[nycbug-talk] WiFi use liability. . .

George R. george
Thu Apr 21 18:00:04 EDT 2005 

On Apr 21, 2005, at 5:12 PM, Isaac Levy wrote:

> Wordup Gman, All,
>
> So I've got an opposing view,

yes, i was baiting *you* on this dot_ike. . .

>
> On Apr 21, 2005, at 3:08 PM, George R. wrote:
>
>> We've all had these discussions, but we all have our theories about 
>> having an open AP and liability. . .
>>
>> Bruce Schneier refers to a law journal article. . .
>>
>> http://papers.ssrn.com/sol3/papers.cfm?abstract_id=692881
>>
>> Unfortunately, it seems that, at least with my browser, that you can 
>> only access the abstract.
>>
>> Here's a brief snip. . .
>>
>> <quote>
>> Suppose you turn on your laptop while sitting at the kitchen table at 
>> home and respond OK to a prompt about accessing a nearby wireless 
>> Internet access point owned and operated by a neighbor. What 
>> potential liability may ensue from accessing someone else's wireless 
>> access point? How about intercepting wireless connection signals? 
>> What about setting up an open or unsecured wireless access point in 
>> your house or business? Attorneys can expect to grapple with these 
>> issues and other related questions as the popularity of wireless 
>> technology continues to increase.
>>
>> This paper explores several theories of liability involving both the 
>> accessing and operating of wireless Internet, including the Computer 
>> Fraud and Abuse Act, wiretap laws, as well as trespass to chattels 
>> and other areas of common law. The paper concludes with a brief 
>> discussion of key policy considerations.
>> </quote>
>>
>> Obviously, for a corporate network, I really can't see a logic in 
>> keeping an open network . . .
>>
>> However, with home networks, opinion is split.
>>
>> But personally, I keep my AP as locked down as possible.
>>
>> Others?
>>
>> g
>
> George, you know me on this issue- we've agreed to disagree 
> alltogether for quite some time now- but thought I'd post *why* here.

I'd prefer it ending with one of us dead, but okay. . .  <g>

>
> Basically, I think this one is bogus, (though I've come to love Bruce 
> Schneier over the years, and usually wait with baited breath for 
> CryptoGram newsletters).
>
> I feel this is bogus hype for because:
>
> 1) Raido Signals, in the '*My* Kitchen, *Their* wifi' scenario, are 
> the things invading *My* kitchen.  As an aside, in parts of Manhattan, 
> there's bigger problems with the notorious Archos chipset AP's 
> gobbling up RF space and killing all connectivity worth a darn.  
> Another example would be wireless phone handsets, in the 2.4ghz range 
> I believe, a neighbor's new phone can destroy wireless connectivity 
> alltogether.

Okay . . . . but that's not responding to my point about liability.

>
>
> 2) There are mountians of legal precidence for this stuff(!), it's 
> RADIO- which has existed way longer than our rediscovery of our 
> wifi/IP uses for it.  A nice explanation of what's legal is here, in 
> plain-english, (a radio equp. reseller):
> http://www.usascan.com/files/scanning-legally.html

Great.  So you pay for the lawyer to deal with establishing WiFi 
precedence. . .

>
> The three big things which require a court order to 'listen' to, 
> mandated by the FCC, (with laws old as the hills) are re-stated on the 
> page:
>
> - Telephone conversations (cellular, cordless, or other private means 
> of telephone signal transmission)
> - Pager transmissions
> - Any scrambled or encrypted transmissions
>
> With that, from the 'Secret Lives of Photons' lecture at ShmooCon/DC 
> this winter, lazy/(cheapskate) police/emergency communications vendors 
> call ASCII encoding 'encryption' in product/sales materials, so they 
> can push into fuzzy legal territory...
>
> Other than that, the real aims of the FCC over time has been more to 
> *reduce* the amount and range of various radio signals, to ensure a 
> level of fair/governed use.
>
> --
> With that, I'll gladly push my but into the courts for 
> cracking/disabling somebody's AP if it's interfering with my own 
> wireless connectivity at home (after I've gone through polite 
> neighborly channels to resolve things first, of course)- and I'll 
> continue to keep my own AP's open, so if I am at least interfering 
> with a neighbor's AP, they can at least get through to me so we can 
> resolve it like adults...  (or use my line to get things done in the 
> event I'm not available and my AP is blowing theirs out of the 
> water...)
>
> I also feel privileged to use other open AP's when I'm away from home, 
> and do it all the time- from cafe's, cars, etc...  and feel it's 
> terrifically hypocritical to close off one's AP to the world 
> <cough>Gman</cough>.

Ouch.  Yeah, yeah, yeah. . . and the main reason for replacing my iBook 
is about BSD-airtools.  A tool I miss thoroughly. . . for obviously 
hypocritical reasons.

> If I ever get to a point where I personally don't have enough 
> bandwidth at home, leeches soaking my line, 'I'll simply throttle the 
> bandwidth for guests' in some transparent manner- (even the cheap-o 
> AP's are getting pretty sophistocated with features to do this in 
> various ways).

sure.

>
> The one part of this I do agree with somewhat is Dan's use of IPSec 
> over the wireless.  Insomuch as I disagree with closing off net/www 
> access from the AP (for reasons stated above), I am an advocate of 
> Application-layer encryption being the only *sane* way to mitigate 
> malicious compromises in *any* network.  Wep is gift paper wrapping, 
> mac-based ACL is wax paper wrapping...  WPA, is just a few more layers 
> of waxed paper to tear through...

Two different points being confused.  My approach is based upon not 
providing public access to my AP.  It's not about locking down my 
network. . . that's SSL, ssh, etc. . .

>
> --
> With that rant, I said my piece- and Gman, as much as I respect your 
> views on this one, I'm not trying to flame your chops with undue 
> reason here- but we may have to again agree to just disagree here.
>

Flame on baby. . .

It seems you missed my point though. .. we can *talk* about legal 
precedence, but we're not lawyers and we're not about to waste the time 
in court. . . .

And most importantly, in the era of the USA Patriot Act, etc, it really 
doesn't take much legal precedence to pay for the "sins" of others. . .

Even think of what's happening to service providers today: someone did 
X wrong on your network, give us your logs.  Why open yourself up to 
that scenario?

And if you go through that EFF document again on sysadmins and logging 
at http://www.eff.org/osp/, you'll realize the broadness of the 
definition of an "Online Service Provider" could probably include you 
and your open AP.

g

More information about the talk mailing list