Posts Tagged ‘eircom’

Last week Labour Councillor Oisin Quinn announced that his proposal to provide free public wifi in certain parts of Dublin had gone out to tender. This is further than the proposal by FG councillor Naoise O’Muiri in 2007 had gotten when his proposal was dead-ended out of fears that it might be seen as illegal interference in the public telecoms market.

Now as anyone who knows me will confirm I am a staunch supporter of free public WiFi and have come out in support of schemes like this on several occasions. However, while Councillor Quinns idea is in essence well-meaning the whole execution of the tender process is ham-fisted and devoid of any bit of understanding of what providing public wifi actually entails.  DISCLOSURE: I have on several occasions offered councillor Quinn my assistance in speccing and preparing the tender. All on a pro-bono basis. This has not led to any meaningful discussion on the topic.

So, when the RFT was put up on eTenders I quickly logged on to have a look. The RFT consisted out of two documents; the actual tender document and a map of locations where Dublin City Council had decided that the service should be provided. I won’t discuss the actual locations any further than to say that some of them make no sense to me. However the “where” decision is totally up to Dublin City Council as they know Dublin better than me.

The locations are as follows:

  • Smithfield Square
  • Barnardo’s Square
  • Clarendon Street
  • St. Patrick’s Park
  • O’Connell Street Plaza / GPO
  • Temple Bar Square
  • Wolfe Tone Square
  • Frontage to the Convention Centre Dublin
  • Merrion Square
  • Henry Street
  • Grafton Street (on conclusion of current works planned in the Grafton St area)
  • Outdoor amphitheatre located at Civic Offices.

However what really annoys the hell out of me is the utter and complete lacks of any technical specifications from the actual tender document. There is no single attempt to set out the technical & performance criteria for this network. The closest that the document comes to this is by using the terms “wifi” (without any further elaboration if it should be 802.11 a,b,c or n), “Quality of Service ” (without describing what quality this service should be) and “minimum standard of broadband speed” (again without specifying what exactly the minimum acceptable broadband speed is). Futhermore, while it clearly states that the service should include a “The number of minutes of connection per day and/or per session which will be provided free” it also states that Dublin City Council will NOT pay for any of the wifi service or infra-structure. Hence the conclusion can be drawn that whichever bidder is succesful in their bid will only offer the absolute minimum amount of free access and thereby rubbish the claims of “free public wifi for Dublin” that are bandied about. What is absolutely clear by all this is that whoever drafted the RFT had no knowledge whatsoever of what the provision of wifi entitled. Also they didn’t try to get some qualified advice on the matter. This becomes even clearer when one reads the follow-up questions on the RFT and the replies given.

Honesty requires that I admit that the last question was posted by myself but the reply given clearly illustrates the issue. Nobody in Dublin City Council has any idea and they are relying on the tender submission to provide them with sufficient background to make a valid judgement. This approach simply to stupid for words but typifies the general approach by the Irish public sector to technology projects. Not only do they not have any idea that there are different wifi standards they also haven’t got the slightest idea what minimum performance standards to expect. What makes it even more ludicrous is the fact that they really only speak about “internet access” and seem to be ignorant of any other services that this network could be used for. They could take an example from the network being build in San Jose, California. This network will not only provide wifi access, it will also support a myriad of new applications such as high-definition video, parking meters and digital parking guidance signs, video surveillance, and traffic signaling. The network will also play a key role in offloading mobile data traffic from congested cellular networks and will be used to backhaul data traffic to the Internet. By not demanding the inclusion of at least half of these services Dublin will get an outdated network and service and rather than an asset to the city it will be an embarrassment.

What I suggested to councillor O’Muiri in 2007 and what I still see as a valid option now is that Dublin city builds the network itself and keeps the ownership of the infra-structure BUT that they provide a number of operators access to the network for the provision of public wifi services. A proposal like this will *not* breach EU legislation in regards to a public sector entity operating in the private market, it will ensure a healthy & ongoing competition in the provision of public wifi and it will also allow Dublin City Council or any commercial operator to provide the above mentioned additional services (high-definition video, parking meters and digital parking guidance signs, video surveillance, and traffic signaling). All this will also generate revenue for the city.

