BitTorrent

One of the most unusual spin offs from the scandal surrounding the electronic spying controversy involving the US National Security Agency and GCHQ is the re-emergence of a file-sharing protocol that has laboured under the stigma of piracy for many years.

 

It is suggested that BitTorrent is relaunching and rebranding itself as a bastion of secure electronic transference and storage of data for individuals, companies and major public entities.

 

The BitTorrent transfer protocol was developed in 2001 by an American programmer called Bram Cohen.  In 2004, Cohen and a fellow programmer called Ashwin Navin set up a company called BitTorrent Inc, in an apparent attempt to monetise the software protocol that he had developed.  Whilst they have marketed BitTorrent clients and BitTorrent Live (involving television broadcastsing via the internet), it is BitTorrent Sync that may prove the most popular.

 

BitTorrent Sync is being marketed as an entity that at last provides a lawful and profitable way of operating electronically without a reliance on servers, in order tominimise the risk of information and data to be hacked by either government agencies, organised criminal groups or corporate competitors.

 

The perceived advantage is that peer to peer file sharing technology allows for control and retention of information being retained by the people who created and owned it without the need to be reliant upon a technology company maintaining its storage facility.  It is stated that the use of this system would improve the delivery and security of the data within the parameters of its ownership.

 

However, it does appear that there are some flaws with the idea.  BitTorrent was a brilliant invention.  Prior to BitTorrent, files would generally simply be distributed in whole from one user to another.  If lots of users wanted to download a file held by one sole location, all of them would begin downloading that file from beginning to end from that one user.  Despite their then being more than one user who possesses the file, any further downloaders would still each download it from beginning to end from just one of the users.  BitTorrent was revolutionary in the sense that it changed that.  Instead of users downloading a file from a single source server, the BitTorrent protocol allowed users to form a “swarm” of hosts to download and upload from each other simultaneously.  So, for example, if ten people wanted a file from a single user, the first downloader might start with the beginning of the file, the second with the end of the file and so on.  The initial strain on the user holding the file would be the same.  However, once the first downloader has his segment, he then offers that up to the swarm and the second downloader then has two options to download that that specific segment (the original user or the first downloader).  The result is that if a million people hold a file, the swarm could be of the million users and a downloader would receive a millionth of the file from each.  That made for an extremely efficient distribution method.  It also caused significant issues for prosecutors in trying to assign culpability to those who were ultimately responsible for a file being distributed in this method.

 

At its peak, it was suggested that BitTorrent transmission was responsible for upto 70% of all internet traffic.  In February 2013, that figure was down to 3.35%.  That drop in usage can be attributed to many different factors, not least that the 70% figure seems massively overblown, but also the rise of Spotify and Netflix and other legitimate means of streaming media.

 

It does not appear that BitTorrent Sync has that edge of simplicity and genius that the original BitTorrent protocol featured.  Essentially, the mechanics behind the idea seems to be fairly similar though.  A user has a folder containing files that he wants to share with a number of other users.  He sends an encryption key to each user (who must subscribes to the BitTorrent Sync service) and they are then able to view the folder.  Any changes to the files within the folder are quickly distributed between all of the users that hold the encryption key (referred to as “the secret”), presumably using a variant of the original BitTorrent distribution protocol.  In that regard, it is estimated to be around seven times quicker than DropBox, which is the main rival.

 

However, whilst this development of BitTorrent is being advocated as a source of potential cyber security for people who buy into the concept, it also raises the issue that if people want to use this technology to avoid being, in effect, “spied upon”, it is equally plausible that this technology will be used by organised criminal groups or individuals intent upon illicit purposes to use this method to operate outside the traditional server based route of electronic data transmission.  For those reasons, it must be remembered that in some respects nothing has really changed materially with the overall principle behind BitTorrent, in that its use is very much that of a double edged sword. 

 

The suggestion that this is a more secure method leaves a lot to be desired.  It is correct to state that Dropbox relies on a cloud storage system which may be more vulnerable to infiltration, but the issues are still there.  The NSA and GCHQ are alleged to have access to all incoming and outgoing data from computers that they target.  They are also rumoured to be able to exfiltrate any data that they desire from machines of interest.  Whether it is stored in the cloud or on the computers of users, the data is not entirely secure.

 

The issue that really jumps out though is that BitTorrent distributed the file between many others.  Prosecutions were difficult given that no one user could be entirely responsible for a distribution if there were many users in the swarm.  BitTorrent Sync does not have that feature. 

 

Prosecutors will, no doubt, already be aware that section 49 of the Regulation of Investigatory Powers Act 2000 allows for a compulsion, under threat of a custodial sentence, for those who do not give up an encryption key to the authorities.  Perhaps users should be aware too.

 

This article was written jointly with Ian Whitehurst of 6 Pump Court Chambers.

Advertisements