BBC WiFi Detector Vans

Accessing live television broadcasts in the UK requires you to obtain a TV License, at the cost of £145.50 a year, which is intended to fund the BBC’s range of services. With one exception, recorded programmes on BBC iPlayer.

From the 1st of September changes introduced by the Department for Culture, Media and Sport close this loophole, requiring users of the BBC iPlayer to obtain a TV License.

Historically, the BBC has deployed so-called “Detector Vans” since 1952 capable of “detecting the electromagnetic signature that your television gives off”. Also since 1952 the concept of the detector van has been roundly mocked and debunked, peaking in the Fish License (YouTube) sketch of Monty Python’s Flying Circus in 1970. Their inexistence was confirmed when the Radio Times obtained internal documents from the BBC citing that zero prosecutions for TV License evasion had used detector vans as evidence.

An 18-page memo offering a snapshot of the financial picture last month [August] and summarising findings presented by the TV Licensing’s Executive Management Forum makes no mention of detector vans.

Fast forward, the Telegraph today reports that the BBC is to upgrade their detector vans to snoop on the WiFi signals of homes to ensure compliance with the new rules.

While the BBC has not specified how their new detector vans work it has been speculated, given the BBC’s authorisation under the Regulation of Investigatory Powers Act (RIPA) to intercept communications data, that the new detector vans will capture wireless traffic samples and, without decryption, match the size of data packets to the ones produced by iPlayer.

They actually don’t need to decrypt traffic, because they can already see the packets. They have control over the iPlayer, so they could ensure that it sends packets at a specific size, and match them up. They could also use directional antennae to ensure they are viewing the Wi-Fi operating within your property.

Privacy implications aside, engineers on Twitter quickly deconstructed this approach as impractical given the BBC’s video delivery infrastructure, use of third-party content delivery networks (CDN) and network fragmentation. Even without these issues, this technique would only give a degree of probability that content of a specific size was being access, not particularly useful in a prosecution given reasonable doubt.

So how else could they be detecting unlicensed use of iPlayer, particularly one that is useful in a prosecutory sense?

Most obviously, they could crack the encryption on a target homes wireless network, which is not a trivial nor time-friendly endeavour (on the order of several hours to several days of capturing encrypted traffic and brute-forcing the encryption key). Once they’ve broken in to your network, it would be possible to “poison” your network to reroute all your traffic through the detector van (ARP Spoofing) where they could log everything you access and check if you have accessed iPlayer. Sadly, this is possibly legal with the powers granted to the BBC under RIPA. This would be the only, beyond reasonable doubt, option available to the BBC.

Another suggestion would be using a deauthentication attack, where even with encryption enabled, a frame can be broadcast which forces a WiFi client to disconnect from its network, and this could be correlated with those who stopped streaming from iPlayer at the same time. However this does not take in to account buffering and there may be more than one person to stop streaming at any given moment.

All approaches additionally make the same flawed assumption, at the point of the detector van driving past, the evader is using iPlayer. Taking the number of officers from the aforementioned internal memo as 334, assuming that they are all manning detector vans, assuming two officers to a van (one to drive, one to operate equipment) and assuming 60 seconds to “scan” a home; it would take a total of 2,642 hours to scan all of Britain’s 26,473,000 homes, or 110 days, or 330 days with an eight-hour work day, with no breaks, or time between homes. And then lets hope they pass your home when you happen to be watching iPlayer.

In short, like the detector vans announced in 1952, the “wifi detector vans” most-likely don’t exist, and is simply a mechanism to scare a segment of the public who don’t pay their TV License fee in to paying. A good question is why supposedly invest in these vans and staff, than invest in a system to verify you have bought a TV License before access iPlayer.

Tags: bbc

← back to James Cunningham