About seven million* homes and small businesses are vulnerable to Wi-Fi hijacking and so at risk of being wrongly disconnected from the Internet according to a new study into broadband security released today.


The study coincides with today’s launch of a campaign against Lord Mandelson’s plans to disconnect people suspected of illegal filesharing without a trial.


Don’t Disconnect Us (www.dontdisconnect.us) has been initiated by TalkTalk, Britain’s biggest provider of broadband to homes. The campaign’s website sets out three principal objections to Lord Mandelson’s plans;


1.  It by-passes the courts and gives rightsholders quasi-judicial powers


2. It exposes millions of people to false prosecution since it is based on an approach where those suspected of illegal filesharing will be presumed guilty and have to prove their innocence in order to avoid being falsely disconnected


3. It will do little to tackle illegal filesharing since the main offenders will easily avoid detection by using other people’s broadband connections to download content or encrypting their activity.  Indeed the proposed measures will increase Wi-Fi and PC hijacking and so increase even further the chances of innocent customers being wrongly cut off


The risk of innocent people being disconnected is not hypothetical. Consumer organisations such as Which? have been contacted by dozens of people who have been wrongly accused of filesharing by rightsholders who used a similar method to the one Lord Mandelson is suggesting.


Last week a knowledgeable Parliamentary committee, Apcomm, came out squarely against Mandelson’s disconnection plans saying “this approach [disconnection] to dealing with illegal file-sharing should not be further considered”


The Don’t Disconnect Us website provides a hub for people to learn the latest views on tackling illegal filesharing from around the world, a forum to discuss the issues and a link to a petition on the No 10 website where opposition to the plans can be registered.


The survey of 1,083 Wi-Fi connections, which was conducted by TalkTalk, found that 5 per cent of connections were completely open (ie no security at all), 36 per cent used WEP which is easily hackable and 56 per cent used WPA which is currently fairly secure, though a vulnerability has already been detected meaning it could become hackable soon. Only 3 per cent used the most secure form of protection, WPA2.

Find out more

A new YouGov poll commissioned by the Open Rights Group provides a response to Government proposals to force ISPs to disconnect suspected illegal downloaders.   Nearly 70% of those surveyed said someone suspected of illegal downloading should have a right to a trial in court before any restrictions on internet use were imposed.

Sion Simon, the minister for the internet, insists that disconnection is a last resort.   The growing backlash from internet users, camnpaign groups and now an all-party Parliamentary motion urging a rethink of the policy.   Barely 16% of respondents to the YouGov survey supported automatic curbs based on accusations by copyright holders such as musicians.

The core complains from ISPs is that the proposals require them to bear the costs of protecting a third party’s rights, namely the rights of the copyright holder.   In a context where illegal filesharers can avoid detection by encrypting traffic, or by hijacking someone else’s IP address or Wi-Fi network you can imagine the nighmare involved in policing the proposals.

In other results from the survey, 73% of respondents said they would find their ability to use vital commercial services, such as shopping and banking, completely disrupted or fairly harmed if they were disconnected.  

Last week’s inquiry into the issue of file sharing by the all-party Parliamentary communications group concluded:

“much of the problem with illegal sharing of copyrighted material has been caused by the rightsholders, and the music industry in particular, being far too slow in getting their act together and making popular legal alternatives available . . . . We do not believe that disconnecting end users is in the slightest bit consistent with policies that attempt to promote eGovernment, and we recommend that this approach to dealing with illegal filesharing should not be further considered.”

Ministers continue to stress that requiring Ofcom to demand ISPs take technical measures against people who repeatedly ignore the law, such as capping broadband speed or filesize, is a last resort.

• File Sharing: The Risks
• Music for life – get 50 free downloads

108 people have been prosecuted under UK hacking laws between 2003 and 2007.   Of these, sixty-one were convicted.   This is equivalent to a 56% conviction rate.

A junior minister at the Ministry of Justice, in a written response to a question from Cardiff Lib Dem MP Jennifer Willott, reported the number of successful prosecutions under the Computer Misuse Act.  

Section One, the least serious category, includes simple attacks like unauthorised access to a computer.   Section Two offences cover computer hacking.   Section three offences cover more serious issues like the creation of computer viruses and the instigation of denial of service attacks which can impair the operation of computers and website servers.

The figures only cover prosecutions where computer hacking offences were the principal offence being considered by the courts.   That is, those cases most likely to lead to the toughest punishment upon conviction.   Figures from both magistrate and crown court prosecutions are included in the figures.

The written answer on CMA prosecutions was made available online on Tuesday (22 September) by Hansard, the Parliamentary record of proceedings.

The Guardian alleges that the News of the World and other News International papers hacked the phones of numerous public figures.   The resulting storm centres on issues of privacy like no other. 

These allegations are given added piquancy when you consider which public figures have been targeted.   MPs, for it is they, have been debating the issue and calling for retribution.   In the frame is Andy Coulson, former Editor of the News of the World and David Cameron’s spin doctor in chief.  

In a rich ironic twist, it seems MPs and their hangers on value their privacy more than ever.   An intrusion into their private communication by the press (an intrusion which, I hasten to add, is not ethical) is now hotly disputed.   Yet, it is good enough for the likes of you and me according to Government legislation.  

A bit rich don’t you think?   What say you?

PS

Did you know that the directory for mobile phone numbers goes live next week? Which means that your mobile numbers will be open to cold calling and the general abuse that less scrupulous telesales people subject us to.   When you travel abroad you will get charged for receiving these unnecessary calls.

The good news is that you have the option to remove your number from this directory by going to: http://www.118800.co.uk/ click the ‘ex-directory’ link along the top row and they will text you a code within a few minutes which you type into their website.. this confirms that you are choosing to be ex-directory

Security experts are strongly criticising a government minister’s suggestion that ex-hackers play key roles in Britain’s cybersecurity strategy.

Lord West, the Home Office security minster, made the controversial suggestion that the government had recruited former hackers to work in its new Cyber Security Operations Centre.   The Cyber Security Operations Centre is a key components of the UK government’s cybersecurity strategy announced last week.

Lord West told the BBC that the government had avoided employing “ultra, ultra criminals” but required the expertise of former miscreants.

So, the government has actually hired a team of people known to have committed criminal acts using computers and is rewarding them for that activity with civil service jobs?  It is also giving these same criminals high level access to intelligence which affects national defence?  How can this possibly be reconciled with the government’s stated aim of pursuing an ethical cyber-security policy?

Lord West, the UK’s first cyber security minister, was seen across news outlets last week suggesting the he didn’t really trust the internet.   I wonder why?