Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network Bungling cops in Yorkshire have called upon householders to lock down their Wi-Fi after mistaking a free hotspot user for a piggybacking connection thief. A Reg reader from Heckmondwike claims that a local busybody called the police after seeing him access the internet using BT's Fon service, which allows customers to access …
BT Fon: no access unless BT (think they) know who you are. Traceability (allegedly) exists.
Open hotspot: access for anybody, no traceability.
There is a potentially interesting philosophical discussion to have on the usefulness wrt privacy of having *enough* people offer anonymous free open WiFi. This article ignores that discussion.
There is...
http://www.ruralwifihotspots.co.uk/legal-compliance
And if you as a private individual (not business) offer hotspot access to anyone who passes by, you'd better log connections too given how well the police know their technology - see example in this story.
Although FON does log everything, my dad wanted it turned off just for this very reason.
The page you link to is for "commercial entities" not private individuals. A private individual can offer their home connection to whoever they darn well want without having to log anything. They might be breaching their terms and conditions of use with their ISP but it isn't a criminal matter.
And ?
Particularly on an IT forum, the idea that a hardware failure - albeit deliberately and artificially implemented - would cause anyone more than an hours inconvenience seems a little quaint.
A VM image in the cloud, plus data in the cloud means all I have to do is get hold of a decent Linux box, and reconnect to the internet.
Along with the 6am dawn raid with the screaming sirens, the helpful off-the-record interviews with the local press and neighbours that reveal you to be a suspected pedophile, complying with police bail requirements (hope you didn't plan on going abroad on holiday any time soon) and the grudging admission a year later that there was 'insufficient evidence to prosecute you' which as we all know, just means you were able to hide your tracks.
And don't expect any compensation for that door we were forced to smash open, you filthy pervert.
"You'll get your computers, tablets, laptops etc back eventually...."
Really? Because I know some folk who are damned well innocent who've not gotten their stuff back after two years. Besides, the way laws are structured it's virtually impossible for any of us to be innocent of everything. Our lives are on those machines. Search them hard enough, you'll find something to jail them for, even if it's not what was on the original search warrant.
"Our lives are on those machines. Search them hard enough, you'll find something to jail them for"
If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him.
"even if it's not what was on the original search warrant."
That's another reason why I prefer the US system, if the alleged crime isn't on the warrant, you do not get to include it on the charge sheet!
They may seize objects not specified in the warrant only if they are in plain view during the course of the search. So keep your drugs out of the way if they're looking for PC gear for example.
But in the UK, they can do what the hell they like.
It speaks volumes of how much trust the UK sheeple place in the law.
I had plod take away several computers. most returned damaged in one way or another (they'd frequently tried to remove the hard drives with the wrong screwdrivers). I sued and won. I now own several very high specification machines paid for by the clueless Metropolitan Police. The two "defectives" who insisted that the machines "had to be impounded" are no longer employed by plod.
The stupid plods assumed that any computer that required a password for access must be harbouring something illicit. When they were granted access to a guest account on the machines, they couldn't understand that there was no "Word" or "Internet Explorer". They didn't understand that they were Linux (Mint) desktop machines. They had this gently explained to them, but decided that "Linux is only used by hackers" and the computers had to be impounded.
The fundamentally stupid thought processes of these two clowns were breathtaking. They also felt the need to arrest all the registered users of the machines for unspecified "cybercrimes" - obviously something they'd read about in the "Sun"......
"You'll get your computers, tablets, laptops etc back eventually...."
Should that unfortunately happen - then it would be wise to check any PSU mains voltage settings on the returned equipment. Accidents happen - and your PSU settings might return at 110v rather than 240v.
I know those laws don't apply to you if you're an individual and the burden of proof is on them but I really wouldn't like to chance it if it were the local Jimmy Saville who decided to use your open hotspot provided to everyone out of a sense of community spirit, altruism, etc...
So you either log connections to the same standard or you don't offer an open hotspot. Even if you do provide a hotspot which logs everything (e.g. FON) the police have demonstrated time and again that technology confuses them.
"So you either log connections to the same standard or you don't offer an open hotspot. Even if you do provide a hotspot which logs everything (e.g. FON) the police have demonstrated time and again that technology confuses them."
I very much doubt that you as a householder would be on the hook if someone did something malicious on it.
