Friday, 23 April 2010

Don't secure your wifi!!!

OK, this is where it gets very very silly.

Firstly let me stress that there a lot of really good reasons to secure your network, not least of which are privacy of your machines and data, viruses spreading, and even costs (you may pay for usage of your internet!). If you have fire-walling facilities allowing you to run a DMZ (de-militarized zone) for public wifi that is safer.

However, the Digital Economy Act has just turned things on their head slightly. It actually encourages you to run an open wifi.

The logic goes like this...

1. Running a public access wifi hotspot is 100% legal - the act does not make it in any way wrong to do that. You may not think so reading it as you can lose an appeal against technical measures if you cannot show you took steps to secure your wifi, but it does not actually require you to take such steps, and if you read on - failing to do so could make you immune from technical measures anyway...

2. Once you are running a public access wifi you are clearly providing a communications service (to the public even). This makes you a communications provider by any reasonable definition of that phrase (and by definitions in the Communications Act).

3. Tell your internet provider that you are now buying the service from them as a communications provider. Well, best to ask first in case they have any extra terms, AUP, or costs, but some (like AAISP) don't mind at all. In fact go further - advise then that sending you copyright infringement reports would cause you distress and alarm.

4. Now you have done that you are not a subscriber as defined by the Digital Economy Act 2010. But as you have no agreement with the public for them to use the wifi so you are not a service provider either. So you don't have nasty obligations under the Act either.

5. Your internet provider cannot treat you as a subscriber as the definition is clear in the Act. As such they have no legal requirement to pass on or count copyright infringement notices to you for your IP addresses. In fact, if they do they could be comitting an offence under Protection from Harassment Act 1997, section 22 of the The Privacy and Electronic Communications (EC Directive) Regulations 2003, or section 127 of the Communications Act 2003.

6. The internet provider must not count the notices they get or take technical measures against you under the Digital Economy Act because you are not a subscriber.

In fact this means you are safe from all of the measures of the Act, basically.

Now, the copyright holders could get your details by use of an expensive court order and take legal (civil) action against you - but you now have the perfect excuse - you run a public wifi so in all probability the copyright infringement was carried out by some random member of the public. After all, you are already on record that you run a public access wifi. You have created plausible deniability.

Obviously this is not legal advice, but sounds pretty simple to me - the new Digital Ecomony Act actually encourages people to run public wifi to make themselves immune to the copyright infringement reports, technical measures, and even direct civil cases.

Maybe it is a cool and useful act after all? Well done labour.

P.S. AAISP have made the situation clear for its customers http://aaisp.net.uk/legal-cp.html

P.P.S Why not make the public wifi only work on IPv6 with RADV. That way you are not allocating IP addresses either :-)

15 comments:

  1. I had hoped that the new law would be unenforceable, riddled with flaws in the sloppy drafting that has become standard practice in recent legislation. No such luck: the Digital Economy Bill was drafted by the music business and, whatever their history on ripping of musicians and the public, they pay their lawyers handsomely. Needless to say, they did the job competently.



    But... Silly me, fiddling in the details and the fine print when we know that the DEB was conceived in ignorance and grew out of deep conceptual failings in their understanding of justice, property and the nature of digital communications and media.

    Thus, we have hope and relief, if not salvation: our rulers and their owners have demonstrated limitless ignorance of the Digital Economy and its technical undepinnings, at every stage of the legislative process. It is therefore inevitable that the law will be riddled with errors and absurdities that provide exactly the kind of loophole you have pointed out today.

    ReplyDelete
  2. Have been looking at virgin medias t&c's

    http://allyours.virginmedia.com/html/legal/oncable/terms.html

    I believe that the following line(D 1 J) would make this against the t&c's - any thoughts?

    use the services in a way that: (i) risks degradation of service levels to other customers; (ii) puts our and/or Virgin Media Entertainment's system at risk; and/or (iii) is not in keeping with that reasonably expected of a residential customer. If we and/or Virgin Media Entertainment believe that you are using the services in any of these ways, Virgin Media and/or Virgin Media Entertainment (as applicable) are entitled to reduce, suspend and/or terminate any or all of the services without giving you notice

    ReplyDelete
  3. Tad vague - surely it is in keeping with a residential customer to run an open wifi? but as I said, you should ask your ISP.

    AAISP take the view that it is now going to be easier to deal wit ha customer that is a "communications provider" than one that is a "subscriber", so it is to be encouraged.

    ReplyDelete
  4. Hi, I was wondering whether you had any insight into how one of the larger ISPs like BT would react to me asking to open up my wireless as a wireless provider.

    I've browsed there site and its extremely vague and i just wanted something to go on before i rang up.

    ReplyDelete
  5. Sorry - no idea - but do let us know!

    ReplyDelete
  6. @Ewan - some of the new Bt boxes operate as BT Open Zone node (at least, that's the only conclusion I can find when there's nothing else that could act as this in by brother's house) - so technically you're doing this anyway.

    ReplyDelete
  7. BT total broadband users have the Fon service option to share a percentage of their bandwidth to other BT OpenZone subscribers in the area.

    http://www.btfon.com/support/faqs
    Could be a good cover, although i guess they will have records of who is logging in and any certain time period to match activity to a users credentials.

    ReplyDelete
  8. Off topic...

    But I <3 AAISP. I don't live in the UK any more, but they were my ISP for the last 3 years I did and they are simply great! =)

    ReplyDelete
  9. Don't you have some obligation on data retention as a communication provider? (at least that's the case in some places in Europe)

    ReplyDelete
  10. Data retention directive is not an issue as...
    (a) They have to find you
    (b) The secretary of state has to ask you to record the data
    (c) The secretary of state has to reimburse you for doing so
    (d) You do not have to create new data, just what you already process or generate which for this would probably be timestamps and maybe DHCP allocated IP.
    (e) If you don't comply the worst the directive has is that they can get an court order requiring you to comply (not fines or any such) at which point you turn off the AP and stop being a comms provider.
    (f) I think you have to be a public comms provider for any of this to apply anyway and it may be you can be a communications provider without being a public provider.

    ReplyDelete
  11. An even more foolproof plan!
    1. Turn off your wifi and use a bloody cable.
    2. Don't engage in filesharing!
    3. Make all your connections thru a VPN!

    ReplyDelete
  12. @Andrew,

    If you do 2, why would you ever need 3?

    ReplyDelete
  13. Hi Rev. You mention you're an ISP. If you're allowing your customers to register with you as a comms provider, you may want to add your company to the "What is my ISP's policy on complying with the Act?" page on http://www.digitaleconomyact.info

    http://www.digitaleconomyact.info/index.php/What_is_my_ISP's_policy_on_complying_with_the_Act%3F

    ReplyDelete
  14. Sometimes I really wonder whether the relevant people (the ones responsible for all these new laws) actually read articles and comments like this.
    It would be a great danger because everything is analyzed and the weaknesses (=freedom) shown - and they could fix it.
    But at the same time they have shown so little knowledge so far that I can't quite believe it.. hm.

    ReplyDelete
  15. and put a huge bandwith restriction on your public wifi so no one can do anything but still classed as public wifi.

    ReplyDelete