The current plan will almost certainly lead to a sub-standard service with limited free access. What’s more it will have to compete with commercial operators such as BitBuzz who have announced that if they do not win the tender they will provide a competing service in the same areas and Eircom who recently announced an expansion of their wifi hotspot network from 700 to 4000 in the next few years.

As a closing I just want to re-state my offer, if Dublin City Council is interested I am still willing to provide pro-bono assistance. This could even be in evaluating the tender applications. (NOTE: I am not submitting a tender application myself or am in any way linked to any other applicants).

Advertisements

wardriving

There was a lot off outrage back in October 2007 when it emerged that Eircom was leaving it’s customers home networks open to being hacked. As most others ISP’s Eircom had been supplying their broadband customers with a wifi enabled router as standard when they subscribed to their service. The fact that the wireless signal emitting from these routers can be picked up outside the customer’s home creates a possible security risk and would require that access would be made secure. Eircom however not only failed to inform it’s customers of this risk it also made two critical mistake when “securing” access at the time of installation;

  1. It used WEP encryption. WEP encryption has been proven flawed as far back as 2003 and can now be decrypted within minutes.
  2. They WEP-key used was based on the serial number of the router. No real problem except that the serial number was part of the broadcast SSID (the name of the network). This can be read by any wifi enabled device. So it was fairly simple to add 1 + 1 and come up with the WEP key.

As a result of all the negative publicity Eircom sent out a press release “making people aware” of this issue and in 2008 (!) they put a notice up on their website stating that for the previous 4 years they have been providing and installing inadequately secured routers and that they were now switching to WPA encryption. However the wording of the statement was misleading. It stated that: “This vulnerability makes it possible for a person with an advanced working knowledge of encryption and coding techniques to illegally access an eircom customer’s wireless internet connection”.

This statement purposely ignores the fact that there were software tools widely publicised & available for download that would decipher the WEP code in seconds allowing anyone with the ability to read and press a key to connect to what was estimated as 250.000 unsecured routers. Someone with “advanced working knowledge of encryption and coding techniques”
would not have needed this flaw to gain access. They would have used Airsnort, KisMac or a range of other software tools available for years that would allow you to extract any WEP key in seconds. And they then quite likely might have used something like  MetaSploit to do some real damage rather than just use your broadband without your permission. But I digress….

The point is that by the end of 2007 there were circa 250.00 of these routers in peoples homes and business premises. As Eircom was responsible for the supply of these you would have expected that they would have gone to some length to rectify this situation.  Well it turns out they didn’t. I found out this week via Bernie Goldbach’s blog that there is actually an iphone app being sold through the iTunes store  that will allow you to easily extract the WEP key for these networks and subsequently connect. It is also being covered elsewhere.

Now, while I am not a legal professional, I can see several issues here:

  • There are over 250.000 wifi routers with an easily disabled encryption spread over Ireland allowing a 3rd party to connect and potentially download/upload illegal content, send spam or run a botnet.
  • If any of this illegal activity is detected it will be easily traceable to the Eircom customers broadband connection.
  • There is no real applicable legislation in this area at the moment. Some legal professionals would say that it is up to the prosecution to proof that there wasn’t anybody else using the broadband connection. However this could be used as an excuse similar to the “one armed man” in the movie “The Fugitive”. Proof of your innocence would be an unknown 3rd party that will most likely be impossible to trace or even to gather proof of its existence.
  • Should people be held responsible for deeds or actions resulting out of them not (or not adequately) securing their wireless networks?
  • What is the applicable legislation for accessing someones network without their explicit permission? Surely it would be seen as trespass or “use of a 3rd parties assets or resources without their permission”?
  • Furthermore is it legal to sell an application that basically makes “hacking” someone network a one-click operation? Are lockpicking “guns” illegal to sell? If they are surely the sale of “deSSID” should be illegal also?

However in all honesty I have to admit that most of the above questions have been asked over & over again across the globe for as long as I have been working with wifi (since 1999 in case anyone is interested). However the most glaring offense here is Eircoms’ fault in providing mis-configured routers and their negligence in correcting this fault.

Discuss…..