[13224] in cryptography@c2.net mail archive

home help back first fref pref prev next nref lref last post

New Hampshire's WiFi bill

daemon@ATHENA.MIT.EDU (Russ Housley)
Thu May 8 17:22:34 2003

X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 8 May 2003 16:00:18 -0400
To: cryptography@metzdowd.com
From: Russ Housley <housley@vigilsec.com>(by way of Don Davis)
Cc: meurer@bu.edu

=46rom:    Russ Housley
To:      IEEE-802-11-tgi list
Subject: This is your wake up call!
Date:    Thu, 08 May 2003 14:24:07 -0400

=46YI




<'http://telephonyonline.com/microsites/newsarticle.asp?newsarticleid>This=
 is your wake up call!

By Peter Bernstein

May 2, 2003, 12:00 a.m. ET

Since imitation is supposedly the highest form of flattery, I feel obliged=
 to steal a page from =93Tonight Show=94 host Jay Leno. Without the benefit=
 of streamed video (someday this column may come in that format), just=
 imagine me staring into a camera and saying, =93Have you heard this? Have=
 you read about this?... You can=92t make this stuff up!=94

The =93this,=94 in this case, is New Hampshire House of Representatives Bill=
 (HB) 495, which may have passed by the time you read this. HB 495 is poised=
 to make New Hampshire the first state in the country to provide legal=
 protection to those who tap into insecure wireless networks. And this is=
 the kicker: They are not talking about public safety officials, they are=
 referring to the growing members of the open network movement who drive=
 through populated areas and post signs identifying places where people can=
 get free--e.g., insecure--802.11 enabled Internet access. 

The practice, for those who may not be familiar with it, is known as =93war=
 driving.=94 The goal is to eventually identify a national footprint of=
 =93free=94 hot spots. Others have correctly pointed out, this certainly=
 adds a hi-tech emphasis to the New Hampshire motto, =93Live Free or Die!=94

As an old libertarian myself, and at the risk of raising the ire of the open=
 network movement, I must admit some concern about =93this.=94 My problem is=
 not with free Internet access. I favor it so long as there is consent from=
 the accessed party. My problem is with the law. It is also with our=
 industry, which gets steamed over arcane stuff like UNE-P but drops the=
 ball on what appears to be theft of service.

With the caveat that I am not now, never have been, and never wish to be a=
 lawyer, here is my quick understanding of the issues in this clouded area=
 of law that is awash in counter-veiling precedents with roots in English=
 Common Law. 

1.	Virtually all current municipal, state and federal statutes make it a=
 crime to knowingly access any computer network without authorization or=
 consent. The analogy used in an article on this subject in Wired was quite=
 good. It stated that just because I leave my front door unlocked does not=
 give you the right to walk in, sit down and watch TV and grab a little=
 something from the fridge.  In other words, unless I gave you permission,=
 you are trespassing.

2.	HB 495 turns this on its head.  The bill says that if operators=92 fail=
 to secure their wireless networks they are being negligent and must suffer=
 the consequences.  Hence, those who take advantage of this negligence=
 cannot be held harmful. There is a principle in common law called=
 =93attractive nuisance=94 that seems to apply here. If I have a swimming=
 pool with a fence around it, but leave the gate unlocked, I can be found=
 liable if an unauthorized swimmer drowns while I am not around. The reason=
 is that I did not take proper care of deterring the temptation for them to=
 go for a swim. HB 495 says the owner of a wireless computer network is=
 totally responsible for securing it, and does not stipulate recrimination=
 for those who inadvertently (which we all know will get defined by trial=
 lawyers to be everyone) tap in.


Advocates of the bill contend it strikes a proper balance between the social=
 good of providing virtually universal access to the Internet for free,=
 while proffering a simple solution--turn on the encryption and other=
 security capabilities if you don=92t want people to use your network.=
 Opponents obviously claim this is trespassing at best and a horrendous=
 invasion of privacy that opens the door for more heinous malicious behavior=
=2E

Like I said above, if somebody has an insecure network, but is willing to=
 allow others to use it based on a granting of consent, I am not sure I see=
 the legal harm. However, I certainly have misgivings. 

Unfortunately, almost all wireless LAN networks ship with security off as=
 their default.  And, despite repeated industry efforts to educate customers=
 on the need to activate the security features, surveys show that few do.=
 This obviously needs to be rectified, but as a businessperson I have bigger=
 concerns.

A wireless LAN, in order to connect a nomadic user to the Internet, must be=
 connected to the Internet itself. Internet service providers are starting=
 to have =93reasonable use=94 language in their contracts (number of=
 discreet individuals or devices that can share a connection), just as=
 software companies try to restrict the number of copies that can be made,=
 in order to protect the commercial value of their service. Setting aside=
 the issue of trespass, it seems to me that non-consensual sharing of a=
 connection is =93theft of service.=94

Theft of service is a concept the cable industry knows well. I know this=
 because of all those extra charges on my bill every month for all of my=
 connections. It is also a concept not foreign to the telephony industry;=
 =93ripping off=94 phone service was considered almost a noble act as far=
 back as when I was in college and =93black box=94 creators were legendary.

Where this slippery slope is leading could have profound implications for=
 both the cable and tradition telecommunications industries as they compete=
 and converge. Think voice over IP (VoIP) over free Internet via SIP phone=
 as the preferred means for making calls, including interactive, real-time=
 video calls. Goodbye business models, cellular as well as wired. Goodbye=
 universal service fund. Traffic is an interesting part of our business--you=
 can=92t bill for it if you don=92t have it.

Are you likely to see me behind the main public library in Bryant Park in=
 New York City using my laptop to connect to the Internet for free.=
 Absolutely. That is a nuisance that I find not just attractive but=
 compelling. Will I feel guilty that if I use that connection to make=
 videoconferencing calls to anywhere in the world for hours on end and=
 bypass ILEC and IXC network billing environments? Will I feel bad that I am=
 not paying access charges or am avoiding making a contribution to the=
 Universal Service Fund? I don=92t think so. 

The reason I will not feel terribly guilty is because as the name implies,=
 =93war driving=94 is about the community being at war with the service=
 providers. If the industry does not fight back it has only itself to blame.=
 

Can the industry stop people from identifying and using insecure networks?=
 No. Can it go after those who do not activate the security mechanisms of=
 these networks, first with a carrot and then with a big stick if necessary?=
 It better. This is not that different from holding bartenders liable when=
 drunken customers kill people with their cars. War is hell.  Memo to=
 service providers: =93This is your wake up call!=94

Peter Bernstein is President of Infonautics Consulting Inc. He can be=
 reached at <mailto:pb111451@optonline.net>pb111451@optonline.net.


=A9 2003, PRIMEDIA Business Magazines & Media Inc. All rights reserved. This=
 article is protected by United States copyright and other intellectual=
 property laws and may not be reproduced, rewritten, distributed,=
 redisseminated, transmitted, displayed, published or broadcast, directly or=
 indirectly, in any medium without the prior written permission of PRIMEDIA=
 Business Corp.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com

home help back first fref pref prev next nref lref last post