BT scan and notify customers of potential safety issue
Back in October 2010, BT issued a safety notice to BT Vision customers over some powerline adapters that they had distributed to customers which contained a manufacturing fault which could lead to live mains electricity components becoming exposed. The full safety notice and details on how to replace the adapters with the BT provided replacements can be found here.
The Register have uncovered that BT have been scanning customer networks looking for the offending devices and have written to those users where it sees these are still deployed to warn them again about the potential safety risk. BT say they reserve the right to scan the users network to help it provide the service but the question of concern lies in what else BT have looked at on a users network and how are they using this information.
"[T]here may be other circumstances in which we would carry out remote diagnostic tests of customers' equipment to make sure all is working.
"We don't believe that consent is necessary where the testing is necessary to the service that we are providing."BT Statement
As The Register point out, BT are likely detecting the devices based on the MAC address (no relation to a broadband migration code) which is a unique identifier which helps devices to communicate with one another on a network in a similar way to an IP address (although at a lower level of the chain). MAC address ranges are assigned to companies and this information can be used to identify who made, how many, and what kind of devices are operating on the network. This could prove useful information from a sales perspective as it could help BT market specific products based on what equipment users have connected.
One example where this could be useful is in a support issue where a user reports slow speeds. If BT can see that there are many devices connected, it could be that the user is overloading their broadband connection and the user could benefit from upgrading to a faster BT Infinity service.
It's worth noting that this isn't the first instance of ISP's scanning their customers. Many ISPs operate similar policies of scanning and notifying customers for potential security issues such as open SMTP relays which could allow spam e-mail to be sent. Scanning inside a users network is just taking this a step further, but privacy campaigners are likely to suggest this is a step too far.