> What part of Rod's analogy is hard to understand and/or accept?
Any analogy on this subject needs to take into account the realities of
the situation, in order to be relevant.
> Despite the item in question, using someone else's property without
> their permission is wrong by any society's standards.
No argument there.
The issue is really whether or not permission is explicitly granted,
implicitly granted, implicitly denied, or explicitly denied.
At least in the U.S., it is very common for permission to be implicitly
granted, or explicitly denied, less common for it to be explicitly
granted or implicitly denied.
On Thu, 04 Aug 2005 20:42:56 GMT, SMS <scharf.steven@geemail.com>
wrote:
>Doug Jamal wrote:
>
>> What part of Rod's analogy is hard to understand and/or accept?
>
>Any analogy on this subject needs to take into account the realities of
>the situation, in order to be relevant.
>
> > Despite the item in question, using someone else's property without
> > their permission is wrong by any society's standards.
>
>No argument there.
>
>The issue is really whether or not permission is explicitly granted,
>implicitly granted, implicitly denied, or explicitly denied.
>
>At least in the U.S., it is very common for permission to be implicitly
>granted, or explicitly denied, less common for it to be explicitly
>granted or implicitly denied.
I don't believe you.
I can accept that "free" WiFi access is commonplace there.
And I can accept that it is rare for permission to be explicitly
allowed.
But I do not for one moment believe that there are more networks that
are *intended* to be implicitly free for public access than there are
ones which just haven't been set up right.
On 4-Aug-2005, Alex Heney <me8@privacy.net> wrote:
> I can accept that "free" WiFi access is commonplace there.
>
> And I can accept that it is rare for permission to be explicitly
> allowed.
>
> But I do not for one moment believe that there are more networks that
> are *intended* to be implicitly free for public access than there are
> ones which just haven't been set up right.
On 4-Aug-2005, SMS <scharf.steven@geemail.com> wrote:
> Any analogy on this subject needs to take into account the realities of
> the situation, in order to be relevant.
I agree to a point, BUT....realities are suppose to be truths. The truth is
this....People are accessing open wireless networks without permission being
both implicitly and explicitly granted. To a large portion of our society,
wireless networking is the "new thing" and they want to be a part of it.
They could care less if their wireless traffic is encrypted or not as long
as it works when they set it up. Having said that, do you believe that it
is their intent to implicity grant permission to access someone who happens
to receive their open signal? I would argue that if they were made aware of
the risks of wireless networking (especially the people who do not read
their manuals) and were able to enable encryption with ease and still be
able to use their network, the majority of them would do so and would not
allow those without permission to access their WLAN.
Doug Jamal wrote:
> On 4-Aug-2005, SMS <scharf.steven@geemail.com> wrote:
>
>
>>Any analogy on this subject needs to take into account the realities of
>>the situation, in order to be relevant.
>
>
> I agree to a point, BUT....realities are suppose to be truths. The truth is
> this....People are accessing open wireless networks without permission being
> both implicitly and explicitly granted. To a large portion of our society,
> wireless networking is the "new thing" and they want to be a part of it.
> They could care less if their wireless traffic is encrypted or not as long
> as it works when they set it up. Having said that, do you believe that it
> is their intent to implicity grant permission to access someone who happens
> to receive their open signal?
In a great many cases this is exactly what they intend, at least in the
U.S. (at least in places like San Francisco, Silicon Valley, and the
People's Republic of Berkeley.
> I would argue that if they were made aware of
> the risks of wireless networking (especially the people who do not read
> their manuals) and were able to enable encryption with ease and still be
> able to use their network, the majority of them would do so and would not
> allow those without permission to access their WLAN.
For the people that leave their network open out of ignorance of the
pitfalls of doing so, you are probably right. For the people that leave
their network open because they believe in trying to have pervasive free
Wi-Fi, maybe not.
We've even got people that will set up an open network in places like
Starbucks, in order to provide an alternative to the T-Mobile Hot Spots.
The Starbuck's closest to me would be perfect for this, since there is a
free network about 200 feet away that could be picked up with an 802.11
Cardbus card that had an external directional antenna. Personally, I'd
simply go to a different coffee house, since every other one in the area
has free Wi-Fi.