Any complaint would come through BT and BT would know from the logs that it was someone piggybacking from your public wifi spot. They'd also know who that person was according to the login details.
So while plod might come around to ask if you saw someone doing a four fingered shuffle in your garden, you yourself would not be under suspicion of any crime.
Interesting discussion above about the traceability BT Fon connections. A stranger connecting to your BT router gets a separate channel and an internal IP on a separate range (default 10.x.x.x). However I am guessing they get the same internet facing IP. Can't test it just at the moment tho.
As others have said, an investigation would be brutal for you, even if found innocent. The loss of all IT kit, for months, stigma, job worries, stress. A chap who went through it himself wrote a Reg article a couple of months ago. He was found innocent, but the experience was not pretty.
"However I am guessing they get the same internet facing IP. Can't test it just at the moment tho."
Orange France has a public WiFi network running on the back of home internet connections, using APs called "orange" instead of the usual "Livebox-XXXX" (last four digits of Mac). You need to log in using your credentials - orange email name and password IIRC. It is done in the manner that if you offer a public access point, you have the right to use other public access points, but if you turn off the public AP, you lose the right. As I live in the back of beyond and you can barely get access through the stone walls, it doesn't bother me to leave it switched on.
Aaaanyway, I did some tests and the public AP gives you a completely different public IP address from the private one. I didn't bother testing QoS as my downstream is only 2mbit so it doesn't take much to knock that on the head. I might try it sometime and see how the Livebox allocates bandwidth if only the public AP is running, and if the private one then starts a download...
> As others have said, an investigation would be brutal for you, even if found innocent.
Correct. But one should not give in to intimidation and veiled threats from those under colour of authority. Showing any sign of fear or hesitation is the worst possible course of action.
Repeated first hand experience on this. I'm still here, so far. :)
"So while plod might come around to ask if you saw someone doing a four fingered shuffle in your garden, you yourself would not be under suspicion of any crime."
They'd find a crime to suit, or just make one up. You used the internet. You're a terrorist and a pedophile.
Dan, I respectfully suggest you may want to stop offering such incredibly stupid advice.
> So you either log connections to the same standard or you don't offer an open hotspot.
a) I'm not a fucking snitch.
If I happen to catch someone doing something seriously harmful I'll intervene, but I won't be sacrificing the well deserved trust I put on my fellow citizens for the sake of a few bad apples.
b) Log the stuff and find yourself in violation of privacy laws.
It can be done, but you need some professional guidance on how to make it probably legal (in law there is no truth/false, but mere probabilities bit like in quantum physics). Else it's you who ends up getting in trouble.
Erm, no. The ISP will have details from its dhcp logs, and indeed if you don't reboot your router much (and who does) likely it will still have the same IP. It's the public IP that will show up for the downloads, regardless what's going on with the private side of your setup. It's you, and you won't be able to deny it. Even though WE all know that *probably* it wasn't.
"No actually, in court the police and CPS would have to prove it was you, which would be impossible."
Since when? The US and UK moved to "guilty until proven more guilty" ages ago. When it comes to the internet, presumption of innocence was ejected. It's not going to be returning.
It's up to the CPS to do the proving. However, the cops do the investigation and charging and leaking to the press which means you have the inconvenience of having your IT equipment taken away to be forensically investigated, the hassle of going to court, getting a lawyer, being banged up for a few hours, lots of questioning and then named in the paper as an internet kid-flik watcher - before being proven innocent in court.
And all that's before they bang you up for the bit of your hard disk with the old TrueCrypt area that you did when trying out TrueCrypt originally and have long ago forgotten the password for. Let alone that ancient USB key that's password protected but you never used more than once because it's more hassle than it's worth. Plus they want the passwords of all your online accounts because, well, children.
"On the contrary, it's up to the police to prove it WAS you, if the shit hits the fan"
The problem is that the process is now the punishment: collar felt, draged down the nick, held for nnn hours (or mmm days "if we fink it's a serious crime or terrorizum..."), all computer equipment impounded - and we all know there's no smoke without fire = arrested = pedo = guilty...
Such is now "freedom" in Blighty, where some crimes are so serious that lack of evidence or inocence is no excuse.
> paying for the solictor to argue this point with the police, will cost more than your computer.
Depends on whether you factor in the cost of letting the society you live in become that little bit more oppressive due to your not standing up for it when you had the opportunity.
