you’d have to intercept packets coming from a sharer going to a “downloader” (not sitting on a proxy)… that in itself is probably pretty illegal (right? at least without the proper warrant). Then you’d have to determine what was being sent from the sharer to downloader and if this infringes your copyrights.

A far easier way (but more specific) would be to get the address of a sharer (which is being done as we speak by the RIAA) and park close enough to determine if they have a wireless network… if so, then you could sniff the wireless packets (wireless encryption is pretty weak) and tell what’s going in and out of the sharer’s network. Determine what files are being sent, and who to… subpoena the downloader’s IP address (it’s just so easy isn’t it?) and send them a c&d. I don’t want to get too far into territory that is too technical for me… someone else should chime in.

But let’s say there’s no SSL encryption – how easy is it then?

Cracking SSL encryption (which is what we use when at Amazon or Wells Fargo) is a pain in the ass. You’ve literally got to search key space [1] which takes days. So even lightweight encryption is “a good thing”®. I think a better idea would be a widely distributed p2p proxy server… this would mean that you would appear to be surfing from all over the world in a single session… and it would be really hard to figure out who’s who.

[1] Check out this guys quote:

Not much. Everybody who understands the technical details knew perfectly well that this was doable and even easy. You have to understand what happened exactly. I did not break SSL itself. I did only break one SSL session that used the weakest algorithm available in SSL. If I want to break another session, it will cost another 8 days of all my machines.

Yeah – the way I was thinking about it was: we use encryption on Amazon and such to keep people from viewing transactions, right? Well, that must mean those transactions are viewable if someone has enough info. Wouldn’t a similar idea apply to P2P? Of course, viewing those transactions could still violate some sort of computer crime/fraud law. So, while technically possible, it might not be legally possible for the RIAA to do so.

Hey guy, I guess I’ll answer in the comments so that more tech-savy people can beat me down… the only way (I think) that you can monitor a download like you are saying is to know which pipes the packets (TCP/IP frames) are going through… that’s tough… you could install some software on a machine/router near a particularly heavy sharer… and monitor the IP addresses that downloads were going to… even then, you probably wouldn’t be sure what they were receiving… I think it would be tough.

Actually, now that I think about it… the RIAA itself could set up a “honeypot” and monitor all the Kazaa users who download stuff from the honeypot, then subpoena the PII of certain IP addresses and then get a warrant for a computer search… this seems pretty obfuscated… I guess that’s why it’s so easy to go after sharers… you know what they have and you can get to them. If a downloader quickly moves stuff out of their shared folders, you’d need to hack into their computer (interdiction) or get a warrant for dicovery.

Someone please add to this!!!