Doug Jamal wrote:
> On 4-Aug-2005, Alex Heney <me8@privacy.net> wrote:
>
>
>>I can accept that "free" WiFi access is commonplace there.
>>
>>And I can accept that it is rare for permission to be explicitly
>>allowed.
>>
>>But I do not for one moment believe that there are more networks that
>>are *intended* to be implicitly free for public access than there are
>>ones which just haven't been set up right.
>
>
> I'm in total agreement.
Probably true. But of the ones were not set up right, how many were not
set up right because the owner didn't really care if someone else used
it, and how many were set not set up right because the owner could not
figure out how to do it. Of the ones that were left with an SSID of
"default," "Netgear," or "Linksys" how many were left with it because
the owner wanted to "play dumb" while leaving their network open.
All I'm saying is that enough networks are intentionally left open for a
user to not be concerned when their computer latches on to one. We've
become so accustomed to free wireless, at least in the SF Bay area, that
we take it for granted when we turn on their machine and it connects. We
don't think, "gee, I wonder if the open network that my machine
connected to automatically is one that I am explicitly allowed to use."
It's more "how nice, someone is nice enough to provide free wireless."
In message <0LyIe.7501$p%3.34500@typhoon.sonic.net>, SMS
<scharf.steven@geemail.com> writes
<snipped>
>We've even got people that will set up an open network in places like
>Starbucks, in order to provide an alternative to the T-Mobile Hot
>Spots. The Starbuck's closest to me would be perfect for this, since
>there is a free network about 200 feet away that could be picked up
>with an 802.11 Cardbus card that had an external directional antenna.
>Personally, I'd simply go to a different coffee house, since every
>other one in the area has free Wi-Fi.
I have heard that some of these "free" Hot Spots at coffee shops etc.
can be malicious, actually gathering data from users for illegal
purposes.
--
Phil Morris
On Fri, 05 Aug 2005 01:08:11 GMT, SMS <scharf.steven@geemail.com>
wrote:
>Doug Jamal wrote:
>> On 4-Aug-2005, Alex Heney <me8@privacy.net> wrote:
>>
>>
>>>I can accept that "free" WiFi access is commonplace there.
>>>
>>>And I can accept that it is rare for permission to be explicitly
>>>allowed.
>>>
>>>But I do not for one moment believe that there are more networks that
>>>are *intended* to be implicitly free for public access than there are
>>>ones which just haven't been set up right.
>>
>>
>> I'm in total agreement.
>
>Probably true. But of the ones were not set up right, how many were not
>set up right because the owner didn't really care if someone else used
>it, and how many were set not set up right because the owner could not
>figure out how to do it.
I suspect that the two of those together are not nearly as many as
those who don't even know they *should* be doing anything about it.
--
Alex Heney, Global Villager
Everyone hates me because I'm paranoid
To reply by email, my address is alexATheneyDOTplusDOTcom
> I have heard that some of these "free" Hot Spots at coffee shops etc.
> can be malicious, actually gathering data from users for illegal purposes.
This is true. Whenever you use a free hot spot, you should be using a
VPN connection. Unfortunately, most ISPs don't offer VPN to their
non-business customers. The ISP I use, includes VPN access on all
accounts, even dial-up, which is one of the main reasons I chose them
(as well as excellent technical support that is not outsourced).
Phil Thompson wrote:
> On Fri, 05 Aug 2005 00:52:12 GMT, SMS <scharf.steven@geemail.com>
> wrote:
>
>
>>(at least in places like San Francisco, Silicon Valley, and the
>>People's Republic of Berkeley.
>
>
> a pretty unrepresentative zoo, I find :-)
Graham Murray wrote:
> floyd@apaflo.com (Floyd L. Davidson) writes:
>
>>That is indeed a complication. But what the computer does
>>automatically is not an indication of the user's intent, legal
>>or otherwise.
>
> That is the main point in this discussion which I disagree with. I
> believe that the owner should be responsible for the correct
> operation of his equipment (computer or otherwise) and for correctly
> setting it up or configuring it. Therefore, barring case of
> malfunction (in which case the owner should get it fixed), the
> operation of automatic equipment *is* an indication of the owner/user'
> intent.
