I just read a very concerning article on BBC https://www.bbc.co.uk/news/articles/ckgknm8xrgpo
TL;DR BT crossed wires and so a criminal investigation led to wrong address causing a lot of issues for innocent parties.
Police
The decision is the police did nothing wrong.
I would argue police acting solely on IP address information is negligent of the police. So I disagree with the finding. There are a lot of reasons an IP may not identify a person - not least of which is "bill payer" is not "user", and also deliberately or accidentally open WiFI, and tor proxy, and hacked routers, and so on and so on. And, of course, crossed lines happen, so IP is never definitive. They should have more evidence before taking such drastic action, in my opinion. It is almost akin to reading the "return address" on an envelope and assuming it is genuine and raiding someone as a result.
The simplest test they could have done, if going as far as visiting the property, is checking the IP address on their Internet access matches the evidence.
Update: just to be clear, we (AAISP) have a policy in response to any request from police (or anyone else) under the Investigatory Powers Act, which we would expect to almost always just be a request to identify bill payer/address, to respond (as required) but to always include a very clear statement that you absolutely cannot rely on an IP or calling number as indicating the bill payer, or even someone at the address, instigated the traffic/calls. We would aim to try to educate police in the reply. We could perhaps even get some for numbers/IPs that are not ours, and would reply accordingly. To say we have had no requests would be implausible, but ironically the legal issues means we cannot say if we have had requests or not, which is, itself, somewhat crazy.
Crossed lines
But let's consider how crossed lines happen - it is simple, and literally crossed lines where one pair of wires is on wrong port on the DP.
So why was a crossed line not identified?
17070
 |
| BT engineer calling 17070 |
It used to be pretty easy to tell a line is crossed, pick up the phone and call 17070 and it reads your number. Also calls cost, and a wrong itemised bill arriving is a clue that your line is not being used by you.
However with broadband and fixed costs, and so on, it is very easy for two lines to have working broadband on the same ISP, that works based on circuit and needs no login (or router auto configures based on circuit when first connected). And with dynamic or CGNAT you cannot tell you have the wrong IP even.
So customers cannot tell, but this is actually a bigger issue for BT.
The telephone side is gone, and now it is broadband only.
We had a case at the pub with two lines and one was jumped wrong, and BT had no means to tell which line was which now there is no dial tone on the line. As an ISP on site (rare) I was able to confirm which physical line went off when unplugged. But BT need to be able to identify a line - how are they not screaming at management about this now?
So what instead?
So what BT need is a way to identify lines now. And actually it is not as hard as it sounds.
The way broadband works is using PPPoE over DSL. The same is true for FTTP now (PPPoE Ethernet on ONT).
PPPoE has a handy identifier which is sent before any sort of login. Without knowing the ISP or login details a hand held test device for DSL or FTTP working could show the ID it sees.
These IDs are not very exciting at present - my DSL here has acc-aln2.ag
But it could not be hard to make that a circuit ID, or a complete port ID of some sort that the BT engineer can identify. I mean it would be ideal if the full circuit ID in BT, but even just cab27-port43 it would help the BT engineer a lot and avoid crossed lines and a range of other errors.
BT could even expect other ISPs that use BT wiring to have a similar scheme, why not?
It seems to me this should be a standard for such services, and BT engineers test kit should be able to show it. This are only going to get worse as more and more phone lines are phased out.
So I wonder if BT will consider this?
I'd also argue that the police were in the wrong. You suggest that they should have had more evidence before taking such drastic action and I agree - the VERY FIRST thing they should have checked is that the IP address at the property matched the IP address associated with the images.
ReplyDeleteThat they operated under the assumption that they had been given the correct information by BT without performing the most basic of tests to verify facts is nothing short of negligence.
The claim that the police's actions were proportionate and necessary is laughable.
This is a massive mistake by the police! There would have been tons of corroborating evidence on their devices (cookies, sessions, etc) that they apparently did not bother to investigate.
ReplyDelete