[13224] in cryptography@c2.net mail archive
New Hampshire's WiFi bill
daemon@ATHENA.MIT.EDU (Russ Housley)
Thu May 8 17:22:34 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 8 May 2003 16:00:18 -0400
To: cryptography@metzdowd.com
From: Russ Housley <housley@vigilsec.com>(by way of Don Davis)
Cc: meurer@bu.edu
=46rom: Russ Housley
To: IEEE-802-11-tgi list
Subject: This is your wake up call!
Date: Thu, 08 May 2003 14:24:07 -0400
=46YI
<'http://telephonyonline.com/microsites/newsarticle.asp?newsarticleid>This=
is your wake up call!
By Peter Bernstein
May 2, 2003, 12:00 a.m. ET
Since imitation is supposedly the highest form of flattery, I feel obliged=
to steal a page from =93Tonight Show=94 host Jay Leno. Without the benefit=
of streamed video (someday this column may come in that format), just=
imagine me staring into a camera and saying, =93Have you heard this? Have=
you read about this?... You can=92t make this stuff up!=94
The =93this,=94 in this case, is New Hampshire House of Representatives Bill=
(HB) 495, which may have passed by the time you read this. HB 495 is poised=
to make New Hampshire the first state in the country to provide legal=
protection to those who tap into insecure wireless networks. And this is=
the kicker: They are not talking about public safety officials, they are=
referring to the growing members of the open network movement who drive=
through populated areas and post signs identifying places where people can=
get free--e.g., insecure--802.11 enabled Internet access.
The practice, for those who may not be familiar with it, is known as =93war=
driving.=94 The goal is to eventually identify a national footprint of=
=93free=94 hot spots. Others have correctly pointed out, this certainly=
adds a hi-tech emphasis to the New Hampshire motto, =93Live Free or Die!=94
As an old libertarian myself, and at the risk of raising the ire of the open=
network movement, I must admit some concern about =93this.=94 My problem is=
not with free Internet access. I favor it so long as there is consent from=
the accessed party. My problem is with the law. It is also with our=
industry, which gets steamed over arcane stuff like UNE-P but drops the=
ball on what appears to be theft of service.
With the caveat that I am not now, never have been, and never wish to be a=
lawyer, here is my quick understanding of the issues in this clouded area=
of law that is awash in counter-veiling precedents with roots in English=
Common Law.
1. Virtually all current municipal, state and federal statutes make it a=
crime to knowingly access any computer network without authorization or=
consent. The analogy used in an article on this subject in Wired was quite=
good. It stated that just because I leave my front door unlocked does not=
give you the right to walk in, sit down and watch TV and grab a little=
something from the fridge. In other words, unless I gave you permission,=
you are trespassing.
2. HB 495 turns this on its head. The bill says that if operators=92 fail=
to secure their wireless networks they are being negligent and must suffer=
the consequences. Hence, those who take advantage of this negligence=
cannot be held harmful. There is a principle in common law called=
=93attractive nuisance=94 that seems to apply here. If I have a swimming=
pool with a fence around it, but leave the gate unlocked, I can be found=
liable if an unauthorized swimmer drowns while I am not around. The reason=
is that I did not take proper care of deterring the temptation for them to=
go for a swim. HB 495 says the owner of a wireless computer network is=
totally responsible for securing it, and does not stipulate recrimination=
for those who inadvertently (which we all know will get defined by trial=
lawyers to be everyone) tap in.
Advocates of the bill contend it strikes a proper balance between the social=
good of providing virtually universal access to the Internet for free,=
while proffering a simple solution--turn on the encryption and other=
security capabilities if you don=92t want people to use your network.=
Opponents obviously claim this is trespassing at best and a horrendous=
invasion of privacy that opens the door for more heinous malicious behavior=
=2E
Like I said above, if somebody has an insecure network, but is willing to=
allow others to use it based on a granting of consent, I am not sure I see=
the legal harm. However, I certainly have misgivings.
Unfortunately, almost all wireless LAN networks ship with security off as=
their default. And, despite repeated industry efforts to educate customers=
on the need to activate the security features, surveys show that few do.=
This obviously needs to be rectified, but as a businessperson I have bigger=
concerns.
A wireless LAN, in order to connect a nomadic user to the Internet, must be=
connected to the Internet itself. Internet service providers are starting=
to have =93reasonable use=94 language in their contracts (number of=
discreet individuals or devices that can share a connection), just as=
software companies try to restrict the number of copies that can be made,=
in order to protect the commercial value of their service. Setting aside=
the issue of trespass, it seems to me that non-consensual sharing of a=
connection is =93theft of service.=94
Theft of service is a concept the cable industry knows well. I know this=
because of all those extra charges on my bill every month for all of my=
connections. It is also a concept not foreign to the telephony industry;=
=93ripping off=94 phone service was considered almost a noble act as far=
back as when I was in college and =93black box=94 creators were legendary.
Where this slippery slope is leading could have profound implications for=
both the cable and tradition telecommunications industries as they compete=
and converge. Think voice over IP (VoIP) over free Internet via SIP phone=
as the preferred means for making calls, including interactive, real-time=
video calls. Goodbye business models, cellular as well as wired. Goodbye=
universal service fund. Traffic is an interesting part of our business--you=
can=92t bill for it if you don=92t have it.
Are you likely to see me behind the main public library in Bryant Park in=
New York City using my laptop to connect to the Internet for free.=
Absolutely. That is a nuisance that I find not just attractive but=
compelling. Will I feel guilty that if I use that connection to make=
videoconferencing calls to anywhere in the world for hours on end and=
bypass ILEC and IXC network billing environments? Will I feel bad that I am=
not paying access charges or am avoiding making a contribution to the=
Universal Service Fund? I don=92t think so.
The reason I will not feel terribly guilty is because as the name implies,=
=93war driving=94 is about the community being at war with the service=
providers. If the industry does not fight back it has only itself to blame.=
Can the industry stop people from identifying and using insecure networks?=
No. Can it go after those who do not activate the security mechanisms of=
these networks, first with a carrot and then with a big stick if necessary?=
It better. This is not that different from holding bartenders liable when=
drunken customers kill people with their cars. War is hell. Memo to=
service providers: =93This is your wake up call!=94
Peter Bernstein is President of Infonautics Consulting Inc. He can be=
reached at <mailto:pb111451@optonline.net>pb111451@optonline.net.
=A9 2003, PRIMEDIA Business Magazines & Media Inc. All rights reserved. This=
article is protected by United States copyright and other intellectual=
property laws and may not be reproduced, rewritten, distributed,=
redisseminated, transmitted, displayed, published or broadcast, directly or=
indirectly, in any medium without the prior written permission of PRIMEDIA=
Business Corp.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com