Does that come down against the person connecting to the network (he
intended to connect to it) or against him (the network was intended to
be open)?
--
=/\= Lt. Cmdr. Jim =/\=
By our chocolate, shall they know us.
Not on behalf of any committee, real or imaginary, in this or any other
universe.
Roderick Stewart wrote:
> In article <874qa8lcmw.fsf@newton.gmurray.org.uk>, Graham Murray wrote:
>
>>>The fact that a network is unsecured may not necessarily constitute
>>>an "invitation" to use it as it may simply be unsecured as a result
>>>of its owner's ignorance.
>>
>>But, in a legal scenario, should the owner's ignorance be taken into
>>account? Should there not be the presumption that the owner/operator
>>is responsible for correctly configuring and operating the equipment?
>
> I think there should be a presumption that someone else's property, be
> it a physical object, access to premises, or access to a service of some
> kind, is NOT offered freely to all and sundry unless there is a clear
> indication that it is. The mere absence of active prevention should not
> be taken as such an indication.
Doesn't hat make using the web a bit of a risky proposition?
--
=/\= Lt. Cmdr. Jim =/\=
By our chocolate, shall they know us.
Not on behalf of any committee, real or imaginary, in this or any other
universe.
> Does that come down against the person connecting to the network (he
> intended to connect to it) or against him (the network was intended to
> be open)?
As far as I see it, it comes down against the owner of the
network. The person doing the connecting 'instructs' his computer
"Look for a network which I can (and am allowed to) use to connect to
the internet". It finds a network which is announcing that there are
no access restrictions (ie it is open) so the computer makes the
connection through it. The person owning the network should not have
it configured as 'open' unless that is his intention and wish, and he
should bear the responsibility for it being configured as 'open'.
> connection through it. The person owning the network should not have
> it configured as 'open' unless that is his intention and wish, and he
> should bear the responsibility for it being configured as 'open'.
Unfortunately, what you wish should be the case is not legally the case.
Graham Murray <newspost@gmurray.org.uk> wrote:
>"Lt. Cmdr. Jim" <ltcmdrjim@hotmail.com> writes:
>
>> Does that come down against the person connecting to the network (he
>> intended to connect to it) or against him (the network was intended to
>> be open)?
>
>As far as I see it, it comes down against the owner of the
>network. The person doing the connecting 'instructs' his computer
>"Look for a network which I can (and am allowed to) use to connect to
>the internet". It finds a network which is announcing that there are
>no access restrictions (ie it is open) so the computer makes the
>connection through it. The person owning the network should not have
>it configured as 'open' unless that is his intention and wish, and he
>should bear the responsibility for it being configured as 'open'.
Sounds just fine. It might get you some jail time, but that's
just additional excitement, eh?
--
Floyd L. Davidson <http://www.apaflo.com/floyd_davidson>
Ukpeagvik (Barrow, Alaska) floyd@apaflo.com
> Does that come down against the person connecting to the network (he
> intended to connect to it) or against him (the network was intended to
> be open)?
No doubt. But any cases that are likely to be prosecuted would also have
extenuating circumstances, such as the one where the user parked in
front of the house where the network he was using was located. Or the
user of the network was doing malicious damage to the network owner's
computers, or was engaging in some illegal activity. No prosecutor is
going to touch a case where a user's computer simply connected to an
open network (without the user intentionally seeking out open networks),
and where no damage was done. The only bad part of this is that we'll
likely never see a court decision on such a case, only on the extreme
cases where a hacker steals something on an open network, or where
someone is driving around neighborhoods with a signal finder, looking
for networks to use.
We've become so accustomed to free wireless, at least in parts of the
U.S., that we take it for granted when we turn on our PDA or notebook
computer and it automatically connects to an open network. We don't
think, "gee, I wonder if the open network that my machine connected to
automatically is one that I am explicitly allowed to use, or is it just
the network of some idiot that didn’t turn on security." It's more "how
nice, someone is nice enough to leave their network open and provide
free wireless."
The best treastise on this subject that I've seen is at
"http://nordicgroup.us/wifi.pdf" and it's the best because I wrote it.
