New Hampshire's WiFi bill

Russ Housley housley at vigilsec.com
Thu May 8 16:00:18 EDT 2003


From:    Russ Housley
To:      IEEE-802-11-tgi list
Subject: This is your wake up call!
Date:    Thu, 08 May 2003 14:24:07 -0400

FYI




<'http://telephonyonline.com/microsites/newsarticle.asp?newsarticleid>This is your wake up call!

By Peter Bernstein

May 2, 2003, 12:00 a.m. ET

Since imitation is supposedly the highest form of flattery, I feel obliged to steal a page from “Tonight Show” host Jay Leno. Without the benefit of streamed video (someday this column may come in that format), just imagine me staring into a camera and saying, “Have you heard this? Have you read about this?... You can’t make this stuff up!”

The “this,” in this case, is New Hampshire House of Representatives Bill (HB) 495, which may have passed by the time you read this. HB 495 is poised to make New Hampshire the first state in the country to provide legal protection to those who tap into insecure wireless networks. And this is the kicker: They are not talking about public safety officials, they are referring to the growing members of the open network movement who drive through populated areas and post signs identifying places where people can get free--e.g., insecure--802.11 enabled Internet access. 

The practice, for those who may not be familiar with it, is known as “war driving.” The goal is to eventually identify a national footprint of “free” hot spots. Others have correctly pointed out, this certainly adds a hi-tech emphasis to the New Hampshire motto, “Live Free or Die!”

As an old libertarian myself, and at the risk of raising the ire of the open network movement, I must admit some concern about “this.” My problem is not with free Internet access. I favor it so long as there is consent from the accessed party. My problem is with the law. It is also with our industry, which gets steamed over arcane stuff like UNE-P but drops the ball on what appears to be theft of service.

With the caveat that I am not now, never have been, and never wish to be a lawyer, here is my quick understanding of the issues in this clouded area of law that is awash in counter-veiling precedents with roots in English Common Law. 

1.	Virtually all current municipal, state and federal statutes make it a crime to knowingly access any computer network without authorization or consent. The analogy used in an article on this subject in Wired was quite good. It stated that just because I leave my front door unlocked does not give you the right to walk in, sit down and watch TV and grab a little something from the fridge.  In other words, unless I gave you permission, you are trespassing.

2.	HB 495 turns this on its head.  The bill says that if operators’ fail to secure their wireless networks they are being negligent and must suffer the consequences.  Hence, those who take advantage of this negligence cannot be held harmful. There is a principle in common law called “attractive nuisance” that seems to apply here. If I have a swimming pool with a fence around it, but leave the gate unlocked, I can be found liable if an unauthorized swimmer drowns while I am not around. The reason is that I did not take proper care of deterring the temptation for them to go for a swim. HB 495 says the owner of a wireless computer network is totally responsible for securing it, and does not stipulate recrimination for those who inadvertently (which we all know will get defined by trial lawyers to be everyone) tap in.


Advocates of the bill contend it strikes a proper balance between the social good of providing virtually universal access to the Internet for free, while proffering a simple solution--turn on the encryption and other security capabilities if you don’t want people to use your network. Opponents obviously claim this is trespassing at best and a horrendous invasion of privacy that opens the door for more heinous malicious behavior.

Like I said above, if somebody has an insecure network, but is willing to allow others to use it based on a granting of consent, I am not sure I see the legal harm. However, I certainly have misgivings. 

Unfortunately, almost all wireless LAN networks ship with security off as their default.  And, despite repeated industry efforts to educate customers on the need to activate the security features, surveys show that few do. This obviously needs to be rectified, but as a businessperson I have bigger concerns.

A wireless LAN, in order to connect a nomadic user to the Internet, must be connected to the Internet itself. Internet service providers are starting to have “reasonable use” language in their contracts (number of discreet individuals or devices that can share a connection), just as software companies try to restrict the number of copies that can be made, in order to protect the commercial value of their service. Setting aside the issue of trespass, it seems to me that non-consensual sharing of a connection is “theft of service.”

Theft of service is a concept the cable industry knows well. I know this because of all those extra charges on my bill every month for all of my connections. It is also a concept not foreign to the telephony industry; “ripping off” phone service was considered almost a noble act as far back as when I was in college and “black box” creators were legendary.

Where this slippery slope is leading could have profound implications for both the cable and tradition telecommunications industries as they compete and converge. Think voice over IP (VoIP) over free Internet via SIP phone as the preferred means for making calls, including interactive, real-time video calls. Goodbye business models, cellular as well as wired. Goodbye universal service fund. Traffic is an interesting part of our business--you can’t bill for it if you don’t have it.

Are you likely to see me behind the main public library in Bryant Park in New York City using my laptop to connect to the Internet for free. Absolutely. That is a nuisance that I find not just attractive but compelling. Will I feel guilty that if I use that connection to make videoconferencing calls to anywhere in the world for hours on end and bypass ILEC and IXC network billing environments? Will I feel bad that I am not paying access charges or am avoiding making a contribution to the Universal Service Fund? I don’t think so. 

The reason I will not feel terribly guilty is because as the name implies, “war driving” is about the community being at war with the service providers. If the industry does not fight back it has only itself to blame. 

Can the industry stop people from identifying and using insecure networks? No. Can it go after those who do not activate the security mechanisms of these networks, first with a carrot and then with a big stick if necessary? It better. This is not that different from holding bartenders liable when drunken customers kill people with their cars. War is hell.  Memo to service providers: “This is your wake up call!”

Peter Bernstein is President of Infonautics Consulting Inc. He can be reached at <mailto:pb111451 at optonline.net>pb111451 at optonline.net.


© 2003, PRIMEDIA Business Magazines & Media Inc. All rights reserved. This article is protected by United States copyright and other intellectual property laws and may not be reproduced, rewritten, distributed, redisseminated, transmitted, displayed, published or broadcast, directly or indirectly, in any medium without the prior written permission of PRIMEDIA Business Corp.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list