ECJ Hotspot Ruling Makes Free WiFi a NoNo

ECJ In Session - Source - Court of Justice of the European Union

The latest nutty ruling from the European Court of Justice is yet another example of judges and politicians failing to get the advice of anyone who knows how stuff works before opening their mouths and putting their foot in it.

This concerns a case where some digital rights lawyers tried to sue the owner of a lighting shop in Germany because some of his punters were downloading naughty stuff over his free WiFi. Article 12 of the EU E-commerce Directive says that an ISP isn’t usually responsible for the activity of its users, in the same way the local council isn’t responsible if a thief uses one of their footpaths to make a getaway. But thanks to some deep pocketed sharks lawyers and a defence mounted by some gonzo for the Pirate Party, the ECJ ruled otherwise:

The Court holds that an injunction ordering the internet connection to be secured by means of a password is capable of ensuring a balance between, on the one hand, the intellectual property rights of rightholders and, on the other hand, the freedom to conduct a business of access providers and the freedom of information of the network users. The Court notes, in particular, that such a measure is capable of deterring network users from infringing intellectual property rights.

Basically, until they roll the dice again, offering free WiFi is off the menu at your local coffee shop; customers have to register and get a password, so Sony etc know where to go knocking when their crooners are pirated.

This is going to cause great inconvenience to the majority of normal users, but not much to the pirates. In order to implement this, having a simple open WAP for your customers to use isn’t going to be possible. They’ll all need to be changed to stop and ask for a password before proceeding. You’ll have to give your name and address to the café owner, have an account created and be issued with a unique user-ID and password. The ruling doesn’t go in to any detail about how vociferate the ID check should be, but that’s a whole new boîte de Pandore.

Please generate and paste your ad code here. If left empty, the ad location will be highlighted on your blog pages with a reminder to enter your code. Mid-Post

However, if you’re a pirate, you just give false credentials. No problem. Or even easier, capture the unencrypted traffic and pinch someone else’s password, then sit back and snigger as the fuzz kick down their door instead.

You could, of course, insist that such networks are also encrypted using WPA. Not all endpoints support this, but lets leave that aside. Unlike WEP which can be broken in 30 seconds on a laptop, WPA2 takes a couple of hours on some fairly hefty dedicated kit (or 24 hours on a standard AWS compute server). So that’s alright then.

Once a fake account has been obtained, of course, you can provide lists of WPA2 keys, IDs and passwords on the pirate web. I predict there’ll be a huge list of fake credentials within a couple of days of it being implemented. Well I would predict it the ECJ ruleing could be implemented without major infrastructure changes and the enormous manpower needed to enforce it. But that’s not going to happen, is it?

But hang on a minute – doesn’t this all sound familiar? Well yes, there’s the UK’s Data Retention Regulations of 2009. This already requires service providers to keep a log of the name and address of users, and what IP address they were using at any given time. If you’ve noticed WiFi hotspots provided by some large companies asking for your name, address and password when you first log in, now you know why.

Is this effective? Of course not. Who’s going to give their real name and address? If you’re a legitimate user, you’re going to be wary of junk mail; if you’re a pirate you’d have to be crazy.

So once again, we have some complete idiots in the EU (in this case) flying in the face of technological reality, where the only practical response to their utterances is to ignore them.  What a waste of time and money. It’d be cheaper to stick to our own idiot politicians.

Safe Harbour Agreement on Data Sharing with Uncle Sam ruled unlawful

Causing trouble – Court of Justice of the European Union

The long awaited ruling about whether the Safe Harbour agreement allowing free transfer of data concerning European citizens to the USA is valid under European Law has  just been published. And it’s a doozie.

Basically a Safe Harbour agreement (note the use of the indefinite article here) means that you won’t be sent down the river for doing something that might otherwise be illegal. The specific Safe Harbour agreement in this case (2000/520/EC) says it’s okay for European data controllers to send whatever they like to the American’s because Uncle Sam is a good friend. This would otherwise be a no-no because you’d be giving up control over information that would otherwise be protected by European privacy laws.

This situation is currently being misrepresented in the popular press as being about Facebook (social media being their favourite subject after themselves); it’s not. It’s about all data. The case was brought by Austrian civil rights campaigner, Max Schrems in the Irish courts to test the legality of Facebook doing just this, as a high-profile example. A lot of American companies like to base their data centres in Dublin because, up until now, the Irish courts have been quite relaxed about what goes in compared with certain other European governments. (And lets not forget the tax breaks, and that Dublin is a nice place to be).

Hanging over this is the shadow of Edward Snowden (yet again), raising public awareness and anxiety over government access to PII. The fact that this PII is already in the hands of the likes of Facebook, Amazon, Microsoft, Google and Twitter with the full knowledge of the subjects doesn’t seem to matter – it’s the principle of the thing!

Anyway, the ruling basically says that the initial ruling is incompatible with European Law, and we can’t trust the Yankees to look after it without further safeguards. Where this leaves American companies with European data centres remains to be seen.