Tha is all well and good until your local "naughty" person decides to
download some less then legal pictures or similar using your WiFi /
Broadband connection.
In the eyes of the law you could also be held liable for any illegal usage
of a "public" service which you may be offering.
At the very least you should be monitoring the usage on your connection to
see what people are using it for and denying access to anyone who is using
it for less than legal purposes.
On Thu, 20 Oct 2005 19:25:08 +0100, "Simon Zerafa"
<postmaster@127.0.0.1> wrote:
>Hi,
>
>Tha is all well and good until your local "naughty" person decides to
>download some less then legal pictures or similar using your WiFi /
>Broadband connection.
Really?
Some of the setups I've had here produce no logs.
AIUI under the DPA I cannot retain data for which I now have no need,
for the purpose for which it was retained.
I have no need to retain such data for any purpose.
>
>In the eyes of the law you could also be held liable for any illegal usage
>of a "public" service which you may be offering.
>
Which law?
>At the very least you should be monitoring the usage on your connection to
>see what people are using it for and denying access to anyone who is using
>it for less than legal purposes.
> On Thu, 20 Oct 2005 19:25:08 +0100, "Simon Zerafa" <postmaster@127.0.0.1>
wrote:
>>
> AIUI under the DPA I cannot retain data for which I now have no need,
> for the purpose for which it was retained.
>
> I have no need to retain such data for any purpose.
>
>>In the eyes of the law you could also be held liable for any illegal usage
>>of a "public" service which you may be offering.
>
Not securing a private wireless network is hardly the same as offering a
public service. Unless the wireless net _is_ public or corporate, you
likely don't even have a duty of care to prevent others accessing it.
> Which law?
>
>>At the very least you should be monitoring the usage on your connection to
>>see what people are using it for and denying access to anyone who is using
>>it for less than legal purposes.
>
> My router is not equipped to do that.
I'd be surprised if your router is not equipped to do that - at least the
"denying access" part - they are pretty well all designed to permit you to
keep out unauthorized users. However, I doubt you can be help liable in
most jurisdictions if somebody hijacks your bandwidth. otoh, you _could_
be held liable if illegal material gets stored on your system - which is
also possible if you're letting unknown people hack your wireless network.
--
derek
I wouldn't be too relaxed about keeping no local logs if I were you.
IIRC, RIPA ensures that your ISP must capture and retain information
relating to all the activity on your connection so that it can be
transmitted to the relevant agencies on production of an appropriate
warrent.
In theory, it's not kept for too long - see http://en.wikipedia.org/wiki/Data_retention - but in reality, one
imagines that there is a continuous stream from all the major ISPs into
a Government computer centre.
> "denying access" part - they are pretty well all designed to permit you to
> keep out unauthorized users. However, I doubt you can be help liable in
How? How is the AP designed to keep unauthorised users out? :)
> most jurisdictions if somebody hijacks your bandwidth. otoh, you _could_
> be held liable if illegal material gets stored on your system - which is
> also possible if you're letting unknown people hack your wireless network.
Well possibly untested but in criminal proceedings, the burden of proof
lies with the prosecution who must prove beyond reasonable doubt.
I think the defence "is it at all *possible*, that someone could have
access the defendants computer via the open network and placed upon it
these file?
The answer is an absolute YES it is possible.
Case dismissed. (depending on quality of arguments offered etc.)
Simon Zerafa wrote:
> Hi,
>
> Tha is all well and good until your local "naughty" person decides to
> download some less then legal pictures or similar using your WiFi /
> Broadband connection.
>
> In the eyes of the law you could also be held liable for any illegal usage
> of a "public" service which you may be offering.
>
> At the very least you should be monitoring the usage on your connection to
> see what people are using it for and denying access to anyone who is using
> it for less than legal purposes.
>
> Kind Regards
>
> Simon
>
>
wrong , see the recent judement on p2p re torrent etc sharing .
>> "denying access" part - they are pretty well all designed to permit you
>> to
>> keep out unauthorized users. However, I doubt you can be help liable in
>
> How? How is the AP designed to keep unauthorised users out? :)
I'm not sure what the smiley means in this instance, David. We've certainly
had enough discussion of the various methods of security on a.i.wireless.
