BBC To Deploy Detection Vans To Snoop On Internet Users

product_bucket writes: The BBC has been given permission to use a new technology to detect users of the iPlayer who do not hold a TV license. Researchers at University College London have apparently developed a method to identify specially crafted "packets" of data over an encrypted Wi-Fi link without needing to break the underlying encryption itself. TV Licensing (the fee-collecting arm of the BBC) has said the practice is under regular scrutiny by independent regulators, but declined to elaborate on how the technique works. Dr Miguel Rio, a computer network expert who helped to oversee the doctoral thesis, said: "They actually don't need to decrypt traffic, because they can already see the packets. They have control over the iPlayer, so they can ensure that it sends packets at a specific size, and match them up. They could also use directional antennae to ensure they are viewing the Wi-Fi operating within your property." The BBC has been given such authority through the Regulation of Investigatory Powers Act.

Two bugs (at least!)

First off, Ethernet. Now that it's known, it's easily defeated.

Secondly, false positives. Now that hackers know what they're looking for, these will be trivially easy to implement: just send whatever traffic with the packet-size signature, and people will look like they're using iPlayer when they are not.

Re:How it works? Easy.

[Megol]

Actually detecting an old CRT TV is pretty easy (the receiver generates a characteristic signal), never CRT TVs are much harder (more modern electronics). Lie detectors does work too, the problem is they aren't reliable - some never triggers them, some always triggers them, some have essentially random outcome. Lie detector operators are trained with pseduo-science and intimidation techniques.

Both are mostly used for scaring people, doesn't mean they don't work in some situations.

Re:Ethernet

This is why everyone should be using a VPN. Lots of good options under $10, some even under $5.

Re:Privacy? Fuck you.

Tory policy since Thatcher has been to squeeze and mis-manage public services deliberately until the public tips in favour of privatisation. If you don't think this fucking ridiculous claim is an extension of that, you're either young or have newly immigrated.

Re:Seriously?

[tliet]

Logging in for the first time in years to reply to this.

Why not paying from the taxes? Because the programs can then be politically influenced! That's why.

You'll hear complaints in the Murdoch owned media that the BBC is left wing and biased. Trust me, after the Netherlands did away with the license fee (because it was cumbersome and people didn't understand why they had to pay for it) and switched to a tax payer funding, the usual suspects (usually on the right side of the political spectrum) have since started influencing and outright adjusting the content.

In the Netherlands the long treasured pluriform system is now on the verge of collapsing under the weight of the ratings. I wouldn't go as far as saying the content is politically influenced, but the system is not completely without government influence either. The way the BBC is funded is actually very clever, its fee is set outside the political cycle. Here is some more info about this scheme: http://www.bbc.co.uk/blogs/aboutthebbc/entries/9637e45d-c96c-36c6-9e3f-af141e81cab4 (Sorry, don't know how to make a hotlink on Slashdot)

Quite a few people inside and outside the UK truly understand the value of the BBC. It goes far beyond Top Gear, don't believe the Murdoch owned media lambasting the BBC.

Re:Ethernet

[Kjella]

Actually- surely this is bollocks anyway. If you can determine who's watching iplayer by looking at encrypted packets then surely encryption is broken? Anyone with more experience care to comment?

Yes. You fundamentally don't understand what encryption does, it protect what you're sending, not to who and when. If you SSH to a server, does your ISP see what IP you contacted? Yes. Does it see how much data you transferred and when? Yes, obviously. Same thing about wireless, only it's public for anyone to pick up when you used it and how much. Any normal network will rush to pass on data as quick as it can and you can use that by intentionally staggering. Say you request a 100 kB image from me, I send it as 1kb, pause, 3kb, pause, 5kb, pause, 7kb, pause, 11kb, pause, 13kb, pause, 17kb, pause, 19kb, pause, 23kb, pause, 10kb. Then I watch the packets on your WiFi and it's the same pattern. Coincidence? Pretty quick it won't be.