I have paid that solicitor. After a while, word somehow spreads and they learn to live you alone. In addition, they will be more careful when trying to go all bully on someone else. To me that's a lot more than my money is worth.
> Yes, but you'd need to prove to the police that it's not you if the shit hits the fan.
Dan, it does not work like that at all. Your accuser (CPS or whoever) need to prove in court, to a level consistent with the type of proceedings you're involved in, amongst other factors, that it was indeed you, and not somebody else who did whatever it is they're alleging you did. On anything involving internet access or computer use in general, this is notoriously difficult.
This information brought to you by someone trained in computer forensics and unpopular enough with the police and courts of a handful of countries to have first experience of how things work.
https://www.btfon.com/images/media/en/en_general_conditions.pdf
if you are under 6.2 of this "agreement", you receive a "revenue share".
Thats services in exchange for renumeration, you just became a business. (Sole Trader), no insurance, wanted by HMRC, unless you declare this income on your tax return.
You also probably busted many other peices of legislation on commercial broadcast, planning regs, etc.
PS
and you're now an ISP, hope you've got the logs
I'm not quite sure whether things have changed since the recent "emergency" legislation, but it was certainly not the case until recently that you are obliged to log connections or retain any logs.
You only* need to do so if you are instructed to do so and, so far, the instructions have gone mainly to the large ISPs:
http://www.aa.net.uk/kb-other-data-retention.html
*I use the word "only" advisedly....
There's no "alleged tracability". If you connect via FON, you arrive on the Internet via a completely public IP address using logon credentials. The traffic is just as traceable as that for any traffic coming from a device connected to your home network. Indeed, more so as there are not credentials passed from devices on your home network to the ISP (unless there's a back-door in the router which logs MAC addresses and sends them to the ISP).
Of course, somebody could always steal your details, but that is true of any public network where you logon with a userid and password. Indeed, it's true of somebody who gains access to your home network logon details (how many people freely give their WiFi passwords to friends and family to put in their phones and other devices; how secure are those?). The only systems which are really proof against stolen details are where one time password devices are required.
This is plod knowing a little and thinking he's somehow qualified to lecture the world. If he wants a security problem to worry about, then it's about accessing public networks at all. It would be pretty easy to mimic a BT FON connection.
Sure the police can be pedantic, power abusing thugs, but not always..
In this instance, they were right to send out the letter...
It is very likely the 'busybody' only told the police that he saw a man using someone else's wifi, not that he was using FON.
So, with that info, a blanked letter to ensure people secure their hotspots is sensible, and good advice!
A guy in the pub last night told me about a friend who's neighbour saw what looked like a naked child running around MrXavia's house. I am sure a quick call to the local plod should sort that out.
What do you think Mr Xavia...
Sorry about the tone but the police should react on fact not on speculation.
>Sorry about the tone but the police should react on fact not on speculation
And until they've been round to Mr. Xavia's house to investigate HTH do you expect them to know whether your scenario is fact or not.
You are effectively saying that the police should not respond to anything. How would you feel if your neighbour phoned the police to report that someone was in your house while he knew you to be on holiday and they asked them to prove it before they went round?
@Chris W
No, I am not saying that they should not respond to anything, I am saying they that should have gathered some facts before reacting.
They sent out letters without first establishing if there was indeed a case... Why was no-one intially sent out to determine what ALL the facts were ?
>Why was no-one intially sent out to determine what ALL the facts were?
And who are they going to ask? The anonymous El Reg informant here only speculates that he was the person who was complained about and probably wouldn't be around to question by the time the complaint had been processed.
@Chris
Then if the police have absolutely nothing to go on and the case is so insignificant why did they bother doing anything at all. What was the point of the letter then? Was it just to satisfy the community needs....pull the other one.
@lamont
>Is the police sending round a polite note reminding everyone to secure their WiFi really comparable with you attempting to grass up your neighbour as a sex offender?
Is this what you consider the Police should spend there day doing, sending polite letters reminding people to secuire their Wifi connections. Maybe in Noddy Land that sounds like a great idea but here in the real world I can think of far better ways of spending tax payers money.
The police response was correct, whether you like it or not. They are not going to immediately send round an armed rapid response team on a tip-off of piggy backing. They had a tip-off and the letter to residents was an appropriate response in the face of possible criminal activity going on in their neighbourhood.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