>
>> most jurisdictions if somebody hijacks your bandwidth. otoh, you _could_
>> be held liable if illegal material gets stored on your system - which is
>> also possible if you're letting unknown people hack your wireless
>> network.
>
> Well possibly untested but in criminal proceedings, the burden of proof
> lies with the prosecution who must prove beyond reasonable doubt.
Agreed, though I've noted in Canada that that "burden of proof" seems to be
way lower when the material is child pornography. I did stress the word
"could" - I don't find it that likely, either. It was essentially a
rebuttal to the guy who figured you'd be liable for "any" illegal usage of
your network, and you're picking apart my (I think reasonable) suggestions
to the other party that he really could make such things, if not
impossible, at least hard enough to meet any reasonable standard that he
had not provided a public service.
--
derek
> > How? How is the AP designed to keep unauthorised users out? :)
>
> I'm not sure what the smiley means in this instance, David. We've certainly
> had enough discussion of the various methods of security on a.i.wireless.
Well seriously, I wasn't sure what you meant. MAC filtering does
nothing, WEP does nothing. Ok, other than deny the default stumblers.
I wasn't trying to be contrary, just wasn't sure to what degree you were
saying that AP's will keep out intruders. :)
> > Well possibly untested but in criminal proceedings, the burden of proof
> > lies with the prosecution who must prove beyond reasonable doubt.
> your network, and you're picking apart my (I think reasonable) suggestions
> to the other party that he really could make such things, if not
> impossible, at least hard enough to meet any reasonable standard that he
> had not provided a public service.
My concern here is that if someone thinks that MAC filtering is enough
to refute that nobody else could be using the LAN or even WEP is a
little dangerous. In one way, that's kind of helpful for those that
configure MAC/WEP because they can still deny liability!
I still can't help but think that the police should be locking up all
the car owners who carelessly locked their cars and didn't weld steel
plate over the windows, if the car is used in a robbery for example.
>> > How? How is the AP designed to keep unauthorised users out? :)
>>
>> I'm not sure what the smiley means in this instance, David. We've
>> certainly had enough discussion of the various methods of security on
>> a.i.wireless.
>
> Well seriously, I wasn't sure what you meant. MAC filtering does
> nothing, WEP does nothing. Ok, other than deny the default stumblers.
> I wasn't trying to be contrary, just wasn't sure to what degree you were
> saying that AP's will keep out intruders. :)
OK, then I just meant he should use the tools available to secure his
network - which really means WPA (accept no substitutes!).
On Thu, 20 Oct 2005 19:57:15 +0100, Derek ^
<usenet@miniac.demon.co.uk> wrote:
>On Thu, 20 Oct 2005 19:25:08 +0100, "Simon Zerafa"
><postmaster@127.0.0.1> wrote:
>>Hi,
>>
>>Tha is all well and good until your local "naughty" person decides to
>>download some less then legal pictures or similar using your WiFi /
>>Broadband connection.
>
>Really?
>
>Some of the setups I've had here produce no logs.
>
That was careless of you.
>AIUI under the DPA I cannot retain data for which I now have no need,
>for the purpose for which it was retained.
>
Perhaps you should learn a little about the DPA then.
>I have no need to retain such data for any purpose.
>
You most certainly *do* need to hold it, for the purpose of evidence
that will probably keep *you* out of jail for the offences committed
by somebody else using your connection.
>>
>>In the eyes of the law you could also be held liable for any illegal usage
>>of a "public" service which you may be offering.
>>
>
>Which law?
>
The "law" that the jury will believe it was you using the connection
unless you can somehow show that it wasn't.
>>At the very least you should be monitoring the usage on your connection to
>>see what people are using it for and denying access to anyone who is using
>>it for less than legal purposes.
>
>My router is not equipped to do that.
>
Well then you would be much better off using a router built in the
last five years than your obsolete kit anyway.
--
Alex Heney, Global Villager
Make it idiot proof and someone will make a better idiot.
To reply by email, my address is alexATheneyDOTplusDOTcom
Re: Hijacking a broadband connection 
Linear Mode
