Latest loop hole

The DEA defines internet access service and defines subscriber.

But they are circular!

An internet access service is a service provided to subscribers (and also has to be an service for accessing the internet and involve IP allocation).

A subscriber is defined as someone with an agreement to buy an internet access service (and not buying as a communications provider).

But which came first, the internet access service or the subscriber.

If I simply say my service is not an internet access service, then by definition the people buying it don't have an agreement to buy an internet access service so are not subscribers. If my customers are not subscribers, then the service I sell is by definition not an internet access service because it is not provided to subscribers!!!!

Well done drafting that law...


Expert witness

The OFCOM consultation on appeals for copyright infringement notices talks of a case where "The ISP and CO are unable to demonstrate" that the IP is the subscriber's, etc.

This seems to make a huge presumption - that the ISP will even be present at an appeal, but more importantly that as an ISP we would be acting on the side of the copyright owner?

I am not sure I will be acting for a copyright owner at an appeal - why should I?
Why should I even be there? Its a dispute between two other parties!

ISPs did not cause this

The rights holders seem to think that all of their problems with file sharers and the like are caused by the ISPs. Apart from all of the arguments about them needing new business models for changes in technology, etc, this point is worth addressing.

I have before mentioned that a file sharer has the "support" of the power company, the operating system maker, the chip makers, the mother board makers, the memory makers, the PC makes, and even the people that provide a nice house for them to work in with light and heat. Without these things they would not be file sharing. ISPs are just one part of that and we provide as much a valuable and useful service for lawful use as anyone else.

However, today, we came up with a good analogy.

Wheel clamping!!!

People will park cars on private property when they should not. It is a civil matter (trespass) and is a real headache for people with private property to sort out. They engage clamping companies to help, but that has issues. They can't sensibly take the normal legal route via the county courts. It is costly or time consuming to get details of registered keepers to take action. They have intangible damages in most cases - i.e. no actually losses. Of course they can't prove who was driving and it might not be the keeper of the car that was. Its a real problem for land owners.

It is very close to the file sharing issue. But nobody seems to be blaming the car manufacturers that caused this problem. Without the cars this would not happen. Yeh, sure, there were horses and carts before, but like the fact there was cassette tape and video tape before, it was not quite the same scale of problem.

Why are there not laws that require car manufacturers to handle tresspass notices? And to make technical measures to stop people driving a car at all because some times they park where they should not. And measures requiring owners of cars to prove they took steps to stop other drivers parking where they should not?

What is with the media indsustry that makes them special?

Of course this is not quite right - the car manufacturer is like the PC manufacturer, and the petrol company is like the power company. Its the highways agency and council providing the network of roads that are clearly to blame for this.


Don't secure your wifi!!!

OK, this is where it gets very very silly.

Firstly let me stress that there a lot of really good reasons to secure your network, not least of which are privacy of your machines and data, viruses spreading, and even costs (you may pay for usage of your internet!). If you have fire-walling facilities allowing you to run a DMZ (de-militarized zone) for public wifi that is safer.

However, the Digital Economy Act has just turned things on their head slightly. It actually encourages you to run an open wifi.

The logic goes like this...

1. Running a public access wifi hotspot is 100% legal - the act does not make it in any way wrong to do that. You may not think so reading it as you can lose an appeal against technical measures if you cannot show you took steps to secure your wifi, but it does not actually require you to take such steps, and if you read on - failing to do so could make you immune from technical measures anyway...

2. Once you are running a public access wifi you are clearly providing a communications service (to the public even). This makes you a communications provider by any reasonable definition of that phrase (and by definitions in the Communications Act).

3. Tell your internet provider that you are now buying the service from them as a communications provider. Well, best to ask first in case they have any extra terms, AUP, or costs, but some (like AAISP) don't mind at all. In fact go further - advise then that sending you copyright infringement reports would cause you distress and alarm.

4. Now you have done that you are not a subscriber as defined by the Digital Economy Act 2010. But as you have no agreement with the public for them to use the wifi so you are not a service provider either. So you don't have nasty obligations under the Act either.

5. Your internet provider cannot treat you as a subscriber as the definition is clear in the Act. As such they have no legal requirement to pass on or count copyright infringement notices to you for your IP addresses. In fact, if they do they could be comitting an offence under Protection from Harassment Act 1997, section 22 of the The Privacy and Electronic Communications (EC Directive) Regulations 2003, or section 127 of the Communications Act 2003.

6. The internet provider must not count the notices they get or take technical measures against you under the Digital Economy Act because you are not a subscriber.

In fact this means you are safe from all of the measures of the Act, basically.

Now, the copyright holders could get your details by use of an expensive court order and take legal (civil) action against you - but you now have the perfect excuse - you run a public wifi so in all probability the copyright infringement was carried out by some random member of the public. After all, you are already on record that you run a public access wifi. You have created plausible deniability.

