BBC will use surveillance powers to sniff Britons' wifi and find license-cheats

If you live in the UK and watch live TV or use the Iplayer video-on-demand service, you have to pay a "license fee" that directly supports public media in the UK (in other countries, public media is funded out of the tax-coffers, but in the UK, it's a direct transfer from viewers to the media, which is meant to make the BBC independent of the whims of government and thus more able to hold it to account).



License fee payments have historically been triggered by TV purchases -- companies that sell TVs in the UK report the sales to the license authority, which checks to see whether the purchaser is a license-holder, and, if not, sends a bill (this became something of a pain in the ass when businesses began buying flatscreen monitors and getting license fee demands for sites where no TV viewing ever took place). In the early years of computing, the BBC used tuner-card sales as a proxy for TV sales, and collected license fees from viewers who watched on their computers that way.


Now, of course, the main way to watch TV on your computer or handheld is with Iplayer. The BBC successfully lobbied to get the right to levy license fees for Iplayer viewers, and then got another, much more outrageous legislative gift: the right to ignore privacy law and invoke the controversial spying tools provided for in the Regulation of Investigatory Powers Act (RIPA) to spy on Britons' wifi traffic willy-nilly and look for license cheats.


The BBC is relying on security through obscurity to make this work, and will not disclose their methods.

The best guess is that the new detector vans will intercept wifi traffic and, without decrypting it, try to deduce (from packet sizes and timing) whether the network is carrying Iplayer traffic. The technique apparently relies on the fact that the BBC can control the Iplayer's streams to introduce nonstandard timing/size elements that will fingerprint it, even in cryptographically protected streams.

This is potentially very invasive, and raises the possibility of false positives (how, in a multi-unit or dense dwelling, will the BBC determine which house goes with which wifi?). What's more, the gains from this invasive practice will be marginal at best: simply by assigning logins and passwords to license payers, the BBC can get almost all the same benefits, and the vans will only serve to catch people who share passwords -- and the false positives will be many (if my license fee gives me the right to watch the BBC on all my devices, and I go to someone's house and watch my devices there, it doesn't matter that they haven't paid the license, because I have).


It's also likely to be trivial to defeat. Home routers can -- and should -- block information leakage from the cipherstream by normalising timing and packet size.

It feels like a boys-with-their-toys move, wherein the lab techs get excited about an avenue of research and sell it by appealing to management's graspiest, greediest, most distrustful-of-the-public instincts. The BBC's future, after all, relies not on its ability to collect the license fee, but to preserve it as a matter of law, which means that it requires the affection and support of the British public. This is not how to win that affection and support.


A spokesman for Privacy International, the human rights watchdog, said: “While TV Licensing have long been able to examine the electromagnetic spectrum to watch for and investigate incorrect usage of their services, the revelation that they are potentially developing technology to monitor home Wi-Fi networks is startlingly invasive.”

A spokesman for TV Licensing said: “We’ve caught people watching on a range of devices, but don’t give details of detection as we would not want to reveal information helpful to evaders.


“Our use of detection is regularly inspected by independent regulators.”

The broadcaster included the NAO report in a list of documents that it claimed to have published alongside its annual report last month, but never distributed the review or uploaded it to its website. It has now been placed online by the public spending watchdog.


BBC to deploy detection vans to snoop on internet users
[Patrick Foster/Telegraph]

(Image: BLW TV Detector Van, Mike Peel, CC-BY-SA)