, , , ,

The other day, The Telegraph made the bold claim that ‘the BBC is to spy on internet users in their homes by deploying a new generation of Wi-Fi detection vans to identify those illicitly watching its programmes online‘. Try as I might to determine how that would work, the only possible source for this disclosure I could find was a report that was published by the National Audit Office (dated March 2016).

As it turned out, The Telegraph must have jumped to this conclusion after the BBC closed a legal loophole that allowed the watching of iPlayer without a TV licence, and after seeing the following statement within the Audit Office report: ‘TVL detection vans can identify viewing on a non-TV device in the same way that they can detect viewing in a television set‘.
The only way that could be true is if the detection equipment was comparing light radiation from a TV/monitor with a live broadcast. There’s nothing in the report about WiFi signals. In fact, the report itself implies that, whatever ‘evidence’ they’re gathering inside the ‘TVL detection vans’, it’s actually less reliable than the contemporaneous notes made during a physical inspection of suspected license evaders’ properties.

Let’s suppose, hypothetically, the BBC did comission a TV Licensing authority to go around monitoring peoples’ WiFi traffic. From a technical perspective, the people manning the BBC detection vans would be no different from the criminal parked outside with a laptop running a packet sniffing tool. This is true regardless of what the law says, simply because the technology cannot distinguish between adversaries.

Thankfully the basic security on the typical WiFi router provides a good level of protection against such an adversary. Anyone could operate their network interface in ‘monitor mode’ and passively capture encrypted packets/frames from multiple nearby networks, but that wouldn’t reveal much about what’s being communicated on the networks unless they were later decrypted somehow.
Technically it’s possible for the iPlayer server to send beacon or signature packets, maybe of a specific size at a specific frequency, then listen for that signature in WiFi traffic (edited to add: Dr. Miguel Rio also suggested something like this in the Telegraph article)- you could get that running a capture in monitor mode, just about, assuming the owner hasn’t changed the MTU trying to fix router/ISP synching problems. The problem is that alone is nowhere near enough evidence to prosecute someone.

So, in conclusion I think it’s another scare story.