 |
 |
|
(click on logos for high resolution) |
WRITTEN STATEMENT OF
MR. SAFWAT FAHMY,
CEO AND FOUNDER, SAFEMEDIA CORPORATION
FOR THE UNITED STATES HOUSE OF REPRESENTATIVES
COMMITTEE ON OVERSIGHT AND GOVERNMENT REFORM
“INADVERTENT FILESHARING OVER PEER-TO-PEER NETWORKS”
ROOM 2154,
Chairman Waxman, Ranking Member
Davis, distinguished Members of the Committee, I want to commend you and your
committee for calling this important hearing on “Inadvertent File Sharing on
P2P Networks” and your dedication and
persistence in educating consumers on the privacy and security risks
posed by "contaminated" P2P networks.
My name is Safwat Fahmy, and I am the
CEO and Founder of SafeMedia Corporation.
Prior to founding SafeMedia, I spent more than 30 years in computer
architecture design and software product development. I founded and served as the Chairman of the
Board for WIZNET, a business to business ("B2B") e-Commerce content firm,
have developed GIS systems for federal and local governments and IBM’s IPCS/MAPICS.
SafeMedia's mission is to provide an
effective, cost-efficient and easily implemented solution for preventing
illegal transfers of copyrighted digital material and personal information via "contaminated"
peer-to-peer networks. We have developed
a technological solution prevents the invasion of consumer privacy by
contaminated P2P applications and restores and preserves copyright holders'
asset value.
There have been numerous hearings in
the United States Congress to examine the uses of P2P technology – many of
these hearings have focused on the use of P2P networks to illegally transfer
music and movies – an activity which is especially prevalent on college
campuses – and some have focused on the benefits of P2P technology
generally. Candidly, as a technologist
in the field of computer architecture design, I have been disheartened by the
lack of understanding and smokescreen of misinformation about how "contaminated"
P2P networks operate. Mr. Chairman,
I applaud you and your committee for taking a hard look at how the
redistribution and search features of many popular P2P file sharing networks
pose serious privacy and security threats to consumers, students, businesses
and the Government.
Other witnesses will testify on the recent
report issued by the United States Patent and Trademark Office on Inadvertent
File-Sharing and the Dartmouth Study on the exposure of financial institutions
to privacy and security breaches from P2P.
I will focus on how P2P networks operate, the features and characteristics
of “contaminated” P2P networks and explain how the technology developed by my
company to address illegal sharing of copyrighted materials on P2P networks
will help to protect consumers, students and businesses from the serious privacy
and security risks that this committee is examining today.
In layman’s terms, very simply, Peer
to Peer networking (P2P) allows individual users to transfer files directly to
each other without going through a central server. In the traditional Client/Server model, the
client sends requests to the server and the server responds to these requests
and acts on them. This is how the
popular downloading service “iTunes” operates and this is how "MySpace"
and "YouTube" work as well. In
contrast, with P2P networks, each computer serves as a peer and functions as a
client with a layer of server functionality – the individual peers communicate
and exchange files directly.
Historically, P2P networks were
developed to overcome limitations on bandwidth and processing/storage so
arguably there were some benefits to using P2P networking as opposed to the
client-server model. While a
Client-Server network is unquestionably more secure and reliable, all
information has to go through a central server, therefore the volume of files
that could be handled was limited by the capacity of the server. With P2P networks, all clients
provide resources, including bandwidth, storage space, and computing
power. Thus, as nodes (individual peers)
arrive and demand on the system increases, the total capacity of the system
also increases. In contrast,
client-server architecture has a finite set of servers so adding more clients could
mean slower data transfer for all users.
But frankly, the historic reasons for developing P2P networks do not
exist in today’s world: limitations on
bandwidth and processing storage are easily remedied by clustering many low
cost servers and the deployment of wideband fiber to deliver even more powerful
performance than P2P networks.
P2P technology is
clearly a usable, freely available tool for research and education and at SafeMedia
we support the lawful use of uncontaminated P2P networks. The legal and innovative uses of P2P
technology highlight the importance of being able to differentiate between
legitimate uses of P2P and “contaminated” P2P networks.
Let me explain
what I mean by a contaminated network.
One of the
defining characteristics of contaminated networks is that users rarely ever
know that they are sharing the files on their computer with other users of the
network. P2P software, in order to work
and survive, requires that most users share files. If no users shared files to be downloaded,
then the network would be pointless. So,
the developers of the software create a directory on the user’s computer
“shared” with the entire network most often without their knowledge at the time
of installation.
In addition, a P2P network is
only valuable to users if it has a large selection of files available to
download, so developers automatically add upload capabilities to the client
software so that everything a user has downloaded is now available for other
users on the network to download. Without this mechanism, P2P clients would
provide no value to those seeking files and would not expand and grow.[1]
From a technical perspective, a
contaminated (Illegal) P2P network is a “virtual” network
with the following characteristics:
- Consists
of many public peers who have distributed content.
- Allows
all peers to be active nodes on the network.
- Use
the peer-owned network to pass ‘free riding’ traffic to other peers on the
contaminated network.
- Allows
uploads as well as downloads to and from other peers.
- Has
no ability to control the content on the network or what content peers
upload or download.
It is no secret that in order to avoid liability for the
creation and distribution of a network that allows users to illegally transfer
copyrighted material, most popular filesharing networks have no accountability
of ownership, contents or participants.
