Wi-Fi Raises New Questions
Pointing the finger of responsibility
While wireless is convenient, it's also naturally less secure, opening itself to a wide array of new questions. 2004 may see hotspot owners held accountable (or given less judicial rights) for illegal activity done over their poorly secured connection. This Always On
article briefly touches on the recent arrest
of a man using community hotspots for child porn (while driving). On top of other charges, Toronto police will apparently be charging the man with Telecom theft. The article also points to this 2003 Wireless System Design Article
discussing potential New Hampshire legislation that would eliminate the intruder prosecution rights of a company if they fail to secure their wireless network.
In the Always On article, a user agrees to not press-charges if the intruder (his neighbor's son in this instance) teaches him how to properly secure his wireless network. But can individuals be prosecuted for "breaking into" a wide-open home network? Should the hotspot owners be held legally responsible if a crime is committed in part thanks to their poor security practices?
| |richk_1957If ..Then..ElsePremium
said by Mellow:I don't approve of war driving, but I guess it's natural outgrowth of the wireless technology
I predict 2004 as the first year we see some innocent war driver be put in federal prison under the terrorist law. I also predict we will see martha stewart acknowledge her affair with bill gates. And I cant wait to see the distance records for wi-fi this year!
Your second sentence is quite funny [good god...]
However, the first one might be closer to the truth than you think. Given the mindset on terrorism (and the fact that almost anything can be label that) and the fact that that people [including the government] are bad about securing networks, a innocent war driver,may just access a site that has 'secure' information,
and may wind up in jail as a terrorist, for hacking into a network. Hacking is a defined as being a act of terrorism, and a former version of 'war driving' was 'war dialing' or 'modem scanning' that was a popular for finding unsecured networks, and was a popular hacker activity (I don't like the word 'hacker', but the media has irrevocably tarred it, so..)
| || Damn right! If someone walks into your home and commits a crime how the hell can you be held liable? After all you did secure your home, you closed the door. So what is secure in the first place? A lock on the door, a deadbolt, a steel door, steel bars, an alarm system, CCTV, gated neighbourhood, barb wire, guards, machine guns, mine fields, tanks, an army?|
How many billions of dollars does the US spend on defense each year? Are we still secure? Should we sue ourselves for letting the terrorists kill our own people?
Am I getting crazy here, or it is not just me?
| |W8ASANoi tieng gi the?Reviews:
Re: What worries me...... I agree. The technology already exists to do all of this, but at what TCO, as you ask? We are going to have to pay for security, of that I am certain. How much for what level is the real question. Also, computer users need to be more educated, but that's yet another can of worms.
Last year, I purchased a wireless card for my laptop. I don't yet have a wireless network, but business I visit do. While installing the card, it immediately picked up two completely open and unsecure networks in my building. So, I went to those offices. One guy was shocked, but let me show him how to lock it down. The other guy told me to buzz off, but not in so many words. He's lucky I don't have a mean streak in me, or I could have owned his computer. What a dummy!
Microwave and RF Components at www.ohiomicrowave.com
| |gwionwild colonial boyPremium,ExMod 2001-08
I've already made my sentiments clear... ... can a thief be prosecuted for making his entry through an unlocked door? People are responsible for their actions... and leaving a 5 dollar bill on your desk shouldn't be seen as surrendering your rights to it... nor should an insecure network be regarded as a legal red carpet for cyber-trespassing.
The only complexity comes in when you consider how many legitimate hotspots there are, and it may become difficult to prove knowledge or intent, in some cases. But where knowledge and intent are clear, why should a common cracker be exculpated because the "door is unlocked?"
On the other hand, it's like any other network appliance. It's the owner's responsibility to secure it... and leaving it insecure after being constructively notified it's insecure is irresponsible, and may certainly create liabilities on the part of the negligent owner... of course, any insecure router can be exploited, wireless or wired, given the right holes and the right tools and toys. But wirelesses are more exploitable, because it's rather trivial to do the work, once an open one is found...
What we need is to work out a sound, very strong universal authentication and encryption scheme, I think... something that's a no-brainer to activate, and that raises the stakes for the cracker such that it's not so significantly easier to crack a wireless than a hardwired network.
The willow bends unbroken when angry tempests blow, The stately oak is levelled and all its strength laid low...Oliver Wendell Holmes
Re: new hampshire bill Okay... someone uses my network to do unspecified bad things. Maybe they send spam, or feed their kiddie porn habit, who knows.
Assuming that they're doing bad stuff, who's gonna investigate this? Do your local / state cops have the expertise, the time, the inclination to investigate? Will your local or state prosecutor even bother with this one? I know that here in Michigan the answer is that no one will investigate, and no one will prosecute.
In fact, credit card fraud is very rarely prosecuted here either, since the banks don't find it profitable to send out people to assist in prosecution. Bin Laden could be living off of tens of thousands of credit card scams right now for all we know.
A quick primer for businesses... make Wireless nodes available, but only hooking into your DMZ. Let your users gain access to email and files via web access (ie, NetStorage) as they would if they were on the road. That way the only thing a hacker would be able to do is to sync his/her email and do some web browsing, and you can leverage the power of your firewall to secure your wireless links.
A federal law makes wardriving legal!! There is a federal law that was passed back in the days of analog cell phones. See, in those days any scanner could pick up cell calls. Congress's response was to pass yet another law (as an aside, does Congress actually believe that the answer to everything is to pass another law?) called the Electronic Communications Privacy Act. This law made it illegal to listen to cell calls. That way, if someone asked the sales guy in Radio Shack: "are cell calls private?" the guy could reply: "Oh yes, listening to them is against FEDERAL LAW!". The ECPA is the reason all police scanners are cellular blocked. Also in there is some boilerplate that makes it illegal to monitor Cable TV pickups, Radio and TV studio to transmitter microwave links, etc. I mean they had to have a reason for the law after all (as if it actually stopped people from listening, huh?).
The ECPA also SPECIFICALLY EXEMPTS unlicensed communications devices in the 49, 900, 2100 and 5 gig unlicensed ISM (Industrial, Scientific and Industrial) bands. The original reason for this was to make it clear that cordless telephones be EXEMPT from this law.
BUT it also means that any WIFI communications is not private BY FEDERAL STATUTE (WIFI b and g operate in the 2100 band, a operates in the 5 gig band)! This is the reason why on the bottom of your device there's a statement about "undesired operation".
Now..it seems to me that this federal law ALLOWS wardriving, at least in the US, since it specifically says that devices operated in these bands neither deserve nor should expect ANY EXPECTATION OF PRIVACY WHATSOEVER!!