Saturday, 22 May 2010

Why Repeal sections 11-18 of the Digital Economy Act?

Here is a copy of the letter I wrote to my local MP. You should do the same!

Dear Mr Dowd,
please find enclosed web links to the results of independent security research that I have conducted into some of the issues I raise in this communication. Also please ensure you are up-to-speed with the technical aspects of the issues raised and if you have any questions please do not hesitate to contact me for clarification or explanation.

My intention is to inform and ensure that you are fully aware of the ramifications of this bill to our constituency and the importance with which I personally regard this issue.

You are probably aware that the Digital Economy Bill was rushed through the last Parliament on 8 April during the so-called "washing up" phase without giving MPs the chance to scrutinize this complex and controversial piece of legislation. We live in the information age and the issues raised by this legislation go right to the heart of our development as a digital society in this new age and, in so doing, demand appropriate consideration.

I believe that the Act has very serious flaws, one of which is the provision to disconnect citizens from the internet which I believe to be a fundamental breach of human rights. Our society relies and will increasingly rely on the internet as a gateway to services, both public and private, goods, information and education. It can be argued that the internet has now become of critical importance, especially those members of our community that are vulnerable, frail, disabled or otherwise disadvantaged for activities ranging from working from home, keeping in touch with loved ones, managing bills or just doing the weekly shopping.

The Act allows the implementation of the 'three strikes' provision that could see families being disconnected from the internet for a minor civil offence, infringement of copyright. Furthermore, the Act holds the account holder liable, not the infringer. As a result people could have their work or education disrupted through no fault of their own. What about the case where the infringer, without the consent of the account holder, gains access and makes use of the account holder's internet connection through an unencrypted wireless network? I believe that around 12% of your constituents are currently exposed to this scenario based on data that I have collected (a passive wireless site survey of 317 networks). Should the account holder be disconnected because of their failure to fulfil their role to enforce the correct security scheme on their wireless router or enforce their own wireless network security policies? In what setting or on what occasion has the government helped or attempted to educate the wider public about this issue? Why should the general ignorance of the public on this matter be punished in this way.

I have conducted my own wireless site survey of my local area which took me about an hour, the results of which can be downloaded in google earth KML data form here:

Please open this 'KML file' with google earth software to allow you to see the distribution of the wireless networks which are at risk:

The wireless networks in red are unencrypted and those in green are encrypted. You can see how widespread the problem is by the ratio of red to green dots (please zoom in and pan around to ensure that you see the full dataset). 317 wireless networks were surveyed of which 38 were found to be entirely unencrypted and no doubt many of the remaining 279 encrypted networks will be 'cryptographically weak' because they employ the WEP scheme; which is ‘easily crackable’. I am a fully trained electronic engineer (recently graduated from Durham University) and an independent network security consultant so please take it from me, if an individual really wants to get into your wireless network then not a lot can stop them, no matter what security scheme you use.
By unnecessarily criminalising and penalising the use of the internet in this way we will see a rise in the incidence of home network security cracking and invasion by people that have been disconnected or people attempting to evade their own disconnection.

The tools for wireless hacking are widely available and well known about, please go have a look:

Please do not be mistaken about why these tools exist. These tools have been developed and popularised by technical enthusiasts, white-hat hackers, academics, computer experts and programmers from all walks of life in the hope that industry will address the underlying failure of the available wireless encryption schemes (WEP, WPA, WPA2, etc...)to provide adequate protection to all of our home networks. Also please do not be mistaken and the effectiveness of the governments proposed solution to the problem. They are only raising the technical barrier by a very small amount so the resulting fallout will be that families are disconnected rather than tackling illegal downloading. Computer experts have already innovated around the detection schemes which will be at the governments disposal. The technical community knows how to avoid detection and how to achieve plausible deniablity. So in the same way that all other technical arms-races have panned out (just think about 'viruses and spyware' against the 'security industry') the establishment or 'the authority' of the day has already lost.

This is a VITAL issue for me as my civil rights are threatened by this law!

I would greatly appreciate a meeting with you or a personal email or written response to this letter.

Yours Sincerely, Samuel Carlisle BEng (Hons) Dunelm MRI