Contaminated networks use the
features described in the USPTO report to induce their users to upload and
download files: a default “redistribution” feature that causes users of the
program to upload all files that they download, a “recursive sharing” feature
that causes the program to share not only the file stored in the folder
selected to store downloaded files, but also all files stored in any of its
subfolders, a “partial-uninstall” feature that prevents users from completely
uninstalling the program without leaving behind files that might affect
subsequently installed versions of the program,
and “coerced sharing” features that disallow downloads if the user
reduces or attempts to stop uploads.
The Report
exhaustively examines how these features have been designed and deployed since
2003, well after legal actions were being initiated against users and after the
industry adopted a voluntary “code of conduct” agreeing not to engage in such
practices. This example and others like
it demonstrate why the U.S. Patent and Trademark Office said, “They [file
sharing programs] pose a real and documented threat to the security of
personal, corporate, and government data.”
With my background of 35 years in the technology industry, I
became acutely aware of the serious privacy and security risks posed by some
P2P file sharing networks and the significant economic losses that were being
sustained through illegal file sharing on contaminated P2P networks. I also recognized that technology could serve
as an important part of the solution. In
October of 2003, I founded SafeMedia to be a good corporate citizen and
contribute to the advancement of this country.
I understood that any technological solution had to distinguish between
P2P networks that utilize seemingly inadvertent and anonymous file-sharing and
services such as BitTorrent which require identification and consent of peers
prior to the sharing of files.
I also knew that attempting to distinguish between infringing
and non-infringing files would be fruitless – because many of the contaminated
P2P networks use encryption and because any technology that simply blocks files
or data will fail to address the dangers to consumers and businesses outlined
in the USPTO study and the
At SafeMedia,
we have developed patent pending business solutions combining P2P Disaggregator
technology (P2PD) and a Digital Internet Distribution Solution (DIDS) that prevents
contaminated P2P networks from indiscriminately accessing users’
computers.
P2PD is
based on a new paradigm in system architecture encapsulating the total
functionality of many advanced technologies on a chip, and deploying
multi/hyper processing architecture created specifically for network
operations, resulting in far higher, scalable processing capacity than the
network bandwidth it serves. It utilizes
the following technologies:
·
Adaptive Fingerprinting and DNA markers: The P2PD library of all P2P clients and protocols is
the world’s largest and most current library of fingerprints and DNA markers
and is updated every 3 hours. P2PD looks
for fingerprints and DNA markers in outgoing and incoming packets and,
depending upon identity strength, employs many levels of analysis. In the few cases where fingerprints alone are
insufficient, P2PD actually combines DNA marker evidence from multiple packets
using stored evidence history.
·
Adaptive network patterns: Not all protocols can be easily identified with a single
set of packets. As such, P2PD is set to
monitor packet flows and adapt its technique based on what it has already seen
and what it sees now. This extensible
system utilizes “Experience Libraries". P2PD looks for patterns of certain
identifiable characteristics of network events and determines if the packets
are from contaminated network or not. Contaminated
packets are dropped and non-contaminated packets continue on their way.
·
Intelligent libraries:
SafeMedia’s experience libraries are knowledge-based, created from the actual
operations of the subnet, and include specific logic markers in addition to the
derived adaptive network pattern analyses.
·
Remote update and self-healing: All maintenance actions-updates, integrity checks, sanity
validations, system housekeeping, and self-defense are remotely performed through
SafeMedia’s servers with no delay in network operation.
·
No Invasion of User Privacy: P2PD detection does not invade user privacy, does not
record and track user IP’s, does not decrypt any traffic, and allows the
execution of all current security techniques (Tunneling, SSH, etc.).
·
Accuracy: P2PD is fully effective at
forensically discriminating between contaminated and non-contaminated P2P
traffic with no false positives (i.e., identifying another protocol as the
targeted protocol) whether encrypted or not.
·
Speed:
P2PD operates at network speed with little or no latency.
Mr.
Chairman, distinguished members of the Committee, the issues you are examining
today are vital to the future of a secure internet where the value of digital
media is protected to allow our economy to grow and expand in the global
marketplace and to protect consumers, students, businesses and government from
identity theft and security breaches. SafeMedia
has the only technological solution available to address these issues.
In closing,
I would like to share a recent “case study”.
Last week, we hired a new executive assistant for SafeMedia’s President Pasquale
Giordano. During the course of the
interview, we explained what our technology does and how it works. She said her 13 year old son had installed LimeWire
on their home computer. Mr. Giordano
explained the dangers of P2P and to prove the point told her she should go home
and type in “tax return” to see what she came up with. The next day, she returned to the office with
a copy of a tax return from Rosemary Wyatt – a resident of
In the final analysis, a user whose identity has been stolen or
a business that has had a serious data breach really doesn’t care whether
contaminated P2P networks were deliberately designed to deceive or
inadvertently caused the release of private and sensitive information - the
result is the same. The simple fact is
that the most popular P2P services cannot thrive without “cooperation” from
users sharing their files. If that
cooperation cannot be obtained willingly, as the report's analysis shows, it
will be obtained through “technological features” that “induce” users to
“share.”
As an experienced computer technologist, I would
never recommend that Congress mandate the adoption of a particular
technology to address the vital issues you are examining today. However, I do believe that the only way to
protect individuals, companies and the U.S. economy from the dangers of
contaminated P2P including identity theft is for Congress to act decisively on
recommending that technical solutions be adopted that eliminate the threat of
contaminated P2P. And of course, such
solutions would best be achieved without putting any additional burdens on
individuals using the internet. At
SafeMedia, we believe we have such a solution and I am confident that, in time,
the marketplace will show that we have the best technological solution.
I am thankful for the opportunity to serve this Committee and
would appreciate the opportunity to answer any questions or to provide any
technical assistance or analysis that may be helpful to the Committee.