[nycbug-talk] WiFi use liability. . .

[Isaac Levy]

Wordup Gman, All,

So I've got an opposing view,

On Apr 21, 2005, at 3:08 PM, George R. wrote:

> We've all had these discussions, but we all have our theories about 
> having an open AP and liability. . .
>
> Bruce Schneier refers to a law journal article. . .
>
> http://papers.ssrn.com/sol3/papers.cfm?abstract_id=692881
>
> Unfortunately, it seems that, at least with my browser, that you can 
> only access the abstract.
>
> Here's a brief snip. . .
>
> <quote>
> Suppose you turn on your laptop while sitting at the kitchen table at 
> home and respond OK to a prompt about accessing a nearby wireless 
> Internet access point owned and operated by a neighbor. What potential 
> liability may ensue from accessing someone else's wireless access 
> point? How about intercepting wireless connection signals? What about 
> setting up an open or unsecured wireless access point in your house or 
> business? Attorneys can expect to grapple with these issues and other 
> related questions as the popularity of wireless technology continues 
> to increase.
>
> This paper explores several theories of liability involving both the 
> accessing and operating of wireless Internet, including the Computer 
> Fraud and Abuse Act, wiretap laws, as well as trespass to chattels and 
> other areas of common law. The paper concludes with a brief discussion 
> of key policy considerations.
> </quote>
>
> Obviously, for a corporate network, I really can't see a logic in 
> keeping an open network . . .
>
> However, with home networks, opinion is split.
>
> But personally, I keep my AP as locked down as possible.
>
> Others?
>
> g

George, you know me on this issue- we've agreed to disagree alltogether 
for quite some time now- but thought I'd post *why* here.

Basically, I think this one is bogus, (though I've come to love Bruce 
Schneier over the years, and usually wait with baited breath for 
CryptoGram newsletters).

I feel this is bogus hype for because:

1) Raido Signals, in the '*My* Kitchen, *Their* wifi' scenario, are the 
things invading *My* kitchen.  As an aside, in parts of Manhattan, 
there's bigger problems with the notorious Archos chipset AP's gobbling 
up RF space and killing all connectivity worth a darn.  Another example 
would be wireless phone handsets, in the 2.4ghz range I believe, a 
neighbor's new phone can destroy wireless connectivity alltogether.


2) There are mountians of legal precidence for this stuff(!), it's 
RADIO- which has existed way longer than our rediscovery of our wifi/IP 
uses for it.  A nice explanation of what's legal is here, in 
plain-english, (a radio equp. reseller):
http://www.usascan.com/files/scanning-legally.html

The three big things which require a court order to 'listen' to, 
mandated by the FCC, (with laws old as the hills) are re-stated on the 
page:

- Telephone conversations (cellular, cordless, or other private means 
of telephone signal transmission)
- Pager transmissions
- Any scrambled or encrypted transmissions

With that, from the 'Secret Lives of Photons' lecture at ShmooCon/DC 
this winter, lazy/(cheapskate) police/emergency communications vendors 
call ASCII encoding 'encryption' in product/sales materials, so they 
can push into fuzzy legal territory...

Other than that, the real aims of the FCC over time has been more to 
*reduce* the amount and range of various radio signals, to ensure a 
level of fair/governed use.

--
With that, I'll gladly push my but into the courts for 
cracking/disabling somebody's AP if it's interfering with my own 
wireless connectivity at home (after I've gone through polite 
neighborly channels to resolve things first, of course)- and I'll 
continue to keep my own AP's open, so if I am at least interfering with 
a neighbor's AP, they can at least get through to me so we can resolve 
it like adults...  (or use my line to get things done in the event I'm 
not available and my AP is blowing theirs out of the water...)

I also feel privileged to use other open AP's when I'm away from home, 
and do it all the time- from cafe's, cars, etc...  and feel it's 
terrifically hypocritical to close off one's AP to the world 
<cough>Gman</cough>.  If I ever get to a point where I personally don't 
have enough bandwidth at home, leeches soaking my line, 'I'll simply 
throttle the bandwidth for guests' in some transparent manner- (even 
the cheap-o AP's are getting pretty sophistocated with features to do 
this in various ways).

The one part of this I do agree with somewhat is Dan's use of IPSec 
over the wireless.  Insomuch as I disagree with closing off net/www 
access from the AP (for reasons stated above), I am an advocate of 
Application-layer encryption being the only *sane* way to mitigate 
malicious compromises in *any* network.  Wep is gift paper wrapping, 
mac-based ACL is wax paper wrapping...  WPA, is just a few more layers 
of waxed paper to tear through...

--
With that rant, I said my piece- and Gman, as much as I respect your 
views on this one, I'm not trying to flame your chops with undue reason 
here- but we may have to again agree to just disagree here.

Rocket-
.lke