Low Energy Lightbulbs are not that bright

Have you replaced a 60W traditional tungsten bulb with a 60W-equivalent low energy compact fluorescent and thought it’s not as bright as it was. You’re not imagining it. I’ve been doing some tests of my own, and they’re not equivalent.

Comparing light sources is a bit of art as well as science, and lacking other equipment, I decided to use a simple photographic exposure to give me some idea of the real-world performance. I pointed the meter at a wall, floor and table top. I didn’t point it at the light itself – that’s not what users of light bulbs care about.

The results were fairly consistent: Low energy light bulbs produce the same amount of light as a standard bulb of three to four times the rating. The older the fluorescent, the dimmer it was, reaching output of a third at a thousand hours use. Given that the lamps are rated at two to eight thousand hours, it’s reasonable to take the lower output figure as typical as this is how it will spend the majority of its working life.
This gives a more realistic equivalence table as:

Quoted GLS
Realistic GLS
8W 40W 25-30W
11W 60W 35-45W
14W 75W 40-55W
18W 100W 55-70W

Table showing true equivalence of Compact Fluorescent (CFL) vs. conventional light bulbs (GLS)

So what’s going on here? Is there a conspiracy amongst light-bulb manufacturers to tell fibs about their performance? Well, yes. It turns out that the figures they use are worked out by the Institute of Lighting Engineers, in a lab. They measured the light output of a frosted lamp and compared that to a CFL. The problem is that the frosting on frosted lamps blocks out quite a bit of light, which is why people generally use clear glass bulbs. But if you’re trying to make your product look good it pays to compare your best case with the completion’s worst case. So they have.

But all good conspiracies involve the government somewhere, and in this case the manufactures can justify their methods with support from the EU. The regulations allow the manufactures to do some pretty wild things. If you want to look at the basis, it can be found starting here:

For example, after a compact fluorescent has been turned on it only has to reach an unimpressive 60% of its output after a staggering one minute! I’ve got some lamps that are good starters, others are terrible – and the EU permits them to be sold without warning or differentiation. One good thing the EU is doing, however, is insisting that CFL manufacturers state the light output in lumens in the future, and more prominently than the power consumption in Watts. This takes effect in 2010. Apparently. Hmm. Not on the packages I can see; some don’t even mention it in the small print (notably Philips).

However, fluorescent lamps do save energy, even if it’s only 65% instead of the claimed 80%. All other things being equal, they’re worth it. Unfortunately the other things are not equal, because you have the lifetime of the unit to consider.

A standard fluorescent tube (around since the 1930’s) is pretty efficient, especially with modern electronics driving it (ballast and starter). When the tube fails the electronics are retained, as they’re built in to the fitting. The Compact Florescent Lamps (CFL) that replace conventional bulbs have the electronics built in to the base so they can be used in existing fittings where a conventional bulb is expected. This means the electronics are discarded when the tube fails. The disposable electronics are made as cheaply as possible, so it may fail before the tube.

Proponents of CFLs says that it is still worth it, because the CFLs last so much longer than standard bulbs. I’m not convinced. A conventional bulb is made of glass, steel, cooper and tungsten and should be easy enough to recycle – unlike complex electronics.

The story gets worse when you consider what goes in to the fluorescent tubes – mercury vapour, antinomy, rare-earth elements and all sorts of nasty looking stuff in the various phosphor coatings. It’s true that the amount of mercury in a single tube is relatively small, and doesn’t create much of a risk in a domestic environment even if the tube cracks, but what about a large pile of broken tubes in a recycling centre?

So, CFLs are under-specified and polluting and wasteful to manufacture, but they do save energy. It’d be better to change light fittings to use proper fluorescent tubes, however. They work better than CFLs, with less waste. I don’t see it happening though. At the moment descrete tubes actually cost more because they fit relatively few fittings. People are very protective of their fittings. The snag is that with CFLs you need at least 50% more bulb sockets to get enough light out of them.

Standard bulbs produce less light than they could because a lot of the energy is turned into heat (more so than with a CFL). However, this heat could be useful – if your light bulbs aren’t heating the room you’d need something else. This is particularly true of passageways and so on, where there may be no other heating and a little warmth is needed to keep the damp away. The CFL camp rubbishes this idea, pointing out that in summer you don’t need heat. Actually, in summer, you don’t need much artificial light either, so they’d be off anyway. Take a look at document “BNXS05 The Heat Replacement Effect” found starting here for an interesting study into the matter – it’s from the government’s own researchers.
But still, CFLs save energy.

Personally, however, I look forward to the day when they’re all replaced by LED technology. These should last ten times longer (100,000 hours), be more efficient still, and contains no mercury anyway , nor even any glass to break.  The snag is that they run on a low voltage and the world is wired up for mains-voltage light fittings. I envisage whole light fittings, possibly with built-in transformers, pre-wired with fixed LEDs which will last for 50 years – after which you’d probably change the whole fitting anyway.

Ah yes, I hear the moaners starting, but I want to keep my existing light fitting. Okay, sit it the gloom under your compact fluorescents then.