Obviously this is not legal advice, but sounds pretty simple to me - the new Digital Ecomony Act actually encourages people to run public wifi to make themselves immune to the copyright infringement reports, technical measures, and even direct civil cases.

Maybe it is a cool and useful act after all? Well done labour.

P.S. AAISP have made the situation clear for its customers http://aaisp.net.uk/legal-cp.html

P.P.S Why not make the public wifi only work on IPv6 with RADV. That way you are not allocating IP addresses either :-)


Digital Economy Act

OK, I did promise to dumb this down for the non technical...

The new law has several bits, some of which relate to radio and TV and not anything for me to worry about so not even looking at those bits. I am interested in the intrenet bits...

What it tries to do

It is meant to give a means for copyright owners (i.e. film and music rights holders) to do things to those they think are copying their stuff (e.g. file sharing) using the internet. I.e. to punish people for some civil wrong without all that annoying due legal process that people expect as part of basic human rights...

1. It aims to provide them a simple and cheap way for them to send nasty notices to people they think are file sharing, via their internet provider. They don't get to know who you are though.

2. It aims to ultimately provide a way for them to actually get people cut off or have slowed down internet or block using the internet for file sharing if someone gets lots of these notices. Again, without all that annoying due legal process and the courts and stuff.

3. It may ultimately allow them to get sites on the internet blocked by internet providers as well. This is kind of unlikely. It does involve courts and they have to act fairly sensibly if they ever get this power. That is not so urgent...

But it fails badly to help anyone.

Things it does not do

1. It DOES NOT make any requirement to lock down your wireless internet access.
2. It DOES NOT make you legally responsible for what other people do using the internet service you have in your house or office
3. It DOES NOT cause any real hassle at all to anyone who is file sharing

The last point is worth explaining. Basically, you get these notices. They can take months per notice. If you get lots (and it might need 50 or so) then you get a warning saying your internet is going to be cut off (suspended) or limited. All you do at that point is ask for a migration code from your internet provider, find another internet provider, give them the migration code, and within a week you have moved to a new internet provider. The old provider cannot cut you off then, and the new internet provider has no details at all about any of the notices you had, and you don't have to tell them, and they can't find out. The rights holder does not know you are the same person either. They don't know who you are (not without them getting an expensive court order). They start the whole process of sending you notices again. Rinse, repeat.

So, if you are a file sharer, it is maybe a slight inconvenience - though often if you shop around you can get a better introductory deal with another provider. You can even go back to your favourite internet provider later as they have to delete all your previous details shortly after you leave them so again have no record of any notices (That's the Data Protection Act at work). If you have an internet provider that would rather they don't lose the business then you won't even have that minor inconvenience of switching provider - they will just say you are buying the service "as a communications provider" and then they can ignore any infringement notices they get for you. Or they could allow you to change the service to your wife's name, kid's name, or whatever. That means the subscriber that had the notices is no longer a subscriber so it all starts again.

What the Act does do

1. It will scare the shit out of innocent people - such as parents of teenage kids who gets nasty worded and threatening notices. The parents are not the ones doing anything wrong, but they get the nasty email. The kids may (or may not) being doing wrong but that is a matter between them and the copyright holders.

2. It will annoy innocent people - such as random internet users who's internet address has been added randomly to trackers to cause havoc. These are people that are not file sharing or doing anything wrong at all.

3. It will scare people in to not running useful public services, like internet cafe's, even though there is nothing wrong with doing so.

4. It can make a lot of hassle for internet providers, which means higher prices for internet services.

5. It can make a lot of cost for internet providers, which means higher prices for internet services.

We are now in the situation that we have a couple of weeks to draft some rules that OFCOM (the regulator) will consider adopting. If we (internet providers) don't, we could end up jumping through hoops for the copyright holders even though it will not do anythign to actually stop file sharers doing what they do.

Then, of course, there are appeals. It sounds sensible, especially as the courts were not involved in punishing you. If your service is to be suspended you can appeal. Yeh! There are issues with that...

1. The appeals process means a separate independant body, with staff, and offices, and so on. It is damn expensive, and it is paid for by rights holders and internet providers. So higher prices.
2. Appealing is likely to cost, though you should get it back if you win.
3. You could lose the appeal even though you did nothing wrong, as you have to show you took steps to stop other people using the internet to infringe copyright. Now, there is no legal requirement for your to do that. There is no criminal or civil wrong with running a totally open wifi for all your neighbours to use. Yet, you can be punished even though you did not actually do anything wrong and fail your appeal. In that case you are being punished without a court being involved and without you doing anything wrong at all. What was that about human rights?

But surely the biggest issue here is that if you are told you will be disconnected then you just migrate to another provider, or change the name on your account. That is likely to be totally free, and have instance effect with a reliable outcome (of not being cut off). Paying to appeal, when it will take time, hassle and risk not winning would be mental. Why would anyone in their right mind use the appeals process. Being wrongly punished for something you did not do will just be a fact of life and a minor inconvenience.

