Reduced security, increased safety
Discuss this article in the ZeroFlaws forums
Do you own a wireless router? Yes? Good. I'd like you to do something for me. Go into your wireless network configuration and check your security settings. The encryption option is probably set to WPA or WPA2 depending on the model of router you own. Can you set it to WEP for me please?
Careful - don't choke on your cappuccino. Yes, I am asking you to switch your encryption from the strong WPA setting to the, well, not strong at all WEP setting. And yes, I know WEP encryption is easy to crack. With some freely available software and a spare 15 minutes someone can easily break into your WEP-secured wireless network. Still, we should all live dangerously from time to time so go ahead and do it. There's no magic trick coming. You're not about to discover a revelation in wireless network security. I really am asking you to decrease the security posture of your wireless network. There's a very good reason for it, too. It will keep you safe.
Recently the UK Government decided it's time for their yearly moan about piracy on the Internet. The Department for Culture, Media and Sport released a paper called "Creative Britain: New Talents for the New Economy" [download here]. It dedicates a major chunk to "Fostering and protecting intellectual property", which covers all the issues surrounding copyright infringement and theft of intellectual property; piracy to you and I. The paper makes this commitment:
Commitment 15: We will consult on legislation that would require internet service providers and rights holders to co-operate in taking action on illegal file sharing – with a view to implementing legislation by April 2009.
Admittedly this is a UK Government commitment so the likelihood of them sticking to it is pretty low. Nevertheless the document continues:
The Government recognises the value of the current discussions between internet service providers (ISPs) and rights-holders; we would encourage the adoption of voluntary or commercial agreements between the ISPs and all relevant sectors. While a voluntary industry agreement remains our preferred option, we have made clear that we will not hesitate to legislate in this area if required. To that end, we will consult on the form and content of regulatory arrangements in 2008 with a view to implementing legislation by April 2009.
Forget for a moment that a department that deals with culture, media and sport is possibly spreading itself a little too thin. And that the same department probably can't also be an expert on all aspects of the Internet. This department has just made a binding political commitment to come up with some new laws and put them on the books by April 2009. Laws that govern the responsibility of ISPs where illegal file sharing is concerned. This is a serious problem. Let's be clear; I don't condone piracy, but although these measures will be designed to catch and prevent copyright infringement it's the innocent legal users who are going to suffer. The conversation is going to go something like this:
Gov: Piracy on the Internet is rampant, and today's biggest issue is Peer-to-Peer (P2P) filesharing. You, the ISP, must stop illegal file sharing.
ISP: Okay, unfortunately the Internet doesn't work like that. We can't just stop it.
Gov: Why not? Try harder. You're all techie people at the forefront of development - surely you must be able to do something about it.
ISP: Well, to properly inspect all P2P traffic from every user and determine whether or not it's illegal is very expensive and pretty much impossible. There might also be Data Protection Act issues with us monitoring people's traffic. Not only that it's easy for users to encrypt their P2P traffic to prevent anyone from inspecting it in the first place.
Gov: What, people can encrypt P2P traffic so you can't tell whether they are illegally swapping files?
ISP: Yes, but even without encryption we can't really tell if transmitted data is from an illegal source.
Gov: Well that's just unacceptable. If you can't tell legal from illegal you'll just have to block all P2P traffic.
ISP: Er, but there are lots of legal uses for P2P traffic. For example most versions of Linux can be downloaded via P2P.
Gov: Terrible shame, but we can't have illegal file sharing. We're being lobbied by big business, you see. Safe haven and all that.ISP: Well you said we could come up with voluntary agreements, so let's work something out.
Gov: We've got a better idea. Block all illegal file sharing traffic or we'll take you to court and fine you huge amounts of cash.
ISP: Looks like we're blocking the standard P2P traffic ports then.
This is actually quite a serious problem for legitimate Internet users. P2P is used to transfer lots of completely legal content because it's perfectly suited to moving large files around. Just some of the legal uses include downloading SuSE Linux, watching Star Trek and listening to music. By forcing ISPs to inspect and block P2P traffic the UK Government will effectively deny legitimate users access to legal content. It will turn ISPs into an ad-hoc police force, and completely goes against the principle of net neutrality. To draw an analogy, it's like making the Royal Mail (or the USPS) responsible for the contents of every letter, package and parcel passing through their service.
Leaving aside the impact on you and I, there's another fundamental problem with this approach: it's totally unenforceable and technically impossible. Pirated content can be transferred over pretty much any protocol, with or without encryption. The HTTP protocol is used for browsing websites, but it can be used for file downloads too. The FTP protocol is specifically designed for file transfer, and there are plenty of illegal FTP sites out there. You can send pirated content by email using the SMTP protocol. The list goes on, but the point is clear. Unless we move wholesale to a censored Internet access model where everything is denied by default and only "known good" services are allowed, there is absolutely no technical measure that can prevent piracy. This issue is the epitomy of the saying, "you cannot simply use a technical measure to solve a behavioural problem".
Of course there's no way western Governments would mandate a move to full-scale Internet censorship. What they can do is to rebalance the law against the end user. ISPs could be forced to identify P2P users to law enforcement; those users would then be presumed guilty until proven innocent. It would be your responsibility to demonstrate that you've not downloaded any pirated content. Add a strong deterrent such as a hefty fine or even the threat of a custodial sentence and the law would scare many, many people into never using P2P software - legally or otherwise.
But don't worry, I've got a solution: configure your wireless network to use WEP. WEP encrypts your wireless traffic meaning that the casual snooper won't be able to immediately see what's going on. But WEP encryption can be easily broken with free software suites such as Backtrack and a spare 30 minutes. So when you get hauled in front of the Court and asked to explain why your ISP discovered P2P traffic (of undetermined legality) coming from your connection you can smile sweetly and say, "It wasn't me, m'lud, I believe someone was hijacking my wireless network even though I encrypted it".
And if you're not comfortable with making all these changes to your network you could just buy a FON wireless router. It's specifically designed to let you share your Internet connection with others, making it reasonable doubt in a box.
The simple fact is that Governments around the world have repeatedly been shown to be incapable of passing sensible laws where technology and the Internet are concerned. Similarly businesses and commercial organisations have been very enthusiastic about using those laws to their own advantage, not least because the Judiciary just don't have the technical knowledge to deal with matters appropriately.
It seems that our best defence is to use technical measures to make these laws unenforceable. So, please, come hack my wireless network.
Technical note:
If you do plan to half-open your wireless network by switching to WEP, make sure you configure your network correctly. It should be designed so that traffic coming from the wireless network is firewalled off from your internal, private network.
Further reading:
- Virgin Media are reported to be the first UK ISP that will implement "piracy tracking" [article here].
- The US ISP Comcast has already tried to manipulate and prevent P2P (Bittorrent) traffic. The result has been outcry and the mention of lawsuits. This article from CNET.com provides an excellent introduction; this Google search provides many more articles.
