free Riding on #nutella,
http-::www.first"onday.dk:issues:issue<O1?:adar:inde.ht"l
A3B W. 2iello$ F. Chung and 9. 9u$ Random evolution in massive graphs$ (n
)roceedings of the ;3nd 2nnual (!!! 1y"posiu" on Foundations of Co"puter
1cience$ pages <1?P<1>$ 3??1.
A5B @. 2lbert$ 0. Qeong and 2.#9. =arabRsi$ $iameter o% the world"wide web$ /ature
;?1$ pages 15?P151$ 1>>>.
A;B D. 2ucs"ith$ &amper Resistant 'o%tware, (n )mplementation$ (nfor"ation 0iding
1>>F$ )roceedings- 1pringer 1>>C.
A<B 2.#9. =arabRsi$ @. 2lbert$ Emergence o% scaling in random networks$ 1cience
3CF$ pages <?>P<13$ 1>>>.
AFB (. Clarke$ 6. 1andberg$ =. Wiley and T. 0ong$ Freenet ( distributed in%ormation
storage and retrieval system$ (nternational Workshop on Design (ssues in
2nony"ity and 4nobservability$ 3???.
ADB @. Clarke$ ( de%endant class action lawsuit
http-::www.kentlaw.edu:perritt:honorsscholars:clarke.ht"l
ACB C. Cooper and 2. Frie'e$ ( general model o% web graphs$ )roceedings of !12
3??1$ pages <??#<11$ 3??1.
A>B F. Dabek$ !. =runskill$ M. F. Gaashoek$ D. Garger$ @. Morris$ (. 1toica and 0.
=alakrishnan$ Building peer"to"peer systems with *hord, a distributed lookup
service$ (n )roceedings of the !ighth (!!! Workshop on 0ot Topics in 6perating
1yste"s +0ot61#%(((,$ pages C1PCF$ 3??1.
A1?B 1. 0and and T. @oscoe$ Mnemosyne peer"to"peer steganographic storage$ (n
)roceedings of the First (nternational Workshop on )eer#to#)eer 1yste"s$ 3??3.
A11B 1enator Frit' 0ollings$ *onsumer Broadband and $igital &elevision Promotion
(ct+
A13B http-::www.cptwg.org
A15B http-::www.gnutelladev.co":protocol:gnutella#protocol.ht"l
A1;B http-::www.napster.co"
A1<B http-::www.riaa.org
A1FB http-::www.sd"i.org
A1DB M. Qavanovic$ F. 2nnetein and G. =er"an$ 'calability )ssues in ,arge Peer"to"
Peer -etworks " ( *ase 'tudy o% #nutella $ !C!C1 Depart"ent$ 4niversity of
Cincinnati$ Cincinnati$ 60 ;<331
A1CB Q. Gleinberg$ /avigation in a s"all world$ /ature ;?F$ 3???.
A1>B Q. Gleinberg$ 'mall"world phenomena and the dynamics o% in%ormation$ 2dvances
in /eural (nfor"ation )rocessing 1yste"s +/()1, 1;$ 3??1.
A3?B 1. Milgra"$ The s"all world proble"$ )sychology Today$ vol. 3$ pages F?PFD$
1>FD.
A31B M ./ew"an$ 'mall worlds the structure o% social networks$ 1anta Fe (nstitute$
Technical @eport >>#13#?C?$ 1>>>.
A33B M. /ew"an$ D. Watts and 1. 1trogat'$ Random graph models o% social networks$
)roc. /atl. 2cad. 1ci. 412 >>$ pages 3<FFP3<D3$ 3??3.
A35B (. 1toica$ @. Morris$ D. Garger$ M. F. Gaashoek$ 0. =alakrishnan$ *./R$ (
scalable peer"to"peer lookup service %or internet applications$ (n )roceedings of
the 2CM 1(EC6MM 3??1 Conference ')#*/MM"01$ pages 1;>P1F?$ 3??1.
A3;B D. Q. Watts and 1. 0. 1trogat'$ *ollective dynamics o% small"world networks$
/ature$ 5>5-;;?#;;3$ Qune 1>>C.