Interestingly we, as an internet provider, have to provide advice on securing your network. But there is no requirement for that advice not to be "You don't have to secure your network if you do not wish to". We also have to give advice on the appeals process, but nothing says we can't truthfully advice "You could appeal but it would cost you, and you would be mad to do so as we'll happily cancel the disconnection if you click here to say you are buying as a communications provider."

So, a stupid and unworkable law that has no positive effect on anyone but can annoy innocent parties and cost everyone extra money. Well done labour.


Elven safety

Well, clearly some people do not worry about things like health and safety...

Another talk

Well, I am talking at UKNOF tomorrow. Should be fun. Technical stuff as ever (IPv6/4 mapping issues).

What will be interesting is the discussions on the Digital Economy Act. We (as an ISP industry) have to act now and make a code of practice for OFCOM to approve. If we don't then OFCOM will make one, or worse, the BPI will make one! I seem to be starting a campaign. So far I have got to http://aaisp.net.uk/dea-code.html

I have a feeling I am going to have to shout a lot to get anywhere.

Anyway, curry this evening. See if I can motivate some people!



I was wondering if I should get a film camera body. Yes, I have some very nice digital camera bodies, and they work well. They are better than film cameras in so many ways. But it seems that film cameras have some benefits now...
  • A film has a specific number of shots, so you will find you have space on a film that needs using up. This helps provide an excuse for taking random shots with your camera. Obviously you don't need an excuse to take pictures, but having one is probably a good start when stopped by police. "I was using up the film with random shots".
  • If you are stopped by the police they like to ask to see the pictures you have taken. Whether they have a right to ask such things is questionable, but if you have a film camera it is a non issue - you have no way to show them a preview of pictures you have taken, shame!
  • If you are stopped by the police, it seems they like to ask you to delete pictures in some cases. Very unlikely this is ever legal but very hard to argue with a police officer that might decide your refusal is suspicious and so arrest you. With film you can't delete the picture, shame!
  • The information commissioners office is trying to suggest that shots that include the public are somehow personal information and require consent. This is crazy and not in line with the law, but regardless - a film does not come under their remit as it is not a computer file or a filing system, so DPA considerations vanish if using a film camera.
Of course the other trick is a camera with wifi to a 3G router to upload images within seconds, ideally to a server outside the UK. This is becoming increasingly viable. It does not address DPA concerns, but may change in which countries DPA laws apply. But it makes a joke of the idea of deleting images you have taken. It is fun just considering that the cameras I have can write to two memory cards at once - so the police can have the memory card if they want, ha!

What fun if I am ever stopped with a film camera, or with a camera that has already uploaded images... he he

What is this country coming to? Photography is not a crime.


O/S Data

OK so I have downloaded all of the free O/S data and trying to work out what to do with it :-)

For a start, the 1 pixel per m² street level map tiles are fun. They are done as 5km x 5km tiff images, so I'll be re-tiling them I think. They only show road and building data not general terrain, etc. But are rather fun.

Royal Mail must be pissed though - as they charge for postzone (postcode to grid ref mapping) and O/S just gave it away free :-)

OK... rant - some of the O/S grids use lower case filenames and some use upper case and no consistency. Arrrg!

Digital Economy Bill

Well, watching with interest. It is a nightmare of a bill and likely to be law.

I'll try and post more of an analysis once we have seen the final act with all the amendments. I'll ever try and make it readable for my sister-in-law who reads this blog :-)

... Bugger, it passed. I'l read the Act later.


Why no rants?

OK, sorry for no rants. I have been coding solidly.

Well, I could rant at the opening scene of Jonathan Creek, but that is getting picky. ... So... They showed a scene supposedly in 1988, and made that clear by showing someone drink from and discard a drink can with a sprayed dot matrix inject on the bottom saying BEST BEFORE MAY 1988. The can looked way too modern, and the inkjet on curved metal surface is too modern I am sure, and the use of the style MAY 1988 not 05/88 or some such looks wrong. In fact I think BEST BEFORE dates on cans is probably too modern too. I think I'll have to google all that to confirm I am not misremembering.

Anyway, coding - complete suit to maintain RIPE objects in a mysql database and synchonise to RIPE, as well as IP address management and allocation systems. I was planning to integrate this in to the control pages but that is quite a big job, as well as being risk, and anyway I am in Harlow all day tomorrow :-) Probably just as well, as it will be far to easy to mess up clueless doing this to needs a lot of care, either that or a nuke a small fishing village.

I am sure I'll find more to rant about later.

ISO8601 is wasted

Why did we even bother? Why create ISO8601? A new API, new this year, as an industry standard, has JSON fields like this "nextAccessTim...